En KNMguide41

Network Monitor
User Guide
version 4.1
September 4, 2012
About Kaseya
Kaseya is a global provider of IT automation software for IT Solution Providers and Public and Private Sector IT organizations. Kaseya's IT Automation Framework allows IT Professionals to proactively monitor, manage and maintain distributed IT infrastructure remotely, easily and efficiently with one integrated Web based platform. Kaseya's technology is licensed on over three million machines worldwide.
Agreement
The purchase and use of all Software and Services is subject to the Agreement as defined in Kaseyas Click-Accept EULA as updated from time to time by Kaseya at http://www.kaseya.com/legal.aspx. If Customer does not agree with the Agreement, please do not install, use or purchase any Software and Services from Kaseya as continued use of the Software or Services indicates Customers acceptance of the Agreement.
Copyright 2000-2012 Kaseya International Limited. All rights reserved.
Contents
Network Monitor Overview 1
Network Monitor Concepts ............................................................................................................................ 2 Distributed Servers and Gateways ................................................................................................................ 3
Installation
Installation Checklist ...................................................................................................................................... 6 Standard, Distributed and Gateway Installs .................................................................................................. 6 Server Sizing ................................................................................................................................................. 6 Network Monitor System Requirements ........................................................................................................ 7 Selecting a Service Account .......................................................................................................................... 8 Logging On .................................................................................................................................................... 8 Running the Startup Guide ............................................................................................................................ 8 Administrator settings .......................................................................................................................... 9 Network Discovery settings ................................................................................................................. 9 Mail settings ...................................................................................................................................... 10 SMS device configuration ................................................................................................................. 10 Review and Save Settings ................................................................................................................ 11 Upgrading an existing installation ................................................................................................................ 12
The management interface
13
Introduction and basic management ........................................................................................................... 14 Logging in .......................................................................................................................................... 14 Maintaining licenses .......................................................................................................................... 14 Objects......................................................................................................................................................... 14 Listing and searching objects ............................................................................................................ 14 Adding empty objects ........................................................................................................................ 16 Adding objects from templates .......................................................................................................... 16 Network discovery ............................................................................................................................. 17 Importing objects ............................................................................................................................... 19 Editing a single object ....................................................................................................................... 21 Editing multiple objects ..................................................................................................................... 23 Displaying object details .................................................................................................................... 24 Monitors ....................................................................................................................................................... 25 Listing and searching monitors ......................................................................................................... 25 Adding a new monitor ....................................................................................................................... 27 Editing a single monitor ..................................................................................................................... 28 Editing multiple monitors ................................................................................................................... 29 Display monitor details ...................................................................................................................... 30 Operators and operator groups ................................................................................................................... 31 Operators .......................................................................................................................................... 31 Operator groups ................................................................................................................................ 38 Searching for operators and operator groups ................................................................................... 41 Networks ...................................................................................................................................................... 41 Listing and searching networks ......................................................................................................... 41 Adding a new network ....................................................................................................................... 42 Editing a network ............................................................................................................................... 43 Displaying network details ................................................................................................................. 43 i
Managing logon accounts............................................................................................................................ 44 Adding a logon account ..................................................................................................................... 44 Editing a logon account ..................................................................................................................... 44 Listing and searching logon accounts ............................................................................................... 45 Displaying logon account details ....................................................................................................... 46 Logon accounts and Windows authentication ................................................................................... 46 Schedules and events ................................................................................................................................. 47 Scheduled events .............................................................................................................................. 47 Maintenance schedules .................................................................................................................... 59 Operator schedules ........................................................................................................................... 61 Reports ........................................................................................................................................................ 64 Introduction........................................................................................................................................ 64 Report items ...................................................................................................................................... 65 Customized reports ........................................................................................................................... 71 Report templates ............................................................................................................................... 73 Adding content to reports .................................................................................................................. 74 Style templates .................................................................................................................................. 75 Viewing reports.................................................................................................................................. 77 Emailing and publishing reports ........................................................................................................ 78 Scheduling reports ............................................................................................................................ 80 Quick reports ..................................................................................................................................... 80 The dashboard ............................................................................................................................................ 81 Dashboard overview.......................................................................................................................... 82 Dashboards and operator rights........................................................................................................ 82 Creating dashboards ......................................................................................................................... 82 Changing dashboard settings ........................................................................................................... 83 Sharing dashboards .......................................................................................................................... 83 Deleting dashboards ......................................................................................................................... 83 The system default dashboard .......................................................................................................... 84 Creating widgets................................................................................................................................ 84 Changing widget settings .................................................................................................................. 84 Deleting widgets ................................................................................................................................ 84 Widgets ............................................................................................................................................. 84 Network maps ................................................................................................................................... 89 System settings ........................................................................................................................................... 98 Email and SMS settings .................................................................................................................... 98 Log settings ....................................................................................................................................... 99 NOC view settings ........................................................................................................................... 101 Data type settings............................................................................................................................ 102 Miscellaneous settings .................................................................................................................... 103 System administration page ............................................................................................................ 106 Service Desk ................................................................................................................................... 107
Alarms and alert handling
109
Monitor status progression ........................................................................................................................ 110 Responding to alarms................................................................................................................................ 110 Action lists ................................................................................................................................................. 110 Listing action lists ............................................................................................................................ 111 Adding a new action list .................................................................................................................. 111 Editing an action list ........................................................................................................................ 111 Adding and editing actions .............................................................................................................. 112 Acknowledging alarms............................................................................................................................... 113 Recovering from alarms ............................................................................................................................ 114 24 Hour Alarm List ..................................................................................................................................... 114
ii
Advanced topics
115
Compiling custom MIB files ....................................................................................................................... 116 MIB Browser .............................................................................................................................................. 117 SNMP Traps .............................................................................................................................................. 118 Windows service list .................................................................................................................................. 118 Data extraction reference .......................................................................................................................... 118 dir..................................................................................................................................................... 119 monitor_graph ................................................................................................................................. 119 monitor_status_list .......................................................................................................................... 119 monitor_statusstring ........................................................................................................................ 120 monitor_uptimestring ....................................................................................................................... 120 object_xml ....................................................................................................................................... 121 objectlist_xml ................................................................................................................................... 123 operator_status ............................................................................................................................... 124 test_status ....................................................................................................................................... 125 version ............................................................................................................................................. 125 Init.cfg parameters ..................................................................................................................................... 125 Gizmo ........................................................................................................................................................ 127 Local Downloads ....................................................................................................................................... 128 Log search ................................................................................................................................................. 129 Message format options ............................................................................................................................ 130 NOC views ................................................................................................................................................. 132 Creating custom NOC views ........................................................................................................... 133 Object templates........................................................................................................................................ 134 Listing object templates ................................................................................................................... 134 Adding an object template ............................................................................................................... 135 Importing object templates .............................................................................................................. 135 Exporting object templates .............................................................................................................. 136 Linking an object to a template ....................................................................................................... 136 Unlink an object from its template ................................................................................................... 137 Simulate alarm ........................................................................................................................................... 138 SMS device configuration .......................................................................................................................... 139 System administrator console ................................................................................................................... 141 Toplists ...................................................................................................................................................... 143 Troubleshooting Windows monitoring and authentication......................................................................... 145 Network Monitor Service account and rights assignment ............................................................... 146 Monitors using Windows authentication .......................................................................................... 146 Event log monitor ............................................................................................................................ 147 Service monitor ............................................................................................................................... 147 External resources .......................................................................................................................... 147 Troubleshooting............................................................................................................................... 147 UNIX system support files ......................................................................................................................... 149 Web server configuration........................................................................................................................... 151 Active Directory integration ............................................................................................................. 151 Auto login ........................................................................................................................................ 152 Restricting access ........................................................................................................................... 153 Enabling secure HTTP .................................................................................................................... 153 Interface port settings ...................................................................................................................... 154 Backup and restore ................................................................................................................................... 155 Backup of Network Monitor ............................................................................................................. 155 Restore of configuration .................................................................................................................. 155 Lua ............................................................................................................................................................. 156 Local dependencies................................................................................................................................... 157 50 latest syslog messages ........................................................................................................................ 159
iii
Distributed edition
161
Distributed edition introduction .................................................................................................................. 162 Server and gateway communication ......................................................................................................... 163 Time synchronization................................................................................................................................. 163 Server configuration .................................................................................................................................. 163 Gateway configuration ............................................................................................................................... 164 Assigning objects to a gateway ................................................................................................................. 165 Action lists on gateways ............................................................................................................................ 166 Troubleshooting ......................................................................................................................................... 166
Monitor reference
169
Active Directory monitor ............................................................................................................................ 171 Bandwidth utilization .................................................................................................................................. 172 CIM Monitor ............................................................................................................................................... 174 Citrix server ............................................................................................................................................... 175 CPU utilization ........................................................................................................................................... 175 Database server ........................................................................................................................................ 176 DHCP query .............................................................................................................................................. 176 Directory property ...................................................................................................................................... 177 Disk utilization ............................................................................................................................................ 178 DNS lookup ............................................................................................................................................... 179 Environment monitor ................................................................................................................................. 179 Event log .................................................................................................................................................... 180 File change ................................................................................................................................................ 181 FTP server ................................................................................................................................................. 182 IMAP4 server ............................................................................................................................................. 182 LDAP query ............................................................................................................................................... 183 Log file ....................................................................................................................................................... 183 Lua script ................................................................................................................................................... 184 Mail server QOS ........................................................................................................................................ 185 Memory utilization...................................................................................................................................... 185 Microsoft Exchange monitor ...................................................................................................................... 186 Microsoft SQL server monitor .................................................................................................................... 187 MySQL monitor .......................................................................................................................................... 188 NNTP server .............................................................................................................................................. 190 Oracle monitor ........................................................................................................................................... 190 Ping............................................................................................................................................................ 192 POP3 server .............................................................................................................................................. 193 Process status ........................................................................................................................................... 193 Radius monitor .......................................................................................................................................... 193 SMTP server .............................................................................................................................................. 195 SNMP ........................................................................................................................................................ 195 SNMP trap ................................................................................................................................................. 196 SSH2 script ................................................................................................................................................ 197 SSH2 server .............................................................................................................................................. 198 Swap file utilization .................................................................................................................................... 198 Syslog ........................................................................................................................................................ 199 TCP port scan ............................................................................................................................................ 199 Telnet server .............................................................................................................................................. 199 Terminal service ........................................................................................................................................ 200 TFTP server ............................................................................................................................................... 200 Transfer speed .......................................................................................................................................... 200 VMware performance ................................................................................................................................ 201 Web server ................................................................................................................................................ 202 iv
Windows performance ............................................................................................................................... 203 Windows service status ............................................................................................................................. 204 WMI Query monitor ................................................................................................................................... 204
Action reference
207
Clear event log .......................................................................................................................................... 208 Execute command via SSH2 ..................................................................................................................... 208 Execute Lua script ..................................................................................................................................... 209 Execute Windows command ..................................................................................................................... 210 HTTP Get/Post .......................................................................................................................................... 210 List reset .................................................................................................................................................... 211 Net Send .................................................................................................................................................... 212 Paging via PageGate................................................................................................................................. 212 Send mail ................................................................................................................................................... 213 Send SMS ................................................................................................................................................. 214 SNMP Set .................................................................................................................................................. 214 Wake-on-LAN ............................................................................................................................................ 215 Windows service control ............................................................................................................................ 216
Windows Performance Monitoring
217
Windows performance registry .................................................................................................................. 218 How to verify that KNM have access to remote registry service ..................................................... 218 Memory leaks in remote registry service on monitored machine .................................................... 219 Caching of counters ........................................................................................................................ 219 Windows Management Instrumentation (WMI) ......................................................................................... 219 Verifying that WMI is enabled for the account ................................................................................ 221 Adjusting the firewall settings .......................................................................................................... 223 Additional for non-administrator users ............................................................................................ 223 Verifying that WMI works ................................................................................................................ 223 Full index of Microsoft WMI troubleshooting articles....................................................................... 225
Index
227
Network Monitor Overview

Network Monitor is a web-based monitoring solution for monitoring the performance and availability of a wide array of network devices. Network Monitor monitoring is agentless, meaning it does not install any software or files on monitored machines. Network Monitor comes with 37 built-in methods of monitoring. These methods can be extended using Lua scripts. Advanced Network Monitor features include multi-level alarm escalations, and the ability to configure alarm dependencies so that service providers only receive the most relevant alarms. All common operating systems are supported, including: AIX (4.2 and above) CentOS Debian Fedora FreeBSD HP-UX Generic Linux OpenBSD OpenSUSE 10.2 Red Hat Enterprise Server Solaris Ubuntu Windows
Note: See System Requirements (http://help.kaseya.com/WebHelp/EN/System-Requirements.asp).
Functions
Installation (page 5) The management interface (page 13) Alarms and alert handling (page 109) Advanced topics (page 115) Distributed edition (page 161) Monitor reference (page 169) Action reference (page 207) Lua (page 156)
Description
Provides system requirements, installation instructions and startup configuration. Discusses how to use the web-based administration interface in Network Monitor. Discusses alarm configuration and notification using actions and actions lists and recovery action lists. Provides an introduction to advanced Network Monitor configurations. Describes how to configure the Distributed Edition of Network Monitor. Provides a reference to all standard KNM monitors. Provides a reference to all standard KNM actions that can be associated with action lists and triggered by an alarm condition. Introduces how to extend Network Monitor functionality using Lua scripts.
Network Monitor Concepts

Familiarize yourself with the following terms and concepts to help quick start your understanding of Network Monitor. Object - An object represents a computer or any other device that can be addressed by an IP number or host name. An object contains settings that are common to all monitors in that object. Network - Within Network Monitor the term network refers to user-defined grouping of objects. Member objects of a Network Monitor network do not have to belong to the same physical network. Network Monitor networks can be compared to a folder in a file system. Every object must be a member of a Network Monitor network. You can activate and deactivate an entire network of objects. Monitor - A monitor tests a specific function in an object. Most monitors are capable of collecting various statistical data for reporting purposes. If a monitor fails a test it firsts enter a failed state. After a number of consecutive failed tests it then enters an alarm state. When entering an alarm state a monitor executes a number of actions specified in the alarm action list used by the particular monitor. Action list - An action list defines a number of actions to be executed as a monitor enters, or recovers from, an alarm state. Object template - An object template serves as a base model for objects. It can be used to quickly initialize new objects. Object templates are not counted as regular objects in the license quota. Operator - Network Monitor users are called operators. An operator contains login information, contact information and privileges. An operator can be a member of one or more operator groups. Operator group - An operator group is a collection of operators. Each object in Network Monitor is assigned to one operator group. Notifications sent as a response to a monitor entering an alarm state are normally sent to the object's operator group. Account - An account is a set of credentials used by a monitor, action or event to carry out an operation.
Status Icons
A monitor is always in one specific state. This state is visualized in the Network Monitor interface with different colors. An object or network always displays the most important state reported by any single monitor that belongs to it. Icons are listed below, ranked by their importance. - The monitor is deactivated. - This icon is used in the Distributed Edition only. The monitor status is unknown because the gateway responsible for the monitor is not connected. - This icon is used for objects and networks only. All monitors in the object or network are deactivated, but the object or network itself is active. - The monitor has entered an alarm state. - The monitor has failed one or more tests, but has not yet entered alarm state. - The monitor is ok. Additional guidelines: Any state other than deactivated is an activated state. An activated monitor tests its object. Deactivating any or all monitors of an object does not deactivate the object. Deactivating any or all objects of a network does not deactivate their parent network. Deactivating an object deactivates all of its member monitors. Deactivating a network deactivates all of its member objects.
Other Commonly Used Icons

- This icon displays the properties of an item and allows you to edit them
Network Monitor Overview - This icon indicates that the object or monitor is inherited from a template. Monitors inherited from a template can not be edited directly. - This icon indicates that the object or monitor is in maintenance state and is not currently monitored. - This icon displays a list of items. - This icon displays a view of an item.
Distributed Servers and Gateways

Network Monitor monitors the entire network by installing gateways on separate subnets. A Network Monitor gateway performs all monitoring tasks performed by the Network Monitor server, with the following exceptions: All data collected by the gateway is forwarded to a distributed edition (page 162) of Network Monitor server for notification, reporting and disk storage. No independent web interface exists for a Network Monitor gateway. Network Monitor administrators always log into the Network Monitor server.
Chapter 1
Installation
In This Chapter
Installation Checklist Standard, Distributed and Gateway Installs Server Sizing Network Monitor System Requirements Selecting a Service Account Logging On Running the Startup Guide Upgrading an existing installation 6 6 6 7 8 8 8 12
Installation
Installation Checklist
We recommend that you complete the following pre-installation checklist before installing Network Monitor. 1. Estimate the memory required by Network Monitor to monitor the number of objects on your network, using the recommendations in Server Sizing (page 6). Ensure the system hosting the Network Monitor server has enough free memory to run Network Monitor. 2. Check that the system hosting the Network Monitor server meets all software and hardware requirements (page 7). 3. Ensure the Windows account used by the Network Monitor service has sufficient privileges (page 8). 4. If SNMP is used, install and start the Windows SNMP service on the Network Monitor host machine. The SNMP service on the host machine must specify the same communities used by Network Monitor. 5. If ODBC logging is going to be enabled using Settings > Program settings > Log settings (page 99), create a ODBC system data source on the Network Monitor host machine. 6. If a GSM phone is used, install it and verify that it responds correctly to standard AT commands in a terminal program. When completed you are ready to install Network Monitor. After installing Network Monitor and connecting to the web interface for the first time, consult the topic Running the Startup Guide (page 8).
Standard, Distributed and Gateway Installs

During a KNMsetup.exe install you are asked to select one of the following options. The Distributed and Gateway (page 3) options only apply if you are monitoring multiple subnets. Standard - Selected by default. If monitoring a single subnet, select this option. Recommended for first time evaluations. Distributed - If monitoring multiple subnets, select this option if installing the server all gateways send data to. Gateway - If monitoring multiple subnets, select this option if sending data to a distributed server.
Server Sizing
Recommended minimum requirements for Network Monitor depend on the number of objects you intend to monitor, assuming 10 monitors per object.
Installation
Note: An Network Monitor object is a unique IP address. A monitor is a single test or metric of that object. For example, a Windows machine, represented by a single IP address, might have many monitors, with each monitor returning data about a different performance metric for that machine.
Minimum requirements up to 100 objects 1 GHz CPU 2 GB memory 5 GB free disk space (1) Minimum requirements up to 250 objects 2 GHz CPU 2 GB memory 10 GB free disk space (1) Minimum requirements up to 500 objects (3) Dual core >2 GHz CPU 4 GB memory 15 GB free disk space (1) (2) Minimum requirements up to 1000 objects (3) Intel 2 GHz Quad core CPU 4 GB memory 25 GB free disk space (1) (2) Minimum requirements up to 1500 objects (3) Intel 2 GHZ Quad core CPU 4 GB memory 40 GB free disk space (1) (2)
Notes
1
Disk consumption is noted per year for a normal installation with the described number of objects and monitors 2 Kaseya recommends that Network Monitor be installed on a 1+0 Raid array with at least 4 GB of RAM for best possible report generation performance 3 Kaseya recommends that you run the Network Monitor installation on a dedicated machine.
Network Monitor System Requirements

Requirements for Each Agent Machine Hosting a Network Monitor Server or Network Monitor Gateway Windows 2003, 2008, or 2008 R2 with the latest service pack Network Monitor comes with its own database and HTTP server
Note: A Network Monitor gateway has the same system requirements as the Network Monitor server but stores no data locally on its own disk. All data is sent back to the the Network Monitor server for storing on disk.
Supported Browsers Microsoft Internet Explorer 7.0 or newer Opera 9.0 or newer Firefox 3.5 or newer (Recommended for best viewing experience) The following features must be enabled in your browser settings. 7
Installation Accept third party cookies Javascript enabled Cookies are required to keep track of the user session. Java scripts are used by the web interface and must be enabled.
Selecting a Service Account

Kaseya Network Monitor is a Windows service that is installed to logon using a service account.
Using the LocalSystem account

The built-in LocalSystem account is the default service account assigned to the Kaseya Network Monitor service when installing. While the LocalSystem account is the most convenient way to get Network Monitor up and running, it has many privileges that are unnecessary to run Network Monitor locally.
Note: We recommend the Kaseya Network Monitor service be assigned a service account using the
fewest number of privileges possible. The Network Monitor account manager can then be used to
impersonate Windows accounts with elevated permissions when these permissions are required for tests, actions and events.
Network Monitor Required Privileges

Network Monitor requires the service account it is assigned to have the following file system permissions: READ, WRITE and EXECUTE to Network Monitor base directory READ, WRITE, MODIFY to all sub-directories The service account may also require the Act as part of operating system privilege to enable Windows account impersonations. Consult your Windows documentation to determine if this privilege must be added.
Logging On
After installing Network Monitor the next step is to logon to the web interface. Use either of the following two methods to display the web interface logon page. Click the link to the web interface in the Network Monitor program folder in the start menu. Use the following link if you are configuring Network Monitor from the Network Monitor host. http://localhost:8080
Note: This link above assumes you accepted the standard parameters during the installation and the Network Monitor web server is running on the default 8080 port. If you have installed Network Monitor on a different host, replace the localhost host name with the name of the Network Monitor host.
Running the Startup Guide

Logging on the first time to the web interface displays a step-by-step Startup Guide to help you get Network Monitor ready to use. The Startup Guide has five steps. 8
Installation Administrator settings (page 9) Network discovery settings (page 9) Mail settings (page 10) SMS device configuration (page 10) Review and Save Settings (page 11)
Note: A person logging into the Network Monitor server is referred to as an operator. Each operator can only have one logon session open at one time.
Administrator settings
1. Enter the username and password of the default Network Monitor operator. Remember that the password is case sensitive. 2. Configure an email address for this operator. The email address is used when Network Monitor is sending notifications or reports. 3. (Optional) Configure an phone number for this operator. The phone number is used when Network Monitor is sending SMS notifications. 4. Clicking Next creates the default operator you will use to logon to Network Monitor after completing the Startup Guide.
Network Discovery settings
If you would like to discover objects on a network immediately, enter values for the following. Network discovery - Specify the first 3 octets of a subnet. 9
Installation Windows logon account settings - An administrator level Windows credential is required to return some types of scan data from Windows objects. Use the domain\username format to enter a domain username. UNIX logon account settings - An administrator level UNIX credential is required to return some types of scan data from UNIX objects. SNMP settings - Enter the SNMP community name used by devices on this subnet.
Note: The system hosting the Network Monitor server must have the Windows SNMP Service running to use SNMP monitoring. Any community specified by Network Monitor for monitoring must also be specified by the SNMP Service on the host machine. See Installation Checklist (page 6).
Mail settings
To send email notifications and reports you need to configure the email server settings. Two email servers can be configured: a primary server and a secondary backup server used in case the primary server is unreachable. Primary server - Enter the host name of the primary email server. If your server requires credentials when sending mail, enter those below. If you are uncertain leave the username and password fields blank. (Optionally) Secondary server - Enter the host name of the server and optionally credentials used when Network Monitor sends an email. This server is used by Network Monitor if the primary SMTP server is unreachable. Default return address - Enter an address that Network Monitor uses as its From address. If you want to skip this step and configure these parameters later, click Next to continue. To display these settings again later, select Settings > Program settings > Email & SMS settings.
SMS device configuration
If have an SMS device connected to a com port on the Network Monitor host you can configure Network Monitor to send SMS notifications.
10
Installation Configure SMS - Select this box if you have an SMS device connected to the Network Monitor host. Com port - select the serial port the SMS device is connected to. Baud rate - Select the baud rate. This is the speed the SMS device is capable of sending and receiving over the COM port. A setting of 2400 is recommended, if you're not sure what to select. PIN code - If your SMS device is a GSM phone or modem, you might need to unlock the SIM card with a PIN code. Enter that PIN code in the PIN code field. Test settings - Click the button to test the configuration, if the test fails make necessary changes or uncheck the Configure SMS check box to skip this part of the wizard.
Operator phone number

If you did not enter a phone number on the first step in the startup guide you can enter it in the My settings (page 37) page, without the phone number. Network Monitor is unable to send the operator an SMS notification. You are able to access the My settings page when you logon after the startup guide is completed.
Tested SMS devices

Falcom Samba Falcom Swing Falcom Twist Nokia 30 Z-text fixed line SMS modem In addition to this list almost all modern GSM phones and modem works. The requirement is that the device should support Text mode sms and that it can be connected to a com port. It may also be connected to an USB port but the device driver must be able to emulate a standard serial port so it can be discovered by Network Monitor.
Review and Save Settings
1. The final step of this startup guide is confirming the information you have filled in previous pages. If you want to change any of the information, click the Previous button to go back.
11
Installation 2. Clicking the Next button redirects you to the login page and asks for the username and password that you entered in the first page.
Upgrading an existing installation

Installing updates for Network Monitor is done by installing the new version you downloaded into the current Network Monitor directory. Before updating your production environment you should always install a test version to familiarize yourself with new and possibly changed features.
Deploying a test installation

Install the test version of Network Monitor on a different machine than your production Network Monitor host machine and copy the configuration data files. Its very important that you install the test installation on a different machine, failure to do so can interrupt your production environment. Install Network Monitor on a test machine After the install have completed, shutdown Network Monitor on the test machine. Copy the following files from your production Network Monitor directory into the Network Monitor directory on the test machine. settings.rds dbconfig.nxd init.cfg statistics\current.nxd statistics\current.nxr Start the test installation of Network Monitor.
Note: Distributed Edition only. One limitation with a test installation is that no gateway connects to the test installation as they are configured to connect to your production environment. Do not change this, if you want to test gateway features, create a new gateway on the Network Monitor test installation and install it on a gateway test machine.
When you are satisfied with the tests you can move on and update your production environment. Updating your production environment Make a backup copy of your current version. Including the following files: settings.rds dbconfig.nxd (DE Only) \gateways \statistics Shutdown KNM Install the update into the current directory Done
12
Chapter 2

In This Chapter
Introduction and basic management Objects Monitors Operators and operator groups Networks Managing logon accounts Schedules and events Reports The dashboard System settings 14 14 25 31 41 44 47 64 81 98
13
Introduction and basic management

This section describes how to logon to Network Monitor and register a license.
Logging in
Open the login page by clicking Open Kaseya Network Monitor in the program group Kaseya network monitor on the start menu. Alternatively, you can manually specify the URL to the Network Monitor host machine in your browser's address bar. The Network Monitor management interface is usually running under port 8080 (this can be changed), so if the host name is KNM the URL would be: http://KNM:8080
Enter the username and password of the operator and click the Login button to proceed. Remember that the password is case sensitive. After a successful logon you are redirected to the dashboard (page 82).
Maintaining licenses
Please see the System administration (page 106) page for details on how to maintain Network Monitor licenses.
Objects
This section describes how to add new objects (page 3) into the Network Monitor configuration as well as manage existing objects.
Listing and searching objects

The most common way for interacting with objects is using the Object list view. To open the Object list view, expand the Object menu and choose List.
14

The Object list view
The object list
Commands
In the upper section of the Object list view, a number of commands are listed. These commands affect objects that are selected in the list only. Activate - Activates the selected objects. Copy - Creates copies of the selected objects. Deactivate - Deactivates the selected objects. Delete - Deletes the selected objects. The operator must confirm the delete operation. Edit - Opens the multi edit view (page 23) for the selected objects. Link - Links the selected objects to an object template. New - Creates a new empty object. Unlink - Unlinks the selected objects from their object templates. View report - Views a report for the selected objects.
Selecting objects
To select objects from the list, place a check mark in the selection column to the left. It's also possible to select a range of objects by first clicking the start position in the list, then hold the shift key and click the end position. All the objects in between the selected positions selected.
The toolbar
Underneath the commands is a toolbar containing various settings for the Object list view. Refresh - Toggles the automatic refresh of the Object list view. View - Allows the operator to specify how many objects should be listed in the object list view. Prev & Next - These commands are links to the previous. Next is active if the number of objects in the configuration is greater than the number of objects currently displayed in the view. Search bar - In the search bar it is possible to search in the Object list view only (compared with the search bar in the menu). Objects can be searched using following terms. Name of object Host name or resolved IP address Operator group name Network name System type Filter - From the filter box, several pre-defined filters can be selected. The visible objects in the Object list view change depending on what filter is selected. It is possible to click the header columns in the list view to sort on the given property. For example, clicking System type displays objects sorted by system type. By default, objects are sorted according to their name. Notice that objects in alarm, or failed state, are always listed first in the list.
15
Searching for objects

You can use the search bar located in the main menu to globally search for items in the Network Monitor configuration. To find a specific object, you can enter either the name, description, IP number or host name in the search bar. The search result displays immediately. The benefit of using the search bar in the menu is that you can find an object from any page, instead of having to open the Object list view.
Searching for an object with the search bar
Adding empty objects

To create a new empty object, expand the New object menu from the Object menu, and select the Empty object menu option. The New object page displays. For information about the object properties page, see Editing a single object (page 21).
The object properties view
After all required information has been entered, click the Save button and the new object will be created.
Adding objects from templates

When an object is created from an object template, it can be linked to the template or immediately unlinked on creation. If an object is linked to a template, its monitors also remain connected to the template. This means whenever you make a change to the template monitor, those changes propagate down to objects linked to the template. It's possible to unlink (page 137) individual monitors in an object linked to a template, if required. This allows you to individualize certain monitors. An object linked to a template may still contain monitors unique to the object, in addition to linked monitors.
16
The management interface To create a new object initialized from an object template, expand the New object menu from the Object menu, and select the From template menu option. A list with all current object templates displays. Select the desired object template by clicking the name.
Selecting the object template
Object initialization
After selecting the desired object template, the object initialization page displays.
Initialization of the new object
In this page you can select what monitors from the template that you want to include in the new object. You can also choose to immediately unlink (page 137) the new object from its template. Clicking the Continue button displays the object properties screen. After filling out the required information, in exactly the same way as when creating empty objects, click the Save button to create the new object.
Network discovery
The Network Discovery function can help you to quickly configure a large number of objects. After the network discovery process is complete, the operator can select among the discovered objects and add them to the configuration. Starting a new network discovery clears the list of objects previously discovered.
17
Starting network discovery
Network discovery settings
Subnet - The first three octets of a network, for example 192.168.42 Range start - The first final octet to start from, must be greater or equal to 1. Range end - The last final octet, must be less or equal to 255 Scanning method - It's possible to select between three different methods of scanning the network. Selecting Full scan is slowest but discovers all known devices. The default ARP and Ping method is quicker but possibly does not discover all connected devices. ARP only generates the quickest results but with less accuracy. Gateway - Distributed Edition only. Select the gateway to run the network discovery process on. If the server is selected, Network Monitor performs network discovery on the server. SNMP community - Select the default SNMP read community to use during the network discovery.
Windows account - Select the account to use when authenticating with Windows hosts SSH/Telnet account - Select the account to use when authenticating with UNIX hosts and other shell access capable hosts Click the Start button to start the network discovery process. The operator is redirected to the main network discovery page where the results are displayed.
Waiting for the result

A network discovery can take anywhere between 1 and 15 minutes depending on the IP range scanned as well as the scanning method chosen. The network discovery page shows a progress indicator in the upper left corner while it is running. During the process, new objects are added to the list as soon as they are discovered. It's possible to add objects from the list to the configuration at anytime.
The network discovery page while running
Configuring an Object
A discovered object must be configured within Network Monitor before it can be monitored.
18
The management interface association. To add objects to the configuration you need to select them from the list of discovered objects and click the Add object link.
Add object to configuration
Operator group - Select the operator group to assign the new objects to. Alarm action list - Select an action list to be assigned as the alarm action list for the objects. Recovery action list - Optionally select an action list to be assigned as the recovery action list for the objects. Network - Select a Network Monitor network to place the objects in. A Network Monitor network is a logical grouping of objects, not to be confused with a physical network. Select the Default network if you haven't created your own network yet. Create dependency - Check this option to automatically create per object dependencies. This requires that the object contains at least two discovered monitors, of which at least one is a ping monitor. Add empty - Check this option to add the objects to the configuration without any monitors.
Importing objects
Objects can be imported to Network Monitor using different methods to quickly add new objects to the system. This section describe these methods.
19
Import from Active Directory

Objects can be imported into the configuration from an Active Directory server or an LDAP server.
Import from AD/LDAP page
The import is made in two steps. First, you need to specify the server from where you are importing the objects and the credentials to be used when authenticating with the server. The directory entry contains a search path to specify where to start searching the directory. When clicking the Perform lookup button, Network Monitor authenticates with the specified server and searches the directory. The search results displays in the Discovered objects section. To import the objects found in the directory, select the desired objects from the list. Specify the operator group and a network to assign to them to, then press the Import objects button.
Import from seed file

Objects can be imported from a seed file containing object definitions. This function can only be accessed by operators with the system administrator flag set. This function is found under the Tools menu.
The import from seed file dialog
20
The management interface The seed file must be a text file formatted according to the following syntax: Object name; Object address; Object description [;Object template] CR+LF Object name - Name of the object. Object address - The address of the object. This can be a host name or an IPv4 number. Object description - Description of the object. Object template - Name of an existing object template (page 134) that used to initialize the new object. This parameter is optional.
Example
IServer;192.168.0.1;My server Each line in the seed file must be terminated with a newline. Each individual field must be separated with a semicolon. To import objects from the seed file, select the file from the local machine and press the Import button. After the import has finished a status message displays.
Editing a single object

To edit the properties of a single object, either click the properties icon in any list view, or click the Properties command from the Object information (page 24) view. The Object properties page displays.
Basic object properties
Basic object properties

This section contains the basic properties for an object. Name - Enter a name for the object. This should be a descriptive name used to identify the object in lists and notifications sent to operators. Address - Enter the network address of the object. This can be a host name or an IPv4 number. Network - Select the network to add the object to. The network is an organizational unit that works similar to a folder in a file system. Operator group - Select the operator group responsible for this object. Only operators that belong to the selected operator group will get notifications from monitors of this object. Gateway - Distributed Edition only. Select the gateway the object will be assigned to. Select Server if you do not wish to assign the object to a gateway. System type - Select the object's system type. The system type determines the type of monitors that can be added to this object. If you do not know what system type the object is or the system type is unavailable, select the Generic/Unknown option. For Windows Performance monitors to work properly, it's essential that the system type is specified correctly. Description - The description field can be used to describe the object in greater detail. For example, the type of hardware or physical location.
21
The management interface Free text - The free text field can be used to include other information about the object and can also be included in alarm notifications. SNMP community - The default SNMP read community used for all SNMP monitors of this object. Note that the community can be changed in individual monitors; this is only a default value.
Action list (Alarm and Recover) - The action lists used by default by monitors of the object. Monitors can be customized to use other action lists in the monitor property page. Active - If checked the object is considered active. Active objects test their monitors. This option is checked by default.
Authentication settings
This section contains the authentication settings for objects with a Windows or UNIX system type. Logon accounts are generally administered with the Account manager (page 44), but new logon accounts can be created immediately within the object properties page.
Authentication settings
Default account - Specifies the default authentication account to be used for all monitors of the object. If you want to immediately create a new logon account, click the New account link. Username - Enter the username for the account. For Windows hosts, it's recommended to specify the username using the DOMAIN\USERNAME format. Password - Enter the password for the account. Description - Enter a description for the account. Operator group - Logon accounts are tied to a specific operator group. Only operators that are members of the selected operator group are able to use the logon account. Clicking the Verify account button makes Network Monitor try to verify that the specified information is correct by authenticating using the new object. Clicking the Save account button stores the specified information and selects the account automatically.
Advanced object properties

