Network Spike Monitoring System
A Python-based network monitoring tool that tracks network usage, detects high traffic conditions, and alerts administrators via email and database logging.
Features
Real-time Network Monitoring
Continuously monitors sent and received network data rates
Anomaly Detection
- High usage alerts when traffic exceeds a configurable threshold
- Traffic spike detection based on historical average comparison
Multiple Alert Channels:
- Database logging (MySQL)
- Email notifications with rate limiting
- Console output and log file
Requirements
- Python 3.6+
- psutil
- mysql-connector-python
pip install psutil mysql-connector-python
System Requirements
- MySQL database server (Create a MySQL database named 001_network_monitor)
- SMTP email server access (Gmail supported by default)
Database Configuration
Update the DB_CONFIG dictionary with your database credentials:
DB_CONFIG = {
'host': 'your_database_host',
'database': '001_network_monitor',
'user': 'your_username',
'password': 'your_password'
}
Email Configuration
Update the EMAIL_CONFIG dictionary with your SMTP settings:
python
EMAIL_CONFIG = {
'smtp_server': 'your_smtp_server',
'smtp_port': 587,
'sender_email': 'your_email@gmail.com',
'sender_password': 'your_app_password', # Use app password for Gmail
'receiver_email': ['recipient1@example.com', 'recipient2@example.com']
}
Monitoring Parameters
Adjust these constants as needed:
- DATA_RATE_THRESHOLD: High usage threshold (default: 10 KB/s)
- SPIKE_MULTIPLIER: Spike detection multiplier (default: 2.0x average)
- HISTORY_SIZE: Number of historical data points for average calculation
- CHECK_INTERVAL: Monitoring frequency in seconds
The system creates two tables automatically
network_usage Table
- id: Auto-increment primary key
- timestamp: Date and time of measurement
- sent_rate: Data sent rate (bytes/s)
- recv_rate: Data received rate (bytes/s)
- total_rate: Total data rate (bytes/s)
- is_high_usage: Boolean flag for high usage
- is_spike: Boolean flag for traffic spikes
alerts Table
- id: Auto-increment primary key
- timestamp: Date and time of alert
- alert_type: Type of alert (HIGH_USAGE or SPIKE)
- message: Detailed alert message
- sent_rate, recv_rate, total_rate: Network rates at alert time
Usage
- Start Monitoring: Execute the script to begin monitoring
- Real-time Output: View current network rates and alerts in console
- Log Files: Check network_monitor.log for detailed logs
- Database Records: All measurements and alerts are stored in MySQL
- Email Alerts: Receive notifications for high usage and spike events
Alert Types
- High Usage Alert
- Triggered when total network rate exceeds DATA_RATE_THRESHOLD
- Traffic Spike Alert
- Triggered when current network rate exceeds the historical average by SPIKE_MULTIPLIER
- Rate Limiting
Email alerts include rate limiting to prevent notification spam:
Same alert types are limited to one email every 10 minutes
All alerts are still logged to database and console
Stopping the Monitor
Press Ctrl+C to gracefully stop the monitoring process. The system will log the shutdown event.
Troubleshooting
- Database Connection Issues: Verify MySQL is running and credentials are correct
- Email Delivery Problems: Check SMTP settings and authentication
- Permission Errors: Ensure script has necessary permissions for network monitoring
- High CPU Usage: Adjust CHECK_INTERVAL if monitoring is too frequent
Logging
All events are logged to network_monitor.log with timestamps, including:
- Measurement data
- Alert triggers
- System errors
- Database operations
- Email notifications
Customization
Modify the constants and configuration sections to adapt to your specific needs
- Adjust thresholds for your network environment
- Add additional alert types
- Extend database schema for more metrics
- Integrate with other notification systems