Intellipool Network Monitor 3.3 © 2007 Intellipool AB
Intellipool Network Monitor © 2007 Intellipool AB All rights reserved. No parts of this work may be reproduced in any form or by any means - graphic, electronic, or mechanical, including photocopying, recording, taping, or information storage and retrieval systems - without the written permission of the publisher. Products that are referred to in this document may be either trademarks and/or registered trademarks of the respective owners. The publisher and the author make no claim to these trademarks. While every precaution has been taken in the preparation of this document, the publisher and the author assume no responsibility for errors or omissions, or for damages resulting from the use of information contained in this document or from the use of programs and source code that may accompany it. In no event shall the publisher and the author be liable for any loss of profit or any other commercial damage caused or alleged to have been caused directly or indirectly by this document. Printed: december 2007 in Härnösand, Sweden
Contents
I
Table of Contents 0
Part I Introduction
2
1 Copyright notice ................................................................................................................................... 3 2 End user license ................................................................................................................................... agreement 4
Part II Before you install
8
1 Calculating memory ................................................................................................................................... usage 9 2 Software and................................................................................................................................... hardware requirements 10 3 Service logon ................................................................................................................................... account 11
Part III Running the startup guide
13
1 Step 1 - Creating ................................................................................................................................... an operator account 14 2 Step 2 - Configure ................................................................................................................................... mail settings 15 3 Step 3 - Configure ................................................................................................................................... SMS device (optional) 16 4 Step 4 - Review ................................................................................................................................... and save settings 18
Part IV Starting to work with INM
20
1 Login page ................................................................................................................................... 22 2 The index page ................................................................................................................................... 23 3 Entering the ................................................................................................................................... license key 25 4 My settings ................................................................................................................................... 26 5 Creating an account ................................................................................................................................... 27 6 Creating an object ................................................................................................................................... 29 7 Adding monitors ................................................................................................................................... to an object 31 8 Configuring an ................................................................................................................................... action list 34 9 Dependency................................................................................................................................... tree 37 10 Monitor information ................................................................................................................................... page 43 11 Object information ................................................................................................................................... page 44 12 Simulate alarm ................................................................................................................................... 46 13 Auto scan
................................................................................................................................... 47
14 Monitor list ................................................................................................................................... 50 15 Object list
................................................................................................................................... 52
Part V Advanced topics
55
1 Account manager ................................................................................................................................... 56 2 Acknowledge................................................................................................................................... alarm 57 3 Compiling custom ................................................................................................................................... MIB files 59 4 Data extraction ................................................................................................................................... reference 61 dir .......................................................................................................................................................... monitor_graph .......................................................................................................................................................... monitor_status_list ..........................................................................................................................................................
61 61 62
I
II
Intellipool Network Monitor monitor_statusstring .......................................................................................................................................................... monitor_uptimestring .......................................................................................................................................................... object_xml .......................................................................................................................................................... objectlist_xml.......................................................................................................................................................... operator_status .......................................................................................................................................................... test_status .......................................................................................................................................................... version ..........................................................................................................................................................
62 63 63 67 68 69 69
5 Exporting statistics ................................................................................................................................... 70 6 INM Gizmo ................................................................................................................................... 72 7 Local downloads ................................................................................................................................... 74 8 Log search ................................................................................................................................... 76 9 Object import ................................................................................................................................... 77 10 Object templates ................................................................................................................................... 78 Creating an object .......................................................................................................................................................... template Exporting and.......................................................................................................................................................... importing object templates Linking an object .......................................................................................................................................................... Unlink an object ..........................................................................................................................................................
11 Operator
78 78 79 80
................................................................................................................................... 81
12 Operator group ................................................................................................................................... 85 13 Pre-configured ................................................................................................................................... monitors 86 14 Program settings ................................................................................................................................... 87 15 Reports
................................................................................................................................... 92
Report items .......................................................................................................................................................... Customized reports .......................................................................................................................................................... Report templates .......................................................................................................................................................... Quick reports.......................................................................................................................................................... Style templates ..........................................................................................................................................................
94 95 96 97 99
16 Schedules ................................................................................................................................... 100 Maintenance.......................................................................................................................................................... schedule Event schedule .......................................................................................................................................................... Operator schedule ..........................................................................................................................................................
100 101 103
17 SMS device................................................................................................................................... configuration 106 18 System administration ................................................................................................................................... 109 AD integration .......................................................................................................................................................... Configuring .......................................................................................................................................................... web server interface Enable secure .......................................................................................................................................................... HTTP Init.cfg parameters .......................................................................................................................................................... Restrict access .......................................................................................................................................................... to web interface Setting system .......................................................................................................................................................... administrator message System administrator .......................................................................................................................................................... console
109 110 111 112 113 113 114
19 System types ................................................................................................................................... 118 20 Toplists
................................................................................................................................... 120
21 Troubleshooting ................................................................................................................................... Windows monitoring and authentication 123 INM Service .......................................................................................................................................................... account and rights assigment CPU/Disk/Memory/Process/Swap .......................................................................................................................................................... monitor Event log monitor .......................................................................................................................................................... Service monitor .......................................................................................................................................................... External resources .......................................................................................................................................................... Troubleshooting .......................................................................................................................................................... Access denied ......................................................................................................................................................... Credential ......................................................................................................................................................... conflicts Network......................................................................................................................................................... path can not be found
124 125 126 127 128 128 128 129 129
Contents
III
Performance ......................................................................................................................................................... related issues with monitored object Remote ......................................................................................................................................................... session limit The RPC......................................................................................................................................................... server is unavailable
Part VI Monitor reference and configuration exampels
129 130 130
132
1 Bandwidth ................................................................................................................................... utilization 133 2 Citrix server................................................................................................................................... 134 3 CPU utilization ................................................................................................................................... 135 Example
..........................................................................................................................................................
136
4 Database server ................................................................................................................................... 137 Example
..........................................................................................................................................................
138
5 DHCP query................................................................................................................................... 139 6 Directory property ................................................................................................................................... 139 7 Disk utilization ................................................................................................................................... 141 8 DNS lookup................................................................................................................................... 142 9 Event log ................................................................................................................................... 143 Example
..........................................................................................................................................................
144
10 File change................................................................................................................................... 145 Example
..........................................................................................................................................................
147
11 FTP server ................................................................................................................................... 148 12 IMAP4 server ................................................................................................................................... 149 13 LDAP query................................................................................................................................... 150 14 Log file
................................................................................................................................... 151
15 Lua script ................................................................................................................................... 153 16 Mail server ................................................................................................................................... QOS 154 17 Memory utilization ................................................................................................................................... 155 Example
..........................................................................................................................................................
156
18 NNTP server ................................................................................................................................... 157 19 Ping
................................................................................................................................... 158
20 POP3 server ................................................................................................................................... 159 21 Process status ................................................................................................................................... 160 22 Sensatronics ................................................................................................................................... device 161 23 Sensatronics ................................................................................................................................... EM 162 24 Sensatronics ................................................................................................................................... temptrax 163 25 SMTP server ................................................................................................................................... 164 26 SNMP
................................................................................................................................... 165
27 SNMP trap ................................................................................................................................... 167 28 SSH2 script................................................................................................................................... 168 29 SSH2 server................................................................................................................................... 169 30 Swap file utilization ................................................................................................................................... 170 31 Syslog
................................................................................................................................... 171
32 TCP port scan ................................................................................................................................... 172 33 Telnet server ................................................................................................................................... 173 34 Terminal service ................................................................................................................................... 174 35 TFTP server................................................................................................................................... 175
III
IV
Intellipool Network Monitor 36 Transfer speed ................................................................................................................................... 176 37 Web server................................................................................................................................... 177 38 WMI Query ................................................................................................................................... monitor 179 39 Windows performance ................................................................................................................................... 180 Example
..........................................................................................................................................................
181
40 Windows service ................................................................................................................................... status 182
Part VII Action reference
184
1 Clear event................................................................................................................................... log 185 2 Execute command ................................................................................................................................... via SSH2 186 3 Execute Lua................................................................................................................................... script 187 4 Execute Windows ................................................................................................................................... command 188 5 HTTP Get/Post ................................................................................................................................... 189 6 List reset ................................................................................................................................... 191 7 Net Send
................................................................................................................................... 192
8 Paging via PageGate ................................................................................................................................... 193 9 Send mail ................................................................................................................................... 194 10 Send SMS ................................................................................................................................... 195 11 SNMP Set ................................................................................................................................... 197 12 Wake-on-LAN ................................................................................................................................... 198 13 Windows service ................................................................................................................................... control 199
Part VIII Distributed edition
201
1 Communication ................................................................................................................................... between server and gateway 202 2 Time synchronization ................................................................................................................................... 202 3 Server configuration ................................................................................................................................... 202 4 Gateway configuration ................................................................................................................................... 203 5 Assigning objects ................................................................................................................................... to a gateway 204 6 Action lists ................................................................................................................................... 205 7 Troubleshooting ................................................................................................................................... 205
Part IX LUA Index
208 210
Section I
2
1
Intellipool Network Monitor
Introduction Intellipool Network Monitor is a complete solution for agentless monitoring, notification, and reporting. Intellipool Network Monitor, or INM for short, have a wide range of monitoring options for all common operating systems. · AIX (4.2 and above) · CentOS · Debian · Fedora · FreeBSD · HP-UX · Generic Linux · OpenBSD · OpenSUSE 10.2 · Red Hat Enterprise Server · Solaris · Ubuntu · Windows NT, 2000, XP, 2003 and Vista Two editions INM comes in two different editions, standard and distributed. Distributed edition contains the same features as the standard edition but is capable of monitoring hosts behind firewalls that cant be reached by external hosts.
INM Standard Edition logotype
INM Distributed Edition logotype
Everything included INM is self contained, including everything it needs to perform the job. The administration web interface is delivered by the internal web server and the statistics is stored by its own database engine. About the documentation This documentation is divided into two main section, the Starting to work with INM section for new users and the Advanced topics for users that have been using INM for some time and is familiar with the terminology. If this is the first time you install and use INM we recommend that you read the chapter Running the startup guide before you begin the installation. Thanks! We would like to thank you for using INM, we have done our best to produce a quality product that we hope live up to or exceeds your expectation. We very much like to hear from you, especially if you have suggestions to make this product even better. Feel free to contact us trough our forums or directly on our support mail address. http://www.intellipool.se/forum
[email protected]
Introduction
1.1
3
Copyright notice Intellipool Network Monitor Copyright © 2001-2007 Intellipool AB. All rights reserved Portions Copyright © 2000-2006 by Bitvise Ltd, SSH2 support powered by sshlib Portions Copyright © 1995-2006 by Wei Dai. All rights reserved Portions Copyright © 1990-2002 Info-ZIP. All rights reserved. For the purposes of this copyright and license, "Info-ZIP" is defined as the following set of individuals: Mark Adler, John Bush, Karl Davis, Harald Denker, Jean-Michel Dubois, Jean-loup Gailly, Hunter Goatley, Ian Gorman, Chris Herborth, Dirk Haase, Greg Hartwig, Robert Heath, Jonathan Hudson, Paul Kienitz, David Kirschbaum, Johnny Lee, Onno van der Linden, Igor Mandrichenko, Steve P. Miller, Sergio Monesi, Keith Owens, George Petrov, Greg Roelofs, Kai Uwe Rommel, Steve Salisbury, Dave Smith, Christian Spieler, Antoine Verheijen, Paul von Behren, Rich Wales, Mike White This software is provided "as is", without warranty of any kind, express or implied. In no event shall Info-ZIP or its contributors be held liable for any direct, indirect, incidental, special or consequential damages arising out of the use of or inability to use this software. Permission is granted to anyone to use this software for any purpose, including commercial applications, and to alter it and redistribute it freely, subject to the following restrictions: 1. Redistributions of source code must retain the above copyright notice, definition, disclaimer, and this list of conditions. 2. Redistributions in binary form (compiled executables) must reproduce the above copyright notice, definition, disclaimer, and this list of conditions in documentation and/or other materials provided with the distribution. The sole exception to this condition is redistribution of a standard UnZipSFX binary as part of a self-extracting archive; that is permitted without inclusion of this license, as long as the normal UnZipSFX banner has not been removed from the binary or disabled. 3. Altered versions--including, but not limited to, ports to new operating systems, existing ports with new graphical interfaces, and dynamic, shared, or static library versions--must be plainly marked as such and must not be misrepresented as being the original source. Such altered versions also must not be misrepresented as being Info-ZIP releases--including, but not limited to, labeling of the altered versions with the names "Info-ZIP" (or any variation thereof, including, but not limited to, different capitalizations), "Pocket UnZip", "WiZ" or "MacZip" without the explicit permission of Info-ZIP. Such altered versions are further prohibited from misrepresentative use of the Zip-Bugs or Info-ZIP e-mail addresses or of the Info-ZIP URL(s). 4. Info-ZIP retains the right to use the names "Info-ZIP", "Zip", "UnZip","UnZipSFX", "WiZ", "Pocket UnZip", "Pocket Zip", and "MacZip" for its own source and binary releases.
