Table of Contents
NetCrunch is an on-premise network monitoring, alerting and reporting solution suitable for businesses of all sizes across various industry sectors. The solution helps businesses remotely visualize their system performance and monitors network services, bandwidth utilization, switches, routers and traffic flow.
NetCrunch automatically gathers every network device’s information and generates layer 1 and layer 2 maps, displaying the connection between various devices connected to the main network. NetCrunch offers an interactive dashboard that keeps track of performance parameters and service statuses of devices.
Administrators can select multiple nodes and change their status to offline or online remotely. The flow server tool helps collect traffic data from switches and routers that helps analyze overall network traffic structure. NetCrunch License tracks internal and external events and automatically creates alert reports for incidents occurring within the network. Users can be notified via SMS, desktop notification and email when an event occurs. Support is provided via online customer portal and email.
NetCrunch is designed to manage thousands of components. It allows you to manage using rules instead of individually. NetCrunch does many things automatically so that you can configure 100s nodes in just a couple of minutes. This might be quite a shock to you if you are used to working with legacy tools that require individual configuration.
NetCrunch combines the best technologies for the best results: a proprietary NoSQL database for network performance metrics history, an in-memory database for fast real-time status, and an embedded SQL database for storing alerts. It scales well on a single machine with multiple processors and several gigabytes of RAM. It can monitor over 1,000,000 performance parameters on a single server.
- Up to 1,000,000 metrics per machine
- No limit on stored data
- Raw performance data stored
- Runs on VM
- Runs in a vSphere Fault Tolerance cluster
- Runs in Hyper-V fault tolerance cluster
Automatic & By Policy Management
NetCrunch allows you to detect nodes automatically and also runs an auto-discovery process in the background. Once a node is discovered, NetCrunch scans its services and determines a device type or checks if it supports SNMP. Monitoring settings can be managed using Monitoring Packs, which define performance metrics, triggers, and events to be monitored. Monitoring Packs can be assigned manually or automatically by rules (based on the device type or other criteria). One can only create templates for monitoring nodes, including settings for monitors, alerts, and reports. The program also manages many views and dashboards and automatically creates routing maps, logical network maps, and Layer 2 maps.
- IP Node Auto Discovery
- Network Services Auto-Discovery
- Device Type Discovery
- Monitoring Templates
- Monitoring Credential Profiles
- Notification Profiles and Groups
- Configuration/Connection Profiles
- Organizations for easy data filtering
Built for Consistency
NetCrunch has been created for uniform data processing and visualization. In a sensor or script-based tool, the monitoring logic is moved down to sensors, making it hard to update and manage. NetCrunch centralizes monitoring logic, instead. Monitors are responsible for delivering data and events so that the server can do all processing. This means that all features (like conditional alerts or performance triggers) are available for every type of event and performance data. NetCrunch License supports creating both simple stateless scripts and logic-based scripts.
- IPv4 and IPv6 full support
- Uniform processing for all data sources
- Uniform visualization
- Shorter Learning Curve
Flexibility & Customization
It’s impossible to list all things that can be customized in NetCruch! For instance, the console supports multiple monitors, allows docking and can automatically switch on full screen. You can create live maps with widgets showing live data or status and you can manage notifications through groups and user profiles (that can be integrated with AD). You can export data from NetCrunch License, build custom scripts or get data from a web page.
- Calculated Performance Counters
- 8 Types of Performance Triggers
- Conditional Alerts
- Custom Views
- Allows Scripting & API
- Alert Escalation
- MIB Compiler
- Multiple screens & docking support
- Automated Full-Screen Mode
- 20+ Integrations with external systems (Help Desk)
- Grafana plugin
NetCrunch Network monitoring is built on two basic blocks: performance metrics and events. Since every monitor and sensor delivers only events and metrics, you can apply the same conditions and triggers to any of them. NetCrunch does not require any agents to be installed. NetCrunch is also extendible with scripts and data that can be pushed into NetCrunch using HTTP.
NetCrunch uses SNMP for managing network devices (switches, printers, etc.). The program supports SNMPv3 traps and trap info packets, and includes trap forwarding. It also includes a MIB compiler and more than 8500 precompiled MIBs.
- SNMP v1, v2c, v3
- SNMP v3 Notifications and Info
- SNMP MIB Compiler
- 8700+ Precompiled MIBs
Switch and Router Monitoring
NetCrunch support various aspects of switch and router monitoring, including the status of network interfaces and bandwidth monitoring. The program automatically identifies Layer 2 connections and enables switch port mapping. Our Cisco IP SLA sensor allows you to monitor the status and parameters of IP SLA operations. NetCrunch License also supports traffic monitoring and analysis and supports Cisco NBAR technology.
