Professional Documents
Culture Documents
User Guide
version 4.1
September 4, 2012
About Kaseya
Kaseya is a global provider of IT automation software for IT Solution Providers and Public and Private Sector IT organizations. Kaseya's IT Automation Framework allows IT Professionals to proactively monitor, manage and maintain distributed IT infrastructure remotely, easily and efficiently with one integrated Web based platform. Kaseya's technology is licensed on over three million machines worldwide.
Agreement
The purchase and use of all Software and Services is subject to the Agreement as defined in Kaseyas Click-Accept EULA as updated from time to time by Kaseya at http://www.kaseya.com/legal.aspx. If Customer does not agree with the Agreement, please do not install, use or purchase any Software and Services from Kaseya as continued use of the Software or Services indicates Customers acceptance of the Agreement.
Contents
Network Monitor Overview 1
Network Monitor Concepts ............................................................................................................................ 2 Distributed Servers and Gateways ................................................................................................................ 3
Installation
Installation Checklist ...................................................................................................................................... 6 Standard, Distributed and Gateway Installs .................................................................................................. 6 Server Sizing ................................................................................................................................................. 6 Network Monitor System Requirements ........................................................................................................ 7 Selecting a Service Account .......................................................................................................................... 8 Logging On .................................................................................................................................................... 8 Running the Startup Guide ............................................................................................................................ 8 Administrator settings .......................................................................................................................... 9 Network Discovery settings ................................................................................................................. 9 Mail settings ...................................................................................................................................... 10 SMS device configuration ................................................................................................................. 10 Review and Save Settings ................................................................................................................ 11 Upgrading an existing installation ................................................................................................................ 12
13
Introduction and basic management ........................................................................................................... 14 Logging in .......................................................................................................................................... 14 Maintaining licenses .......................................................................................................................... 14 Objects......................................................................................................................................................... 14 Listing and searching objects ............................................................................................................ 14 Adding empty objects ........................................................................................................................ 16 Adding objects from templates .......................................................................................................... 16 Network discovery ............................................................................................................................. 17 Importing objects ............................................................................................................................... 19 Editing a single object ....................................................................................................................... 21 Editing multiple objects ..................................................................................................................... 23 Displaying object details .................................................................................................................... 24 Monitors ....................................................................................................................................................... 25 Listing and searching monitors ......................................................................................................... 25 Adding a new monitor ....................................................................................................................... 27 Editing a single monitor ..................................................................................................................... 28 Editing multiple monitors ................................................................................................................... 29 Display monitor details ...................................................................................................................... 30 Operators and operator groups ................................................................................................................... 31 Operators .......................................................................................................................................... 31 Operator groups ................................................................................................................................ 38 Searching for operators and operator groups ................................................................................... 41 Networks ...................................................................................................................................................... 41 Listing and searching networks ......................................................................................................... 41 Adding a new network ....................................................................................................................... 42 Editing a network ............................................................................................................................... 43 Displaying network details ................................................................................................................. 43 i
Managing logon accounts............................................................................................................................ 44 Adding a logon account ..................................................................................................................... 44 Editing a logon account ..................................................................................................................... 44 Listing and searching logon accounts ............................................................................................... 45 Displaying logon account details ....................................................................................................... 46 Logon accounts and Windows authentication ................................................................................... 46 Schedules and events ................................................................................................................................. 47 Scheduled events .............................................................................................................................. 47 Maintenance schedules .................................................................................................................... 59 Operator schedules ........................................................................................................................... 61 Reports ........................................................................................................................................................ 64 Introduction........................................................................................................................................ 64 Report items ...................................................................................................................................... 65 Customized reports ........................................................................................................................... 71 Report templates ............................................................................................................................... 73 Adding content to reports .................................................................................................................. 74 Style templates .................................................................................................................................. 75 Viewing reports.................................................................................................................................. 77 Emailing and publishing reports ........................................................................................................ 78 Scheduling reports ............................................................................................................................ 80 Quick reports ..................................................................................................................................... 80 The dashboard ............................................................................................................................................ 81 Dashboard overview.......................................................................................................................... 82 Dashboards and operator rights........................................................................................................ 82 Creating dashboards ......................................................................................................................... 82 Changing dashboard settings ........................................................................................................... 83 Sharing dashboards .......................................................................................................................... 83 Deleting dashboards ......................................................................................................................... 83 The system default dashboard .......................................................................................................... 84 Creating widgets................................................................................................................................ 84 Changing widget settings .................................................................................................................. 84 Deleting widgets ................................................................................................................................ 84 Widgets ............................................................................................................................................. 84 Network maps ................................................................................................................................... 89 System settings ........................................................................................................................................... 98 Email and SMS settings .................................................................................................................... 98 Log settings ....................................................................................................................................... 99 NOC view settings ........................................................................................................................... 101 Data type settings............................................................................................................................ 102 Miscellaneous settings .................................................................................................................... 103 System administration page ............................................................................................................ 106 Service Desk ................................................................................................................................... 107
109
Monitor status progression ........................................................................................................................ 110 Responding to alarms................................................................................................................................ 110 Action lists ................................................................................................................................................. 110 Listing action lists ............................................................................................................................ 111 Adding a new action list .................................................................................................................. 111 Editing an action list ........................................................................................................................ 111 Adding and editing actions .............................................................................................................. 112 Acknowledging alarms............................................................................................................................... 113 Recovering from alarms ............................................................................................................................ 114 24 Hour Alarm List ..................................................................................................................................... 114
ii
Advanced topics
115
Compiling custom MIB files ....................................................................................................................... 116 MIB Browser .............................................................................................................................................. 117 SNMP Traps .............................................................................................................................................. 118 Windows service list .................................................................................................................................. 118 Data extraction reference .......................................................................................................................... 118 dir..................................................................................................................................................... 119 monitor_graph ................................................................................................................................. 119 monitor_status_list .......................................................................................................................... 119 monitor_statusstring ........................................................................................................................ 120 monitor_uptimestring ....................................................................................................................... 120 object_xml ....................................................................................................................................... 121 objectlist_xml ................................................................................................................................... 123 operator_status ............................................................................................................................... 124 test_status ....................................................................................................................................... 125 version ............................................................................................................................................. 125 Init.cfg parameters ..................................................................................................................................... 125 Gizmo ........................................................................................................................................................ 127 Local Downloads ....................................................................................................................................... 128 Log search ................................................................................................................................................. 129 Message format options ............................................................................................................................ 130 NOC views ................................................................................................................................................. 132 Creating custom NOC views ........................................................................................................... 133 Object templates........................................................................................................................................ 134 Listing object templates ................................................................................................................... 134 Adding an object template ............................................................................................................... 135 Importing object templates .............................................................................................................. 135 Exporting object templates .............................................................................................................. 136 Linking an object to a template ....................................................................................................... 136 Unlink an object from its template ................................................................................................... 137 Simulate alarm ........................................................................................................................................... 138 SMS device configuration .......................................................................................................................... 139 System administrator console ................................................................................................................... 141 Toplists ...................................................................................................................................................... 143 Troubleshooting Windows monitoring and authentication......................................................................... 145 Network Monitor Service account and rights assignment ............................................................... 146 Monitors using Windows authentication .......................................................................................... 146 Event log monitor ............................................................................................................................ 147 Service monitor ............................................................................................................................... 147 External resources .......................................................................................................................... 147 Troubleshooting............................................................................................................................... 147 UNIX system support files ......................................................................................................................... 149 Web server configuration........................................................................................................................... 151 Active Directory integration ............................................................................................................. 151 Auto login ........................................................................................................................................ 152 Restricting access ........................................................................................................................... 153 Enabling secure HTTP .................................................................................................................... 153 Interface port settings ...................................................................................................................... 154 Backup and restore ................................................................................................................................... 155 Backup of Network Monitor ............................................................................................................. 155 Restore of configuration .................................................................................................................. 155 Lua ............................................................................................................................................................. 156 Local dependencies................................................................................................................................... 157 50 latest syslog messages ........................................................................................................................ 159
iii
Distributed edition
161
Distributed edition introduction .................................................................................................................. 162 Server and gateway communication ......................................................................................................... 163 Time synchronization................................................................................................................................. 163 Server configuration .................................................................................................................................. 163 Gateway configuration ............................................................................................................................... 164 Assigning objects to a gateway ................................................................................................................. 165 Action lists on gateways ............................................................................................................................ 166 Troubleshooting ......................................................................................................................................... 166
Monitor reference
169
Active Directory monitor ............................................................................................................................ 171 Bandwidth utilization .................................................................................................................................. 172 CIM Monitor ............................................................................................................................................... 174 Citrix server ............................................................................................................................................... 175 CPU utilization ........................................................................................................................................... 175 Database server ........................................................................................................................................ 176 DHCP query .............................................................................................................................................. 176 Directory property ...................................................................................................................................... 177 Disk utilization ............................................................................................................................................ 178 DNS lookup ............................................................................................................................................... 179 Environment monitor ................................................................................................................................. 179 Event log .................................................................................................................................................... 180 File change ................................................................................................................................................ 181 FTP server ................................................................................................................................................. 182 IMAP4 server ............................................................................................................................................. 182 LDAP query ............................................................................................................................................... 183 Log file ....................................................................................................................................................... 183 Lua script ................................................................................................................................................... 184 Mail server QOS ........................................................................................................................................ 185 Memory utilization...................................................................................................................................... 185 Microsoft Exchange monitor ...................................................................................................................... 186 Microsoft SQL server monitor .................................................................................................................... 187 MySQL monitor .......................................................................................................................................... 188 NNTP server .............................................................................................................................................. 190 Oracle monitor ........................................................................................................................................... 190 Ping............................................................................................................................................................ 192 POP3 server .............................................................................................................................................. 193 Process status ........................................................................................................................................... 193 Radius monitor .......................................................................................................................................... 193 SMTP server .............................................................................................................................................. 195 SNMP ........................................................................................................................................................ 195 SNMP trap ................................................................................................................................................. 196 SSH2 script ................................................................................................................................................ 197 SSH2 server .............................................................................................................................................. 198 Swap file utilization .................................................................................................................................... 198 Syslog ........................................................................................................................................................ 199 TCP port scan ............................................................................................................................................ 199 Telnet server .............................................................................................................................................. 199 Terminal service ........................................................................................................................................ 200 TFTP server ............................................................................................................................................... 200 Transfer speed .......................................................................................................................................... 200 VMware performance ................................................................................................................................ 201 Web server ................................................................................................................................................ 202 iv
Windows performance ............................................................................................................................... 203 Windows service status ............................................................................................................................. 204 WMI Query monitor ................................................................................................................................... 204
Action reference
207
Clear event log .......................................................................................................................................... 208 Execute command via SSH2 ..................................................................................................................... 208 Execute Lua script ..................................................................................................................................... 209 Execute Windows command ..................................................................................................................... 210 HTTP Get/Post .......................................................................................................................................... 210 List reset .................................................................................................................................................... 211 Net Send .................................................................................................................................................... 212 Paging via PageGate................................................................................................................................. 212 Send mail ................................................................................................................................................... 213 Send SMS ................................................................................................................................................. 214 SNMP Set .................................................................................................................................................. 214 Wake-on-LAN ............................................................................................................................................ 215 Windows service control ............................................................................................................................ 216
217
Windows performance registry .................................................................................................................. 218 How to verify that KNM have access to remote registry service ..................................................... 218 Memory leaks in remote registry service on monitored machine .................................................... 219 Caching of counters ........................................................................................................................ 219 Windows Management Instrumentation (WMI) ......................................................................................... 219 Verifying that WMI is enabled for the account ................................................................................ 221 Adjusting the firewall settings .......................................................................................................... 223 Additional for non-administrator users ............................................................................................ 223 Verifying that WMI works ................................................................................................................ 223 Full index of Microsoft WMI troubleshooting articles....................................................................... 225
Index
227
Functions
Installation (page 5) The management interface (page 13) Alarms and alert handling (page 109) Advanced topics (page 115) Distributed edition (page 161) Monitor reference (page 169) Action reference (page 207) Lua (page 156)
Description
Provides system requirements, installation instructions and startup configuration. Discusses how to use the web-based administration interface in Network Monitor. Discusses alarm configuration and notification using actions and actions lists and recovery action lists. Provides an introduction to advanced Network Monitor configurations. Describes how to configure the Distributed Edition of Network Monitor. Provides a reference to all standard KNM monitors. Provides a reference to all standard KNM actions that can be associated with action lists and triggered by an alarm condition. Introduces how to extend Network Monitor functionality using Lua scripts.
Status Icons
A monitor is always in one specific state. This state is visualized in the Network Monitor interface with different colors. An object or network always displays the most important state reported by any single monitor that belongs to it. Icons are listed below, ranked by their importance. - The monitor is deactivated. - This icon is used in the Distributed Edition only. The monitor status is unknown because the gateway responsible for the monitor is not connected. - This icon is used for objects and networks only. All monitors in the object or network are deactivated, but the object or network itself is active. - The monitor has entered an alarm state. - The monitor has failed one or more tests, but has not yet entered alarm state. - The monitor is ok. Additional guidelines: Any state other than deactivated is an activated state. An activated monitor tests its object. Deactivating any or all monitors of an object does not deactivate the object. Deactivating any or all objects of a network does not deactivate their parent network. Deactivating an object deactivates all of its member monitors. Deactivating a network deactivates all of its member objects.
Network Monitor Overview - This icon indicates that the object or monitor is inherited from a template. Monitors inherited from a template can not be edited directly. - This icon indicates that the object or monitor is in maintenance state and is not currently monitored. - This icon displays a list of items. - This icon displays a view of an item.
Chapter 1
Installation
In This Chapter
Installation Checklist Standard, Distributed and Gateway Installs Server Sizing Network Monitor System Requirements Selecting a Service Account Logging On Running the Startup Guide Upgrading an existing installation 6 6 6 7 8 8 8 12
Installation
Installation Checklist
We recommend that you complete the following pre-installation checklist before installing Network Monitor. 1. Estimate the memory required by Network Monitor to monitor the number of objects on your network, using the recommendations in Server Sizing (page 6). Ensure the system hosting the Network Monitor server has enough free memory to run Network Monitor. 2. Check that the system hosting the Network Monitor server meets all software and hardware requirements (page 7). 3. Ensure the Windows account used by the Network Monitor service has sufficient privileges (page 8). 4. If SNMP is used, install and start the Windows SNMP service on the Network Monitor host machine. The SNMP service on the host machine must specify the same communities used by Network Monitor. 5. If ODBC logging is going to be enabled using Settings > Program settings > Log settings (page 99), create a ODBC system data source on the Network Monitor host machine. 6. If a GSM phone is used, install it and verify that it responds correctly to standard AT commands in a terminal program. When completed you are ready to install Network Monitor. After installing Network Monitor and connecting to the web interface for the first time, consult the topic Running the Startup Guide (page 8).
Server Sizing
Recommended minimum requirements for Network Monitor depend on the number of objects you intend to monitor, assuming 10 monitors per object.
Installation
Note: An Network Monitor object is a unique IP address. A monitor is a single test or metric of that object. For example, a Windows machine, represented by a single IP address, might have many monitors, with each monitor returning data about a different performance metric for that machine.
Minimum requirements up to 100 objects 1 GHz CPU 2 GB memory 5 GB free disk space (1) Minimum requirements up to 250 objects 2 GHz CPU 2 GB memory 10 GB free disk space (1) Minimum requirements up to 500 objects (3) Dual core >2 GHz CPU 4 GB memory 15 GB free disk space (1) (2) Minimum requirements up to 1000 objects (3) Intel 2 GHz Quad core CPU 4 GB memory 25 GB free disk space (1) (2) Minimum requirements up to 1500 objects (3) Intel 2 GHZ Quad core CPU 4 GB memory 40 GB free disk space (1) (2)
Notes
1
Disk consumption is noted per year for a normal installation with the described number of objects and monitors 2 Kaseya recommends that Network Monitor be installed on a 1+0 Raid array with at least 4 GB of RAM for best possible report generation performance 3 Kaseya recommends that you run the Network Monitor installation on a dedicated machine.
Supported Browsers Microsoft Internet Explorer 7.0 or newer Opera 9.0 or newer Firefox 3.5 or newer (Recommended for best viewing experience) The following features must be enabled in your browser settings. 7
Installation Accept third party cookies Javascript enabled Cookies are required to keep track of the user session. Java scripts are used by the web interface and must be enabled.
fewest number of privileges possible. The Network Monitor account manager can then be used to
impersonate Windows accounts with elevated permissions when these permissions are required for tests, actions and events.
Logging On
After installing Network Monitor the next step is to logon to the web interface. Use either of the following two methods to display the web interface logon page. Click the link to the web interface in the Network Monitor program folder in the start menu. Use the following link if you are configuring Network Monitor from the Network Monitor host. http://localhost:8080
Note: This link above assumes you accepted the standard parameters during the installation and the Network Monitor web server is running on the default 8080 port. If you have installed Network Monitor on a different host, replace the localhost host name with the name of the Network Monitor host.
Installation Administrator settings (page 9) Network discovery settings (page 9) Mail settings (page 10) SMS device configuration (page 10) Review and Save Settings (page 11)
Note: A person logging into the Network Monitor server is referred to as an operator. Each operator can only have one logon session open at one time.
Administrator settings
1. Enter the username and password of the default Network Monitor operator. Remember that the password is case sensitive. 2. Configure an email address for this operator. The email address is used when Network Monitor is sending notifications or reports. 3. (Optional) Configure an phone number for this operator. The phone number is used when Network Monitor is sending SMS notifications. 4. Clicking Next creates the default operator you will use to logon to Network Monitor after completing the Startup Guide.
If you would like to discover objects on a network immediately, enter values for the following. Network discovery - Specify the first 3 octets of a subnet. 9
Installation Windows logon account settings - An administrator level Windows credential is required to return some types of scan data from Windows objects. Use the domain\username format to enter a domain username. UNIX logon account settings - An administrator level UNIX credential is required to return some types of scan data from UNIX objects. SNMP settings - Enter the SNMP community name used by devices on this subnet.
Note: The system hosting the Network Monitor server must have the Windows SNMP Service running to use SNMP monitoring. Any community specified by Network Monitor for monitoring must also be specified by the SNMP Service on the host machine. See Installation Checklist (page 6).
Mail settings
To send email notifications and reports you need to configure the email server settings. Two email servers can be configured: a primary server and a secondary backup server used in case the primary server is unreachable. Primary server - Enter the host name of the primary email server. If your server requires credentials when sending mail, enter those below. If you are uncertain leave the username and password fields blank. (Optionally) Secondary server - Enter the host name of the server and optionally credentials used when Network Monitor sends an email. This server is used by Network Monitor if the primary SMTP server is unreachable. Default return address - Enter an address that Network Monitor uses as its From address. If you want to skip this step and configure these parameters later, click Next to continue. To display these settings again later, select Settings > Program settings > Email & SMS settings.
If have an SMS device connected to a com port on the Network Monitor host you can configure Network Monitor to send SMS notifications.
10
Installation Configure SMS - Select this box if you have an SMS device connected to the Network Monitor host. Com port - select the serial port the SMS device is connected to. Baud rate - Select the baud rate. This is the speed the SMS device is capable of sending and receiving over the COM port. A setting of 2400 is recommended, if you're not sure what to select. PIN code - If your SMS device is a GSM phone or modem, you might need to unlock the SIM card with a PIN code. Enter that PIN code in the PIN code field. Test settings - Click the button to test the configuration, if the test fails make necessary changes or uncheck the Configure SMS check box to skip this part of the wizard.
1. The final step of this startup guide is confirming the information you have filled in previous pages. If you want to change any of the information, click the Previous button to go back.
11
Installation 2. Clicking the Next button redirects you to the login page and asks for the username and password that you entered in the first page.
When you are satisfied with the tests you can move on and update your production environment. Updating your production environment Make a backup copy of your current version. Including the following files: settings.rds dbconfig.nxd (DE Only) \gateways \statistics Shutdown KNM Install the update into the current directory Done
12
Chapter 2
13
Logging in
Open the login page by clicking Open Kaseya Network Monitor in the program group Kaseya network monitor on the start menu. Alternatively, you can manually specify the URL to the Network Monitor host machine in your browser's address bar. The Network Monitor management interface is usually running under port 8080 (this can be changed), so if the host name is KNM the URL would be: http://KNM:8080
Enter the username and password of the operator and click the Login button to proceed. Remember that the password is case sensitive. After a successful logon you are redirected to the dashboard (page 82).
Maintaining licenses
Please see the System administration (page 106) page for details on how to maintain Network Monitor licenses.
Objects
This section describes how to add new objects (page 3) into the Network Monitor configuration as well as manage existing objects.
14
Commands
In the upper section of the Object list view, a number of commands are listed. These commands affect objects that are selected in the list only. Activate - Activates the selected objects. Copy - Creates copies of the selected objects. Deactivate - Deactivates the selected objects. Delete - Deletes the selected objects. The operator must confirm the delete operation. Edit - Opens the multi edit view (page 23) for the selected objects. Link - Links the selected objects to an object template. New - Creates a new empty object. Unlink - Unlinks the selected objects from their object templates. View report - Views a report for the selected objects.
Selecting objects
To select objects from the list, place a check mark in the selection column to the left. It's also possible to select a range of objects by first clicking the start position in the list, then hold the shift key and click the end position. All the objects in between the selected positions selected.
The toolbar
Underneath the commands is a toolbar containing various settings for the Object list view. Refresh - Toggles the automatic refresh of the Object list view. View - Allows the operator to specify how many objects should be listed in the object list view. Prev & Next - These commands are links to the previous. Next is active if the number of objects in the configuration is greater than the number of objects currently displayed in the view. Search bar - In the search bar it is possible to search in the Object list view only (compared with the search bar in the menu). Objects can be searched using following terms. Name of object Host name or resolved IP address Operator group name Network name System type Filter - From the filter box, several pre-defined filters can be selected. The visible objects in the Object list view change depending on what filter is selected. It is possible to click the header columns in the list view to sort on the given property. For example, clicking System type displays objects sorted by system type. By default, objects are sorted according to their name. Notice that objects in alarm, or failed state, are always listed first in the list.
15
After all required information has been entered, click the Save button and the new object will be created.
16
The management interface To create a new object initialized from an object template, expand the New object menu from the Object menu, and select the From template menu option. A list with all current object templates displays. Select the desired object template by clicking the name.
Object initialization
After selecting the desired object template, the object initialization page displays.
In this page you can select what monitors from the template that you want to include in the new object. You can also choose to immediately unlink (page 137) the new object from its template. Clicking the Continue button displays the object properties screen. After filling out the required information, in exactly the same way as when creating empty objects, click the Save button to create the new object.
Network discovery
The Network Discovery function can help you to quickly configure a large number of objects. After the network discovery process is complete, the operator can select among the discovered objects and add them to the configuration. Starting a new network discovery clears the list of objects previously discovered.
17
Subnet - The first three octets of a network, for example 192.168.42 Range start - The first final octet to start from, must be greater or equal to 1. Range end - The last final octet, must be less or equal to 255 Scanning method - It's possible to select between three different methods of scanning the network. Selecting Full scan is slowest but discovers all known devices. The default ARP and Ping method is quicker but possibly does not discover all connected devices. ARP only generates the quickest results but with less accuracy. Gateway - Distributed Edition only. Select the gateway to run the network discovery process on. If the server is selected, Network Monitor performs network discovery on the server. SNMP community - Select the default SNMP read community to use during the network discovery.
Note: The system hosting the Network Monitor server must have the Windows SNMP Service running to use SNMP monitoring. Any community specified by Network Monitor for monitoring must also be specified by the SNMP Service on the host machine. See Installation Checklist (page 6).