4
1.2
Intellipool Network Monitor
End user license agreement This license agreement is a binding contract between you (natural person or legal entity) and Intellipool AB, and applies to the software product from Intellipool AB specified above. By installing, producing copies or otherwise using this software, you are accepting the terms of this license agreement, and thereby consenting to be bound by it. If you do not accept the terms of this license, you are not entitled to install or use this software. 1. Licensed Product The Licensed Product consists of the software program in a machine-readable form, including specifications and other electronic documentation, as indicated above. 2. Grant of license This License Agreement gives the licensee a non-exclusive right to use the Licensed Product pursuant to the terms and conditions of this Agreement. 3. License fee The rights granted under this License are conditioned on the licensee having paid the license fee for the Licensed Product, pursuant to the terms and conditions applied by the licensor at the time in question. 4. Free versions of the software The terms and conditions of this license agreement shall also apply to users who are given access to the free version of the software product supplied by the Licensor. 5. Scope of the License The Licensee shall be entitled to install one copy of the Licensed Product on a single computer, which is used to provide users within the organization of the Licensee with access to the functions of Licensed Products. A few copies of the Licensed Product may be made for security- and archive-related purposes. Copies of the Licensed Product produced in this manner shall be subject to the terms and conditions of this Agreement. The Licensee may not, by itself or through another, use, copy or otherwise transfer or use the Licensed Product, in whole or in part, other than as set forth in this License Agreement. The Licensee may not, by itself, nor through another, discover, decompile or otherwise use the code to the Licensed Product to any extent not expressively allowed pursuant to law. The Licensee may not, directly or indirectly, with or without consideration, sublicense, lease, lend or otherwise allow anyone but the Licensee to control or use the Licensed Product. Production of copies of the Licensed Product for private use is thus not allowed. The assignment of any and all rights pursuant to this License Agreement may only be done with the written consent of the Licensor. 6. Licensor’s right to the Licensed Product The rights granted by this license shall not be construed to mean that the Licensor’s rights, including copyright and patent rights, where applicable, to the Licensed Product are being transferred to the Licensee. Nor do the rights granted by this license mean a transfer to the Licensee of title to the Licensed Product or to the medium on which the Licensed Product are made accessible to the Licensee.
Introduction
5
7. The Licensee’s duty to inspect and right to rescind The Licensee, upon receiving the Licensed Product, has an obligation to check its functions and quality. If the Licensee finds that the Licensed Product do not fulfill the functions specified by the Licensor in the documentation included with the Licensed Product pursuant to section one, the Licensee shall be entitled to rescind the License Agreement. This right to rescission is conditioned upon the Licensor receiving a written notice within thirty (30) days of the date of delivery. In the case of a rescission, the Licensor shall immediately refund the license fee. The Licensee shall not have the right to interest on this amount. In the event the Licensed Product has been sold through a distributor, the distributor shall be responsible to effect a refund of the license fee. 8. Right to cure defects, etc. The Licensor shall cure deviations from the software specification of the Licensed Product, provided that the deviations affect the use of the Licensed Product to a significant degree. The Licensor may, in conjunction with this, choose to upgrade the Licensee’s version of the software. 9. Limitation of liability Beyond what is stipulated in the above provisions, the Licensor shall have no liability for the functioning or quality of the Licensed Product, since any defects are fully regulated through this Agreement. Thus, the Licensor shall not be obligated, under any circumstances, to pay damages on account of a defect in the Licensed Product. In addition, the Licensor shall have no liability for damage or injury, whether direct or indirect, which may have been sustained by the Licensee, regardless whether such damage or injury consists of lost revenues or additional expenses, such as lost or damaged data or the liability to reimburse a third party. 10. Confidentiality The Licensed Product contains business and trade secrets belonging to the Licensor. These have been made accessible to third parties only through this License Agreement. The Licensee is therefore under an obligation not to make the Licensed Product accessible to others without the written consent of the Licensor, and to take all reasonable actions to prevent third parties from accessing the business and trade secrets that the Licensed Product contain. The licensee is responsible for ensuring that the relevant staff receive instruction in this matter, and are obligated to abide by the rules for using the Licensed Product. The Licensee’s obligation to maintain confidentiality shall continue to apply after the right to use the Licensed Product pursuant to this Agreement ceases due to cases of rescission or termination, or through assignment. The obligation to maintain confidentiality continues for a period of five years. In the case of copies maintained on file, pursuant to law, the obligation to maintain confidentiality shall continue as long as the Licensee shall keep the copy on file. The Licensee shall be obligated to store Licensed Product in a secure manner during the period of the license, so as to prevent dissemination of the Licensed Product. 11. Damages, etc. In the event the Licensee shall violate any term of this Agreement that is of material importance to the Licensor, the Licensee shall indemnify the Licensor for its damage,
6
Intellipool Network Monitor
regardless of whether or not the Licensor shall choose to rescind this Agreement. If, as a result of the breach of contract, an unauthorized person shall gain access to information regarding all or part of the Licensed Product, and this shall adversely affect the opportunities of the Licensor to market and grant licenses for the Licensed Product, the damage in each individual case shall be deemed to be equal to five Basic Amounts for National Insurance, unless damage in excess of that amount is proved. If the Licensee’s breach of contract consisted of producing unauthorized copies, or parts thereof, the Licensee shall not only be obligated to pay the license fees for the unauthorized copies produced, but shall also be obligated to compensate the Licensor for any additional damage or injury. 12. Term of the License, termination Upon payment of the license fee, the rights granted under this license shall continue indefinitely. At any time during the term of this license, the Licensee shall be entitled to terminate this Agreement. This termination shall not entitle the Licensee to a refund of any part of the license fee paid. The Licensor shall be entitled to terminate this License Agreement upon immediate notice in the event the Licensee shall violate any of the terms of the Agreement. The rights granted under this license shall automatically terminate when the Licensed Product is no longer in the possession of the Licensee. Upon the termination of this Agreement, the Licensee shall be obligated to immediately destroy the Licensed Product, including both the software itself and copies thereof and the specifications and other documentation. 13. Publicity The Licensed Product may be distributed through one or more distributors, in one or more countries throughout the world (each a Distributor, and collectively, the Distributors). By clicking the 'I Accept' button, installing, copying or otherwise using copies of the Licensed Product, Licensee grants INTELLIPOOL and the Distributors a limited, revocable, non-exclusive right and license to use Licensee’s trademarks, tradenames and tradedress for the sole purpose of informing the public that Licensee uses the SOFTWARE, so long as the Licensee continues to use the Licensed Product and/or has not revoked such license in writing. 14. Disputes Disputes regarding the interpretation and/or application of this Agreement shall, in all cases, be determined by a Swedish court according to Swedish law.
Section II
8
2
Intellipool Network Monitor
Before you install We recommend that you complete the following pre-installation checklist before installing INM. 1. Make an estimation of the number of objects and agents INM will monitor and using the numbers provided in the "Memory usage" section, calculate the estimated memory usage of INM. Check that the host machine has enough free memory to run INM. 2. Check that the host machine meets the software and hardware requirements. 3. Make sure that a Windows account to be used by INM have the right privileges 4. If SNMP will be used, install and start the Windows SNMP service on the INM host machine 5. If ODBC logging will be used, create a ODBC system data source on the INM host machine. 6. If a GSM phone will be used, install it and verify that it is responding correctly with a terminal program (?) 106 When completed you are ready to install INM. After installing INM and connecting to the web interface for the first time, consult the chapter "Running the startup guide 13 ".
Before you install
2.1
9
Calculating memory usage To calculate the average agent/object memory usage the following numbers can be used. Type
Size (bytes)
Agent
2048
Agent statistical data
16000
Object
512
The INM executable consumes 13 mb. Example This example assumes 2 active data inputs per agent. To estimate the memory need of a 1000 agent , 100 object INM installation. Agent size = 1000 x (2048 + (16000 * 2)) = 33.2 mb Object size = 100 * 512 = 51 200 = 50 kb INM executable = 11 mb Total memory consumption 33.2 mb + 11 mb + 50 kb = 44.25 Mb This value does not include error logs and other parameters.
10
2.2
Intellipool Network Monitor
Software and hardware requirements Recommended software and hardware requirements Operating system · Windows 2000 SP 4, Windows 2003 or Windows XP with the latest service pack Hardware · Intel Pentium III 800 MHz or AMD Athlon 800 MHz · 128 Mb memory · 20 Mb free disk space · Network interface card Browser supported · Microsoft Internet Explorer 6.0 with SR1 or greater · Opera 8.0 or greater · Firefox 1.5 or greater The following features must be enabled in your browser settings. · Accept third party cookies · Java script enabled Cookies are needed to keep track of the user session. Java scripts are used by the web interface and must be enabled.
Before you install
2.3
11
Service logon account INM executes as a Windows service on the host machine and must be granted a Windows account with permission to access other Windows machines. Its sufficient to assign a domain administrator account as the Service logon account, this will give INM all the credentials necessary. Good security practice is however to create a new account dedicated to INM. Creating an Windows account We recommend that a special user account is created for the INM service, the account must have permission to access the following items on a remote machine. The following rights must be granted the new account 1. Act as part of operating system 2. Allow log on locally 3. Log on as a service 4. Profile system performance 5. Profile single process The account password should be set to “Password never expires”. To verify that the account can access the resources need for INM to operate follow these steps. 1. Login on the INM host machine with the account created for INM 2. Start Perfmon.exe 3. Try to add a counter from a remote machine you wish to monitor with INM 4. If step 3 works continue with next step, otherwise check the account settings an begin from step 1 5. Open a file explorer window and try to access a default share of the machine you wish to monitor by typing the UNC path (e.g. \\remotemachine\C$) 6. If you are asked to enter a user name and password to gain access you need to check the account settings and begin from step 5. When the account have passed the test above configure the INM service to use that account instead of the local account.
Section III
Running the startup guide
3
13
Running the startup guide Opening the web interface After installing INM and connecting to the web interface for the first time the startup guide will help you get INM ready for usage. A link to the web interface can be found in the Intellipool Network Monitor program folder in the start menu. If you accepted the standard parameters during the installation and INM web server is running on port 8080 (default) you can use this link if you are configuring INM from the INM host. http://localhost:8080 If you have installed INM on a different host, replace the localhost host name with the name of the INM host.
14
3.1
Intellipool Network Monitor
Step 1 - Creating an operator account Administrator settings 1. Enter the username and password of the default INM operator. Remember that the password is case sensitive. 2. Configure an email address for this operator, the email address will be used when INM is sending notifications or reports. 3. (Optionally) Configure an phone number for this operator, the phone number will be used when INM is sending SMS notifications. 4. Clicking next will create the default operator that you will use to logon to INM after completing the startup guide.
Running the startup guide
3.2
15
Step 2 - Configure mail settings Mail settings To be able to send e-mail notifications and reports you need to configure the email server settings. Two e-mail servers can be configured, a primary server and a secondary backup server that will be used in case the primary server is unreachable. 1. Primary server. Enter the host name of the primary e-mail server. If your server needs credentials when sending mail, enter those below. If you are uncertain leave the username and password fields blank. 2. (Optionally) Secondary server. Enter the host name of the server and optionally credentials used when INM sends a e-mail. 3. Default return address. Enter an address that INM will use as its From address. 4. If you want to skip this step and configure these parameters later click "Next" to continue.
16
3.3
Intellipool Network Monitor
Step 3 - Configure SMS device (optional) SMS device configuration If have an SMS device connected to a com port on the INM host you can configure INM to send SMS notifications.
Configure SMS - Select this box if you have an SMS device connected to the INM host. Com port - select the serial port the SMS device is connected to. Baud rate - Select the baud rate. This is the speed the SMS device is capable of sending and receiving over the com port. PIN code - If your SMS device is a GSM phone or modem, you might need to unlock the SIM card with a PIN code. Enter that PIN code in the PIN code field. Test settings - Click the button to test the configuration, if the test fails make necessary changes or uncheck the Configure SMS check box to skip this part of the wizard. Operator phone number If you did not enter a phone number on the first step in the startup guide you can enter it in the My settings page (?) 26 , without the phone number INM will be unable to send the operator an SMS notification. You will be able to access the My settings page when you login after the startup guide is completed. Tested SMS devices · Falcom Samba · Falcom Swing
Running the startup guide
17
· Falcom Twist · Nokia 30 · Z-text fixed line SMS modem In addition to this list almost all modern GSM phones and modem works. The requirement is that the device should support Text mode sms and that it can be connected to a com port. It may also be connected to an USB port but the device driver need to be able to emulate a standard serial port so it can be discovered by INM.
18
3.4
Intellipool Network Monitor
Step 4 - Review and save settings Final step 1. The final step of this startup guide is confirming the information you have filled in previous pages. If you want to change any of the information, click on the "Previous" button to go back. 2. By clicking on the "Finish" button you will be redirected to the login page and asked for the username and password that you entered in the first page.