This section contains advanced properties that normally use their default values. This section is automatically hidden but can be expanded by clicking the click to expand/hide link in the Advanced properties section.
22
The management interface Time zone - By selecting a time zone, the monitors in the object display their real time charts in the object's local time. Default MIB - Select the default MIB file to use with this object. This MIB file is automatically selected when opening the MIB browser when configuring SNMP monitors of this object. Favourite - Checking this option flags the object as a favourite for the current operator. This is useful for commonly accessed objects as they can be displayed on the dashboard in the favourites widget. No SSH2 connection sharing - If this is an object that performs tests using an SSH2 connection, you can optionally check this option to disable the connection sharing feature. Normally only one connection is opened and then shared among all monitors using SSH2 with this object. Disabling the SSH2 connection sharing results in more logons on the SSH server, but can be useful if you experience any problems with your connections. No inspection - Normally Network Monitor performs an object inventory of all objects regularly, to discover hardware and attached devices. You can disable this automatic inspection by checking this option. Wake-On-LAN - The MAC address of the object. Leave this blank to force Network Monitor to query the object for the MAC address automatically when the object is saved. After all required information has been entered, click the Save button to store your changes, or the Cancel button to return to the previous page without making any changes.
Editing multiple objects

It is possible to edit the properties of multiple objects at the same time. You first select the desired objects from the Object list view. To edit the selected objects, select the Edit command in the list. The Edit multiple objects page displays.
The Edit multiple objects page
The objects you selected to edit are listed in the first section. You can now make changes to several properties of those objects at once. The following properties can be changed: Network - Assign the specified network to the selected objects. Operator group - Assign the specified operator group to the selected objects. Alarm action list - Assign the specified action list as the default alarm action list for the selected objects. Recover action list - Assign the specified action list as the default recovery action list for the selected objects. Default account - Assign the specified logon account as the default logon account for the selected objects. Time zone - Set the specified time zone as the time zone for the selected objects.
23
The management interface Default MIB (advanced section) - Set the specified MIB file as the default MIB file for the selected objects. Favourite (advanced section) - Flag the selected objects as favourites. No inspection (advanced section) - Disable the automatic object inspection for the selected objects. NOC configuration (advanced section) - Assign the specified NOC views to the selected objects. Initially, all properties are marked as No change, meaning that each respective property will not be altered by the multi edit operation.To save your changes, click the Save button, or click the Cancel button to return to the previous page without making any changes.
Displaying object details

To view the details of an object, click the objects name in any list view, or in the search bar. Network Monitor displays the Object information view for that object.
The Object information view
The object information view
The Object information view is divided into three sections. In the upper part, Network Monitor displays generic information about the object such as its name and address. The next section displays all monitors that are configured in the object, their individual status and other information. The bottom section displays related reports for the object. This section is dynamically updated by Network Monitor and changes according to the kind of monitors configured for the object.
Alarm history
If one or more monitors in the object have entered the alarm state or recovered, an additional field displays in the generic information section, showing the recent alarm activities.
The alarm history
Gateway information
Distributed Edition only - If the object is assigned to a gateway, the object information view also shows the gateway and when it last sent an update to the Network Monitor server.
24

Object gateway information
Commands
In the upper part of the Object information view, a number of commands are displayed. The commands affect the currently viewed object only. The commands displayed to the operator are dependant on the current operator's access rights. To execute a command, click it. Activate/Deactivate - The command activates or deactivates the current object. If the object is currently active, the deactivate command displays and vice versa. Delete - Deletes the current object. The operator must confirm the delete operation. Make template - Creates an object template (page 134) based on the current object. Properties - Opens the properties page for the current object. Search log - Open the Log search page for the current object. View report - Opens the View report page for the current object.
Monitors
This section describes how to create monitors as well as manage existing monitors in Network Monitor.
Listing and searching monitors

Usually, the most common way for interacting with monitors is using the Monitor list view. Alternatively, the operator first navigates to the relevant object and then finds the monitor in the monitor section of the Object information view.
The Monitor list view

To open the Monitor list, expand the Monitors menu and choose List. The Monitor list view displays.
Opening the monitors menu
The monitor list
Commands
In the upper section of the Monitor list view, a number of commands are listed. These commands affect the monitors selected in the list only. Acknowledge - Opens the acknowledge alarm page for the selected monitors. This alarm command is only relevant for monitors currently in alarm state and does not respond to monitors in any other state. Activate - Activates the selected monitors.
25
The management interface Copy - Creates copies of the selected monitors. The operator must select the target object for the copied monitors. Deactivate - Deactivates the selected monitors. Delete - Deletes the selected monitors. The operator must confirm the delete operation. Edit - Opens the multi edit view (page 29) for the selected monitors. Test now - Tests the selected monitors immediately. View report - Displays a report of the selected monitors.
Selecting monitors
To select monitors from the list, place a check mark in the selection column to the left. It's also possible to select a range of monitors by first clicking the start position in the list, then hold the shift key and click the end position. All the monitors in between the selected positions are selected.
The toolbar
Underneath the commands is a toolbar containing various settings for the Monitor list view. Refresh - Toggles the automatic refresh of the Monitor list view. View - Allows the operator to specify how many monitors should be listed in the Monitor list view. Prev & Next - These commands are links to the previous and the next sets of monitors. Next is active if the number of monitors in the configuration is greater than the number of monitors currently displayed in the view. Search bar - Use the search bar to search the monitor list. Monitors can be searched using the following search terms. Monitor name Monitor description Monitor type Object name System type of the object Filter - Several pre-defined filters are available. The monitors displayed by the Monitor list view change, depending on the filter selected. It is possible to click the header columns in the list view to sort on the given property. For example, clicking Object displays the monitors sorted by their object name. By default, monitors are sorted by name. Notice that monitors in the alarmor failedstate, are always listed first in the list.
26
Adding a new monitor

Since a monitor always exists inside an object, first locate the relevant object where you wish to create the monitor. Then open the object information (page 24) view for that object, and click the New monitor command in the monitor section. Network Monitor displays the new monitor page.
The new monitor page
The new monitor page is organized into categories of monitors, with the Preconfigured category on top. You can expand and collapse individual categories by clicking the + and -icons in the tree. The system type of the object dictates what types and categories are available.
Preconfigured monitors
This category contains monitors that Network Monitor have automatically configured for the object. When you click the monitor name it is immediately added to the object and removed from the Preconfigured category.
No monitors in the preconfigured category?

The most common reasons why no monitors, or unexpected, monitors are displayed in the Preconfigured category are: The system type is not correctly set in the object. The object has no default account set. The preconfigured category already contains all the monitors Network Monitor is able to preconfigure.
Searching for monitors

The Search field helps you find a specific monitor type. Enter a keyword and press the search button. To clear the search you have to clear the field and click the Search button again.
Creating the monitor

When you have found the desired monitor, click the monitor name and the monitor property page displays to do initial configuration of the monitor. For information about editing monitor properties see the Editing a single monitor (page 28) section.
27
Editing a single monitor

To edit the properties of a single monitor, either click the properties icon in any list view, or click the Properties command from the Monitor information (page 30) view. The monitor Edit monitor page displays.
Basic monitor properties

This section contains the basic properties for a monitor.
Basic monitor properties
Name - Enter a name for the monitor. This should be a descriptive name and is used to identify the monitor in lists and notifications sent to operators. Test interval - The test interval of the monitor in seconds. The minimum value is 10 seconds.
Advanced monitor properties

This section contains various advanced parameters for a monitor.
Advanced monitor properties
Alarm generation - This is the sensitivity of the monitor, and defines the number of consecutive tests the monitor must fail to enter the alarm state. A higher number makes the monitor less sensitive. Alarm test interval - The test interval of the monitor in seconds while the monitor is in alarm state. Sometimes it's useful to let Network Monitor test a monitor with a different interval once it has entered alarm state, and the default is 600 seconds (10 minutes). Alarm action list - The alarm action list that the monitor uses once it enters the alarm state. If no alarm action list is selected, the monitor uses the alarm action list specified in the object. Recover action list - The recover action list that the monitor uses once it returns from alarm to normal state. If no recover action list is selected, the monitor uses the recover action list specified in the object. Store statistics - Specifies if the monitor should store statistical data or not. This option is checked by default. Chart resolution - The time span of real time charts on the monitor information view. Group channels - Specifies how many statistics channels that should be grouped into the same chart. This is mainly useful for monitors such as the Environment monitor that store separate statistics data for different external sensors. Chart layout - How many real time charts that should be displayed side-by-side on the monitor information view. 28
The management interface Active - Specifies if the monitor is active or not. A monitor that is not active does not perform any tests. This option is checked by default. Alarm message - This specifies the alarm message that sent with notifications once the monitor enters the alarm state. If no alarm message is specified, the monitor uses the default alarm message specified in the system settings (page 103) page. Recover message - This specifies the recover message sent with notifications once the monitor returns from alarm to normal state. If no recover message is specified, the monitor will use the default recover message specified in the system settings (page 103) page. Alarm subject - The subject line of notifications sent when the monitor enters alarm state. If no alarm subject is specified, the monitor uses the default alarm subject specified in the system settings (page 103) page. Recover subject - The subject line of notifications sent once the monitor returns from alarm to normal state. If no recover subject is specified, the monitor uses the default recover subject specified in the system settings (page 103) page.
Monitor filtering section

This section contains alarm filtering options for the monitor. The available options depend on the type of monitor being edited. This feature makes it possible to filter out categories of alarms for a monitor. For example, if a monitor is causing false alerts due to an unstable network connection, filtering out the Network errors category would make Network Monitor ignore those types of errors. By default, all types of errors are alerted on.
The alarm filtering section
Monitor specific properties

This section contains properties specific to a certain type of monitor. In this section you configure thresholds and other options directly related to the function of the monitor. For a complete reference on all parameters, see the monitor reference (page 169) section.
Monitor specific settings
Statistics section
This section contains display settings for each type of statistical data recorded by the monitor. If checked, the specified data is shown in the real time charts on the monitor information view.
Monitor specific settings
After all the required information has been entered click the Save button to store your changes, or the Cancel button to return to the previous page without making any changes.
Editing multiple monitors

It is possible to edit the properties of multiple monitors at the same time. First select the desired monitors. This can be done from either the Monitor list view, or the Object information view. To edit the selected monitors, select the Edit command in the list. The Edit multiple monitors page displays.
29
Editing different types of monitors

If the monitors selected for multi editing are of the same type, for example CPU utilization monitors, some monitor-specific properties are available for multi editing. If monitors of different types are selected, no monitor-specific properties are available for multi editing.
The monitors you selected to edit are listed in the first section. You can now make changes to several properties of those monitors at once. The following properties can be changed: Test interval - Set the specified test interval for the selected monitors. Alarm - Set the specified alarm generation value for the selected monitors. generation Alarm test - Set the specified alarm test interval for the selected monitors. interval Alarm action - Assign the selected alarm action list to the selected monitors. list Recover - Assign the selected recovery action list to the selected monitors. action list Store - Toggle storage of statistics data for the selected monitors. statistics Chart - Set the specified chart resolution for the selected monitors. resolution Group - Specify the number of statistics channels to group into the same channels chart for the selected monitors. Chart layout - Set the specified chart layout for the selected monitors. Initially, all properties are marked as No change, meaning that each respective property will not be altered by the multi edit operation. Similarly, text input fields are all empty, meaning that the respective property will not be altered. To save your changes, click the Save button, or click the Cancel button to return to the previous page without making any changes.
Display monitor details

To view the details of a monitor, click the monitor's name in any list view. Network Monitor displays the Monitor information view for that monitor.
30
The monitor information view
The monitor information view
The Monitor information view is divided into two sections. In the upper part, Network Monitor displays generic information about the monitor such as its test interval, type and relevant object. The bottom section displays real time charts specific to the monitor. The kind of statistics data available depends on the type of monitor.
Commands
In the upper part of the Monitor information view, a number of commands are displayed. The commands affect the currently viewed monitor only. The commands displayed to the operator are dependent on the current operator's access rights. To execute a command, click it. Activate/Deactivate - The command activates or deactivates the current monitor. If the monitor is currently active, the deactivate command displays and vice versa. Delete - Deletes the current monitor. The operator must confirm the delete operation. Properties - Opens the properties page for the current monitor. Search log - Open the Log search page for the current monitor. Simulate alarm - Displays an example of an alert generated for this monitor Test now - Tests the current monitor immediately.
Operators and operator groups

This section describes how to manage operators and operator groups in Network Monitor.
Operators
Users of Network Monitor are called operators. To gain access to the management interface and/or receive notifications a user must be added as an operator.
31
Listing operators
All operators currently configured in Network Monitor are listed on the Operator list view. To open the Operator list view, select Operators from the Settings menu.
Opening the operator list view
The operator list view
Commands
In the upper section of the Operator list view, a number of commands are listed. These commands affect operators that are selected in the list only. Assign to group - Assigns the selected operators to a specified group. The operator must select the operator group to assign the operators to. Delete - Deletes the selected operators. The operator must confirm the delete operation. Edit - Opens the multi edit view (page 35) for the selected operators. New operator - Creates a new operator. See Editing an operator (page 33) for details.
Selecting operators
To select operators from the list place a check mark in the selection column to the left. It's also possible to select a range of operators by first clicking the start position in the list, then hold the shift key and click the end position. All the operators in between the selected positions are selected.
Adding operators
To add a new operator, click the New operator command from the Operator list (page 32) view. The Operator properties page displays. For information about the Operator properties page and details about editing operators, see the Editing a single operator (page 33) topic. After all required information has been entered, click the Save button and the new operator will be created.
32
Editing a single operator

To edit the properties of a single operator, click the view. The Operator properties page displays. properties icon from the Operator list (page 32)
Basic operator properties
Basic operator properties

This section contains the basic properties for an operator. Name - This is the username of the operator. This cannot be changed once the operator has been created. See Contact name below to enter real name information. Password - To set the password for an operator, enter the new password twice; once in the Password box and then enter the same password in the Verify password box. Description - A generic description of the operator. This field is not available from the My settings (page 37) page. Operator group - This field lists the operator groups that the operator is a member of. When creating a new operator, it is possible to select an initial operator group that the operator becomes a member of.
Note: Operators not belonging to any operator group cannot logon to the user interface. They can only receive alarm notifications and reports.
Email - This is the email address for the operator. This is the email address alerts are sent to for this operator. It is possible to enter several email addresses by separating each with a comma. SMS number - This is the SMS phone number for the operator. This is the phone number SMS alerts are sent to for this operator. Contact name - The real name of the operator. This information can be embedded into alert messages. Contact phone - The contact phone number of the operator. This information can be embedded into alert messages. Contact cellphone - The contact cellphone number of the operator. This information can be embedded into alert messages. Contact address 1 - The contact address of the operator. This information can be embedded into alert messages. Contact address 2 - The contact address of the operator. This information can be embedded into alert messages.
33
The management interface Additional - Additional information about the operator. This field is not available from the My settings (page 37) page. Simple interface - When this option is set, more advanced features in the management interface are hidden by default. You can display advanced features by expanding them. Email format - This specifies the format of outgoing emails to this operator. The available choices are plain text or HTML formats. There is also a special HTML format for Outlook 2007 users. Outlook 2007 uses the Word HTML rendering engine, which requires special formatting to be displayed correctly. Refresh - This specifies the refresh time in seconds for various pages in the management interface.
Advanced operator properties

This section contains a few advanced operator properties. They can be normally left at their default values.
Report style - When reports are viewed in the management interface, or scheduled to be sent automatically, the reports use a specific style in regards to color, fonts etc. The style is specified per report, but this setting allows Network Monitor to force another report style to be used instead, when viewing or sending reports to this operator. View report - This setting changes how reports should be viewed in the management interface. When viewing a report the report can either be displayed in the same browser window, or opened in a new browser window. Compression - This setting specifies a threshold in Kilobytes. Above this threshold Network Monitor sends compressed data to the operator. A setting of 0 indicates no compression. Disable history - When set, the usage history window to the right in the management interface longer displays.
Operator access configuration section

This section contains access rights configuration for the operator. For full details about access rights, see the Operator access rights (page 36) topic.
34

Individual access rights can be specified in this section. An access right of modify always implies read rights, so it is not necessary to specify both in this case. The buttons in the bottom of this section can be used to quickly set access rights for commonly used operator configurations.
Dashboard widget access configuration section

This section contains access rights configuration for individual dashboard widgets. If set, the operator has the ability to use that particular widget. For information about the dashboard and different widgets see the dashboard (page 82) section.
Dashboard widget access configuration.
After all the required information has been entered click the Save button to store your changes, or the Cancel button to return to the previous page without making any changes.
Editing multiple operators

It is possible to edit the properties of multiple operators at the same time. First select the desired operators from the Operator list view. To edit the selected operators, select the Edit command in the list. The Editing multiple operators page displays.
Basic and advanced properties section

The operators you selected to edit are listed in the first section. A few of the basic and advanced properties can be edited for multiple operators at the same time. They are listed in the next sections.
Operator multi edit basic and advanced properties
35
Operator access configuration section

In this section you are able to add, and remove, specific access rights from the selected operators. For example, to remove access to scheduled events for all the selected operatorsbut leave the other access rights of individual operators intactyou would select Clear option in the scheduled events box. Please consult the operator access rights (page 36) topic for more information about access rights.
Operator multi edit access configuration
Dashboard widget access configuration section

In this section you are able add and remove access to a specific dashboard widget for the selected operators. Please consult the dashboard (page 82) section for more information about dashboard widgets.
Dashboard access section
Initially, all properties are marked as No change, meaning that each respective property will not be altered by the multi edit operation. Similarly text input fields are all empty, meaning that the respective property will not be altered. To save your changes, click the Save button, or click the Cancel button to return to the previous page without making any changes.
Operator access rights

An operator in Network Monitor has a set of access rights that determines exactly what the operator is allowed to do. This topic describes these access rights in detail. Access right name
Operators/Groups
Explanation
If the operator has modify access, the operator can create, and modify, other
36

operators. This access right is normally reserved for system administrators. Networks If the operator has modify access, the operator can create, and modify, networks (page 41). Read access for "Group objects" operators means they are able to see networks containing "their" objects only. If the operator has modify access, the operator can create, and modify, objects (page 14). Read access for "Group objects" operators means they are able to see "their" objects only. If the operator has modify access, the operator can create, and modify, monitors (page 25). Read access for "Group objects" operators means they are able to see "their" monitors only. If the operator has modify access, the operator can add custom entries to the Network Monitor system log. The operator is flagged as a system administrator. Several features in Network Monitor are accessible by system administrators only, such as accessing the "System administration page" or editing network maps (page 89). The operator can create, and modify action lists (including actions). This access right is normally reserved for system administrators. The operator can create, and modify dashboards. Note: an operator is never able to edit dashboards belonging to other operators, except for shared dashboards (page 83). The operator can create, and modify, dependency trees. This is an advanced feature that is normally reserved for system administrators. The operator can create, and modify, logon accounts (page 44). This access right is normally reserved for system administrators. If the operator has access, the operator can create scheduled events. "Group objects" operators are able to create scheduled events related to "their" objects only. If the operator has access, the operator can create and modify maintenance schedules. "Group objects" operators are able to create maintenance schedules for "their" objects only. If the operator has access, the operator can create and modify operator work schedules. This access right is normally reserved for system administrators. If the operator has modify access, the operator can create and modify reports and report templates. Read access is required to view reports in the management interface. "Group objects" operators are able to view reports related to "their" objects only. If the operator has access, the operator can modify system settings. This access right is normally reserved for system administrators. If the operator has access, the operator can access the My settings page to change his own contact information as well as change password. If the operator has the Group objects access right, the operator is only able to access objects that belongs to an operator group the operator is a member of. For example: Operator A is a member of two different operator groups, Group 1 and Group 2. Only objects that belong to either Group 1 or Group 2 will be accessible for Operator A. If the operator has the Auto login access right, the operator can be used with the Auto login feature. For details refer to the Auto login (page 152) section. If the operator has the Acknowledge alarms access right, the operator is able to acknowledge alarms. For details refer to the Acknowledging alarms (page 113) section.
Objects
Monitors
System log System admin
Action lists Dashboards Dependency trees Logon accounts Scheduled events Maintenance schedules
Operator schedules Reports
Settings My settings Group objects
Auto login Acknowledge alarms
The My settings page

The easies way to change basic settings of the currently logged on operator, is to use the My Settings page. This page is accessible by operators with the My settings access right set. The My settings page
37
The management interface can be opened from the Settings menu.
Opening the My settings page
In the My settings page you can update your contact information, change password and make other minor modifications to the current operator.
The My settings page
For details about the properties that can be edited for an operator, refer to the Managing operators and operator groups (page 38) section. After all the required information has been entered click the Save button to store your changes, or the Cancel button to return to the previous page without making any changes.
Operator groups
An operator group is a collection of operators. Each object in Network Monitor always belongs to one operator group. In this way, an operator group in Network Monitor can be thought of as being in charge of an object. Normally, alerts for a monitor are sent to the operator group responsible for the object.
Listing operator groups

All operator groups are listed on the Operator group list view. To open the Operator group list view, select Operator groups from the Settings menu.
38

Opening the operator group list view
The operator group list view
Commands
In the upper section of the Operator group list view, a number of commands are listed. These commands affect operator groups that are selected in the list only. Delete - Deletes the selected operator groups. The operator must confirm the delete operation. New group - Creates a new operator group. See Editing an operator group (page 40) for details.
Selecting operator groups

To select operator groups from the list place a check mark in the selection column to the left. It's also possible to select a range of operator groups by first clicking the start position in the list, then hold the shift key and click the end position. All the operator groups in between the selected positions are selected.
Adding operator groups

To add a new operator group, click the New group command from the operator group list view. The operator group properties page displays. For information about the operator group properties page and details about editing operator groups, see the Editing an operator group (page 40) section. After all required information has been entered, click the Save button and the new operator group will be created.
Adding operators to an operator group

There are two different ways to add operators to an operator group.
Using the operator group properties page

When creating or editing an operator group, it is possible to add operators from the properties page. Select the operator to be added to the operator group, and click the Add button. The operator is moved to the members list box. In a similar way, operators that are currently added to the operator group can be removed by selecting the operator from the member list box, and clicking the Remove button. To store the changes permanently click the Save button, or click the Cancel button to return to the previous page without making any changes.
Using the Assign to group command

A quick way to assign several operators to an operator group is by using the Assign to group command. This can be done from the operator list view. First, select the operators that you want to add to an operator group.
Selecting operators
39
The management interface Then click the Assign to group command. The Assign to group page displays.
The assign to group page
Select the operator group that you want to add the operators to and click the Select button to add it to the list. You can select more than one operator group. Then click the Ok button to assign the operators to the selected operator groups. When finished the operator list displays again.
Editing an operator group

To edit the properties of an operator group, click the properties icon from the Operator group list (page 38) view. The operator group properties page displays.
The operator group properties page
Name - This is the name of the operator group and should be a descriptive name. Description - A longer description of the operator group. Default - Specifies the operator group as the default operator group. The default operator group is initially selected when creating new objects. Operator - All the available operators in Network Monitor are listed in this field. To add an operator to the operator group, select it from the list and click the Select button. Current members - Lists all operators that are currently added to this operator group. To remove an operator from the operator group, select it from the list and click the Remove button. Group manager - The group manager specifies one operator to be assigned as manager for the operator group. When using operator schedules to schedule operator working hours, the group manager is the default contact when no other operator are available. After all the required information has been entered click the Save button to store your changes, or the Cancel button to return to the previous page without making any changes.
40
Searching for operators and operator groups

You can use the search bar located in the main menu to globally search for items in the Network Monitor configuration. To find a specific operator or operator group, you can enter either the name or description of an operator or operator group in the search bar. The search results display immediately.
Searching for operators and operator groups with the search bar
Networks
This section describes how to create and edit existing networks in Network Monitor.
Listing and searching networks

The most common way for interacting with networks is using the Network list view.
The Network list view

To open the Network list, expand the Networks menu and choose List.
Opening the network menu
The network list
Commands
In the upper section of the Network list view, a number of commands are listed. These commands affect networks that are selected in the list only. Activate - Activates the selected networks. Deactivate - Deactivates the selected networks. Delete - Deletes the selected networks. The operator must confirm the delete operation. New networks - Creates a new network. View report - Views a report for the selected networks.
Selecting networks
To select networks from the list, place a check mark in the selection column to the left.
Organization of the network list

The network list is organized with the networks listed and their objects directly underneath them, in a tree fashion.
41
The management interface To expand a network to see the objects contained inside, click the + icon to the left of the network name.
An expanded network with its objects visible
The objects listed are linked to the object information view for the object. Each object's individual status is also visible. To fold the network back to hide the objects, click the - icon to the left of the network name.
Searching for networks

You can use the search bar located in the main menu to globally search for items in the Network Monitor configuration. To find a specific network, you can enter either its name or description in the search bar. The search result displays immediately. The benefit of using the search bar in the menu is that you can find a network from any page, instead of having to open the Network list view.
Searching for a network with the search bar
Adding a new network

To create a new network select the New network menu option from the Network menu. The network properties page displays. For information about the network properties page, see the Editing a network (page 43) topic.
The network properties page
After all required information has been entered, click the Save button and the new object is created.
42
Editing a network
To edit the properties of a network, click the Properties command from the Network information (page 43) view. The network properties page displays.
Network properties
The network properties page
Name - Enter a name for the network. This should be a descriptive name. It is used to identify the network in lists and notifications sent to operators. Description - Enter a generic description of the network. Active - If checked the network is considered active. Objects in an active network test their monitors. This option is checked by default. Make default - Specify this network as the default network for new objects. Favourite - Checking this option flags the network as a favourite for the current operator. This is useful for commonly accessed networks as they can be displayed on the dashboard in the favourites widget.
Contact information
The following information can be embedded in alert messages. Company - Related company information for this network. Address - Related address information for this network. Phone / Fax - Related phone and fax number for this network. Contact name - Related contact name information for this network. Email - Related email contact for this network. Cellphone - Related cell phone and fax number for this network. Additional - Additional free text information about this network. After all the required information has been entered click the Save button to store your changes, or the Cancel button to return to the previous page without making any changes.
Displaying network details

To view the details of a network, click the network's name in any list view, or in the search bar. Network Monitor displays the Network information view for that network.
43
The Network information view
The network information view
The Network information view is divided into two sections. In the upper section, Network Monitor displays generic information about the network such as its name, description and status. The bottom section displays all objects that are currently in the network, their individual status and other information.
Commands
In the upper part of the Network information view, a number of commands are displayed. The commands affect the currently viewed network only. The commands displayed to the operator are dependant on the current operator's access rights. To execute a command, click it. Activate/Deactivate - The command activates or deactivates the current network. If the network is currently active, the deactivate command is displayed and vice versa. Delete - Deletes the current network. The operator must confirm the delete operation. Properties - Opens the Properties page for the current network. View report - Opens the View report page for the current network.
Managing logon accounts

This section describes how to manage logon accounts in Network Monitor. Logon accounts are used by some monitors and actions to authenticate against remote hosts. A logon account is always tied to an operator group. A logon account is only accessible to members of the logon account's specified operator group. Each object and each monitor can have a maximum of one logon account assigned to it.
Note: Logon accounts should not be confused with the logons created for operators who administer Network Monitor.
Adding a logon account

To add a new logon account, click the New command from the logon account list (page 45) view. The Account properties page displays. For information about the Account properties page and details about editing logon accounts, see the Editing a logon account (page 44) topic. After all required information has been entered, click the Save button and the new logon account is created.
Editing a logon account

To edit the properties of a logon account, click the list view. The Account properties page displays. 44 properties icon from the Logon accounts (page 45)
The Account properties page
Account properties
Username - This is the username of the logon account. Password - To set the password for a logon account, enter the password twice: once in the Password box and then enter the same password in the Verify password box. Description - This is a generic description to help you identify the logon account. Operator group - A logon account is always tied to an operator group. A logon account is only accessible to members of the logon account's specified operator group.
Listing and searching logon accounts

To list all the currently defined logon accounts, open the logon Account list view.
The Account list view

To open the logon Accounts list view, expand the Settings menu and choose Logon accounts.
Opening the logon account list
The Account list view displays.
The Account list
Commands
In the upper section of the Account list view, a number of commands are listed. New - Creates a new logon account. Delete - Deletes the selected logon accounts. The operator must confirm the delete operation.
45
Searching for logon accounts

You can use the search bar located in the main menu to globally search for items in the Network Monitor configuration. To find a specific logon account, you can enter either its username or its description in the search bar. The search result displays immediately. The benefit of using the search bar in the menu is that you can find a logon account from any page, instead of having to open the Account list view.
Searching for a logon account
Displaying logon account details

To view the details of a logon account, click the logon account name in the list view, or in the search bar. Network Monitor displays the account information view for that logon.
The account information view
The account information view
The Account information view is divided into three sections. In the upper part, Network Monitor displays the username and description of the logon account. The next section displays all objects that are currently using the logon account. This makes is easy to quickly change the logon account for a number of objects at once, select the objects from the list and click the Edit command. You can then use the multi edit feature (page 23) to edit the objects and change their logon account. Similarly, in the bottom section all monitors that are using the logon account are listed. It is possible to use the multi edit feature to change the logon account for selected monitors as well, as long as the selected monitors are of the same type.
Logon accounts and Windows authentication

If the service logon account (page 8) assigned to the Network Monitor service is a local user account, all monitors and actions require an account to perform Windows authentication. When creating an account that is to be used for Windows monitors, it's important to have an understanding of how Windows authentication works. To help Network Monitor select the correct Windows account when authenticating you need to specify where the account is stored. This is done by adding the machine name or domain name before the username, separated with a backslash.
Example 1
Username: Robert Password: Robert
Example 2
Username: mydomain\Robert Password: Robert In example 1, Network Monitor would look for the account on the local machine and then in the 46
The management interface domain (if there is a domain in the network). Example 2 tells Network Monitor to look for the account information in the domain only. The pitfall in example 1 is that there might be a local user name Robert that has different privileges then the domain user called Robert, leading to access denied errors and other problems while testing.
Accounts and UNIX objects

All UNIX specific monitorssuch as Memory utilization, CPU utilization etcrequire an assigned logon account. Most of the time, all monitors of a single object use the same credential, so it's usually sufficient to assign a logon account to the object only. (It is possible to assign a logon account to a specific monitor.)
Other usages of logon accounts

Some actions also require a logon account. For example, the Windows service control action requires a logon account to obtain the correct credentials.
Schedules and events

This section describes management of scheduled events, maintenance and operator schedules.
Scheduled events
With the scheduled events feature it is possible to run specific events at a given time. Events can be configured to run once or repeatedly with various configurations.
Listing scheduled events

To list all scheduled events, select the Scheduled events menu item from the Schedules menu. The Event schedule list view displays.
Opening the scheduled event list
The event schedule list
All scheduled events are listed with the date and time to execute the event, as well as a description and the time the event was last executed.
Commands
In the upper section of the Event schedule list view, a number of commands are listed. These commands affect events that are selected in the list only. Delete - Deletes the selected events. The operator must confirm the delete operation. New - Creates a new scheduled event.
Selecting scheduled events

To select scheduled events from the list, place a check mark in the selection column to the left. It's also possible to select a range of events by first clicking the start position in the list, then hold the shift key and click the end position. All the scheduled events in between the selected positions are selected. 47
Adding a scheduled event

To add a new scheduled event, click the New command from the Events schedule list view. The Add scheduled event page displays.
Creating a new scheduled event
Select the desired event by clicking it. The scheduled event properties page displays. For information about the scheduled event properties page and details about editing scheduled events, see the Editing a scheduled event (page 48) topic. A reference to all scheduled events can be found in the Scheduled event reference (page 49) section. After all required information has been entered, click the Save button and the new event will be created.
Editing a scheduled event

To edit the properties of a scheduled event, click the The Edit scheduled event page displays. properties icon in the Event schedule list view.
The Edit scheduled event page

In the first section of the Edit schedule event page, the event specific properties are listed. Depending on the type of scheduled event being edited, this section is different. For a reference on all scheduled events and their settings, see the Scheduled event reference (page 49) topic.
Run-once scheduled events

Scheduled events can be either run-once or repeating events. To configure a run-once event, it's necessary to specify this in the run-once section.
Run-once event - To specify a run-once event, select the radio button and fill in the date and time fields. Date - Specifies the date to execute the scheduled event. Specify the date using a YYYY-MM-DD format. Time - Specify the time of the day to execute the scheduled event. Specify the time in a HH:MM format. Expires - If selected, the scheduled event are automatically deleted once it has been executed. 48
Repeated events
To configure a repeating event, it's necessary to specify this in the repeating event section.
Repeating event - To specify a repeating event, select the radio button and fill in the required options below. Active between - Specifies a date range in which the event is active. Specify the range using a YYYY-MM-DD format. If these fields are left empty, the scheduled event is always active. Day of week - By checking a day, the event is active on the selected days of the week only. Hours in day - Specify one or more times during the day when the event is executed. Specify the time in HH:MM format, and separate multiple time entries with a comma. Last in month - To have the event execute the last day in every month, check this option. Days in month - To execute the event on specific days in the month, specify the days separated with a comma. After all the required information has been entered, click the Save button to store your changes, or the Cancel button to return to the previous page without making any changes.
Searching for scheduled events

Search for a single day's events by entering a specific date in YYYY-MM-DD format in the Network Monitor search bar. A maximum of 5 events displays.
Searching for a scheduled event
To edit the scheduled event, click it from the search result window.
Scheduled event reference

This section contains a reference for all available scheduled events and their respective settings.
Clear Windows event log

This event can be used to clear the event log on a remote Windows host.
Clear event log event settings
Event settings
Log name - Specify the name of the event log to clear.
49
The management interface Hostname - The hostname of the remote host. This can be either a DNS name or an IP address. Logon account - The logon account to use for authentication with the remote host.
Execute command via SSH2

This event can connect to a remote server using SSH2 or telnet and execute a command.
Execute command via SSH event settings
Event settings
Command - Specify the command to be executed on the remote host. Port - Specify the port number where to connect. For SSH2 the default port is 22 and for telnet the default port is 23. Use telnet - If checked, Network Monitor connects to the remote host using the Telnet protocol. Checking this option automatically modifies the port to 23. Hostname - The hostname of the remote host. This can be either a DNS name or an IP address. Logon account - The logon account to use for authentication with the remote host.
Execute Lua script

The Execute Lua script event is capable of executing a Lua script. Lua is the scripting language natively supported by Network Monitor. Many useful scripts can be found on the customer portal http://www.kaseya.com/support/Downloads.aspx (http://www.kaseya.com/support/downloads.aspx)). See Lua (page 156) for more information.
Execute LUA script event settings
Event settings
Script - Select the script to be executed. Lua scripts used with Network Monitor should be placed in the KNM\scripts folder of the KNM host machine. Once a script has been selected, individual fields for the script parameters display. No account logon - If this option is selected, Network Monitor does not perform Windows authentication before executing the script. Instead, the specified logon account information is passed to the script as a parameter. This is useful for scripts that want to perform custom logons, for example, with SSH2. See Logon account below. Hostname - The hostname of the remote SNMP agent. This can be either a DNS name or an IP address. Logon account - If a logon account is specified, Network Monitor performs Windows authentication with the specified host before executing the script. This is useful for scripts that require authentication before executing.
Export statistics data

