Network Management Security log server traffic monitoring

After your server is hosted and shelved in the data center, it will officially provide external services for 7x24 hours. The incoming and outgoing data packets in the server have a certain amount of traffic, and the data center will also monitor and control the traffic on your server. When traffic on your server is abnormal, they will immediately control the traffic.
Common traffic monitoring software include DU Meter, MRTG, PRTG, and SolarWinds. Currently, many hardware devices also have traffic monitoring functions.

How does the data center monitor incoming and outgoing traffic of our servers? The four software listed above, except DU Meter, can monitor each port of the switch. Maybe you will say that this software monitors the switch, not the traffic of my server. The traffic monitoring software uses SNMP (Simple Network Management Protocol, Simple Network Management Protocol, or small Network Management Protocol) to monitor switch inbound and outbound traffic.

Since your server was officially shelved by the data center's staff and officially connected to the Internet, your server traffic has been recorded by them, once you have any problems with the server traffic, they can send you a traffic diagram at any time, for example, the traffic diagram of a switch monitored by my company:

The vertical coordinates represent the highest network bandwidth reached by the switch, and the numbers on the horizontal coordinates represent the current and historical monitoring time of MRTG, the red arrow at the horizontal coordinate indicates the current monitoring time. There is a vertical red line at 0, which represents the intersection of two days, that is, in the middle of the night.

SolarWinds can reflect the traffic status of the port on the switch in different colors, and it has many gadgets that can be used for network management.

Once the data center staff find that your server traffic is abnormal, they will take appropriate measures, that is, speed limit is imposed on the ports connected to your server on the vswitch (the data center uses smart and manageable vswitches, there are a lot of commands in this type of switch to control the switch and the data packets through the switch), and then inform you that the server traffic is abnormal, and then you log on to the server to check the cause.

Of course, if your server traffic is abnormal due to DoS/DDoS attacks, the data center staff will contact you immediately if necessary, they will connect your server to a system that protects against DoS/DDoS attacks. (DoS/DDoS, Denial-of-Service (DoS), and distributed denial-of-service (DoS) consume available systems and bandwidth resources by using massive data packets that exceed the processing capability of the attacked target, an attack that paralyzes network services .)

The specific implementation technologies of traffic monitoring will not be detailed here. If you are interested, you can find them online. There are a lot of online tutorials waiting for you to explore, most of which are based on MRTG and SolarWinds.

Don't complain about your appetite. The technology needs to be embedded in your own brain. I will talk about it here. You may remember it today, but you may forget it in two days. Or that sentence: computer is very practical. If you do it yourself, you will have a much deeper impression on your brain than I have told you.