Monitoring an operational network can provide a network administrator with information to proactively manage the network and to report network usage statistics to others. Link activity, error rates, and link status are a few of the factors that help a network administrator determine the health and usage of a network. Collecting and reviewing this information over time enables a network administrator to see and project growth, and may enable the administrator to detect and replace a failing part before it completely fails.
This chapter covers three protocols that a network administrator can use to monitor the network. Syslog, SNMP, and NetFlow are popular protocols with different strengths and weaknesses. Together, they provide a good toolset for understanding what is happening on a network. The Network Time Protocol (NTP) is used to synchronize time across devices, which is especially important when trying to compare log files from different devices.