- Bandwidth Monitoring
- Interface Monitoring
- Routing Maps
- Port Mapping with VLAN
- Layer 2 Maps
- Traffic Monitoring
- Cisco IP SLA Sensor
- VOIP monitoring
For more information Network License
Operating System and Server Monitoring
NetCrunch monitors the performance of Linux, Solaris, BSD and Mac OS servers and desktops remotely via SSH. It comes with predefined monitoring settings for each system. Windows monitoring is integrated with Active Directory and doesn’t require SNMP agents to be installed on servers. It allows for performance, Windows services, and Windows Event Log monitoring. You can also monitor files and folders on Windows (natively) and other systems (using FTP/s or HTTP/s). All monitors support performance metrics, process, and connection monitoring.
- Windows Server Monitoring
- Linux Server Monitoring
- Mac OS Server Monitoring
- BSD, FreeBSD, OpenBSD Server Monitoring
- Monitoring of Services, Processes, Events and Performance Metrics
- 10 WMI Sensors
Network Services & Application Monitoring
NetCrunch supports the monitoring of over 65 network services (ping, HTTP, DNS, DHCP, SSH, etc.). For each monitored service, the program checks connectivity then validates service response and measures response time.
NetCrunch can monitor an email mailbox, can alert on email content or run a round trip email sensor in order to check for mail server functionality. All sensors support secure connections. File and folder sensors support Windows (SMB) protocol, FTP (SFTP, FTPS) and HTTP/s protocols to access remote files.
- 70+ Service requests patterns
- Create custom service checks
- 65+ Monitoring Sensors
- SQL Query monitors (Oracle,MySQL, MariaDB, MS SQL, ODBC)
NetCrunch includes a Flow Server that allows you to collect and monitor network traffic information from various flow sources using: IPFix, NetFlow (v5 & v9), JFlow, sFlow, netStream, CFlow, AppFlow, and rFlow protocols. The program analyzes traffic by various categories including: applications, protocols and domain categories. NetCrunch supports Cisco NBAR and allows you to create custom application definitions and categories.
- NetFlow v5, v9 Monitoring
- IPFix Monitoring
- JFlow, sFlow, netStream, AppFlow, rFlow Monitoring
- Cisco NBAR v2 support
- Custom Application Monitoring
- Support for multiple flow sources
NetCrunch allows you to collect and react to events from various sources. It can receive various SNMP traps (including v3 notifications) and can act as a syslog server. Additionally, NetCrunch can collect data from Windows Event log via WMI or text logs using our text file sensor which can for example monitor remotely logs on Linux systems via SSH/bash. Text log sensor supports out of the box popular log formats such as Log4J and Apache Log Format.
- Syslog Server
- SNMP Trap Receiver
- Windows Event Log Monitoring
- File Sensor
- Text Log Sensor
- Parsing Expression including JS scripts
Hardware and Software Inventory
NetCrunch can collect inventory information from Windows nodes using WMI. The Inventory collects detailed data about hardware, operating system and installed software. The program also displays information on all installed patches.
- Hardware & OS Details
- Installed Software
- Installed Patches & Hotfixes
- Change Log
- Compare in time or between nodes
See examples on Github
- Schedule Exe, JScript, VBScript on NetCrunch Server
- Send data to NetCrunch using API
- Data File Sensor (HTTP, Windows/SMB, SSH/Bash)
- Examples available on GitHub
NetCrunch includes primary support for Cisco, VMWare and Microsoft technologies as they are our technology partners. The program supports various Cisco technologies including VOIP monitoring using IP SLA operations defined on Cisco devices. The NetCrunch Flow Server supports NetFlow and Cisco NBAR technology. NetCrunch monitors VMware ESXi v5.5/v6 including hardware health status monitoring and virtual machine monitoring. NetCrunch monitoring Hyper-V servers and virtual machines controlled by Hyper-V. For most popular applications like MS SQL and Exchange, NetCrunch offers about 200 predefined sets of monitoring rules called Monitoring Packs.