Section IV
20
4
Intellipool Network Monitor
Starting to work with INM This section contains How-To guides to the basic operation of INM and are intentionally kept as simple as possible. More detailed information on many subjects is provided in the Advanced topics section and in other areas. Common names used in this section Networks, objects and monitors are associated in a hierarchy where networks is the top most entity, followed by objects and then monitors. Networks - Networks is an organizational unit that collects objects into logical groups. Networks can be compared with folders in a file system. Objects - An object represents a computer or other any other device that can be addressed by an IP number or host name. An object contain settings that are common to all monitors. There is possible to create several objects assigned to the same IP number or host name. Object templates - An object template serves as a base model for other objects. Object templates are not counted as real objects in the license quota (?) 78 Monitors - A monitor tests a specific function in an object. For each test, a monitor is capable of recording statistical data and if the test fails it can trigger an alarm. If a monitor fails a test it will first enter failed state. After a number of consecutive failed tests it will enter alarm state. When entering alarm state the monitor will execute a number of actions specified in something called the alarm action list. Commonly used icons Links to properties. The symbol indicates that the object or monitor is inherited from an template. Monitors inherited from a template can not be edited directly. (?) 78 The symbol indicates that the object or monitor is in maintenance state and is not currently tested. Maintenance schedules controls when a object or monitor enters and exits maintenance state. (?) 100 Monitor status icons A monitor can have several states. This is visualized in the interface as different colors. The status of an monitor is always propagated up to its object and network. This is done so you easily can see if an network or an object contains a monitor that is in any other state then ok state. Monitor ok Monitor have failed one or more test. Monitor have entered alarm state after failing the configured number of test.
Starting to work with INM
The monitor is deactivated. (Distributed edition only) The monitor stat is unknown since the gateway testing the monitor is not connected
21
22
4.1
Intellipool Network Monitor
Login page Open the login page by clicking on "Open Intellipool Network Monitor" in the program group "Intellipool network monitor" on the start menu.
The login page
Enter the username and password of the operator created in the startup guide and click the "Login" button to proceed to the index page. Remember that the password is case sensitive.
Starting to work with INM
4.2
23
The index page The index page is shown after a successful login. It contains system status-information and the latest messages in the system log.
The index page
Information on the index page Days remaining of evaluation period - This field shows the number of days remaining of the evaluation period. When you enter a license key this field is removed Documentation - Quick link to the documentation, this field is removed when the license key is entered. Status - Contains status information such as current operator, uptime and version. Host health - Shows the current host statistics such as free memory, free disk (measures the disk INM is installed on) and In-test average. The In-test average gauge shows the percentage of available test threads in use. If this gauge frequently shows over 80% in use, you should extend the number of threads INM can use for testing (?) 112 . Last alarms - Shows the latest alarms that is now resolved. Current alarms - Shows the current alarms, including disconnected gateways or gateways needing patching (DE only). System administrator message - Message from the system administrator.
24
Intellipool Network Monitor
System log - The last entries in the system log. Menus At the top of the page several menus are displayed. These menus works like normal drop down menus in Windows. Above the menus the banner is located. The banner is linked to the index page and will take you back to the index page from all other pages. Settings menu - The Settings menu contains links to pages associated with system wide configuration. Such as the system administration page where you can enter the license key. Networks, objects and monitors menu (?) 20 - These contains links to browse and create new networks, objects and monitors. In the following section called "Networks, objects and monitors" the relation between these different entities are described in detail. Reports - The report menu contains links to page related to report generation. Help menu - The help menu contains links to the documentation you are reading now as well as links to the Intellipool forum and knowledge base. My settings - The My settings page contains settings private to the currently logged on operator, such as page refresh time and contact information. Logout - Clicking on the Logout link will end the user interface session.
Starting to work with INM
4.3
25
Entering the license key INM Navigation - Menu bar -> Settings -> System admin The license key is entered in the System admin page. 1. Enter the license key into the license key field. 2. Press the validate button If you get a message that the license key in invalid please check that you entered the license key correctly. If you get a message stating that the license key have expired, you will need to renew the license key. The System admin page can only be accessed by operators that have the system admin flag set in the operator property page.
System administration page
26
4.4
Intellipool Network Monitor
My settings INM Navigation - Menu bar -> My settings The my settings page contains operator specific settings that can be changed without access rights to the operator property page.
The my settings page
Properties Username - The name of the operator. Password - If you want to change your password, type the new password in this field and repeat the same password in the following verification field. Operator group - This is the primary operator group this operator belongs to. Email - E-mail address used when sending notifications SMS number - Number used when sending SMS notifications. Pagegate user - Username used by the Pagegate integration. INM usage tips - Check this box to receive INM usage tips. Simple interface - Check this box to hide advanced parameters. Compression - A threshold value in KB (Kilobyte), if a page is larger then this value INM will compress the page before sending it to the browser. A useful feature if you are working with INM over a slow connection. Default set to zero (compression off). Email compatibility - Use a simpler form of HTML coding for reports, users of Outlook 2007 should check this option. View reports - Option to change if the reports are displayed in a new window or the current window. Refresh time - Many pages in INM refresh automatically, the value in this field controls how frequently (in seconds) the refresh will occur. Select start page - Default you are redirected after login to the index page. With this setting you can change the page you get redirected to after an login.
Starting to work with INM
4.5
27
Creating an account INM Navigation - Menu bar -> Settings -> Account Manager An account is an entity that contains credentials used by monitors when performing a test. Using the Account manager (?) 56 you can install the INM service with the lowest possible permissions and let the Account manager set the needed permissions during the test.
Account manager.
When you open the Account manager for the first time there is no accounts. If you plan to monitor both Windows and *nix hosts you will need to create at least two accounts. Creating an account To create a new account click on the New account button. If you want to modify an already created account, select the account the in list box and click Edit account.
Account property page.
Username/password - The credentials used when login on to a monitored object. Description - A string that describes the account. Operator group - If you want to make this account private to an operator group, select the operator group in the list. Leave this blank if you want to let all operator groups use
28
Intellipool Network Monitor
this account (not recommended). Using the account When creating an object you can set an account as the default account for the object, all monitors of the object will then use this account if they need to authenticate when testing. Its possible to assign special account, or not account at all, to monitors.
Starting to work with INM
4.6
29
Creating an object INM Navigation - Menu bar -> Objects -> New object To create a new object click on "new object" in the object menu and select the "New empty object" template.
Selection of the template that the new object will inherit.
Mandatory information Name - Enter the name of the object. This should be a descriptive name, it will be used to identify the object in lists and notifications sent to users. Address - Enter the address of the object. This can be a host name or an IP number. Network (?) 20 - Select the network to add object to. The network is a organizational unit that works like a folder in a file system. Operator group (?) 85 - Select the operator group responsible for this object. Only the operator group members will get notifications from this object. System type (?) 118 - Select the object system type. The system type will determine what monitor types can be added to this object. If you do not know what system type the object is or if its system type is unviable, select the Generic/unknown. Time zone - Selecting the time zone for the object will make the real time charts to be displayed in the objects local time.
30
Intellipool Network Monitor
Object property page
Optional information Default account (?) 56 - The default account will be used by all monitors that need credentials to perform a test. Each monitor can later be assigned an different account if necessary. Accounts are created and administrated in the account manager. Its highly recommended that this field is configured even if its optional. Description - The description field is an text filed that can be used to describe the object in more detail. For example type of hardware or physical location. Free text - The free text field can be used to include information about the object that can be included into notifications. For example rack location or room where the object is located. No SSH2 con. sharing - If this is an object that will perform test done using a SSH2 connection you can optionally select to disable the connection sharing feature. This will result in more logins on the SSH server, but can be useful to check if you experience problem with executing test that uses SSH2. SNMP community - The default SNMP community used for all SNMP monitors in this object. Note that the community can be changed in the monitors, this is only a default value. Default MIB - Select the MIB file to be used with this object. If you compiled your own MIB it will be possible to select it if its placed in the \mibs catalog. Action list (Alarm, Restart, pre and post-action lists) (?) 205 - The action list used by default by monitors. Monitors can be customized to use other action lists in the monitor property page.
Starting to work with INM
4.7
31
Adding monitors to an object INM Navigation - Menu bar -> Objects -> Object list -> Click on object name -> Click New monitor Creating a monitor To create a new monitor you must have first created a object. Please read the section on creating a new object if you have not done so yet.
New monitor page. Pre-configured branch default expanded.
The new monitor page is a tree where the monitor types are divided into functional categories. You can expand and collapse the whole tree by pressing the corresponding links or by pressing the + and - signs in the tree. Pre-configured monitors (?) 86 This category contains monitors that INM have configured for you. When you click the monitor name it will be added to the object and removed from the pre-configured category. You can read more about pre-configured monitors and how INM creates them in the Advanced topics section. Searching for monitor types The search field will help you find a monitor type. Enter a keyword and press the search button. To reset the search you have to clear the field and click search again. Configuring the monitor When you selected a monitor type you will be redirected to the monitor property page. Most of the parameters on the monitor property page are already configured with default values, but some monitor specific parameters needs to be configured.
32
Intellipool Network Monitor
Monitor property page. Generic and advanced properties showing.
Generic properties Name - Display name of the monitor Test interval - Time in seconds between each test. This value must be 10 seconds or higher. The default test time value that all new monitors is set to are configured in the Program settings page. Advanced properties Alarm generation - The number of consecutive failed test until the first alarm is generated. Alarm delay - When the monitor is in alarm state the tests will be tested with this interval. Minimum test interval in alarm state is 60 seconds. Alarm action list (?) 205 - Action list executed when monitor is in or entering alarm state. If this field is blank the monitor will use the object default. Restart action list (?) 205 - Action list executed when monitor passes at test while in alarm state. All actions in the restart action list will be executed at once. Pre/post action list - Action lists executed before an after every test. All actions in these lists are executed at once. Chart resolution - The time resolution of real-time charts displayed on the monitor information page
Starting to work with INM
33
Chart layout - Default layout is one chart per row. You can change this so the monitor information page shows two charts per row. Active - If unchecked the monitor is deactivated an will not perform any test. This can be changed on the monitor information page as well. Alarm/restart message - The default alarm message is configured in the program settings page. In this field you can override the default alarm message. The message will be used in notifications. Alarm/restart subject - The subject will be used in e-mail notification sent out. In this field you can override the default alarm subject. Monitor type specific properties (?) 132 All monitors have a number of specific properties that is described in the monitor reference section.
Monitor specific parameters
Statistics The statistics section contains on and off switches for monitor record types stored by the monitor. For each record type there is two options Display - Checking this option will make a chart for this record type show on the monitor information page (?) 43 Store - When this option is checked INM will store this record type to disk and you will later be able to create reports for it (?) 92
34
4.8
Intellipool Network Monitor
Configuring an action list INM Navigation - Menu bar -> Settings -> Action lists Action list overview An action list is composed of one or more actions that can be executed when a monitor enters, or exits, alarm state. An action list can be used in two different ways. Alarm action list Alarm action lists are assigned to objects (and possibly monitors) and works as a "to-do" list in event of an alarm. Each action in the list has an alarm number and is executed when the alarm number of the monitor equals its alarm number. The alarm number is simply how many times an monitor has failed a test since the first alarm was triggered. Restart action list Restart action lists are optional, but can be assigned to objects and also monitors. The actions in a restart list are executed when a monitor switches from alarm state to ok state. The alarm number of the actions does not matter. All actions in the list are executed in a sequence. Learning more about action lists (?) 46 The simulate alarm function can produce a report how the action list will behave for a certain monitor. It is a great way to better understand action lists and how it works with monitors and operator groups. INM Navigation - Menu bar -> Settings -> Action lists -> New action list Creating an action list
Action list property page
Name - Name of the action list. It will be the identifier of the action list. Description - A descriptive string that explains the purpose of the list. Operator group - If you want to make this action list private to an operator group, select the operator group in the list. Leave this blank if you want to let all operator groups use this list. Make default - Check this box if you want to make this action list the default action list for all new objects. INM Navigation - Menu bar -> Settings -> Action lists -> Click on action list name -> Add action
Starting to work with INM
35
Add actions Adding an action is a two step process. First you need to select an action type, in this case an e-mail action, then you need to configure the action.
Step two, configure the selected action Step one, select action type
Alarm number - The alarm number controls when the action is going to be executed. If placed on alarm number one the action is going to be executed directly when the monitor enters alarm state. Test now - Each action type that support testing have a "Test now" button in its property page. The test now function will execute the action and report back the outcome of the action. Note that the action list will be run for the current operator, for example if its an e-mail action only the current operator testing the action will receive the test e-mail. For more information about action specific parameters, see the Action reference 184 . Example action list
Action list example with 4 actions
In our example, each action is placed on a different alarm number. This makes it possible to configure an action list that escalates its efforts to correct the situation. Note that it's not at all necessary to have a separate action list per object. You can, and will probably use, the same action list for many objects while in some situations you will want to use a specific list for a particular object or monitor. Send email to operator group (#1) - Will send a mail to the operator group when the monitor enters the alarm state Send SMS to operator (#2) - Will send a SMS to operator group when the monitor fails
36
Intellipool Network Monitor
it first test while in alarm state Restart service (#3) - Will restart a service (MyService) on the object host when the monitor fails it second consecutive test while in alarm state. Send email to operator (#4) - Sends a final mail to the operator group when the monitor fails it third consecutive test while in alarm state. If the monitor should successes a test while in alarm state the alarm number will reset back to 1 and the next it enters alarm state the list will start over.
Starting to work with INM
4.9
37
Dependency tree Dependency trees Monitors can be organized into dependency trees when you want to test monitors in a specific order. The dependency trees makes sure that only the first monitor to enter alarm state will execute its alarm action list. Dependency trees can be useful when you want to test a chain of monitors, and you want the most significant monitor to send the alarm and not the following monitors in the chain. There are two types of dependency trees, global and local dependency trees. Global dependency trees are created in the drag and drop dependency tree editor and can contain monitors from all objects in the configuration. Local dependency trees are automatically maintained and can be inherited from from object templates. The local dependency tree is created by selecting a root monitor in the object property page. They can not be edited in the drag and drop dependency editor. Limitations to dependency trees in Distributed edition There exists a limitation to dependency trees when running the Distributed edition, a dependency tree can not contain monitors that are assigned to different gateways. The dependency tree editor lists only monitors that can be included into the selected dependency tree.