Windows account - Select the account to use when authenticating with Windows hosts SSH/Telnet account - Select the account to use when authenticating with UNIX hosts and other shell access capable hosts Click the Start button to start the network discovery process. The operator is redirected to the main network discovery page where the results are displayed.
Configuring an Object
A discovered object must be configured within Network Monitor before it can be monitored.
18
The management interface association. To add objects to the configuration you need to select them from the list of discovered objects and click the Add object link.
Operator group - Select the operator group to assign the new objects to. Alarm action list - Select an action list to be assigned as the alarm action list for the objects. Recovery action list - Optionally select an action list to be assigned as the recovery action list for the objects. Network - Select a Network Monitor network to place the objects in. A Network Monitor network is a logical grouping of objects, not to be confused with a physical network. Select the Default network if you haven't created your own network yet. Create dependency - Check this option to automatically create per object dependencies. This requires that the object contains at least two discovered monitors, of which at least one is a ping monitor. Add empty - Check this option to add the objects to the configuration without any monitors.
Importing objects
Objects can be imported to Network Monitor using different methods to quickly add new objects to the system. This section describe these methods.
19
The import is made in two steps. First, you need to specify the server from where you are importing the objects and the credentials to be used when authenticating with the server. The directory entry contains a search path to specify where to start searching the directory. When clicking the Perform lookup button, Network Monitor authenticates with the specified server and searches the directory. The search results displays in the Discovered objects section. To import the objects found in the directory, select the desired objects from the list. Specify the operator group and a network to assign to them to, then press the Import objects button.
20
The management interface The seed file must be a text file formatted according to the following syntax: Object name; Object address; Object description [;Object template] CR+LF Object name - Name of the object. Object address - The address of the object. This can be a host name or an IPv4 number. Object description - Description of the object. Object template - Name of an existing object template (page 134) that used to initialize the new object. This parameter is optional.
Example
IServer;192.168.0.1;My server Each line in the seed file must be terminated with a newline. Each individual field must be separated with a semicolon. To import objects from the seed file, select the file from the local machine and press the Import button. After the import has finished a status message displays.
21
The management interface Free text - The free text field can be used to include other information about the object and can also be included in alarm notifications. SNMP community - The default SNMP read community used for all SNMP monitors of this object. Note that the community can be changed in individual monitors; this is only a default value.
Note: The system hosting the Network Monitor server must have the Windows SNMP Service running to use SNMP monitoring. Any community specified by Network Monitor for monitoring must also be specified by the SNMP Service on the host machine. See Installation Checklist (page 6).
Action list (Alarm and Recover) - The action lists used by default by monitors of the object. Monitors can be customized to use other action lists in the monitor property page. Active - If checked the object is considered active. Active objects test their monitors. This option is checked by default.
Authentication settings
This section contains the authentication settings for objects with a Windows or UNIX system type. Logon accounts are generally administered with the Account manager (page 44), but new logon accounts can be created immediately within the object properties page.
Authentication settings
Default account - Specifies the default authentication account to be used for all monitors of the object. If you want to immediately create a new logon account, click the New account link. Username - Enter the username for the account. For Windows hosts, it's recommended to specify the username using the DOMAIN\USERNAME format. Password - Enter the password for the account. Description - Enter a description for the account. Operator group - Logon accounts are tied to a specific operator group. Only operators that are members of the selected operator group are able to use the logon account. Clicking the Verify account button makes Network Monitor try to verify that the specified information is correct by authenticating using the new object. Clicking the Save account button stores the specified information and selects the account automatically.
22
The management interface Time zone - By selecting a time zone, the monitors in the object display their real time charts in the object's local time. Default MIB - Select the default MIB file to use with this object. This MIB file is automatically selected when opening the MIB browser when configuring SNMP monitors of this object. Favourite - Checking this option flags the object as a favourite for the current operator. This is useful for commonly accessed objects as they can be displayed on the dashboard in the favourites widget. No SSH2 connection sharing - If this is an object that performs tests using an SSH2 connection, you can optionally check this option to disable the connection sharing feature. Normally only one connection is opened and then shared among all monitors using SSH2 with this object. Disabling the SSH2 connection sharing results in more logons on the SSH server, but can be useful if you experience any problems with your connections. No inspection - Normally Network Monitor performs an object inventory of all objects regularly, to discover hardware and attached devices. You can disable this automatic inspection by checking this option. Wake-On-LAN - The MAC address of the object. Leave this blank to force Network Monitor to query the object for the MAC address automatically when the object is saved. After all required information has been entered, click the Save button to store your changes, or the Cancel button to return to the previous page without making any changes.
The objects you selected to edit are listed in the first section. You can now make changes to several properties of those objects at once. The following properties can be changed: Network - Assign the specified network to the selected objects. Operator group - Assign the specified operator group to the selected objects. Alarm action list - Assign the specified action list as the default alarm action list for the selected objects. Recover action list - Assign the specified action list as the default recovery action list for the selected objects. Default account - Assign the specified logon account as the default logon account for the selected objects. Time zone - Set the specified time zone as the time zone for the selected objects.
23
The management interface Default MIB (advanced section) - Set the specified MIB file as the default MIB file for the selected objects. Favourite (advanced section) - Flag the selected objects as favourites. No inspection (advanced section) - Disable the automatic object inspection for the selected objects. NOC configuration (advanced section) - Assign the specified NOC views to the selected objects. Initially, all properties are marked as No change, meaning that each respective property will not be altered by the multi edit operation.To save your changes, click the Save button, or click the Cancel button to return to the previous page without making any changes.
The Object information view is divided into three sections. In the upper part, Network Monitor displays generic information about the object such as its name and address. The next section displays all monitors that are configured in the object, their individual status and other information. The bottom section displays related reports for the object. This section is dynamically updated by Network Monitor and changes according to the kind of monitors configured for the object.
Alarm history
If one or more monitors in the object have entered the alarm state or recovered, an additional field displays in the generic information section, showing the recent alarm activities.
Gateway information
Distributed Edition only - If the object is assigned to a gateway, the object information view also shows the gateway and when it last sent an update to the Network Monitor server.
24
Commands
In the upper part of the Object information view, a number of commands are displayed. The commands affect the currently viewed object only. The commands displayed to the operator are dependant on the current operator's access rights. To execute a command, click it. Activate/Deactivate - The command activates or deactivates the current object. If the object is currently active, the deactivate command displays and vice versa. Delete - Deletes the current object. The operator must confirm the delete operation. Make template - Creates an object template (page 134) based on the current object. Properties - Opens the properties page for the current object. Search log - Open the Log search page for the current object. View report - Opens the View report page for the current object.
Monitors
This section describes how to create monitors as well as manage existing monitors in Network Monitor.
Commands
In the upper section of the Monitor list view, a number of commands are listed. These commands affect the monitors selected in the list only. Acknowledge - Opens the acknowledge alarm page for the selected monitors. This alarm command is only relevant for monitors currently in alarm state and does not respond to monitors in any other state. Activate - Activates the selected monitors.
25
The management interface Copy - Creates copies of the selected monitors. The operator must select the target object for the copied monitors. Deactivate - Deactivates the selected monitors. Delete - Deletes the selected monitors. The operator must confirm the delete operation. Edit - Opens the multi edit view (page 29) for the selected monitors. Test now - Tests the selected monitors immediately. View report - Displays a report of the selected monitors.
Selecting monitors
To select monitors from the list, place a check mark in the selection column to the left. It's also possible to select a range of monitors by first clicking the start position in the list, then hold the shift key and click the end position. All the monitors in between the selected positions are selected.
The toolbar
Underneath the commands is a toolbar containing various settings for the Monitor list view. Refresh - Toggles the automatic refresh of the Monitor list view. View - Allows the operator to specify how many monitors should be listed in the Monitor list view. Prev & Next - These commands are links to the previous and the next sets of monitors. Next is active if the number of monitors in the configuration is greater than the number of monitors currently displayed in the view. Search bar - Use the search bar to search the monitor list. Monitors can be searched using the following search terms. Monitor name Monitor description Monitor type Object name System type of the object Filter - Several pre-defined filters are available. The monitors displayed by the Monitor list view change, depending on the filter selected. It is possible to click the header columns in the list view to sort on the given property. For example, clicking Object displays the monitors sorted by their object name. By default, monitors are sorted by name. Notice that monitors in the alarmor failedstate, are always listed first in the list.
26
The new monitor page is organized into categories of monitors, with the Preconfigured category on top. You can expand and collapse individual categories by clicking the + and -icons in the tree. The system type of the object dictates what types and categories are available.
Preconfigured monitors
This category contains monitors that Network Monitor have automatically configured for the object. When you click the monitor name it is immediately added to the object and removed from the Preconfigured category.
27
Name - Enter a name for the monitor. This should be a descriptive name and is used to identify the monitor in lists and notifications sent to operators. Test interval - The test interval of the monitor in seconds. The minimum value is 10 seconds.
Alarm generation - This is the sensitivity of the monitor, and defines the number of consecutive tests the monitor must fail to enter the alarm state. A higher number makes the monitor less sensitive. Alarm test interval - The test interval of the monitor in seconds while the monitor is in alarm state. Sometimes it's useful to let Network Monitor test a monitor with a different interval once it has entered alarm state, and the default is 600 seconds (10 minutes). Alarm action list - The alarm action list that the monitor uses once it enters the alarm state. If no alarm action list is selected, the monitor uses the alarm action list specified in the object. Recover action list - The recover action list that the monitor uses once it returns from alarm to normal state. If no recover action list is selected, the monitor uses the recover action list specified in the object. Store statistics - Specifies if the monitor should store statistical data or not. This option is checked by default. Chart resolution - The time span of real time charts on the monitor information view. Group channels - Specifies how many statistics channels that should be grouped into the same chart. This is mainly useful for monitors such as the Environment monitor that store separate statistics data for different external sensors. Chart layout - How many real time charts that should be displayed side-by-side on the monitor information view. 28
The management interface Active - Specifies if the monitor is active or not. A monitor that is not active does not perform any tests. This option is checked by default. Alarm message - This specifies the alarm message that sent with notifications once the monitor enters the alarm state. If no alarm message is specified, the monitor uses the default alarm message specified in the system settings (page 103) page. Recover message - This specifies the recover message sent with notifications once the monitor returns from alarm to normal state. If no recover message is specified, the monitor will use the default recover message specified in the system settings (page 103) page. Alarm subject - The subject line of notifications sent when the monitor enters alarm state. If no alarm subject is specified, the monitor uses the default alarm subject specified in the system settings (page 103) page. Recover subject - The subject line of notifications sent once the monitor returns from alarm to normal state. If no recover subject is specified, the monitor uses the default recover subject specified in the system settings (page 103) page.
Statistics section
This section contains display settings for each type of statistical data recorded by the monitor. If checked, the specified data is shown in the real time charts on the monitor information view.
After all the required information has been entered click the Save button to store your changes, or the Cancel button to return to the previous page without making any changes.
29
The monitors you selected to edit are listed in the first section. You can now make changes to several properties of those monitors at once. The following properties can be changed: Test interval - Set the specified test interval for the selected monitors. Alarm - Set the specified alarm generation value for the selected monitors. generation Alarm test - Set the specified alarm test interval for the selected monitors. interval Alarm action - Assign the selected alarm action list to the selected monitors. list Recover - Assign the selected recovery action list to the selected monitors. action list Store - Toggle storage of statistics data for the selected monitors. statistics Chart - Set the specified chart resolution for the selected monitors. resolution Group - Specify the number of statistics channels to group into the same channels chart for the selected monitors. Chart layout - Set the specified chart layout for the selected monitors. Initially, all properties are marked as No change, meaning that each respective property will not be altered by the multi edit operation. Similarly, text input fields are all empty, meaning that the respective property will not be altered. To save your changes, click the Save button, or click the Cancel button to return to the previous page without making any changes.
30
The Monitor information view is divided into two sections. In the upper part, Network Monitor displays generic information about the monitor such as its test interval, type and relevant object. The bottom section displays real time charts specific to the monitor. The kind of statistics data available depends on the type of monitor.
Commands
In the upper part of the Monitor information view, a number of commands are displayed. The commands affect the currently viewed monitor only. The commands displayed to the operator are dependent on the current operator's access rights. To execute a command, click it. Activate/Deactivate - The command activates or deactivates the current monitor. If the monitor is currently active, the deactivate command displays and vice versa. Delete - Deletes the current monitor. The operator must confirm the delete operation. Properties - Opens the properties page for the current monitor. Search log - Open the Log search page for the current monitor. Simulate alarm - Displays an example of an alert generated for this monitor Test now - Tests the current monitor immediately.
Operators
Users of Network Monitor are called operators. To gain access to the management interface and/or receive notifications a user must be added as an operator.
31
Listing operators
All operators currently configured in Network Monitor are listed on the Operator list view. To open the Operator list view, select Operators from the Settings menu.
Commands
In the upper section of the Operator list view, a number of commands are listed. These commands affect operators that are selected in the list only. Assign to group - Assigns the selected operators to a specified group. The operator must select the operator group to assign the operators to. Delete - Deletes the selected operators. The operator must confirm the delete operation. Edit - Opens the multi edit view (page 35) for the selected operators. New operator - Creates a new operator. See Editing an operator (page 33) for details.
Selecting operators
To select operators from the list place a check mark in the selection column to the left. It's also possible to select a range of operators by first clicking the start position in the list, then hold the shift key and click the end position. All the operators in between the selected positions are selected.
Adding operators
To add a new operator, click the New operator command from the Operator list (page 32) view. The Operator properties page displays. For information about the Operator properties page and details about editing operators, see the Editing a single operator (page 33) topic. After all required information has been entered, click the Save button and the new operator will be created.
32
Email - This is the email address for the operator. This is the email address alerts are sent to for this operator. It is possible to enter several email addresses by separating each with a comma. SMS number - This is the SMS phone number for the operator. This is the phone number SMS alerts are sent to for this operator. Contact name - The real name of the operator. This information can be embedded into alert messages. Contact phone - The contact phone number of the operator. This information can be embedded into alert messages. Contact cellphone - The contact cellphone number of the operator. This information can be embedded into alert messages. Contact address 1 - The contact address of the operator. This information can be embedded into alert messages. Contact address 2 - The contact address of the operator. This information can be embedded into alert messages.
33
The management interface Additional - Additional information about the operator. This field is not available from the My settings (page 37) page. Simple interface - When this option is set, more advanced features in the management interface are hidden by default. You can display advanced features by expanding them. Email format - This specifies the format of outgoing emails to this operator. The available choices are plain text or HTML formats. There is also a special HTML format for Outlook 2007 users. Outlook 2007 uses the Word HTML rendering engine, which requires special formatting to be displayed correctly. Refresh - This specifies the refresh time in seconds for various pages in the management interface.
Report style - When reports are viewed in the management interface, or scheduled to be sent automatically, the reports use a specific style in regards to color, fonts etc. The style is specified per report, but this setting allows Network Monitor to force another report style to be used instead, when viewing or sending reports to this operator. View report - This setting changes how reports should be viewed in the management interface. When viewing a report the report can either be displayed in the same browser window, or opened in a new browser window. Compression - This setting specifies a threshold in Kilobytes. Above this threshold Network Monitor sends compressed data to the operator. A setting of 0 indicates no compression. Disable history - When set, the usage history window to the right in the management interface longer displays.
34
Individual access rights can be specified in this section. An access right of modify always implies read rights, so it is not necessary to specify both in this case. The buttons in the bottom of this section can be used to quickly set access rights for commonly used operator configurations.
After all the required information has been entered click the Save button to store your changes, or the Cancel button to return to the previous page without making any changes.
35
Initially, all properties are marked as No change, meaning that each respective property will not be altered by the multi edit operation. Similarly text input fields are all empty, meaning that the respective property will not be altered. To save your changes, click the Save button, or click the Cancel button to return to the previous page without making any changes.
Explanation
If the operator has modify access, the operator can create, and modify, other
36
Objects
Monitors
Action lists Dashboards Dependency trees Logon accounts Scheduled events Maintenance schedules
37
In the My settings page you can update your contact information, change password and make other minor modifications to the current operator.
For details about the properties that can be edited for an operator, refer to the Managing operators and operator groups (page 38) section. After all the required information has been entered click the Save button to store your changes, or the Cancel button to return to the previous page without making any changes.
Operator groups
An operator group is a collection of operators. Each object in Network Monitor always belongs to one operator group. In this way, an operator group in Network Monitor can be thought of as being in charge of an object. Normally, alerts for a monitor are sent to the operator group responsible for the object.
38
Commands
In the upper section of the Operator group list view, a number of commands are listed. These commands affect operator groups that are selected in the list only. Delete - Deletes the selected operator groups. The operator must confirm the delete operation. New group - Creates a new operator group. See Editing an operator group (page 40) for details.
Selecting operators
39
The management interface Then click the Assign to group command. The Assign to group page displays.
Select the operator group that you want to add the operators to and click the Select button to add it to the list. You can select more than one operator group. Then click the Ok button to assign the operators to the selected operator groups. When finished the operator list displays again.
Name - This is the name of the operator group and should be a descriptive name. Description - A longer description of the operator group. Default - Specifies the operator group as the default operator group. The default operator group is initially selected when creating new objects. Operator - All the available operators in Network Monitor are listed in this field. To add an operator to the operator group, select it from the list and click the Select button. Current members - Lists all operators that are currently added to this operator group. To remove an operator from the operator group, select it from the list and click the Remove button. Group manager - The group manager specifies one operator to be assigned as manager for the operator group. When using operator schedules to schedule operator working hours, the group manager is the default contact when no other operator are available. After all the required information has been entered click the Save button to store your changes, or the Cancel button to return to the previous page without making any changes.
40
Searching for operators and operator groups with the search bar
Networks
This section describes how to create and edit existing networks in Network Monitor.
Commands
In the upper section of the Network list view, a number of commands are listed. These commands affect networks that are selected in the list only. Activate - Activates the selected networks. Deactivate - Deactivates the selected networks. Delete - Deletes the selected networks. The operator must confirm the delete operation. New networks - Creates a new network. View report - Views a report for the selected networks.
Selecting networks
To select networks from the list, place a check mark in the selection column to the left.
41
The management interface To expand a network to see the objects contained inside, click the + icon to the left of the network name.
The objects listed are linked to the object information view for the object. Each object's individual status is also visible. To fold the network back to hide the objects, click the - icon to the left of the network name.
After all required information has been entered, click the Save button and the new object is created.
42
Editing a network
To edit the properties of a network, click the Properties command from the Network information (page 43) view. The network properties page displays.
Network properties
Name - Enter a name for the network. This should be a descriptive name. It is used to identify the network in lists and notifications sent to operators. Description - Enter a generic description of the network. Active - If checked the network is considered active. Objects in an active network test their monitors. This option is checked by default. Make default - Specify this network as the default network for new objects. Favourite - Checking this option flags the network as a favourite for the current operator. This is useful for commonly accessed networks as they can be displayed on the dashboard in the favourites widget.
Contact information
The following information can be embedded in alert messages. Company - Related company information for this network. Address - Related address information for this network. Phone / Fax - Related phone and fax number for this network. Contact name - Related contact name information for this network. Email - Related email contact for this network. Cellphone - Related cell phone and fax number for this network. Additional - Additional free text information about this network. After all the required information has been entered click the Save button to store your changes, or the Cancel button to return to the previous page without making any changes.
43
The Network information view is divided into two sections. In the upper section, Network Monitor displays generic information about the network such as its name, description and status. The bottom section displays all objects that are currently in the network, their individual status and other information.
Commands
In the upper part of the Network information view, a number of commands are displayed. The commands affect the currently viewed network only. The commands displayed to the operator are dependant on the current operator's access rights. To execute a command, click it. Activate/Deactivate - The command activates or deactivates the current network. If the network is currently active, the deactivate command is displayed and vice versa. Delete - Deletes the current network. The operator must confirm the delete operation. Properties - Opens the Properties page for the current network. View report - Opens the View report page for the current network.
Account properties
Username - This is the username of the logon account. Password - To set the password for a logon account, enter the password twice: once in the Password box and then enter the same password in the Verify password box. Description - This is a generic description to help you identify the logon account. Operator group - A logon account is always tied to an operator group. A logon account is only accessible to members of the logon account's specified operator group.
Commands
In the upper section of the Account list view, a number of commands are listed. New - Creates a new logon account. Delete - Deletes the selected logon accounts. The operator must confirm the delete operation.
45
The Account information view is divided into three sections. In the upper part, Network Monitor displays the username and description of the logon account. The next section displays all objects that are currently using the logon account. This makes is easy to quickly change the logon account for a number of objects at once, select the objects from the list and click the Edit command. You can then use the multi edit feature (page 23) to edit the objects and change their logon account. Similarly, in the bottom section all monitors that are using the logon account are listed. It is possible to use the multi edit feature to change the logon account for selected monitors as well, as long as the selected monitors are of the same type.
Example 1
Username: Robert Password: Robert
Example 2
Username: mydomain\Robert Password: Robert In example 1, Network Monitor would look for the account on the local machine and then in the 46
The management interface domain (if there is a domain in the network). Example 2 tells Network Monitor to look for the account information in the domain only. The pitfall in example 1 is that there might be a local user name Robert that has different privileges then the domain user called Robert, leading to access denied errors and other problems while testing.
Scheduled events
With the scheduled events feature it is possible to run specific events at a given time. Events can be configured to run once or repeatedly with various configurations.
All scheduled events are listed with the date and time to execute the event, as well as a description and the time the event was last executed.
Commands
In the upper section of the Event schedule list view, a number of commands are listed. These commands affect events that are selected in the list only. Delete - Deletes the selected events. The operator must confirm the delete operation. New - Creates a new scheduled event.
Select the desired event by clicking it. The scheduled event properties page displays. For information about the scheduled event properties page and details about editing scheduled events, see the Editing a scheduled event (page 48) topic. A reference to all scheduled events can be found in the Scheduled event reference (page 49) section. After all required information has been entered, click the Save button and the new event will be created.
Run-once event - To specify a run-once event, select the radio button and fill in the date and time fields. Date - Specifies the date to execute the scheduled event. Specify the date using a YYYY-MM-DD format. Time - Specify the time of the day to execute the scheduled event. Specify the time in a HH:MM format. Expires - If selected, the scheduled event are automatically deleted once it has been executed. 48
Repeated events
To configure a repeating event, it's necessary to specify this in the repeating event section.
Repeating event - To specify a repeating event, select the radio button and fill in the required options below. Active between - Specifies a date range in which the event is active. Specify the range using a YYYY-MM-DD format. If these fields are left empty, the scheduled event is always active. Day of week - By checking a day, the event is active on the selected days of the week only. Hours in day - Specify one or more times during the day when the event is executed. Specify the time in HH:MM format, and separate multiple time entries with a comma. Last in month - To have the event execute the last day in every month, check this option. Days in month - To execute the event on specific days in the month, specify the days separated with a comma. After all the required information has been entered, click the Save button to store your changes, or the Cancel button to return to the previous page without making any changes.
To edit the scheduled event, click it from the search result window.
Event settings
Log name - Specify the name of the event log to clear.
49
The management interface Hostname - The hostname of the remote host. This can be either a DNS name or an IP address. Logon account - The logon account to use for authentication with the remote host.
Event settings
Command - Specify the command to be executed on the remote host. Port - Specify the port number where to connect. For SSH2 the default port is 22 and for telnet the default port is 23. Use telnet - If checked, Network Monitor connects to the remote host using the Telnet protocol. Checking this option automatically modifies the port to 23. Hostname - The hostname of the remote host. This can be either a DNS name or an IP address. Logon account - The logon account to use for authentication with the remote host.