- Cisco Monitoring
- VMWare Monitoring
- Microsoft Monitoring
- NetApp Monitoring
- HP Monitoring
- IBM Monitoring
- Oracle Monitoring
- APC, Avaya, Juniper and more…
NetCrunch uses advanced techniques in order to minimize false alerts, especially when monitoring remote devices over intermediate links. Monitoring dependencies control the monitoring process, so when a link is down you are not flooded with false alerts. The program also prioritizes monitoring in order to monitor intermediate links more often than remote endpoints. Monitoring packs simplify the management of monitoring parameters, so instead of changing parameters node by node, users can easily apply monitoring packs to groups of nodes. See list of monitoring packs
- Monitoring Dependencies
- Event Suppression
- Prioritized Monitoring
- Monitoring Packs
Various Event Sources
NetCrunch is the primary source of various events like: status events (up/down), triggers on performance metrics or sensors and monitored statuses. The program also is also able to monitor external events by matching them with rules and triggering alerts. This allows you to trigger alerts and actions on SNMP traps, syslog messages or Windows Event log entries. NetCrunch keeps all alerts in a built-in SQL database.
- NetCrunch Status Events
- NetCrunch Sensor Events
- Performance Triggers
- Windows Event Log
- SNMP Traps & Notifications
- Web Message (via REST API)
One of the basic elements of network monitoring is tracking various performance metrics. Regardless of the origin of the metric, users can always use the same set of triggers to work on actual or average metric values. The average can be calculated upon a given sample number or by a given time range.
- Deviation Threshold
- Baseline Threshold
- State Trigger
- Flat Value
- Value Missing/Exists
NetCrunch supports various types of correlations for alerts. Every status event generated by NetCrunch has its beginning and end, so you can easily assign an action for when the alert starts and ends. This helps you to focus only on current problems instead of checking if something is still an issue. Other events can be correlated manually, so the administrator can assign what other event ends the alert. Advanced correlation allows also you to trigger events only if multiple events have happened within a given time range, or are pending at the same time. For example, this allows you to define an alert when two redundant interfaces are down.
- Automatic Active Alerts Correlation
- Manual Correlation of External Events
- Advanced Correlation
The simplest condition is to trigger an alert when an alerting condition is met. But what about something that did not happen? Like a scheduled backup? Among the alerting possibilities of NetCrunch, you can define alerts for when a specific event did not happen in a certain time range, or after a specified amount of time (heartbeat not received). Other conditions allow you to suppress alert execution for some time. For example, power loss should trigger an alert after several minutes. If power is restored within a given time, no action should be executed.
- On event
- if event happen after x time
- if event happen more than x time
- Only if time range
- Only if time not in range
- If event not happen in given time range
- if event not happen after x time
- if event is pending for more x
NetCrunch allows you to execute various alerting actions like: Notifications, Logging, Control Actions and Remote Scripts. Notifications are very flexible and can be controlled by user profiles and groups. Additionally, they can be combined with node group (atlas view) membership, so it’s possible to send notifications to different groups based on network node location or some other relationship. Logging actions allow you to write events to files, Windows Event log, SNMP Traps, syslog messages or triggering Web Hooks. Finally, remote actions can be executed on Windows, Linux, Mac OS or BSD machines. There are many standard actions included like: Restarting Services, Rebooting Machines or Shutdown.
- Notifications via Email, SMS (Text Message)
- Control Actions (Restart, Run, ShutDown, etc)
- Logging (Syslog, SNMP Traps, Windows Event Log, file)
- Execute Remote Scripts & Programs
- Integration with Help Desk and Mesaging systems like Jira, ZenDesk, Slack, Twitter and many others…
- 56 Predefined Alerting Actions available
Alert Escalation & Conditional Execution
NetCrunch License allows you to run actions immediately or after a certain time. This allows for escalating alert execution over time. The program also allows you to repeat the last defined action, so you may set it to keep running every day to remind you that a problem is not solved. Finally, actions can be executed when an alert is closed. Each action can be limited to run only if a triggering network node belongs to a given atlas view (these can be created by rules or manually) or within a given time range. This allows you to create flexible alerting scripts, for instance sending different notifications depending on the node location. Alerting scripts can be used for multiple alerts so you can limit actions to be executed only if an alert has a given severity.
- Run on alert start or after given time
- Run on close
- Run if severity matches
- Run only in given time range
- Run if node is member of Atlas view
Advanced Alert Processing
NetCrunch License uses various technologies to avoid false alerts or protect against alert floods which might be caused by a device malfunction. When a device sends Syslog or SNMP traps to NetCrunch, the program waits for several seconds and if the same message appears several times, it won’t trigger multiple alerts. Another technique (event suppression) is used for detecting false events caused by intermediate connection failures.