Creating a global dependency tree INM Navigation - Menu bar -> Monitors -> Monitor dependency list To create a new global dependency tree, click the edit link with out selecting anything.
38
Intellipool Network Monitor
Creating a global dependency tree
The dependency tree editor is divided into two panes, the left pane contains the tree(s) and the right contains a list of available monitors that can be added to the trees in the left pane.
Starting to work with INM
39
Dragging a monitor to create a new tree
In the top of the left pane there is two fields, one is used to create new trees by dropping monitors on it and the other is used to delete exiting trees by dragging and dropping a tree on it.
40
Intellipool Network Monitor
Dependency tree
Creating a local dependency tree INM Navigation - Menu bar -> Object list -> Object properties To create a local dependency tree, simply open the object property page, locate the field "root monitor" and select the monitor you want to have as the root in the local dependency tree. The root monitor will be the monitor tested first to decided if the other monitors in the object should be tested.
Starting to work with INM
41
Creating a local dependency tree
A good practice is to have a ping monitor as a root monitor, if you cant ping the object, there is no need to do any other tests.
Object with local dependency tree
Object templates and local dependency trees Local dependency trees can be created for object templates. The objects inheriting the template, will also inherit the local dependency tree. You can remove of the local
42
Intellipool Network Monitor
dependency tree in the inherited object by removing the root monitor, but the dependency tree will be reapplied as soon as you modify the object template.
Starting to work with INM
4.10
43
Monitor information page INM Navigation - Menu bar -> Monitors -> Monitor list -> Click on monitor name The monitor information page shows the status of a single monitor. This page can be accessed from the monitor list or the object information page by clicking on the name of the monitor. Current status The current status sections shows the result of the latest test. If the test failed detailed information describing the reason for the failure will also be displayed in this section. Real-time graphs The real-time graphs shows recent sampled data from the monitor. The graph time span is configurable from the monitor properties page, and can range from 12 hours to 1 month.
Monitor information page
Properties - Opens the monitor property page. Test now - The "Test now" command forces the monitor to be tested immediately. Deactivate/Activate - Deactivate or activate monitor tests. If the monitor is deactivated, it will show a gray status icon. Search log - Searches the log for records relating to this monitor. Delete - Deletes the monitor. Simulate alarm - Generates a report how the monitor will executes its action list (?)
46
.
44
4.11
Intellipool Network Monitor
Object information page INM Navigation - Menu bar -> Objects -> Object list -> Click on object name The object (?) 20 information page shows information and the status of an object. This page can be accessed from the object list or the network information page by clicking on the name of the object. The page contains a list of all monitors that belongs to this object. These monitors are also shown together with all other monitors on the monitor list page.
Object information page
Object functions Deactivate/Activate - Deactivate or activate testing for all monitors that belongs to the object. Delete - Deletes the object and all monitors contained in the object. Make template - Makes a copy of the object and converts the copy into a object template (?) 78 Properties - Opens the object property page (?)
29
Search log - Shows log information for this object (?)
76
Monitor list functions These functions except the New monitor function can also be found on the main monitor list. Activate/Deactivate - Activates or deactivates the selected monitors. Copy - Copies the monitor another object. Delete - Deletes the monitor. New monitor - Creates a new monitor for this object (?)
31
Quick report - Creates a report from the selected monitors (?)
97
Starting to work with INM
45
Related reports This is a list of reports that are associated with this object. By clicking the icons in the list you can view, e-mail and schedule these reports (?) 92
46
4.12
Intellipool Network Monitor
Simulate alarm INM Navigation - Menu bar -> Monitors -> Monitor list-> Click on monitor name -> Simulate alarm The simulate alarm function generates a report describing what happens when an monitor goes into alarm state. To better understand how alarm escalation works in INM the report contains verbose information about the progress of the escalation. Time given in the report are relative the first alarm generated. The simulate alarm function is accessed from the monitor information page. Below is a sample report produced by Simulate alarm for an ping monitor with the default action list assigned.
Simulate alarm report
Note - This function will not work correctly if the system administrator have disabled all actions.
Starting to work with INM
4.13
47
Auto scan INM Navigation - Settings -> Autoscan The autoscan function can help you to quickly configure a large number of objects. Each operator can have one autoscan running at the same time as other operators, the result of the autoscan is not automatically included in the configuration. The operator needs to add the objects to the configuration or delete them. Restarting INM will clear the list of objects found by autoscan that have not been added to the configuration. Starting an autoscan
Autoscan setup
Subnet - The first three octets of a network, for example 192.168.42 Range start - Range start, must be greater or equal to 1. Range end - Range end, must be a greater then range start and less or equal to 255 Gateway - (Distributed edition only) Select the gateway, if this field is blank the server will perform the autoscan. SNMP community - Select the SNMP community to use during the autoscan, default is public. Windows account - Select the account to use when authenticating with Windows hosts (?) 56 SSH/Telnet account - Select the account to use when authenticating with Unix hosts and other shell access capable hosts (?) 56 Click the start button to start the autoscan. When starting the autoscan you will be redirected to the main autoscan page where the result will show. Waiting for the result An autoscan can take between 5 and 15 minutes depending on the IP range scanned. The autoscan page will show an progress bar in the upper left corner, during the process new object will be added to the list when they are discovered and you may add objects in the list anytime during the autoscan.
48
Intellipool Network Monitor
Autoscan running
Adding objects To add objects to the configuration you need to select them in the autoscan list and click add object.
Add object to configuration
Operator group - Select the operator group to assign the new objects to. Alarm action list - Select an action list to assign as the alarm action list to the objects. Restart action list - Optionally select an action list to assign as the restart action list to the objects.
Starting to work with INM
49
Network - Select what network to place the objects in. Create dependency - Check option to automatically create per object dependencies, this requires that the object contains at least two monitor where one is a ping monitor. Add empty - Check option to add the object without monitors to the configuration.
50
4.14
Intellipool Network Monitor
Monitor list INM Navigation - Menu bar -> Monitors -> Monitor list The monitor list shows all monitors in the configuration and contains functions to work with multiple monitors at the same time.
Monitor list
Columns in list Select - Selects the monitor for an operation. Name - Name of the monitor, click to view the monitor information page. Edit - Click to edit properties. If this monitor is inherited from a template you need to edit the template monitor. Remember that changing the template monitor will change all inherited monitors. Status - Status of the monitor (?)
20
Object - Name of the object. Click the object name to view the object information page. Type - The monitor type. Next test - The time to the next test. If the monitor is member of an dependency tree a link to the dependency tree will replace the next test time. Functions Acknowledge alarm - Select one or more monitors that are in alarm state to acknowledge. Activate/Deactivate - Click to activate or deactivate selected monitors Copy - Copies selected monitors to one or more objects. Create dependency - Creates a dependency between the selected monitors and a root monitor (?) 37
Starting to work with INM
51
Delete - Deletes the selected monitors. Quick report - Creates an report from the selected monitors (?)
97
Filtering Refresh - Uncheck option to stop automatic page refresh. View - The number of monitors showed per page. Prev/Next - Click to go to next or previous page. Search - Enter a search text in the field and click search button to filter the monitor list. Understanding the search field When using the search field the entered search the following information is searched for a match. · Monitor name · Monitor description · Monitor type name · Object name · System type name of object If you for example would type the monitor type name Eventlog all monitors of the type Eventlog would be displayed.
52
4.15
Intellipool Network Monitor
Object list INM Navigation - Menu bar -> Objects -> Object list The object list shows all monitors in the configuration and contains functions to work with multiple objects at the same time.
Object list
Columns in list Select - Selects the monitor for an operation. Name - Name of the object, click to view the object information page. Edit - Click to edit object properties. If this object is inherited from a template you need to edit the template object. Remember that changing the template object will change all inherited objects. Status - The summarized status of all monitors in the object. (?)
20
Address - The address of the object, either an IP number or a host name. System type - The system type of the object Operator group - Name of the operator group assigned to this object. Click the operator group name to view the operator group members. (?) 85 Network - Name of the network. Click the networks name to view the network information page. Functions Activate/Deactivate - Click to activate or deactivate selected monitors Edit - Select one or more object and clicking edit to edit multiple objects at the same time. Copy - Copies selected monitors to one or more objects. Delete - Deletes the selected monitors. Link - Links the selected monitors to an object template. When linking an object to a template it will inherit all monitors from the template (?) 79 New object - Creates a new object (?)
29
Unlink - Unlinks an object and all its monitors from a template (?) View report - Create report for one or more objects Filtering Refresh - Uncheck option to stop automatic page refresh. View - The number of objects showed per page.
80
Starting to work with INM
53
Prev/Next - Click to go to next or previous page. Search - Enter a search text in the field and click search button to filter the object list. Understanding the search field When using the search field the entered search the following information is searched for a match. · Name of the object · Object host name · Resolved IP address of the object host name · Operator group name · Name of the network · System type name of object If you for example would type 192.168.42 in the search field all objects with a host name resolving to 192.168.42.1 to 192.168.42.255 would be displayed.
Section V
Advanced topics
5
55
Advanced topics This section describes more advanced features of INM. It's assumed that the user is well acquainted with INM and needs no guidance how to find menus and functions.
56
5.1
Intellipool Network Monitor
Account manager The account manager is the central repository that holds credentials needed by monitors to perform their tests.
Account manager.
Permission to create, modify and delete accounts Only operators with account modify permission can change, delete or create new accounts. This setting is adjusted in the operator settings page (?) 81 Creating a new account To create a new account or edit an existing account you need to open the account manager and use the New account or Edit Account feature. Note that the account information entered here is generic, its up to the monitor using the account to apply the information within the context of the monitor.
Account property page.
Username/password - The credentials used when login on to a monitored object. Description - A string that describes the account.
Advanced topics
57
Operator group - If you want to make this account private to an operator group, select the operator group in the list. Leave this blank if you want to let all operator groups use this account (not recommended). Permission to assign accounts Permission is based on what operator group is assigned to the account. The operator need to be a member of the operator group that the account is assigned to in order to use the account. · An account is only visible to the operator group that its assigned to. · The account can only be used with monitors assigned to the same operator group. Security recommendations Its only needed to assign an account to a Windows monitors if the service account that INM is executing under does not have the proper access rights to perform the test. Its however recommended to let the INM process run under an Windows account with low privileges and use the account feature in INM to logon when elevated credentials is needed. This way INM never executes at an elevated privilege level more then needed. Accounts used with Windows monitor types When creating an account that will be used for Windows monitors its important to have an understanding of how Windows authentication works. In order to help INM selecting the correct Windows account when performing a login you need to specify where the account is stored. This is done by adding the machine or domain name before the username, separated with a backslash. Example 1 Username: Robert Password: Robert
Example 2 Username: mydomain\Robert Password: Robert
In example 1 INM would look for the account on the local machine and then in the domain (if there is a domain). Example 2 tells INM to look for the account information in the domain directly. The pitfall in example 1 is that there might be a local user name Robert that have different privileges then the domain user Robert leading to access denied errors when testing.
5.2
Acknowledge alarm Using the acknowledge alarm function an operator can notify other operators that an monitor in alarm state is being investigated.
58
Intellipool Network Monitor
Acknowledge alarm page
Modify the selected monitors - This option have two states, deactivate (default) and clear alarms status. Reactivate option - This option makes it possible to reactivate a deactivated monitor after X minutes. This option is only valid if the previous option is set to deactivate. Message text - The message text can be formatted to include the name of the current operator and a list of monitors being acknowledge. The available formatting flags are listed in the program settings page where the default message body and subject is stored. (?) 87 Message delivery - The message in the message box will be sent via email, sms and/or pagegate. Note that the SMS text can be truncated if the text exceeds 160 characters. When you click the Ok button the message will be sent to all other operators in the operator group, the current operator will not receive the acknowledge mail.
Advanced topics
5.3
59
Compiling custom MIB files The INM MIB compiler is a separate download that can be found at http://www.intellipool.se. Make sure to download and install before continuing this guide. In the "Intellipool Network Monitor" program group in the start menu you can find the INM MIB compiler. Using the MIB compiler you can compile text MIB file into the binary format that INM can read. Compiling MIB files requires understanding how they are organized and relates to each other. A number of different RFC documents outline the fundamental base all other MIB files are drawn from. This is an example of the compile order of a CISCO ® product MIB. 1. SNMPv2-SMI.mib 2. SNMPv2-TC.mib 3. SNMPv2-MIB.mib 4. RFC1213-MIB.mib 5. IF-MIB.mib 6. CISCO-SMI.mib 7. CISCO-PRODUCTS-MIB.mib 8. CISCO-TC.mib The first 5 files in this example are common for most product MIB files and are included in the default INM binary MIB file. All of these files need to be compiled on the same time, otherwise the MIB compiler will fail due to unresolved symbols. Contents of the default INM MIB file The default INM MIB file that is included in the installation contains the following base OID (Object Identifier). iso.org.dod.internet.directory iso.org.dod.internet.mgmt iso.org.dod.internet.experimental iso.org.dod.internet.private iso.org.dod.internet.security Compiling a MIB file
60
Intellipool Network Monitor
Intellipool MIB compiler
1. Start Intellipool MIB compiler and click on the "Load" button. 2. Locate the default INM MIB file in the mibs directory and double click on it. 3. Check the box "Use base mib when compiling". 4. Click the "Compile" button and select your text MIB files 5. When the compile is finished save the file in the INM mibs directory and restart INM. It's recommended that you use the browse function to review the compiled MIB before saving it into the mibs directory.