Event settings
Script - Select the script to be executed. Lua scripts used with Network Monitor should be placed in the KNM\scripts folder of the KNM host machine. Once a script has been selected, individual fields for the script parameters display. No account logon - If this option is selected, Network Monitor does not perform Windows authentication before executing the script. Instead, the specified logon account information is passed to the script as a parameter. This is useful for scripts that want to perform custom logons, for example, with SSH2. See Logon account below. Hostname - The hostname of the remote SNMP agent. This can be either a DNS name or an IP address. Logon account - If a logon account is specified, Network Monitor performs Windows authentication with the specified host before executing the script. This is useful for scripts that require authentication before executing.
50
Event settings
The settings for this event are divided into two sections. In the first section the type and source of the exported data is defined.
Data type - Select the specific type of data to be exported. The data types are organized into categories. To add a data type to the export list, select it and click the Select button. Selected data types are added to the selected list. To remove a data type, select it and click the Remove button. Period - Specify the period to export the data. Object - To select objects for data export, first select the relevant network where the object is located, then select one or more objects from the list and click the Select button. Selected objects are added to the selected objects list. To remove an object from the data export, select it and click the Remove button.
Export options
In this section the details for the CSV file or database export is defined.
Export to file - Select this option to export statistics data to a CSV file. Filename - This is the filename of the exported data file. Optionally include the following formatting variables when specifying the filename. %date - the current date %time - the current time Export to database - Select this option to export statistics data to a database via ODBC. Datasource name - The name of a previously defined ODBC datasource. Database name - The name of the database to store the statistics into. Username - If necessary, specify the username to connect to the database with. Password -The password for connecting to the database.
51
The management interface exported data. The second file has the same name, but has info_ prefixed to the name. This file contains a description of the kind of data that was exported. The structure of the info file looks like this: Network name;object name;monitor name;monitor-id;monitor-subid;datatype-id;unit;datatype description
Example
Default network;Backup;Disk utilization (C:);84;0;3;%;Disk utilization The structure of the data file looks like this: monitor-id;datatype-id;monitor-subid;timestamp;raw data;comment
Example
84;3;0;2009/08/05 09:42:57;13.669434; If the record is considered invalid by Network Monitor, a fixed value of -10000.0 is exported.
Exporting to a database
When exporting statistics data to a database, Network Monitor creates two tables in the database. The first table is called inmDataExportInformation. It has the following structure: CREATE TABLE inmDataExportInformation (networkName char(128), objectName char(128),monitorName char(128), monitorID integer, atomID integer, dataType integer, unitNamechar(32), exportedDataType char(128)); This table contains information about the data that was exported, similar to to exporting data to a file. The second table is called inmDataExport. It has the following structure: CREATE TABLE inmDataExport (monitorID integer, atomID integer, dataType integer, dataTime DATETIME, dataRaw float); This table contains all of the exported statistics data.
Warning: Network Monitor begins the export of data by dropping tables with these two names. The database user configured for Network Monitor will require appropriate access to DROP, CREATE and INSERT operations on the database in question. Refer to your database manual for information about how to configure a database user.
Event settings
Command - Enter the command to be executed. Parameters - Add parameters to be sent with the command. Use citation characters to specify a parameter containing spaces as one parameter. Logon account - The account used while authenticating.
Generate a report
The event is used to schedule the generation of a report and send or publish the report to specific
52
Event settings
The settings for this event are divided into two sections. The first section contains general settings such as which report to generate. With this event you can either schedule the generation of a report template or a customized report, not both.
Report template - Select a report template to schedule. See the section below on selecting objects for a report template. Period - Select the report period for the report template. Separate reports - Select this option to send separate reports for each object. Customized report - Select a customized report to schedule.
To select objects to include in the report, first select the relevant network where the object is located, then select one or more objects from the list and click the Select button. The selected objects are added to the selected objects list. To remove an object from the report, select it and click the Remove button. In a similar way, individual monitors can be included in the report. To include a monitor, first select the relevant object from the list and then the monitor. Proceed the same as you would including objects in the report.
53
Report recipients
In this section you configure the operators that receive the generated report, as well as other report publishing options.
Operator group - To send the generated report by email to all members of an operator group, select the group from the list and click the Select button. You can include more than one group. The selected operator group are added to the selected group list. To remove an operator group, select it and click the Remove button. Operator - To send the generated report by email to a specific operator, select the operator from the list and click the Select button. You can include more than one operator as recipient. The selected operator will be added to the selected operator list. To remove an operator, select it and click the Remove button. Email - Specify individual email addresses as recipients. Separate multiple entries with a comma. Subject - Specify a subject line for the emailed report. If left blank the default subject line for emailed reports is used. See the Miscellaneous settings (page 103) section for information about this setting. Directory - The generated report can be published on a network folder as an HTML document. Specify the path to this folder. Optionally include the following formatting variables when specifying a path. %date - current full date %date_year - current year %date_month - current month %date_dayofmonth - current day in the month %time - current full time %time_hour - current hour %time_minute - current minute %time_second - current second FTP host and port - The generated report can be published on a FTP server as a HTML document. Specify the host name and port number. Defaults to 21. FTP user - Select the logon account to be used for authenticating against the FTP server.
54
Event settings
URL - Specify the target URL of the request. Port - Specify the port number to use. The default port for HTTP is 80. Parameters - Specify the parameters to be sent along with POST requests. Enter the name of the parameter, followed by an = sign, and then the value. Enter one parameter per row. Username - Enter a username if the remote service requires HTTP authentication. Password - Enter a password if the remote service requires HTTP authentication. Proxy server - Proxy server address to be used. This can be either a DNS name or an IP address. Proxy port - The port number used by the proxy address. Method - Select the request method to use. SSL - If the request should use SSL (Secure Socket Layer) check this option. Notice that checking this option automatically updates the port number.
Net send
With the Net send event it is possible to send so called net messages on a Windows network. Net messages are displayed on a computer where the recipient user is logged on to, or sent to a specific computer on the network.
Note: This event is not available for Windows Vista operating systems or later.
Event settings
Username - Specify the username to send the message to. Message - Specify the content of the message to be delivered. Hostname - Specify the hostname of the specific computer to send the message to. This can be either a DNS name or an IP address.
The management interface server to one or more operators or operator groups. For information on how to configure PageGate, see the Miscellaneous settings (page 103) section.
Event settings
Operator group - Select an operator group to be the recipient of the message. Operator - Add specific operators as recipients to the message by selecting them from the list and click the Select button. Selected operators - Lists operators currently selected as recipients. To remove an operator, select it from the list and click the Remove button. Specific recipient - Enter specific PageGate users. Separate multiple entries with a comma. Subject - Specify the subject line of the message. Message - Specify the message body text.
Send email
The purpose of the Send email event is to send an email with specified content to one or more operators or operator groups. For information on how to configure email settings, see the Email and SMS settings (page 98) topic.
Event settings
Operator group - Select an operator group to be the recipient of the email message. Operator - Add specific operators as recipients to the message by selecting them from the list and click the Select button. Selected operators - Lists operators currently selected as recipients. To remove an operator, select it from the list and click the Remove button. Specific recipient - Enter specific email addresses. Separate multiple entries with a comma. Subject - Specify the subject line of the email message. Message - Specify the message body text. 56
Send SMS
The purpose of the Send SMS event is to send a SMS message specified content to one or more operators or operator groups. For information on how to configure an SMS capable device, see the Email and SMS settings (page 98) topic.
Event settings
Operator group - Select an operator group to be the recipient of the SMS message. Operator - Add specific operators as recipients to the message by selecting them from the list and click the Select button. Selected operators - Lists operators currently selected as recipients. To remove an operator, select it from the list and click the Remove button. Specific recipient - Enter specific phone numbers. Separate multiple entries with a comma. Message - Specify the message body text.
Send Wake-On-LAN
The Send Wake-On-LAN event can power up a remote host by using the Wake-On-LAN protocol. To be able to use this event, the remote host must support the Wake-On-LAN feature.
Event settings
Mac address - Specify the Mac address of the network card on the remote host that should receive the Wake-On-LAN request. Interval - The interval between each sent request. Packet count - How many requests that should be sent.
SNMP Set
The purpose of the SNMP Set event is to send a SNMP set request to a remote SNMP agent.
Note: The system hosting the Network Monitor server must have the Windows SNMP Service running to use SNMP monitoring. Any community specified by Network Monitor for monitoring must also be specified by the SNMP Service on the host machine. See Installation Checklist (page 6).
57
Event settings
Community - Specify the write community name to use. OID - Enter the relevant OID. You can specify either a named OID or a OID in number format. If you specify a named OID, Network Monitor tries to resolve it to its number format automatically when the field loses focus. Network Monitor uses the currently compiled MIBs to attempt to find the number format of the OID. Value - Specify the value to set. Syntax - Specify the syntax of the OID. This is the type of value you want to set. Hostname - The hostname of the remote SNMP agent. This can be either a DNS name or an IP address.
Event settings
Operator group - To send the status report by email to all members of an operator group, select the group from the list and click the Select button. You can include more than one group. The selected operator group is added to the selected group list. To remove an operator group, select it and click the Remove button. Operator - To send the status report report by email to a specific operator, select the operator from the list and click the Select button. You can include more than one operator as recipient. The selected operator is added to the selected operator list. To remove an operator, select it and click the Remove button.
Event settings
Monitor - Select the monitor to be triggered. First select the relevant object and then the specific monitor.
58
Event settings
Service name - Specify the name of the service. This should be the service name and not the display name. Type - Select the operation to perform on the service. Hostname - The hostname of the remote host. This can be either a DNS name or an IP address. Logon account - The logon account to use for authentication with the remote host.
See Also
Windows service control (page 216) (action) Windows service list (page 118) (direct control) Windows service status (page 204) (monitor)
Maintenance schedules
Maintenance schedules can be used to specify planned or periodic maintenance of an object or a monitor. During the maintenance period no monitors are tested. Maintenance schedules can be either a single maintenance period or a repeating period with many flexible scheduling options.
All maintenance schedules are listed with the date, time and length of the maintenance period, as well as the relevant objects for the schedule.
Commands
In the upper section of the Maintenance list view, a number of commands are listed. These commands affect maintenance schedules that are selected in the list only. Delete - Deletes the selected maintenance schedules. The operator must confirm the delete operation. New - Creates a new maintenance schedule.
The management interface It's also possible to select a range of schedules by first clicking the start position in the list, then hold the shift key and click the end position. All the maintenance schedules in between the selected positions are selected.
Maintenance settings
In this section the settings for the maintenance period, as well as which objects to place in maintenance, are defined.
Maintenance settings
Select objects - To select objects to include in the maintenance schedule, first select the relevant network where the object is located, then select one or more objects from the list and click the Select button. The objects are added to the selected objects list. To remove an object from the maintenance schedule, select it and click the Remove button. Select monitor - To select specific monitors to be included in the maintenance schedule, first select the relevant object where the monitor is located, then select one or more monitors from the list and click the Select button. The monitors will be added to the selected monitors list. To remove a monitor from the maintenance schedule, select it and click the Remove button. Time - Specify the time of the day when to start the maintenance period. Downtime - Specify the length of the maintenance period in hours and minutes. Expires - If selected, the maintenance schedule are automatically deleted once the maintenance period is over.
60
The management interface Single maintenance - To specify a single maintenance schedule, select the radio button and fill in the date field. Date - Specifies the date to activate the maintenance schedule. Specify the date using a YYYY-MM-DD format.
Repeated maintenance - To specify a repeating maintenance schedule, select the radio button and fill in the required options below. Active between - Specifies a date range in which the maintenance schedule are active. Specify the range using a YYYY-MM-DD format. If these fields are left empty the maintenance schedule are always active. Day of week - By checking a day, the maintenance schedule are active on the selected days of the week only. Every N:th day - If specified, the maintenance schedule are active on every Nth day from the specified start date. This option requires that the maintenance schedule has an active date range specified. Last in month - To have the maintenance schedule active the last day of every month, check this option. Days in month - To have the maintenance schedule active on specific days of the month, specify days separated with a comma. After all the required information has been entered click the Save button to store your changes, or the Cancel button to return to the previous page without making any changes.
To edit the maintenance schedule, click it from the search results window.
Operator schedules
Defining operator schedules prevents operators from receiving notifications unnecessarily during off hours. The work hours of an operator schedule are defined using a rolling-schedule.
61
All operator schedules are listed with the name, description and the active period of the schedule.
Commands
In the upper section of the Operator schedules list view, a number of commands are listed. These commands affect operator schedules that are selected in the list only. Delete - Deletes the selected operator schedules. The operator must confirm the delete operation. New - Creates a new operator schedule.
Name - This is a descriptive name of the schedule and is used to identify the schedule in lists. Description - A longer description of the schedule and its usage.
62
The management interface Active - Specify the range of dates the operator schedule is active. A start date is required. The details of the operator schedule are defined in relation to the schedule's start date. Expires - Select this option to automatically delete the operator schedule once it becomes inactive. After all required information has been entered click the Save button to store your changes, or the Cancel button to return to the previous page without making any changes.
To add a block to the schedule, select the Add block command from the Schedule blocks section. The block properties page displays.
Length - Enter the length of the block in days. For example, specifying 7 creates a block 7 days in length. Enter the desired length of the block and click the Save button. The block is created and added to the operator schedule.
Continue adding blocks until the desired structure of the schedule is defined. The blocks are continuously repeated in relation from the start of the operator schedule until the schedule is no longer active.
63
Day of week - Select which days during the week the rule will be in effect. Active between - Specify a time period during the day the operators will be available. Optionally specify an overnight time period here. For example, 17:00 to 08:00. Available operators - Select operators to be added to the rule from the list and click the Select button. The operators are added to the selected list. To remove an operator from this rule, select the operator from the selected list and click the Remove button. When the block rule is in effect, the selected operators are considered to be working and available for notifications by Network Monitor. It is possible to specify multiple rules inside a block.
Reports
This section discusses the reporting features built into Network Monitor.
Introduction
Network Monitor is capable of generating statistical reports from recorded monitor data. A report can contain several different components, such as charts, toplists, downtime information, data tables, comments and images. The overall style and color settings of the reports are controlled by style templates (page 74), which makes it easy to add your company color-scheme or logotype to the finished reports.
The management interface This extra requirement makes Report templates much more powerful. For example, if your Report template contains a CPU chart, the actual contents of the chart depends on the networks or objects you selected when you viewed the Report template. Other report items work in a similar way when generating reports with Report templates. Network Monitor comes pre-configured with a set of useful Report templates. You can of course customize those Report templates and create your own if you wish to do so.
Report items
This section describes the different types of report items available for reports and their settings.
Graphs
Report graphs display a chart of recorded monitor data over a specific period. Each graph can contain data from up to 8 individual monitors. Every monitor is coded with a specific color. The color is specified in the relevant Style template (page 75).
Basic properties
Period - This setting is only available when editing graphs in a Customized report. Select the period to report the data. Data type - Select the type of data to include in the report, as well as the desired unit. Header - Specify header text for the graph. Optionally include the following parameter in the header. %graph_type - the type of data in the graph. Footer - Specify footer text for the graph.
Advanced properties
Data option -This setting defines how Network Monitor should present the data when there are more recorded samples for a given position in time. Defaults graphing an average of those values. This setting affects visual presentation only. Fill - If the graph should be filled, select this option. If more than one monitor is graphed in the same chart, Network Monitor ignores this setting. Legend - Include a legend after the graph. This contains a reference to all monitors included in the graph, as well as their extreme values over the period. Data filter - Optionally specify a min and max range for visible data. Data outside of the given range is ignored. Custom scale - Optionally limit the graph to a certain range in the Y-axis. Normally, this is controlled automatically by the type of the data. Graph dimension - Specify the dimension of the graph image. The default value is 1000 x 152 pixels. 65
Clicking the graph report item displays the graph information screen
Each monitor is listed together with its object, as well as the color associated with the monitor, depending on the relevant report style.
To add a monitor to the graph, select the relevant object from the list box, then the monitor. Notice that you are only able to select monitors relevant to the current graph. In other words, monitors not storing data of the type specified in the graph are be visible. To remove a monitor from the graph, select it from the selected monitors list and click the Remove button.
Data tables
The data table report item can display tabular data in both horizontal and vertical tables. This makes it possible to display readings in a textual format. The number of rows or columns, depending on the layout, is dependent on the report time period. You can choose to report snapshots or period averages in the data table. Snapshots - A snapshot is the closest data sample to the cell. For example, if you have a Daily report and there are two samples at 14:59 and 15:02, the data shown for the cell at 15:00 is the sample at 14:59. Period Average - The period average option averages of all samples within each period and uses that value for the respective cell. These two powerful options provide you with good control of how to present different types of data. Snapshots are more interesting for some types of data and period averages are more interesting for others.
Select object - Select objects to be included in the data table from the list and click the Select button. The object is added to the data table and listed in the selected objects list. To remove an object from the data table, select it and click the Remove button. Select monitor - In a similar way, individual monitors can be included in the data table. Select the relevant object from the list and then the monitor. Click the Select button to add the monitor to the data table. To remove a monitor from the data table, select it and click the Remove button.
67
The management interface Period - This setting is only available when editing data tables in a Customized report. Select the period to report the data. Layout - Select between a horizontal layout, where the time is presented as going from left to right, or a vertical layout where time is listed as going from up to down. Data type - Select the type of data to be put into the configuration, as well as the presentation unit desired. Click the Add button to add the configuration to the data table. To remove a configuration, select it from the list and click the Remove button. Data table mode - Select Snapshot or Interval average for the configuration. Notice that this setting is per configuration, so it is possible to display each data table using a different data type and data table mode.
Downtime
A downtime report can show the downtime of one or more selected networks or objects. What contributes to your downtime can be displayed down to the individual monitor level if required. The downtime report item can report three different values, namely downtime, uptime and unknown. Downtime is defined as the total time the monitor was in the alarm state. Uptime is defined as the time the monitor was in a normal state. Unknown is the time Network Monitor did not know the status of the monitor, for example if the Network Monitor service was stopped for a couple of hours. All values are reported as percentages of the report period. It is also possible to limit the downtime calculations for a period during the day. This is useful if you need to know your uptime only during a certain time. Another advanced option is to limit the downtime calculation to only a limited set of monitors. For example, you could choose to only calculate downtime on your networks and objects by using Ping monitors only.
Network - This setting is only available when editing downtime items in a Customized report. Select networks to be included in the downtime report from the list and click the Select button. The network is added to the downtime report and listed in the selected networks list. To remove a network from the downtime report, select it and click the Remove button. Period - This setting is only available when editing downtime items in a Customized report. Select the period to report downtime. Downtime reporting - Select the level of detail of the report downtime. If Report downtime for objects is selected, Network Monitor displays individual objects, per network, and their contribution to downtime. If Report downtime for objects, then monitors is selected, Network Monitor breaks down the report further, showing each individual monitor in each objects and it's contribution to the downtime. Report options - Select what downtime components display in the report. See the discussion above on details on downtime, uptime and unknown time. When unknown time is not reported in the downtime report, you have the option to treat the unknown time as uptime, or leave it as time unaccounted for. The last option can be used to specify whether or not to include objects without any downtime in the report.
68
Advanced properties
Time limit - With the time limit option, it is possible to only consider data within a specific daily time interval as the basis for the downtime report. Monitor limit - To limit the downtime report to types of monitors, select a monitor type from the list and click the Select button. To remove a monitor type, select it and click the Remove button.
Comments
Comments can be included in your reports. They can also be used to include signature fields for occasions when a report has to be reviewed and signed by someone.
Comment properties
Comment - The comment text to be included in the report. Font options - The font size and alignment of the text of the comment. Signature field - If selected, a horizontal line is shown in the report where a signature can be written.
Images
You can also include custom images in your reports. All supported image files placed in the KNM\reports\images folder of the KNM host machine can be selected and viewed in the reports.
Image properties
Image - Select the desired image from the list. Placement - Specify the placement of the image in the report.
Toplists
This report item makes use of the Network Monitor toplist feature, making it possible to insert pre-calculated toplists in your reports. For example, including the top 3 servers with the highest CPU load in your network, or the top 5 servers with least amount of disk space left, is easy. Please refer to the Toplists (page 143) topic for more information about the possibilities with Network Monitor toplists.
69
Toplist configurations
Individual toplist configurations are defined in this section.
Toplist configurations
Period - Select the toplist to include in the report. You have the option to include data from the daily, weekly or monthly toplists. Type - Select a data type and the desired presentation unit. Sorting mode - Specify it if you want to show data starting with the lowest entries going upward, or starting with the highest entries going downward. For example, if you want to display the top N highest of something in your report, you would select the highest entries first. Entries - Select how many entries you want to include. For example, if you want to display the top 5 of something, enter 5. Data - Select whether to base the toplist report on the recorded extreme values, or the period average. For example: if you want to display the top N average of something, you would select Period average here. Another example would be to display the top N high spikes of something, in this case you would select Sampled max value here. Entries - To add a toplist configuration, click the Add button. The selected configuration is added to the list. To remove a configuration, select it and click the Remove button. Notice that it is possible to include more than one configuration, with completely different settings, in the toplist report.
Content filtering
It is possible to filter data from the toplist reports, to only include specific networks and/or objects. Normally, data from all networks and objects are included. For Customized reports, the following settings are available.
Select networks - Select networks to include in the toplist report. Select a network from the list and click the Select button. To remove a network from the toplist report, select it and click the Remove button. Select objects - Select objects to include in the toplist report. Select an object from the list and click the Select button. To remove an object from the toplist report, select it and click the Remove button.
70
The management interface For Report templates, the following settings are available.
Filter by selection - Select this option to only include networks and/or objects selected when viewing the Report template in the report. This option is selected by default.
Customized reports
Customized reports are good for defining reports whose content does not change. A Customized report is also the only way to create a report that contains data for different time periods in the same report.
71
All Customized reports are listed with their name and description. In addition, it's possible to immediately view a Customized report by clicking the icon, or to email the report by clicking the icon.
Commands
In the upper section of the Customized reports list view, a number of commands are listed. These commands affect reports that are selected in the list only. Delete - Deletes the selected reports. The operator must confirm the delete operation. New customized - Creates a new customized report. report
Selecting reports
To select reports from the list place a check mark in the selection column to the left. It's also possible to select a range of reports by first clicking the start position in the list, then hold the shift key and click the end position. All the reports in between the selected positions are selected.
72
Name - This is the name of the report. This should be a descriptive name as it is used to identify the report in lists. Description - A longer description of the report and its function. Style - Select the report style to be used for this report. Favourite - To flag this report as a favourite for the current operator, check this option. After all the required information has been entered click the Save button to store your changes, or the Cancel button to return to the previous page without making any changes.
Report templates
Unlike a Customized report, the actual content of a Report templatein terms of networks, objects or monitors is never specified. Report templates can be thought of being applied to a specific selection of networks, objects or monitors.
All Report templates are listed with their name and description. In addition, it's possible to immediately view a Report template by clicking the icon, or to email the report by clicking the icon.
Commands
In the upper section of the Report templates list view, a number of commands are listed. These commands affect reports that are selected in the list only. Delete - Deletes the selected reports. The operator must confirm the delete operation. New report - Creates a new report template template
73
Selecting reports
To select reports from the list place a check mark in the selection column to the left. It's also possible to select a range of reports by first clicking the start position in the list, then hold the shift key and click the end position. All the reports in between the selected positions are selected.