The export statistics data event is capable of exporting collected statistical data for a given period. The data can be exported to CSV files (comma separated text files) for import into spreadsheet applications, or directly to another database via ODBC.
50
Event settings
The settings for this event are divided into two sections. In the first section the type and source of the exported data is defined.
Export statistics settings
Data type - Select the specific type of data to be exported. The data types are organized into categories. To add a data type to the export list, select it and click the Select button. Selected data types are added to the selected list. To remove a data type, select it and click the Remove button. Period - Specify the period to export the data. Object - To select objects for data export, first select the relevant network where the object is located, then select one or more objects from the list and click the Select button. Selected objects are added to the selected objects list. To remove an object from the data export, select it and click the Remove button.
Export options
In this section the details for the CSV file or database export is defined.
Export options settings
Export to file - Select this option to export statistics data to a CSV file. Filename - This is the filename of the exported data file. Optionally include the following formatting variables when specifying the filename. %date - the current date %time - the current time Export to database - Select this option to export statistics data to a database via ODBC. Datasource name - The name of a previously defined ODBC datasource. Database name - The name of the database to store the statistics into. Username - If necessary, specify the username to connect to the database with. Password -The password for connecting to the database.
Exporting statistics to a CSV file

When exporting statistics data to a file, Network Monitor produces two files every time the event is executed. The files are placed in the KNM\reports\export folder of the KNM host machine. One file has the name specified in the Filename box in the event properties. This file contains the raw
51
The management interface exported data. The second file has the same name, but has info_ prefixed to the name. This file contains a description of the kind of data that was exported. The structure of the info file looks like this: Network name;object name;monitor name;monitor-id;monitor-subid;datatype-id;unit;datatype description
Example
Default network;Backup;Disk utilization (C:);84;0;3;%;Disk utilization The structure of the data file looks like this: monitor-id;datatype-id;monitor-subid;timestamp;raw data;comment
Example
84;3;0;2009/08/05 09:42:57;13.669434; If the record is considered invalid by Network Monitor, a fixed value of -10000.0 is exported.
Exporting to a database
When exporting statistics data to a database, Network Monitor creates two tables in the database. The first table is called inmDataExportInformation. It has the following structure: CREATE TABLE inmDataExportInformation (networkName char(128), objectName char(128),monitorName char(128), monitorID integer, atomID integer, dataType integer, unitNamechar(32), exportedDataType char(128)); This table contains information about the data that was exported, similar to to exporting data to a file. The second table is called inmDataExport. It has the following structure: CREATE TABLE inmDataExport (monitorID integer, atomID integer, dataType integer, dataTime DATETIME, dataRaw float); This table contains all of the exported statistics data.
Warning: Network Monitor begins the export of data by dropping tables with these two names. The database user configured for Network Monitor will require appropriate access to DROP, CREATE and INSERT operations on the database in question. Refer to your database manual for information about how to configure a database user.
Execute Windows command

The Execute Windows command event is capable of executing a specified command on the Network Monitor host machine. This can be used to trigger scripts or batch files located on the Network Monitor host.
Event settings
Execute Windows command event settings
Command - Enter the command to be executed. Parameters - Add parameters to be sent with the command. Use citation characters to specify a parameter containing spaces as one parameter. Logon account - The account used while authenticating.
Generate a report
The event is used to schedule the generation of a report and send or publish the report to specific
52
The management interface recipients.
Event settings
The settings for this event are divided into two sections. The first section contains general settings such as which report to generate. With this event you can either schedule the generation of a report template or a customized report, not both.
Generate report event settings
Report template - Select a report template to schedule. See the section below on selecting objects for a report template. Period - Select the report period for the report template. Separate reports - Select this option to send separate reports for each object. Customized report - Select a customized report to schedule.
Selecting objects for a report template

After selecting a report template, specify what objects to include in the report. When a report template has been selected the following section displays.
Selecting objects and monitors for a report template
To select objects to include in the report, first select the relevant network where the object is located, then select one or more objects from the list and click the Select button. The selected objects are added to the selected objects list. To remove an object from the report, select it and click the Remove button. In a similar way, individual monitors can be included in the report. To include a monitor, first select the relevant object from the list and then the monitor. Proceed the same as you would including objects in the report.
53
Report recipients
In this section you configure the operators that receive the generated report, as well as other report publishing options.
Report recipient configuration
Operator group - To send the generated report by email to all members of an operator group, select the group from the list and click the Select button. You can include more than one group. The selected operator group are added to the selected group list. To remove an operator group, select it and click the Remove button. Operator - To send the generated report by email to a specific operator, select the operator from the list and click the Select button. You can include more than one operator as recipient. The selected operator will be added to the selected operator list. To remove an operator, select it and click the Remove button. Email - Specify individual email addresses as recipients. Separate multiple entries with a comma. Subject - Specify a subject line for the emailed report. If left blank the default subject line for emailed reports is used. See the Miscellaneous settings (page 103) section for information about this setting. Directory - The generated report can be published on a network folder as an HTML document. Specify the path to this folder. Optionally include the following formatting variables when specifying a path. %date - current full date %date_year - current year %date_month - current month %date_dayofmonth - current day in the month %time - current full time %time_hour - current hour %time_minute - current minute %time_second - current second FTP host and port - The generated report can be published on a FTP server as a HTML document. Specify the host name and port number. Defaults to 21. FTP user - Select the logon account to be used for authenticating against the FTP server.
54
HTTP GET/POST request

This event can perform a HTTP request to a remote host. Both GET and POST request methods are supported.
The HTTP GET/POST event
Event settings
URL - Specify the target URL of the request. Port - Specify the port number to use. The default port for HTTP is 80. Parameters - Specify the parameters to be sent along with POST requests. Enter the name of the parameter, followed by an = sign, and then the value. Enter one parameter per row. Username - Enter a username if the remote service requires HTTP authentication. Password - Enter a password if the remote service requires HTTP authentication. Proxy server - Proxy server address to be used. This can be either a DNS name or an IP address. Proxy port - The port number used by the proxy address. Method - Select the request method to use. SSL - If the request should use SSL (Secure Socket Layer) check this option. Notice that checking this option automatically updates the port number.
Net send
With the Net send event it is possible to send so called net messages on a Windows network. Net messages are displayed on a computer where the recipient user is logged on to, or sent to a specific computer on the network.
Note: This event is not available for Windows Vista operating systems or later.
Net send event settings
Event settings
Username - Specify the username to send the message to. Message - Specify the content of the message to be delivered. Hostname - Specify the hostname of the specific computer to send the message to. This can be either a DNS name or an IP address.
Paging with PageGate

The purpose of the Paging with PageGate event is to send a paging message through a PageGate paging 55
The management interface server to one or more operators or operator groups. For information on how to configure PageGate, see the Miscellaneous settings (page 103) section.
Paging via PageGate event settings
Event settings
Operator group - Select an operator group to be the recipient of the message. Operator - Add specific operators as recipients to the message by selecting them from the list and click the Select button. Selected operators - Lists operators currently selected as recipients. To remove an operator, select it from the list and click the Remove button. Specific recipient - Enter specific PageGate users. Separate multiple entries with a comma. Subject - Specify the subject line of the message. Message - Specify the message body text.
Send email
The purpose of the Send email event is to send an email with specified content to one or more operators or operator groups. For information on how to configure email settings, see the Email and SMS settings (page 98) topic.
Send Email event settings
Event settings
Operator group - Select an operator group to be the recipient of the email message. Operator - Add specific operators as recipients to the message by selecting them from the list and click the Select button. Selected operators - Lists operators currently selected as recipients. To remove an operator, select it from the list and click the Remove button. Specific recipient - Enter specific email addresses. Separate multiple entries with a comma. Subject - Specify the subject line of the email message. Message - Specify the message body text. 56
Send SMS
The purpose of the Send SMS event is to send a SMS message specified content to one or more operators or operator groups. For information on how to configure an SMS capable device, see the Email and SMS settings (page 98) topic.
Send SMS event settings
Event settings
Operator group - Select an operator group to be the recipient of the SMS message. Operator - Add specific operators as recipients to the message by selecting them from the list and click the Select button. Selected operators - Lists operators currently selected as recipients. To remove an operator, select it from the list and click the Remove button. Specific recipient - Enter specific phone numbers. Separate multiple entries with a comma. Message - Specify the message body text.
Send Wake-On-LAN
The Send Wake-On-LAN event can power up a remote host by using the Wake-On-LAN protocol. To be able to use this event, the remote host must support the Wake-On-LAN feature.
Wake-On-LAN event settings
Event settings
Mac address - Specify the Mac address of the network card on the remote host that should receive the Wake-On-LAN request. Interval - The interval between each sent request. Packet count - How many requests that should be sent.
SNMP Set
The purpose of the SNMP Set event is to send a SNMP set request to a remote SNMP agent.
57

SNMP Set event settings
Event settings
Community - Specify the write community name to use. OID - Enter the relevant OID. You can specify either a named OID or a OID in number format. If you specify a named OID, Network Monitor tries to resolve it to its number format automatically when the field loses focus. Network Monitor uses the currently compiled MIBs to attempt to find the number format of the OID. Value - Specify the value to set. Syntax - Specify the syntax of the OID. This is the type of value you want to set. Hostname - The hostname of the remote SNMP agent. This can be either a DNS name or an IP address.
Send status report

This event sends a status report about the Network Monitor host, including uptime, monitors currently in the alarm state and recent log entries. Notice that this information is normally restricted to system administrators.
The status report event settings
Event settings
Operator group - To send the status report by email to all members of an operator group, select the group from the list and click the Select button. You can include more than one group. The selected operator group is added to the selected group list. To remove an operator group, select it and click the Remove button. Operator - To send the status report report by email to a specific operator, select the operator from the list and click the Select button. You can include more than one operator as recipient. The selected operator is added to the selected operator list. To remove an operator, select it and click the Remove button.
Trigger monitor test

The trigger monitor event can be used to execute a monitor test at a given time. This can be useful for monitors that should only be tested on a very specific time during a period, for example. Once a monitor is scheduled for a test, it is no longer tested periodically as normal.
Trigger monitor test event settings
Event settings
Monitor - Select the monitor to be triggered. First select the relevant object and then the specific monitor.
58
Windows service control

The Windows service control event can modify the status of a Windows service on a remote host.
Windows service control event settings
Event settings
Service name - Specify the name of the service. This should be the service name and not the display name. Type - Select the operation to perform on the service. Hostname - The hostname of the remote host. This can be either a DNS name or an IP address. Logon account - The logon account to use for authentication with the remote host.
See Also
Windows service control (page 216) (action) Windows service list (page 118) (direct control) Windows service status (page 204) (monitor)
Maintenance schedules
Maintenance schedules can be used to specify planned or periodic maintenance of an object or a monitor. During the maintenance period no monitors are tested. Maintenance schedules can be either a single maintenance period or a repeating period with many flexible scheduling options.
Listing maintenance schedules

To list all maintenance schedules, select the Maintenance schedules menu item from the Schedules menu. The Maintenance schedules list view displays.
Opening the maintenance schedules list
The maintenance schedules list
All maintenance schedules are listed with the date, time and length of the maintenance period, as well as the relevant objects for the schedule.
Commands
In the upper section of the Maintenance list view, a number of commands are listed. These commands affect maintenance schedules that are selected in the list only. Delete - Deletes the selected maintenance schedules. The operator must confirm the delete operation. New - Creates a new maintenance schedule.
Selecting maintenance schedules

To select maintenance schedules from the list place a check mark in the selection column to the left. 59
The management interface It's also possible to select a range of schedules by first clicking the start position in the list, then hold the shift key and click the end position. All the maintenance schedules in between the selected positions are selected.
Adding a maintenance schedule

To add a new maintenance schedule, click the New command from the Maintenance schedules (page 59) list view. The maintenance properties page displays. For information about the maintenance properties page and details about editing maintenance schedules, see the Editing a maintenance schedule (page 60) topic. After all required information has been entered, click the Save button and the new maintenance schedule will be created
Editing a maintenance schedule

To edit the properties of a maintenance schedule, click the properties icon from the Maintenance schedules (page 59) list view. The Maintenance settings page displays.
Maintenance settings
In this section the settings for the maintenance period, as well as which objects to place in maintenance, are defined.
Maintenance settings
Select objects - To select objects to include in the maintenance schedule, first select the relevant network where the object is located, then select one or more objects from the list and click the Select button. The objects are added to the selected objects list. To remove an object from the maintenance schedule, select it and click the Remove button. Select monitor - To select specific monitors to be included in the maintenance schedule, first select the relevant object where the monitor is located, then select one or more monitors from the list and click the Select button. The monitors will be added to the selected monitors list. To remove a monitor from the maintenance schedule, select it and click the Remove button. Time - Specify the time of the day when to start the maintenance period. Downtime - Specify the length of the maintenance period in hours and minutes. Expires - If selected, the maintenance schedule are automatically deleted once the maintenance period is over.
Single maintenance schedules

A maintenance schedule can be either a single run-once or a repeated schedule. To configure a single maintenance schedule, it's necessary to specify this in the Single maintenance section.
60
The management interface Single maintenance - To specify a single maintenance schedule, select the radio button and fill in the date field. Date - Specifies the date to activate the maintenance schedule. Specify the date using a YYYY-MM-DD format.
Repeating maintenance schedules

To configure a repeating maintenance schedule, it's necessary to specify this in the Repeated maintenance section.
Repeated maintenance - To specify a repeating maintenance schedule, select the radio button and fill in the required options below. Active between - Specifies a date range in which the maintenance schedule are active. Specify the range using a YYYY-MM-DD format. If these fields are left empty the maintenance schedule are always active. Day of week - By checking a day, the maintenance schedule are active on the selected days of the week only. Every N:th day - If specified, the maintenance schedule are active on every Nth day from the specified start date. This option requires that the maintenance schedule has an active date range specified. Last in month - To have the maintenance schedule active the last day of every month, check this option. Days in month - To have the maintenance schedule active on specific days of the month, specify days separated with a comma. After all the required information has been entered click the Save button to store your changes, or the Cancel button to return to the previous page without making any changes.
Searching for maintenance schedules

Search for single maintenance schedules by entering a specific date using a YYYY-MM-DD format in the Network Monitor search bar. A maximum of 5 maintenance schedules displays.
Searching for a maintenance schedule
To edit the maintenance schedule, click it from the search results window.
Operator schedules
Defining operator schedules prevents operators from receiving notifications unnecessarily during off hours. The work hours of an operator schedule are defined using a rolling-schedule.
61
Listing operator schedules

To list all operator schedules, select the Operator schedules menu item from the Schedules menu. The Operator schedules list view displays.
Opening the operator schedules list
The operator schedules list
All operator schedules are listed with the name, description and the active period of the schedule.
Commands
In the upper section of the Operator schedules list view, a number of commands are listed. These commands affect operator schedules that are selected in the list only. Delete - Deletes the selected operator schedules. The operator must confirm the delete operation. New - Creates a new operator schedule.
Selecting operator schedules

To select operator schedules from the list place a check mark in the selection column to the left. It's also possible to select a range of schedules by first clicking the start position in the list, then hold the shift key and click the end position. All the operator schedules in between the selected positions are selected.
Adding an operator schedule

To add a new operator schedule, click the New command from the Operator schedules list view. The operator schedule properties page displays. For details about editing operator schedules, see the Editing an operator schedule (page 62) topic. After all required information has been entered, click the Save button and the new operator schedule will be created.
Editing an operator schedule

To edit the properties of an operator schedule event, click the properties icon in the operator schedule list view. The Edit operator work schedule page displays.
The Edit operator work schedule page
Operator schedule properties
Name - This is a descriptive name of the schedule and is used to identify the schedule in lists. Description - A longer description of the schedule and its usage.
62
The management interface Active - Specify the range of dates the operator schedule is active. A start date is required. The details of the operator schedule are defined in relation to the schedule's start date. Expires - Select this option to automatically delete the operator schedule once it becomes inactive. After all required information has been entered click the Save button to store your changes, or the Cancel button to return to the previous page without making any changes.
Dividing the schedule into periods

Once the operator schedule has been created, the schedule is divided into blocks. A block represents a shorter period of time within the schedule. Inside each block, operator work hours are defined. The blocks are repeated relative to the start date of the operator schedule, which makes it possible to define rolling schedules.
Adding a block to the schedule

To define blocks inside an operator schedule, first click the specific schedule from the Operator schedules list view. The Edit operator schedule page displays.
The Edit operator schedule page
To add a block to the schedule, select the Add block command from the Schedule blocks section. The block properties page displays.
The block properties page
Length - Enter the length of the block in days. For example, specifying 7 creates a block 7 days in length. Enter the desired length of the block and click the Save button. The block is created and added to the operator schedule.
A block has been added to the operator schedule
Continue adding blocks until the desired structure of the schedule is defined. The blocks are continuously repeated in relation from the start of the operator schedule until the schedule is no longer active.
Specifying working hours

Operator working hours are defined for each block of the operator schedule. To specify working hours in a block, click Add rule command in the specific block from the Edit operator schedule page. The Rule properties page displays.
Defined blocks inside an operator schedule
63
The block rule properties page

In this page we define the working hours for specific operators in a block of time.
Operator schedule block rule properties
Day of week - Select which days during the week the rule will be in effect. Active between - Specify a time period during the day the operators will be available. Optionally specify an overnight time period here. For example, 17:00 to 08:00. Available operators - Select operators to be added to the rule from the list and click the Select button. The operators are added to the selected list. To remove an operator from this rule, select the operator from the selected list and click the Remove button. When the block rule is in effect, the selected operators are considered to be working and available for notifications by Network Monitor. It is possible to specify multiple rules inside a block.
Reports
This section discusses the reporting features built into Network Monitor.
Introduction
Network Monitor is capable of generating statistical reports from recorded monitor data. A report can contain several different components, such as charts, toplists, downtime information, data tables, comments and images. The overall style and color settings of the reports are controlled by style templates (page 74), which makes it easy to add your company color-scheme or logotype to the finished reports.
Customized reports vs. Report templates

Network Monitor has two different types of reports: Customized reports and Report templates. In a Customized report you pre-define what objects and monitors to include in the report. In a Report template you only specify the type of report items to include. A Report template requires the operator viewing the template to specify what objects and monitors to include when generating the report, while the Customized report already has this information and thus can be generated without asking the user for any input. This makes Customized reports a good choice when you want to create a report that is used frequently for a specific purpose and contains data from objects or monitors that do not change. A Report template, as the name implies, has the flexibility of being used with any object and monitor. As such, a Report template can only be viewed/emailed or scheduled if a set of objects or monitors is also defined. 64
The management interface This extra requirement makes Report templates much more powerful. For example, if your Report template contains a CPU chart, the actual contents of the chart depends on the networks or objects you selected when you viewed the Report template. Other report items work in a similar way when generating reports with Report templates. Network Monitor comes pre-configured with a set of useful Report templates. You can of course customize those Report templates and create your own if you wish to do so.
Report items
This section describes the different types of report items available for reports and their settings.
Graphs
Report graphs display a chart of recorded monitor data over a specific period. Each graph can contain data from up to 8 individual monitors. Every monitor is coded with a specific color. The color is specified in the relevant Style template (page 75).
Report chart properties
Basic properties
Period - This setting is only available when editing graphs in a Customized report. Select the period to report the data. Data type - Select the type of data to include in the report, as well as the desired unit. Header - Specify header text for the graph. Optionally include the following parameter in the header. %graph_type - the type of data in the graph. Footer - Specify footer text for the graph.
Advanced properties
Data option -This setting defines how Network Monitor should present the data when there are more recorded samples for a given position in time. Defaults graphing an average of those values. This setting affects visual presentation only. Fill - If the graph should be filled, select this option. If more than one monitor is graphed in the same chart, Network Monitor ignores this setting. Legend - Include a legend after the graph. This contains a reference to all monitors included in the graph, as well as their extreme values over the period. Data filter - Optionally specify a min and max range for visible data. Data outside of the given range is ignored. Custom scale - Optionally limit the graph to a certain range in the Y-axis. Normally, this is controlled automatically by the type of the data. Graph dimension - Specify the dimension of the graph image. The default value is 1000 x 152 pixels. 65
Graphs in customized reports

For graphs added to a customized report it is necessary to specify what monitors should be graphed in the graph. This is done from the Graph information page. To open this page click the graph report item. The Graph information screen displays.
Clicking the graph report item displays the graph information screen
The graph information page

This page consists of two sections. In the upper section, generic information about the graph is displayed such as its data type, period and the relevant report. In the bottom section, all monitors that are currently included into the graph are listed.
The graph information screen
Each monitor is listed together with its object, as well as the color associated with the monitor, depending on the relevant report style.
Adding and removing monitors to the graph

To add a monitor to the graph, click the Add monitor command in the monitor list section. This displays a dialog for adding monitors to the graph.
Adding individual monitors to a graph in a customized report
To add a monitor to the graph, select the relevant object from the list box, then the monitor. Notice that you are only able to select monitors relevant to the current graph. In other words, monitors not storing data of the type specified in the graph are be visible. To remove a monitor from the graph, select it from the selected monitors list and click the Remove button.
Moving a monitors position in the graph

The order of each individual monitor in the graph is important, and corresponds to a specific color from the relevant report style to help identify the monitor. To move a report item up or down, click the up and down arrow icons to move the monitor up and down respectively.
Deleting a monitor from the graph

To delete a monitor from the graph, click the 66 trashcan to the far right of each monitor.
Data tables
The data table report item can display tabular data in both horizontal and vertical tables. This makes it possible to display readings in a textual format. The number of rows or columns, depending on the layout, is dependent on the report time period. You can choose to report snapshots or period averages in the data table. Snapshots - A snapshot is the closest data sample to the cell. For example, if you have a Daily report and there are two samples at 14:59 and 15:02, the data shown for the cell at 15:00 is the sample at 14:59. Period Average - The period average option averages of all samples within each period and uses that value for the respective cell. These two powerful options provide you with good control of how to present different types of data. Snapshots are more interesting for some types of data and period averages are more interesting for others.
Object and monitor configuration

This entire section is available for Customized reports only. The first section specifies what objects and monitors to include in the data table.
Object and monitor configuration
Select object - Select objects to be included in the data table from the list and click the Select button. The object is added to the data table and listed in the selected objects list. To remove an object from the data table, select it and click the Remove button. Select monitor - In a similar way, individual monitors can be included in the data table. Select the relevant object from the list and then the monitor. Click the Select button to add the monitor to the data table. To remove a monitor from the data table, select it and click the Remove button.
Data table configurations

In this section individual data table configurations are defined.
67
The management interface Period - This setting is only available when editing data tables in a Customized report. Select the period to report the data. Layout - Select between a horizontal layout, where the time is presented as going from left to right, or a vertical layout where time is listed as going from up to down. Data type - Select the type of data to be put into the configuration, as well as the presentation unit desired. Click the Add button to add the configuration to the data table. To remove a configuration, select it from the list and click the Remove button. Data table mode - Select Snapshot or Interval average for the configuration. Notice that this setting is per configuration, so it is possible to display each data table using a different data type and data table mode.
Downtime
A downtime report can show the downtime of one or more selected networks or objects. What contributes to your downtime can be displayed down to the individual monitor level if required. The downtime report item can report three different values, namely downtime, uptime and unknown. Downtime is defined as the total time the monitor was in the alarm state. Uptime is defined as the time the monitor was in a normal state. Unknown is the time Network Monitor did not know the status of the monitor, for example if the Network Monitor service was stopped for a couple of hours. All values are reported as percentages of the report period. It is also possible to limit the downtime calculations for a period during the day. This is useful if you need to know your uptime only during a certain time. Another advanced option is to limit the downtime calculation to only a limited set of monitors. For example, you could choose to only calculate downtime on your networks and objects by using Ping monitors only.
Downtime report properties
Downtime report basic settings
Network - This setting is only available when editing downtime items in a Customized report. Select networks to be included in the downtime report from the list and click the Select button. The network is added to the downtime report and listed in the selected networks list. To remove a network from the downtime report, select it and click the Remove button. Period - This setting is only available when editing downtime items in a Customized report. Select the period to report downtime. Downtime reporting - Select the level of detail of the report downtime. If Report downtime for objects is selected, Network Monitor displays individual objects, per network, and their contribution to downtime. If Report downtime for objects, then monitors is selected, Network Monitor breaks down the report further, showing each individual monitor in each objects and it's contribution to the downtime. Report options - Select what downtime components display in the report. See the discussion above on details on downtime, uptime and unknown time. When unknown time is not reported in the downtime report, you have the option to treat the unknown time as uptime, or leave it as time unaccounted for. The last option can be used to specify whether or not to include objects without any downtime in the report.
68
Advanced properties
Downtime report advanced settings
Time limit - With the time limit option, it is possible to only consider data within a specific daily time interval as the basis for the downtime report. Monitor limit - To limit the downtime report to types of monitors, select a monitor type from the list and click the Select button. To remove a monitor type, select it and click the Remove button.
Comments
Comments can be included in your reports. They can also be used to include signature fields for occasions when a report has to be reviewed and signed by someone.
Comment properties
Comment - The comment text to be included in the report. Font options - The font size and alignment of the text of the comment. Signature field - If selected, a horizontal line is shown in the report where a signature can be written.
Images
You can also include custom images in your reports. All supported image files placed in the KNM\reports\images folder of the KNM host machine can be selected and viewed in the reports.
Image properties
Image - Select the desired image from the list. Placement - Specify the placement of the image in the report.
Toplists
This report item makes use of the Network Monitor toplist feature, making it possible to insert pre-calculated toplists in your reports. For example, including the top 3 servers with the highest CPU load in your network, or the top 5 servers with least amount of disk space left, is easy. Please refer to the Toplists (page 143) topic for more information about the possibilities with Network Monitor toplists.
69
Toplist configurations
Individual toplist configurations are defined in this section.
Toplist configurations
Period - Select the toplist to include in the report. You have the option to include data from the daily, weekly or monthly toplists. Type - Select a data type and the desired presentation unit. Sorting mode - Specify it if you want to show data starting with the lowest entries going upward, or starting with the highest entries going downward. For example, if you want to display the top N highest of something in your report, you would select the highest entries first. Entries - Select how many entries you want to include. For example, if you want to display the top 5 of something, enter 5. Data - Select whether to base the toplist report on the recorded extreme values, or the period average. For example: if you want to display the top N average of something, you would select Period average here. Another example would be to display the top N high spikes of something, in this case you would select Sampled max value here. Entries - To add a toplist configuration, click the Add button. The selected configuration is added to the list. To remove a configuration, select it and click the Remove button. Notice that it is possible to include more than one configuration, with completely different settings, in the toplist report.
Content filtering
It is possible to filter data from the toplist reports, to only include specific networks and/or objects. Normally, data from all networks and objects are included. For Customized reports, the following settings are available.
Toplist content filtering for customized reports
Select networks - Select networks to include in the toplist report. Select a network from the list and click the Select button. To remove a network from the toplist report, select it and click the Remove button. Select objects - Select objects to include in the toplist report. Select an object from the list and click the Select button. To remove an object from the toplist report, select it and click the Remove button.
70
The management interface For Report templates, the following settings are available.
Toplist content filtering for report templates
Filter by selection - Select this option to only include networks and/or objects selected when viewing the Report template in the report. This option is selected by default.
Toplist configuration examples

This topic contains two toplist report examples.
Top 5 objects with highest average CPU utilization

This example uses the period average option for the data setting, since we are interested in the average utilization in the period, and not CPU spikes.
Toplist configuration example
Top 5 objects with least amount of free disk space

This example uses the sampled min value option for the data setting, since we are interested in the lowest reported disk space in the period and not the average amount of free disk space.
Toplist configuration example
Customized reports
Customized reports are good for defining reports whose content does not change. A Customized report is also the only way to create a report that contains data for different time periods in the same report.
Listing and searching customized reports

All Customized reports currently configured in Network Monitor are listed on the Customized reports list view. To open the Customized reports list view, expand the Reports menu and choose Customized reports. The Customized reports list view displays.
71
The Customized reports list view
Opening the customized report list
The customized reports list
All Customized reports are listed with their name and description. In addition, it's possible to immediately view a Customized report by clicking the icon, or to email the report by clicking the icon.
Commands
In the upper section of the Customized reports list view, a number of commands are listed. These commands affect reports that are selected in the list only. Delete - Deletes the selected reports. The operator must confirm the delete operation. New customized - Creates a new customized report. report
Selecting reports
To select reports from the list place a check mark in the selection column to the left. It's also possible to select a range of reports by first clicking the start position in the list, then hold the shift key and click the end position. All the reports in between the selected positions are selected.
Searching for a customized report

You can use the search bar located in the main menu to globally search for items in the Network Monitor configuration. To find a specific Customized report, you can enter the name of the report in the search bar. The search results displays immediately.
Searching for customized reports with the search bar
Adding a customized report

To add a new Customized report, click the New customized report command from the Customized reports list view. The Edit report page displays. For information about editing Customized reports, see the Editing a customized report (page 72) topic. After all required information has been entered, click the Save button and the new report is created.
Editing a customized report

To edit the properties of a Customized report, click the (page 71) list view. The Edit report page displays. properties icon from the Customized reports
72
The Customized report properties page
Customized report properties
Name - This is the name of the report. This should be a descriptive name as it is used to identify the report in lists. Description - A longer description of the report and its function. Style - Select the report style to be used for this report. Favourite - To flag this report as a favourite for the current operator, check this option. After all the required information has been entered click the Save button to store your changes, or the Cancel button to return to the previous page without making any changes.
Report templates
Unlike a Customized report, the actual content of a Report templatein terms of networks, objects or monitors is never specified. Report templates can be thought of being applied to a specific selection of networks, objects or monitors.
Listing and searching report templates

All Report templates currently configured in Network Monitor are listed on the Report templates list view. To open the Report templates list view, expand the Reports menu and choose Report templates. The Report templates list view displays.
The Report template list view
Opening the report templates list
The report template list view
All Report templates are listed with their name and description. In addition, it's possible to immediately view a Report template by clicking the icon, or to email the report by clicking the icon.
Commands
In the upper section of the Report templates list view, a number of commands are listed. These commands affect reports that are selected in the list only. Delete - Deletes the selected reports. The operator must confirm the delete operation. New report - Creates a new report template template
73
Selecting reports
To select reports from the list place a check mark in the selection column to the left. It's also possible to select a range of reports by first clicking the start position in the list, then hold the shift key and click the end position. All the reports in between the selected positions are selected.
Adding a report template

To add a new Report template, click the New report template command from the Report templates list view. The Edit report page displays. For information about editing Report templates, see the Editing a report template (page 74) section. After all required information has been entered, click the Save button and the new report is created.
Editing a report template

To edit the properties of a Report template, click the view. The Edit report page displays. properties icon from the Report templates list
The Report template properties page
Report template properties
Name - This is the name of the report. The name is used to identify the report in lists. Description - A longer description of the report and its function. Style - Select the report style to be used for this report. Favourite - To flag this report as a favourite for the current operator, check this option. After all required information has been entered click the Save button to store your changes, or the Cancel button to return to the previous page without making any changes.
Adding content to reports

To add report items to a Customized report or a Report template, first click the report's name from the respective list view. This opens the Report information view for the specific report.
The report information view
The report information view
The Report information view is divided into two sections. In the upper section generic information about the report, such as its name and description, is displayed. In the bottom section, all the report items added to the current report are listed.
74
Adding a new report item

To add a new report item to the current report, click the desired item in the Report items list. Details on each available report item and its settings can be found in the Report items (page 65) section.
Editing an existing report item

To edit an existing report item, click the edit icon for the item you want to edit.
Moving an existing report item

The order of each individual report item corresponds to its placement in the generated report. To move a report item up or down, click the and arrow icons to move the report item up and down respectively.
Deleting a report item

To delete a report item, click the trashcan to the far right of each report item.
Style templates
Report style templates control the overall look of the report. The style template is made up of a number of different elements that are common for all reports using the same style template. Both Report templates and Customized reports can use a style template.
Listing style templates

All Report styles configured in Network Monitor are listed on the Style templates list view. To open the Style templates list view, expand the Reports menu and choose Style templates. The Style templates list view displays.
The Style template list view
Opening the style template list
The style template list
All style templates are listed with their name and description.
Commands
In the upper section of the Style templates list view, a number of commands are listed. These commands affect the style templates that are selected in the list only. Delete - Deletes the selected reports. The operator must confirm the delete operation. New style template - Creates a new style template.
Selecting Style templates

To select style templates from the list place a check mark in the selection column to the left. It's also possible to select a range of templates by first clicking the start position in the list, then hold the shift key and click the end position. All the templates in between the selected positions are selected.
75
Adding a style template

To add a new style template, click the New style template command from the Style templates list view. The Edit style template page displays. For information about editing Style templates, see the Editing a style template (page 76) section. After all required information has been entered, click the Save button and the new style template is created.
Editing a style template

To edit the properties of a style template, click the The Edit Style template properties page displays. properties icon from the Style templates list view.
The Style template properties page
Style template properties
Basic properties
Name - This is the name of the template. The name is used to identify the template in lists. Description - A longer description of the style template. Header - The header is displayed on top of every generated report. The following parameter can be included in the header. %time - the current time Footer - The footer displayed in the bottom of every generated report. The following parameter can be included in the footer. %time - the current time Logotype - It is possible to include an image, such as a logotype, in every generated report using this template. Logotype images should be placed in the KNM\reports\images\logo folder of the KNM host machine. Logotype placement - Specify the placement of the logotype image. Default - Check this option to set this style template as the default for new reports.
Color settings
In the color settings section, a pre-defined color scheme can be selected or completely customized.
76
The management interface Color scheme - Select a pre-defined color scheme. To customize your own color scheme, select Custom. Background - Enter the color for backgrounds in graphs. Grid color - Enter the color for the grid in graphs. Text color - Enter the color for text and values in graphs. Line color - Enter the color for each specific monitor in graphs. All colors should be specified in the hexadecimal RRGGBB color format. After all the required information has been entered, click the Save button to store your changes, or the Cancel button to return to the previous page without making any changes.
Viewing reports
To view a report directly in the Network Monitor management interface, either select the View command on the Report information view, or click the icon from either report list. Viewing a report works differently for Customized reports and Report templates.
Viewing Customized reports

Since the content of a Customized report is already pre-defined, no additional settings are required to view a Customized report. When the operator views a Customized report, the report is created immediately and displayed. Depending on the operator settings (page 33), the report displays in either in the same browser window, or opens in a new window.
Viewing Report templates

When the View command is selected for a Report template, Network Monitor displays the View report page.
Viewing a report template
Period - Select the desired report period. Select networks - Select networks to be included in the report from the list and click the Select button to include the network. To remove a network from the report, select it from the list and click the Remove button. Select objects - Select objects to be included in the report from the list and click the Select button to include the object. To remove an object from the report, select it from the list and click the Remove button. To generate the report, click the View report button.
Viewing reports on selected networks

Sometimes it's convenient to view a report template when using the Network list view, or when viewing the details of a network. From the Network list view, first select the networks to be included in the report.
77

Selecting networks for reporting
Then select the View report command, Network Monitor displays the View report page.
The view report page
The selected networks display. Select the desired Report template and specify the Period. To generate the report, click the View report button. From the Network information screen, you can view a report by selecting the View report command.
Generating a report from the network information view
Viewing reports on selected objects

The procedure to view a report for selected objects is identical to viewing a report on selected networks. Select the objects to be included in the report from the object list view. It's also possible to select objects of a specific network from the Network information (page 43) page. The View report command is also available from the Object information (page 24) page.
Viewing reports on selected monitors

The procedure to view a report for selected monitors is identical to viewing a report on selected networks. Select the monitors to be included in the report from the Monitor list view. It's also possible to select monitors of a specific object from the Object information page. When viewing a report of selected monitors, the View report page also contains a section for creating Quick reports. Quick reports (page 80) enables you to quickly organize the selected monitors into different charts.
Emailing and publishing reports