Advanced topics
5.4
61
Data extraction reference The data extraction interface can be used to extract data from INM with HTTP Get commands. Prerequisite Each get request sent to INM must include a operator username and the operator must be flagged for "Auto login". Note that if the user is also flagged as "System admin" the user will be able to get system wide access, otherwise the information will be restricted to the data controlled by the operator groups the operator is member of. If the operator is not allowed to access the information INM will return a HTTP 404 error code. URL Syntax The format of the URL sent to INM contains some required parameters. Example URL for extracting a chart from a monitor http://localhost:8080/extract.xsi?cmd=monitor_graph&user=Admin&id=8¶m1=2
5.4.1
cmd
Command to execute
user
INM operator username
id
Id of monitor or operator
param1
Custom parameter
dir The command returns a list of available monitors and operators with their name and id. This command can be useful when designing extraction URLs for all other commands. Syntax http://localhost:8080/extract.xsi?cmd=dir&user=Admin cmd
dir
user
INM operator username
Returned data A list of monitors and operators with their IDs.
5.4.2
monitor_graph This command returns a PNG image file with the selected realtime chart. This is the same chart that is shown in the monitor info page. Before a chart can be extracted the chart must be enabled in the monitor info page. Syntax http://localhost:8080/extract.xsi?cmd=monitor_graph&user=Admin&id=8¶m1=2
62
Intellipool Network Monitor
cmd
monitor_graph
user
INM operator username
id
ID number of monitor
param1
Zero based index of chart to retrieve. The index is based on enabled graphs.
Returned data A PNG image file with the default size of 747x120 pixels and a color depth of 3 bytes per pixel.
5.4.3
monitor_status_list The command returns the monitor status string. The status string is the same shown in the monitor info page. Syntax http://localhost:8080/extract.xsi?cmd=monitor_status_list&user=Admin cmd
monitor_status_list
user
INM operator username
Returned data A string containing the name of the object and monitor, the status string and the status of the monitor separated by a pipe sign ( ' | ' ). Each line is separated by a CRLF. Example MyObject | CPU load Monitor | Current CPU usage 11.00 % | OK MyObject | Memory size Monitor | Free memory 256 MB | FAILED
5.4.4
monitor_statusstring The command returns the monitor status string. The status string is the same shown in the monitor info page. Syntax http://localhost:8080/extract.xsi?cmd=monitor_statusstring&user=Admin&id=8 cmd
monitor_statusstring
user
INM operator username
Advanced topics
id
63
ID number of monitor
Returned data A string containing the name of the monitor, the status string and the status of the monitor separated by a pipe sign ( ' | ' ). Example CPU load Monitor | Current CPU usage 11.00 % | OK
5.4.5
monitor_uptimestring The command returns the monitor uptime string. The uptime string describes the uptime of the monitor in hours, minutes and second. If the monitor is currently in alarm state a ' * ' is added in front of the string to note that the string indicates the downtime of the monitor. Syntax
http://localhost:8080/extract.xsi?cmd=monitor_uptimestring&user=Admin&id=8 cmd
monitor_uptimestring
user
INM operator username
id
ID number of monitor
Returned data A string containing the name of the monitor and the uptime/downtime string separated by a pipe sign ( ' | ' ). Example CPU load Monitor | 0h 59m 35s
5.4.6
object_xml The command returns a xml document containing information about an object. To access the object the operator must be a member of the operator group assigned to the object. Syntax http://localhost:8080/extract.xsi?cmd=object_xml&user=Admin&id=2 cmd
object_xml
user
INM operator username
id
ID number of the object
Returned data A xml document.
64
Intellipool Network Monitor
XML fields
INM_OBJECT
Root of tree
NAME
Real name
DESC
Description of the object
IP_ADDRESS
IP address or host name of object
MAC_ADDRESS
MAC address of object (if available)
ACTIVE
YES if object is enabled, NO if disabled
MAINTENANCE
"Available" if operator is scheduled and on duty, "n/a" if not on duty or not scheduled
NETWORK_NAME
Name of the network
NETWORK_DESC
Description of the network
NETWORK_CONTACT Name of network administrator _NAME NETWORK_CONTACT Contact address of network administrator, _ADDRESS1 line one NETWORK_CONTACT Contact address of network administrator, _ADDRESS2 line two NETWORK_CONTACT Network administrator phone number, fixed _PHONE line NETWORK_CONTACT Network administrator phone number, _MOBILE mobile NETWORK_CONTACT Network administrator Fax number _FAX NETWORK_CONTACT Network administrator e-mail _EMAIL NETWORK_CONTACT Additional information about this network _ADD
INM_AGENT
Child to INM_OBJECT
NAME
Monitor name
Advanced topics
TEST_INTERVAL
Interval between tests, in seconds
ALARM_DELAY
Interval between tests when monitor is in alarm state, in seconds
ALARM_GENERATION How many consecutive tests that have to fail before an monitor is considered to be in alarm state LAST_TEST
Time of the most recent test
LAST_OK_TEST
Time of the most recent ok test
LAST_FAILED_TEST
Time of the most recent failed test
TEST_DONE
Number of tests done since last reboot
ACTIVE
YES if monitor is enabled, or NO if disabled
TYPE
Type of monitor
STATUS
State of monitor, can be OK, FAILED or ALARM
STATUS_STRING
The most recent status string
UPTIME
Time that the monitor have been in OK state or ALARM state, when in ALARM state the string is prefixed with a '*' sign
UPTIME_PERCENT*
Uptime for the last calculated period, in percent
DOWNTIME_PERCEN Downtime for the last calculated period, in T* percent UNKNOWNTIME_PER Unknown state for the last calculated CENT* period, in percent PERIOD_FROM*
Start of period
PERIOD_TO*
End of period
* This feature must be enabled with the scheduled event 'Refresh uptime statistics' INM_ALARM_MESSAG Child to INM_AGENT, shows the last 5 E status strings MESSAGE
Status text
65
66
Intellipool Network Monitor
TIME
Time of the entry
STATUS
OK, FAILED or ALARM
INM_GRAPH_LINK
Child to INM_AGENT, contains information about the realtime charts displayed in the monitor information page
LINK
A data extraction link to the chart
DESC
Description of the chart
UNIT
Unit of the Y axis of the chart
PERIOD
Time period of the chart
STATUS_EX
Extended status for SNMP, SSH2 Script, ODBC and WinPerf monitors
STATUS
State of monitor can be OK, FAILED or ALARM
UNIT
User defined unit
COMPARE_VALUE
User defined value that value returned from test is compared with, to evaluate the result of the test.
COMPARE_OPERATI ON
Operation to compare returned value from test and the user defined compare value. Can be: EQUAL NOT EQUAL GREATER LESS EQUAL OR GREATER EQUAL OR LESS
LAST_VALUE
Last value returned from test.
Advanced topics
67
Example DOMAINSERVER 192.168.1.1 00-00-5A-A8-07-D8 YES NO Office The default network Bandwidth test 10 600 5 2004-06-10 13:38:55 2004-06-10 13:38:40 0 NO Bandwidth test OK 23t 4m 45s
5.4.7
objectlist_xml The command returns a xml document containing a list on all objects and monitors that the operator can access. Syntax http://localhost:8080/extract.xsi?cmd=objectlist_xml&user=Admin cmd
object_xml
user
INM operator username
Returned data A xml document. XML fields INM_OBJECTLIST
Root of tree
INM_OBJECT
Root of object
NAME
Name of the object
DESC
Description of the object
ID
ID Number of object
68
Intellipool Network Monitor
INM_AGENT
Root of object
ID
ID Number of Monitor
NAME
Name of the monitor
Example Fileserver Office fileserver 955 8 Bandwidth test
5.4.8
operator_status The command returns operator status and information. Syntax http://localhost:8080/extract.xsi?cmd=operator_status&user=Admin&id=2 cmd
operator_status
user
INM operator username
id
ID number of operator
Returned data A string containing operator status and information, the fields are separated by a pipe sign ( ' | ' ). Format of returned data. UserName | Name | Phone | Cell phone | Address 1 | Address 2 | Scheduled status | Online status Username
INM operator username
Name
Real name
Phone
Phone number
Cell phone
Cell phone number
Address 1
Address field
Advanced topics
Address 2
Address field
Scheduled status
"Available" if operator is scheduled and on duty, "n/a" if not on duty or not scheduled
Online status
"Online" if operator is logged on to INM
69
Example Admin | Robert | 0611-22334 | | Box 277 | 871 31 Härnösand Sweden | n/a | Online
5.4.9
test_status The command returns the overall status of all the monitors. Syntax http://localhost:8080/extract.xsi?cmd=test_status&user=Admin cmd
test_status
user
INM operator username
Returned data A string containing the current test status. The status indicates if there is at least one or more monitors in failed or alarm state. Example ALARM
5.4.10
version Returns the current INM version number. Syntax http://localhost:8080/extract.xsi?cmd=version&user=Admin cmd
Version
user
INM operator username
Returned data A string containing the version number of INM. Example 3.2
70
5.5
Intellipool Network Monitor
Exporting statistics It's possible to export the statistics data from INM for use in other applications. This is accomplished by using a scheduled event called "Export statistics data". Event configuration To get started, add this event in the INM event scheduler and you will be presented with the following screen:
First, you need to decide the type of data you want to export. This is done by selecting different types of data in the "Data type" select box and clicking on the "Select" button. You can export more than one type of data in the same event. Next, decide what objects in INM you want to export this data from. This is done by selecting a network in the select box and then selecting the object you want in the box that appears. Add the object to the event by clicking on the "Select" button next to the object select box. You can add more than one object to the same event. Select the period from which you want to export the data in the box marked "Period". If you wanted to create an event that exports statistics from yesterday, you would select "Last day" in this box. You can export the data in two different ways, to a text file or to a database. In the section marked "Export options" select the appropriate option. When exporting to a file, you can specify the filename in the "Filename" text box. It's possible to use %date and %time in the filename to expand the current date and time to the filename. INM will use an ODBC data source to export the data to an external database. Specify the name of the data source here, database and optional username and password. Exporting to a file When exporting to file, INM will produce two files every time the event is run. The files are placed in the reports\export\ folder in the INM program folder. One file will be named according to what was specified in the "Filename" box in the event
Advanced topics
71
properties, this file contains the raw exported data. The second file will have the same name, but prefixed with "info_". This file contains a description of what data that got exported. The structure of the info file looks like this: network name;computer name;monitor name;monitor-id;monitor-subid;datatype-id;unit; datatype description Example: Default network;daohl;CPU utilization (#0);571;0;5;%;CPU load
The structure of the data file looks like this: monitor-id;monitor-subid;timestamp;raw data;comment Example: 571;0;2007/11/30 14:25:57;6.7;
If the record was considered invalid by INM, a fixed value of -10000.0 will be exported.
Exporting to a database When exporting to a database, INM will create two tables. The first table is called inmDataExportInformation. It has the following structure: CREATE TABLE inmDataExportInformation (networkName char(128), objectName char(128), monitorName char(128), monitorID integer, atomID integer, dataType integer, unitName char(32), exportedDataType char(128));
This table will contain information about the data that got exported, in the same way as when exporting data to a file. The second table is called inmDataExport. It has the following structure: CREATE TABLE inmDataExport (monitorID integer, atomID integer, dataType integer, dataTime DATETIME, dataRaw float, dataComment char(32));
This table will contain all of the exported statistics data. Important! INM will begin exporting data by dropping tables with these two names. The database user configured for INM will need appropriate access to DROP, CREATE and INSERT operations on the database in question. See your database manual for information about how to configure a database user.
72
5.6
Intellipool Network Monitor
INM Gizmo INM Gizmo is a small system tray application that can be installed on your workstation. INM Gizmo is available as a local download from the About page in the INM web interface. Click on the INM Gizmo link to download the setup and follow the instructions.
INM Gizmo main page.
Features · Alarm notification · INM log viewer · Start/stop INM · Statistics including INM memory usage, cpu usage and uptime. Requirements · .Net 2.0 Runtime installed INM Gizmo configuration. Before you can start using INM Gizmo you need configure it. Open the configuration screen (View -> Configure) and enter the following parameters:
Gizmo configuration page
INM Host - The name or IP number of the computer hosting INM. Web interface port - The port number that INM web interface is accessed (default port 8080). Operator name - Name of an operator that Gizmo can use to logon to INM to extract data.
Advanced topics
73
Operator password - Password of the operator. Click ok to store your settings. Username and password are stored as an MD5 checksum in the registry together with the host name and port number. Storing the password as an MD5 checksum makes it impossible for a third part to extract the operator password. Note that your Windows account used to run INM Gizmo will need to have permission to access the service control manager of the INM host computer.
74
5.7
Intellipool Network Monitor
Local downloads Local downloads are available from the about page in the web interface. It provides INM users with easy access to tools and documentation.