Name - This is the name of the report. The name is used to identify the report in lists. Description - A longer description of the report and its function. Style - Select the report style to be used for this report. Favourite - To flag this report as a favourite for the current operator, check this option. After all required information has been entered click the Save button to store your changes, or the Cancel button to return to the previous page without making any changes.
The Report information view is divided into two sections. In the upper section generic information about the report, such as its name and description, is displayed. In the bottom section, all the report items added to the current report are listed.
74
Style templates
Report style templates control the overall look of the report. The style template is made up of a number of different elements that are common for all reports using the same style template. Both Report templates and Customized reports can use a style template.
All style templates are listed with their name and description.
Commands
In the upper section of the Style templates list view, a number of commands are listed. These commands affect the style templates that are selected in the list only. Delete - Deletes the selected reports. The operator must confirm the delete operation. New style template - Creates a new style template.
75
Basic properties
Name - This is the name of the template. The name is used to identify the template in lists. Description - A longer description of the style template. Header - The header is displayed on top of every generated report. The following parameter can be included in the header. %time - the current time Footer - The footer displayed in the bottom of every generated report. The following parameter can be included in the footer. %time - the current time Logotype - It is possible to include an image, such as a logotype, in every generated report using this template. Logotype images should be placed in the KNM\reports\images\logo folder of the KNM host machine. Logotype placement - Specify the placement of the logotype image. Default - Check this option to set this style template as the default for new reports.
Color settings
In the color settings section, a pre-defined color scheme can be selected or completely customized.
76
The management interface Color scheme - Select a pre-defined color scheme. To customize your own color scheme, select Custom. Background - Enter the color for backgrounds in graphs. Grid color - Enter the color for the grid in graphs. Text color - Enter the color for text and values in graphs. Line color - Enter the color for each specific monitor in graphs. All colors should be specified in the hexadecimal RRGGBB color format. After all the required information has been entered, click the Save button to store your changes, or the Cancel button to return to the previous page without making any changes.
Viewing reports
To view a report directly in the Network Monitor management interface, either select the View command on the Report information view, or click the icon from either report list. Viewing a report works differently for Customized reports and Report templates.
Period - Select the desired report period. Select networks - Select networks to be included in the report from the list and click the Select button to include the network. To remove a network from the report, select it from the list and click the Remove button. Select objects - Select objects to be included in the report from the list and click the Select button to include the object. To remove an object from the report, select it from the list and click the Remove button. To generate the report, click the View report button.
77
Then select the View report command, Network Monitor displays the View report page.
The selected networks display. Select the desired Report template and specify the Period. To generate the report, click the View report button. From the Network information screen, you can view a report by selecting the View report command.
78
Operator group - To email the report to all members of an operator group, select the operator group from the list and click the Select button. To remove an operator group as recipient for the report, select the operator group and click the Remove button. It is possible to include more than one operator group as recipient for the report. Operator - To email the report to a specific operator, select the operator from the list and click the Select button. To remove an operator as recipient for the report, select the operator and click the Remove button. It is possible to include more than one operator group as recipient for the report. Email - Specify individual email addresses as recipients. Separate multiple entries with a comma. Directory - The generated report is published on a network folder as an HTML document. Specify the path to this folder. Optionally include the following formatting variables when specifying the filename. %date - the current full date %date_year - current year %date_month - current month %date_dayofmonth - current day in the month %time - current full time %time_hour - current hour %time_minute - current minute %time_second - current second FTP host & port -The generated report can be published on a FTP server as a HTML document. Specify the host name and port number. Defaults to 21. FTP user -Select the logon account to be used for authenticating against the FTP server here.
79
Period - Select the desired report period. Select networks - Select networks to be included in the report from the list and click the Select button to include the network. To remove a network from the report, select it from the list and click the Remove button. Select objects - Select objects to be included in the report from the list and click the Select button to include the object. To remove an object from the report, select it from the list and click the Remove button. To email or publish the report with the selected settings, click the Email report button.
Scheduling reports
Scheduling the automatic generation of reports is done with the scheduled events feature. Details on how to work with scheduled events can be found in the Scheduled events (page 47) section. Documentation for the Generate report (page 52) event specifically can be found in the Scheduled event reference section.
Quick reports
The quick report feature is available when using the View report command with selected monitors. It is a feature designed to quickly generate a report to compare data from different types of monitors at a specific time. For example, to investigate a particular alarm the operator is interested in reporting both the CPU and Disk utilization for a server around the time of the alarm. It would be possible to create a Customized report for this purpose, but using the Quick report feature is a lot faster. After selecting the relevant monitors, from either the Monitor lists (page 25) view or the Object information (page 14) view, click the View report command to display the Create quick report page. The Create quick report page is divided into two sections, one for selecting a report template, and the other section is dedicated to the quick report feature.
80
From the Create quick report page, you can choose to view an existing report template. Select the View predefined report option and select the desired report template, the Period and click the View report button. However, you can also make use of the Create a Quick report function from this screen. Network Monitor has automatically created a report containing graphs from the monitors you selected. If several monitors of the same type are selected they are grouped into the same graph. In some cases you can choose what type of data you want to see in each graph. For example in the case of a Ping monitor, you can choose either Round trip time or Packet loss, as well as the unit of data. Select the time period and click the Ok button to view your quick report. When the report has been generated it is also possible to save it as a Customized report. Enter a name in the text box, click the Save button and the report is stored under Customized reports.
The dashboard
This section describes the dashboard feature of Network Monitor.
81
Dashboard overview
The Network Monitor dashboard is a user configurable view, containing widgets displaying different types of real time information. A number of useful widgets are included with Network Monitor. The dashboard is the default view displayed after logon. At any time it's possible to return to the dashboard by clicking the Network Monitor logotype in the top of the screen.
Example dashboard
Creating dashboards
From the dashboard view, clicking New dashboard displays the dialog to create a new dashboard. Fill in the name of the new dashboard, select the desired layout and click the Save button. This creates a private dashboard for the current operator. The layout of a dashboard defines where widgets of different sizes are placed.
82
Dashboard properties
Dashboard properties
Name - This is the display name of the dashboard. It displays at the top of each dashboard. Layout - Select the desired layout for widgets in the dashboard. My default - Select this option to make this dashboard the default dashboard for the current operator. Share - Share the dashboard. See the Sharing dashboards section for details. System default - Set the dashboard as the system default. See the System default dashboard section for details. Select operators - For a shared dashboard, you can select the operators to share the current dashboard with. Select an operator from the list and click the Select button and the operator is added. To remove an operator, select the operator from the list and click the Remove button. Select groups - For a shared dashboard, you can select operator groups to share the current dashboard with. Select an operator group from the list and click the Select button and the operator group is added. To remove an operator group, select the operator group from the list and click the Remove button.
Sharing dashboards
To share a dashboard with other operators, first check the Share checkbox in the dashboard properties dialog. Then select and add operators and/or operator groups that should get access to the dashboard. Notice that only other system administrators are able to modify the contents of the shared dashboard. The content visible to an operator in a shared dashboard depends on the operator's access rights to individual widgets. Only system administrators can share dashboards.
Deleting dashboards
To delete the current dashboard, click Delete from the dashboard view. It is not possible to delete shared dashboards, or the system default dashboard. 83
Creating widgets
To add a new widget to the current dashboard, click the New widget link and select the desired widget from the popup menu. If the operator does not have access to modify the current dashboard, the New widget link does not display. The widgets available from the popup menu depends on the operator's access rights to individual widgets. See the Dashboards and operator rights (page 82) topic.
Deleting widgets
To remove a widget from the current dashboard, click the widget. close icon on the rightmost side of the
Widgets
This section describes each widget available in Network Monitor in detail.
84
85
86
87
The management interface Network Monitor dashboard. In the widget configuration the URL to the web page can be specified. This widget is available in two different sizes.
Favourite items
This widget displays Network Monitor entities (networks, objects and reports) that have been previously tagged as favourites. This is useful for quick access to entities that you frequently access. Tagging an entity as a favourite is done in the respective property screen.
Toplist widget
This widget displays user configurable toplist information. The information available in the widget is similar to the information available from the Toplist screen in the Reports menu. What toplist information to display is defined from the widget configuration. Daily, weekly and monthly toplists are available, as well as a system snapshot toplist that contains the current status. Toplist configurations are defined similar to toplist report items. Please see the documentation for report toplists (page 69) for details on how to configure toplist configurations.
88
Notepad widget
The notepad widget is a simple notepad that can be used for keeping notes, todo's and similar information. Note entries are private for the current operator unless shared. A note can be shared with one operator group that the current operator is a member of. Other operators in the specified operator group can access and update the information contained in the shared note.
Network maps
This section describes how to work with the network maps feature in Network Monitor.
89
Introduction
Network Monitor is capable of displaying the status of gateways, networks and objects, as well as bandwidth utilization data on selected interfaces in real time in the network maps. Network maps are defined and edited in a separate map editor application. The editor is included in the Network Monitor installation, and a link to download the install file for the Dashboard map editor can be found in the About menu in Network Monitor.
90
Fill in the operator username and password, enter the address to the Network Monitor server (and optionally the port number) and click the OK button.
To import your image, select Import images from the KNM menu. Then select your image file and click Ok. The image is sent to the Network Monitor server and is available for use in the editor.
The management interface also possible to import your own custom icons to use as backgrounds for the various entities on the network maps.
Note: The editor only supports icons in the .png (Portable Network Graphics) format. If you have an icon that you want to use that is in another format, first convert it using another application.
To import a custom icon, select the Import icons command from the KNM menu. Then select your image file and click Ok. The image is sent to the Network Monitor server and is available for use in the editor.
If your icons are very large, the default method of displaying their status in the background may or may not work well. In such cases, it's recommended that you use the status overlay method described in the Network map settings (page 92) topic.
Note: For image transparency, it's recommended that your icons use the 32-bit RGBA format with a proper alpha channel.
The map is created and added to the list of available maps in the tree control to the left.
92
The editor places a network from your Network Monitor configuration onto the map at a default position. Hint: when using the keyboard-shortcut the new network is placed at the current mouse cursor position. The properties of the network are visible in the Properties section. The following properties can be modified for the network. Network - Select the Network Monitor network to be displayed on the map. Icon - The icon to be displayed for the network. You can select from stock icons or custom icons. See Importing custom icons (page 91) for more information. Position - Manually set the position of the network by specifying an X and Y coordinate. Link properties - Specify what happens when an operator clicks on the network from the Network Monitor dashboard. Selecting No link causes nothing to happen when the network is clicked. Selecting Link to network makes the network link to the specified network's information screen in Network Monitor. Selecting Link to map makes the network link to another network map, enabling the creation of "drill-down" network maps.
93
The management interface Adding objects To add an Network Monitor object to the network map, select New object from the Edit menu, or alternatively use the keyboard-shortcut Ctrl+O.
The editor places a object from your Network Monitor configuration onto the map at a default position. Hint: when using the keyboard-shortcut the new object will be placed at the current mouse cursor position. The properties of the object are visible in the Properties section. The following properties can be modified for the object. Object - Select the Network Monitor object to be displayed on the map. First choose the network, then the desired object. Icon - The icon to be displayed for the object. You can select from stock icons or custom icons. See Importing custom icons (page 91) for more information. Position - Manually set the position of the object by specifying an X and Y coordinate. Link Properties - Specify what happens when an operator clicks on the properties object from the Network Monitor dashboard. Selecting No link causes nothing to happen when the object is clicked. Selecting Link to object makes the object link to the specified object's information screen in Network Monitor. Selecting Link to map makes the object link to another network map, enabling the creation of "drill-down" network maps. Adding gateways
Note: This section applies to the Distributed Edition only.
To add an Network Monitor gateway to the network map, select New gateway from the Edit menu, or alternatively use the keyboard-shortcut Ctrl+G
The editor places a gateway from your Network Monitor configuration onto the map at a default position. Hint: when using the keyboard-shortcut the new gateway will be placed at the current mouse cursor position. The properties of the gateway are visible in the Properties section. The following properties can be modified for the gateway. Gateway - Select the Network Monitor gateway to be displayed on the map. Icon - The icon to be displayed for the gateway. You can select from stock icons or custom icons. See Importing custom icons (page 91) for more information.
94
The management interface Position - Manually set the position of the gateway by specifying an X and Y coordinate. Link Properties - Specify what happens when an operator clicks on the properties gateway from the Network Monitor dashboard. Selecting No link causes nothing to happen when the gateway is clicked. Selecting Link to gateway makes the gateway link to the specified gateway's information screen in Network Monitor. Selecting Link to map makes the gateway link to another network map, enabling the creation of "drill-down" network maps. Selecting content To select content on the network map, either click directly on the desired entity, or draw a selection rectangle around the content you want to select. The selected content displays with a rectangle around it to indicate that it is currently selected. To select all content on the map, select the Select all command from the Edit menu, or use the keyboard-shortcut Ctrl+A. To add or remove content to your selection hold down the Ctrl key on the keyboard while selecting. To clear your selection, click in an open space somewhere in the map. Editing content To change the properties of content on the map, first select it to display the properties window. Make the appropriate changes, depending on what you selected, and click the OK button to confirm your changes. To move content in the map, first select it, then drag it on the map while holding the left mouse button down. Using the organizer tools Selected content in the map can be organized by using two tools, the Grid organizer tool and the Circular organizer tool To access the tools, right-click in the map window after selecting the desired content and select either tool from the Organize selection popup menu.
95
Deleting content To delete content from the map, first select it, then select the Delete selection command from the Edit menu, or alternatively press the Delete key on the keyboard.
Multi-edit To change the icon used for several entities at once, first select the relevant entities. Then select the desired icon from the properties section. Then click the OK button.
96
The management interface Creating a connection Bandwidth utilization can be shown by creating a connection between two entities on the map. At least one of the entities must be a Network Monitor object. The other can be another Network Monitor object, a network, or a gateway. A connection is then linked to a specific Bandwidth utilization monitor in Network Monitor. There are two different methods of creating a connection.
To link the connection to a monitor in Network Monitor, first select the object, then the monitor to link the connection to. Click the OK button to confirm your selection. Optionally create a connection without linking the connection to a Bandwidth utilization monitor in Network Monitor. In this case, the connection is shown as a line between the entities on the map when viewed on the dashboard, without any visual information about the current bandwidth utilization.
Select the entity to create multiple connections to. A new connection for all the selected entities is created, with the selected entity as the endpoint of the connection. Editing a connection To edit an existing connection, click directly on the line representing the connection in the map view. The properties of the selected connection are displayed in the properties window. To select the monitor to be used for the connection, first choose the relevant object, then the monitor. Click the OK button in the properties window to confirm your selection. Deleting a connection To delete a connection from the map, first select it by clicking the line representing the connection in the map view. The selected connection is displayed in the tree control and the properties are shown in the properties view. To delete the connection, press the Delete key on the keyboard.
97
The management interface Visual feedback When a connection has been created and linked to a Bandwidth monitor, Network Monitor is able to present visual feedback on the current bandwidth utilization for the connection. Distributed Edition users should note that this feature is also available for monitors on gateways. The visual feedback consists of two arrows representing the inbound and outbound traffic on the connection. The inbound traffic arrow pointing towards the object and the outbound traffic arrow pointing away from the object.
The thickness, and color, of the arrows indicates the utilization level. The thicker the arrow is, the greater the bandwidth utilization. The color of the arrows also give an indication to the utilization level. The arrow color is on a scale going from white (lowest utilization), blue, green, orange, up to red (highest utilization). The amount of traffic going in each direction is also visible directly on the connection itself, expressed in Kbps/Mbps/Gbps as appropriate.
System settings
In this section the various pages for changing system settings are discussed. Normally these pages are only accessible by an Network Monitor system administrator.
98
SMTP server
The SMTP server is used to send email notifications to users. Enter the address to the SMTP server you want to use. Note that the SMTP server must be able to accept all the email addresses that you are planning to use. This is the primary SMTP server normally used.
Log settings
Network Monitor is continuously writing a system log containing information about various system events and other status information. This log is written to the KNM\logs folder of the KNM host machine. It is also possible to configure Network Monitor to send the same log information to various services. These include:
99
The management interface The Windows event log An ODBC database A syslog server SNMP traps Each of these services can be configured in the Log settings page. To open the Log settings page, expand the Program settings sub-menu from the Settings menu and select Log settings. The Log settings page displays.
ODBC log
If enabled, Network Monitor stores log information in an ODBC compatible database. The ODBC data source must be a System data source type. KNM can create a database automatically, or you can specify the name of an existing database to place the log table log into. The log table is created with the following fields:
Field Time Object Agent Text Length 64 64 64 255 Type Char Char Char Char
100
The management interface No database index is created for the log table.
Syslog
If enabled, Network Monitor sends log information to a syslog daemon. Specify the address and port number to a host with a running syslog server. The Network Monitor syslog client uses the UDP protocol and port 514 by default. Syslog server - The address of the syslog server receiving the log information. Syslog port - The port number of the syslog server.
SNMP Trap
If enabled, Network Monitor sends all log information as SNMP traps to a remote trap console. Kaseya has created a custom MIB file that can be imported by the software receiving traps from Network Monitor. You can find the MIB file, named knm.mib, in the \mibs directory. Trap receiver - The host name or IP number of the receiver of the traps. Trap port - Port number that the trap receiver listens to. Community - SNMP trap community string. After all required information has been entered, click the Save button to store your changes, or the Cancel button to return to the previous page without making any changes.
The NOC settings page displays. This page consists of two sections.
101
102
The management interface To create a new data type, click New data type command. The Edit data type page displays.
Name - The name of the data type. This should be a short, descriptive name. Description - Enter a description for the data type. Toplist - Enable this option to let the Network Monitor toplist engine include this data type in toplist calculations. Compatible monitors - The monitor types compatible with this data type. Select a monitor type from the list and click the Select button. A selected monitor type can be removed from the selected list, by selecting it and clicking the Remote button. Stored unit - If the data type uses one or more units, you must specify the base unit monitors using this data type will store their data. Compatible units - Select and add units from the list that you want to include with this data type. This is useful for reporting when you want to display proprietary data in different units. Decimals - Enter the number of decimals to use when data of this type is displayed and reported. Clipping - Enter the low and high clipping range of data for this type. It's possible to only specify the low or the high clipping range (or neither).
Miscellaneous settings
The Miscellaneous settings page specifies additional settings for alerts and other events. To open the Miscellaneous settings page, expand the Program settings sub-menu from the Settings menu and select Misc settings.
The Miscellaneous settings page displays. This page is divided into several sections.
103
Default messages
This section contains default messages for alerts and other events. A number of parameters can be specified for each message that includes information from Network Monitor. To a view a list of all parameters click the View details link next to each text field.
Alarm subject - The default subject line for alert messages. Alarm message - The default message for alert messages. Notice that alarm messages can be customized for each monitor. See Editing a single monitor (page 28) for details. Recover subject - The default subject line for recovery messages. Recover message - The default message for recovery messages. Notice that recovery messages can be customized for each monitor. See Editing a single monitor (page 28) for details. Acknowledge subject - The default subject line for acknowledge alarm messages. Acknowledge message - The default message for acknowledge alarm messages. Report subject -The default subject line for emailed reports.
Default messages
This section contains default settings for monitor parameters related to monitoring and storage of statistical data.
Test interval - The default poll interval for new monitors. Alarm gen. - The default alarm generation value for new monitors. Alarm test interval - The default alarm test interval for new monitors. Statistics disk averaging - Stored statistical data for monitors are averaged with the specified interval before being recorded and stored permanently in the Network Monitor database. With a smaller averaging interval, the accuracy of stored statistics datal increases, but also increases disk usage at the same time. Defaults to 5 minutes.
104
The management interface Statistics store interval - This setting specifies how often Network Monitor stores statistical data to its database. Defaults to 10 minutes.
Date format - Specify the date format preferred when displaying a date in the management interface and alert messages. Week format - Specify the week format preferred. Week numbering - Specify the week numbering method used in your region.
PageGate integration
This section contains settings for PageGate integration in Network Monitor. PageGate is a paging gateway application developed by NotePage (http://www.notepager.com) (http://www.notepager.com).
Interface method - Select the interface method to communicate with the PageGate software. Currently the only supported method is the GetAscii method. Polling directory - Specify the polling directory used for the GetAscii method. Please see the documentation for the PageGate software for more details.
Other settings
This section contains various uncategorized settings.
Syslog server - To use the Syslog monitor, the internal syslog server must be enabled. Check this box to enable the syslog server. Watchdog sensitivity - Network Monitor has a built in watchdog function to monitor the system itself. If any errors are detected related to the monitoring process, Network Monitor sends an
105
The management interface email message with details about the error to system administrators. This function is disabled by default. Watchdog mail subject - The subject line for alert messages sent from the watchdog function. Default proxy - Specify the proxy server address, if the Network Monitor server requires a proxy server for outgoing web traffic. This server is only relevant when Network Monitor is checking for new versions. Web server monitors have their own proxy server settings. Default proxy port - Specify the port for the default proxy server if used. Telnet prompt - Enter the command prompts, separated by a comma. Whenever Network Monitor logs into a telnet server, it needs to know what the command prompt looks like. Telnet login prompt - Enter the login prompts, separated by a comma. Whenever Network Monitor logs into a telnet server, it needs to know what the login prompt looks like. Telnet pass prompt - Enter the password prompts, separated by a comma..Whenever Network Monitor logs into a telnet server, it needs to know what the password prompt looks like. Backups - Specify whether or not to create regular backups of the Network Monitorsystem configuration. Backups are placed in the KNM\nxdbackups folder of the KNM host machine. This option is enabled by default. Backup frequency - Specify the interval for creating backups. IP connection list - Optionally restrict access to the Network Monitor management interface by filtering IP addresses. Enter IP number ranges that may connect to the interface. For example, entering: 192.168.1.0 -192.168.1.255 would specify that only IP addresses within that interval would be able to connect to the Network Monitor interface. See the Web server configuration (page 151) topic for more details. Login notice - This is a message displayed on the logon page of all operators connecting to the management interface. After all required information has been entered, click the Save button to store your changes, or the Cancel button to return to the previous page without making any changes.
106
System shutdown
It's recommended that Network Monitor be shutdown from the System administration page when required, and not from the service manager in Windows. To initiate shutdown of the Network Monitor system, click the System shutdown button. The operator must verify the shutdown operation.
Service Desk
KNM > Settings > Program settings > Service desk The Service Desk page specifies the service desk used to create tickets for Network Monitor generated alarms.
Note: See the Network Monitor and Service Desk Integration quick start guide (http://help.kaseya.com/WebHelp/EN/KNM/4010000/link.asp?knm-desk) for more information.
Procedure
1. Display the Network Monitor > Service Desk page using the VSA navigation pane. The Network Monitor > Service desks page displays. 2. Click New in the Service desks menu bar at the top of the Network Monitor page. The Network Monitor > Service desk settings page displays.
3. Enter the following: URL - http://localhost Service desk name - KaseyaNetworkMonitor Accounts - knmserviceaccount 4. Click Save.
107
The management interface The service desk record displays on the Service desks page.
108
Chapter 3
109
Whenever a monitor fails its test, it changes to the Failed state, displayed in the management interface with an orange status icon.
When a monitor keeps failing tests, it eventually changes into the Alarm state, displayed with a red status icon. The number of failed tests required for an Alarm state depends on the Alarm generation parameter for each monitor. Increasing the Alarm generation parameter makes the monitor less sensitive to temporary outages, and decreasing the parameter makes it more sensitive.
