NetPulse NMS monitors every device on your network — servers, routers, switches, firewalls — with agent-based push or agentless SSH/WinRM pull collection. One dashboard, any scale, zero blind spots.
From raw metric ingestion to SLA tracking, RBAC, synthetic monitoring, and topology discovery — it's all here.
Metrics stream every 15 seconds into a time-series database. CPU, memory, disk, network interfaces, and custom counters.
SNMP polling, LLDP/CDP topology discovery, BGP/OSPF routing state, ARP cache, VLAN membership, STP status, and CEF tables.
Rule-based alerts with severity levels, on-call schedules, escalation policies, and multi-channel delivery — email, Slack, PagerDuty, and webhooks.
Scan subnets, fingerprint devices via SNMP and SSH banners, and auto-onboard them — including routers, switches, servers, and printers.
SSH keys and WinRM credentials stored encrypted. Decrypted at poll time only — never cached, never logged. Full vault access audit trail per operation.
HTTP, ICMP, TCP, DNS, and SSL health checks from your own infrastructure. SLA-grade uptime reporting with response time percentiles.
Built-in issue tracker with project boards, kanban views, custom workflows, SLA policies, and alert-to-ticket automation.
NetFlow / sFlow ingestion with per-application and per-IP traffic breakdown. Spot bandwidth hogs in seconds with interactive charts.
RBAC, SSO (SAML 2.0 / OIDC), TOTP 2FA, API keys, rate limiting, audit logs, and configurable data-retention policies.
Hardware inventory, software asset tracking, asset groups, lifecycle status, and contract data — all linked to monitored devices.
Schedule maintenance windows to automatically suppress alerts. Full history, approval workflows, and impact reporting.
Receive and parse SNMP traps and syslog events, correlate them with device state, and trigger automated incident workflows.
Deploy lightweight agents on hosts you control, or SSH/WinRM into devices where installing an agent isn't possible. Both produce identical metric records.
A lightweight agent runs on your host and pushes metrics directly to the collector endpoint over HTTPS every 15 seconds.
Background workers SSH or WinRM into targets on a configurable schedule. Credentials live in the Vault — never in the database.
Docker Compose brings the entire platform online. Add your first device and metrics start flowing immediately.
One command spins up the entire platform — backend, workers, database, and the web frontend. TLS is automatic with zero config.
Multi-tenant from day one. Each org gets fully isolated database rows enforced at the database level. Invite team members by email.
Paste an agent token and start the agent — or scan a subnet to auto-onboard agentless targets via SNMP fingerprinting.
Define thresholds, assign on-call engineers, and add escalation policies. Alerts route to PagerDuty, Slack, email, or custom webhooks.
Live topology map, time-series charts, availability heatmaps, SLA reports, and PDF exports — all filterable by device group.
# 1. Clone & configure git clone https://github.com/your-org/nms cp .env.example .env # Edit .env with your settings # 2. Start all services docker compose up -d # 3. Apply database migrations ./database/migrate.sh # 4. Open the dashboard open https://localhost # 5. Deploy a device agent docker compose \ --profile agent up -d # Done — metrics flowing ✓
Enterprise security isn't a bolt-on. It's baked into every layer — from database row isolation to vault-encrypted credentials.
Database-level row isolation enforces tenant separation automatically. No query can accidentally leak cross-tenant data — ever.
Every API request validates a signed token carrying tenant and role claims. Roles gate every single endpoint — no exceptions.
SAML 2.0 / OIDC for enterprise SSO. Time-based one-time passwords (TOTP) for 2FA. Both enforced per security policy.
SSH keys and WinRM credentials stored encrypted. Decrypted at poll time, never cached in memory, every access logged.
Every significant action — login, config change, vault access — immutably recorded with actor, timestamp, and source IP.
Per-tenant and per-endpoint rate limits protect the collector endpoint under high agent volumes.
Configure automatic purge of metrics, audit logs, and events by retention window. GDPR-compliant by design.
Webhook signing secrets stored as cryptographic hashes — never returned via API, verified on every delivery.
NetPulse NMS is production-ready. Deploy it in minutes and start monitoring everything.