About page
From the about page you can download the following files. · INM Gizmo · INM Lua IDE Customizing file list The files displayed on this page can be customized via the file "install.xml" found in the \install directory. This is the content of the default install.xml
INM Gizmo gizmosetup.exe INM Gizmo is a small system tray utility that can alert the user of alarms a
INM Lua IDE idesetup.exe INM Lua IDE is a development environment for creating new Lua scripts that c
- Declaration of a new file to display on the page. - This tag can be used to only display the file only for members of a specific operator group. Enter the group name in the tag. - The name of the file as presented in the interface, note that you should enclose the name in the language code that you use. Current available language codes are ENG and FRA.
Advanced topics
75
- The name of the file in the install directory to associate with this entry. - The description in the file, just as with the name tag, enclose the text with the language code that you use. Current available language codes are ENG and FRA.
76
5.8
Intellipool Network Monitor
Log search The log search function enables operators with access rights to search the log. Note that while the operator is allowed to search the log, other access rights might limit the search scope. For example if the operator have group access, only messages related to the operator group is going to be searched.
Log search page.
Text - Optional free text search. This can include wildcards such as ? and *. Period - Select the time period to search in. Object - Optional selection on object level. Only message related to this object will be searched in combination with period and free text. Monitor - Optional selection on monitor level. Only messages related to this monitor will be searched in combination with period and free text. Making a note in the log Operators can use the Add log entry function to make a note in the log. The log entry will be saved into the log as an operator made comment.
Add log entry page
Advanced topics
5.9
77
Object import The import object feature can be used to quickly create a large number of objects from a text file containing object definitions. The page can only be accessed by operators with the system administrator flag set. The text file must be formatted according to the following rules. Object_name ; Object_destination ; Object_description [;Object_template] CR+LF Object_name - Name of object. Links to object info page Object_destination - The address of the object. IP number or any name that can be resolved by a DNS. Object_description - Description of the object. Object_template - Optional parameter, name of a current object that will be used as a template for the new object. The new object will inherit the templates monitors and network. Example IServer;192.168.0.1;Intellipools server;Windows Template
Each line in the import file must be terminated with carriage return (CR) and line feed (LF). Each field must be separated with a semicolon.The maximum size of the file to import is one megabyte. To import a file, select a file from the local machine and press the import button. If any errors occur during the process an error message will be displayed otherwise the object list page will be shown.
78
5.10
Intellipool Network Monitor
Object templates Object templates can significantly reduce the time it take to create and edit large number of objects in a configuration. From an object template a new object can be created, the new object will be linked to the template in the way that when the changes are made to the object template it will propagate to the derived object. Parameters such as the name and IP number will still be unique to the derived object while parameters such as system type will be controlled by the object template. Monitors will be copied from the object template to the object and updated when changed. The derived object may contain monitors unique to that particular object, not linked to monitors in the object template.
5.10.1 Creating an object template Creating an object template Creating a object template can be done in two different ways, creating a new object template or use the "Make template" command in the object list page to copy an already created object to a object template. The procedure to create an object template with out using the "Make template" command is exactly the same as creating a new object.
Object template properties
Object template property page contains most of the fields as the object property page (?) except fields that are unique, such as host name / IP number.
29
5.10.2 Exporting and importing object templates Export template The export function stores an object template to a file on disk. This can be useful if you want to save templates for backup or if you want to share the template with other INM users. When the template is saved its cleaned from all data unique to your configuration. The template will be stored in the \templates directory with the same name as the name of the template. To export an template navigate to the object template list and select the templates you wish
Advanced topics
79
to export. Click then on the export command. A message will appear confirming templates exported to disk. A template can be exported to disk more then once, the file will be updated with the latest exported version. Import template Import of an object template is an convenient way to expand your template library. Several useful object templates are available in the default configuration.
Import template page
To import a template, navigate to the object template list and click on the Import command. Select the template you wish to import and click ok. Note that if you import the same template several times new copies will be added of the template, the import function will not overwrite you current template with the same name. After you import a template its good practice to browse the template and make the necessary adjustments to action lists and account settings.
5.10.3 Linking an object Linking an object to an object template Already created objects can be linked to a object template using the "Link" function in the object list page. First select an object to link, click the "Link" command in the header and select the object template to link to. If INM is unable to find a close match to a monitor it will not link it to a monitor in the template.
Link object to template page
80
Intellipool Network Monitor
5.10.4 Unlink an object Unlinking an object from an object template You can unlink an object from an object template by selecting the object and clicking on the "Unlink" command in the object list header.
Advanced topics
5.11
81
Operator An INM user is called an operator. To gain access to the web interface and/or receive notifications a user must be added as an INM operator. An operator can be a member of one or more operator groups (?) 85 Operator properties The operator property page is used to configure contact information, username/password and operator access rights. Many of the properties in the operator page can be changed by an operator with out administrative access in his/her My settings page (?) 26
82
Intellipool Network Monitor
Operator property page
Operator properties Username - Name of the operator, used for login and identification Password - Password of operator, the password is case sensitive. To change the password, type the new password in this field and the verify password field. Description - Descriptive text about the operator. Operator group - Shows what operator groups the operator is member of.
Advanced topics
83
Email - The operator e-mail address, will be used for notifications. SMS number - Optional number to a phone where SMS notifications are sent. Note that the a SMS device (?) 87 must first be configured and a SMS action must be added to the action lists (?) 34 . Pagegate user - Username in Pagegate system. Contact fields - Information about the operator that can be included in notification. Additional info - Free text field with additional information about the operator. Tip of the day - Check this option to display the Tip of the day dialog on the left side of the interface. Simple interface - Check this option to remove optional advanced configuration parameters from the interface. Email compatibility - Use a simpler form of HTML coding for reports, users of Outlook 2007 should check this option. View reports - Option to change if the reports are displayed in a new window or the current window. Compression - A threshold value in KB (Kilobyte), if a page is larger then this value INM will compress the page before sending it to the browser. A useful feature if you are working with INM over a slow connection. Default set to zero (compression off). Operator and access control Each operator have a set of access flags that determine what the operator is allowed to view and edit. It's possible to partition INM so that one operator can't access another operators objects, networks or reports. By checking the "Group object" flag the operator will only be able to access objects that are assigned to the operators group. Operators & groups - Add/edit/delete operators and operator groups. If only the read flag is checked the operator is granted read only access. Networks - Add/edit/delete networks. If only the read flag is checked the operator is granted read only access. Objects - Add/edit/delete objects. If only the read flag is checked the operator is granted read only access. Monitors - Add/edit/delete monitors. If only the read flag is checked the operator is granted read only access. System admin - Check this option to make the operator system administrator. The system administrator have access to all administrative functions and will receive mail about serious system errors. Action lists - Add/edit/delete action lists. Dependency lists - Add/edit/delete dependency lists. Logon account - Check option to allow operator to add logon accounts. Schedule - If checked the operator can add, edit and delete schedules. Reports - If modify is checked the operator can add, edit and delete reports and report templates. If only read is checked the operator can view reports.
84
Intellipool Network Monitor
Settings - If checked the operator can modify program settings Documentation - If checked the operator can access the documentation and the documentation help. My settings - If checked the operator has access to the My settings page (?)
26
Group objects - Check this box to restrict this operator to only access objects assigned to the operator's group. Auto login - The auto login feature enables the operator to access the monitor list and monitors by type pages directly without the need to login. The following URL format can be used. Monitor list as user Admin - http://localhost:8080/autologin.xsi?user=Admin&page=0 Monitor by type as user Admin http://localhost:8080/autologin.xsi?user=Admin&page=1 Monitors with alarms as user Admin http://localhost:8080/autologin.xsi?user=Admin&filter=1 Network list as user Admin - http://localhost:8080/autologin.xsi?user=Admin&page=2 Object NOC view as user Admin http://localhost:8080/autologin.xsi?user=Admin&page=3 Network NOC view as user Admin http://localhost:8080/autologin.xsi?user=Admin&page=4 Distributed testing - (Distributed edition only) Access and modify distributed testing. Acknowledge alarms - If checked the operator can acknowledge alarms.
Advanced topics
5.12
85
Operator group An operator group is a collection of one or more operators. The operator group is assigned to one or more objects to receive notifications and administrative rights over the object. Creating an operator group To create a new operator group click on New operator group in the operator group list.
Operator group property page.
Operator group properties Name - Name of the operator group. Description - Description of the operator group. Default group - Check option to make this the default group assigned to all new objects. Operator group members Available operators - lists the operators that not already a member of this operator group. you can add them to this group by selecting the operator and press Add. Current members - Lists the operators that currently is members of the operator group. You can remove an operator from the group by selecting the operator and press Remove. Group manager - Optionally you can assign a group manager for this group. The group manager will receive notifications if all other operators is of duty or do not have properly configured notification settings.
86
5.13
Intellipool Network Monitor
Pre-configured monitors Pre-configured monitors are just like the name implies a set of monitors that INM have configured for you and are ready to add in the New monitor page (?) 31 . When an object is created INM runs an object inspection based on the information you entered in the object property page and creates a list of monitors that it find and can preconfigure. This object inspection routine runs every 24 hours to update the pre-configured list with new monitors if possible. The monitors added to the pre-configure list are compared to the monitors already in the object, duplicates are removed from the pre-configured list. No monitors in the pre-configured list ? The most common reasons why no or not the expected monitors are showing in the preconfigure list · The system type is not correctly set in the object · The object have no default account set · The object already contains all the monitors found by the object inspection routine Forcing an object inspection Open the object property page (?) 29 and press Save, open the object information page and click New monitor to view the updated pre-configure list. Note that the object inspection can take 1 to 20 seconds to perform depending on the response time of the object.
Advanced topics
5.14
87
Program settings The program settings page contains global INM settings such as mail server and logging options. GSM phone COM port If you want to use the Send SMS action you need to connect a GSM phone to the INM host machine. The selection list shows the current com ports installed on the INM host machine. Select the com-port that the phone is attached to. (?) 106 PIN Code Optional PIN code field. Some GSM phone requires INM to send the PIN code before sending a message. Enter the 4 digit PIN code in this field. SMTP server The SMTP server is used when sending e-mail notifications to users. Enter the address to the SMTP server you want to use. Note that the SMTP server must be able to accept all the e-mail addresses you are planning to use. This is the primary SMTP server that normally will be used. SMTP Server username and password Username and password for the primary SMTP server, if authentication is required. SMTP server 2 The secondary SMTP server is used when INM cannot connect to the primary SMTP server. SMTP Server username and password Username and password for the secondary SMTP server, if authentication is required. Return address Most SMTP servers are configured to only accept incoming e-mails with a valid return address. Since INM is unable to receive e-mails you must define an account that can receive e-mails that could not be delivered. SMTP HELO ID If needed, a custom HELO identifier can be specified for the SMTP servers here. Test interval The default test interval in seconds. INM will use this value as the default test time for agents created with auto scan and will be inserted in the "Test interval" field when you create a new agent. Alarm generation The default alarm generation count. INM will use this value as the default alarm generation count for agents created with auto scan and will be inserted into the "Alarm generation" field when you create a new agent. Alarm delay The default alarm delay in seconds. INM will use this value as the default alarm delay time for agents created with auto scan and will be inserted into the "Alarm delay" field when you create a new agent.
88
Intellipool Network Monitor
Alarm message The default alarm message setting enables you to customize the information sent to an operator upon an alarm. Into the text you can insert flags that are expanded when the message is sent. Flag
Description
%time
Current time
%object_name
Object name
%object_freetext
Object free text field. This can contain custom information such as documentation link.
%object_destination
Object address
%network_name
Monitor name
%monitor_error
Monitor alarm message
%monitor_error2
Monitor alarm message without timestamp
%sys_distributionlist
Distribution list
%monitor_dependencystatus Dependency tree status %object_description
Object description
%network_name
Network name
%sys_charts
Include real-time chart in mail (if available)
%monitor_timelastok
The most recent time the agent was ok
%monitor_timelastfailed
The most recent time the monitor was in alarm state
%object_operatorgroup
Operator group of the monitor object
%network_contactinfo
Network contact information
Restart message The default restart message setting enables you to customize the information sent to an operator upon a restart of an agent. Into the text you can insert flags that are expanded when the message is sent.
Advanced topics
Flag
Description
%time
Current time
%object_name
Object name
%object_freetext
Object free text field. This can contain custom information such as documentation link.
%object_destination
Object address
%network_name
Monitor name
%monitor_error
Monitor alarm message
%monitor_error2
Monitor alarm message without timestamp
%sys_distributionlist
Distribution list
89
%monitor_dependencystatus Dependency tree status %object_description
Object description
%network_name
Network name
%sys_charts
Include real-time chart in mail (if available)
%monitor_timelastok
The most recent time the agent was ok
%monitor_timelastfailed
The most recent time the monitor was in alarm state
%object_operatorgroup
Operator group of the monitor object
%network_contactinfo
Network contact information
%monitor_currentstatus
Status report for latest test performed
Acknowledge message The default acknowledges message enables you to customize the message sent to other operators when you acknowledge an alarm. Into the text you can insert flags that are expanded when the message is compiled and sent. Flag
Description
90
Intellipool Network Monitor
%monitor_list
Monitors selected to be acknowledge
%operator_current
Name of operator performing the acknowledge operation.