It is possible to email or publish a report directly from the Network Monitor management interface. Select the Email command of the report information view, or click the icon from either report list. Emailing a report works differently for Customized reports and for Report templates.
78
Emailing and publishing Customized reports

When selecting the Email command for a Customized report, Network Monitor displays the Email and publish report page.
Emailing a customized report
Operator group - To email the report to all members of an operator group, select the operator group from the list and click the Select button. To remove an operator group as recipient for the report, select the operator group and click the Remove button. It is possible to include more than one operator group as recipient for the report. Operator - To email the report to a specific operator, select the operator from the list and click the Select button. To remove an operator as recipient for the report, select the operator and click the Remove button. It is possible to include more than one operator group as recipient for the report. Email - Specify individual email addresses as recipients. Separate multiple entries with a comma. Directory - The generated report is published on a network folder as an HTML document. Specify the path to this folder. Optionally include the following formatting variables when specifying the filename. %date - the current full date %date_year - current year %date_month - current month %date_dayofmonth - current day in the month %time - current full time %time_hour - current hour %time_minute - current minute %time_second - current second FTP host & port -The generated report can be published on a FTP server as a HTML document. Specify the host name and port number. Defaults to 21. FTP user -Select the logon account to be used for authenticating against the FTP server here.
79
Emailing and publishing report templates

When selecting the Email command for a report template, Network Monitor opens the Email and publish report page. The report recipient configuration is identical as when emailing a Customized report. The additional settings required to email a Report template are described below.
Emailing a report template
Period - Select the desired report period. Select networks - Select networks to be included in the report from the list and click the Select button to include the network. To remove a network from the report, select it from the list and click the Remove button. Select objects - Select objects to be included in the report from the list and click the Select button to include the object. To remove an object from the report, select it from the list and click the Remove button. To email or publish the report with the selected settings, click the Email report button.
Scheduling reports
Scheduling the automatic generation of reports is done with the scheduled events feature. Details on how to work with scheduled events can be found in the Scheduled events (page 47) section. Documentation for the Generate report (page 52) event specifically can be found in the Scheduled event reference section.
Quick reports
The quick report feature is available when using the View report command with selected monitors. It is a feature designed to quickly generate a report to compare data from different types of monitors at a specific time. For example, to investigate a particular alarm the operator is interested in reporting both the CPU and Disk utilization for a server around the time of the alarm. It would be possible to create a Customized report for this purpose, but using the Quick report feature is a lot faster. After selecting the relevant monitors, from either the Monitor lists (page 25) view or the Object information (page 14) view, click the View report command to display the Create quick report page. The Create quick report page is divided into two sections, one for selecting a report template, and the other section is dedicated to the quick report feature.
80
The quick report page
The Create quick report page
From the Create quick report page, you can choose to view an existing report template. Select the View predefined report option and select the desired report template, the Period and click the View report button. However, you can also make use of the Create a Quick report function from this screen. Network Monitor has automatically created a report containing graphs from the monitors you selected. If several monitors of the same type are selected they are grouped into the same graph. In some cases you can choose what type of data you want to see in each graph. For example in the case of a Ping monitor, you can choose either Round trip time or Packet loss, as well as the unit of data. Select the time period and click the Ok button to view your quick report. When the report has been generated it is also possible to save it as a Customized report. Enter a name in the text box, click the Save button and the report is stored under Customized reports.
Modifying quick reports

It is possible to separate some monitors from the others and place them in their own graph. To separate a monitor, select the monitor by checking the checkbox next to it, and then click the Split monitors command. It is also possible to group monitors of the same type together in the same graph. Select the monitors you want to group together and then click the Group monitors command. The selected monitors are grouped together. When the report has been arranged to your liking, click the View report button and the report is generated with the same layout as shown in the quick report screen.
The dashboard
This section describes the dashboard feature of Network Monitor.
81
Dashboard overview
The Network Monitor dashboard is a user configurable view, containing widgets displaying different types of real time information. A number of useful widgets are included with Network Monitor. The dashboard is the default view displayed after logon. At any time it's possible to return to the dashboard by clicking the Network Monitor logotype in the top of the screen.
Example dashboard
Dashboards and operator rights

An access right determines if an Network Monitor operator is able to create or modify dashboards. Also, access to each individual dashboard widget can be specified per operator. See the operator access rights (page 36) topic for details.
Creating dashboards
From the dashboard view, clicking New dashboard displays the dialog to create a new dashboard. Fill in the name of the new dashboard, select the desired layout and click the Save button. This creates a private dashboard for the current operator. The layout of a dashboard defines where widgets of different sizes are placed.
82
Dashboard properties
Dashboard properties
Name - This is the display name of the dashboard. It displays at the top of each dashboard. Layout - Select the desired layout for widgets in the dashboard. My default - Select this option to make this dashboard the default dashboard for the current operator. Share - Share the dashboard. See the Sharing dashboards section for details. System default - Set the dashboard as the system default. See the System default dashboard section for details. Select operators - For a shared dashboard, you can select the operators to share the current dashboard with. Select an operator from the list and click the Select button and the operator is added. To remove an operator, select the operator from the list and click the Remove button. Select groups - For a shared dashboard, you can select operator groups to share the current dashboard with. Select an operator group from the list and click the Select button and the operator group is added. To remove an operator group, select the operator group from the list and click the Remove button.
Changing dashboard settings

From the dashboard view, click Settings to display a dialog for changing the settings of the current dashboard.
Sharing dashboards
To share a dashboard with other operators, first check the Share checkbox in the dashboard properties dialog. Then select and add operators and/or operator groups that should get access to the dashboard. Notice that only other system administrators are able to modify the contents of the shared dashboard. The content visible to an operator in a shared dashboard depends on the operator's access rights to individual widgets. Only system administrators can share dashboards.
Deleting dashboards
To delete the current dashboard, click Delete from the dashboard view. It is not possible to delete shared dashboards, or the system default dashboard. 83
The system default dashboard

Network Monitor comes pre-configured with a System default shared dashboard that is displayed to any operator that does not have their own dashboards. To make a dashboard serve as the system default, check the System default checkbox in the dashboard properties. Only system administrators are able to change this setting.
Creating widgets
To add a new widget to the current dashboard, click the New widget link and select the desired widget from the popup menu. If the operator does not have access to modify the current dashboard, the New widget link does not display. The widgets available from the popup menu depends on the operator's access rights to individual widgets. See the Dashboards and operator rights (page 82) topic.
Adding a new widget
Changing widget settings

To change the configuration of a widget, click the arrow icon on the right side of the widget.
Deleting widgets
To remove a widget from the current dashboard, click the widget. close icon on the rightmost side of the
Widgets
This section describes each widget available in Network Monitor in detail.
Network status widget

The Network status widget displays status information for a number of selected networks. From the widget configuration, select and add the desired networks to be shown in the widget. This widget shows the number of objects and monitors currently in the following states: alarm, failed, ok, deactivated and disconnected (Distributed version only). The first number in each column refers to the number of objects, and the number within parenthesis refers to the number of monitors.
The network status widget
Object status widget

The widget displays status information for a number of selected objects. From the widget configuration, select and add the desired objects to be shown in the widget. This widget shows the number of monitors for each object currently in the following states: alarm,
84
The management interface failed, ok and deactivated.
The object status widget
Monitor status widget

The widget displays status information for a number of selected monitors. In addition, real time statistics data for up to one hour can be shown for selected monitors. From the widget configuration select and add the desired monitors to be shown in the widget. If real time statistics data is desired, specify how many monitors should be displayed in the same chart from the select box.
The monitor status widget
Operator status widget

The widget displays currently, as well as recently, logged in operators.
The operator status widget
85
System status widget

The widget displays general system status such as uptime and version information.
The system status widget
Alarm summary widget

The widget displays the latest generated alarms, with time stamp and monitor information. From the widget configuration the number of alarms to be displayed can be selected.
The alarm summary widget
86
Network map widget

This widget displays a previously defined network map. From the widget configuration select the map to be displayed in the widget. For details see the Network maps (page 89) section. This widget is available in two different sizes.
The network map widget
Web page widget

This widget displays a web page. This can be useful for viewing external information directly in the
87
The management interface Network Monitor dashboard. In the widget configuration the URL to the web page can be specified. This widget is available in two different sizes.
Favourite items
This widget displays Network Monitor entities (networks, objects and reports) that have been previously tagged as favourites. This is useful for quick access to entities that you frequently access. Tagging an entity as a favourite is done in the respective property screen.
Log entries widget

This widget displays the most recent log entries from the Network Monitor system log. The number of log entries shown can be specified in the widget configuration.
The log entries widget
Toplist widget
This widget displays user configurable toplist information. The information available in the widget is similar to the information available from the Toplist screen in the Reports menu. What toplist information to display is defined from the widget configuration. Daily, weekly and monthly toplists are available, as well as a system snapshot toplist that contains the current status. Toplist configurations are defined similar to toplist report items. Please see the documentation for report toplists (page 69) for details on how to configure toplist configurations.
The toplist widget
88
Notepad widget
The notepad widget is a simple notepad that can be used for keeping notes, todo's and similar information. Note entries are private for the current operator unless shared. A note can be shared with one operator group that the current operator is a member of. Other operators in the specified operator group can access and update the information contained in the shared note.
The notepad widget
Network maps
This section describes how to work with the network maps feature in Network Monitor.
89
Introduction
Network Monitor is capable of displaying the status of gateways, networks and objects, as well as bandwidth utilization data on selected interfaces in real time in the network maps. Network maps are defined and edited in a separate map editor application. The editor is included in the Network Monitor installation, and a link to download the install file for the Dashboard map editor can be found in the About menu in Network Monitor.
90
The map editor

This section describes how to work with the stand-alone map editor application.
Starting the map editor

After the map editor application software has been started you are presented with a login screen. You must now log into Network Monitor with a system administrator operator account. It's recommended that a specific system administrator account be created for the purpose of editing maps, although you can use an existing system administrator account as well.
Note: Remember that you cannot be logged on to the Network Monitor web interface and the editor using the same account at the same time.
Fill in the operator username and password, enter the address to the Network Monitor server (and optionally the port number) and click the OK button.
The login dialog box
Importing map graphics

For most network maps you will want to use a background image, such as an image of a geographical location or a drawing of a server hall. First import the image using the editor.
Note: The editor only supports images in the .png (Portable Network Graphics) format. If you have an image that you want to use that is in another format, first convert it using another application.
To import your image, select Import images from the KNM menu. Then select your image file and click Ok. The image is sent to the Network Monitor server and is available for use in the editor.
Import images command
Importing custom icons

Network Monitor comes with a set of stock icons for use with your network maps, ready for use. It's 91
The management interface also possible to import your own custom icons to use as backgrounds for the various entities on the network maps.
Note: The editor only supports icons in the .png (Portable Network Graphics) format. If you have an icon that you want to use that is in another format, first convert it using another application.
To import a custom icon, select the Import icons command from the KNM menu. Then select your image file and click Ok. The image is sent to the Network Monitor server and is available for use in the editor.
Import icons command
If your icons are very large, the default method of displaying their status in the background may or may not work well. In such cases, it's recommended that you use the status overlay method described in the Network map settings (page 92) topic.
Note: For image transparency, it's recommended that your icons use the 32-bit RGBA format with a proper alpha channel.
Creating network maps

To create a new network map, select the New command from the Maps menu.
New map command
The map is created and added to the list of available maps in the tree control to the left.
Network map settings

To change the basic settings of a network map, click the map name in the tree control to the left. The properties of the map display in the properties area. The following properties can be modified for a network map. Map name - The name of the network map as it will be presented in Network Monitor. Map image - The background image to be used in the map. See the Importing map graphics (page 91) topic for information on how to import images. Background - Manually set the size and background color of the background. Status rendering - Defines how Network Monitor displays the status of entities on the network map. Status in background - Displays the status as a background, with the icon for the entity drawn above it. Status as overlay - Displays the icon for the entity with a small status symbol attached to the upper right corner. This method is recommended when using large custom icons.
92
Deleting network maps

To permanently remove a network map from Network Monitor, select the Delete command from the Maps menu.
Delete map command
Adding and editing content

This section describes how to add content to the network maps. Adding networks To add an Network Monitor network to the network map, select New network from the Edit menu, or alternatively use the keyboard-shortcut Ctrl+N.
New network command
The editor places a network from your Network Monitor configuration onto the map at a default position. Hint: when using the keyboard-shortcut the new network is placed at the current mouse cursor position. The properties of the network are visible in the Properties section. The following properties can be modified for the network. Network - Select the Network Monitor network to be displayed on the map. Icon - The icon to be displayed for the network. You can select from stock icons or custom icons. See Importing custom icons (page 91) for more information. Position - Manually set the position of the network by specifying an X and Y coordinate. Link properties - Specify what happens when an operator clicks on the network from the Network Monitor dashboard. Selecting No link causes nothing to happen when the network is clicked. Selecting Link to network makes the network link to the specified network's information screen in Network Monitor. Selecting Link to map makes the network link to another network map, enabling the creation of "drill-down" network maps.
93
The management interface Adding objects To add an Network Monitor object to the network map, select New object from the Edit menu, or alternatively use the keyboard-shortcut Ctrl+O.
New object command
The editor places a object from your Network Monitor configuration onto the map at a default position. Hint: when using the keyboard-shortcut the new object will be placed at the current mouse cursor position. The properties of the object are visible in the Properties section. The following properties can be modified for the object. Object - Select the Network Monitor object to be displayed on the map. First choose the network, then the desired object. Icon - The icon to be displayed for the object. You can select from stock icons or custom icons. See Importing custom icons (page 91) for more information. Position - Manually set the position of the object by specifying an X and Y coordinate. Link Properties - Specify what happens when an operator clicks on the properties object from the Network Monitor dashboard. Selecting No link causes nothing to happen when the object is clicked. Selecting Link to object makes the object link to the specified object's information screen in Network Monitor. Selecting Link to map makes the object link to another network map, enabling the creation of "drill-down" network maps. Adding gateways
Note: This section applies to the Distributed Edition only.
To add an Network Monitor gateway to the network map, select New gateway from the Edit menu, or alternatively use the keyboard-shortcut Ctrl+G
New gateway command
The editor places a gateway from your Network Monitor configuration onto the map at a default position. Hint: when using the keyboard-shortcut the new gateway will be placed at the current mouse cursor position. The properties of the gateway are visible in the Properties section. The following properties can be modified for the gateway. Gateway - Select the Network Monitor gateway to be displayed on the map. Icon - The icon to be displayed for the gateway. You can select from stock icons or custom icons. See Importing custom icons (page 91) for more information.
94
The management interface Position - Manually set the position of the gateway by specifying an X and Y coordinate. Link Properties - Specify what happens when an operator clicks on the properties gateway from the Network Monitor dashboard. Selecting No link causes nothing to happen when the gateway is clicked. Selecting Link to gateway makes the gateway link to the specified gateway's information screen in Network Monitor. Selecting Link to map makes the gateway link to another network map, enabling the creation of "drill-down" network maps. Selecting content To select content on the network map, either click directly on the desired entity, or draw a selection rectangle around the content you want to select. The selected content displays with a rectangle around it to indicate that it is currently selected. To select all content on the map, select the Select all command from the Edit menu, or use the keyboard-shortcut Ctrl+A. To add or remove content to your selection hold down the Ctrl key on the keyboard while selecting. To clear your selection, click in an open space somewhere in the map. Editing content To change the properties of content on the map, first select it to display the properties window. Make the appropriate changes, depending on what you selected, and click the OK button to confirm your changes. To move content in the map, first select it, then drag it on the map while holding the left mouse button down. Using the organizer tools Selected content in the map can be organized by using two tools, the Grid organizer tool and the Circular organizer tool To access the tools, right-click in the map window after selecting the desired content and select either tool from the Organize selection popup menu.
The grid organizer tool

This tool is used to arrange the selected entities neatly in a grid. Use the two slider controls to modify the width of the grid as well as individual spacing between entities. Changes are reflected immediately in the map.
The grid organizer tool window
95
The circular organizer tool

This tool is used to arrange the selected entities in a circular fashion. Use the two slider controls to modify the radius as well as angle of the entities.
The circular organizer tool window
Deleting content To delete content from the map, first select it, then select the Delete selection command from the Edit menu, or alternatively press the Delete key on the keyboard.
Delete selection command
Multi-edit To change the icon used for several entities at once, first select the relevant entities. Then select the desired icon from the properties section. Then click the OK button.
Publishing network maps

To publish changes to a network map to Network Monitor, select the Publish map command from the KNM menu. The current map is sent to the Network Monitor server, and updates immediately.
Publish map command
Bandwidth usage visualization

Network Monitor can display the bandwidth utilization of specified network interfaces directly on the network maps, in real time. This section discusses how to create connections for this purpose and how to link them to the Network Monitor bandwidth monitor.
96
The management interface Creating a connection Bandwidth utilization can be shown by creating a connection between two entities on the map. At least one of the entities must be a Network Monitor object. The other can be another Network Monitor object, a network, or a gateway. A connection is then linked to a specific Bandwidth utilization monitor in Network Monitor. There are two different methods of creating a connection.
Creating a single connection

Select two entities on the map. One must be a Network Monitor object. Then right-click in the map window and select Create connection from the Modify selection popup window. The connection is created and displayed as a line between the two entities. The properties window displays the properties of the connection.
The connection properties window
To link the connection to a monitor in Network Monitor, first select the object, then the monitor to link the connection to. Click the OK button to confirm your selection. Optionally create a connection without linking the connection to a Bandwidth utilization monitor in Network Monitor. In this case, the connection is shown as a line between the entities on the map when viewed on the dashboard, without any visual information about the current bandwidth utilization.
Creating multiple connections

Optionally create several connections at once. First select the desired entities on the map, then right-click and choose the Create multiple connections from the Modify selection popup window.
Creating multiple connections
Select the entity to create multiple connections to. A new connection for all the selected entities is created, with the selected entity as the endpoint of the connection. Editing a connection To edit an existing connection, click directly on the line representing the connection in the map view. The properties of the selected connection are displayed in the properties window. To select the monitor to be used for the connection, first choose the relevant object, then the monitor. Click the OK button in the properties window to confirm your selection. Deleting a connection To delete a connection from the map, first select it by clicking the line representing the connection in the map view. The selected connection is displayed in the tree control and the properties are shown in the properties view. To delete the connection, press the Delete key on the keyboard.
97
The management interface Visual feedback When a connection has been created and linked to a Bandwidth monitor, Network Monitor is able to present visual feedback on the current bandwidth utilization for the connection. Distributed Edition users should note that this feature is also available for monitors on gateways. The visual feedback consists of two arrows representing the inbound and outbound traffic on the connection. The inbound traffic arrow pointing towards the object and the outbound traffic arrow pointing away from the object.
Bandwidth utilization visual feedback
The thickness, and color, of the arrows indicates the utilization level. The thicker the arrow is, the greater the bandwidth utilization. The color of the arrows also give an indication to the utilization level. The arrow color is on a scale going from white (lowest utilization), blue, green, orange, up to red (highest utilization). The amount of traffic going in each direction is also visible directly on the connection itself, expressed in Kbps/Mbps/Gbps as appropriate.
System settings
In this section the various pages for changing system settings are discussed. Normally these pages are only accessible by an Network Monitor system administrator.
Email and SMS settings

To open the Email and SMS settings page, expand the Program settings sub-menu from the Settings menu and select Email & SMS settings. The Email and SMS settings page displays.
98

Opening the Email and SMS settings page
SMTP server
The SMTP server is used to send email notifications to users. Enter the address to the SMTP server you want to use. Note that the SMTP server must be able to accept all the email addresses that you are planning to use. This is the primary SMTP server normally used.
SMTP server username and password

If your SMTP server requires authentication, enter the username and password in these fields. SMTP server - The SMTP server is used to send email notifications to users. Enter the address to the SMTP server you want to use. Note that the SMTP server must be able to accept all the email addresses that you are planning to use. This is the primary SMTP server normally used. SMTP server username and password - If your SMTP server requires authentication, enter the username and password in these fields. SMTP server 2 - The secondary SMTP server is used when Network Monitor cannot connect the primary SMTP server. SMTP server username and password - If your secondary SMTP server requires authentication, enter the username and password in these fields. Return address - Most SMTP servers are configured to only accept incoming emails with a valid return address. Since Network Monitor is unable to receive emails you must specify a return address for emails that cannot be successfully delivered. SMTP HELO ID - If required, a custom HELO identifier can be specified for the SMTP servers. GSM phone port - To send SMS notifications you need to connect a GSM phone to the Network Monitor host machine. From the list of COM ports, select the port used to connect the phone. Baud rate - Baud rate is the speed Network Monitor reads and writes to the modem. Refer to the modem's documentation to specify the correct value. A setting of 2400 is recommended, if you're not sure what to select. Selecting the wrong baud rate can result in sporadic failures when sending SMS messages. PIN Code - Optional PIN code field. Some GSM phones requires Network Monitor to send a PIN code before sending a message. Enter the 4 digit PIN code in this field. After all required information has been entered, click the Save button to store your changes, or the Cancel button to return to the previous page without making any changes.
Log settings
Network Monitor is continuously writing a system log containing information about various system events and other status information. This log is written to the KNM\logs folder of the KNM host machine. It is also possible to configure Network Monitor to send the same log information to various services. These include:
99
The management interface The Windows event log An ODBC database A syslog server SNMP traps Each of these services can be configured in the Log settings page. To open the Log settings page, expand the Program settings sub-menu from the Settings menu and select Log settings. The Log settings page displays.
Opening the log settings page
Opening the log settings page
Windows event log

If enabled, Network Monitor stores log information in the Windows Event log in the Application log folder.
ODBC log
If enabled, Network Monitor stores log information in an ODBC compatible database. The ODBC data source must be a System data source type. KNM can create a database automatically, or you can specify the name of an existing database to place the log table log into. The log table is created with the following fields:
Field Time Object Agent Text Length 64 64 64 255 Type Char Char Char Char
100
The management interface No database index is created for the log table.
Syslog
If enabled, Network Monitor sends log information to a syslog daemon. Specify the address and port number to a host with a running syslog server. The Network Monitor syslog client uses the UDP protocol and port 514 by default. Syslog server - The address of the syslog server receiving the log information. Syslog port - The port number of the syslog server.
SNMP Trap
If enabled, Network Monitor sends all log information as SNMP traps to a remote trap console. Kaseya has created a custom MIB file that can be imported by the software receiving traps from Network Monitor. You can find the MIB file, named knm.mib, in the \mibs directory. Trap receiver - The host name or IP number of the receiver of the traps. Trap port - Port number that the trap receiver listens to. Community - SNMP trap community string. After all required information has been entered, click the Save button to store your changes, or the Cancel button to return to the previous page without making any changes.
NOC view settings

In the NOC view settings page, it is possible to configure custom NOC (Network Operations Center) views. These views are normally viewed on a full screen monitor and in combination with the Auto login (page 152) feature. To open the NOC view settings page, expand the Program settings sub-menu from the Settings menu and select NOC views.
Opening the NOC views page
The NOC settings page displays. This page consists of two sections.
The NOC settings page
101
Generic settings section

In this section the following settings are available. NOC view mode - This is a global setting affecting all NOC views. If set to View all monitor types all monitor types are visible in the NOC matrix. If Hide unavailable monitor types is selected, only monitor types available in the configuration are visible.
View configuration section

In this section individual NOC views are configured. To create a new NOC view, click the New view button. To edit an existing NOC view, select the view from the list and click the Edit button. The following properties can be set for a NOC view. View title - This is the title of the NOC view and displays on top of the NOC view. Group by - Specifies if the NOC view displays networks, objects, or objects followed by monitors. Monitor type filter - Filters the monitors displayed by monitor type. To save a modified NOC view, click the Save button.
Data type settings

It is possible to create customized data types for use with monitors capable of storing generic data. These monitors are: The SNMP monitor The Windows performance monitor The WMI monitor The database monitors (Database server, Oracle, MySQL, SQL Server) The SSH script monitor Network Monitor comes pre-configured with many different data types and knows how to handle those data types when it comes to reporting and presentation. In some cases it is useful to define your own data types, for example when you are dealing with proprietary data. To open the data type list view, expand the Program settings sub-menu from the Settings menu and select Data types. The Virtual data types list view displays.
Opening the data types settings page
The Virtual data types list
102
The management interface To create a new data type, click New data type command. The Edit data type page displays.
The data type properties page
Name - The name of the data type. This should be a short, descriptive name. Description - Enter a description for the data type. Toplist - Enable this option to let the Network Monitor toplist engine include this data type in toplist calculations. Compatible monitors - The monitor types compatible with this data type. Select a monitor type from the list and click the Select button. A selected monitor type can be removed from the selected list, by selecting it and clicking the Remote button. Stored unit - If the data type uses one or more units, you must specify the base unit monitors using this data type will store their data. Compatible units - Select and add units from the list that you want to include with this data type. This is useful for reporting when you want to display proprietary data in different units. Decimals - Enter the number of decimals to use when data of this type is displayed and reported. Clipping - Enter the low and high clipping range of data for this type. It's possible to only specify the low or the high clipping range (or neither).
Miscellaneous settings
The Miscellaneous settings page specifies additional settings for alerts and other events. To open the Miscellaneous settings page, expand the Program settings sub-menu from the Settings menu and select Misc settings.
Opening the alarm and misc settings page
The Miscellaneous settings page displays. This page is divided into several sections.
103
Default messages
This section contains default messages for alerts and other events. A number of parameters can be specified for each message that includes information from Network Monitor. To a view a list of all parameters click the View details link next to each text field.
Default alert message settings
Alarm subject - The default subject line for alert messages. Alarm message - The default message for alert messages. Notice that alarm messages can be customized for each monitor. See Editing a single monitor (page 28) for details. Recover subject - The default subject line for recovery messages. Recover message - The default message for recovery messages. Notice that recovery messages can be customized for each monitor. See Editing a single monitor (page 28) for details. Acknowledge subject - The default subject line for acknowledge alarm messages. Acknowledge message - The default message for acknowledge alarm messages. Report subject -The default subject line for emailed reports.
Default messages
This section contains default settings for monitor parameters related to monitoring and storage of statistical data.
Testing and statistics settings
Test interval - The default poll interval for new monitors. Alarm gen. - The default alarm generation value for new monitors. Alarm test interval - The default alarm test interval for new monitors. Statistics disk averaging - Stored statistical data for monitors are averaged with the specified interval before being recorded and stored permanently in the Network Monitor database. With a smaller averaging interval, the accuracy of stored statistics datal increases, but also increases disk usage at the same time. Defaults to 5 minutes.
104
The management interface Statistics store interval - This setting specifies how often Network Monitor stores statistical data to its database. Defaults to 10 minutes.
Date & week formats

This section contains settings for date and week formats in Network Monitor.
Date and week format settings
Date format - Specify the date format preferred when displaying a date in the management interface and alert messages. Week format - Specify the week format preferred. Week numbering - Specify the week numbering method used in your region.
PageGate integration
This section contains settings for PageGate integration in Network Monitor. PageGate is a paging gateway application developed by NotePage (http://www.notepager.com) (http://www.notepager.com).
PageGate integration settings
Interface method - Select the interface method to communicate with the PageGate software. Currently the only supported method is the GetAscii method. Polling directory - Specify the polling directory used for the GetAscii method. Please see the documentation for the PageGate software for more details.
Other settings
This section contains various uncategorized settings.
Miscellaneous settings section
Syslog server - To use the Syslog monitor, the internal syslog server must be enabled. Check this box to enable the syslog server. Watchdog sensitivity - Network Monitor has a built in watchdog function to monitor the system itself. If any errors are detected related to the monitoring process, Network Monitor sends an
105
The management interface email message with details about the error to system administrators. This function is disabled by default. Watchdog mail subject - The subject line for alert messages sent from the watchdog function. Default proxy - Specify the proxy server address, if the Network Monitor server requires a proxy server for outgoing web traffic. This server is only relevant when Network Monitor is checking for new versions. Web server monitors have their own proxy server settings. Default proxy port - Specify the port for the default proxy server if used. Telnet prompt - Enter the command prompts, separated by a comma. Whenever Network Monitor logs into a telnet server, it needs to know what the command prompt looks like. Telnet login prompt - Enter the login prompts, separated by a comma. Whenever Network Monitor logs into a telnet server, it needs to know what the login prompt looks like. Telnet pass prompt - Enter the password prompts, separated by a comma..Whenever Network Monitor logs into a telnet server, it needs to know what the password prompt looks like. Backups - Specify whether or not to create regular backups of the Network Monitorsystem configuration. Backups are placed in the KNM\nxdbackups folder of the KNM host machine. This option is enabled by default. Backup frequency - Specify the interval for creating backups. IP connection list - Optionally restrict access to the Network Monitor management interface by filtering IP addresses. Enter IP number ranges that may connect to the interface. For example, entering: 192.168.1.0 -192.168.1.255 would specify that only IP addresses within that interval would be able to connect to the Network Monitor interface. See the Web server configuration (page 151) topic for more details. Login notice - This is a message displayed on the logon page of all operators connecting to the management interface. After all required information has been entered, click the Save button to store your changes, or the Cancel button to return to the previous page without making any changes.
System administration page

In the System administration page Network Monitor licenses are managed. The System administration page can only be accessed by operators that have the system admin access right set. To open the data type list view, expand the Program settings sub-menu from the Settings menu and select Data types. The System administration page displays.
106

Opening the system administration page
System administrator page
Registering and upgrading licenses

To register or upgrade an Network Monitor license, follow these steps: 1. Enter the license key into the license key field. 2. Click the Register and validate license key button. If you receive an error message stating that the license key is invalid, please verify that you have entered the key correctly. If you receive an error message stating that the license key has expired, renew the license key. A link to the customer portal can be found in the license key field.
System shutdown
It's recommended that Network Monitor be shutdown from the System administration page when required, and not from the service manager in Windows. To initiate shutdown of the Network Monitor system, click the System shutdown button. The operator must verify the shutdown operation.
Service Desk
KNM > Settings > Program settings > Service desk The Service Desk page specifies the service desk used to create tickets for Network Monitor generated alarms.
Note: See the Network Monitor and Service Desk Integration quick start guide (http://help.kaseya.com/WebHelp/EN/KNM/4010000/link.asp?knm-desk) for more information.
Procedure
1. Display the Network Monitor > Service Desk page using the VSA navigation pane. The Network Monitor > Service desks page displays. 2. Click New in the Service desks menu bar at the top of the Network Monitor page. The Network Monitor > Service desk settings page displays.
3. Enter the following: URL - http://localhost Service desk name - KaseyaNetworkMonitor Accounts - knmserviceaccount 4. Click Save.
107
The management interface The service desk record displays on the Service desks page.
108
Chapter 3

In This Chapter
Monitor status progression Responding to alarms Action lists Acknowledging alarms Recovering from alarms 24 Hour Alarm List 110 110 110 113 114 114
109
Monitor status progression

During normal operation, a monitor in Network Monitor is in the Ok state, displayed in the management interface with a green status icon. Here is an example from the monitor list view.
A monitor during normal operation is displayed with a green status icon.
Whenever a monitor fails its test, it changes to the Failed state, displayed in the management interface with an orange status icon.
A monitor in failed state is displayed with an orange status icon.
When a monitor keeps failing tests, it eventually changes into the Alarm state, displayed with a red status icon. The number of failed tests required for an Alarm state depends on the Alarm generation parameter for each monitor. Increasing the Alarm generation parameter makes the monitor less sensitive to temporary outages, and decreasing the parameter makes it more sensitive.
A monitor in alarm state is displayed with a red status icon.
When a monitor first enters an alarm state, the Alarms column displays a 1. This is the alarm count. This means that the monitor has now generated one alarm. When the monitor is tested the next time and still fails its test, the number of alarms will be two, and so on. The alarm count is very important, because it controls what actions are taken in response to alarms.
Responding to alarms
An action list is a collection of actions executed in response to an alarm count. Every monitor in Network Monitor has an action list, either defined directly by a monitor's properties, or indirectly by a object's properties. For each alarm count in an alarm list, Network Monitor executes all actions specified for that alarm count. It is possibleand common to define several actions for the same alarm count.
Actions example
In the example above, there are two actions shown. The first action, for the first alarm, is a Send email action. The next action, configured for the fifth alarm, is a Send SMS action. For details on how to edit and configure action lists and actions, see the Action lists (page 110) topic.
Action lists
This section contains information on how to create and edit action lists and actions.
110
Listing action lists

To list all defined action lists, display the Action lists view.
The Action list view

To open the Action lists view, expand the Settings menu and choose Action lists. The Action lists view displays.
Opening the Action lists view
The Action lists view
Commands
In the upper section of the Action lists view, a number of commands are listed. These commands affect Action lists that are selected in the list only. Delete - Deletes the selected action lists. The operator must confirm the delete operation. New action list - Create a new action list.
Selecting action lists

To select an action list from the list, place a check mark in the selection column to the left. It's also possible to select a range of action lists by first clicking the start position in the list, then hold the shift key and click the end position. All the action lists in between the selected positions are selected.
Adding a new action list

To create a new action list, click the New action list command from the Action lists view. The Edit action list page displays. See Editing an action list (page 111) for details.
Editing an action list

To edit the properties of an action list, either click the properties icon in the Action list view, or click the Properties command from the Action lists page. The Edit action list page displays.
The Edit action list page
Edit action list
111
Alarms and alert handling Name - Enter a name for the action list. The name is used to identify the action list. Description - A longer description of the action list and its intended usage. Operator group - If an operator group is selected, the action list is only available to operators in that particular group. Make default - To specify the action list as the default action list, select this option. The default action list is assigned to new objects by default. After all required information has been entered, click the Save button to store your changes, or the Cancel button to return to the previous page without making any changes.
Adding and editing actions

Add actions to an action list using the Action list information view. To open this view, click the name of an action list from the Action lists view. The Action list information view displays.
The Action list information view
The Action list information view
In the upper section of the Action list information view, basic properties of the action list are displayed, such as its name and description. In the section in the bottom, all actions that have been added to this action list are displayed.
Adding a new action

To add a new action to the action list, click the Add action command in the list. The new action page displays.
Adding a new action
Select the desired action by clicking it. The properties page for the selected action displays.
The action properties page

The properties displayed depend on the action selected. For a reference to all actions and their settings, see the Action reference (page 207) chapter.
Action properties
112
Alarms and alert handling There is only one common property among all actions and that is the Alarm number setting. The Alarm number setting specifies the alarm count a monitor must be equal to, to execute this action. After all required information for the action has been entered, click the Save button and the new action will be created and added to the action list.
Editing an action
To edit an existing action, click the properties icon next to the action.
Testing actions
Some actions have a Test action section in their property page. This allows you to test the current action as if it was executed by Network Monitor in response to an alarm, and is a great way to verify that the action is configured correctly. To test the action, expand the Test action configuration section, and select a monitor from the list. Click the Test action button to perform the test.
Deleting an action
To delete an existing action, select the action on the list and choose the Delete command. The operator must confirm the delete operation.
Acknowledging alarms
Using the Acknowledge alarms function, an operator can notify other operators that an alarm is being investigated. The Acknowledge alarms function can be used from the Monitor list (page 25), Object information (page 24) page and the Monitor information (page 30) page. To acknowledge an alarm for one or more monitors, select the monitors and use the Acknowledge alarm command. The Acknowledge alarm dialog is displayed.
Acknowledge alarm
In the first section, all the monitors previously selected are listed.
The acknowledge alarm dialog
Modify the selected monitors - When acknowledging the alarm, the operator has two choices on how to modify the selected monitors. 113
Alarms and alert handling Clear alarm status - This clears the alarm state and returns the monitor to its Ok state. Deactivate - This deactivates the monitors, with an option to automatically reactivate them after a given time period. Specify the period in minutes. If the reactivate option is not selected, the monitors stays deactivated until manually activated again. Acknowledge message - When acknowledging the alarm, a message is sent to all operators in the operator group owning the object. Specify the message in this text field. The text message defaults to the acknowledge message specified by the Miscellaneous settings (page 103) page, but can be changed. Send the message by - The acknowledge message can be sent by either email, SMS or PageGate, or a combination of all three. The operator acknowledging the alarm does receive the acknowledge message. To acknowledge the alarm, click the Acknowledge alarm button.
Recovering from alarms