When a monitor first enters an alarm state, the Alarms column displays a 1. This is the alarm count. This means that the monitor has now generated one alarm. When the monitor is tested the next time and still fails its test, the number of alarms will be two, and so on. The alarm count is very important, because it controls what actions are taken in response to alarms.
Responding to alarms
An action list is a collection of actions executed in response to an alarm count. Every monitor in Network Monitor has an action list, either defined directly by a monitor's properties, or indirectly by a object's properties. For each alarm count in an alarm list, Network Monitor executes all actions specified for that alarm count. It is possibleand common to define several actions for the same alarm count.
Actions example
In the example above, there are two actions shown. The first action, for the first alarm, is a Send email action. The next action, configured for the fifth alarm, is a Send SMS action. For details on how to edit and configure action lists and actions, see the Action lists (page 110) topic.
Action lists
This section contains information on how to create and edit action lists and actions.
110
Commands
In the upper section of the Action lists view, a number of commands are listed. These commands affect Action lists that are selected in the list only. Delete - Deletes the selected action lists. The operator must confirm the delete operation. New action list - Create a new action list.
111
Alarms and alert handling Name - Enter a name for the action list. The name is used to identify the action list. Description - A longer description of the action list and its intended usage. Operator group - If an operator group is selected, the action list is only available to operators in that particular group. Make default - To specify the action list as the default action list, select this option. The default action list is assigned to new objects by default. After all required information has been entered, click the Save button to store your changes, or the Cancel button to return to the previous page without making any changes.
In the upper section of the Action list information view, basic properties of the action list are displayed, such as its name and description. In the section in the bottom, all actions that have been added to this action list are displayed.
Select the desired action by clicking it. The properties page for the selected action displays.
Action properties
112
Alarms and alert handling There is only one common property among all actions and that is the Alarm number setting. The Alarm number setting specifies the alarm count a monitor must be equal to, to execute this action. After all required information for the action has been entered, click the Save button and the new action will be created and added to the action list.
Editing an action
To edit an existing action, click the properties icon next to the action.
Testing actions
Some actions have a Test action section in their property page. This allows you to test the current action as if it was executed by Network Monitor in response to an alarm, and is a great way to verify that the action is configured correctly. To test the action, expand the Test action configuration section, and select a monitor from the list. Click the Test action button to perform the test.
Deleting an action
To delete an existing action, select the action on the list and choose the Delete command. The operator must confirm the delete operation.
Acknowledging alarms
Using the Acknowledge alarms function, an operator can notify other operators that an alarm is being investigated. The Acknowledge alarms function can be used from the Monitor list (page 25), Object information (page 24) page and the Monitor information (page 30) page. To acknowledge an alarm for one or more monitors, select the monitors and use the Acknowledge alarm command. The Acknowledge alarm dialog is displayed.
Acknowledge alarm
In the first section, all the monitors previously selected are listed.
Modify the selected monitors - When acknowledging the alarm, the operator has two choices on how to modify the selected monitors. 113
Alarms and alert handling Clear alarm status - This clears the alarm state and returns the monitor to its Ok state. Deactivate - This deactivates the monitors, with an option to automatically reactivate them after a given time period. Specify the period in minutes. If the reactivate option is not selected, the monitors stays deactivated until manually activated again. Acknowledge message - When acknowledging the alarm, a message is sent to all operators in the operator group owning the object. Specify the message in this text field. The text message defaults to the acknowledge message specified by the Miscellaneous settings (page 103) page, but can be changed. Send the message by - The acknowledge message can be sent by either email, SMS or PageGate, or a combination of all three. The operator acknowledging the alarm does receive the acknowledge message. To acknowledge the alarm, click the Acknowledge alarm button.
114
Chapter 4
Advanced topics
In This Chapter
Compiling custom MIB files MIB Browser SNMP Traps Windows service list Data extraction reference Init.cfg parameters Gizmo Local Downloads Log search Message format options NOC views Object templates Simulate alarm SMS device configuration System administrator console Toplists Troubleshooting Windows monitoring and authentication UNIX system support files Web server configuration Backup and restore Lua Local dependencies 50 latest syslog messages 116 117 118 118 118 125 127 128 129 130 132 134 138 139 141 143 145 149 151 155 156 157 159
115
Advanced topics
In the Kaseya > KNM program group in the start menu you can find the MIB compiler. By using the MIB compiler you can compile text MIB files into a binary format that Network Monitor can read. Compiling MIB files requires understanding about how MIB files work as well as a general understanding of SNMP. A number of different RFC documents outline the fundamental base that all other MIB files are based on.
Note: The system hosting the Network Monitor server must have the Windows SNMP Service running to use SNMP monitoring. Any community specified by Network Monitor for monitoring must also be specified by the SNMP Service on the host machine. See Installation Checklist (page 6).
As an example, this is the compile order of a CISCO product MIB. 1. SNMPv2-SMI.mib 2. SNMPv2-TC.mib 3. SNMPv2-MIB.mib 4. RFC1213-MIB.mib 5. IF-MIB.mib 6. CISCO-SMI.mib 7. CISCO-PRODUCTS-MIB.mib 8. CISCO-TC.mib The first 5 files in this example are common for most product MIB files, and are included in the default knm.mib binary MIB file.
Warning: All of these files must be compiled at the same time, otherwise the MIB compiler fails due to unresolved symbols.
116
Advanced topics
1. Start the MIB compiler and click the Load button. 2. Locate the default knm.mib file in the KNM\mibs folder of the KNM host machine and double click it. 3. Check the box Use base MIB when compiling. 4. Click the Compile button and select the text MIB files that you want to compile. 5. When the compiler is finished, save the file in the KNM\mibs directory. It's recommended that you use the browse function to review the compiled MIB before saving it into the KNM\mibs directory.
MIB Browser
KNM > Object list > <object name> > New monitor > SNMP > OID [...] KNM > Object list > <object name> > New monitor > SNMP trap > OID include/exclude filters [...] The MIB Browser page displays a MIB tree and enables you to navigate to and select OID values. The MIB Browser must be able to successfully connect to the SNMP agent on the remote device or computer to retrieve and select OID values in this dialog.
Note: The system hosting the Network Monitor server must have the Windows SNMP Service running to use SNMP monitoring. Any community specified by Network Monitor for monitoring must also be specified by the SNMP Service on the host machine. See Installation Checklist (page 6). Note: See Compiling custom MIB files (page 116) to modify the MIB tree displayed in this dialog.
117
Advanced topics
Selecting an OID
1. Click any OID in the tree displayed in the left pane to display the OIDs properties in the right pane. 2. Click the Select OID button.
SNMP Traps
KNM > Tools > SNMP / Syslog > SNMP traps The 50 latest SNMP traps page displays the 50 latest SNMP trap messages sent to Network Monitor by all SNMP trap (page 196) monitors that are members of the same gateway.
Actions
Select one or more services in the list and then perform one of the following actions. Start - Start selected services. Stop - Stop selected services. Restart - Restart selected services. Pause - Pause selected services. Not all services can be paused. Continue - Resume the running of paused services.
See Also
Windows service control (page 216) (action) Windows service control (page 59) (scheduled event) Windows service status (page 204) (monitor)
Prerequisite
Each get request sent to Network Monitor must include a operator username and the operator must be flagged for Auto login (page 152). If the user is also flagged as a system administrator, the user has system wide access. Otherwise the information is restricted to the data controlled by the operator groups the operator is member of. If the operator is not allowed to access the information Network Monitor returns an HTTP 404 error code.
118
Advanced topics
URL Syntax
The format of the URL sent to Network Monitor contains some required parameters.
dir
The dir command returns a list of available monitors and operators with their name and id. This command can be useful when designing extraction URLs for all other commands.
Syntax
http://localhost:8080/extract.xsi?cmd=dir&user=Admin
cmd user dir Network Monitor operator username
Returned data
A list of monitors and operators with their IDs.
monitor_graph
The monitor_graph command returns a PNG image file with the selected real time chart. This is the same chart that is shown in the Monitor information page. Before a chart can be extracted, the chart must be enabled using the Monitor information page.
Syntax
http://localhost:8080/extract.xsi?cmd=monitor_graph&user=Admin&id=8¶m1 =2
cmd user id param1 monitor_graph KNM operator username ID number of monitor Zero based index of chart to retrieve. The index is based on enabled graphs.
Returned data
A PNG image file with the default size of 747x120 pixels and a color depth of 3 bytes per pixel.
monitor_status_list
The monitor_status_list command returns the monitor status string. The status string is the 119
Syntax
http://localhost:8080/extract.xsi?cmd=monitor_status_list&user=Admin
cmd user monitor_status_list KNM operator username
Returned data
A string containing the name of the object and monitor, the status string and the status of the monitor separated by a pipe sign ( | ). Each line is separated by a CRLF.
Example
MyObject | CPU load Monitor | Current CPU usage 11.00 % | OK MyObject | Memory size Monitor | Free memory 256 MB | FAILED
monitor_statusstring
The monitor_statusstring command returns the monitor status string. The status string is the same shown in the Monitor information page.
Syntax
http://localhost:8080/extract.xsi?cmd=monitor_statusstring&user=Admin&id=8
cmd user id monitor_statusstring KNM operator username ID number of monitor
Returned data
A string containing the name of the monitor, the status string and the status of the monitor separated by a pipe sign ( |).
Example
CPU load Monitor | Current CPU usage 11.00 % | OK
monitor_uptimestring
The monitor_uptimestring command returns the monitor uptime string. The uptime string describes the uptime of the monitor in hours, minutes and second. If the monitor is currently in alarm state an asterisk (*) is added to the front of the string to note that the string indicates the downtime of the monitor.
Syntax
http://localhost:8080/extract.xsi?cmd=monitor_uptimestring&user=Admin&id=8
cmd user id monitor_uptimestring KNM operator username ID number of monitor
120
Advanced topics
Returned data
A string containing the name of the monitor and the uptime/downtime string separated by a pipe sign (|).
Example
CPU load Monitor | 0h 59m 35s
object_xml
The object_xml command returns an xml document containing information about an object. To access the object the operator must be a member of the operator group assigned to the object.
Syntax
http://localhost:8080/extract.xsi?cmd=object_xml&user=Admin&id=2
cmd user id object_xml KNM operator username ID number of the object
Returned data
An xml document.
XML fields
INM_OBJECT NAME DESC IP_ADDRESS MAC_ADDRESS ACTIVE MAINTENANCE NETWORK_NAME NETWORK_DESC NETWORK_CONTACT_NAME NETWORK_CONTACT_ADDRESS 1 NETWORK_CONTACT_ADDRESS 2 NETWORK_CONTACT_PHONE NETWORK_CONTACT_MOBILE NETWORK_CONTACT_FAX NETWORK_CONTACT_EMAIL NETWORK_CONTACT_ADD Root of tree Real name Description of the object IP address or host name of object MAC address of object (if available) YES if object is enabled, NO if disabled "Available" if operator is scheduled and on duty, "n/a" if not on duty or not scheduled Name of the network Description of the network Name of network administrator Contact address of network administrator, line one Contact address of network administrator, line two Network administrator phone number, fixed line Network administrator phone number, mobile Network administrator Fax number Network administrator email Additional information about this network
INM_AGENT
Child to INM_OBJECT
121
Advanced topics
NAME TEST_INTERVAL ALARM_DELAY ALARM_GENERATION Monitor name Interval between tests, in seconds Interval between tests when monitor is in alarm state, in seconds How many consecutive tests that have to fail before an monitor is considered to be in alarm state Time of the most recent test Time of the most recent ok test Time of the most recent failed test Number of tests done since last reboot YES if monitor is enabled, or NO if disabled Type of monitor State of monitor, can be OK, FAILED or ALARM The most recent status string Time that the monitor have been in OK state or ALARM state, when in ALARM state the string is prefixed with a '*' sign
Child to INM_AGENT, shows the last 5 status strings Status text Time of the entry OK, FAILED or ALARM
INM_GRAPH_LINK
Child to INM_AGENT, contains information about the realtime charts displayed in the monitor information page A data extraction link to the chart Description of the chart Unit of the Y axis of the chart Time period of the chart
Extended status for SNMP, SSH2 Script, ODBC and WinPerf monitors State of monitor can be OK, FAILED or ALARM User defined unit User defined value that value returned from test is compared with, to evaluate the result of the test. Operation to compare returned value from test and the user defined compare value. Can be:
COMPARE_OPERATION
122
Advanced topics
LAST_VALUE
Example
<INM_OBJECT> <NAME>DOMAINSERVER</NAME> <DESC></DESC> <IP_ADDRESS>192.168.1.1</IP_ADDRESS> <MAC_ADDRESS>00-00-5A-A8-07-D8</MAC_ADDRESS> <ACTIVE>YES</ACTIVE> <MAINTENANCE>NO</MAINTENANCE> <NETWORK_NAME>Office</NETWORK_NAME> <NETWORK_DESC>The default network</NETWORK_DESC> <NETWORK_CONTACT_NAME></NETWORK_CONTACT_NAME> <NETWORK_CONTACT_ADDRESS1></NETWORK_ADDRESS1> <NETWORK_CONTACT_ADDRESS2></NETWORK_ADDRESS2> <NETWORK_CONTACT_PHONE></NETWORK_PHONE> <NETWORK_CONTACT_MOBIL></NETWORK_CONTACT_MOBIL> <NETWORK_CONTACT_FAX></NETWORK_FAX> <NETWORK_CONTACT_EMAIL></NETWORK_CONTACT_EMAIL> <NETWORK_CONTACT_ADD></NETWORK_CONTACT_ADD> <INM_AGENT> <NAME>Bandwidth test</NAME> <TEST_INTERVAL>10</TEST_INTERVAL> <ALARM_DELAY>600</ALARM_DELAY> <ALARM_GENERATION>5</ALARM_GENERATION> <LAST_TEST>2004-06-10 13:38:55</LAST_TEST> <LAST_OK_TEST>2004-06-10 13:38:40</LAST_OK_TEST> <TEST_DONE>0</TEST_DONE> <ACTIVE>NO</ACTIVE> <TYPE>Bandwidth test</TYPE> <STATUS>OK</STATUS> <STATUS_STRING></STATUS_STRING> <UPTIME>23t 4m 45s</UPTIME> </INM_AGENT> </INM_OBJECT>
objectlist_xml
The objectlist_xml command returns an xml document containing a list on all objects and monitors that the operator can access.
Syntax
http://localhost:8080/extract.xsi?cmd=objectlist_xml&user=Admin
cmd user object_xml KNM operator username
Returned data
An xml document.
XML fields
INM_OBJECTLIST Root of tree
123
Advanced topics
INM_OBJECT NAME DESC ID Root of object Name of the object Description of the object ID Number of object
INM_AGENT ID NAME
Example
<INM_OBJECTLIST> <INM_OBJECT> <NAME>Fileserver</NAME> <DESC>Office fileserver</DESC> <ID>955</ID> <INM_AGENT> <ID>8</ID> <NAME>Bandwidth test</NAME> </INM_AGENT> </INM_OBJECT> </INM_OBJECTLIST>
operator_status
The operator_status command returns operator status and information.
Syntax
http://localhost:8080/extract.xsi?cmd=operator_status&user=Admin&id=2
cmd user id operator_status KNM operator username ID number of operator
Returned data
A string containing operator status and information, the fields are separated by a pipe sign (|).
Username Name Phone Cell phone Address 1 Address 2 Scheduled status Online status
KNM operator username Real name Phone number Cell phone number Address field Address field "Available" if operator is scheduled and on duty, "n/a" if not on duty or not scheduled "Online" if operator is logged on to KNM
124
Advanced topics
Example
Admin | Robert | 0611-22334 | | Box 277 | 871 31 Hrnsand Sweden | n/a | Online
test_status
The test_status command returns the overall status of all the monitors.
Syntax
http://localhost:8080/extract.xsi?cmd=test_status&user=Admin
cmd user test_status KNM operator username
Returned data
A string containing the current test status. The status indicates if there is at least one or more monitors in failed or alarm state.
Example
ALARM
version
The version command returns the current Network Monitor version number.
Syntax
http://localhost:8080/extract.xsi?cmd=version&user=Admin
cmd user Version KNM operator username
Returned data
A string containing the version number of Network Monitor.
Example
3.2
Init.cfg parameters
The init.cfg file is used by Network Monitor for settings that are needed before the database with the configuration is loaded. It controls which port Network Monitor starts the web server on and in which mode Network Monitor starts in (Standard, Distributed server or Distributed gateway). The init.cfg file is located in the KNM root directory.
Log
LOG_LEVEL = 0 - Log level, if set to other then zero Network Monitor writes debug information into the text log. Valid log level is 0, 1 and 2. If log level is set to 2 (default 1) Network Monitor starts logging detailed information to a debug_log.txt file in the \logs directory. Can be useful when debugging mail and SMS sending behavior for example. Can be changed while Network Monitor is running.
125
Advanced topics
Web server
WEBSERVER_PORT = 8080 - Web server port number. This is the port number the web server listens on for incoming connections from a browser. Can be changed while Network Monitor is running. WEBSERVER_LANGUAGE = ENG - The language used in the web interface. Defaults to ENG (English). FRA (French) is optional. Can not be changed while Network Monitor is running. WEBSERVER_CERT=name_of_cert - The web server can use SSL to encrypt information. This parameter specifies the certificate name, default blank. Use the Network Monitor SSL configuration utility to select and configure SSL options. Can be changed while Network Monitor is running if WEBSERVER_PORT also is changed, otherwise no. WEBSERVER_SSL=0 - Enables web server SSL mode, default disabled (0), enabled (1). WEBSERVER_BIND=x.x.x.x - If the Network Monitor host machine has more than one network card Network Monitor will bind to the first found card. To change this behavior this parameter can specify the address of the card Network Monitor should bind to. Can be changed while Network Monitor is running if WEBSERVER_PORT also is changed, otherwise no.
SSH2
SSH2_TIMEOUT=25000 - SSH2 client timeout time in milliseconds. Defaults to 25000 (25 seconds). Can be changed while Network Monitor is running. SSH2_TRACELEVEL=0 - Tracelevel can be used to debug the ssh2 connection. Defaults to 0. A valid range is 0 to 4 (max output). Can be changed while Network Monitor is running.
Other
OBJECT_IP_CACHE=1 - Network Monitor resolves all object host names into IP addresses. This feature can be turned off if there is problems with the local DNS. Defaults to 1 (enabled). Optionally 0 (disabled). Can be changed while Network Monitor is running. DELAY_TEST_START=0 - This parameter can be used to delay the start of monitor tests when Network Monitor is starting up. Defaults to 0 seconds. Useful for reducing machine boot time stress by delaying the start of Network Monitor monitor tests. Can not be changed while Network Monitor is running. OPERATOR_SESSION_TIMEOUT=20 - Sets the operator session timeout value, in minutes. If no timeout is wanted, set value to -1. Can be changed while Network Monitor is running. SNMP_TIMEOUT=10000 - To set the timeout used by all SNMP functions (monitors, actions etc), in milliseconds. Defaults to 10 seconds. Can be changed while Network Monitor is running. ENABLE_CRASHFILE=true - If enabled and Network Monitor hangs in a deadlocked state, Network Monitor produces a crash dump file called crash.now in the KNM root directory. This file is used by Network Monitor developers to analyze why the deadlock occurred. Can be changed while Network Monitor is running. DISTTEST_UPDATE_INTERVAL=60 - Distributed Edition only. Time between the event that causes the gateway and server to exchange information. Can be set in both gateway and server init.cfg files to separate values. The default 60 seconds is recommended. DISABLE_RTS - If this variable is present and set to 1 in the init.cfg file at startup, no real-time statistics are loaded for monitors. This can greatly speed up the startup time of Network Monitor. 126
Advanced topics NO_TESTING - If this variable is present and set to 1 in the init.cfg file at startup, no testing is performed until an operator enables the testing again. HOSTNAME_OVERRIDE=myhost.domain.local - When sending notifications to operators a link to the monitor/object is included in the notification e-mail. The link starts with the host name of the Network Monitor host machine. This parameter can be used to override that name. Can be changed while Network Monitor is running. DISTTEST_MODE=server - This parameter tells Network Monitor to start the distributed subsystem in either server or gateway mode. This parameter is dependent on the DISTTEST_ENABLE parameter. Can be changed while Network Monitor is running. DISTTEST_ENABLE=1 - This parameter tells Network Monitor to start the distributed subsystem. This parameter is dependent on the DISTTEST_MODE parameter. The parameter can be set to 1 to enable or 0 to disable. Can be changed while Network Monitor is running.
Gizmo
Gizmo is a small system tray application that can be installed on your workstation. Gizmo is available as a local download (page 128) from the About page in the Network Monitor management interface. Click the Gizmo link to download the setup and follow the instructions.
Gizmo
Features
Alarm notification Network Monitor log viewer Start/stop Network Monitor Statistics, including Network Monitor memory usage, cpu usage and uptime
Requirements
Net 2.0 Runtime installed
127
Advanced topics
Gizmo configuration
Before you can start using Gizmo you need to configure the application. Open the configuration screen (View menu > Configure) and enter the following parameters.
KNM Host - The DNS name or IP number of the computer hosting Network Monitor. Web interface port - The port number where the Network Monitor management interface is accessed. Defaults to 8080. SSL - Option to connect to Network Monitor using SSL. Check this option if your Network Monitor installation uses SSL for the management interface. Operator name - Name of an operator that Gizmo uses to logon to Network Monitor to extract data. Operator password - Password of the operator. Alert sound path - Path to a .wav file that contains a sound played when an alarm or error occurs. Poll only monitor status - Enable this option if the user running Gizmo does not have (Windows account) administration rights to access the service data base and remote registry of the Network Monitor host machine. Click the Save button to store your settings. Username and passwords are stored as MD5 checksums in the registry together with the host name and port number. Storing the password as an MD5 checksum makes it very difficult for a third part to extract the operator password.
Note: Your Windows account used to run Gizmo requires permission to access the service control manager of the Network Monitor host computer. Use the Poll only monitor status to work around this requirement.
Local Downloads
Local downloads are available from the Help > About page in the management interface. It provides Network Monitor operators with easy access to tools and documentation.
128
Advanced topics
From the about page you can download the following files. Gizmo (page 127) Lua IDE (page 156) Network map editor (page 90)
Log search
The Log search feature enables operators with proper access rights (page 36) to search the Network Monitor system log. Note that even though the operator has access to search the log, the operator might not be able to access all information contained in the system log. For example, operators with the Group objects access right can only view log entries assigned to its own operator group. Only system administrators are able to see all information.
Period - Select the time period to search the system log. Results - Max number of entries to display.
129
Advanced topics Text - Optional free text search. Specifying a search keyword limits the list to log entries containing that keyword. Object - Optional selection of an object. If selected, only message related to the object are listed. Monitor - Optional selection of a monitor. If selected, only messages related to the monitor are listed.
BB codes
BB codes are a semi-standard used by many forum systems to format messages without the need of embedding HTML. It works similar to HTML, having a start and an end tag, and supports nested tags. BB codes are translated to HTML for all operators that have selected to receive emails from Network Monitor in either the HTML or Simple HTML format. Operators that have selected to receive plain text messages will have the BB codes stripped out from their messages. Start
[hr] [b] [i] [u] [quote] [size=X] [font=X] [color=X] [/b] [/i] [/u] [/quote] [/size] [/font] [/color]
End
Description
Horizontal ruler. This tag does not have a closing tag. Bold text Italic text Underline text Quote text (translates to the html <blockquote> markup tag) Sets the size to X pixels [size=12] Example Text [/size] Sets the text in scope to use the font "X" [font=verdana] Example Text [/font] Sets the text in the scope to use a color. The color can be any type of HTML color definition.
