NetCrunch is designed to manage thousands of components. It allows you to manage using rules instead of individually. NetCrunch does many things automatically so that you can configure 100s nodes in just a couple of minutes. This might be quite a shock to you if you are used to working with legacy tools that require individual configuration.
NetCrunch combines the best technologies for the best results: a proprietary NoSQL database for network performance metrics history, an in-memory database for fast real-time status, and an embedded SQL database for storing alerts. It scales well on a single machine with multiple processors and several gigabytes of RAM. It can monitor over 1,000,000 performance parameters on a single server.
NetCrunch allows you to detect nodes automatically and also runs an auto-discovery process in the background. Once a node is discovered, NetCrunch scans its services and determines a device type or checks if it supports SNMP. Monitoring settings can be managed using Monitoring Packs, which define performance metrics, triggers, and events to be monitored. Monitoring Packs can be assigned manually or automatically by rules (based on the device type or other criteria). One can only create templates for monitoring nodes, including settings for monitors, alerts, and reports. The program also manages many views and dashboards and automatically creates routing maps, logical network maps, and Layer 2 maps.
NetCrunch has been created for uniform data processing and visualization. In a sensor or script-based tool, the monitoring logic is moved down to sensors, making it hard to update and manage. NetCrunch centralizes monitoring logic, instead. Monitors are responsible for delivering data and events so that the server can do all processing. This means that all features (like conditional alerts or performance triggers) are available for every type of event and performance data. NetCrunch supports creating both simple stateless scripts and logic-based scripts.
It's impossible to list all things that can be customized in NetCruch! For instance, the console supports multiple monitors, allows docking and can automatically switch on full screen. You can create live maps with widgets showing live data or status and you can manage notifications through groups and user profiles (that can be integrated with AD). You can export data from NetCrunch, build custom scripts or get data from a web page.
NetCrunch Network monitoring is built on two basic blocks: performance metrics and events. Since every monitor and sensor delivers only events and metrics, you can apply the same conditions and triggers to any of them. NetCrunch does not require any agents to be installed. NetCrunch is also extendible with scripts and data that can be pushed into NetCrunch using HTTP.
NetCrunch uses SNMP for managing network devices (switches, printers, etc.). The program supports SNMPv3 traps and trap info packets, and includes trap forwarding. It also includes a MIB compiler and more than 8500 precompiled MIBs.
NetCrunch support various aspects of switch and router monitoring, including the status of network interfaces and bandwidth monitoring. The program automatically identifies Layer 2 connections and enables switch port mapping. Our Cisco IP SLA sensor allows you to monitor the status and parameters of IP SLA operations. NetCrunch also supports traffic monitoring and analysis and supports Cisco NBAR technology.
NetCrunch monitors the performance of Linux, Solaris, BSD and Mac OS servers and desktops remotely via SSH. It comes with predefined monitoring settings for each system. Windows monitoring is integrated with Active Directory and doesn’t require SNMP agents to be installed on servers. It allows for performance, Windows services, and Windows Event Log monitoring. You can also monitor files and folders on Windows (natively) and other systems (using FTP/s or HTTP/s). All monitors support performance metrics, process, and connection monitoring.
NetCrunch supports the monitoring of over 65 network services (ping, HTTP, DNS, DHCP, SSH, etc.). For each monitored service, the program checks connectivity then validates service response and measures response time.
NetCrunch can monitor an email mailbox, can alert on email content or run a round trip email sensor in order to check for mail server functionality. All sensors support secure connections. File and folder sensors support Windows (SMB) protocol, FTP (SFTP, FTPS) and HTTP/s protocols to access remote files.
NetCrunch includes a Flow Server that allows you to collect and monitor network traffic information from various flow sources using: IPFix, NetFlow (v5 & v9), JFlow, sFlow, netStream, CFlow, AppFlow, and rFlow protocols. The program analyzes traffic by various categories including: applications, protocols and domain categories. NetCrunch supports Cisco NBAR and allows you to create custom application definitions and categories.
NetCrunch allows you to collect and react to events from various sources. It can receive various SNMP traps (including v3 notifications) and can act as a syslog server. Additionally, NetCrunch can collect data from Windows Event log via WMI or text logs using our text file sensor which can for example monitor remotely logs on Linux systems via SSH/bash. Text log sensor supports out of the box popular log formats such as Log4J and Apache Log Format.
