Network Administration Visualized can be divided into two parts: A set of back-end processes and a web-based user interface. The back-end processes are responsible for collecting and analyzing data from your monitored equipment and for performing various background maintenance and administrative tasks. The web-based user interface's main task is to present the collected and analyzed information to the network administrators and other users, and also to allow the administrators to perform administrative tasks such as editing the list of monitored equipment, control other users' access to the web interface, set up maintenance tasks, post operational messages and so forth.
Although you may distinguish between an administrator and a user, this document is about using NAV; the network administrator(s) will usually also be the NAV administrator(s), and so will also be a NAV user in this context.
The main index page of the web interface displays a set of configurable links and contact information, a configurable welcome message, the latest operational messages (if any), and a shortlist of the current status of your devices (i.e. it lists devices that are down).
The configuration files for the various configurable information bits above are located in the webfront
configuration subdirectory.
Config file | Purpose |
---|---|
welcome-anonymous.txt | The welcome message displayed to anyone who is not logged in |
welcome-registered.txt | The welcome message displayed to logged in users |
contact-information.txt | Displayed in the contact information box |
external-links.txt | Displayed in the external links box |
nav-links.conf | Internal links to your NAV system, displayed to everyone who has access to the particular URLs |
Despite the dubious .txt
extension on most of these files, HTML can be used in them. nav-links.conf
has its own special format.
The top part of each page contains the NAV logo and a navigation bar. The links displayed on the navigation bar are configurable per user account, by selecting the *Preferences* link.
The web interface is divided into several tools, which can be found on the toolbox page. The default navigation bar contains a link to the toolbox. Most users who have been using NAV for a while will configure their navigation bars with direct links to their preferred tools, so that they can be reached from anywhere within the web interface.
These are the available tools as of NAV 3.2:
Tool | Description |
---|---|
Edit database | Manual entry of data into the NAV database. Most importantly, this is where you specify what IP devices to monitor . This will be the first tool to use after having installed NAV. |
User administration | Users with administrative privileges can use this tool to create accounts and groups, and grant privileges to parts of the web interface. |
Alert profiles | Allows each user to flexibly configure one or several personal alert profiles, so that he/she will receive only NAV alerts that are interesting to him/her. |
Status | Displays the current status of your network, i.e. which devices or services are unreachable (down/shadow) at the moment, which devices or services are on maintenance and so on. |
Report | Configurable SQL reports which give an overview of the contents of the NAV database. |
Network explorer | Displays your network topology as an expandable tree. |
Traffic Map | An interactive Java applet that displays your router and vlan topology as a 2D diagram, with colored links between nodes to indicate traffic load. |
Statistics | Browse graphs of statistical data (collected by Cricket and NAV), or view ranked lists of specific statistics (such as “What routers had the highest CPU load the last 5 minutes?”). |
Machine tracker | Find out where given client machines are connected in your network, by searching collected ARP and CAM data from routers and switches. |
IP Info Center | Enter arbitrary IP addresses to see what data NAV can find about them. Advanced users can configure this page to show links to external systems based on the information elements NAV can find about an IP. |
Layer 2 traceroute | Trace the layer 2 path between two given host addresses. |
Syslog analyzer | Search and display Cisco syslog messages sent to the NAV server. |
Arnold | Complete system for blocking access ports through SNMP write commands. |
Messages | Read and post network operational/informational messages (aka Message of the day). Messages can be related to maintenance tasks defined in the maintenance tool. |
Maintenance tasks | Schedule maintenance tasks for your monitored devices. The maintenance schedule is used to suppress alerts about devices while they are on maintenance. |
Device management | Search/browse the alert history of your devices. Delete stack modules that have been physically removed from the network. Other device lifecycle management functionality (equipment orders, errors, RMA). |
NAV has several back-end processes (or services as they are sometimes called) that perform the various data collection, monitoring and administrative/maintenance tasks. Some of the processes are background daemons, while others are just cron jobs. They can all be started and stopped individually by using the nav command.
% sudo nav This command is your interface to start, stop and query NAV services. Usage: nav [command] [service ...] The selected command will be applied to all known services, unless you specify a list of services after the command. Available commands are: start -- Start services. stop -- Stop services. status -- Query the status of services. info -- Display information about/description of services. list -- Display list of known services. version -- Displays which version of NAV you are running.
All processes run as the unprivileged navcron user - the only exception is the pping process, which must be started as root to able to create a raw ICMP socket, and will drop privileges and run as the navcron user immediately after.
These are the various services:
Service | Type | Description |
---|---|---|
alertengine | Daemon | Parses users' alert profiles and dispatches alerts from the global alert queue accordingly. |
cricket | Cron | 3rd party software that collects statistical data from IP devices through SNMP queries. |
eventengine | Daemon | Processes events posted to NAV's internal event queue. Translates events into alerts to post on the alert queue. |
ipdevpoll | Daemon | NAV's main SNMP collection engine. Collects just about everything except statistical data, and stores it in the NAV database. This includes serial numbers, modules, interfaces, routing information etc. |
iptrace | Cron | Collects ARP tables from monitored routers and stores in the NAV database. |
logengine | Cron | Parses the latest syslog messages from Cisco devices on disk and stores them in the NAV database. |
mactrace | Cron | Collects CAM tables and CDP neighbors from switches. This data is used to build the network topology. mactrace also uses the known topology to store CAM entries for client machines on the correct access ports. |
maintengine | Cron | Effectuates the maintenance schedule by dispatching maintenance events onto the internal event queue. |
networkDiscovery | Cron | Interprets the candidate topology mactrace has stored in the database, and derives the actual physical and vlan topologies of the network in a two-step process. |
pping | Daemon | The parallel pinger - sends ICMP echo requests to all IP devices, waits for replies and dispatches boxState events accordingly. The daemon also records ping response time statistics using rrdtool. |
servicemon | Daemon | The service monitor. Monitors services on IP devices, such as SSH, HTTP, SMTP and others, according to the configuration entered in the Edit database web tool. Also records service response times using rrdtool. |
smsd | Daemon | Dispatches SMS messages placed on the sms queue by the alertEngine. Uses dispatcher plugins to dispatch messages through various methods - most commonly by using Gammu with a locally connected mobile phone. |
thresholdMon | Cron | Monitors all known RRD files for exceeded threshold, according to user-configured thresholds, and dispatched threshold events accordingly. |