130
Advanced topics
[color=red] Example Text [/color] [url=X] [img=X] [/url] [/img] Creates a link to URL X [url=http://www.kaseya.com] Example URL [/url] Inlines an image located at URL X [img=http://myurl/mypic.png][/img]
Format flags
Format flags are used to expand information in messages before they are processed and sent to their recipient. Most of these flags are context sensitive. For example, the flag %monitor_error expands the latest alarm report for the monitor triggering the action, and would not be expanded into anything if used in a Send mail scheduled event. Flag
%time %object_localtime %time_hour %time_hour2 %time_minute %time_second %date_year %date_year2 %date_month %date_dayofmonth %date_dayofyear %date_weekday %network_link %object_link %monitor_link %sys_distributionlist %monitor_error %monitor_error2 %monitor_timelastok %monitor_timelastok _localtime %monitor_timelastfail ed %monitor_timelastfail ed_local Alarm/restart message Alarm/restart message Alarm/restart message Alarm/restart message Alarm/restart message Alarm/restart message Alarm/restart message Alarm/restart message Alarm/restart message Alarm/restart message
Context
Description
KNM host local date/time Date/time for the selected time zone of the object 24 hours formatting 12 hours formatting Minutes in hour Seconds in minute Year with century Year without century Month as number 01 - 12 Day of the month 01 - 31 Day of the year 1 - 366 Week day as number, 0 - sunday, 6 = saturday Creates a link to the network information page Creates a link to the object information page Creates a link to the monitor information page List the recipients of the message Date/Time + Latest alarm message for the monitor Date/Time + Latest alarm message for the monitor Time when monitor last was in alarm state (KNM host local date/time) Time when the monitor last was in Alarm state (Object time zone date/time) Time when monitor last was in Failed state (KNM host local date/time) Time when monitor last was in Failed state (Object time zone date/time)
131
Advanced topics
%monitor_dependenc Alarm/restart ystatus message %monitor_list %object_name %object_freetext %object_destination %object_description %object_operatorgro up %operator_current %network_name Acknowledge alarm Alarm/restart message Alarm/restart message Alarm/restart message Alarm/restart message Alarm/restart message Acknowledge alarm Alarm/restart message Text rendering of dependency tree status List of monitors that the have had an alarm acknowledged Name of object Object free text field Object hostname/IP address Object description Operator group assigned to object Operator that acknowledged the alarm Name of network Network contact information Operators on duty Alarm/restart message Real time graph attachment in mail.
NOC views
Network Operation Center views are compact, full-screen information views that display the status of a collection of networks and objects. They are normally displayed on dedicated monitors and are particularly useful in conjunction with the Auto login (page 152) feature. There are two predefined views, the Network NOC view and Object NOC view. You can also define customized NOC views, and assign specific objects to a given view. To display a NOC view, select the desired view from the NOC views submenu, from either the Objects and Networks menus respectively.
132
Advanced topics NOC views display network status, or object status, in a matrix format. All networks or objects are listed vertically, with the status for each monitor type horizontally. The overall status is shown in a large, easy to read area at the top left. Items in the NOC views are normally sorted alphabetically, but if an item is in an Alarm (failed) state, it is displayed first in the list.
NOC settings
In the first section, there is a global setting that affects all NOC views. NOC view mode - This option affects all NOC views, and specifies whether or not to include monitor types not in the Network Monitor system configuration when viewing a NOC view.
133
Advanced topics Group by objects, then monitors - This option displays objects, then the underlying monitors for each object, in the view. Monitor type filter - To filter the content of a NOC view by monitor types, select a monitor type from the list and click the Select button. To remove a monitor type, select it and click the Remove button. Notice that the overall status of the NOC view and its content are affected if you filter by monitor types. For example, if a custom NOC view is created containing a monitor type filter of CPU utilization, Disk utilization and Memory utilization, only those type of monitors are listed in the NOC view. To save the NOC view, click the Save button.
Note: Up to 32 customized NOC views can be created.
Object templates
Object templates can significantly reduce the time it takes to create and initialize a large number of objects in an Network Monitor installation. An object template serves as a model for new objects, containing monitors the same as normal objects do. When a new object is created from a template, all the monitors in the template are automatically created in the new object. Object templates also have additional functionality in that normal objects can be linked to an object template. When the properties of a monitor in a template are changed, all the objects linked to that template are automatically updated. It is also possible to individualize specific monitors in a object linked to a template with the Unlink command. See the Adding objects from templates (page 16) topic for more details.
134
Advanced topics
Commands
In the upper section of the Object template list view, a number of commands are listed. These commands affect templates that are selected in the list only. Copy - Creates copies of the selected object templates. Delete - Deletes the selected object templates. The operator must confirm the delete operation. Import - Import an object template from an external XML file. New - Creates a new object template template.
Name - Enter a name for the object template. This should be a descriptive name used to identify the template. Description - Enter a longer description of the object template and its intended usage. System type - Select the default system type for the object linked to this template. This is a default value only. The system type can be individually set for linked objects. After all required information has been entered, click the Save button and the new object template will be created.
135
Advanced topics
From the Import object template dialog, click the Browse button to locate the definition file. When the file has been located, click the Import button to import the object template.
In the Import Object template import dialog, click the Browse button to locate the exported XML file containing the Kaseya monitoring set. When the file has been located, click the Import button to import the Object template into Network Monitor. Currently Network Monitor supports import of SNMP and Windows performance counter sets.
136
Advanced topics First select the objects to be linked, then click the Link command. Network Monitor displays the Link objects page.
From the list of available object templates, select the desired template and click the Ok button. When linking objects to a template, existing monitors in the objects are matched as much as possible to monitors in the template. Monitors that cannot be matched to a monitor in the template remain unlinked.
137
Advanced topics First select the monitors to be unlinked, then click the Unlink command. Network Monitor displays a confirmation page. To permanently unlink the selected monitors, click the Yes button.
Simulate alarm
The Simulate alarm function generates a report that describes what happens when a particular monitor enters the Alarm state. To better understand how alarm escalation works in Network Monitor, the report contains verbose information about the progress of the escalation. Time specified in the report is relative to the first alarm generated. The Simulate alarm function can be accessed from the Monitor information (page 30) view. Below is a sample report produced by the Simulate alarm function for a Free disk space monitor with the default action list assigned.
138
Advanced topics
Note: The Simulate alarm feature does not work correctly if the system administrator has disabled all actions.
139
Advanced topics
41 42 47 50 69 81 95 96 97 98 99 111 127 128 129 130 143 144 145 159 160 161 175 176 192 193 194 195 196 197 198 199 208 209 210 211 212 213 255 300 301 302 303 Temporary failure Congestion Resources unavailable, unspecified Requested facility not subscribed Requested facility not implemented Invalid short message transfer reference value Invalid message, unspecified Invalid mandatory information Message type non-existent or not implemented Message not compatible with short message protocol state Information element non-existent or not implemented Protocol error, unspecified Interworking, unspecified Telematic interworking not supported Short message Type 0 not supported Cannot replace short message Unspecified TP-PID error Data coding scheme (alphabet) not supported Message class not supported Unspecified TP-DCS error Command cannot be actioned Command unsupported Unspecified TP-Command error TPDU not supported SC busy No SC subscription SC system failure Invalid SME address Destination SME barred SM Rejected-Duplicate SM TP-VPF not supported TP-VP not supported D0 SIM SMS storage full No SMS storage capability in SIM Error in MS Memory Capacity Exceeded SIM Application Toolkit Busy SIM data download error Unspecified error cause ME failure SMS service of ME reserved Operation not allowed Operation not supported
140
Advanced topics
304 305 310 311 312 313 314 315 316 317 318 320 321 322 330 331 332 340 500 512 Invalid PDU mode parameter Invalid text mode parameter SIM not inserted SIM PIN required PH-SIM PIN required SIM failure SIM busy SIM wrong SIM PUK required SIM PIN2 required SIM PUK2 required Memory failure Invalid memory index Memory full SMSC address unknown No network service Network timeout NO +CNMA ACK EXPECTED Unknown error User abort
141
Advanced topics To open the system administrator console, select System admin console from the Tools menu.
Commands
calc - A built-in calculator for simpler calculations. Usage example: calc 41+1 disable - Disables a feature in Network Monitor. -all - Disables all the listed features. -testing - Disables testing. -actions - Disables execution of actions. -statistics - Disables statistical storage. -login - Disables logon for normal operators, but system administrators can logon. dist-patch-gateways - Distributed Edition only. Starts patching all gateways that require patching. dist-restart-server - Distributed Edition only. Restarts the Network Monitor distributed testing server. dist-tarpit - Distributed Edition only. Add or removes IP numbers from the tar pit. The tar pit protects the server from brute force login attempts and DOS attacks. -block - Blocks the specified IP number. -unblock - Unblocks the specified IP number. -list - Lists all IP numbers in the tar pit.
142
Advanced topics -blocktime - Sets the default block time, in minutes. Defaults to 20. dist-tarpit -block 192.168.0.1 enable - Enables a feature in Network Monitor. -all - Enables all the listed features. -testing - Enables testing. -actions - Enables actions. -statistics - Enables statistical storage. -login - Enables login for normal operators. get-mac - Retrieves the MAC address for a certain IP number. Only IPs on the local area network of the Network Monitor host machine are likely to return a MAC address. get-mac 192.168.42.1 help - Displays help information for the different commands in the console. Type help <command> to display command specific help. log-level - Adjusts the log level. When Network Monitor restarts, it defaults to the log level specified in the init.cfg file. The available values are 0, 1 and 2. lookup - Queries a DNS server for information about a domain. lookup kaseya.com ping - Pings an IP number or host name. resolve - Resolves a host name to an IP number. resolve www.kaseya.com send-mail - Sends an email to the specified address using the Network Monitor built in email client. send-mail myaddress@test.com , "Testing KNM" , "This is a test mail" send-wol - Sends a Wake on Lan packet to the specified host. send-wol 192.168.42.1 shutdown - Shutdowns Network Monitor and flushes all un-saved settings to disk. status - Displays feature status information. -thread - Displays current total number of threads that Network Monitor is using. -threadpool - Displays the total number of threads in a thread pool. -memory - Displays the current Network Monitor memory usage. -cpu - Displays the current Network Monitor CPU usage. -handle - Displays the current Network Monitor handle usage. -feature - Displays the status of Network Monitor features. time - Prints the local date and time of the Network Monitor host machine. trace-route - Performs a trace route to the specified host. version - Prints the version of Network Monitor. Can also be used to check if a new version of Network Monitor is available. version -check
Toplists
Network Monitor can calculate the min, max and average of recorded statistics data of all monitors for daily, weekly and monthly periods and present them in a toplist fashion. This data is continuously updated in real time.
143
Advanced topics
Using Toplists
Network Monitor currently calculates toplists on a daily, weekly and monthly basis. This means that Network Monitor calculates the min, max and one-day average of recorded statistics data for each monitor, over those periods, and stores them in their respective toplist. To open the Toplists view to browse the toplist data, select Toplists from the Reports menu.
Toplist - Available toplists are selectable from the select box. After choosing the desired toplist, click the Load button and it is loaded instantly. Up to 14 daily toplists, 8 weekly and 6 monthly toplists can be selected in the Toplist box. Older toplists can be accessed by typing the date of the toplist in the following formats: Daily toplist - YYYY-MM-DD Weekly toplist - YYYY-Wnn, where nn is the week number. The week-numbering is affected by the respective setting in the program settings. Type in the textbox next to the Load button, then click the Load button to load the desired toplist. Monthly toplist - YYYY-MM Toplist type - To view different types of toplist data, choose the type of data in the Type select box. Once a toplist data type has been chosen Network Monitor instantly updates the toplist view. The same is true for all options in the Toplists view. When an option is altered, the view is updated immediately to reflect the settings. Entries/Mode - The Entries select box configures the number of monitors displayed in the list. The Mode select box determines the sort order of monitors, listing the highest or lowest value first. Use the Entries select box together with the Mode select box to configure a toplist view to show, for example, the Top 50 highest CPU load entries or the Top 10 machines with least amount of Free memory. The Mode box also has comparison modes to compare two toplists. See Comparing toplists below for details. Unit - With the Unit select box the presentation unit can be selected on some toplist types such as Free disk space, Memory or Temperatures. Data - The Data select box configures a toplist to display either the recorded min or max values, or a 1-day average. For some data the average is a more interesting value than the recorded extremes, but in some cases the min and max values are also very interesting, such as in the Top 10 CPU spikes example below.
Examples
Top 50 objects with highest average CPU load Top Type - CPU load Entries - 50 Mode - Highest entries Data - 1-day average 10 CPU spikes
144
Advanced topics 10 Entries - 10 Mode - Highest entries Data - Sampled max value objects with least amount of Free memory Type - Free memory Entries - 10 Mode - Lowest entries Data - 1-day average
Comparing toplists
Two different toplists, of the same type, can be compared with each other. This feature is useful when monitored properties evolve over time. Is the temperature in your server hall slowly rising by the month or is your SAN running out of free space? You can use the compare feature to find out. First, load up a toplist by selecting the toplist, or typing the date, and click the Load button. Consider this list the main toplist. Next, select a different toplist and click the Load to compare button. Consider this list the compare toplist. Network Monitor presents the two toplists as follows: the main toplist on the left, and the compare toplist is placed to the right. You can now see how the monitored properties for a particular monitor changed between the two toplists. In addition to looking at the toplists to see changes, you can ask Network Monitor for additional statistics while comparing two toplists. The available statistics can be chosen only when a compare toplist has been loaded and they can be selected from the Mode selection box. Top movers - Displays the monitors with values that have changed the most between the two toplists Top climbers - Displays the monitors with values that have increased the most between the two toplists Top fallers - Displays the monitors with values that have decreased the most between the two toplists
Example
Find out which of your servers have increased the most in CPU usage over two different months. 1. Select the first month and click the Load button. 2. Then select the second month and click the Load to compare button. 3. Enter the following values. Type - CPU load Mode - Top climbers Data - Period average
145
Monitoring accounts
With Network Monitor you have the ability to assign a default account to each object. This account is used to authenticate access to the monitored object. In the following documentation we refer to this account as the monitoring account. In the Edit object (page 21) page its called the Default account. In the Edit monitor (page 28) page the account selection option should be set to Use object default account. The monitoring account should be a member of the Administrators group on the object being monitored. In most cases this is the Domain Admin group.
146
Advanced topics HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\Winr eg You can edit the permissions of this registry key to limit or grant access to the remote registry. If the key does not exist, access is granted to everyone. A special case exists for the Disk utilization monitor in compatibility mode. In this case, you need to specify the default share representing the monitored disk. For example, instead of specifying C: you should specify C$ and ensure that this default share exists and is accessible by the monitoring account.
Service monitor
This monitor uses the Remote Procedure Call (RPC) service to query the status of a service running on the monitored machine. Ensure the Remote Procedure Call (RPC) service is running on the monitored object and the Network Monitor host. The monitor account must be an administrator on the monitored host to gain access to the service manager.
External resources
Warning: These links are only provided as a reference. All modifications to the system, including modifying the registry is done at your own risk.
How to restrict access to the registry from a remote computer (http://support.microsoft.com/kb/153183/en-us) Removing the Everyone Group from Group Policies in the Remote Registry Services Permanently Removes All Access (http://support.microsoft.com/kb/281641/en-us) A custom program that uses the RegConnectRegistry function can no longer access the registry of a remote computer in Windows Server 2003 with Service Pack 1 or in an x64\-based version of Windows Server 2003
(http://support.microsoft.com/kb/906570)
Troubleshooting Performance Monitor Counter Problems (http://support.microsoft.com/kb/152513/en-us) "Unable to complete the operation on <event log>. Access is denied." error message when you try to access a log on a Windows Server 2003-based computer (http://support.microsoft.com/kb/888189/en-us) Error message when you try to make a remote connection to the registry of a Windows-based computer from a Windows Server 2003 SP1-based computer: "Access denied" (http://support.microsoft.com/kb/913327/en-us)
Troubleshooting
This section describes how to troubleshoot some common problems related to Windows authentication.
Access denied
Occurs as either a spontaneous error or as a permanent error when monitoring an object.
147
Cause
Access to the monitored object is denied. This can be caused by an authentication failure or the monitored object is too busy serving new requests.
Resolution/workarounds
Ensure that the monitoring account has access rights to the monitored object. In most cases this error is caused by the Network Monitor monitoring account not being an administrator on the monitored object. Increase the test interval of the monitor. Use the Alarm filtering features in the monitor to filter out non-threshold errors. Firewall restrictions prevents Network Monitor from accessing the monitored object. This error can be resolved by unblocking port 445 to the monitored object.
Cause
The network path could not be found or accessed because of firewall restrictions, a name resolution error or a network error.
Resolution/workarounds
DNS server is overloaded and can not translate the object address. Try entering the IP number as the object address. Firewall restrictions prevent Network Monitor from accessing the monitored object. This error can be resolved by unblocking port 445 to the monitored object. If the monitor is a Disk utilization monitor and you are running in Win32 compatible mode, ensure that the share is available. If you want to directly monitor a disk rather than a share, use the default share name of the disk (e.g. C$) instead of the volume name (e.g. C:).
Cause
The monitored object may be unable to complete requests from Network Monitor since it's busy performing other tasks. The problem can also be network bandwidth related. For example monitoring objects over an VPN connection can severely degrade network performance and latency. The error messages can vary but most commonly they are all related to RPC failures.
Resolution/workarounds
Lower the test frequency to 300 seconds Set the Alarm generation value to at least 5 to filter out false positives Use the Alarm filtering features in the monitor to filter out non-threshold errors. If low network bandwidth or high network latency is a factor the Distributed Edition can be used to place a gateway closer to the monitored object. A gateway uses only a fraction of the network bandwidth that a normal test does.
148
Advanced topics
Cause
The most common cause for this problem is that the remote registry of the monitored machine is either stopped or has experienced problems accepting new connections.
Resolution/workarounds
Restart the remote registry service of the monitored object. Review the objects overall performance. The object might be too busy to serve more connections. Use the Alarm filtering features in the monitor to filter out non-threshold errors. Check the DNS entry for the monitored object, confirm that both a forward and reverse zone entry exists.
System specification
To support monitoring of a disk, CPU, swap and so on, Network Monitor log in using either SSH or telnet, runs a command on the UNIX host and parses the result. What command and how the result is parsed is described in configuration files in the KNM\system folder. All system specifications inherit the one labeled Generic UNIX. So it is only necessary to write parsing information for those commands that are different from the ones specified in the Generic UNIX system type.
149
Advanced topics
<command>df -k $volume</command> <value id="freeSpace" line="-1" field="-3"/> <value id="usedSpace" line="-1" field="-4"/> </query> <result id="freeSpace" unit="MB">freeSpace / 1024</result> <result id="usedSpace" unit="MB">usedSpace / 1024</result> </diskSpace> </monitoring> </disk> <!-- cpu --> <cpu> <!-- enumeration of CPU's --> <enumeration> <query> <command>mpstat -P ALL</command> <enumList startLine="5"> <value id="cpuNumber" field="3" /> </enumList> </query> <result id="cpuID">cpuNumber</result> </enumeration> <monitoring> <!-- utilization of given CPU--> <cpuUtilization> <query> <command>mpstat -P $cpu 2 2</command> <value id="userLoad" line="-1" field="-9"/> <value id="systemLoad" line="-1" field="-7"/> </query> <result id="cpuAverageLoad" unit="%">userLoad + systemLoad</result> </cpuUtilization> <!-- overall system CPU load, used if a CPU is not specified --> <cpuAverageLoad> <query> <command>vmstat 2 2</command> <value id="userLoad" line="-1" field="-5"/> <value id="systemLoad" line="-1" field="-4"/> </query> <result id="cpuAverageLoad" unit="%">userLoad + systemLoad</result> </cpuAverageLoad> </monitoring> </cpu> <!-- processes --> <process> <!-- process enumeration --> <enumeration> <query> <command>ps -awxu</command> <enumList startLine="2"> <value id="processName" field="11" /> </enumList> </query> <result id="processName">processName</result> </enumeration> <monitoring> <!-- checks if a given process is running --> <processRunning> <query> <command>ps -awxu</command> <value id="processName"> <match type="line">$process</match> </value> </query> <result id="processName">processName</result> </processRunning> </monitoring> </process> <!-- swap --> <swap> <monitoring> <swapUtilization>
150
Advanced topics
<query> <command>free -m</command> <value id="swapUsed" line="-1" field="-3"/> <value id="swapFree" line="-1" field="-2"/> </query> <result id="swapFree" unit="MB">swapFree</result> <result id="swapUsed" unit="MB">swapUsed</result> </swapUtilization> </monitoring> </swap> <!-- memory usage --> <memory> <monitoring> <!-- free and used memory --> <freeMemory> <query> <command>free -m</command> <value id="freeMem" line="3" field="-1"/> <value id="usedMem" line="3" field="-2"/> </query> <result id="freeMemory" unit="MB">freeMem</result> <result id="usedMemory" unit="MB">usedMem</result> </freeMemory> </monitoring> </memory> <!-- file change --> <file> <monitoring> <fileChange> <query> <command>ls -l --full-time $filename</command> <value id="fileSize" line="1" field="5"/> <value id="fileDate" line="1" field="6"/> <value id="fileTime" line="1" field="7"/> </query> <result id="fileSize" unit="B">fileSize</result> <result id="fileDate">fileDate</result> <result id="fileTime">fileTime</result> </fileChange> </monitoring> </file> </parsing> </system>
151
Advanced topics Optionally add multiple windows accounts on a new line in the Additional field. This makes it possible to get a whole group of Windows users to use the same operator account. Do not include any other text in the Additional field. 4. In the init.cfg file enter: webserver_auth=ntlm
Note: For Windows 2008 and later, use webserver_auth=negotiate instead of webserver_auth=ntlm.
The configuration is finished. Now the operator is ready to use the AD login method. When logged on to the Windows desktop, using the registered Windows account, the operator can login to the management interface by entering this URL: http://myinmhost:8080/adlogin.xsi During login, Network Monitor exchanges a series of packets with the browser verifying that the user is logged on as the specified Windows account. If everything works out, the operator is directed to his start page.
Troubleshooting
If something goes wrong during the login, Network Monitor redirects the user to the normal login page. Possible error causes are: Network Monitor can't reach the mywindowsdomain domain controller and verify that mywindowsusername is a valid windows account. Your browser does not support the NTLM authentication type. The domain controller is slow to respond to authentication, this can effect the overall interface performance greatly. You can only use this feature when you are in a intranet security zone.
Auto login
The auto login feature makes it possible to access certain pages from the management interface without having to log on. This feature is particularly useful with dashboards or NOC views. The auto login feature requires an operator with the Auto login access right specified.
Page description
The Monitor list view. The Monitors by type view. The Network list view. The Object NOC view. The Network NOC view. A customized NOC view. Specify an additional parameter "index" set to the index of the NOC view. Example: http://inmhost:port/autologin.xsi?user=username&page=5&index=2 The Dashboard. Specify an additional parameter "id" set to the desired dashboard. The ID of a
152
Advanced topics
dashboard is always visible in the URL when viewing a dashboard. Example: http://inmhost:port/autologin.xsi?user=username&page=6&id=1 Note that viewing a dashboard with auto login automatically sets the fullscreen option.
Example
http://inmhost:port/autologin.xsi?page=6&user=username&rotation=1,7,12&int erval=15 The dashboards specified in the rotation parameter, separated by a comma, are continuously displayed at the interval given in the interval parameter, in seconds.