A monitor may recover from an Alarm state by itself. If so, Network Monitor is able to react to this event. For example, if a monitor is currently in an Alarm state and performs a test that succeeds, the monitor status automatically changes back to an Ok state. When a monitor recovers, Network Monitor can execute a recover action list, if one is specified. A recover action list can be specified by a monitor or indirectly by the object of a monitor. When the monitor recovers, all actions defined in the recover action list are executed, regardless of the alarm number. Creating separate action lists to serve as recover action lists is recommended.
24 Hour Alarm List

KNM > Monitors > Other lists > By alarms > In alarms past 24 hours The 24 Hour Alarm List page filters the Monitor list page by only showing Network Monitor monitors that have entered the alarm state within the last 24 hours.
114
Chapter 4
Advanced topics
In This Chapter
Compiling custom MIB files MIB Browser SNMP Traps Windows service list Data extraction reference Init.cfg parameters Gizmo Local Downloads Log search Message format options NOC views Object templates Simulate alarm SMS device configuration System administrator console Toplists Troubleshooting Windows monitoring and authentication UNIX system support files Web server configuration Backup and restore Lua Local dependencies 50 latest syslog messages 116 117 118 118 118 125 127 128 129 130 132 134 138 139 141 143 145 149 151 155 156 157 159
115
Advanced topics
Compiling custom MIB files

Note: The MIB compiler is a separate download that can be found at http://community.kaseya.com/resources/m/knowexch/67676.aspx (http://community.kaseya.com/resources/m/knowexch/67676.aspx) This topic assumes you have downloaded and
installed the compiler.
In the Kaseya > KNM program group in the start menu you can find the MIB compiler. By using the MIB compiler you can compile text MIB files into a binary format that Network Monitor can read. Compiling MIB files requires understanding about how MIB files work as well as a general understanding of SNMP. A number of different RFC documents outline the fundamental base that all other MIB files are based on.
As an example, this is the compile order of a CISCO product MIB. 1. SNMPv2-SMI.mib 2. SNMPv2-TC.mib 3. SNMPv2-MIB.mib 4. RFC1213-MIB.mib 5. IF-MIB.mib 6. CISCO-SMI.mib 7. CISCO-PRODUCTS-MIB.mib 8. CISCO-TC.mib The first 5 files in this example are common for most product MIB files, and are included in the default knm.mib binary MIB file.
Warning: All of these files must be compiled at the same time, otherwise the MIB compiler fails due to unresolved symbols.
Contents of the default KNM MIB file

The default knm.mib file that is included in the installation contains the following base OIDs (Object Identifiers). iso.org.dod.internet.directory iso.org.dod.internet.mgmt iso.org.dod.internet.experimental iso.org.dod.internet.private iso.org.dod.internet.security
116
Advanced topics
Compiling a MIB file
Intellipool MIB compiler
1. Start the MIB compiler and click the Load button. 2. Locate the default knm.mib file in the KNM\mibs folder of the KNM host machine and double click it. 3. Check the box Use base MIB when compiling. 4. Click the Compile button and select the text MIB files that you want to compile. 5. When the compiler is finished, save the file in the KNM\mibs directory. It's recommended that you use the browse function to review the compiled MIB before saving it into the KNM\mibs directory.
MIB Browser
KNM > Object list > <object name> > New monitor > SNMP > OID [...] KNM > Object list > <object name> > New monitor > SNMP trap > OID include/exclude filters [...] The MIB Browser page displays a MIB tree and enables you to navigate to and select OID values. The MIB Browser must be able to successfully connect to the SNMP agent on the remote device or computer to retrieve and select OID values in this dialog.
Note: The system hosting the Network Monitor server must have the Windows SNMP Service running to use SNMP monitoring. Any community specified by Network Monitor for monitoring must also be specified by the SNMP Service on the host machine. See Installation Checklist (page 6). Note: See Compiling custom MIB files (page 116) to modify the MIB tree displayed in this dialog.
117
Advanced topics
Selecting an OID
1. Click any OID in the tree displayed in the left pane to display the OIDs properties in the right pane. 2. Click the Select OID button.
SNMP Traps
KNM > Tools > SNMP / Syslog > SNMP traps The 50 latest SNMP traps page displays the 50 latest SNMP trap messages sent to Network Monitor by all SNMP trap (page 196) monitors that are members of the same gateway.
Windows service list

KNM > Tools > Windows service manager The Windows service list provides direct access to the list of available services on a Windows computer. Only objects identified as Windows computers and that have Windows authentication logon accounts (page 46) are available to select.
Displaying a Windows Service List

1. Select a network in the Network drop-down list. 2. Select a Windows computer in the object drop-down list. 3. Click Update.
Actions
Select one or more services in the list and then perform one of the following actions. Start - Start selected services. Stop - Stop selected services. Restart - Restart selected services. Pause - Pause selected services. Not all services can be paused. Continue - Resume the running of paused services.
See Also
Windows service control (page 216) (action) Windows service control (page 59) (scheduled event) Windows service status (page 204) (monitor)
Data extraction reference

The data extraction interface can extract data from Network Monitor with HTTP Get commands.
Prerequisite
Each get request sent to Network Monitor must include a operator username and the operator must be flagged for Auto login (page 152). If the user is also flagged as a system administrator, the user has system wide access. Otherwise the information is restricted to the data controlled by the operator groups the operator is member of. If the operator is not allowed to access the information Network Monitor returns an HTTP 404 error code.
118
Advanced topics
URL Syntax
The format of the URL sent to Network Monitor contains some required parameters.
Example URL for extracting a chart from a monitor

http://localhost:8080/extract.xsi?cmd=monitor_graph&user=Admin&id=8&param1 =2
cmd user id param1 Command to execute Network Monitor operator username Id of monitor or operator Custom parameter
dir
The dir command returns a list of available monitors and operators with their name and id. This command can be useful when designing extraction URLs for all other commands.
Syntax
http://localhost:8080/extract.xsi?cmd=dir&user=Admin
cmd user dir Network Monitor operator username
Returned data
A list of monitors and operators with their IDs.
monitor_graph
The monitor_graph command returns a PNG image file with the selected real time chart. This is the same chart that is shown in the Monitor information page. Before a chart can be extracted, the chart must be enabled using the Monitor information page.
Syntax
http://localhost:8080/extract.xsi?cmd=monitor_graph&user=Admin&id=8&param1 =2
cmd user id param1 monitor_graph KNM operator username ID number of monitor Zero based index of chart to retrieve. The index is based on enabled graphs.
Returned data
A PNG image file with the default size of 747x120 pixels and a color depth of 3 bytes per pixel.
monitor_status_list
The monitor_status_list command returns the monitor status string. The status string is the 119
Advanced topics same status shown in the Monitor information page.
Syntax
http://localhost:8080/extract.xsi?cmd=monitor_status_list&user=Admin
cmd user monitor_status_list KNM operator username
Returned data
A string containing the name of the object and monitor, the status string and the status of the monitor separated by a pipe sign ( | ). Each line is separated by a CRLF.
Example
MyObject | CPU load Monitor | Current CPU usage 11.00 % | OK MyObject | Memory size Monitor | Free memory 256 MB | FAILED
monitor_statusstring
The monitor_statusstring command returns the monitor status string. The status string is the same shown in the Monitor information page.
Syntax
http://localhost:8080/extract.xsi?cmd=monitor_statusstring&user=Admin&id=8
cmd user id monitor_statusstring KNM operator username ID number of monitor
Returned data
A string containing the name of the monitor, the status string and the status of the monitor separated by a pipe sign ( |).
Example
CPU load Monitor | Current CPU usage 11.00 % | OK
monitor_uptimestring
The monitor_uptimestring command returns the monitor uptime string. The uptime string describes the uptime of the monitor in hours, minutes and second. If the monitor is currently in alarm state an asterisk (*) is added to the front of the string to note that the string indicates the downtime of the monitor.
Syntax
http://localhost:8080/extract.xsi?cmd=monitor_uptimestring&user=Admin&id=8
cmd user id monitor_uptimestring KNM operator username ID number of monitor
120
Advanced topics
Returned data
A string containing the name of the monitor and the uptime/downtime string separated by a pipe sign (|).
Example
CPU load Monitor | 0h 59m 35s
object_xml
The object_xml command returns an xml document containing information about an object. To access the object the operator must be a member of the operator group assigned to the object.
Syntax
http://localhost:8080/extract.xsi?cmd=object_xml&user=Admin&id=2
cmd user id object_xml KNM operator username ID number of the object
Returned data
An xml document.
XML fields
INM_OBJECT NAME DESC IP_ADDRESS MAC_ADDRESS ACTIVE MAINTENANCE NETWORK_NAME NETWORK_DESC NETWORK_CONTACT_NAME NETWORK_CONTACT_ADDRESS 1 NETWORK_CONTACT_ADDRESS 2 NETWORK_CONTACT_PHONE NETWORK_CONTACT_MOBILE NETWORK_CONTACT_FAX NETWORK_CONTACT_EMAIL NETWORK_CONTACT_ADD Root of tree Real name Description of the object IP address or host name of object MAC address of object (if available) YES if object is enabled, NO if disabled "Available" if operator is scheduled and on duty, "n/a" if not on duty or not scheduled Name of the network Description of the network Name of network administrator Contact address of network administrator, line one Contact address of network administrator, line two Network administrator phone number, fixed line Network administrator phone number, mobile Network administrator Fax number Network administrator email Additional information about this network
INM_AGENT
Child to INM_OBJECT
121
Advanced topics
NAME TEST_INTERVAL ALARM_DELAY ALARM_GENERATION Monitor name Interval between tests, in seconds Interval between tests when monitor is in alarm state, in seconds How many consecutive tests that have to fail before an monitor is considered to be in alarm state Time of the most recent test Time of the most recent ok test Time of the most recent failed test Number of tests done since last reboot YES if monitor is enabled, or NO if disabled Type of monitor State of monitor, can be OK, FAILED or ALARM The most recent status string Time that the monitor have been in OK state or ALARM state, when in ALARM state the string is prefixed with a '*' sign
LAST_TEST LAST_OK_TEST LAST_FAILED_TEST TEST_DONE ACTIVE TYPE STATUS STATUS_STRING UPTIME
INM_ALARM_MESSAGE MESSAGE TIME STATUS
Child to INM_AGENT, shows the last 5 status strings Status text Time of the entry OK, FAILED or ALARM
INM_GRAPH_LINK
Child to INM_AGENT, contains information about the realtime charts displayed in the monitor information page A data extraction link to the chart Description of the chart Unit of the Y axis of the chart Time period of the chart
LINK DESC UNIT PERIOD
STATUS_EX STATUS UNIT COMPARE_VALUE
Extended status for SNMP, SSH2 Script, ODBC and WinPerf monitors State of monitor can be OK, FAILED or ALARM User defined unit User defined value that value returned from test is compared with, to evaluate the result of the test. Operation to compare returned value from test and the user defined compare value. Can be:
COMPARE_OPERATION
122
Advanced topics
LAST_VALUE
EQUAL NOT EQUAL GREATER LESS EQUAL OR GREATER EQUAL OR LESS
Last value returned from test.
Example
<INM_OBJECT> <NAME>DOMAINSERVER</NAME> <DESC></DESC> <IP_ADDRESS>192.168.1.1</IP_ADDRESS> <MAC_ADDRESS>00-00-5A-A8-07-D8</MAC_ADDRESS> <ACTIVE>YES</ACTIVE> <MAINTENANCE>NO</MAINTENANCE> <NETWORK_NAME>Office</NETWORK_NAME> <NETWORK_DESC>The default network</NETWORK_DESC> <NETWORK_CONTACT_NAME></NETWORK_CONTACT_NAME> <NETWORK_CONTACT_ADDRESS1></NETWORK_ADDRESS1> <NETWORK_CONTACT_ADDRESS2></NETWORK_ADDRESS2> <NETWORK_CONTACT_PHONE></NETWORK_PHONE> <NETWORK_CONTACT_MOBIL></NETWORK_CONTACT_MOBIL> <NETWORK_CONTACT_FAX></NETWORK_FAX> <NETWORK_CONTACT_EMAIL></NETWORK_CONTACT_EMAIL> <NETWORK_CONTACT_ADD></NETWORK_CONTACT_ADD> <INM_AGENT> <NAME>Bandwidth test</NAME> <TEST_INTERVAL>10</TEST_INTERVAL> <ALARM_DELAY>600</ALARM_DELAY> <ALARM_GENERATION>5</ALARM_GENERATION> <LAST_TEST>2004-06-10 13:38:55</LAST_TEST> <LAST_OK_TEST>2004-06-10 13:38:40</LAST_OK_TEST> <TEST_DONE>0</TEST_DONE> <ACTIVE>NO</ACTIVE> <TYPE>Bandwidth test</TYPE> <STATUS>OK</STATUS> <STATUS_STRING></STATUS_STRING> <UPTIME>23t 4m 45s</UPTIME> </INM_AGENT> </INM_OBJECT>
objectlist_xml
The objectlist_xml command returns an xml document containing a list on all objects and monitors that the operator can access.
Syntax
http://localhost:8080/extract.xsi?cmd=objectlist_xml&user=Admin
cmd user object_xml KNM operator username
Returned data
An xml document.
XML fields
INM_OBJECTLIST Root of tree
123
Advanced topics
INM_OBJECT NAME DESC ID Root of object Name of the object Description of the object ID Number of object
INM_AGENT ID NAME
Root of object ID Number of Monitor Name of the monitor
Example
<INM_OBJECTLIST> <INM_OBJECT> <NAME>Fileserver</NAME> <DESC>Office fileserver</DESC> <ID>955</ID> <INM_AGENT> <ID>8</ID> <NAME>Bandwidth test</NAME> </INM_AGENT> </INM_OBJECT> </INM_OBJECTLIST>
operator_status
The operator_status command returns operator status and information.
Syntax
http://localhost:8080/extract.xsi?cmd=operator_status&user=Admin&id=2
cmd user id operator_status KNM operator username ID number of operator
Returned data
A string containing operator status and information, the fields are separated by a pipe sign (|).
Format of returned data.

UserName | Name | Phone | Cell phone | Address 1 | Address 2 | Scheduled status | Online status
Username Name Phone Cell phone Address 1 Address 2 Scheduled status Online status
KNM operator username Real name Phone number Cell phone number Address field Address field "Available" if operator is scheduled and on duty, "n/a" if not on duty or not scheduled "Online" if operator is logged on to KNM
124
Advanced topics
Example
Admin | Robert | 0611-22334 | | Box 277 | 871 31 Hrnsand Sweden | n/a | Online
test_status
The test_status command returns the overall status of all the monitors.
Syntax
http://localhost:8080/extract.xsi?cmd=test_status&user=Admin
cmd user test_status KNM operator username
Returned data
A string containing the current test status. The status indicates if there is at least one or more monitors in failed or alarm state.
Example
ALARM
version
The version command returns the current Network Monitor version number.
Syntax
http://localhost:8080/extract.xsi?cmd=version&user=Admin
cmd user Version KNM operator username
Returned data
A string containing the version number of Network Monitor.
Example
3.2
Init.cfg parameters
The init.cfg file is used by Network Monitor for settings that are needed before the database with the configuration is loaded. It controls which port Network Monitor starts the web server on and in which mode Network Monitor starts in (Standard, Distributed server or Distributed gateway). The init.cfg file is located in the KNM root directory.
Log
LOG_LEVEL = 0 - Log level, if set to other then zero Network Monitor writes debug information into the text log. Valid log level is 0, 1 and 2. If log level is set to 2 (default 1) Network Monitor starts logging detailed information to a debug_log.txt file in the \logs directory. Can be useful when debugging mail and SMS sending behavior for example. Can be changed while Network Monitor is running.
125
Advanced topics
Web server
WEBSERVER_PORT = 8080 - Web server port number. This is the port number the web server listens on for incoming connections from a browser. Can be changed while Network Monitor is running. WEBSERVER_LANGUAGE = ENG - The language used in the web interface. Defaults to ENG (English). FRA (French) is optional. Can not be changed while Network Monitor is running. WEBSERVER_CERT=name_of_cert - The web server can use SSL to encrypt information. This parameter specifies the certificate name, default blank. Use the Network Monitor SSL configuration utility to select and configure SSL options. Can be changed while Network Monitor is running if WEBSERVER_PORT also is changed, otherwise no. WEBSERVER_SSL=0 - Enables web server SSL mode, default disabled (0), enabled (1). WEBSERVER_BIND=x.x.x.x - If the Network Monitor host machine has more than one network card Network Monitor will bind to the first found card. To change this behavior this parameter can specify the address of the card Network Monitor should bind to. Can be changed while Network Monitor is running if WEBSERVER_PORT also is changed, otherwise no.
SSH2
SSH2_TIMEOUT=25000 - SSH2 client timeout time in milliseconds. Defaults to 25000 (25 seconds). Can be changed while Network Monitor is running. SSH2_TRACELEVEL=0 - Tracelevel can be used to debug the ssh2 connection. Defaults to 0. A valid range is 0 to 4 (max output). Can be changed while Network Monitor is running.
Testing thread pool configuration

TP_INIT_SIZE - The initial size of the thread. Defaults to 20. TP_MAX_AGE - The max age in seconds a thread can be unused before being deleted from the pool. Defaults to 3600 (one hour). The purpose of this parameter is to have the thread pool balance the size to a optimal size for your configuration. TP_MAX_SIZE - Max size that the thread pool can grow to. Defaults to 125.
Other
OBJECT_IP_CACHE=1 - Network Monitor resolves all object host names into IP addresses. This feature can be turned off if there is problems with the local DNS. Defaults to 1 (enabled). Optionally 0 (disabled). Can be changed while Network Monitor is running. DELAY_TEST_START=0 - This parameter can be used to delay the start of monitor tests when Network Monitor is starting up. Defaults to 0 seconds. Useful for reducing machine boot time stress by delaying the start of Network Monitor monitor tests. Can not be changed while Network Monitor is running. OPERATOR_SESSION_TIMEOUT=20 - Sets the operator session timeout value, in minutes. If no timeout is wanted, set value to -1. Can be changed while Network Monitor is running. SNMP_TIMEOUT=10000 - To set the timeout used by all SNMP functions (monitors, actions etc), in milliseconds. Defaults to 10 seconds. Can be changed while Network Monitor is running. ENABLE_CRASHFILE=true - If enabled and Network Monitor hangs in a deadlocked state, Network Monitor produces a crash dump file called crash.now in the KNM root directory. This file is used by Network Monitor developers to analyze why the deadlock occurred. Can be changed while Network Monitor is running. DISTTEST_UPDATE_INTERVAL=60 - Distributed Edition only. Time between the event that causes the gateway and server to exchange information. Can be set in both gateway and server init.cfg files to separate values. The default 60 seconds is recommended. DISABLE_RTS - If this variable is present and set to 1 in the init.cfg file at startup, no real-time statistics are loaded for monitors. This can greatly speed up the startup time of Network Monitor. 126
Advanced topics NO_TESTING - If this variable is present and set to 1 in the init.cfg file at startup, no testing is performed until an operator enables the testing again. HOSTNAME_OVERRIDE=myhost.domain.local - When sending notifications to operators a link to the monitor/object is included in the notification e-mail. The link starts with the host name of the Network Monitor host machine. This parameter can be used to override that name. Can be changed while Network Monitor is running. DISTTEST_MODE=server - This parameter tells Network Monitor to start the distributed subsystem in either server or gateway mode. This parameter is dependent on the DISTTEST_ENABLE parameter. Can be changed while Network Monitor is running. DISTTEST_ENABLE=1 - This parameter tells Network Monitor to start the distributed subsystem. This parameter is dependent on the DISTTEST_MODE parameter. The parameter can be set to 1 to enable or 0 to disable. Can be changed while Network Monitor is running.
Gizmo
Gizmo is a small system tray application that can be installed on your workstation. Gizmo is available as a local download (page 128) from the About page in the Network Monitor management interface. Click the Gizmo link to download the setup and follow the instructions.
Gizmo
Features
Alarm notification Network Monitor log viewer Start/stop Network Monitor Statistics, including Network Monitor memory usage, cpu usage and uptime
Requirements
Net 2.0 Runtime installed
127
Advanced topics
Gizmo configuration
Before you can start using Gizmo you need to configure the application. Open the configuration screen (View menu > Configure) and enter the following parameters.
Gizmo configuration page
KNM Host - The DNS name or IP number of the computer hosting Network Monitor. Web interface port - The port number where the Network Monitor management interface is accessed. Defaults to 8080. SSL - Option to connect to Network Monitor using SSL. Check this option if your Network Monitor installation uses SSL for the management interface. Operator name - Name of an operator that Gizmo uses to logon to Network Monitor to extract data. Operator password - Password of the operator. Alert sound path - Path to a .wav file that contains a sound played when an alarm or error occurs. Poll only monitor status - Enable this option if the user running Gizmo does not have (Windows account) administration rights to access the service data base and remote registry of the Network Monitor host machine. Click the Save button to store your settings. Username and passwords are stored as MD5 checksums in the registry together with the host name and port number. Storing the password as an MD5 checksum makes it very difficult for a third part to extract the operator password.
Note: Your Windows account used to run Gizmo requires permission to access the service control manager of the Network Monitor host computer. Use the Poll only monitor status to work around this requirement.
Local Downloads
Local downloads are available from the Help > About page in the management interface. It provides Network Monitor operators with easy access to tools and documentation.
128
Advanced topics
The about page
The about page
From the about page you can download the following files. Gizmo (page 127) Lua IDE (page 156) Network map editor (page 90)
Customizing the local downloads

The files available for access from the management interface can be customized via the install.xml file found in the install directory. To add a new file that can be accessed from the About page, add a <file> entry for each file. <FILE> - Declaration of a new file to display on the page. <OPERATOR_GROUP> - This tag can be used to only display the file for members of a specific operator group. Enter the group name in the tag. <NAME> - The name of the file as presented in the management interface. Note that you should enclose the name in the language code that you use. Current available language codes are ENG and FRA. <FILENAME> - The name of the physical file in the install directory to associate with this entry. <DESCRIPTION> - The description of the file. Enclose the text with the language code that you use.
Log search
The Log search feature enables operators with proper access rights (page 36) to search the Network Monitor system log. Note that even though the operator has access to search the log, the operator might not be able to access all information contained in the system log. For example, operators with the Group objects access right can only view log entries assigned to its own operator group. Only system administrators are able to see all information.
The log search view
The log search view
Period - Select the time period to search the system log. Results - Max number of entries to display.
129
Advanced topics Text - Optional free text search. Specifying a search keyword limits the list to log entries containing that keyword. Object - Optional selection of an object. If selected, only message related to the object are listed. Monitor - Optional selection of a monitor. If selected, only messages related to the monitor are listed.
Manually adding a log entry

Operators can use the Add log message function to add manual entries in the log. The log message is stored in the system log as a comment. You can optionally associate an object/monitor combination with the log entry.
Adding a manual log entry
To add the log entry, click the Save button.
Message format options

All outgoing messages in Network Monitor can include formatting variables in the text of the message. Email messages can also contain special formatting codes known as BB codes that can be used to improve the look of the mail.
BB codes
BB codes are a semi-standard used by many forum systems to format messages without the need of embedding HTML. It works similar to HTML, having a start and an end tag, and supports nested tags. BB codes are translated to HTML for all operators that have selected to receive emails from Network Monitor in either the HTML or Simple HTML format. Operators that have selected to receive plain text messages will have the BB codes stripped out from their messages. Start
[hr] [b] [i] [u] [quote] [size=X] [font=X] [color=X] [/b] [/i] [/u] [/quote] [/size] [/font] [/color]
End
Description
Horizontal ruler. This tag does not have a closing tag. Bold text Italic text Underline text Quote text (translates to the html <blockquote> markup tag) Sets the size to X pixels [size=12] Example Text [/size] Sets the text in scope to use the font "X" [font=verdana] Example Text [/font] Sets the text in the scope to use a color. The color can be any type of HTML color definition.
130
Advanced topics
[color=red] Example Text [/color] [url=X] [img=X] [/url] [/img] Creates a link to URL X [url=http://www.kaseya.com] Example URL [/url] Inlines an image located at URL X [img=http://myurl/mypic.png][/img]
Format flags
Format flags are used to expand information in messages before they are processed and sent to their recipient. Most of these flags are context sensitive. For example, the flag %monitor_error expands the latest alarm report for the monitor triggering the action, and would not be expanded into anything if used in a Send mail scheduled event. Flag
%time %object_localtime %time_hour %time_hour2 %time_minute %time_second %date_year %date_year2 %date_month %date_dayofmonth %date_dayofyear %date_weekday %network_link %object_link %monitor_link %sys_distributionlist %monitor_error %monitor_error2 %monitor_timelastok %monitor_timelastok _localtime %monitor_timelastfail ed %monitor_timelastfail ed_local Alarm/restart message Alarm/restart message Alarm/restart message Alarm/restart message Alarm/restart message Alarm/restart message Alarm/restart message Alarm/restart message Alarm/restart message Alarm/restart message
Context
Description
KNM host local date/time Date/time for the selected time zone of the object 24 hours formatting 12 hours formatting Minutes in hour Seconds in minute Year with century Year without century Month as number 01 - 12 Day of the month 01 - 31 Day of the year 1 - 366 Week day as number, 0 - sunday, 6 = saturday Creates a link to the network information page Creates a link to the object information page Creates a link to the monitor information page List the recipients of the message Date/Time + Latest alarm message for the monitor Date/Time + Latest alarm message for the monitor Time when monitor last was in alarm state (KNM host local date/time) Time when the monitor last was in Alarm state (Object time zone date/time) Time when monitor last was in Failed state (KNM host local date/time) Time when monitor last was in Failed state (Object time zone date/time)
131
Advanced topics
%monitor_dependenc Alarm/restart ystatus message %monitor_list %object_name %object_freetext %object_destination %object_description %object_operatorgro up %operator_current %network_name Acknowledge alarm Alarm/restart message Alarm/restart message Alarm/restart message Alarm/restart message Alarm/restart message Acknowledge alarm Alarm/restart message Text rendering of dependency tree status List of monitors that the have had an alarm acknowledged Name of object Object free text field Object hostname/IP address Object description Operator group assigned to object Operator that acknowledged the alarm Name of network Network contact information Operators on duty Alarm/restart message Real time graph attachment in mail.
%network_contactinfo Alarm/restart message %operator_onduty %sys_charts
NOC views
Network Operation Center views are compact, full-screen information views that display the status of a collection of networks and objects. They are normally displayed on dedicated monitors and are particularly useful in conjunction with the Auto login (page 152) feature. There are two predefined views, the Network NOC view and Object NOC view. You can also define customized NOC views, and assign specific objects to a given view. To display a NOC view, select the desired view from the NOC views submenu, from either the Objects and Networks menus respectively.
The NOC View
A NOC view example
132
Advanced topics NOC views display network status, or object status, in a matrix format. All networks or objects are listed vertically, with the status for each monitor type horizontally. The overall status is shown in a large, easy to read area at the top left. Items in the NOC views are normally sorted alphabetically, but if an item is in an Alarm (failed) state, it is displayed first in the list.
Creating custom NOC views

To create a custom NOC view, open the NOC settings page. This page is found in the Settings menu and in the Program settings submenu. The NOC settings page displays.
Opening the NOC view settings
NOC settings
In the first section, there is a global setting that affects all NOC views. NOC view mode - This option affects all NOC views, and specifies whether or not to include monitor types not in the Network Monitor system configuration when viewing a NOC view.
The NOC settings page
Adding a new NOC view

To create a new NOC view, click the New button. The NOC settings page displays. View title - Enter the title of the NOC view. This should reflect the contents of the NOC view, for example, Web servers or similar. Group by - Choose the level of detail to display in the NOC view. Depending on the Group by setting, the NOC view is added to the Network Monitor menu in either the Networks or the Objects menu. Group by networks - This displays networks only. Group by objects - This displays objects in the view.
133
Advanced topics Group by objects, then monitors - This option displays objects, then the underlying monitors for each object, in the view. Monitor type filter - To filter the content of a NOC view by monitor types, select a monitor type from the list and click the Select button. To remove a monitor type, select it and click the Remove button. Notice that the overall status of the NOC view and its content are affected if you filter by monitor types. For example, if a custom NOC view is created containing a monitor type filter of CPU utilization, Disk utilization and Memory utilization, only those type of monitors are listed in the NOC view. To save the NOC view, click the Save button.
Note: Up to 32 customized NOC views can be created.
Editing an existing NOC view

To edit an existing NOC view, select it from the list and click the Edit button. When finished making changes, click the Save button to store your changes.
Deleting an existing NOC view

To delete an existing NOC view, select it from the list and click the Delete button.
Object templates
Object templates can significantly reduce the time it takes to create and initialize a large number of objects in an Network Monitor installation. An object template serves as a model for new objects, containing monitors the same as normal objects do. When a new object is created from a template, all the monitors in the template are automatically created in the new object. Object templates also have additional functionality in that normal objects can be linked to an object template. When the properties of a monitor in a template are changed, all the objects linked to that template are automatically updated. It is also possible to individualize specific monitors in a object linked to a template with the Unlink command. See the Adding objects from templates (page 16) topic for more details.
Listing object templates

To open the Object template list, expand the Object menu, then expand the Other lists submenu and choose Object template list. The Object templates list view displays.
Opening the Object templates list
The Object template list
134
Advanced topics
Commands
In the upper section of the Object template list view, a number of commands are listed. These commands affect templates that are selected in the list only. Copy - Creates copies of the selected object templates. Delete - Deletes the selected object templates. The operator must confirm the delete operation. Import - Import an object template from an external XML file. New - Creates a new object template template.
Selecting Object templates

To select object templates from the list, place a check mark in the selection column to the left. It's also possible to select a range of object templates by first clicking the start position in the list, then hold the shift key and click the end position. All the object templates in between the selected positions are selected.
Adding an object template

There are two different ways to create a new object template: Create a new empty object template Clone an existing object into a template
Creating a new empty object template

To create a new object template from scratch, select the New object template command from the Object template list view. Network Monitor displays the New template page.
The Object template property page
Name - Enter a name for the object template. This should be a descriptive name used to identify the template. Description - Enter a longer description of the object template and its intended usage. System type - Select the default system type for the object linked to this template. This is a default value only. The system type can be individually set for linked objects. After all required information has been entered, click the Save button and the new object template will be created.
Adding monitors to object templates

Adding monitors to a template works exactly the same as adding monitors (page 27) to a normal object. Some monitors have slightly different settings when added to an object template.
Cloning an existing object

An already existing object can be cloned into an object template. From the Object information (page 24) view, select the Make template command.
Importing object templates

Object template definitions can be imported into Network Monitor via previously exported XML files or from exported Kaseya monitoring sets. This topic describes these two methods of importing templates into Network Monitor.
135
Advanced topics
Importing Network Monitor template definition files

First open the Object template list view, and then select the Import command. Network Monitor displays the Import object template dialog.
Importing object templates
From the Import object template dialog, click the Browse button to locate the definition file. When the file has been located, click the Import button to import the object template.
Importing Kaseya monitoring sets

From the Object template list view, select the Import command. Network Monitor displays the Import object template dialog.
Importing Object templates
In the Import Object template import dialog, click the Browse button to locate the exported XML file containing the Kaseya monitoring set. When the file has been located, click the Import button to import the Object template into Network Monitor. Currently Network Monitor supports import of SNMP and Windows performance counter sets.
Exporting object templates

Object template definitions can be exported to definition files in XML format, that can be shared between Network Monitor users. Exported object template data never contains any private information, such as usernames or passwords. The information included in the exported data is for monitor configurations, but excludes authentication settings. First open the object template list and click the object template to be exported. Then from the Object template information view, select the Export command. Network Monitor displays an .xml file with the exported information in a browser. The file can then be shared with other users.
Linking an object to a template

Already existing objects can be linked to an object template. Linking objects is done from the Object list view (page 14) and can be performed on several objects at the same time.
136
Advanced topics First select the objects to be linked, then click the Link command. Network Monitor displays the Link objects page.
From the list of available object templates, select the desired template and click the Ok button. When linking objects to a template, existing monitors in the objects are matched as much as possible to monitors in the template. Monitors that cannot be matched to a monitor in the template remain unlinked.
Unlink an object from its template

To unlink an object from its template, you can use the Unlink command. Unlinking objects is done from the Object list (page 14) view, and can be performed on several objects at the same time. First select the objects to be unlinked, and click the Unlink command. Network Monitor displays a confirmation page. To permanently unlink the selected objects, click the Yes button.
Unlinking Objects from their template
Unlinking individual monitors

It is possible to unlink specific monitors of an object. This allows the usage of an object template, but still allows customization of monitors that require individual configuration. To unlink a monitor, you can use the Unlink command. Unlinking monitors is done from the Object information (page 24) view, and can be performed on several monitors at the same time.
137
Advanced topics First select the monitors to be unlinked, then click the Unlink command. Network Monitor displays a confirmation page. To permanently unlink the selected monitors, click the Yes button.
Unlinking individual Monitors
Simulate alarm
The Simulate alarm function generates a report that describes what happens when a particular monitor enters the Alarm state. To better understand how alarm escalation works in Network Monitor, the report contains verbose information about the progress of the escalation. Time specified in the report is relative to the first alarm generated. The Simulate alarm function can be accessed from the Monitor information (page 30) view. Below is a sample report produced by the Simulate alarm function for a Free disk space monitor with the default action list assigned.
Simulate alarm report
138
Advanced topics
Note: The Simulate alarm feature does not work correctly if the system administrator has disabled all actions.
SMS device configuration

Network Monitor can send SMS through a modem connected to the Network Monitor host machine. The modem can either be a GSM phone or a modem capable of sending SMS via a fixed line service provider. Before sending SMS, some configuration of the modem is required. This is done from the Email & SMS settings (page 98) page.
Configuring the modem

1. Select the serial port the GSM modem is connected to. 2. Select the baud rate. Defaults to 9600. 3. (Optional) Enter the PIN code to unlock the SIM card. 4. Click the Save button to store the new settings.
SMS modem installation checklist

The device should be connected to a serial port, or USB port with serial emulation, on the Network Monitor host machine. 1. Connect the phone cable to the Network Monitor host machine. 2. Install the modem driver for your phone (if required). 3. With a terminal program connect to the phone. 4. Try to send a SMS by typing the following. ATZ KNM SMS TEST Press CTRL-Z AT+CMGF=1 AT+CMGS="<PHONENUMBER>" 5. The SMS should now be sent. Remember to replace <PHONENUMBER> with the number of the receiving phone and keep the quote signs (e.g. "0068455"). On the last line you should press the CTRL-Z key combination. 6. The phone should answer with CMGS followed by a number indicating the ID of the sent SMS. 7. The phone is now ready for use by Network Monitor.
CMS Error codes