Alarm subject The default alarm subject enables you to customize the subject line in the e-mail message sent upon an alarm. Into the subject line you can insert flags that are expanded when the message is sent. Flag
Description
%time
Current time
%object_name
Object name
%object_destination
Object address
%monitor_name
Monitor name
%network_name
Network name
Restart subject The default restart subject enables you to customize the subject line in the e-mail message sent upon a restart. Into the subject line you can insert flags that are expanded when the message is sent. The restart subject line can use the same flags as the alarm subject line. Acknowledge subject The default acknowledge subject enables you to customize the subject line in the e-mail message sent upon acknowledge of an alarm by an operator. Into the subject line you can insert flags that are expanded when the message is sent. Flag
Description
%operator_current
Name of operator performing the acknowledge operation.
Syslog server Check this flag to start the internal syslog server. The server will start (or stop) when you save the settings. The internal syslog server must be started before using syslog agents. Syslog server port The port number the syslog server will listen on for syslog messages. If the server already is running you need to stop and start the server to apply the new port number. Syslog server PTTL (Packets time to live) The syslog server stores the entire syslog message for a period of time so the syslog agents can fetch the messages from the server when they are tested. The packet time to live value should be greater than the test time of all the syslog agents otherwise the agents might miss
Advanced topics
91
packets. The packets will be deleted from the internal syslog server according to the time to live value if a syslog agent does not retrieve them. IP connection list In this field you can specify which IP number range is allowed to connect to the INM web interface. If the field is empty no restrictions applies. If you should enter an invalid IP range you can always connect to the interface from the INM host machine. Example 1 192.168.0.0 – 192.168.0.40 Allows every client with an IP number in-between and including this range to connect. More rules can be added below the first line. Example 2 192.168.0.98 Allows a single host to connect. Login notice Shows a custom login notice at the login page. Telnet login prompt Some agents and actions can use Telnet instead of SSH2. INM needs to know the format of the telnet server login prompt. Specify one or more possible login prompts that exist on the different monitored machines. Separate multiple entries with a comma. Telnet password prompt Some agents and actions can use Telnet instead of SSH2. INM needs to know the format of the telnet server password prompt. Specify one or more possible password prompts that exist on the different monitored machines. Separate multiple entries with a comma. Telnet prompt Some agents and actions can use Telnet instead of SSH2. INM needs to know the format of the telnet server command prompt. Specify one or more possible command prompts that exist on the different monitored machines. Separate multiple entries with a comma. Backups Check this flag to enable automatic backup of the INM configuration repository. Backup interval Select the frequency of the automatic backups. Each backup will create a new backup file in the directory /nxdbackup in the INM root directory. INM can store log information to a number of external log systems. The XML log is enabled by default and cannot be disabled. § XML log file § Windows event log § ODBC datasource § Syslog server
92
Intellipool Network Monitor
§ SNMP Trap To change or enable one or more of these alternatives open the program settings page. Make the necessary adjustments to the log settings section and click "save" to save the changes. XML log file The log file is placed in the directory "logs" and is named systemlog.xml. The style sheet used by the XML file is called systemlog.xsl. Event log INM will store information into the Windows Event log under the “Application” log folder. ODBC log The ODBC log can create a database or you can specify an already created database to place the log table “log” into. The ODBC data source must be of “System datasource” type. The “log” table is created with the following fields: Field
Length
Type
Time
64
Char
Object
64
Char
Agent
64
Char
Text
255
Char
No index is created for the table “log”. Syslog INM can send log information to a syslog daemon. You have to specify destination and port to a host that have a syslog server running. The INM syslog client is using the UDP protocol and port 514 by default. Syslog address - The address of the syslog server receiving the log information. Syslog port -The port number of the syslog server. SNMP Trap INM have the ability to send all log information as SNMP traps to a remote trap console. Intellipool have created a custom MIB file that can be imported by the software receiving traps from INM. You can find the MIB file, named intellipool.mib, in the \mibs directory. Trap receiver - The host name or IP number of the receiver of the traps. Trap port - Port number that the trap receiver listens to. Community - Community string
5.15
Reports INM is capable of generating statistical reports from stored monitor data. A report can contain several different items, such as charts, toplists, uptime reports, data
Advanced topics
93
tables and comments. The overall style and color of the reports is controlled by Style templates, which makes it easy to add your company color-scheme or logotype to the finished reports. Customized reports vs. Report templates INM has two different types of reports, "Customized reports" and "Report templates". The difference between the two is basically that a customized report is self-contained and needs no additional user input to be viewed/emailed or scheduled. The content of a customized report is always determined beforehand, making the customized report a good choice for reports that you use regularly and whose content does not change. In contrast, a Report template only specifies the type of content - not the actual data. As such, a Report template can only be viewed/emailed or scheduled together with a set of networks or objects. This extra requirement also makes Report templates much more powerful. For example, if your Report template contains a CPU chart, the actual contents of the chart will depend on what networks or objects you selected when you viewed the Report template. Other report items will work in a similar way when working with Report templates. INM comes pre-configured with a set of useful Report templates. You can of course create your own Report templates if you wish to do so.
94
Intellipool Network Monitor
5.15.1 Report items This section describes the different types of Report items available for use in your reports. Graphs Report charts will display a graph of recorded monitor data over a specific period. Each chart can contain up to 8 individual monitors. Every monitor is coded with a specific color that is specified in the relevant Style template. Downtime reports A downtime report can show the downtime of one or more selected networks or objects. What contributes to your downtime can be displayed down to individual monitor level if needed. The item can report three different values, namely "downtime", "uptime" and "unknown". Downtime is defined as the time the monitor was in alarm state. Uptime is defined as the time the monitor was in normal state, and unknown is the time when INM did not know the status of the monitor, for example if the INM service was stopped for a couple of hours. All values are reported as percentages. It is also possible to limit the downtime calculations for a period during the day. This is useful if you need to know your uptime only during a certain time.Another advanced option is to limit the downtime calculation to only a limited set of monitors. For example, you could choose to only calculate downtime on your networks and objects by using Ping monitors only. Data table reports With the data table item, you can present recorded data in a table form. For example, you could report hourly recorded snapshots of a temperature monitor over the day. The amount of data shown in the data table is dependant on the corresponding report period. The table below shows the result from different report periods: Report period Daily
Number of cells 24. One cell each hour.
Weekly
14. One cell every 12 hours.
Monthly
28-31. One cell each day.
You can choose to report snapshots or period averages in the data table. A snapshot is the closest data sample to the period. For example, if you have a Daily report and there are two samples at 14:59 and 15:02, the data shown for the cell at 15:00 will be the sample at 14:59. The period average option will instead make an average of all samples within each period and use that value for the respective cell. These two powerful options will give you good control of how to present different types of data. Snapshots will be more interesting for some types of data and period averages will be more interesting for others. Toplist reports This report item makes use of INM's toplist feature, making it possible to insert precalculated toplists in your reports. Want to see the top 3 machines with highest CPU load in your network? The top 5 machines in need of a bigger disk? The toplist report item will tell you this type of information. Please see the Toplists section for more information about the
Advanced topics
95
possibilities with INM's toplists. Comments Comments can be used to include explaining texts in your reports. They can also be used to include signature fields for occasions when a report has to be reviewed and signed by someone. Images You can also include images in your reports. All supported image files placed in the reports/ images/ folder under the INM program folder can be selected and viewed in the reports.
5.15.2 Customized reports Editing a customized report As an example, let's look at how to create a customized report from scratch. To begin, select "Customized reports" from the Report menu. The customized report list page is shown as below.
From here, click on the "New customized report" link. The property page for the new report will be shown. Enter a name for this report, for example "Daily disk usage" and click the "Save" button.
Your report is now created and you will be presented with the customized report list page again. Now let's define the content of this report. Click on the reports name and INM will open the Report info page shown below.
Let's add a daily disk usage graph to this report. Click the "Graph" link in the items section. In the graph property page that will open, set the following parameters: Period - Choose "Current day" Data type - Choose "Disk size: Free disk space"
96
Intellipool Network Monitor
Click the "Save button" and you will be redirected back to the Report info page. Now, for a Customized report, we will need to specify which monitors that should be shown in the graph. This step is one example of what differentiates a Customized report and a Report template. If we were using a Report template we would not do this final step of specifying what monitors that should be in the graph. By using Customized reports you can create very specialized reports mixing data from various sources. To continue, click on the Graph you just added in the "Items" section. INM will open the Graph info page shown below.
Click on the "Add input" link. INM will display a window containing all disk-size monitors you have running on your INM system. If you do not have any disk-size monitors the list will be empty. Choose one (or several at once, by holding down the Ctrl key while selecting) from the list and click "Save". The monitors will now be added to the graph and listed in "Data inputs" section. You are now ready to view this report. From the report info page you can view the report directly in the browser by selecting the "View" command. From the report list page, you can view the report by clicking on the icon in the list.
5.15.3 Report templates Report templates As previously mentioned, the big difference between a Customized report and a Report template is that for a Report template, the actual content in terms of networks, objects or monitors is never specified. Report templates can be thought of being 'applied to' a specific network, object or monitor. Viewing Report templates There are two different ways of viewing a Report template in INM. The first option is, to select one or more networks, objects or monitors and then select the "View report" link. Here is an example from the object list page.
In this example, two objects have been selected. Now, to view an available Report template we just click on the "View report" link.
Advanced topics
97
By doing so, we will be presented with this screen:
All that is left to do here is selecting which Report template we want to see, and chose the report period. Then click the Ok button to generate the report. The other way of viewing a Report template, is by clicking on the template list.
View icon in the Report
If we do that we will be presented with the following screen:
From this screen you can select networks and/or objects that you want to use with your Report template, just as if you had selected them from the network or object list screens. Editing a Report template There are some differences when editing a Report template versus editing a Customized report. Some interface options will not be available when editing a Report template. For example, if you edit a Downtime report in a Customized report you will be able to select what networks and objects to include in the report, but for a Report template this does not apply so these controls will not be available when we edit the same item in a Report template.
5.15.4 Quick reports Introduction to quick reports Sometimes you want to quickly compare data from different monitors at a specific time. For example, you are to investigate a particular alarm and want to see what happened with, say the CPU load and free memory of the object around the time of the alarm. It would be possible to create a customized report for this purpose, but there is a much quicker way and that is to use "Quick reports". Start by selecting one or more monitors from either the "Object info" page or the "Monitor list" page, and choose the "View report" command. In the example below two Bandwidth usage monitors and one Ping monitor have been selected.
98
Intellipool Network Monitor
After clicking on the "View report" command INM will show the following screen.
From here you can chose to view an existing Report template. To do so, just select the report you want to see, select the Period and click the "Ok" button. However, you can also make use of the Quick report function from this screen. INM has now automatically created a report containing graphs from the monitors you selected. If several monitors of the same type are selected they will be grouped into the same graph. In some cases you can choose what type of data you want to see in each graph (for example in the case of a Ping monitor, you can choose either Roundtrip time or Packetloss), as well as the unit of the data. Select the time period and click the "Ok" button to view your quick report. When the report has been generated it is also possible to save it as a Customized report. Enter a name in the text box, click the "Save" button and the report will be stored under Customized reports.
Modifying quick reports It is possible to separate some monitors from the others and place them in their own graph. To separate a monitor from the others and place it in it’s graph select the monitor by checking the checkbox next to it, and then click on the “Split monitors” command. Let’s place the “Domainserver – Bandwidth usage” in it´s own graph by selecting the monitor and clicking on the “Split monitors” command. After doing so this becomes the result:
Advanced topics
99
The “Bandwidth usage” monitor in the “Domainserver” object is now placed in it’s own graph. It is also possible to group monitors of the same type together in a specific graph. To do so, select the monitors you want to group together and then click on the "Group monitors" command. The selected monitors will be grouped together. When the report has been arranged to your liking, just click on the “Ok” button and the report will be generated with the same layout as shown in the quick report screen.
5.15.5 Style templates Report style templates control the overall look of the report. The style template is made up of a number of different elements that is common for all reports using the style template. Both report templates and Customized reports can use style templates to achieve the same look. A default style template can be selected in the operator properties, forcing the operator to view all reports with the same style template.
100
Intellipool Network Monitor
Report style template property page
Report style template properties Name - Name of the template Description - Description of the template Header - Header text in report Footer - Footer text in report Logotype - Logotype image included in the report. To add logotypes to the list, place images in the \reports\image\logo subdirectory and reload the view. Logotype placement - Alignment of logotype image within the generated report. Default - Check this option to make this template the default template.
5.16
Schedules Schedules are used to control the work hours of operators, execute actions on a given time and to define scheduled downtime of objects. The schedule page is divided into three parts: operator, maintenance and event schedules.
5.16.1 Maintenance schedule Maintenance schedules can be used to plan downtime of an object or a monitor, during the maintenance no tests will be performed by the select objects monitors. The maintenance schedule can be a single maintenance period or a repeating maintenance period. The single period maintenance mode defines an absolute period by date, time and length of maintenance period. The repeating maintenance period can be configured to a certain day in the week, last day in month, fixed day interval or fixed days in month.
Advanced topics
101
Maintenance schedule
5.16.2 Event schedule Event schedules can be used to automate routine tasks that needs to be performed daily, weekly. An event can start execution of an action on a single occasion or on a repeating schedule.