Restricting access
The web server can be configured to only accept connections from a range of IP numbers. The configuration of IP numbers accepted by the web server is set using the Program settings page. By default the web server accepts all incoming connections.
IP connection list
In this field you can specify IP number ranges that are allowed to connect to the Network Monitor management interface. If the field is empty, no restrictions apply. If you should lock yourself out by mistake, you can always connect to the management interface from the Network Monitor host machine.
Example 1
192.168.1.0 192.168.1.40 This format enables every client with an IP number between, and including, these IP addresses connect. More rules can be added below the first line.
Example 2
192.168.1.98 Allows a single host to connect.
The built-in web server used by Network Monitor can use SSL to encrypt all information sent from the web server to the web browser. To enable SSL use the SSL Setup utility installed in the Network Monitor program folder. When SSL is enabled you cannot connect to the interface using an non-encrypted connection.
Advanced topics 3. Select a certificate from the list. 4. Press Enable SSL to finish the configuration. 5. Close the utility and restart Network Monitor. To disable the SSL encryption, press the Disable SSL button in step 4.
Note: The port used by Network Monitor does not change when enabling SSL. If the port number used by Network Monitor is 8080 the correct URL to access Network Monitor from the local machine is https://localhost:8080 after SSL is enabled.
Note: The certificate that this tool generates will not be a valid certificate for server identification, since it does not have a valid CA (Certificate Authority) field. It will still be usable for encryption and is as secure in that respect as a purchased certificate.
Troubleshooting
If Network Monitor fails to respond after you restarted the service: 1. Check if the Network Monitor log file contains any information indicating a failure starting the web server. 2. Verify that the specified URL is correct. 3. The certificate used must be accessible by the user account assigned to the Network Monitor service. Logon with the account assigned to the Network Monitor service and start the SSL Setup utility and check if the certificate is visible in the list.
154
The following files and directories should be included in a backup: \backup \statistics \dashboard \script \gateways (Distributed edition only) \system settings.rds dbconfig.nxd init.cfg
Restore of configuration
Automatic backups of the database are regularly created by Network Monitor. The backups are placed in the KNM\backup folder of the KNM host machine, together with a copy of the dbconfig.nxd file. The restore command line utility can replace the current configuration with a backup.
Warning: Restoring a previous version of your configuration overwrites the current configuration.
1. Shutdown Network Monitor. 2. Make a backup of the current settings.rds and dbconfig.nxd files. 3. Remove the settings.rds and dbconfig.nxd file from the KNM directory. 4. Copy the dbconfig-YYYY-MM-DD.bak file from the \backup directory and rename it to dbconfig.nxd.
155
Advanced topics 5. Open up a command line prompt and navigate to your KNM directory. 6. On the command prompt type the following, then press enter. nmservice.exe -restore backup\settings-YYYY-MM-DD.bak Network Monitor restores the settings.rds database from the settings-YYYY-MM-DD.bak file.
Note: It's very important that you do this operation using settings-YYYY-MM-DD.bak and dbconfig-YYYY-MM-DD.bak files that have the same date.
Lua
Lua is a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language. Lua is free software. Lua combines simple procedural syntax with powerful data description constructs based on associative arrays and extensible semantics. Lua is dynamically typed, interpreted from byte codes, and has automatic memory management with garbage collection, making it ideal for configuration, scripting, and rapid prototyping.
156
Advanced topics The develop environment includes debugger, keyword highlighting, integrated help and other features available in state-of-the-art development tools.
The development environment can be downloaded from the local download option on the About page.
Local dependencies
Dependencies prevent multiple alarms from being triggered when a single condition exists that forces all related monitors to enter an alarm state. The parent monitor in a dependency tree is called the root monitor. Only local dependencies are supported, meaning root and dependent monitors must belong to the same object. Dependent monitors can still enter an alarm state independently, but only if their root monitor is not in an alarm state. For example, if connection to an object is lost, then the object's Ping monitor will enter an alarm state, along with many other monitors that might be specified for this same object. Designating the Ping monitor as the root monitor prevents those other monitors from entering an alarm state as well. This prevents being notified multiple times for the same alert condition.
157
Advanced topics Once a dependency is created, you can identify local dependencies on the Monitor List page. Dependent monitors display as an indented tree of dashed lines. The Next test column also identifies the monitor as a member of a local dependency tree. Dependent monitors display an orange status icon instead of a red status icon when the parent monitor enters an alarm state.
158
Advanced topics
159
Chapter 5
Distributed edition
In This Chapter
Distributed edition introduction Server and gateway communication Time synchronization Server configuration Gateway configuration Assigning objects to a gateway Action lists on gateways Troubleshooting 162 163 163 163 164 165 166 166
161
Distributed edition
162
Distributed edition
Time synchronization
Network Monitor automatically adjusts for time zone differences. The administrators must ensure the clock on gateways are synchronized with the clock in the Network Monitor server. We recommend that server and gateways be synchronized with a time synchronizing service such as NTP (Network Time Protocol). Failure to synchronize time between server and gateway may lead to unpredictable results in alarm generation and statistical storage.
Server configuration
Preparing the server for distributed testing
1. While installing Network Monitor on the server host machine, ensure the Distributed (page 6) option is selected.
Note: All other Network Monitor installations sending data to the server should be installed using the Gateway option.
2. Logon to Network Monitor with an administrator that has rights to change operator settings. 3. In Operator settings, give the current operator the access right Distributed testing and save the operator. 4. In the settings menu, click the Distributed testing menu. From the Server information section, click Properties. 5. The Server properties page displays. Enter the server parameters.
Server IP & port - Sets the IP address and port the server listens to for incoming gateway data. Typically this is the internal IP address of the server but can be any address your network supports. Gateways may specify the external IP of a NAT firewall, which is configured to redirect to the internal IP address specified in this field. Email - Specify one or more email addresses where notifications regarding gateways are sent. Separate multiple entries with a comma. 163
Distributed edition Notify time - Specify the time before a notification is sent, in minutes. The server configuration is now finished and you can proceed to installing a gateway.
Gateway configuration
The gateway properties you specify on this page are used by gateways to connect to the Network Monitor server. The data between a gateway and the server is always sent from the gateway to the server (page 163).
Note: Before installing a gateway, ensure you have installed and configured a Distributed Edition (page 6) of the server. All other Network Monitor installations sending data to the server should be installed using the Gateway option.
Configuring a Gateway
Create a new entry for the gateway by clicking the Create gateway link from the Distributed settings menu of the KNM server.
Name - Name of the gateway. Description - A longer description of the gateway. Address/Port - The primary IP address and port the gateway sends data to. If the server is installed behind a NAT firewall, specify the external IP and port of the NAT firewall. The NAT firewall should then be configured to redirect to the internal IP and port specified by the Server IP and Port fields of the Server configuration (page 163) page. If, for evaluation purposes, a Network Monitor server and gateway are installed on the same subnet, the Address and Port fields on this page should match the Server IP and Port fields on the Server configuration page. Address/Port - Optional server backup addresses. The gateway tries these addresses if it can't connect to the server using the primary address. Max buffer time - When the gateway cannot connect to the server, the gateway buffers data for the specified time before suspending its operation. To save the settings click the Save button.
164
Distributed edition To retrieve this file, first click the gateway on the Distributed settings page of the KNM server. the Gateway information page displays. Select the Download configuration command.
Save the zip file that is returned to your browser. If you experience problems downloading the zip file you can find the required files in the KNM\gateways folder of the KNM host machine. 4. Stop the gateway's nmservice.exe service, if it is running. 5. Extract the zip file into the root KNM directory of the gateway. 6. Restart the gateway's nmservice.exe service using the service control manager. The gateway is now ready for use.
Note: If you change the gateway configuration, the configuration file must be updated and the gateway's nmservice.exe service restarted.
Operator rights
The operator must have access rights to distributed testing. Otherwise it is not possible to select a gateway in the properties page.
165
Distributed edition
Troubleshooting
Troubleshooting gateway connection problems
Review the gateway configuration. Ensure the correct IP and port number has been entered. Ensure all the gateway configuration files in the KNM\Gateway directory have been copied to the KNM folder of the host gateway machine. If you have reinstalled the server on a new machine, the gateway configuration must be updated to update the public key file. After the gateway configuration is saved, move the gateway configuration files to the \Gateway root directory and restart the gateway. If you changed the gateway configuration (IP number and port number) move the updated configuration files to the gateway and restart the gateway. Ensure that the gateway and server are running the same version. The server shuts down any gateway that does not match the server version number. Gateways can be updated directly from the Network Monitor management interface by choosing the Update gateway command on a selected gateway. The gateway name is part of the server login session, if you change the gateway name you have to move the gateway configuration files to the gateway for it to be able to reconnect.
Distributed edition nmservice.exe -d This runs Network Monitor in debug mode, showing additional log information.
167
Chapter 6
Monitor reference
See Monitors (page 25) for a detailed description of how to configure the monitors described in this reference.
In This Chapter
Active Directory monitor Bandwidth utilization CIM Monitor Citrix server CPU utilization Database server DHCP query Directory property Disk utilization DNS lookup Environment monitor Event log File change FTP server IMAP4 server LDAP query Log file Lua script Mail server QOS Memory utilization Microsoft Exchange monitor Microsoft SQL server monitor MySQL monitor NNTP server Oracle monitor Ping POP3 server Process status Radius monitor 171 172 174 175 175 176 176 177 178 179 179 180 181 182 182 183 183 184 185 185 186 187 188 190 190 192 193 193 193
169
Monitor reference SMTP server SNMP SNMP trap SSH2 script SSH2 server Swap file utilization Syslog TCP port scan Telnet server Terminal service TFTP server Transfer speed VMware performance Web server Windows performance Windows service status WMI Query monitor 195 195 196 197 198 198 199 199 199 200 200 200 201 202 203 204 204
170
Monitor reference
Monitor prerequisites
1. The object address must be the name of the active directory domain, for example mydomain.local. 2. The logon account must be a domain user.
171
Monitor reference
Bandwidth utilization
Monitor description
Monitors bandwidth utilization of a network interface. It can be configured with or without threshold settings. This monitor uses SNMP if the system type of the object is set to anything else than Windows. If the system type is set to a Windows type, it uses performance counters to acquire the data.
Note: The system hosting the Network Monitor server must have the Windows SNMP Service running to use SNMP monitoring. Any community specified by Network Monitor for monitoring must also be specified by the SNMP Service on the host machine. See Installation Checklist (page 6).
172
Chapter 7
173
Monitor reference
CIM Monitor
Monitor description
The monitor can query a CIM agent (CIMOM) configured on any hardware platform that supports CIM and has the agent and providers configured. Refer to your hardware manual for how to configure the CIMOM. The monitor can query a CIM performance counter for a CIMOM (agent) and compare it to a value using a compare operation. If the compare operation evaluates to false the monitor fails the test. Supports most performance counters objects, such as hosts, datastores, memory, CPU, etc. System types: Linux/UNIX, VMware, Others Generic/Unknown Category: Performance If adding an object as Generic/Unknown, the object itself cannot save credentials for authentication. The authentication has to be chosen for the monitor instead.
174
Monitor reference Compare operation - Operation used to evaluate the returned result and the predefined compare value. Compare value - User defined compare value. Only numerical values are valid.
Citrix server
Monitor description
The monitor checks if a Citrix server is responding to connection attempts. System type: All Category: Network services
CPU utilization
Monitor description
Monitors the CPU utilization and triggers an alarm if above the specified threshold. System type: All but Generic/Unknown Category: Performance
175
Monitor reference CPU number - The number of the CPU on the host. This value is usually automatically obtained from the relevant object. To refresh the list, press the Rescan CPUs link. Detailed error report (Windows only) - The Alarm report contains all processes and their current CPU usage. Logon account - To override the object default account select an account from the list.
Database server
Monitor description
Monitors a database using ODBC. The test verifies that the ODBC data source can be opened and accessed. The monitor can also execute a SQL query and compare the result to a predefined value. System type: All Category: Database
DHCP query
Monitor description
The DHCP query monitor verifies that a DHCP server is able to lease IP addresses to clients in the network. At least one address must be free for the test to succeed. System type: All Category: Directory services
Note: The Network Monitor host cannot use DHCP for its own network interface if this monitor is used. If the host machine used DHCP the result could be that Network Monitor might release the IP address allocated to the host.
176
Monitor reference
Note: Network Monitor uses the MAC address of the first installed network card on the host to request an IP address from the DHCP server.
Directory property
Monitor description
The directory property monitor can test the file count, directory sizes, relative size changes and ages of files in a directory. The test can be limited in scope to files matched by a wildcard. System type: Windows Category: Others
177
Monitor reference %time_hour - hour in 24-hour format (00 -23) %time_hour2 - hour in 12-hour format (01 -12) %time_minute - minute as decimal number (00 -59) %time_second - second as decimal number (00 59) %date_year - year with century, as decimal number %date_year2 - year without century, as decimal number %date_month - month as decimal number (01 12) %date_dayofmonth - day of month as decimal number (01 31) %date_dayofyear - day of year as decimal number (001 366) %date_weekday - weekday as decimal number (0 6; Sunday is 0)
Disk utilization
Monitor description
Monitors free space on a volume and automatically enumerates available volumes to monitor on the object. System type: All but Generic/Unknown Category: Performance Monitor specific properties
178
Monitor reference
DNS lookup
Monitor description
The monitor connects to a DNS server running on the object and tries to translate the specified address into another address format. The entered address can be in number form (255.255.255.255) or in name form (www.kaseya.com). System type: All Category: Directory services
Environment monitor
Monitor description
The Environment monitor is capable of monitoring hardware for environmental monitoring. Various hardware from many different manufacturers are supported, including AKCP, IT Watchdogs, AVTECH, Sensatronics and others. System type: All Category: Environment
Monitor configuration
When creating a new Environment monitor, the operator first has to select the manufacturer and model of the device.
179
Monitor reference Once the model has been selected, Network Monitor automatically fetches the device configuration.
Event log
Monitor description
The monitor reads the event log and searches for messages that matches the monitor parameters. Only event log entries created after the previous test is included in the current test. System type: Windows
180
File change
Monitor description
The monitor checks a file for changes in size or modification date. System type: All but Generic/Unknown Category: Others
181
Monitor reference
FTP server
Monitor description
The monitor checks if an FTP server accepts new connections. System type: All Category: Network services
IMAP4 server
Monitor description
The monitor tests if it can logon and select a mailbox. The test verifies that the authentication and storage part of the IMAP4 server is working. If no username or password is provided a simple connection test is preformed. System type: All 182
LDAP query
Monitor description
The monitor checks if a LDAP server is responding to directory lookup requests. System type: All Category: Directory services
Log file
Monitor description
The monitor can read a text file and check for if new lines in the file contains one of the specified strings. The monitor generates an alarm if the specified search criteria are meet. The monitor uses the SMB protocol for access and authentication, meaning that both Windows host and Unix host running Samba can be tested with this monitor type. System type: All Category: Log
183
Monitor reference
Lua script
Monitor description
The monitor executes a Lua (page 156) script loaded from the KNM\script folder of the KNM host machine. System type: All Category: Script
Monitor reference
Memory utilization
Monitor description
The monitor tests the free memory and triggers an alarm if it's below the given threshold or if the object is unreachable. System type: All but Generic/Unknown Category: Performance
185
Monitor reference
186
Monitor reference
187
Monitor reference compilations per second can result in high CPU usage. Leave the field blank to not perform this test. Failed logons - A numeric value that represents the maximum number of allowed failed logons during a day. Auditing must be enabled to run this test. Leave the field blank to not perform this test.
MySQL monitor
Monitor description
This monitor type is capable of monitoring several key aspects of an MySQL database. System type: All Category: Database
Prerequisites
The MySQL Connector/C (http://www.mysql.com/downloads/connector/c/) or MySQL Workbench (http://dev.mysql.com/downloads/workbench/5.2.html) packages must be installed on the Network Monitor server or gateway. Download and install the 32-bit client, even if your server is 64-bit. This is because Network Monitor is a 32-bit application and requires 32-bit drivers.
188
Monitor reference After installation ensure the file path to libMysql.dll is in the Windows system path. This is normally taken care of during installation of the administrator package, and might require a reboot of the server. The Network Monitor nmservice.exe service must be restarted for the change to take effect. If Network Monitor cannot access this DLL file, the MySQL monitor fails with an error message specifying that it cannot find the libMysql.dll file.
189
Monitor reference
NNTP server
Monitor description
The monitor connects and checks the status of a NNTP (Network News Transport Protocol) server. System type: All Category: Network services
NNTP server monitor property page
Oracle monitor
Monitor description
This monitor type is capable of monitoring several key aspects of an Oracle database. The monitor uses the native Oracle interface and does not require an ODBC driver installed on the Network Monitor host machine. System type: All Category: Databases
Prerequisites
Install the Oracle database instant client
(http://www.oracle.com/technetwork/database/features/instant-client/index-097480.html) on the Network Monitor
server or gateway. Download and install the 32-bit client, even if your server is 64-bit. This is because Network Monitor is a 32-bit application and requires 32-bit drivers.
190
Monitor reference After installation ensure that the folder where you installed the package is in the Windows system path. This might require a reboot of the server. After altering the system path, restart the Network Monitor service for the change to take effect. If Network Monitor cannot access the DLL files it requires, the Oracle monitor fails with an error message specifying that it cannot find the DLL files.
191
Monitor reference Tablespace usage (any) - A threshold value that sets the maximum percent usage of a table space allowed. This field applies to all table spaces in the database. Subsequent fields can be used to configure exceptions for this rule, for up to five other table spaces. Leave the field blank to not perform this test. Tablespace usage (1-5) - A threshold value for the maximum usage allowed for a specific table space. These fields override the global table space threshold. Leave the field blank to not perform this test.
Ping
Monitor description
The monitor uses the ICMP protocol to verify that the object responds to ping packets within a predefined time. The monitor can also calculate packet loss and round trip time during the test. The monitor only triggers on packet loss level if the round trip time is within the specified range. Note that the ping protocol is one of the protocols with lowest priority in a network and some hosts do not respond to ping packets by default. System type: All Category: Network services
192
Monitor reference
POP3 server
Monitor description
The monitor connects to a POP3 mail server and verifies that it can logon to the server and check for mail, without affecting the status of the mailbox. The purpose is to verify that the POP3 authentication and the storage system of the POP3 server is working. If no username or password is provided a simple connection test is performed. System type: All Category: Web and email
Process status
Monitor description
The monitor can verify that a process is running on an object. System type: All but Generic/Unknown Category: Performance
Radius monitor
Monitor description
Radius is a network protocol that provides authentication, access and accounting for computers that want to connect to a network. Radius is often used to provide access to wireless networks. All tests are performed using SNMP get requests, consult your Radius server documentation to find out if your Radius server responds to SNMP requests by default or if you have to configure this feature.
193
Monitor reference
Note: The system hosting the Network Monitor server must have the Windows SNMP Service running to use SNMP monitoring. Any community specified by Network Monitor for monitoring must also be specified by the SNMP Service on the host machine. See Installation Checklist (page 6).
Comparison options
In addition to the above tests a customized SNMP get request can be made. The result of the request can be compared to a predefined value using a compare operation. Radius compare OID - An OID relative to the base Radius OID (.1.2.6.1.2.1.67 or .iso. org.dod.internet.mgmt.mib-2.radiusMIB) that can be requested for each test and compared with a predefined compare value. Leave the field blank to not perform this test. Compare value - Value to compare the query result with. Value type - Type of value that is compared with the retrieved value from the database. Operation - Operation to evaluate the returned query result and the compare value to determine if the test succeeded or failed.
194
Monitor reference
SMTP server
Monitor description
The monitor checks that it can connect to an SMTP server and that the SMTP server returns a valid return code. System type: All Category: Web and email
SMTP monitor property page
SNMP
Monitor description
The SNMP monitor is a dynamic tool for querying multiple object identifiers (OID) from an remote SNMP agent and perform calculations on the returned values.
Note: The system hosting the Network Monitor server must have the Windows SNMP Service running to use SNMP monitoring. Any community specified by Network Monitor for monitoring must also be specified by the SNMP Service on the host machine. See Installation Checklist (page 6).
195
Monitor reference Calculation - A calculation using the values queried from the object identifiers. The example in the image above calculates the network utilization from an interface. Result translation - Translates the result into a readable string. This option is only available when the value type in the comparison is set to string. See below for example. Min/Max valid value - Enables the monitor to filter out all values below and above the given threshold. Port number - Port to use. Defaults to 161. Data type - The unit of data sampled by the test. This makes it possible to group data from this type of monitor with other monitors such as CPU utilization in reports. Compare value - Value to compare with the resulting value from the calculation. Value type - Type of value that is compared with the retrieved value. Operation - Operation to use when comparing.
Result translation
The result translation feature can be used to translate a non-descriptive OID value into a readable string. This feature is only available if the comparison value type is set to string. The OID value retrieved can still be a numeric value, but is treated as a string.
Example 1
Unknown(1), Alarm(2), Failed(3), Ok(4)
Example 2
Unknown=1,Alarm=2,Failed=3,OK=4 The values 1, 2, 3 and 4 are translated to Unknown, Alarm, Failed and OK. Both examples above are valid notations. The final translated string is the string used in the comparison operation.
SNMP trap
Monitor description
The monitor receives trap messages from SNMP monitors on remote hosts. The monitor only receives messages that originate from the object's IP address. The first step of the filtering is done with the specified enterprise OIDs. Further inspection of the trap is done with the variable binding filter, which can include several rules. The rules are either evaluated all together (AND operation) or one by one (OR operation). The resulting trap triggers a failed test. The monitor can filter out standard generic SNMP v1 trap types. Each OID field can be populated by selecting it from the MIB browser. The MIB browser is opened by pressing the button to the right of the OID field. System type: All
196
SSH2 script
Monitor description
The monitor can execute a command or script on a SSH2 host and compare the returned value with a predefined string using a compare type. If the compare operation evaluates to false the monitor generates an alarm. System type: All Category: Script
197
Monitor reference
SSH2 server
Monitor description
The monitor verifies that a nSSH2 server is responding to user logon attempts. This monitor does not support the older SSH1.x protocol. If credentials are omitted, the monitor performs a connection test only. System type: All Category: Network services
Monitor reference
Syslog
Monitor description
The syslog monitor can intercept syslog message sent to Network Monitor from one or more syslog hosts. The monitor can be configured to receive different types of messages. More than one syslog monitor can be added to each object to receive different combinations of messages. Before you create a monitor of this type, you need to start the internal syslog server. If another syslog service is executing on the Network Monitor host machine the result is unpredictable. System type: All Category: Log
Telnet server
Monitor description
The monitor verifies that a telnet server is responding. System type: All
199
Terminal service
Monitor description
Monitors that Windows terminal server responds to new logon sessions. System type: All Category: Network services
Terminal service monitor property page
TFTP server
Monitor description
The monitor tests if a TFTP server is responding to a RRQ operation. The purpose of the test is to verify that the TFTP server is running. The monitor tries to download a file named KNM. This file does not have to exist for the test to succeed. The monitor merely checks that the TFTP server is responding in the correct way to such a request. System type: All Category: Network services
Port - The port number the TFTP server is configured to use. Defaults to 69.