8 10 21 27 28 29 30 38 Operator determined barring Call barred Short message transfer rejected Destination out of service Unidentified subscriber Facility rejected Unknown subscriber Network out of order
139
Advanced topics
41 42 47 50 69 81 95 96 97 98 99 111 127 128 129 130 143 144 145 159 160 161 175 176 192 193 194 195 196 197 198 199 208 209 210 211 212 213 255 300 301 302 303 Temporary failure Congestion Resources unavailable, unspecified Requested facility not subscribed Requested facility not implemented Invalid short message transfer reference value Invalid message, unspecified Invalid mandatory information Message type non-existent or not implemented Message not compatible with short message protocol state Information element non-existent or not implemented Protocol error, unspecified Interworking, unspecified Telematic interworking not supported Short message Type 0 not supported Cannot replace short message Unspecified TP-PID error Data coding scheme (alphabet) not supported Message class not supported Unspecified TP-DCS error Command cannot be actioned Command unsupported Unspecified TP-Command error TPDU not supported SC busy No SC subscription SC system failure Invalid SME address Destination SME barred SM Rejected-Duplicate SM TP-VPF not supported TP-VP not supported D0 SIM SMS storage full No SMS storage capability in SIM Error in MS Memory Capacity Exceeded SIM Application Toolkit Busy SIM data download error Unspecified error cause ME failure SMS service of ME reserved Operation not allowed Operation not supported
140
Advanced topics
304 305 310 311 312 313 314 315 316 317 318 320 321 322 330 331 332 340 500 512 Invalid PDU mode parameter Invalid text mode parameter SIM not inserted SIM PIN required PH-SIM PIN required SIM failure SIM busy SIM wrong SIM PUK required SIM PIN2 required SIM PUK2 required Memory failure Invalid memory index Memory full SMSC address unknown No network service Network timeout NO +CNMA ACK EXPECTED Unknown error User abort
System administrator console

The purpose of the system administrator console is to provide an easy way to perform recurring system administrative tasks. The interface is a normal Command Line Interface (CLI) that most system administrators are familiar with. Only operators flagged as system administrators can access the console.
141
Advanced topics To open the system administrator console, select System admin console from the Tools menu.
The system administrator console
Commands
calc - A built-in calculator for simpler calculations. Usage example: calc 41+1 disable - Disables a feature in Network Monitor. -all - Disables all the listed features. -testing - Disables testing. -actions - Disables execution of actions. -statistics - Disables statistical storage. -login - Disables logon for normal operators, but system administrators can logon. dist-patch-gateways - Distributed Edition only. Starts patching all gateways that require patching. dist-restart-server - Distributed Edition only. Restarts the Network Monitor distributed testing server. dist-tarpit - Distributed Edition only. Add or removes IP numbers from the tar pit. The tar pit protects the server from brute force login attempts and DOS attacks. -block - Blocks the specified IP number. -unblock - Unblocks the specified IP number. -list - Lists all IP numbers in the tar pit.
142
Advanced topics -blocktime - Sets the default block time, in minutes. Defaults to 20. dist-tarpit -block 192.168.0.1 enable - Enables a feature in Network Monitor. -all - Enables all the listed features. -testing - Enables testing. -actions - Enables actions. -statistics - Enables statistical storage. -login - Enables login for normal operators. get-mac - Retrieves the MAC address for a certain IP number. Only IPs on the local area network of the Network Monitor host machine are likely to return a MAC address. get-mac 192.168.42.1 help - Displays help information for the different commands in the console. Type help <command> to display command specific help. log-level - Adjusts the log level. When Network Monitor restarts, it defaults to the log level specified in the init.cfg file. The available values are 0, 1 and 2. lookup - Queries a DNS server for information about a domain. lookup kaseya.com ping - Pings an IP number or host name. resolve - Resolves a host name to an IP number. resolve www.kaseya.com send-mail - Sends an email to the specified address using the Network Monitor built in email client. send-mail myaddress@test.com , "Testing KNM" , "This is a test mail" send-wol - Sends a Wake on Lan packet to the specified host. send-wol 192.168.42.1 shutdown - Shutdowns Network Monitor and flushes all un-saved settings to disk. status - Displays feature status information. -thread - Displays current total number of threads that Network Monitor is using. -threadpool - Displays the total number of threads in a thread pool. -memory - Displays the current Network Monitor memory usage. -cpu - Displays the current Network Monitor CPU usage. -handle - Displays the current Network Monitor handle usage. -feature - Displays the status of Network Monitor features. time - Prints the local date and time of the Network Monitor host machine. trace-route - Performs a trace route to the specified host. version - Prints the version of Network Monitor. Can also be used to check if a new version of Network Monitor is available. version -check
Toplists
Network Monitor can calculate the min, max and average of recorded statistics data of all monitors for daily, weekly and monthly periods and present them in a toplist fashion. This data is continuously updated in real time.
143
Advanced topics
Using Toplists
Network Monitor currently calculates toplists on a daily, weekly and monthly basis. This means that Network Monitor calculates the min, max and one-day average of recorded statistics data for each monitor, over those periods, and stores them in their respective toplist. To open the Toplists view to browse the toplist data, select Toplists from the Reports menu.
The Toplists view
Toplist - Available toplists are selectable from the select box. After choosing the desired toplist, click the Load button and it is loaded instantly. Up to 14 daily toplists, 8 weekly and 6 monthly toplists can be selected in the Toplist box. Older toplists can be accessed by typing the date of the toplist in the following formats: Daily toplist - YYYY-MM-DD Weekly toplist - YYYY-Wnn, where nn is the week number. The week-numbering is affected by the respective setting in the program settings. Type in the textbox next to the Load button, then click the Load button to load the desired toplist. Monthly toplist - YYYY-MM Toplist type - To view different types of toplist data, choose the type of data in the Type select box. Once a toplist data type has been chosen Network Monitor instantly updates the toplist view. The same is true for all options in the Toplists view. When an option is altered, the view is updated immediately to reflect the settings. Entries/Mode - The Entries select box configures the number of monitors displayed in the list. The Mode select box determines the sort order of monitors, listing the highest or lowest value first. Use the Entries select box together with the Mode select box to configure a toplist view to show, for example, the Top 50 highest CPU load entries or the Top 10 machines with least amount of Free memory. The Mode box also has comparison modes to compare two toplists. See Comparing toplists below for details. Unit - With the Unit select box the presentation unit can be selected on some toplist types such as Free disk space, Memory or Temperatures. Data - The Data select box configures a toplist to display either the recorded min or max values, or a 1-day average. For some data the average is a more interesting value than the recorded extremes, but in some cases the min and max values are also very interesting, such as in the Top 10 CPU spikes example below.
Examples
Top 50 objects with highest average CPU load Top Type - CPU load Entries - 50 Mode - Highest entries Data - 1-day average 10 CPU spikes
Type - CPU load
144
Advanced topics 10 Entries - 10 Mode - Highest entries Data - Sampled max value objects with least amount of Free memory Type - Free memory Entries - 10 Mode - Lowest entries Data - 1-day average
Comparing toplists
Two different toplists, of the same type, can be compared with each other. This feature is useful when monitored properties evolve over time. Is the temperature in your server hall slowly rising by the month or is your SAN running out of free space? You can use the compare feature to find out. First, load up a toplist by selecting the toplist, or typing the date, and click the Load button. Consider this list the main toplist. Next, select a different toplist and click the Load to compare button. Consider this list the compare toplist. Network Monitor presents the two toplists as follows: the main toplist on the left, and the compare toplist is placed to the right. You can now see how the monitored properties for a particular monitor changed between the two toplists. In addition to looking at the toplists to see changes, you can ask Network Monitor for additional statistics while comparing two toplists. The available statistics can be chosen only when a compare toplist has been loaded and they can be selected from the Mode selection box. Top movers - Displays the monitors with values that have changed the most between the two toplists Top climbers - Displays the monitors with values that have increased the most between the two toplists Top fallers - Displays the monitors with values that have decreased the most between the two toplists
Example
Find out which of your servers have increased the most in CPU usage over two different months. 1. Select the first month and click the Load button. 2. Then select the second month and click the Load to compare button. 3. Enter the following values. Type - CPU load Mode - Top climbers Data - Period average
Using toplist in reports

The Reports (page 64) section fully describes how to integrate top lists into your reports.
Troubleshooting Windows monitoring and authentication

Network Monitor is capable of agent-less monitoring of remote Windows workstations and services. The prerequisite for monitoring a remote object is a successful authentication with a Windows account that has access to a number of different resources on the monitored object. There are a number of different problems that can arise. This document addresses the most common
145
Advanced topics issues.

Warning: This document is provided as a troubleshooting reference and Kaseya can not guarantee that these problems can be solved. All modifications done to the system, including modifying the registry is done at your own risk.
Network Monitor Service account and rights assignment

If the Kaseya Network Monitor service is running under a user account other than LocalSystem, ensure the following local security policies are enabled for the service account. Log on as a service Act as part of the operating system (Windows 2000) Bypass traverse checking Read, write and execute rights on the KNM folder of the KNM host machine. To make full use of the built-in account manager, all objects should be assigned an account other than the base service account.
Monitoring accounts
With Network Monitor you have the ability to assign a default account to each object. This account is used to authenticate access to the monitored object. In the following documentation we refer to this account as the monitoring account. In the Edit object (page 21) page its called the Default account. In the Edit monitor (page 28) page the account selection option should be set to Use object default account. The monitoring account should be a member of the Administrators group on the object being monitored. In most cases this is the Domain Admin group.
Account username format

Depending on the location of the monitoring account Network Monitor requires you to format the username according to the following rules. These rules also apply to Windows in general. .\username - Account is found by Network Monitor on the local machine. username - Account is found by Network Monitor on the local machine. domain\username - Account is found by Network Monitor using the domain name. username@domain.com - Same as above but valid for XP, 2003 and Vista.
Monitors using Windows authentication

The following monitors all require Windows authentication: CPU utilization Disk utilization Memory utilization Swap file utilization Process Windows performance WMI These monitors uses the remote registry service to query the monitored object. Ensure that the remote registry service is running on both the monitored object and the Network Monitor host. By default, only administrators can access the remote registry. This is controlled by the registry key.
146
Advanced topics HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\Winr eg You can edit the permissions of this registry key to limit or grant access to the remote registry. If the key does not exist, access is granted to everyone. A special case exists for the Disk utilization monitor in compatibility mode. In this case, you need to specify the default share representing the monitored disk. For example, instead of specifying C: you should specify C$ and ensure that this default share exists and is accessible by the monitoring account.
Event log monitor

By default, everyone can read the eventlog, except the Security eventlog. To read the Security eventlog the user must be a member of the administrator group. Access to different event logs are controlled by this registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog You can edit the permissions of this registry key to limit or grant access to the remote eventlog.
Service monitor
This monitor uses the Remote Procedure Call (RPC) service to query the status of a service running on the monitored machine. Ensure the Remote Procedure Call (RPC) service is running on the monitored object and the Network Monitor host. The monitor account must be an administrator on the monitored host to gain access to the service manager.
External resources
Warning: These links are only provided as a reference. All modifications to the system, including modifying the registry is done at your own risk.
How to restrict access to the registry from a remote computer (http://support.microsoft.com/kb/153183/en-us) Removing the Everyone Group from Group Policies in the Remote Registry Services Permanently Removes All Access (http://support.microsoft.com/kb/281641/en-us) A custom program that uses the RegConnectRegistry function can no longer access the registry of a remote computer in Windows Server 2003 with Service Pack 1 or in an x64\-based version of Windows Server 2003
(http://support.microsoft.com/kb/906570)
Controlling remote Performance Monitor access to Windows NT servers

(http://support.microsoft.com/kb/164018/en-us/)
Troubleshooting Performance Monitor Counter Problems (http://support.microsoft.com/kb/152513/en-us) "Unable to complete the operation on <event log>. Access is denied." error message when you try to access a log on a Windows Server 2003-based computer (http://support.microsoft.com/kb/888189/en-us) Error message when you try to make a remote connection to the registry of a Windows-based computer from a Windows Server 2003 SP1-based computer: "Access denied" (http://support.microsoft.com/kb/913327/en-us)
Troubleshooting
This section describes how to troubleshoot some common problems related to Windows authentication.
Access denied
Occurs as either a spontaneous error or as a permanent error when monitoring an object.
147
Advanced topics Access denied.
Cause
Access to the monitored object is denied. This can be caused by an authentication failure or the monitored object is too busy serving new requests.
Resolution/workarounds
Ensure that the monitoring account has access rights to the monitored object. In most cases this error is caused by the Network Monitor monitoring account not being an administrator on the monitored object. Increase the test interval of the monitor. Use the Alarm filtering features in the monitor to filter out non-threshold errors. Firewall restrictions prevents Network Monitor from accessing the monitored object. This error can be resolved by unblocking port 445 to the monitored object.
Network path can not be found

Occurs as either a spontaneous error or as a permanent error when monitoring an object. The network path was not found.
Cause
The network path could not be found or accessed because of firewall restrictions, a name resolution error or a network error.
DNS server is overloaded and can not translate the object address. Try entering the IP number as the object address. Firewall restrictions prevent Network Monitor from accessing the monitored object. This error can be resolved by unblocking port 445 to the monitored object. If the monitor is a Disk utilization monitor and you are running in Win32 compatible mode, ensure that the share is available. If you want to directly monitor a disk rather than a share, use the default share name of the disk (e.g. C$) instead of the volume name (e.g. C:).
Performance related issues with monitored object

Spontaneous errors occur during specific times of the day or other patterns occur, such as when backup starts or large queries run in a database on the monitored object.
Cause
The monitored object may be unable to complete requests from Network Monitor since it's busy performing other tasks. The problem can also be network bandwidth related. For example monitoring objects over an VPN connection can severely degrade network performance and latency. The error messages can vary but most commonly they are all related to RPC failures.
Lower the test frequency to 300 seconds Set the Alarm generation value to at least 5 to filter out false positives Use the Alarm filtering features in the monitor to filter out non-threshold errors. If low network bandwidth or high network latency is a factor the Distributed Edition can be used to place a gateway closer to the monitored object. A gateway uses only a fraction of the network bandwidth that a normal test does.
148
Advanced topics
The RPC server is unavailable

Errors occur either randomly or all the time with the following error text. The RPC server is unavailable
Cause
The most common cause for this problem is that the remote registry of the monitored machine is either stopped or has experienced problems accepting new connections.
Restart the remote registry service of the monitored object. Review the objects overall performance. The object might be too busy to serve more connections. Use the Alarm filtering features in the monitor to filter out non-threshold errors. Check the DNS entry for the monitored object, confirm that both a forward and reverse zone entry exists.
UNIX system support files

The system type determines which types of monitors are available to the object and how they perform the test. Network Monitor supports all built-in Windows system types. New system types can be created using a set of configuration files located in the KNM\system folder of the KNM host machine.
Note: This topic focuses mainly on UNIX, but its instructions can be used with any system type that has shell access through SSH or telnet.
System specification
To support monitoring of a disk, CPU, swap and so on, Network Monitor log in using either SSH or telnet, runs a command on the UNIX host and parses the result. What command and how the result is parsed is described in configuration files in the KNM\system folder. All system specifications inherit the one labeled Generic UNIX. So it is only necessary to write parsing information for those commands that are different from the ones specified in the Generic UNIX system type.
Generic UNIX system definition file

<system name="Generic UNIX" release="" author="Kaseya" type="unix" internalID="5" fileRevision="1"> <parsing>  <disk>  <enumeration> <query> <command>df</command> <enumList startLine="2"> <value id="diskVolume" field="1" /> </enumList> </query> <result id="volumeID">diskVolume</result> </enumeration>  <monitoring>  <diskSpace> <query>
149
Advanced topics
<command>df -k $volume</command> <value id="freeSpace" line="-1" field="-3"/> <value id="usedSpace" line="-1" field="-4"/> </query> <result id="freeSpace" unit="MB">freeSpace / 1024</result> <result id="usedSpace" unit="MB">usedSpace / 1024</result> </diskSpace> </monitoring> </disk>  <cpu>  <enumeration> <query> <command>mpstat -P ALL</command> <enumList startLine="5"> <value id="cpuNumber" field="3" /> </enumList> </query> <result id="cpuID">cpuNumber</result> </enumeration> <monitoring>  <cpuUtilization> <query> <command>mpstat -P $cpu 2 2</command> <value id="userLoad" line="-1" field="-9"/> <value id="systemLoad" line="-1" field="-7"/> </query> <result id="cpuAverageLoad" unit="%">userLoad + systemLoad</result> </cpuUtilization>  <cpuAverageLoad> <query> <command>vmstat 2 2</command> <value id="userLoad" line="-1" field="-5"/> <value id="systemLoad" line="-1" field="-4"/> </query> <result id="cpuAverageLoad" unit="%">userLoad + systemLoad</result> </cpuAverageLoad> </monitoring> </cpu>  <process>  <enumeration> <query> <command>ps -awxu</command> <enumList startLine="2"> <value id="processName" field="11" /> </enumList> </query> <result id="processName">processName</result> </enumeration> <monitoring>  <processRunning> <query> <command>ps -awxu</command> <value id="processName"> <match type="line">$process</match> </value> </query> <result id="processName">processName</result> </processRunning> </monitoring> </process>  <swap> <monitoring> <swapUtilization>
150
Advanced topics
<query> <command>free -m</command> <value id="swapUsed" line="-1" field="-3"/> <value id="swapFree" line="-1" field="-2"/> </query> <result id="swapFree" unit="MB">swapFree</result> <result id="swapUsed" unit="MB">swapUsed</result> </swapUtilization> </monitoring> </swap>  <memory> <monitoring>  <freeMemory> <query> <command>free -m</command> <value id="freeMem" line="3" field="-1"/> <value id="usedMem" line="3" field="-2"/> </query> <result id="freeMemory" unit="MB">freeMem</result> <result id="usedMemory" unit="MB">usedMem</result> </freeMemory> </monitoring> </memory>  <file> <monitoring> <fileChange> <query> <command>ls -l --full-time $filename</command> <value id="fileSize" line="1" field="5"/> <value id="fileDate" line="1" field="6"/> <value id="fileTime" line="1" field="7"/> </query> <result id="fileSize" unit="B">fileSize</result> <result id="fileDate">fileDate</result> <result id="fileTime">fileTime</result> </fileChange> </monitoring> </file> </parsing> </system>
Web server configuration

This section discusses various advanced topics concerning the web server responsible for running the Network Monitor management interface.
Active Directory integration

The Active Directory integration feature lets an operator login to the management interface using Windows login credentials by pointing his browser to a special login URL. Before you start using this feature you should be aware that this login method imposes a serious overhead for each page request and is dependant on the AD having a low response time.
Enabling AD login and configuring operators

1. Login to Network Monitor the usual way and open the operator list 2. Open the property page for the operator you want to enable AD login for. 3. In the Additional field enter the Windows user name in the format mywindowsdomain\mywindowsusername. If you do not have a domain you can replace the domain name with your workgroup name.
151
Advanced topics Optionally add multiple windows accounts on a new line in the Additional field. This makes it possible to get a whole group of Windows users to use the same operator account. Do not include any other text in the Additional field. 4. In the init.cfg file enter: webserver_auth=ntlm
Note: For Windows 2008 and later, use webserver_auth=negotiate instead of webserver_auth=ntlm.
The configuration is finished. Now the operator is ready to use the AD login method. When logged on to the Windows desktop, using the registered Windows account, the operator can login to the management interface by entering this URL: http://myinmhost:8080/adlogin.xsi During login, Network Monitor exchanges a series of packets with the browser verifying that the user is logged on as the specified Windows account. If everything works out, the operator is directed to his start page.
Troubleshooting
If something goes wrong during the login, Network Monitor redirects the user to the normal login page. Possible error causes are: Network Monitor can't reach the mywindowsdomain domain controller and verify that mywindowsusername is a valid windows account. Your browser does not support the NTLM authentication type. The domain controller is slow to respond to authentication, this can effect the overall interface performance greatly. You can only use this feature when you are in a intranet security zone.
Auto login
The auto login feature makes it possible to access certain pages from the management interface without having to log on. This feature is particularly useful with dashboards or NOC views. The auto login feature requires an operator with the Auto login access right specified.
Using auto login

When an operator has been configured for use with auto login, specifying the following URL displays the desired page. http://inmhost:port/autologin.xsi?user=username&page=N Where username is the Network Monitor operator username and N is a number corresponding to the desired page. Page number
0 1 2 3 4 5
Page description
The Monitor list view. The Monitors by type view. The Network list view. The Object NOC view. The Network NOC view. A customized NOC view. Specify an additional parameter "index" set to the index of the NOC view. Example: http://inmhost:port/autologin.xsi?user=username&page=5&index=2 The Dashboard. Specify an additional parameter "id" set to the desired dashboard. The ID of a
152
Advanced topics
dashboard is always visible in the URL when viewing a dashboard. Example: http://inmhost:port/autologin.xsi?user=username&page=6&id=1 Note that viewing a dashboard with auto login automatically sets the fullscreen option.
Dashboard rotation with auto login

It is possible to setup a dashboard rotation when viewing a dashboard using auto login. This makes it possible to automatically switch between specified dashboards at a given interval. Use the basic URL for auto login but add two parameters, rotation and interval.
Example
http://inmhost:port/autologin.xsi?page=6&user=username&rotation=1,7,12&int erval=15 The dashboards specified in the rotation parameter, separated by a comma, are continuously displayed at the interval given in the interval parameter, in seconds.
Restricting access
The web server can be configured to only accept connections from a range of IP numbers. The configuration of IP numbers accepted by the web server is set using the Program settings page. By default the web server accepts all incoming connections.
IP connection list
In this field you can specify IP number ranges that are allowed to connect to the Network Monitor management interface. If the field is empty, no restrictions apply. If you should lock yourself out by mistake, you can always connect to the management interface from the Network Monitor host machine.
Example 1
192.168.1.0 192.168.1.40 This format enables every client with an IP number between, and including, these IP addresses connect. More rules can be added below the first line.
Example 2
192.168.1.98 Allows a single host to connect.
Enabling secure HTTP

Note: The SSL Setup utility is a separate download that can be found at http://download.kaseya.com/components/knm/sslsetup/sslsetup.exe http://download.kaseya.com/components/knm/sslsetup/sslsetup.exe This topic assumes you have downloaded and
installed the utility.
The built-in web server used by Network Monitor can use SSL to encrypt all information sent from the web server to the web browser. To enable SSL use the SSL Setup utility installed in the Network Monitor program folder. When SSL is enabled you cannot connect to the interface using an non-encrypted connection.
Configuring the web server

1. Start the SSL Setup utility in the Kaseya > KNM program menu. 2. Verify that the path KNM directory field is the correct path to the KNM installation you wish to configure. 153
Advanced topics 3. Select a certificate from the list. 4. Press Enable SSL to finish the configuration. 5. Close the utility and restart Network Monitor. To disable the SSL encryption, press the Disable SSL button in step 4.
Note: The port used by Network Monitor does not change when enabling SSL. If the port number used by Network Monitor is 8080 the correct URL to access Network Monitor from the local machine is https://localhost:8080 after SSL is enabled.
Creating a certificate for data encryption

1. 2. 3. 4. Click the button Generate certificate. In the field Certificate subject enter the fully qualified name of the Network Monitor host machine. Enter the number of months that this new certificate should be valid for. Click the Create button.
Note: The certificate that this tool generates will not be a valid certificate for server identification, since it does not have a valid CA (Certificate Authority) field. It will still be usable for encryption and is as secure in that respect as a purchased certificate.
Using your own certificate

1. Open the Management Console (MMC). 2. Add a certificate snap-in for the Computer account. 3. Select the Personal node under Certificates. 4. In the context menu select All tasks > Import... 5. Follow the steps provided by the wizard to import the certificate. When the certificate has been installed, use the SSL Setup utility to select and enable SSL Encryption.
Troubleshooting
If Network Monitor fails to respond after you restarted the service: 1. Check if the Network Monitor log file contains any information indicating a failure starting the web server. 2. Verify that the specified URL is correct. 3. The certificate used must be accessible by the user account assigned to the Network Monitor service. Logon with the account assigned to the Network Monitor service and start the SSL Setup utility and check if the certificate is visible in the list.
Interface port settings

Changing the default port number
The init.cfg file in the Network Monitor directory contains the configuration parameter that tells the web server what port number to use. Locate the line WEBSERVER_PORT and change it to a free port number you wish to use. You do not need to restart Network Monitor to make the changes take affect, Network Monitor monitors the file for changes and automatically reloads the file and makes the necessary changes. For example, this statement sets the port number to 8084:
154
Advanced topics WEBSERVER_PORT = 8084
Binding the management interface to one or more interfaces

You can optionally change the address the web server listens to. Specifying this variable overrides the WEBSERVER_PORT variable. WEBSERVER_BIND=192.168.42.32:8080 A more advanced feature is to bind the web server to several interfaces. Separate the different IP/port combinations with a semi-colon. WEBSERVER_BIND=192.168.42.32:8080;192.168.42.31:8081
Backup and restore

This section discusses how to make a complete backup of Network Monitor and how to restore the configuration.
Backup of Network Monitor

Network Monitor regularly creates a backup of the main configuration database, settings.rds, and its associated configuration file, dbconfig.nxd. These backups are placed in the KNM\backup directory of the KNM host machine.
Note: It's the customers responsibility to create backups of these files and other files that make up the whole Network Monitor installation.
The following files and directories should be included in a backup: \backup \statistics \dashboard \script \gateways (Distributed edition only) \system settings.rds dbconfig.nxd init.cfg
Restore of configuration
Automatic backups of the database are regularly created by Network Monitor. The backups are placed in the KNM\backup folder of the KNM host machine, together with a copy of the dbconfig.nxd file. The restore command line utility can replace the current configuration with a backup.
Warning: Restoring a previous version of your configuration overwrites the current configuration.
1. Shutdown Network Monitor. 2. Make a backup of the current settings.rds and dbconfig.nxd files. 3. Remove the settings.rds and dbconfig.nxd file from the KNM directory. 4. Copy the dbconfig-YYYY-MM-DD.bak file from the \backup directory and rename it to dbconfig.nxd.
155
Advanced topics 5. Open up a command line prompt and navigate to your KNM directory. 6. On the command prompt type the following, then press enter. nmservice.exe -restore backup\settings-YYYY-MM-DD.bak Network Monitor restores the settings.rds database from the settings-YYYY-MM-DD.bak file.
Note: It's very important that you do this operation using settings-YYYY-MM-DD.bak and dbconfig-YYYY-MM-DD.bak files that have the same date.
Lua
Lua is a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language. Lua is free software. Lua combines simple procedural syntax with powerful data description constructs based on associative arrays and extensible semantics. Lua is dynamically typed, interpreted from byte codes, and has automatic memory management with garbage collection, making it ideal for configuration, scripting, and rapid prototyping.
Network Monitor and Lua

Network Monitor includes support for the Lua scripting language (www.lua.org). Customers can create custom made monitors to test systems and equipment not supported by any current monitoring solution. New monitors, actions and events can be created and tested in the development environment provided by Kaseya, before they are exported and used in Network Monitor. A comprehensive library of pre-made classes, such as FTP clients, HTTP clients and file management, are available to developers. See the KNM API documentation (http://help.kaseya.com/WebHelp/EN/KNM/4010000/link.asp?knm-api-online) for more information about the different pre-made classes.
156
Advanced topics The develop environment includes debugger, keyword highlighting, integrated help and other features available in state-of-the-art development tools.
Intellipool Lua IDE v3
The development environment can be downloaded from the local download option on the About page.
Lua modules included in KNM

Base Math String Table
Local dependencies
Dependencies prevent multiple alarms from being triggered when a single condition exists that forces all related monitors to enter an alarm state. The parent monitor in a dependency tree is called the root monitor. Only local dependencies are supported, meaning root and dependent monitors must belong to the same object. Dependent monitors can still enter an alarm state independently, but only if their root monitor is not in an alarm state. For example, if connection to an object is lost, then the object's Ping monitor will enter an alarm state, along with many other monitors that might be specified for this same object. Designating the Ping monitor as the root monitor prevents those other monitors from entering an alarm state as well. This prevents being notified multiple times for the same alert condition.
157
Advanced topics Once a dependency is created, you can identify local dependencies on the Monitor List page. Dependent monitors display as an indented tree of dashed lines. The Next test column also identifies the monitor as a member of a local dependency tree. Dependent monitors display an orange status icon instead of a red status icon when the parent monitor enters an alarm state.
Creating Local Dependencies

1. Click the Properties option on the Object information page. 2. Select a Root monitor. This is the monitor which all other monitors in this object will be dependent on. If this is a template, the dependency tree will be inherited.
Creating Local Dependencies using Network Discovery

1. 2. 3. 4. 5. Click the Tools > Network discovery > Start new option. Wait for Network discovery to return a list of discovered machines Select one or more discovered machines. Click Add object. Click the Create dependency checkbox. This only works if one of the monitors being created automatically as the object is added is a Ping monitor.
158
Advanced topics
50 latest syslog messages

KNM > Tools > SNMP / Syslog > Syslog messages The 50 latest syslog messages page displays the 50 latest syslog messages sent to Network Monitor by all Syslog (page 199) monitors that are members of the same gateway.
Note: The Syslog server must be enabled to display this page. Check the Syslog server checkbox in the Settings > Program settings > Misc setting. Note: See the Syslog Monitor quick start guide (http://help.kaseya.com/WebHelp/EN/KNM/4010000/link.asp?knm-syslog) for more information.
159
Chapter 5
Distributed edition
In This Chapter
Distributed edition introduction Server and gateway communication Time synchronization Server configuration Gateway configuration Assigning objects to a gateway Action lists on gateways Troubleshooting 162 163 163 163 164 165 166 166
161
Distributed edition
Distributed edition introduction

With distributed testing it is possible to monitor servers, routers and other network connected equipment that is normally inaccessible or only accessible through a low bandwidth connection. To accomplish this a monitoring gateway is installed on the remote network. The gateway is completely managed from the Network Monitor master server, and send its monitoring results back to the Network Monitor server. Distributed testing is a feature exclusive to the Distributed Edition of Network Monitor.
Distributed testing concept
Network Monitor server

The Network Monitor server contains the database and management interface. Remote objects in gateways are managed in exactly the same way as local objects, making the Network Monitor Distributed Edition very simple to configure and manage. This process is completely transparent to the operator.
Network Monitor gateway

A gateway is a special version of Network Monitor that only acts on requests from the server. Except for a small cache file, gateways do not store any configuration or statistical data to disk. All data is sent immediately to the Network Monitor server. The gateway can be installed on any available machine in the remote network and does not require a dedicated server.
162
Distributed edition
Server and gateway communication

The data between a gateway and the server is always sent from the gateway to the server. The idea behind this solution is that more gateways than servers are deployed, so the administrator only has to open one port on the server firewall to allow communication. If, for any reason, the gateway cannot connect to the server, the gateway starts buffering test results and statistics while waiting for the server. This buffering time can be configured per gateway. Security and data integrity is achieved by using the state of the art communication protocol SSH2. The SSH2 protocol encrypts data with public key algorithms and protects connections from man-in-the-middle attacks. This is the same way VPN software establish secure tunnels over the internet.
Time synchronization
Network Monitor automatically adjusts for time zone differences. The administrators must ensure the clock on gateways are synchronized with the clock in the Network Monitor server. We recommend that server and gateways be synchronized with a time synchronizing service such as NTP (Network Time Protocol). Failure to synchronize time between server and gateway may lead to unpredictable results in alarm generation and statistical storage.
Server configuration
Preparing the server for distributed testing
1. While installing Network Monitor on the server host machine, ensure the Distributed (page 6) option is selected.
Note: All other Network Monitor installations sending data to the server should be installed using the Gateway option.
2. Logon to Network Monitor with an administrator that has rights to change operator settings. 3. In Operator settings, give the current operator the access right Distributed testing and save the operator. 4. In the settings menu, click the Distributed testing menu. From the Server information section, click Properties. 5. The Server properties page displays. Enter the server parameters.
Server configuration page
Server IP & port - Sets the IP address and port the server listens to for incoming gateway data. Typically this is the internal IP address of the server but can be any address your network supports. Gateways may specify the external IP of a NAT firewall, which is configured to redirect to the internal IP address specified in this field. Email - Specify one or more email addresses where notifications regarding gateways are sent. Separate multiple entries with a comma. 163
Distributed edition Notify time - Specify the time before a notification is sent, in minutes. The server configuration is now finished and you can proceed to installing a gateway.
Gateway configuration
The gateway properties you specify on this page are used by gateways to connect to the Network Monitor server. The data between a gateway and the server is always sent from the gateway to the server (page 163).
Note: Before installing a gateway, ensure you have installed and configured a Distributed Edition (page 6) of the server. All other Network Monitor installations sending data to the server should be installed using the Gateway option.
Configuring a Gateway
Create a new entry for the gateway by clicking the Create gateway link from the Distributed settings menu of the KNM server.
Gateway properties page
Name - Name of the gateway. Description - A longer description of the gateway. Address/Port - The primary IP address and port the gateway sends data to. If the server is installed behind a NAT firewall, specify the external IP and port of the NAT firewall. The NAT firewall should then be configured to redirect to the internal IP and port specified by the Server IP and Port fields of the Server configuration (page 163) page. If, for evaluation purposes, a Network Monitor server and gateway are installed on the same subnet, the Address and Port fields on this page should match the Server IP and Port fields on the Server configuration page. Address/Port - Optional server backup addresses. The gateway tries these addresses if it can't connect to the server using the primary address. Max buffer time - When the gateway cannot connect to the server, the gateway buffers data for the specified time before suspending its operation. To save the settings click the Save button.
Gateway configuration files

1. The deployed configuration file is created when a Gateway configuration is saved on the KNM server. 2. While installing Network Monitor on the gateway host machine, ensure the Gateway option is selected. 3. Install the deployed configuration file created by the KNM server on its corresponding gateway.
164
Distributed edition To retrieve this file, first click the gateway on the Distributed settings page of the KNM server. the Gateway information page displays. Select the Download configuration command.
Save the zip file that is returned to your browser. If you experience problems downloading the zip file you can find the required files in the KNM\gateways folder of the KNM host machine. 4. Stop the gateway's nmservice.exe service, if it is running. 5. Extract the zip file into the root KNM directory of the gateway. 6. Restart the gateway's nmservice.exe service using the service control manager. The gateway is now ready for use.
Note: If you change the gateway configuration, the configuration file must be updated and the gateway's nmservice.exe service restarted.
Assigning objects to a gateway

Assigning objects to a gateway is done from the Edit object (page 21) page. In the Edit object page, select the gateway you want to assign the object to.
Operator rights
The operator must have access rights to distributed testing. Otherwise it is not possible to select a gateway in the properties page.
Restrictions to object assignment

Objects cannot have monitors in a global dependency tree before they are assigned to a gateway. Dependency between monitors can only be created after the object has been assigned to the gateway, and then only between monitors assigned to the same gateway.
165
Distributed edition
Removing Objects from a specific gateway

To remove objects from a specific gateway, use the De-assign command from the Gateway information view. All the objects assigned to the gateway are listed on this page. Select the objects to be removed from the gateway and select the De-assign objects command. The selected objects is moved from the gateway back to the server.
Gateway information page
Action lists on gateways