NetCrunch can collect inventory information from Windows nodes using WMI. The Inventory collects detailed data about hardware, operating system and installed software. The program also displays information on all installed patches.
NetCrunch allows you to schedule monitoring scripts or programs on the NetCrunch Server, which can then return data to the server in XML or JSON format. Alternatively, users can send data to NetCrunch using REST API. This can be done with curl or any other programing language, including popular languages like Java, C#, Javascript or Python.
See examples on Github
NetCrunch includes primary support for Cisco, VMWare and Microsoft technologies as they are our technology partners. The program supports various Cisco technologies including VOIP monitoring using IP SLA operations defined on Cisco devices. The NetCrunch Flow Server supports NetFlow and Cisco NBAR technology. NetCrunch monitors VMware ESXi v5.5/v6 including hardware health status monitoring and virtual machine monitoring. NetCrunch monitoring Hyper-V servers and virtual machines controlled by Hyper-V. For most popular applications like MS SQL and Exchange, NetCrunch offers about 200 predefined sets of monitoring rules called Monitoring Packs.
NetCrunch uses advanced techniques in order to minimize false alerts, especially when monitoring remote devices over intermediate links. Monitoring dependencies control the monitoring process, so when a link is down you are not flooded with false alerts. The program also prioritizes monitoring in order to monitor intermediate links more often than remote endpoints. Monitoring packs simplify the management of monitoring parameters, so instead of changing parameters node by node, users can easily apply monitoring packs to groups of nodes. See list of monitoring packs
NetCrunch is the primary source of various events like: status events (up/down), triggers on performance metrics or sensors and monitored statuses. The program also is also able to monitor external events by matching them with rules and triggering alerts. This allows you to trigger alerts and actions on SNMP traps, syslog messages or Windows Event log entries. NetCrunch keeps all alerts in a built-in SQL database.
One of the basic elements of network monitoring is tracking various performance metrics. Regardless of the origin of the metric, users can always use the same set of triggers to work on actual or average metric values. The average can be calculated upon a given sample number or by a given time range.
NetCrunch supports various types of correlations for alerts. Every status event generated by NetCrunch has its beginning and end, so you can easily assign an action for when the alert starts and ends. This helps you to focus only on current problems instead of checking if something is still an issue. Other events can be correlated manually, so the administrator can assign what other event ends the alert. Advanced correlation allows also you to trigger events only if multiple events have happened within a given time range, or are pending at the same time. For example, this allows you to define an alert when two redundant interfaces are down.
The simplest condition is to trigger an alert when an alerting condition is met. But what about something that did not happen? Like a scheduled backup? Among the alerting possibilities of NetCrunch, you can define alerts for when a specific event did not happen in a certain time range, or after a specified amount of time (heartbeat not received). Other conditions allow you to suppress alert execution for some time. For example, power loss should trigger an alert after several minutes. If power is restored within a given time, no action should be executed.
NetCrunch allows you to execute various alerting actions like: Notifications, Logging, Control Actions and Remote Scripts. Notifications are very flexible and can be controlled by user profiles and groups. Additionally, they can be combined with node group (atlas view) membership, so it's possible to send notifications to different groups based on network node location or some other relationship. Logging actions allow you to write events to files, Windows Event log, SNMP Traps, syslog messages or triggering Web Hooks. Finally, remote actions can be executed on Windows, Linux, Mac OS or BSD machines. There are many standard actions included like: Restarting Services, Rebooting Machines or Shutdown.
NetCrunch allows you to run actions immediately or after a certain time. This allows for escalating alert execution over time. The program also allows you to repeat the last defined action, so you may set it to keep running every day to remind you that a problem is not solved. Finally, actions can be executed when an alert is closed. Each action can be limited to run only if a triggering network node belongs to a given atlas view (these can be created by rules or manually) or within a given time range. This allows you to create flexible alerting scripts, for instance sending different notifications depending on the node location. Alerting scripts can be used for multiple alerts so you can limit actions to be executed only if an alert has a given severity.
NetCrunch uses various technologies to avoid false alerts or protect against alert floods which might be caused by a device malfunction. When a device sends Syslog or SNMP traps to NetCrunch, the program waits for several seconds and if the same message appears several times, it won't trigger multiple alerts. Another technique (event suppression) is used for detecting false events caused by intermediate connection failures.
The NetCrunch Network Atlas is a central repository of all views, grouping network nodes by different categories like: nodes from the same network, nodes of a single layer 2 segment, or nodes located within the same area. It allows you to create many custom views and many of them are created automatically.