Transfer speed
Monitor description
The monitor measures the transfer speed between Network Monitor and an object. The test measures the time it takes to download the specified amount of data from the chargen.exe service running on the object. The chargen.exe service must be installed and running on the object. Microsoft supplies a chargen.exe server for Windows in the Simple TCP/IP Services package. The chargen.exe service uses port 19 (TCP) by default. System type: All 200
VMware performance
Monitor description
The monitor can query a VMware performance counter for a VMware host or a vCenter server and compare it to a value using a compare operation. If the compare operation evaluates to false the monitor fails the test. Supports ESX 4.1 & ESXi 5. Makes no changes to the target VMware host machine. Supports most performance counters objects, such as hosts, datastores, and virtualstores. VMware counters for guests (virtual machines) are not supported. System type: VMware Category: Performance
201
Monitor reference
Web server
Monitor description
The monitor can test a web server and validate the content of the requested page. Verify that the content in the requested page has not changed since the previous test. Search for a string in the page and verify links. System type: All Category: Network services
202
Monitor reference Custom host - Optional host header field to support named base virtual hosts. Verify checksum - Check option to have the monitor calculate the checksum vale of the page. If the checksum value changes between two tests the current test fails. To reset the checksum, open the property page and save the monitor. Ignore CN check - If checked the monitor does not validate the common name of the server certificate. This option is only valid if the monitor is using secure http. Ignore date check - If checked the monitor does not validate the expiry date of the server certificate. This option is only valid if the monitor is using secure http. Ignore CA check - If checked the monitor does not validate the certificate authority of the server certificate. This option is only valid if the monitor is using secure http. Cert. store - Name of the system certificate store. Use only if you want the monitor to send a client certificate to the server. Cert subject - Subject line of certificate to use in the system certificate store. Use only if you want the monitor to send a client certificate to the server. Proxy server - Optional address of proxy server. Proxy port - Optional server port of proxy server. Web server monitor page links - The URL specified determines the links displayed in Web server monitor page links section. The monitor must execute one test before it shows the links it can verify in the property view. To reset the checksum test (if the page has been updated) open the monitor property page and uncheck the checksum flag and save it, then open the monitor property page again and check the checksum flag and save the monitor.
Windows performance
Monitor description
The monitor can query a Windows performance counter to compare with a compare value using a compare operation. If the compare operation evaluates to false the monitor fails the test. Optionally two performance counters can be queried and combined before compared with the compare value. System type: Windows Category: Performance
203
Monitor reference Object/Counter/Instance - Optional. Secondary performance object. These values can be enumerated by using the enumeration function. The instance field is intentionally left blank for some counter types. Combine operation - Optional operation used when querying two counters. They can be combined into a final result by using the add, subtract, divide or multiplicative operation. Divisor - A value that the retrieved value is divided with before the comparison. Logon account - To override the object default account, select an account from the list. Data type - The unit of data sampled by the test. This makes it possible to group data from this type of monitor with other monitors such as CPU utilization in reports. Compare value - User defined compare value. Only numerical values are valid. Value type - Type of value returned. Compare operation - Operation used to evaluate the returned result and the predefined compare value.
See Also
Windows service control (page 59) (scheduled event) Windows service control (page 216) (action) Windows service list (page 118) (direct control)
204
Namespace - Name space to execute the query within. The default namespace is root\cimv2. WQL - A WQL query. Value name - The name of the value to retrieve when the query has been executed. If more then one result row is returned, the value is retrieved from the first row in the result set. Data type - The unit of data sampled by the test. This makes it possible to group data from this type of monitor with other monitors such as CPU utilization in reports. Compare value - Value to compare query result with. Value type - Type of value returned by the query. Operation - Operation to evaluate the returned query result and the compare value to determine if the test succeeded or failed.
205
Chapter 8
Action reference
See Alarms and alert handling (page 109) for a detailed description of how to use the actions described in this reference.
In This Chapter
Clear event log Execute command via SSH2 Execute Lua script Execute Windows command HTTP Get/Post List reset Net Send Paging via PageGate Send mail Send SMS SNMP Set Wake-on-LAN Windows service control 208 208 209 210 210 211 212 212 213 214 214 215 216
207
Action reference
Parameters
Host name - Host name or IP number. Leave blank to use the address of the object. Logon account - Account to use when executing the action. The Use no logon account option sets the action to not perform a Windows logon. Use object default account sets the action to use the account of the monitor or the object (if the monitor has no account specified). Log name - Name of the log to clear. For example, Application.
Parameters
Host name - Host name or IP number. Leave blank to use the address of the object. Logon account - Account to use when executing the action. Selecting an account is mandatory for this action. Account credentials are sent to the remote sever to perform the logon. Command - Command to execute. The following formatting variables can be included when specifying a command. %object_name - object name %monitor_name - monitor name %object_destination - object address Port - Port number that SSH2 server is listening on. Use telnet - Check this option to use the telnet protocol instead of the SSH2 protocol. Ensure the telnet parameters are correctly configured in the program settings page.
Warning: Remember that telnet is not encrypted and the username/password is sent in clear text.
208
Action reference
Parameters
Logon account - Account to use when executing the action. The action does not perform a Windows logon if the Use no logon account option is selected. Use object default account sets the action to use the account of the monitor or the object, if the monitor has no account specified. Script - Select the script from the list. The list is based on scripts located in the KNM\script folder of the KNM host machine. Argument (Simple scripts) - Arguments passed to the script. The following formatting variables can be included in the parameters passed to the script. %object_name - object name %monitor_name - monitor name %object_destination - object address No account logon - Selecting this option passes the username and password of the selected account to the script, so the script can perform any required authentication.
209
Action reference
Parameters
Logon account - Account to use when executing the action. The action doesl not perform a Windows logon if the Use no logon account option is selected. Use object default account sets the action to use the account of the monitor or the object, if the monitor has no account specified. The process inherits the credentials impersonated by Network Monitor. Command - Command to execute. The command is an executable that is located in the KNM root directory or in the Windows or System32 directory. Parameters - A string passed to the executed command as arguments.
HTTP Get/Post
Sends a HTTP Get or Post request to a web server.
Parameters
URL - The URL can be an absolute URL or an relative URL to the object. Port - Port number. Defaults to 80. SSL - Check option to use SSL. Remember that the web server normally listens to a different port then the default port of 80 for SSL traffic. If necessary, change the port number when selecting this option. The action accepts server side certificates with an invalid Common Name, expired date or invalid certificate authority. Checking and unchecking this box changes the port number between 80 (unchecked) and 443 (checked). Parameters - Post request only. Enter parameters using the format name=value, one parameter per row. The following formatting variables can be included in a parameter. %time - current time 210
Action reference %object_name - object name %object_destination - object address %monitor_name - monitor name %monitor_error - monitor error message %monitor_error2 - monitor error message, no time stamp %sys_distributionlist - distribution list %monitor_dependencystatus - dependency tree status %object_description - object description %network_name - network name %network_contactinfo - network contact information Username/Password - Optional. Authentication option if required. Proxy server - Address of proxy server. Proxy port - Proxy server port number. Get/Post - Method to use when sending request to web server.
Get request
URL - http://www.yourserver.com/test.php?test1=1&test2=2
Post request
URL - http://www.yourserver.com/test.php Parameters test1=1 test2=2
Get request
URL - test.php?test1=1&test2=2
Post request
URL - test.php Parameters test1=1 test2=2
List reset
The list-reset action, when executed, causes the execution to restart from the first action. The list-reset action can be used to get a loop behavior. The list-reset action is not executed by a recover action list.
211
Action reference
Net Send
The Net Send action can send a message to a Windows user. The message presents a pop-up message box on the user's computer. The action requires that the "Messenger" service be started on both the Network Monitor host and the users computer.
Note: This action cannot be used with Windows Vista operating systems or later.
Parameters
Hostname - Optional host name to send the message to. User - The Windows user to send the message to.
Parameters
Operators on duty - The message is sent to on duty operators only. If no operators are scheduled on duty, no message is sent. Operator group - The message is sent to all operators in the operator group assigned to the object Group manager - The message is only sent to the operator that is designated as group manager of the operator group assigned to the object. If the operator group does not have an designated group manager, no message is sent. Specific operator group - The message is sent to the selected operator group. Using this option you can escalate the alarm to include more operators then only the operators in the operator group assigned to the object. Group - If the specific operator group option was selected, select a group from this list. Specific recipient - The message is sent to specific recipients defined in the Specific recipient field below. Specific recipient - One or more email addresses separated with a semi-colon. Short message - Check this option to send a compressed message. For example if the message is sent over an SMS gateway. This option removes the following information to conserve the size of message. %object_description - object description 212
Action reference %sys_distributionlist - distribution list %sys_charts - real time graphs %monitor_dependencystatus - dependency tree status %monitor_error - monitor error message %network_contactinfo - network contact information
Send mail
The Send mail action sends an email to one or more recipients. The message is formatted according to the format specified in the monitor. If the monitor format specification is empty, the default format is used. The default format can be changed in the program settings page.
Parameters
Operators on duty - The message is sent to on duty operators only. If no operators are on duty, no message is sent. Operator group - The message is sent to all operators in the operator group assigned to the object Group manager - The message is only sent to the operator that is designated as group manager of the operator group assigned to the object. If the operator group does not have an designated group manager, no message is sent. Specific operator group - The message is sent to the selected operator group. Using this option you can escalate the alarm to include more operators then only the operators in the operator group assigned to the object. Group - If the Specific operator group option was selected, select a group from this list. Specific recipient - The message is sent to specific recipients defined in the Specific recipient field below. Specific recipient - One or more email addresses separated with a semi-colon. Short message - Check this option to send a compressed message, for example, if the message is sent over an SMS gateway. This option removes the following information to conserve the size of message. %object_description - object description %sys_distributionlist - distribution list %sys_charts - real time graphs %monitor_dependencystatus - dependency tree status %monitor_error - monitor error message %network_contactinfo - network contact information
213
Action reference
Send SMS
The Send SMS action sends an SMS to one or more recipients. The SMS is formatted according to the format specified in the monitor. If the monitor format specification is empty, the default format is used. The default format can be changed in the program settings page. The max message text is 160 characters. Excessive text is truncated before sending the SMS. To use this action a SMS device must be configured and the operators must have a SMS number set.
Parameters
Operators on duty - The message is sent to on duty operators only. If no operators are scheduled on duty, no message is sent. Operator group - The message is sent to all operators in the operator group assigned to the object. Group manager - The message is sent to the operator that is designated as a group manager of the operator group assigned to the object. If the operator group does have an designated group manager, no message is sent. Specific operator group - The message is sent to the selected operator group. Using this option, you can escalate the alarm to include more operators then only the operators in the operator group assigned to the object. Group - If the Specific operator group option was selected, select a group from this list. Specific recipient - The message is sent to specific recipients defined in the Specific recipient field below. Specific recipient - One or more email addresses, separated with a semi-colon. Short message - Check this option to send a compressed message, for example, if the message is sent over an SMS gateway. This option removes the following information to conserve size of message. %object_description - object description %sys_distributionlist - distribution list %monitor_dependencystatus - dependency tree status %monitor_error - monitor error message %network_contactinfo - network contact information
SNMP Set
The SNMP Set action can be used to change values of object identifiers (OIDs) in a remote SNMP agent.
214
Action reference
Note: The system hosting the Network Monitor server must have the Windows SNMP Service running to use SNMP monitoring. Any community specified by Network Monitor for monitoring must also be specified by the SNMP Service on the host machine. See Installation Checklist (page 6).
Parameters
Hostname - Host name or IP number. Leave blank to use the address of the object. Community - SNMP community to use. OID - Object identifier to change. Value - Value to set Syntax type - Type of value. The value can be an integer or a string.
Wake-on-LAN
The Wake-on-LAN action (WOL) can start a host that is compliant with the WOL standard. Refer to the host's documentation to determine if the action can be used.
Note: This action is restricted to waking up hosts located on the same broadcast network segment as the host used to send the WOL packet.
Parameters MAC - The MAC address of the interface to send the WOL packet to. The format of the MAC address is AA-BB-CC-DD-EE-FF. Leave the field blank to use the MAC address of the object. Packet count - How many times the packet should be sent. Set this value to higher then 1 to be sure that the host receives it. Interval - The time to wait, in seconds, between sending each packet. If the packet count is set to 5 and the interval to 5, 5 packets are sent during a 25 second period.
215
Action reference
Parameters
Host name - Host name or IP number. Leave blank to use the address of the object. Logon account - Account to use when executing the action. The Use no logon account option sets the action to not perform a Windows logon. Use object default account sets the action to use the account of the monitor or the object, if the monitor have no account specified. For this action it's recommended to set this value to Use object default account, since the object most likely uses the same set of credentials as the monitor triggering this action. Service name - Name of service. Leave this blank to get the service name from the monitor. This requires that the monitor executing this action list be a Windows service monitor with only one service configured to check. Type - Select the type of operation to perform.
See Also
Windows service control (page 59) (schedule event) Windows service list (page 118) (direct control) Windows service status (page 204) (monitor)
216
Chapter 9
In This Chapter
Windows performance registry Windows Management Instrumentation (WMI) 218 219
217
Subtopics
How to verify that KNM have access to remote registry service (page 218) Memory leaks in remoteregistry service on monitored machine (page 219) Caching of counters (page 219)
218
Windows Performance Monitoring 5. If counters are missing, and you have verified that the same counters are missing in the performon.exe tool, the performance counter library might need to be rebuilt. See http://support.microsoft.com/kb/300956 (http://support.microsoft.com/kb/300956). 6. If counters still are missing the counters may be published by a 64 bit dll, Network Monitor is a 32 bit application and cannot yet read 64 bit counter values. User have either to install a 32 bit version of the dll or use WMI to query the counter.
Caching of counters
When the monitor of an object performs its first test after restarting, it caches all the counter and [Winperf] object names to improve the bandwidth usage for all subsequent tests performed against the object. This can be a problem if the user installs a new piece of software on the monitored machine that publishes additional performance counters, after Network Monitor has tested a Windows performance monitor against it. The problem manifests itself as "missing counters" when Network Monitor enumerates the counters, but the counters are visible in the perfmon.exe tool. To reset the cache the user needs to open up the Network Monitor System admin console from the Tools menu. The operator needs to be system admin to see the menu entry. Issue the following command: clear-counter-cache <object> OBJECT_NAME is the exact name of the object that is having its cache reset.
WMI Troubleshooting
This article describes common problems with Windows performance monitoring and how to resolve it.
Background
The following error message is displayed 219
Windows Performance Monitoring Access denied. User may lack remote launch and remote activation permission. The following monitor types use WMI when the object flag Use WMI is checked. WMI Query monitor (*) Active directory monitor(*) Bandwidth monitor CPU monitor Disk monitor Memory monitor Swap monitor * Always use WMI This error message is displayed when: The user account used is not enabled to use WMI in the domain or on the monitored machine. The firewall is closed. The user is not an administrator on the monitored machine.
Subtopics
Verifying that is enabled for the account (page 221) Adjusting the firewall settings (page 223) Additional for non-administrator users (page 223) Verifying that WMI works (page 223) Problem with data returned from performance counters read by WMI Full index of Microsoft WMI troubleshooting articles (page 225)
220
221
Windows Performance Monitoring Select the security tab and click "Security".
222
Windows Performance Monitoring Enable "Remote enable" for the group/user that you plan to use.
In the article, follow the steps to: Grant DCOM remote launch and activation permissions for a user or group. Grant DCOM remote access permissions.
223
Windows Performance Monitoring wbemtest.exe When the utility has started, click the "Connect" button.
Enter the following address and replace "my_ip" with the IP number of the monitored machine: \\my_ip\root\cimv2 Enter the username and password that you use in KNM. In the Authority field, enter the domain name of the user. Click "Connect" and then "Enum classes". In the dialog "Superclass info" , click the recursive radio button and click ok.
The utility now populates the Query result window with information from the monitored machine. If this 224
Windows Performance Monitoring does not happen, consult the following troubleshooting information on Microsoft support web site.
http://support.microsoft.com/kb/951016 (http://support.microsoft.com/kb/951016)
225
Index
Index
2
24 Hour Alarm List 114
5
50 latest syslog messages 159
A
Access denied 147 Acknowledging alarms 113 Action lists 110 Action lists on gateways 166 Action reference 207 Active Directory integration 151 Active Directory monitor 171 Adding a customized report 72 Adding a logon account 44 Adding a maintenance schedule 60 Adding a new action list 111 Adding a new monitor 27 Adding a new network 42 Adding a report template 74 Adding a scheduled event 48 Adding a style template 76 Adding an object template 135 Adding an operator schedule 62 Adding and editing actions 112 Adding and editing content 93 Adding content to reports 74 Adding empty objects 16 Adding gateways 94 Adding networks 93 Adding objects 94 Adding objects from templates 16 Adding operator groups 39 Adding operators 32 Adding operators to an operator group 39 Additional for non-administrator users 223 Adjusting the firewall settings 223 Administrator settings 9 Advanced topics 115 Alarm summary widget 86 Alarms and alert handling 109 Assigning objects to a gateway 165 Auto login 152
Caching of counters 219 Changing dashboard settings 83 Changing widget settings 84 CIM Monitor 174 Citrix server 175 Clear event log 208 Clear Windows event log 49 Comments 69 Compiling custom MIB files 116 CPU utilization 175 Creating a connection 97 Creating custom NOC views 133 Creating dashboards 82 Creating network maps 92 Creating widgets 84 Customized reports 71
D
Dashboard overview 82 Dashboards and operator rights 82 Data extraction reference 118 Data tables 67 Data type settings 102 Database server 176 Deleting a connection 97 Deleting content 96 Deleting dashboards 83 Deleting network maps 93 Deleting widgets 84 DHCP query 176 dir 119 Directory property 177 Disk utilization 178 Display monitor details 30 Displaying logon account details 46 Displaying network details 43 Displaying object details 24 Distributed edition 161 Distributed edition introduction 162 Distributed Servers and Gateways 3 Dividing the schedule into periods 63 DNS lookup 179 Downtime 68
E
Editing a connection 97 Editing a customized report 72 Editing a logon account 44 Editing a maintenance schedule 60 Editing a network 43 Editing a report template 74 Editing a scheduled event 48 Editing a single monitor 28 Editing a single object 21 Editing a single operator 33 Editing a style template 76 Editing an action list 111 Editing an operator group 40 Editing an operator schedule 62
B
Backup and restore 155 Backup of Network Monitor 155 Bandwidth usage visualization 96 Bandwidth utilization 172
227
Index
Editing content 95 Editing multiple monitors 29 Editing multiple objects 23 Editing multiple operators 35 Email and SMS settings 98 Emailing and publishing reports 78 Enabling secure HTTP 153 Environment monitor 179 Event log 180 Event log monitor 147 Execute command via SSH2 50, 208 Execute Lua script 50, 209 Execute Windows command 52, 210 Export statistics data 50 Exporting object templates 136 External resources 147 Listing action lists 111 Listing and searching customized reports 71 Listing and searching logon accounts 45 Listing and searching monitors 25 Listing and searching networks 41 Listing and searching objects 14 Listing and searching report templates 73 Listing maintenance schedules 59 Listing object templates 134 Listing operator groups 38 Listing operator schedules 62 Listing operators 32 Listing scheduled events 47 Listing style templates 75 Local dependencies 157 Local Downloads 128 Log entries widget 88 Log file 183 Log search 129 Log settings 99 Logging in 14 Logging On 8 Logon accounts and Windows authentication 46 Lua 156 Lua script 184
F
Favourite items 88 File change 181 FTP server 182 Full index of Microsoft WMI troubleshooting articles 225
G
Gateway configuration 164 Generate a report 52 Gizmo 127 Graphs 65 Graphs in customized reports 66
M
Mail server QOS 185 Mail settings 10 Maintaining licenses 14 Maintenance schedules 59 Managing logon accounts 44 Memory leaks in remote registry service on monitored machine 219 Memory utilization 185 Message format options 130 MIB Browser 117 Microsoft Exchange monitor 186 Microsoft SQL server monitor 187 Miscellaneous settings 103 Monitor reference 169 Monitor status progression 110 Monitor status widget 85 monitor_graph 119 monitor_status_list 119 monitor_statusstring 120 monitor_uptimestring 120 Monitors 25 Monitors using Windows authentication 146 Multi-edit 96 MySQL monitor 188
H
How to verify that KNM have access to remote registry service 218 HTTP Get/Post 210 HTTP GET/POST request 55
I
Images 69 IMAP4 server 182 Import from Active Directory 20 Import from seed file 20 Importing custom icons 91 Importing Kaseya monitoring sets 136 Importing map graphics 91 Importing Network Monitor template definition files 136 Importing object templates 135 Importing objects 19 Init.cfg parameters 125 Installation 5 Installation Checklist 6 Interface port settings 154 Introduction 64, 90 Introduction and basic management 14
N
Net send 55 Net Send 212 Network discovery 17 Network Discovery settings 9 Network map settings 92 Network map widget 87 Network maps 89 Network Monitor Concepts 2
L
LDAP query 183 Linking an object to a template 136 List reset 211
228
Index
Network Monitor Overview 1 Network Monitor Service account and rights assignment 146 Network Monitor System Requirements 7 Network path can not be found 148 Network status widget 84 Networks 41 NNTP server 190 NOC view settings 101 NOC views 132 Notepad widget 89 Selecting content 95 Send email 56 Send mail 213 Send SMS 57, 214 Send status report 58 Send Wake-On-LAN 57 Server and gateway communication 163 Server configuration 163 Server Sizing 6 Service Desk 107 Service monitor 147 Sharing dashboards 83 Simulate alarm 138 SMS device configuration 10, 139 SMTP server 195 SNMP 195 SNMP Set 57, 214 SNMP trap 196 SNMP Traps 118 Specifying working hours 63 SSH2 script 197 SSH2 server 198 Standard, Distributed and Gateway Installs 6 Starting the map editor 91 Style templates 75 Swap file utilization 198 Syslog 199 System administration page 106 System administrator console 141 System settings 98 System status widget 86
O
Object status widget 84 Object templates 134 object_xml 121 objectlist_xml 123 Objects 14 Operator access rights 36 Operator groups 38 Operator schedules 61 Operator status widget 85 operator_status 124 Operators 31 Operators and operator groups 31 Oracle monitor 190
P
Paging via PageGate 212 Paging with PageGate 55 Performance related issues with monitored object 148 Ping 192 POP3 server 193 Process status 193 Publishing network maps 96
T
TCP port scan 199 Telnet server 199 Terminal service 200 test_status 125 TFTP server 200 The dashboard 81 The management interface 13 The map editor 91 The My settings page 37 The RPC server is unavailable 149 The system default dashboard 84 Time synchronization 163 Toplist configuration examples 71 Toplist widget 88 Toplists 69, 143 Transfer speed 200 Trigger monitor test 58 Troubleshooting 147, 166 Troubleshooting Windows monitoring and authentication 145
Q
Quick reports 80
R
Radius monitor 193 Recovering from alarms 114 Report items 65 Report templates 73 Reports 64 Responding to alarms 110 Restore of configuration 155 Restricting access 153 Review and Save Settings 11 Running the Startup Guide 8
S
Scheduled event reference 49 Scheduled events 47 Schedules and events 47 Scheduling reports 80 Searching for maintenance schedules 61 Searching for operators and operator groups 41 Searching for scheduled events 49 Selecting a Service Account 8
U
UNIX system support files 149 Unlink an object from its template 137 Upgrading an existing installation 12 Using the organizer tools 95
229
Index
V
Verifying that WMI is enabled for the account 221 Verifying that WMI works 223 version 125 Viewing reports 77 Visual feedback 98 VMware performance 201
W
Wake-on-LAN 215 Web page widget 87 Web server 202 Web server configuration 151 Widgets 84 Windows Management Instrumentation (WMI) 219 Windows performance 203 Windows Performance Monitoring 217 Windows performance registry 218 Windows service control 59, 216 Windows service list 118 Windows service status 204 WMI Query monitor 204
230