Action lists (page 110) work slightly different for monitors assigned to a gateway. The following actions are always executed on the server: Send email Send SMS Paging via Pagegate All other actions are executed on the gateway.
Troubleshooting
Troubleshooting gateway connection problems
Review the gateway configuration. Ensure the correct IP and port number has been entered. Ensure all the gateway configuration files in the KNM\Gateway directory have been copied to the KNM folder of the host gateway machine. If you have reinstalled the server on a new machine, the gateway configuration must be updated to update the public key file. After the gateway configuration is saved, move the gateway configuration files to the \Gateway root directory and restart the gateway. If you changed the gateway configuration (IP number and port number) move the updated configuration files to the gateway and restart the gateway. Ensure that the gateway and server are running the same version. The server shuts down any gateway that does not match the server version number. Gateways can be updated directly from the Network Monitor management interface by choosing the Update gateway command on a selected gateway. The gateway name is part of the server login session, if you change the gateway name you have to move the gateway configuration files to the gateway for it to be able to reconnect.
Logging debug information

To enable debug logging on the gateway, open the init.cfg file on the gateway and enter the following line: LOG_LEVEL=2. A debug file called debuglog.txt is written to the \logs directory.
Running the gateway in debug mode

To run the gateway in debug mode you first need to stop the gateway's nmservice.exe service. When the service has been stopped start cmd.exe and navigate to the Network Monitor root directory. Start the gateway by entering the following line: 166
Distributed edition nmservice.exe -d This runs Network Monitor in debug mode, showing additional log information.
167
Chapter 6
Monitor reference
See Monitors (page 25) for a detailed description of how to configure the monitors described in this reference.
In This Chapter
Active Directory monitor Bandwidth utilization CIM Monitor Citrix server CPU utilization Database server DHCP query Directory property Disk utilization DNS lookup Environment monitor Event log File change FTP server IMAP4 server LDAP query Log file Lua script Mail server QOS Memory utilization Microsoft Exchange monitor Microsoft SQL server monitor MySQL monitor NNTP server Oracle monitor Ping POP3 server Process status Radius monitor 171 172 174 175 175 176 176 177 178 179 179 180 181 182 182 183 183 184 185 185 186 187 188 190 190 192 193 193 193
169
Monitor reference SMTP server SNMP SNMP trap SSH2 script SSH2 server Swap file utilization Syslog TCP port scan Telnet server Terminal service TFTP server Transfer speed VMware performance Web server Windows performance Windows service status WMI Query monitor 195 195 196 197 198 198 199 199 199 200 200 200 201 202 203 204 204
170
Monitor reference
Active Directory monitor

Monitor description
The Active Directory monitor is capable of monitoring several key aspects of an Active Directory server, including replication latency, domain controller time variance and verification of Kerberos authentication. System type: Windows Category: Directory service
Monitor prerequisites
1. The object address must be the name of the active directory domain, for example mydomain.local. 2. The logon account must be a domain user.
Active directory monitor

Logon account - The logon account contains the credentials to use when testing the active directory server. The account must be a domain user or the test fails. Kerberos authentication - If checked, tests if the Active Directory can perform a Kerberos authentication successfully. Any authentication error is written to the error report, and an alarm is raised. Global catalog - If checked, tests if the Global Catalog Domain Controller is found. Any error is written to the error report, and an alarm is raised. DC:s published in DNS - If checked, tests if the Domain Controller's service DNS SRV records are found in the DNS ("_ldap._tcp.DOMAIN.", "_kerberos._tcp.DOMAIN.", "_ldap. _tcp.dc._msdcs.DOMAIN.", "_kerberos._tcp.dc._msdcs.DOMAIN.", "_ldap._tcp.Default-First-Site._sites.DOMAIN.", etc.) Replication - If checked, tests if the last replication attempt was successful. Max DC time variance - Measure the time variance in seconds between domain controllers. If the time difference between the domain controllers are above this value the test fails.
LDAP query option

An optional LDAP query statement can be executed and its output compared to a predefined value using a compare operation. LDAP query - LDAP query to perform. Compare value - Value to compare query result with. Value type - Type of value that is compared with the retrieved value from the database. Operation - Operation to evaluate the returned query result and the compare value to determine if the test succeeded or failed.
171
Monitor reference
Bandwidth utilization
Monitor description
Monitors bandwidth utilization of a network interface. It can be configured with or without threshold settings. This monitor uses SNMP if the system type of the object is set to anything else than Windows. If the system type is set to a Windows type, it uses performance counters to acquire the data.
System type: All Category: Performance
Bandwidth utilization monitor property page

Interface - Select the interface to monitor. Interface speed - Optional parameter to manually set the interface speed. This can be useful if you are monitoring a NIC that is connected to a slower connection such as a ADSL line. The speed is always entered in Kbps. Unit - Unit to record and display bandwidth utilization data in. This cannot be changed once the monitor has been created. Threshold - The upper threshold in the selected unit.
172
Chapter 7
173
Monitor reference
CIM Monitor
Monitor description
The monitor can query a CIM agent (CIMOM) configured on any hardware platform that supports CIM and has the agent and providers configured. Refer to your hardware manual for how to configure the CIMOM. The monitor can query a CIM performance counter for a CIMOM (agent) and compare it to a value using a compare operation. If the compare operation evaluates to false the monitor fails the test. Supports most performance counters objects, such as hosts, datastores, memory, CPU, etc. System types: Linux/UNIX, VMware, Others Generic/Unknown Category: Performance If adding an object as Generic/Unknown, the object itself cannot save credentials for authentication. The authentication has to be chosen for the monitor instead.
CIM monitor properties page

Port - Defaults to 5989 (SSL). The default port for unencrypted traffic is 5988. Use secure HTTP (SSL) - Use SSL for encrypted traffic (default). Target Namespace - The name space defaults to root/cimv2. For specific namespaces on your system, refer to your hardware manual. Class - Classes are enumerated, based on the namespace you have chosen so it can look very different between different systems. Property - The type of property you want to monitor. Properties are enumerated, based on the class you have chosen. Instance - If there are multiple instances for the chosen class, they are enumerated here. Logon account - If you have chosen Generic/Unknown as the object type, you will have to choose an account here to authenticate against the CIMOM. Data type - The unit of data sampled by the test. This makes it possible to group data from this type of monitor with other monitors such as CPU utilization in reports. Value type - Type of value returned.
174
Monitor reference Compare operation - Operation used to evaluate the returned result and the predefined compare value. Compare value - User defined compare value. Only numerical values are valid.
References and links

CIM (Common Information Model) is a standard defined and published by Distributed Management Task Force (DMTF). Other standards like Web-Based Enterprise Management (WBEM) defines the implementation of CIM, including protocols for discovering and accessing the implementations. Windows Management Instrumentation (WMI) is an example of an implementation as well as Standards Based Linux Instrumentation Management (SBLIM). Others are Storage Management Initiative Specification (SMI-S), Server Management Architecture for Server Hardware (SMASH) and Desktop and mobile Architecture for System Hardware (DASH). http://en.wikipedia.org/wiki/Common_Information_Model_(computing) http://en.wikipedia.org/wiki/Windows_Management_Instrumentation http://sourceforge.net/apps/mediawiki/sblim/index.php?title=Main_Page http://en.wikipedia.org/wiki/Storage_Management_Initiative__Specification http://dmtf.org/standards/smash http://dmtf.org/standards/dash
Citrix server
Monitor description
The monitor checks if a Citrix server is responding to connection attempts. System type: All Category: Network services
Citrix monitor property page

Port number - Port number of the Citrix service
CPU utilization
Monitor description
Monitors the CPU utilization and triggers an alarm if above the specified threshold. System type: All but Generic/Unknown Category: Performance
CPU utilization monitor property page

Max CPU load - The maximum CPU utilization in percent.
175
Monitor reference CPU number - The number of the CPU on the host. This value is usually automatically obtained from the relevant object. To refresh the list, press the Rescan CPUs link. Detailed error report (Windows only) - The Alarm report contains all processes and their current CPU usage. Logon account - To override the object default account select an account from the list.
Database server
Monitor description
Monitors a database using ODBC. The test verifies that the ODBC data source can be opened and accessed. The monitor can also execute a SQL query and compare the result to a predefined value. System type: All Category: Database
Database monitor property page

Datasource name - Name of the ODBC data source to be used to connect to the database. This data source must be of the system type. Username/Password - Optional credentials. SQL query - Optional SQL query to perform. No rows fail - Check this option to make the monitor fail the test if the query returns no rows. Compare value - Value to compare queried result with. Value type - Type of value that the value queried from the database are compared with. Operation - Specify how the queried value and the compare value should relate to each other for a successful test.
DHCP query
Monitor description
The DHCP query monitor verifies that a DHCP server is able to lease IP addresses to clients in the network. At least one address must be free for the test to succeed. System type: All Category: Directory services
Note: The Network Monitor host cannot use DHCP for its own network interface if this monitor is used. If the host machine used DHCP the result could be that Network Monitor might release the IP address allocated to the host.
176
Monitor reference
Note: Network Monitor uses the MAC address of the first installed network card on the host to request an IP address from the DHCP server.
Directory property
Monitor description
The directory property monitor can test the file count, directory sizes, relative size changes and ages of files in a directory. The test can be limited in scope to files matched by a wildcard. System type: Windows Category: Others
Directory property monitor

Share - Name of share relative to the object. Accepts wildcard formatting options. For example, \temp\*.?xt. See below for additional formatting options. Ok if no files - If checked, the option makes the monitor not fail the test if there are no matching files. The test passes without checking the subsequent tests. Logon account - To override the object default account, select an account from the list. Max files - Enter the maximum file count in directory for test to pass. Leave blank to skip this test. Min files - Enter the minimum file count in directory for test to pass. Leave blank to skip this test. Max age - Enter the maximum file age of the oldest file in the directory in hours and minutes. For example, HH:MM. Leave blank to skip this test. Max age newest - Enter the maximum file age of the newest file in the directory. Leave blank to skip this test. Rel. threshold - The relative threshold test enables you to test for relative changes between the current test and the previous test. Select an option that will make the test fail if it evaluates to true. Abs. threshold - The absolute threshold test can be used to test the directory size against an absolute threshold in MB. The threshold, together with the operation, should evaluate to true for the test to pass.
Path field formatting variables

The following formatting variables can be included when specifying the path of a share.
177
Monitor reference %time_hour - hour in 24-hour format (00 -23) %time_hour2 - hour in 12-hour format (01 -12) %time_minute - minute as decimal number (00 -59) %time_second - second as decimal number (00 59) %date_year - year with century, as decimal number %date_year2 - year without century, as decimal number %date_month - month as decimal number (01 12) %date_dayofmonth - day of month as decimal number (01 31) %date_dayofyear - day of year as decimal number (001 366) %date_weekday - weekday as decimal number (0 6; Sunday is 0)
Disk utilization
Monitor description
Monitors free space on a volume and automatically enumerates available volumes to monitor on the object. System type: All but Generic/Unknown Category: Performance Monitor specific properties
Disk utilization monitor property page (Windows version)

Volume name - The name of the disk to monitor. The name is automatically obtained from the object when doing an object inspection. To refresh the list, press the Rescan disk volumes link. If the Use Windows share option is selected, a text field replaces the list. Free disk space - Minimum space free on volume in the unit selected below. Unit - Select the unit to use in the test. The Free disk space threshold is given in this unit. Use Windows share - If checked, the monitor uses the SMB/CIFS network protocol to obtain the disk utilization. Doing so requires you to enter the share name, for example C$. This option is only supported if the object system type is set to any Windows system type. Logon account - To override the object default account select an account from the list.
Windows specific feature

If Use Windows share is left blank, the monitor uses the Windows performance registry to obtain disk utilization values. If you cannot use the Windows performance registry for some reason, the Use Windows share option provides an alternative method for obtaining disk utilization values. Ensure that File and printer sharing is running on the object when you enable this option.
Note: Enumeration of disks is not supported when this option is enabled.
178
Monitor reference
DNS lookup
Monitor description
The monitor connects to a DNS server running on the object and tries to translate the specified address into another address format. The entered address can be in number form (255.255.255.255) or in name form (www.kaseya.com). System type: All Category: Directory services
DNS lookup monitor property page

Name - The address to use for translation test. To test more than one address at the time, separate the addresses with a semi colon in this field. All fail - Selecting this option indicates that all the addresses must have failed lookups for the agent to go into a failed state.
Environment monitor
Monitor description
The Environment monitor is capable of monitoring hardware for environmental monitoring. Various hardware from many different manufacturers are supported, including AKCP, IT Watchdogs, AVTECH, Sensatronics and others. System type: All Category: Environment
Monitor configuration
When creating a new Environment monitor, the operator first has to select the manufacturer and model of the device.
Selecting manufacturer and device model
179
Monitor reference Once the model has been selected, Network Monitor automatically fetches the device configuration.
The Environment monitor properties

Temperature unit - The desired temperature unit for specifying the thresholds. This also affects the visual presentation of real time charts for this monitor. Polling method - This setting chooses the polling method for querying data from the device. Normally, it does not need to be changed. Port - Port number for polling data from the device. Normally this is automatically set by Network Monitor. After these generic settings, the settings for each individual sensor on the device can be specified. They are logically organized into groups corresponding to how the device itself has been configured earlier. Each sensor must be enabled, by checking the enabled box for each sensor. Thresholds are not required and can be left empty if the sensor is only used to collect statistics.
Event log
Monitor description
The monitor reads the event log and searches for messages that matches the monitor parameters. Only event log entries created after the previous test is included in the current test. System type: Windows
180
Monitor reference Category: Log
Event log monitor property page

Event Source string - (Optional) The source of the event. Computer - (Optional) The computer that registered the log entry. Event ID - Event ID number to trigger an alarm on. Separate multiple numbers with a comma. To include all event IDs, leave the field blank. Event ID filter - Event ID number of events to filter out. Separate multiple numbers with a comma. Filter including - If one or more strings exist in the event record message text, the record is included in the test, assuming all other criteria are met. Filter excluding - If one or more strings exist in the event record message text, the record is not included in the test, assuming all other criteria are met. Event type - The type of event to search for. If the alternative all is selected, all types of events are considered for the test. Include message - If checked, the message text is include in the error report. Event Log - Displays a predefined list of log names. Select a log to monitor. Alt. Event Log - Alternative log name. Enter the name of the log to search. This setting overrides the Event Log setting. Logon account - Overrides the default account selected for an object.
File change
Monitor description
The monitor checks a file for changes in size or modification date. System type: All but Generic/Unknown Category: Others
File change monitor property page (Windows version)
Windows specific properties

Path - Absolute path of the the file, including the name of the host. For example, \\myhost\c$\test.txt
181
Monitor reference
Unix specific properties

Path - Path of the the file relative to the host. For example, /home/robert/test.txt

Date - Check this option to trigger an alarm if the file is modified Larger size - Check this option to trigger an alarm if the file grows in size. Smaller size - Check this option to trigger an alarm if the file shrinks in size. Not change - Check this option if the file size or date not have changed since last test.
Path field formatting flags

The following formatting variables can be included when specifying a path. %time_hour - Hour in 24-hour format (00 -23) %time_hour2 - Hour in 12-hour format (01 -12) %time_minute - Minute as decimal number (00 -59) %time_second - Second as decimal number (00 59) %date_year - Year with century, as decimal number %date_year2 - Year without century, as decimal number %date_month - Month as decimal number (01 12) %date_dayofmonth - Day of month as decimal number (01 31) %date_dayofyear - Day of year as decimal number (001 366) %date_weekday - Weekday as decimal number (0 6; Sunday is 0)
FTP server
Monitor description
The monitor checks if an FTP server accepts new connections. System type: All Category: Network services
FTP server monitor property page

Logon account - Account used to logon to the FTP server. If no logon account is selected, a simple port check is performed. Port number - The port number the FTP server is listening on.
IMAP4 server
Monitor description
The monitor tests if it can logon and select a mailbox. The test verifies that the authentication and storage part of the IMAP4 server is working. If no username or password is provided a simple connection test is preformed. System type: All 182
Monitor reference Category: Web and mail
IMAP4 server monitor property page

Username/Password - Optional credentials to logon and check mail box. Inbox name - Name of the inbox to check if credentials is given. Port number - The port number the services listening on.
LDAP query
Monitor description
The monitor checks if a LDAP server is responding to directory lookup requests. System type: All Category: Directory services
LDAP query monitor property page

Username/Password - Credentials used for lookup. To override the object's default account, select an account from the list. Domain name - Name of the domain or workgroup the username is associated with. Port - Port number that the LDAP server listens to.
Log file
Monitor description
The monitor can read a text file and check for if new lines in the file contains one of the specified strings. The monitor generates an alarm if the specified search criteria are meet. The monitor uses the SMB protocol for access and authentication, meaning that both Windows host and Unix host running Samba can be tested with this monitor type. System type: All Category: Log
Log file monitor property page
183
Monitor reference

Path - Absolute path of the the file, including the name of the host. For example, \\myhost\C$\test.txt. Search string - String to search for. Multiple strings can be searched. Separate each sub string with a comma. If multiple substrings are entered, the test performs a logical OR operation on the string. Alert if no change - Check option to make the test fail if the file has not changed since last test. If this option is checked, the monitor does not test the text for an occurrence of the search strings. Restart - Check this option to have the monitor restart from the top of the log file each test. Logon account - Credentials used for authentication. To override the object default account, select an account from the list.
Path field formatting flags

The following formatting variables can be included when specifying a path. %time_hour - Hour in 24-hour format (00 -23) %time_hour2 - Hour in 12-hour format (01 -12) %time_minute - Minute as decimal number (00 -59) %time_second - Second as decimal number (00 59) %date_year - Year with century, as decimal number %date_year2 - Year without century, as decimal number %date_month - Month as decimal number (01 12) %date_dayofmonth - Day of month as decimal number (01 31) %date_dayofyear - Day of year as decimal number (001 366) %date_weekday - Weekday as decimal number (0 6; Sunday is 0)
Lua script
Monitor description
The monitor executes a Lua (page 156) script loaded from the KNM\script folder of the KNM host machine. System type: All Category: Script
Lua script monitor property page

Script - Select the script from the list. The list is based on the scripts found in the \script folder of the KNM host machine. Argument - Arguments to be passed to the script. Logon account - Optional credentials for Windows authentication, if the script requires authentication. To override the object default account, select an account from the list. Do not logon using account - Check this option if you want to pass the authentication parameters to the Lua script and bypass the default authentication performed by Network Monitor before the test starts. 184
Monitor reference
Mail server QOS

Monitor description
The monitor can test the ability of a mail server to send and receive mail. Statistics about round trip time, time to send and login time are stored. System type: All Category: Web and Email
Mail server QOS property page

Email round trip timeout - The maximum time in seconds the monitor waits for email to arrive at the POP3 server. SMTP server - Address of SMTP server to send the test mail trough. SMTP port - Port number of the SMTP server SMTP account - Optional account to use to authenticate with the SMTP server. Selecting an account with an SMTP server that does not require authentication causes the test to fail. Leave blank if unsure. From address - Email address used as the From field in outgoing email. Custom EHLO - Distributed Edition only. Custom EHLO string that is used to greet the remote email server. Must be specified if this monitor is assigned to a gateway. POP3 server - Is always the address of the object. POP3 port - Port number of the POP3 server. Email address - Email address to be used in test. Note that the email address must exist on the POP3 server and must be accepted by the SMTP server for delivery. The email account should be exclusive to Network Monitor since the test erases all emails after each test. POP3 account - Credentials used to logon to the POP3 server.
Memory utilization
Monitor description
The monitor tests the free memory and triggers an alarm if it's below the given threshold or if the object is unreachable. System type: All but Generic/Unknown Category: Performance
Memory utilization monitor property page
185
Monitor reference

Max memory utilization - The maximum threshold of memory utilization. If the memory utilized goes above this value the monitor fails the test. Unit - The unit of free memory tested. The free memory threshold is specified in this unit. Logon account - To override the object default account, select an account from the list.

Process report - Check option to have a report of process memory consumption included in alarm message.
Microsoft Exchange monitor

Monitor description
This monitor type can monitor I/O activity and mail queue sizes of an Microsoft Exchange 2007 server. System type: Windows Category: Web and email
Exchange server basic properties

Disk read bytes/s - The lower threshold of free memory. If available memory goes below this value the monitor fails the test. Disk write bytes/s - The unit of free memory tested. The free memory threshold is specified in this unit.

Send queue size (mailbox) - Maximum allowed number of messages in the mailbox send queue. Leave the field blank to not perform this test. Receive queue size (mailbox) - Maximum allowed number of messages in the mailbox receive queue. Leave the field blank to not perform this test. Send queue size (public) - Maximum allowed number of messages in the public send queue. Leave the field blank to not perform this test. Receive queue size (public) - Maximum allowed number of messages in the public receive queue. Leave the field blank to not perform this test. SMTP categorizer queue length - Maximum number of allowed messages awaiting processing, such as recipient validation, sorting of local or remote delivery and distribution list recipient expansion. Large number of waiting messages in this queue can indicate performance problems in other Exchange components or Active Directory. Leave the field blank to not perform this test. Message queued for delivery - Maximum number of messages queued for delivery. Leave the field blank to not perform this test.
186
Monitor reference
Microsoft SQL server monitor

Monitor description
This monitor type is capable of monitoring several key aspects of a Microsoft SQL Server database. The monitor uses the native SQL Server interface and does not require an ODBC driver installed on the Network Monitor host machine. System type: Windows Category: Database
SQL server monitor properties

These fields are required to connect to the database to perform configured tests. Logon account - The logon account contains the credentials to use when authenticating with the SQL Server database. Instance name - The SQL server instance name to use. Database name - Name of database to connect to. Port - The port number the database server listens to. Defaults to port 1433.
Performance monitoring options

Max users - Maximum number of allowed users logged on at the same time. Leave the field blank to not perform this test. Buffer cache hit ratio - The buffer cache hit ratio indicates the percent of the total number of requests that have been served without accessing the disk. A higher value translates into better database performance. Set this value to the lowest acceptable value. If the ratio falls below this value the monitor fails the test. Leave the field blank to not perform this test. Max replication latency - A value in seconds that is the maximum difference in time between master and slave. If this time is exceeded the monitor fails the test. Leave the field blank to not perform this test. SQL compilations - A numeric value that is the maximum number of SQL compilations that can occur per second. If this value is exceeded the monitor fails the test. A high value of SQL
187
Monitor reference compilations per second can result in high CPU usage. Leave the field blank to not perform this test. Failed logons - A numeric value that represents the maximum number of allowed failed logons during a day. Auditing must be enabled to run this test. Leave the field blank to not perform this test.
Tablespace monitoring options

Table space is associated with physical files stored on disk. Each database can be associated with one or more table spaces, for the storage of tables and indexes. Monitoring tablespace usage enables you to be warned before the remaining free space in a table space passes below a threshold. Tablespace usage (any) - A threshold value that sets the maximum allowed usage of a table space in percent. This field applies to all table spaces in the database, subsequent fields can be used to configure exceptions from this rule for up to five other table spaces. Leave the field blank to not perform this test. Tablespace usage (1-5) - A threshold value for the maximum allowed usage for a specific table space. These fields override the global table space threshold. Leave the field blank to not perform this test.
SQL query option

An optional SQL statement can be executed and its output compared to a predefined value using a compare operation. SQL query - Optional SQL query to perform. No rows fail - Check this option to make the monitor fail the test if the query returns no rows. Compare value - Value to compare query result with. Value type - Type of value that is compared with the retrieved value from the database. Operation - Operation to evaluate the returned query result and the compare value, to determine if the test succeeded or failed.
MySQL monitor
Monitor description
This monitor type is capable of monitoring several key aspects of an MySQL database. System type: All Category: Database
Prerequisites
The MySQL Connector/C (http://www.mysql.com/downloads/connector/c/) or MySQL Workbench (http://dev.mysql.com/downloads/workbench/5.2.html) packages must be installed on the Network Monitor server or gateway. Download and install the 32-bit client, even if your server is 64-bit. This is because Network Monitor is a 32-bit application and requires 32-bit drivers.
188
Monitor reference After installation ensure the file path to libMysql.dll is in the Windows system path. This is normally taken care of during installation of the administrator package, and might require a reboot of the server. The Network Monitor nmservice.exe service must be restarted for the change to take effect. If Network Monitor cannot access this DLL file, the MySQL monitor fails with an error message specifying that it cannot find the libMysql.dll file.
MySQL monitor properties

These fields are required to connect to the database to perform configured tests. Logon account - The logon account contains the credentials to use when authenticating with the MySQL database. Port - Port number which the database server listens to. Database name - Name of database to connect to.

Max thread count - A numeric value that represents the maximum number of running threads, if the number of running threads exceeds this value the monitor fails the test. Leave the field blank to not perform this test. Max replication latency - A value in seconds that is the maximum difference in time between master and slave, if this time is exceeded the monitor fails the test. Leave the field blank to not perform this test. Max slow queries - A slow query is defined as a query that has been running longer than the average time and exceeded the long_query_value time defined in the database configuration. Enter a numeric threshold value to make the test fail if the number of slow queries exceeds this value. Leave the field blank to not perform this test. Max open tables - A numeric value that represents the maximum number of allowed open tables. Leave the field blank to not perform this test. Queries per second average - A numeric value that represents the maximum number of running queries per seconds allowed. Leave the field blank to not perform this test. Max users - Maximum number of users allowed to logon at the same time. Leave the field blank to not perform this test.
189
Monitor reference
SQL query option

An optional SQL statement can be executed and its output compared to a predefined value using a compare operation. SQL query - Optional SQL query to perform. No rows fail - Check this option to make the monitor fail the test if the query returns no rows. Compare value - Value to compare query result with. Value type - Type of value that is compared with the retrieved from the database. Operation - Operation to evaluate the returned query result and the compare value to determine if the test succeeded or failed.
NNTP server
Monitor description
The monitor connects and checks the status of a NNTP (Network News Transport Protocol) server. System type: All Category: Network services
NNTP server monitor property page

Port number - The port number the NNTP server is configured to use.
Oracle monitor
Monitor description
This monitor type is capable of monitoring several key aspects of an Oracle database. The monitor uses the native Oracle interface and does not require an ODBC driver installed on the Network Monitor host machine. System type: All Category: Databases
Prerequisites
Install the Oracle database instant client
(http://www.oracle.com/technetwork/database/features/instant-client/index-097480.html) on the Network Monitor
server or gateway. Download and install the 32-bit client, even if your server is 64-bit. This is because Network Monitor is a 32-bit application and requires 32-bit drivers.
190
Monitor reference After installation ensure that the folder where you installed the package is in the Windows system path. This might require a reboot of the server. After altering the system path, restart the Network Monitor service for the change to take effect. If Network Monitor cannot access the DLL files it requires, the Oracle monitor fails with an error message specifying that it cannot find the DLL files.
Oracle monitor properties

These fields are required to connect to the database to perform configured tests. Logon account - The logon account contains the credentials to use when authenticating with the Oracle database. Service name - This is the name of the service defined in the tnsnames.ora file. Network Monitor uses this information to connect to the Oracle database. Port - The port number the Oracle database server listens to.

Max open cursors - A numeric value that represents the maximum number of simultaneously opened cursors. If the number of open cursors exceeds this value the monitor fails the test. Leave the field blank to not perform this test. Long op. threshold - A value in seconds that is the maximum time an operation can execute. If this time is exceeded, the monitor fails the test. Leave the field blank to not perform this test. Buffer cache hit ratio - The buffer cache hit ratio indicates the percent of total number of requests that have been served without accessing the disk. A higher value translates into better database performance. Set this value to the lowest acceptable value. If the ratio falls below this value the monitor fails the test. Leave the field blank to not perform this test. Failed logons - A numeric value that represents the maximum allowed number of failed logons during a day. To test this value, auditing must be enabled. Leave the field blank to not perform this test.
Tablespace monitoring options

A table space is associated with physical files stored on disk, each database can be associated with one or more table spaces for storages of tables and indexes. By monitoring table space usage, you can be warned before the remaining free space in a table space passes below a threshold.
191
Monitor reference Tablespace usage (any) - A threshold value that sets the maximum percent usage of a table space allowed. This field applies to all table spaces in the database. Subsequent fields can be used to configure exceptions for this rule, for up to five other table spaces. Leave the field blank to not perform this test. Tablespace usage (1-5) - A threshold value for the maximum usage allowed for a specific table space. These fields override the global table space threshold. Leave the field blank to not perform this test.
SQL query option

An optional SQL statement can be executed and its output compared to a predefined value using a compare operation. SQL query - Optional SQL query to perform. No rows fail - Check this option to make the monitor fail the test if the query returns no rows. Compare value - Value to compare the query result with. Value type - Type of value that is compared with the retrieved value from the database. Operation - Operation to evaluate the returned query result and the compare value to determine if the test succeeded or failed.
Ping
Monitor description
The monitor uses the ICMP protocol to verify that the object responds to ping packets within a predefined time. The monitor can also calculate packet loss and round trip time during the test. The monitor only triggers on packet loss level if the round trip time is within the specified range. Note that the ping protocol is one of the protocols with lowest priority in a network and some hosts do not respond to ping packets by default. System type: All Category: Network services
Ping monitor property page

Timeout - Largest round trip time in milliseconds the monitor waits for the ping packet to return from the host. Packet loss - Max packets lost when transmitted to the host. Specified in percent of total sent packages. Packets to send - The number of packets to send each test. A higher value yields a more exact packet loss and round trip time value. Include trace - Select option to include a trace route log in alarm message. Max hops - Max number of trace route hops that are performed while in Alarm state. Defaults to 255. Alt. IP - Secondary IP to test. The monitor can ping an alternative IP number in the same test.
192
Monitor reference
POP3 server
Monitor description
The monitor connects to a POP3 mail server and verifies that it can logon to the server and check for mail, without affecting the status of the mailbox. The purpose is to verify that the POP3 authentication and the storage system of the POP3 server is working. If no username or password is provided a simple connection test is performed. System type: All Category: Web and email
POP3 monitor property page

Username/password - Optional. A POP3 account username and password Port number - The port number the POP3 server is configured to use.
Process status
Monitor description
The monitor can verify that a process is running on an object. System type: All but Generic/Unknown Category: Performance
Process monitor property page (Windows version)

Process name - Name of the process to monitor. Unlisted process - Name of process to monitor if not listed, usually meaning its not started yet, in the process name list. Invert function - Check option to make the monitor fail the test if the process is running. Logon account - To override the object default account select an account from the list.
Radius monitor
Monitor description
Radius is a network protocol that provides authentication, access and accounting for computers that want to connect to a network. Radius is often used to provide access to wireless networks. All tests are performed using SNMP get requests, consult your Radius server documentation to find out if your Radius server responds to SNMP requests by default or if you have to configure this feature.
193
Monitor reference
System type: All Category: Network services
Access-Request data section

These fields are required to connect to the Radius server to perform configured tests. Secret - Pre-shared secret word used to encrypt all passwords sent to Radius server for authentication. Logon account - The logon account contains the credentials to use when authenticating with the Radius server.

Each test is performed in the scope of a time span. The time span is denoted in seconds. Max invalid auth requests - The maximum allowed number of access request packets received from an unknown address during the time span defined by the field below. The test fails if the number exceeds this value. Leave the field blank to not perform this test. Max accounting requests - The number of accounting request packets received from an unknown address during the time span defined by the field below. The test fails if the number exceeds this value. Leave the field blank to not perform this test. Max total access rejects - The maximum number of access rejected packets sent during the time span defined by the field below. Leave the field blank to not perform this test.
Comparison options
In addition to the above tests a customized SNMP get request can be made. The result of the request can be compared to a predefined value using a compare operation. Radius compare OID - An OID relative to the base Radius OID (.1.2.6.1.2.1.67 or .iso. org.dod.internet.mgmt.mib-2.radiusMIB) that can be requested for each test and compared with a predefined compare value. Leave the field blank to not perform this test. Compare value - Value to compare the query result with. Value type - Type of value that is compared with the retrieved value from the database. Operation - Operation to evaluate the returned query result and the compare value to determine if the test succeeded or failed.
194
Monitor reference
SMTP server
Monitor description
The monitor checks that it can connect to an SMTP server and that the SMTP server returns a valid return code. System type: All Category: Web and email
SMTP monitor property page

Port - The port number the SMTP server is configured to use.
SNMP
Monitor description
The SNMP monitor is a dynamic tool for querying multiple object identifiers (OID) from an remote SNMP agent and perform calculations on the returned values.
System type: All Category: SNMP
SNMP monitor property page

Community - SNMP community to use. Defaults to public. OID1, 2, 3, ... - Specifies a list of numbered OIDs. Click Add OID and Remove OID to add or remove OIDs to this monitor. The [...] button next to the OID field display a MIB Browser dialog that can be used to select object identifiers from the remote SNMP agent.
195
Monitor reference Calculation - A calculation using the values queried from the object identifiers. The example in the image above calculates the network utilization from an interface. Result translation - Translates the result into a readable string. This option is only available when the value type in the comparison is set to string. See below for example. Min/Max valid value - Enables the monitor to filter out all values below and above the given threshold. Port number - Port to use. Defaults to 161. Data type - The unit of data sampled by the test. This makes it possible to group data from this type of monitor with other monitors such as CPU utilization in reports. Compare value - Value to compare with the resulting value from the calculation. Value type - Type of value that is compared with the retrieved value. Operation - Operation to use when comparing.
Result translation
The result translation feature can be used to translate a non-descriptive OID value into a readable string. This feature is only available if the comparison value type is set to string. The OID value retrieved can still be a numeric value, but is treated as a string.
Example 1
Unknown(1), Alarm(2), Failed(3), Ok(4)
Example 2
Unknown=1,Alarm=2,Failed=3,OK=4 The values 1, 2, 3 and 4 are translated to Unknown, Alarm, Failed and OK. Both examples above are valid notations. The final translated string is the string used in the comparison operation.
SNMP trap
Monitor description
The monitor receives trap messages from SNMP monitors on remote hosts. The monitor only receives messages that originate from the object's IP address. The first step of the filtering is done with the specified enterprise OIDs. Further inspection of the trap is done with the variable binding filter, which can include several rules. The rules are either evaluated all together (AND operation) or one by one (OR operation). The resulting trap triggers a failed test. The monitor can filter out standard generic SNMP v1 trap types. Each OID field can be populated by selecting it from the MIB browser. The MIB browser is opened by pressing the button to the right of the OID field. System type: All
196
Monitor reference Category: SNMP
SNMP trap monitor property page

OID Include filter - Enter one or more OIDs, separated by a comma. The monitor triggers an alarm for the specified enterprise OID. OID Exclude filter - Enter one or more OIDs, separated by a comma. This monitors ignores traps from the specified enterprise OID. Community - SNMP community to use. OID/Value pairs - Filter rule to evaluate trap data. Can perform a compare operation on a dynamic number of OIDs in the trap. The filter rules can be evaluated together or one by one. The result of the operation must be evaluate to true to be considered a matching trap. Trap type filter - Trap types to be included in the test.
SSH2 script
Monitor description
The monitor can execute a command or script on a SSH2 host and compare the returned value with a predefined string using a compare type. If the compare operation evaluates to false the monitor generates an alarm. System type: All Category: Script
SSH2 script monitor property page
197
Monitor reference

Command - A command to execute on the host. The command should return a value after execution. Logon account - To override the object default account, select an account from the list. Data type - The unit of data returned by the script. This makes it possible to group data from this type of monitor with other monitors such as CPU utilization in reports. Port - Port number. Compare value - Value to compare the returned result with. Value type - Type of value returned. Operation - Compare operation to use when evaluating the result. If the returned value compared with the compare value evaluates to false the monitor fails the test.
SSH2 server
Monitor description
The monitor verifies that a nSSH2 server is responding to user logon attempts. This monitor does not support the older SSH1.x protocol. If credentials are omitted, the monitor performs a connection test only. System type: All Category: Network services
SSH2 server monitor property page

Logon account - To override the object default account, select an account from the list. Port - Port number that server listens to.
Swap file utilization

Monitor description
Monitors swap space utilization on the object. System type: All but Generic/Unknown Category: Performance
Swap file utilization monitor property page (Windows version)

Max swap utilization - Specifies the percent max threshold. Swap file name - Name of the swap file to monitor. Click the Rescan swap files link to update the list. Logon account - To override the object default account select an account from the list.