Each Atlas view has customizable dashboards. The Top Charts view aggregates information from all monitored nodes, while at the view level, dashboards show information filtered by a given node groups (like machine type or location).
Most NetCrunch views are live and updated in real-time. They can be also automatically arranged. Layer 2 segment maps show port status and can also show current traffic and aggregated volume on ports. Monitoring dependencies show a diagram of dependencies that can be discovered through router and switch connections. Custom maps with widgets can show the status of network objects (nodes, interfaces, services, alerts, etc.) and current performance metrics.
Graphical network maps are vital elements of network visualization. Unlike a tile based dashboard, maps show relations between elements or their location. NetCrunch maps can contain status elements for visualizing network object status and performance data widgets for showing current performance metric values.
In NetCrunch alerting, the most important view is the Active Alerts View which help you to focus on current issues instead of a history of alerts. The history view contains all alerts processed by NetCrunch and also stores performance data for a snapshot of all performance metric based alerts. The alert summary view gives a short overview by alert category in a given time range. The history view contains many predefined views and allows you to easily create new views with a visual query builder.
The Node Status window quickly summarizes all information about a given network node. The Summary shows all monitored elements and their status, plus node information like system type and basic metrics (for example servers show memory, disk and network utilization). On the performance tab you can see current and last 24 hrs values of performance data. The window shows different tabs depending on the node type.
NetCrunch includes additional tools for exploring node data. The SNMP Info viewer allows you to browse SNMP in an easy to understand way, with special views created for various devices. This tool also allows you to set SNMP variables. The WMI tool allows you to remotely browse WMI information. The Performance Trend Analyzer is accessible wherever performance history data is available: on node, dashboard and performance views. Finally you can customize the list of available tools in the console and let NetCrunch parameters be passed to external tools.
NetCrunch Server runs on x64 Windows Server systems (Windows 20012/2012 R2, Windows Server 2016, Windows 2019). It comes with its own web server and an embedded SQL database for storing monitoring events data. NetCrunch can be installed on a virtual machine, provided you assign it at least 2 processors and 3.5GB RAM. NetCrunch stores historical data in databases, but it processes all current data in-memory, which makes it superior in performance to SQL based solutions.
NetCrunch comes with a built-in SQL database for storing events generated by NetCrunch as well as events collected from SNMP Traps, syslog and Windows Event Log (WMI). For performance data, NetCrunch uses a proprietary noSQL file-based database, with no limit on the size or length of time your data is kept. Event data is accessible through the included ODBC driver.
The NetCrunch remote administration console can be installed on any Windows machine Windows 7 or later (32 bit or 64 bit systems). A large HD screen with 32-bit color support is required.
For the best experience, we recommend multiple monitors. Additionally, 50-inch monitors will allow you to see more aspects of the monitored network. However, a Surface Pro type device with a 13-inch screen and Windows 10 will run the console smoothly.
The console always displays real-time information and requires minimal bandwidth to operate as it transmits pure data instead of HTML like many other solutions. It runs even if the network delay is more than 200ms. It can be automated to switch between defined screens automatically.
You can browse your network status from any location using the NetCrunch Web Console via HTTP/S, which allows for restricting rights to particular views and operations. Console user accounts can be integrated with Active Directory. The best experience with multi-screen real-time operations is available through the Remote Administration Console running on Windows desktop.
The latest version of NetCrunch comes with a fork of the open source project Grafana. One of the top open source performance visualization projects, it greatly increases the possibilities of creating live performance dashboards and allows you to present data from various sources. The installer automatically simplifies integration of GrafCrunch with NetCrunch by creating user credentials to access data by GrafCrunch server.
NetCrunch is licensed per number of monitored nodes or port interfaces. So the license for 50 nodes allows you to monitor up to 50 nodes and up to 50 switch interfaces at the same time.
Depending on which number is greater.
Nodes can be bought in packages (minimum 25 nodes). The initial NetCrunch Suite package also contains 10 concurrent remote licenses and 1 remote probe licenses.
NetCrunch 11 is available as modular NetCrunch Monitoring System that allows you to add modules depending on your need or you can get NetCrunch Suite comprehensive monitoring package.
Customers of legacy editions - Premium and PremiumXE - with valid upgrade & tech support subscriptions receive respective licenses for version 11, but might not experience all benefits of NetCrunch 11 features.