Detailed error report - Lists all processes and their memory usage in an error report. 198
Monitor reference
Syslog
Monitor description
The syslog monitor can intercept syslog message sent to Network Monitor from one or more syslog hosts. The monitor can be configured to receive different types of messages. More than one syslog monitor can be added to each object to receive different combinations of messages. Before you create a monitor of this type, you need to start the internal syslog server. If another syslog service is executing on the Network Monitor host machine the result is unpredictable. System type: All Category: Log

Include string(s) - Filter away messages not containing these strings. Separate multiple strings with a comma. Exclude string(s) - Message not included if it dies not contain one of the strings specified in this field. Separate multiple strings with a comma.
TCP port scan

Monitor description
The purpose of this monitor is to verify that a number of ports are open or closed depending on the use. In its default state the monitor triggers an alarm if the port can be opened. If the invert flag is checked the monitor triggers an alarm if the port is closed. System type: All Category: Others
TCP port scan monitor property page

Port number range - Ports to scan. The port range can be in the following format: 21-23 - The monitor scans ports between and including 21 to 23. 80,21-23 - The monitor scans port 80 and ports between and including 21 to 23. The monitor can check up to 100 ports. Invert function - Check this option if you want to make the test verify that a certain port is open instead of closed.
Telnet server
Monitor description
The monitor verifies that a telnet server is responding. System type: All
199
Monitor reference Category: Network service
Telnet monitor property page

Port - The port number the telnet server is configured to use.
Terminal service
Monitor description
Monitors that Windows terminal server responds to new logon sessions. System type: All Category: Network services
Terminal service monitor property page

Port - The port number the terminal server is configured to use. Defaults to 3389.
TFTP server
Monitor description
The monitor tests if a TFTP server is responding to a RRQ operation. The purpose of the test is to verify that the TFTP server is running. The monitor tries to download a file named KNM. This file does not have to exist for the test to succeed. The monitor merely checks that the TFTP server is responding in the correct way to such a request. System type: All Category: Network services

TFTP server monitor property page
Port - The port number the TFTP server is configured to use. Defaults to 69.
Transfer speed
Monitor description
The monitor measures the transfer speed between Network Monitor and an object. The test measures the time it takes to download the specified amount of data from the chargen.exe service running on the object. The chargen.exe service must be installed and running on the object. Microsoft supplies a chargen.exe server for Windows in the Simple TCP/IP Services package. The chargen.exe service uses port 19 (TCP) by default. System type: All 200
Monitor reference Category: Network services
Transfer speed monitor properties

Transfer speed - Minimum transfer speed in the selected unit. Unit - The unit to record the transfer speed test in. Shown in real time chart and reports. Data size - Size, in kilo bytes, of total amount of data to receive in the test. Port number - The port number the TFTP server is configured to use. Defaults to 19.
VMware performance
Monitor description
The monitor can query a VMware performance counter for a VMware host or a vCenter server and compare it to a value using a compare operation. If the compare operation evaluates to false the monitor fails the test. Supports ESX 4.1 & ESXi 5. Makes no changes to the target VMware host machine. Supports most performance counters objects, such as hosts, datastores, and virtualstores. VMware counters for guests (virtual machines) are not supported. System type: VMware Category: Performance
Identify the object as a VMWare system type
VMware performance monitor properties page
201
Monitor reference

Counter/Instance - Name of the primary performance counter to test. The instance field is intentionally left blank for some counter types. A scan automatically enumerates the values displayed. Click the Rescan link to refresh these values. Data type - The unit of data sampled by the test. This makes it possible to group data from this type of monitor with other monitors such as CPU utilization in reports. Value type - Type of value returned. Compare operation - Operation used to evaluate the returned result and the predefined compare value. Compare value - User defined compare value. Only numerical values are valid.
Web server
Monitor description
The monitor can test a web server and validate the content of the requested page. Verify that the content in the requested page has not changed since the previous test. Search for a string in the page and verify links. System type: All Category: Network services
Web server monitor property page

URL - URL of the page to download, relative to the web server address. The URL specified determines the links displayed in Web server monitor page links section. Use secure HTTP - Check this option to enable the monitor to communicate using secure HTTP (SSL). Port - Port number used to connect to the web server. Username/password - Optional credentials to authenticate with web services. Search string - The string the page searches for. If not found, the test fails. Page fetch time - A threshold value in milliseconds. If the page is not delivered within the threshold value, the test fails. User agent - Overrides the default user agent variable sent in the request. Custom cookie - Optional cookie to send with the get request.
202
Monitor reference Custom host - Optional host header field to support named base virtual hosts. Verify checksum - Check option to have the monitor calculate the checksum vale of the page. If the checksum value changes between two tests the current test fails. To reset the checksum, open the property page and save the monitor. Ignore CN check - If checked the monitor does not validate the common name of the server certificate. This option is only valid if the monitor is using secure http. Ignore date check - If checked the monitor does not validate the expiry date of the server certificate. This option is only valid if the monitor is using secure http. Ignore CA check - If checked the monitor does not validate the certificate authority of the server certificate. This option is only valid if the monitor is using secure http. Cert. store - Name of the system certificate store. Use only if you want the monitor to send a client certificate to the server. Cert subject - Subject line of certificate to use in the system certificate store. Use only if you want the monitor to send a client certificate to the server. Proxy server - Optional address of proxy server. Proxy port - Optional server port of proxy server. Web server monitor page links - The URL specified determines the links displayed in Web server monitor page links section. The monitor must execute one test before it shows the links it can verify in the property view. To reset the checksum test (if the page has been updated) open the monitor property page and uncheck the checksum flag and save it, then open the monitor property page again and check the checksum flag and save the monitor.
Windows performance
Monitor description
The monitor can query a Windows performance counter to compare with a compare value using a compare operation. If the compare operation evaluates to false the monitor fails the test. Optionally two performance counters can be queried and combined before compared with the compare value. System type: Windows Category: Performance
Windows performance monitor property page

Object/Counter/Instance - Name of the primary performance object to test. These values can be enumerated by using the enumeration function. The instance field is intentionally left blank for some counter types. Click the Rescan link to refresh these values
203
Monitor reference Object/Counter/Instance - Optional. Secondary performance object. These values can be enumerated by using the enumeration function. The instance field is intentionally left blank for some counter types. Combine operation - Optional operation used when querying two counters. They can be combined into a final result by using the add, subtract, divide or multiplicative operation. Divisor - A value that the retrieved value is divided with before the comparison. Logon account - To override the object default account, select an account from the list. Data type - The unit of data sampled by the test. This makes it possible to group data from this type of monitor with other monitors such as CPU utilization in reports. Compare value - User defined compare value. Only numerical values are valid. Value type - Type of value returned. Compare operation - Operation used to evaluate the returned result and the predefined compare value.
Windows service status

Monitor description
The monitor tests that a Windows service is running. System type: Windows Category: Performance
Windows service monitor property page

Available services - List of services to select from. Click the Select button to append the selected service to the field service name. To refresh the list click the Rescan services link. Service name - Name of the service to monitor. Separate multiple services with a comma. When combining this monitor with a Windows service control action, only one service can be selected. Invert function - Check this box to make this monitor trigger an alarm if listed services are running. Logon account - To override the object default account, select an account from the list.
See Also
Windows service control (page 59) (scheduled event) Windows service control (page 216) (action) Windows service list (page 118) (direct control)
WMI Query monitor

Monitor description
The WMI query monitor can be used to execute WQL queries and perform conditional testing of the returned value. The monitor can execute all standard WQL queries, but the returned value comparison is limited to one field of the returned data. System type: Windows
204
Monitor reference Category: Performance
WMI Query monitor
Namespace - Name space to execute the query within. The default namespace is root\cimv2. WQL - A WQL query. Value name - The name of the value to retrieve when the query has been executed. If more then one result row is returned, the value is retrieved from the first row in the result set. Data type - The unit of data sampled by the test. This makes it possible to group data from this type of monitor with other monitors such as CPU utilization in reports. Compare value - Value to compare query result with. Value type - Type of value returned by the query. Operation - Operation to evaluate the returned query result and the compare value to determine if the test succeeded or failed.
205
Chapter 8
Action reference
See Alarms and alert handling (page 109) for a detailed description of how to use the actions described in this reference.
In This Chapter
Clear event log Execute command via SSH2 Execute Lua script Execute Windows command HTTP Get/Post List reset Net Send Paging via PageGate Send mail Send SMS SNMP Set Wake-on-LAN Windows service control 208 208 209 210 210 211 212 212 213 214 214 215 216
207
Action reference
Clear event log

The action clears an event log on a specified Windows host.
Parameters
Host name - Host name or IP number. Leave blank to use the address of the object. Logon account - Account to use when executing the action. The Use no logon account option sets the action to not perform a Windows logon. Use object default account sets the action to use the account of the monitor or the object (if the monitor has no account specified). Log name - Name of the log to clear. For example, Application.
Execute command via SSH2

The SSH2 action executes a command on a SSH2 server. Optionally the action can be configured to use the telnet protocol instead.
Parameters
Host name - Host name or IP number. Leave blank to use the address of the object. Logon account - Account to use when executing the action. Selecting an account is mandatory for this action. Account credentials are sent to the remote sever to perform the logon. Command - Command to execute. The following formatting variables can be included when specifying a command. %object_name - object name %monitor_name - monitor name %object_destination - object address Port - Port number that SSH2 server is listening on. Use telnet - Check this option to use the telnet protocol instead of the SSH2 protocol. Ensure the telnet parameters are correctly configured in the program settings page.
Warning: Remember that telnet is not encrypted and the username/password is sent in clear text.
208
Action reference
Execute Lua script

The Lua action executes a Lua (page 156) script, the object of the monitor that calls the action is used by the script as the host. The Lua script action can execute both simple and advanced scripts. Scripts using the advanced script model have custom defined argument sections that are not described here.
Lua script using the Simple script model
Lua script example using the Advanced script model
Parameters
Logon account - Account to use when executing the action. The action does not perform a Windows logon if the Use no logon account option is selected. Use object default account sets the action to use the account of the monitor or the object, if the monitor has no account specified. Script - Select the script from the list. The list is based on scripts located in the KNM\script folder of the KNM host machine. Argument (Simple scripts) - Arguments passed to the script. The following formatting variables can be included in the parameters passed to the script. %object_name - object name %monitor_name - monitor name %object_destination - object address No account logon - Selecting this option passes the username and password of the selected account to the script, so the script can perform any required authentication.
209
Action reference
Execute Windows command

The action executes a command on the Network Monitor host machine. The command cannot be an interactive command that requires any interaction with a user.
Parameters
Logon account - Account to use when executing the action. The action doesl not perform a Windows logon if the Use no logon account option is selected. Use object default account sets the action to use the account of the monitor or the object, if the monitor has no account specified. The process inherits the credentials impersonated by Network Monitor. Command - Command to execute. The command is an executable that is located in the KNM root directory or in the Windows or System32 directory. Parameters - A string passed to the executed command as arguments.
HTTP Get/Post
Sends a HTTP Get or Post request to a web server.
Parameters
URL - The URL can be an absolute URL or an relative URL to the object. Port - Port number. Defaults to 80. SSL - Check option to use SSL. Remember that the web server normally listens to a different port then the default port of 80 for SSL traffic. If necessary, change the port number when selecting this option. The action accepts server side certificates with an invalid Common Name, expired date or invalid certificate authority. Checking and unchecking this box changes the port number between 80 (unchecked) and 443 (checked). Parameters - Post request only. Enter parameters using the format name=value, one parameter per row. The following formatting variables can be included in a parameter. %time - current time 210
Action reference %object_name - object name %object_destination - object address %monitor_name - monitor name %monitor_error - monitor error message %monitor_error2 - monitor error message, no time stamp %sys_distributionlist - distribution list %monitor_dependencystatus - dependency tree status %object_description - object description %network_name - network name %network_contactinfo - network contact information Username/Password - Optional. Authentication option if required. Proxy server - Address of proxy server. Proxy port - Proxy server port number. Get/Post - Method to use when sending request to web server.
Example: Get and post request with absolute URL

This example demonstrates two different ways of sending requests with variables to a web server, using either the get request or post request.
Get request
URL - http://www.yourserver.com/test.php?test1=1&test2=2
Post request
URL - http://www.yourserver.com/test.php Parameters test1=1 test2=2
Example: Get and post request with a relative URL

This example demonstrates two different ways of sending requests with variables to a web server, using either the get request or post request. The URL is relative to the address of the object calling the action list.
Get request
URL - test.php?test1=1&test2=2
Post request
URL - test.php Parameters test1=1 test2=2
List reset
The list-reset action, when executed, causes the execution to restart from the first action. The list-reset action can be used to get a loop behavior. The list-reset action is not executed by a recover action list.
211
Action reference
Net Send
The Net Send action can send a message to a Windows user. The message presents a pop-up message box on the user's computer. The action requires that the "Messenger" service be started on both the Network Monitor host and the users computer.
Note: This action cannot be used with Windows Vista operating systems or later.
Parameters
Hostname - Optional host name to send the message to. User - The Windows user to send the message to.
Paging via PageGate

This action sends a message to a Pagegate user. The message is formatted according to the format specified in the monitor. If the monitor format specification is empty, the default format is used. The default format can be changed in the program settings page.
Parameters
Operators on duty - The message is sent to on duty operators only. If no operators are scheduled on duty, no message is sent. Operator group - The message is sent to all operators in the operator group assigned to the object Group manager - The message is only sent to the operator that is designated as group manager of the operator group assigned to the object. If the operator group does not have an designated group manager, no message is sent. Specific operator group - The message is sent to the selected operator group. Using this option you can escalate the alarm to include more operators then only the operators in the operator group assigned to the object. Group - If the specific operator group option was selected, select a group from this list. Specific recipient - The message is sent to specific recipients defined in the Specific recipient field below. Specific recipient - One or more email addresses separated with a semi-colon. Short message - Check this option to send a compressed message. For example if the message is sent over an SMS gateway. This option removes the following information to conserve the size of message. %object_description - object description 212
Action reference %sys_distributionlist - distribution list %sys_charts - real time graphs %monitor_dependencystatus - dependency tree status %monitor_error - monitor error message %network_contactinfo - network contact information
Send mail
The Send mail action sends an email to one or more recipients. The message is formatted according to the format specified in the monitor. If the monitor format specification is empty, the default format is used. The default format can be changed in the program settings page.
Parameters
Operators on duty - The message is sent to on duty operators only. If no operators are on duty, no message is sent. Operator group - The message is sent to all operators in the operator group assigned to the object Group manager - The message is only sent to the operator that is designated as group manager of the operator group assigned to the object. If the operator group does not have an designated group manager, no message is sent. Specific operator group - The message is sent to the selected operator group. Using this option you can escalate the alarm to include more operators then only the operators in the operator group assigned to the object. Group - If the Specific operator group option was selected, select a group from this list. Specific recipient - The message is sent to specific recipients defined in the Specific recipient field below. Specific recipient - One or more email addresses separated with a semi-colon. Short message - Check this option to send a compressed message, for example, if the message is sent over an SMS gateway. This option removes the following information to conserve the size of message. %object_description - object description %sys_distributionlist - distribution list %sys_charts - real time graphs %monitor_dependencystatus - dependency tree status %monitor_error - monitor error message %network_contactinfo - network contact information
213
Action reference
Send SMS
The Send SMS action sends an SMS to one or more recipients. The SMS is formatted according to the format specified in the monitor. If the monitor format specification is empty, the default format is used. The default format can be changed in the program settings page. The max message text is 160 characters. Excessive text is truncated before sending the SMS. To use this action a SMS device must be configured and the operators must have a SMS number set.
Parameters
Operators on duty - The message is sent to on duty operators only. If no operators are scheduled on duty, no message is sent. Operator group - The message is sent to all operators in the operator group assigned to the object. Group manager - The message is sent to the operator that is designated as a group manager of the operator group assigned to the object. If the operator group does have an designated group manager, no message is sent. Specific operator group - The message is sent to the selected operator group. Using this option, you can escalate the alarm to include more operators then only the operators in the operator group assigned to the object. Group - If the Specific operator group option was selected, select a group from this list. Specific recipient - The message is sent to specific recipients defined in the Specific recipient field below. Specific recipient - One or more email addresses, separated with a semi-colon. Short message - Check this option to send a compressed message, for example, if the message is sent over an SMS gateway. This option removes the following information to conserve size of message. %object_description - object description %sys_distributionlist - distribution list %monitor_dependencystatus - dependency tree status %monitor_error - monitor error message %network_contactinfo - network contact information
SNMP Set
The SNMP Set action can be used to change values of object identifiers (OIDs) in a remote SNMP agent.
214
Action reference
Parameters
Hostname - Host name or IP number. Leave blank to use the address of the object. Community - SNMP community to use. OID - Object identifier to change. Value - Value to set Syntax type - Type of value. The value can be an integer or a string.
Wake-on-LAN
The Wake-on-LAN action (WOL) can start a host that is compliant with the WOL standard. Refer to the host's documentation to determine if the action can be used.
Note: This action is restricted to waking up hosts located on the same broadcast network segment as the host used to send the WOL packet.
Parameters MAC - The MAC address of the interface to send the WOL packet to. The format of the MAC address is AA-BB-CC-DD-EE-FF. Leave the field blank to use the MAC address of the object. Packet count - How many times the packet should be sent. Set this value to higher then 1 to be sure that the host receives it. Interval - The time to wait, in seconds, between sending each packet. If the packet count is set to 5 and the interval to 5, 5 packets are sent during a 25 second period.
215
Action reference
Windows service control

Network Monitor can start, stop, pause, continue and restart Windows services. All service actions share the same set of parameters.
Parameters
Host name - Host name or IP number. Leave blank to use the address of the object. Logon account - Account to use when executing the action. The Use no logon account option sets the action to not perform a Windows logon. Use object default account sets the action to use the account of the monitor or the object, if the monitor have no account specified. For this action it's recommended to set this value to Use object default account, since the object most likely uses the same set of credentials as the monitor triggering this action. Service name - Name of service. Leave this blank to get the service name from the monitor. This requires that the monitor executing this action list be a Windows service monitor with only one service configured to check. Type - Select the type of operation to perform.
See Also
Windows service control (page 59) (schedule event) Windows service list (page 118) (direct control) Windows service status (page 204) (monitor)
216
Chapter 9

Network Monitor monitors two types of Windows performance metrics.
In This Chapter
Windows performance registry Windows Management Instrumentation (WMI) 218 219
217
Windows performance registry

The Windows performance register is a virtual registry hive that contains performance metrics from a number of installed providers. All the communication with the performance registry is done via the remote registry service. The following monitors can use the Windows performance registry Windows performance monitor CPU monitor Memory monitor Swap size monitor Bandwidth monitor Disk monitor All monitors, except the Windows performance monitor, can be forced to use WMI, by checking Use WMI checkbox in the Object property page.
Subtopics
How to verify that KNM have access to remote registry service (page 218) Memory leaks in remoteregistry service on monitored machine (page 219) Caching of counters (page 219)
How to verify that KNM have access to remote registry service

1. Logon to the KNM host machine using the Windows account used to monitoring 2. Start the 32 bit version of the perfmon.exe application. This file is located in the SysWOW64 directory on a 64 bit host machine. 3. Connect to the monitored machine and add a counter. If this test fails, Network Monitor will not succeed in enumerating and sampling counters on the monitored machine. 1. Check that firewall is opened for Remote Administration in the correct profile. 2. Make sure the Remote registry service is running on the monitored machine 3. Verify that the account is allowed to access the performance counter hive. See http://support.microsoft.com/kb/300702/en-us (http://support.microsoft.com/kb/300702/en-us). 4. If its a standalone Vista/7 machine (not in a domain) you have to disable UAC to prevent it from filtering out the credentials. See http://support.microsoft.com/kb/951016 (http://support.microsoft.com/kb/951016).
218
Windows Performance Monitoring 5. If counters are missing, and you have verified that the same counters are missing in the performon.exe tool, the performance counter library might need to be rebuilt. See http://support.microsoft.com/kb/300956 (http://support.microsoft.com/kb/300956). 6. If counters still are missing the counters may be published by a 64 bit dll, Network Monitor is a 32 bit application and cannot yet read 64 bit counter values. User have either to install a 32 bit version of the dll or use WMI to query the counter.
Memory leaks in remote registry service on monitored machine

Since the performance registry hive is loading external executable code to publish performance data to consumersfor example, Network Monitorthere might be problems with the loadable modules, such as memory leaks and lock ups. This can result in low memory conditions for the monitored machine. As its impossible for us to fix the problematic dlls, other than search for newer version of the program, the only thing we can recommend to the user is to create a Scheduled event that restarts the remote registry service on the monitored machine every 24 hours.
Caching of counters
When the monitor of an object performs its first test after restarting, it caches all the counter and [Winperf] object names to improve the bandwidth usage for all subsequent tests performed against the object. This can be a problem if the user installs a new piece of software on the monitored machine that publishes additional performance counters, after Network Monitor has tested a Windows performance monitor against it. The problem manifests itself as "missing counters" when Network Monitor enumerates the counters, but the counters are visible in the perfmon.exe tool. To reset the cache the user needs to open up the Network Monitor System admin console from the Tools menu. The operator needs to be system admin to see the menu entry. Issue the following command: clear-counter-cache <object> OBJECT_NAME is the exact name of the object that is having its cache reset.
Windows Management Instrumentation (WMI)

WMI is used by default by all Windows performance monitors when creating a new object. The WMI protocol has an advantage over older Windows performance registry calls, being more bandwidth effective. However, on some platforms like Windows Vista and Windows 2008 (without any service packs), WMI has a high performance impact and therefore Winperf may be preferred when monitoring these two platforms. For inexperienced system administrators, WMI has a history of being hard to configure for remote monitoring.
WMI Troubleshooting
This article describes common problems with Windows performance monitoring and how to resolve it.
Background
The following error message is displayed 219
Windows Performance Monitoring Access denied. User may lack remote launch and remote activation permission. The following monitor types use WMI when the object flag Use WMI is checked. WMI Query monitor (*) Active directory monitor(*) Bandwidth monitor CPU monitor Disk monitor Memory monitor Swap monitor * Always use WMI This error message is displayed when: The user account used is not enabled to use WMI in the domain or on the monitored machine. The firewall is closed. The user is not an administrator on the monitored machine.
Subtopics
Verifying that is enabled for the account (page 221) Adjusting the firewall settings (page 223) Additional for non-administrator users (page 223) Verifying that WMI works (page 223) Problem with data returned from performance counters read by WMI Full index of Microsoft WMI troubleshooting articles (page 225)
220
Verifying that WMI is enabled for the account

Open Administrative tools > Computer management, right click "WMI Control" to select the "Properties" option.
221
Windows Performance Monitoring Select the security tab and click "Security".
222
Windows Performance Monitoring Enable "Remote enable" for the group/user that you plan to use.
Click "Apply" and close the dialog.
Adjusting the firewall settings

Open the command prompt, as administrator, and execute the following command to enable the inbound rule for WMI. netsh advfirewall firewall set rule group="windows management instrumentation (wmi)" new enable=yes
Additional for non-administrator users

Enable the non-administrator to interact with DCOM by following the simple steps listed in the following MSDN article. http://msdn2.microsoft.com/en-us/library/Aa393266.aspx
(http://msdn.microsoft.com/en-us/library/aa393266.aspx)
In the article, follow the steps to: Grant DCOM remote launch and activation permissions for a user or group. Grant DCOM remote access permissions.
Verifying that WMI works

The wbemtest.exe utility can be used to verify that its possible to make a WMI call to the monitored machine from the KNM host machine. To start the utility, logon to the KNM host machine desktop and open the start menu, in the "Run" field, type the following and press enter:
223
Windows Performance Monitoring wbemtest.exe When the utility has started, click the "Connect" button.
Enter the following address and replace "my_ip" with the IP number of the monitored machine: \\my_ip\root\cimv2 Enter the username and password that you use in KNM. In the Authority field, enter the domain name of the user. Click "Connect" and then "Enum classes". In the dialog "Superclass info" , click the recursive radio button and click ok.
The utility now populates the Query result window with information from the monitored machine. If this 224
Windows Performance Monitoring does not happen, consult the following troubleshooting information on Microsoft support web site.
Problem with data returned from performance counters read by WMI

Sometimes the performance register and WMI can become out of sync or the process that collects performance data for WMI can hang on a locked resource. As a last resort after rebooting the monitored machine, resync the performance counters to WMI using the steps outlined in this article. http://support.microsoft.com/kb/266416 (http://support.microsoft.com/kb/266416)
Full index of Microsoft WMI troubleshooting articles

http://msdn2.microsoft.com/en-us/library/msaspx (http://msdn2.microsoft.com/en-us/library/ms735120.aspx) http://msdn2.microsoft.com/en-us/library/aa394603.aspx
(http://msdn2.microsoft.com/en-us/library/aa394603.aspx)
http://msdn.microsoft.com/en-us/libraryAa393266.aspx (http://msdn.microsoft.com/en-us/library/aa393266.aspx) http://support.microsoft.com/kb/266416 (http://support.microsoft.com/kb/266416) http://support.microsoft.com/kb/300956 (http://support.microsoft.com/kb/300956) http://support.microsoft.com/kb/300702/en-us (http://support.microsoft.com/kb/300702/en-us) http://social.technet.microsoft.com/Forums/hu-HU/itprovistasetup/thread/11d6d64e-543b-40cd-a0f6-ba97cfbb

(http://social.technet.microsoft.com/forums/hu-hu/itprovistasetup/thread/11d6d64e-543b-40cd-a0f6-ba97c3806fbb)
http://support.microsoft.com/kb/951016 (http://support.microsoft.com/kb/951016)
225
Index
Index
2
24 Hour Alarm List 114
5
50 latest syslog messages 159
A
Access denied 147 Acknowledging alarms 113 Action lists 110 Action lists on gateways 166 Action reference 207 Active Directory integration 151 Active Directory monitor 171 Adding a customized report 72 Adding a logon account 44 Adding a maintenance schedule 60 Adding a new action list 111 Adding a new monitor 27 Adding a new network 42 Adding a report template 74 Adding a scheduled event 48 Adding a style template 76 Adding an object template 135 Adding an operator schedule 62 Adding and editing actions 112 Adding and editing content 93 Adding content to reports 74 Adding empty objects 16 Adding gateways 94 Adding networks 93 Adding objects 94 Adding objects from templates 16 Adding operator groups 39 Adding operators 32 Adding operators to an operator group 39 Additional for non-administrator users 223 Adjusting the firewall settings 223 Administrator settings 9 Advanced topics 115 Alarm summary widget 86 Alarms and alert handling 109 Assigning objects to a gateway 165 Auto login 152
Caching of counters 219 Changing dashboard settings 83 Changing widget settings 84 CIM Monitor 174 Citrix server 175 Clear event log 208 Clear Windows event log 49 Comments 69 Compiling custom MIB files 116 CPU utilization 175 Creating a connection 97 Creating custom NOC views 133 Creating dashboards 82 Creating network maps 92 Creating widgets 84 Customized reports 71
D
Dashboard overview 82 Dashboards and operator rights 82 Data extraction reference 118 Data tables 67 Data type settings 102 Database server 176 Deleting a connection 97 Deleting content 96 Deleting dashboards 83 Deleting network maps 93 Deleting widgets 84 DHCP query 176 dir 119 Directory property 177 Disk utilization 178 Display monitor details 30 Displaying logon account details 46 Displaying network details 43 Displaying object details 24 Distributed edition 161 Distributed edition introduction 162 Distributed Servers and Gateways 3 Dividing the schedule into periods 63 DNS lookup 179 Downtime 68
E
Editing a connection 97 Editing a customized report 72 Editing a logon account 44 Editing a maintenance schedule 60 Editing a network 43 Editing a report template 74 Editing a scheduled event 48 Editing a single monitor 28 Editing a single object 21 Editing a single operator 33 Editing a style template 76 Editing an action list 111 Editing an operator group 40 Editing an operator schedule 62
B
Backup and restore 155 Backup of Network Monitor 155 Bandwidth usage visualization 96 Bandwidth utilization 172
227
Index
Editing content 95 Editing multiple monitors 29 Editing multiple objects 23 Editing multiple operators 35 Email and SMS settings 98 Emailing and publishing reports 78 Enabling secure HTTP 153 Environment monitor 179 Event log 180 Event log monitor 147 Execute command via SSH2 50, 208 Execute Lua script 50, 209 Execute Windows command 52, 210 Export statistics data 50 Exporting object templates 136 External resources 147 Listing action lists 111 Listing and searching customized reports 71 Listing and searching logon accounts 45 Listing and searching monitors 25 Listing and searching networks 41 Listing and searching objects 14 Listing and searching report templates 73 Listing maintenance schedules 59 Listing object templates 134 Listing operator groups 38 Listing operator schedules 62 Listing operators 32 Listing scheduled events 47 Listing style templates 75 Local dependencies 157 Local Downloads 128 Log entries widget 88 Log file 183 Log search 129 Log settings 99 Logging in 14 Logging On 8 Logon accounts and Windows authentication 46 Lua 156 Lua script 184
F
Favourite items 88 File change 181 FTP server 182 Full index of Microsoft WMI troubleshooting articles 225
G
Gateway configuration 164 Generate a report 52 Gizmo 127 Graphs 65 Graphs in customized reports 66
M
Mail server QOS 185 Mail settings 10 Maintaining licenses 14 Maintenance schedules 59 Managing logon accounts 44 Memory leaks in remote registry service on monitored machine 219 Memory utilization 185 Message format options 130 MIB Browser 117 Microsoft Exchange monitor 186 Microsoft SQL server monitor 187 Miscellaneous settings 103 Monitor reference 169 Monitor status progression 110 Monitor status widget 85 monitor_graph 119 monitor_status_list 119 monitor_statusstring 120 monitor_uptimestring 120 Monitors 25 Monitors using Windows authentication 146 Multi-edit 96 MySQL monitor 188
H
How to verify that KNM have access to remote registry service 218 HTTP Get/Post 210 HTTP GET/POST request 55
I
Images 69 IMAP4 server 182 Import from Active Directory 20 Import from seed file 20 Importing custom icons 91 Importing Kaseya monitoring sets 136 Importing map graphics 91 Importing Network Monitor template definition files 136 Importing object templates 135 Importing objects 19 Init.cfg parameters 125 Installation 5 Installation Checklist 6 Interface port settings 154 Introduction 64, 90 Introduction and basic management 14
N
Net send 55 Net Send 212 Network discovery 17 Network Discovery settings 9 Network map settings 92 Network map widget 87 Network maps 89 Network Monitor Concepts 2
L
LDAP query 183 Linking an object to a template 136 List reset 211
228
Index
Network Monitor Overview 1 Network Monitor Service account and rights assignment 146 Network Monitor System Requirements 7 Network path can not be found 148 Network status widget 84 Networks 41 NNTP server 190 NOC view settings 101 NOC views 132 Notepad widget 89 Selecting content 95 Send email 56 Send mail 213 Send SMS 57, 214 Send status report 58 Send Wake-On-LAN 57 Server and gateway communication 163 Server configuration 163 Server Sizing 6 Service Desk 107 Service monitor 147 Sharing dashboards 83 Simulate alarm 138 SMS device configuration 10, 139 SMTP server 195 SNMP 195 SNMP Set 57, 214 SNMP trap 196 SNMP Traps 118 Specifying working hours 63 SSH2 script 197 SSH2 server 198 Standard, Distributed and Gateway Installs 6 Starting the map editor 91 Style templates 75 Swap file utilization 198 Syslog 199 System administration page 106 System administrator console 141 System settings 98 System status widget 86
O
Object status widget 84 Object templates 134 object_xml 121 objectlist_xml 123 Objects 14 Operator access rights 36 Operator groups 38 Operator schedules 61 Operator status widget 85 operator_status 124 Operators 31 Operators and operator groups 31 Oracle monitor 190
P
Paging via PageGate 212 Paging with PageGate 55 Performance related issues with monitored object 148 Ping 192 POP3 server 193 Process status 193 Publishing network maps 96
T
TCP port scan 199 Telnet server 199 Terminal service 200 test_status 125 TFTP server 200 The dashboard 81 The management interface 13 The map editor 91 The My settings page 37 The RPC server is unavailable 149 The system default dashboard 84 Time synchronization 163 Toplist configuration examples 71 Toplist widget 88 Toplists 69, 143 Transfer speed 200 Trigger monitor test 58 Troubleshooting 147, 166 Troubleshooting Windows monitoring and authentication 145
Q
Quick reports 80
R
Radius monitor 193 Recovering from alarms 114 Report items 65 Report templates 73 Reports 64 Responding to alarms 110 Restore of configuration 155 Restricting access 153 Review and Save Settings 11 Running the Startup Guide 8
S
Scheduled event reference 49 Scheduled events 47 Schedules and events 47 Scheduling reports 80 Searching for maintenance schedules 61 Searching for operators and operator groups 41 Searching for scheduled events 49 Selecting a Service Account 8
U
UNIX system support files 149 Unlink an object from its template 137 Upgrading an existing installation 12 Using the organizer tools 95
229
Index
V
Verifying that WMI is enabled for the account 221 Verifying that WMI works 223 version 125 Viewing reports 77 Visual feedback 98 VMware performance 201
W
Wake-on-LAN 215 Web page widget 87 Web server 202 Web server configuration 151 Widgets 84 Windows Management Instrumentation (WMI) 219 Windows performance 203 Windows Performance Monitoring 217 Windows performance registry 218 Windows service control 59, 216 Windows service list 118 Windows service status 204 WMI Query monitor 204
230

En KNMguide41

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

En KNMguide41

Uploaded by

Copyright:

Available Formats

Network Monitor

Copyright 2000-2012 Kaseya International Limited. All rights reserved.

The management interface

Alarms and alert handling

Windows Performance Monitoring

Network Monitor Overview

Network Monitor Overview

Network Monitor Overview

Network Monitor Concepts

Other Commonly Used Icons

Distributed Servers and Gateways

Standard, Distributed and Gateway Installs

Network Monitor System Requirements

Selecting a Service Account

Using the LocalSystem account

Network Monitor Required Privileges

Running the Startup Guide

Network Discovery settings

SMS device configuration

Operator phone number

Tested SMS devices

Review and Save Settings

Upgrading an existing installation

Deploying a test installation

The management interface

The management interface

Introduction and basic management

Listing and searching objects

The management interface

The object list

The management interface

Searching for objects

Searching for an object with the search bar

Adding empty objects

The object properties view

Adding objects from templates

Selecting the object template

Initialization of the new object

The management interface

Starting network discovery

Network discovery settings

Waiting for the result

The network discovery page while running

Add object to configuration

The management interface

Import from Active Directory

Import from AD/LDAP page

Import from seed file

The import from seed file dialog

Editing a single object

Basic object properties

Basic object properties

Advanced object properties

Editing multiple objects

The Edit multiple objects page

Displaying object details

The Object information view

The object information view

The alarm history

The management interface

Listing and searching monitors

The Monitor list view

Opening the monitors menu