102
Intellipool Network Monitor
Select scheduled event type
Event types Send mail - Send mail to operator, group or other recipient. Send SMS - Send SMS to operator, group or other recipient. GSM Phone/Modem must be installed and configured to use this event. Paging via PageGate ™ - Page operator or group via Pagegate Execute windows command - Executes a Windows command on the INM host machine. It is not possible to execute the command on a remote Windows computer with this event. Execute command via SSH2 - Executes a command on a remote machine. There must be an SSH2 server running on the remote machine. Windows service control - The events can start, stop, pause and restart windows services running on any machine in the accessible network. Clear event log - Clear the event log on a Windows host. Event log name should not contain the "Log" postfix for the standard event logs system, application and security. Wake-on-lan - Sends a broadcast packet to a network interface card ordering the host machine to start. The host bios must support WOL and the network interface card must support AMD® Magic Packet standard. HTTP Post - The event can perform a HTTP request that can be used to call a CGI script or custom software. Trigger agent test - This event can trigger an active or deactivate agent to perform a test. Agents part of a dependency tree cannot be triggered. Refresh uptime statistics - The event refreshes the periodical uptime statistics for all agents that store agent status statistics. The result can be viewed in the agent uptime list page.
Advanced topics
103
Generate a report - Generates a report and sends it to e-mail recipient, ftp and/or UNC directory. Export report - The event exports the raw data that is used to generate a report to an external database or file. Generate toplist - This event updates the toplists with new information. A default event of this type is created when INM is installed. Status report - Sends a status report to selected operators. Export statistics data - Exports stored statistics data to either an ODBC database or to a text file.
5.16.3 Operator schedule Operator schedules can be used to control the work hours of an operator. The operator will receive notifications from INM on the hours that are defined in the operator schedule. If no schedule is defined the operator will always receive notifications. The period that marks the work hours of an operator in a schedule is called blocks. A block is defined as a period of days and contains a set of rules that controls on which hours the operator is on duty in the block. Several blocks can be stacked together to compose a schedule that has alternating work hours for an operator. Example. An operator can work between 08.00 and 17.00 every weekday except Saturday and Sunday in the first block that runs for a week (7 days). In the next block the operator is scheduled between 17.00 and 03.00 every weekday except Saturday and Sunday. The active period for the schedule must specify an start day and optionally a end date. The end date of the schedule is the date when the schedule stops being active, if no end date is specified the schedule will be repeated. Each operator that is scheduled is marked with a icon in the operator list page. To add a new schedule click the "New schedule" link on the operator schedule task bar.
New operator schedule page Click the "Save" button to save the schedule and return to the schedule list page. Open up the schedule by clicking on the name of the schedule.
104
Intellipool Network Monitor
Operator schedule Click on the command "Add block" in the block list header.
Block length, in days. Specify the length of this block and click on the "Save" button. When returning to the operator schedule page click "Add rule" to proceed to the block definition page.
Block rule Select the days, time and operators that should be affected by this rule. Click on the "Save" button to save this rule.
Advanced topics
105
Operator schedule page with one block rule configured. The finished operator schedule will set operator Robert on duty between 08.00 and 17.00 every weekday.
106
5.17
Intellipool Network Monitor
SMS device configuration INM can send SMS trough a modem connected to the INM host machine. The modem can either be a GSM phone/modem or a modem capable of sending SMS via a fixed line service provider. Before using the send SMS action you need to configure SMS device parameters in the program settings page. Open the program settings page 1. Select the serial port the GSM modem is connected to. 2. Select the baud rate (default 9600) 3. (Optional) Enter the PIN code to unlock the SIM card 4. Click on the "Save" button to store the new settings. SMS modem installation checklist The device should be connected to a serial port (or USB port with serial emulation) on the INM host machine. 1. Connect the phone cable to the INM host machine 2. Install the modem driver for your phone (if needed) 3. With a terminal program connect to the phone. 4. Try to send a SMS by typing the following · ATZ · AT+CMGF=1 · AT+CMGS=”PHONENUMBER” · INM SMS TEST · Press CTRL-Z 5. The SMS should now be sent, remember to replace PHONENUMBER with the number of the receiving phone and keep the quote signs (e.g. “0068455”). On the last line you should press the CTRL-Z key combination. 6. The phone should answer with CMGS followed by a number indicating the ID of the sent SMS. 7. The phone is now ready for use by INM. CMS Error codes 8
Operator determined barring
10
Call barred
21
Short message transfer rejected
27
Destination out of service
Advanced topics
28
Unidentified subscriber
29
Facility rejected
30
Unknown subscriber
38
Network out of order
41
Temporary failure
42
Congestion
47
Resources unavailable, unspecified
50
Requested facility not subscribed
69
Requested facility not implemented
81
Invalid short message transfer reference value
95
Invalid message, unspecified
96
Invalid mandatory information
97
Message type non-existent or not implemented
98
Message not compatible with short message protocol state
99
Information element non-existent or not implemented
111
Protocol error, unspecified
127
Interworking, unspecified
128
Telematic interworking not supported
129
Short message Type 0 not supported
130
Cannot replace short message
143
Unspecified TP-PID error
144
Data coding scheme (alphabet) not supported
145
Message class not supported
159
Unspecified TP-DCS error
107
108
Intellipool Network Monitor
160
Command cannot be actioned
161
Command unsupported
175
Unspecified TP-Command error
176
TPDU not supported
192
SC busy
193
No SC subscription
194
SC system failure
195
Invalid SME address
196
Destination SME barred
197
SM Rejected-Duplicate SM
198
TP-VPF not supported
199
TP-VP not supported
208
D0 SIM SMS storage full
209
No SMS storage capability in SIM
210
Error in MS
211
Memory Capacity Exceeded
212
SIM Application Toolkit Busy
213
SIM data download error
255
Unspecified error cause
300
ME failure
301
SMS service of ME reserved
302
Operation not allowed
303
Operation not supported
304
Invalid PDU mode parameter
305
Invalid text mode parameter
Advanced topics
5.18
310
SIM not inserted
311
SIM PIN required
312
PH-SIM PIN required
313
SIM failure
314
SIM busy
315
SIM wrong
316
SIM PUK required
317
SIM PIN2 required
318
SIM PUK2 required
320
Memory failure
321
Invalid memory index
322
Memory full
330
SMSC address unknown
331
No network service
332
Network timeout
340
NO +CNMA ACK EXPECTED
500
Unknown error
512
User abort
109
System administration
5.18.1 AD integration The AD integration feature lets an operator login using Windows logon credentials by just pointing his browser to a special logon URL. Before you start using this feature you should be aware that this logon method due to its nature imposes a serious overhead for each page request and is dependant on that the AD have a low response time. Enabling AD login and configuring operators 1. Logon to INM the normal way and open the operator list 2. Open the property page for the operator you want to enable AD login for
110
Intellipool Network Monitor
3. In the field "Additional info" enter the Windows user name in the format mywindowsdomain\mywindowsusername. If you do not have a domain you can replace the domain name with your workgroup name. 4. (Optional) You can add additional windows accounts on a new line in the additional info field. This makes it possible to get a whole group of windows users to use the same operator account. 5. In the init.cfg file enter: webserver_auth=ntlm 6. Done Now the operator is ready to use with AD logon. When logged on to the Windows desktop using the registered Windows account the operator can login by entering this URL. http://myinmhost:8080/adlogin.xsi During the logon INM will exchange a series of packets with the browser verifying that the user is logged on as the specified Windows account. If everything checks out ok the operator will be directed to the index page (or the page you selected as start page in the my settings page). Troubleshooting If something goes wrong during the logon INM will redirect the user to the normal logon page. · INM can't reach the "mywindowsdomain" domain controller and verify that "mywindowsusername" is a valid windows account. · Your browser does not support the NTLM authentication type · The domain controller is slow to respond to authentication, this can effect the overall interface performance greatly. · You can only use this feature when you are in the intranet security zone
5.18.2 Configuring web server interface Changing the default port number The init.cfg file in the INM directory contains the configuration parameter that tells the web server what port number to use. Locate the line "WEBSERVER_PORT" and change it to a free port number you wish to use instead. You do not need to restart INM to make the changes take affect, INM monitors the file for changes and will automatically reload the file and make the necessary changes. This would change the port number to 8084 WEBSERVER_PORT = 8084 Binding interface to one or more interfaces You can optional change the address the web server listens to. Specifying this variable will override the WEBSERVER_PORT variable. WEBSERVER_BIND=192.168.42.32:8080 A more advanced feature is to bind the web server to several interfaces, delimit the different IP/port combinations with a semi-colon.
Advanced topics
111
WEBSERVER_BIND=192.168.42.32:8080;192.168.42.31:8081
5.18.3 Enable secure HTTP The INM SSL Setup utility compiler is a separate download that can be found at http://www.intellipool.se. Make sure to download and install before continuing this guide. The built-in web server can use SSL to encrypt all information sent from the web server to the web browser. To enable SSL use the "SSL Setup utility" installed in the INM program folder. When SSL is enabled you cannot connect to the interface using an un-encrypted connection. Configuring the web server 1. Start the SSL Setup utility in the Intellipool Network Monitor program menu 2. Verify that the path in the field "INM directory" is the path to the INM installation you wish to configure 3. Select a certificat from the list 4. Press the "Enable SSL" finish the configuration 5. Close the utility and restart INM To disable the SSL encryption, press the "Disable SSL" button in step 4. Note that the port used for INM will not change when enabling SSL. If the port number used by INM is 8080 the correct URL to access INM from the local machine will be https://localhost:8080 after SSL is enabled. Creating a certificate for data encryption 1. Click on the button "Generate certificate" 2. In the field "Certificate subject" enter the fully qualified name of the INM host machine 3. Enter the number of month this new certificate should be valid 4. Click on the "Create" button The certificate that this tool generates will not be a valid certificate for server identification since it will not have a valid CA (Certificate Authority) field. It will still be valid for encryption and as secure in that respect as a purchased certificate. Using your own certificate 1. Open the Management consol (MMC) 2. Add a certificate snap-in for the "Computer account" 3. Select the "Personal" node under "Certificates" 4. In the context menu select "All tasks"->"Import.." 5. Follow the steps provided by the wizard to import the certificate When the certificate is installed, use the "INM SSL Setup" utility to select and enable SSL Encryption. Troubleshooting If INM fails to respond after you restarted the service
112
Intellipool Network Monitor
1. Check if the INM log file contains any information indicating a failure starting the web sever 2. Check that the URL used is correct, example (use the port number you configured when installing INM) https://localhost:8080 3. The certificate used must be accessible by the user account assigned to INM, logon with the account assigned to INM and start the INM SSL Setup utility and check if the certificate is visible in the list.
5.18.4 Init.cfg parameters The init.cfg file contains a number of different configuration parameters. They are described below with their respective default values. Log LOG_LEVEL = 0 - Log level, if set to other then zero INM will write debug information into the text log. Valid log level is 0, 1 and 2 Web server WEBSERVER_PORT = 8080 - Web server port number, this is the port number the web server will listen on for incoming connections from a browser WEBSERVER_LANGUAGE = ENG - The language used in the web interface, default English (ENG), optional French (FRA) WEBSERVER_CERT= - The web server can use SSL to encrypt information, this parameter specifies the certificate name, default blank. Use the INM SSL configuration utility to select and configure SSL options. WEBSERVER_SSL=0 - Enables web server SSL mode, default disabled (0), enabled (1) SSH2 SSH2_TIMEOUT=25000 - SSH2 client timeout time in milliseconds, default value 25000 (25 seconds) SSH2_TRACELEVEL=0 - Tracelevel can be used to debug the ssh2 connection, default set to (0), valid range 0 to 4 (max output) Testing thread pool configuration TP_INIT_SIZE - The initial size of the thread, default 20 threads. TP_MAX_AGE - The max age in seconds a thread can be unused before being deleted from the pool. This value is default set to 3600 (one hour). The purpose of this parameter is to have the thread pool balance the size to a optimal size for your configuration. TP_MAX_SIZE - Max size that the thread pool can grow to. Default to set 125. TP_BUSY_WAIT - The time in milliseconds the thread pool will wait creating a new thread if its exhausted, giving in use threads a possibility to finish and return the thread to the pool. The default value of this is 100.
Advanced topics
113
Other OBJECT_IP_CACHE=1 - INM resolves all object host names into IP addresses, this feature can be turned of if there is problems with the local DNS , default enabled (1), optionally disabled (0) DELAY_TEST_START=0 - This parameter can be used to delay the start of monitor tests when INM is starting up, values in seconds, default 0. It can be useful for reducing machine boot time stress by delaying the start of INM monitor tests. OPERATOR_SESSION_TIMEOUT=20 - To set the operator session timeout value, in minutes. If no timeout is wanted, set value to -1 DISTTEST_UPDATE_INTERVAL=60 - (DE Only) Time between the event that causes the gateway and server to exchange information. Can be set in both gateway and server init.cfg files to separate values. Recommended value is the default value 60 seconds. DISABLE_RTS - If this variable is present and set to 1, in the init.cfg file at startup no real-time statistics will be loaded for monitors. This can greatly speed up the startup time of INM. NO_TESTING - If this variable is present and set to 1, in the init.cfg file at startup, no testing will be performed until an operator enables the testing again.
5.18.5 Restrict access to web interface The web server can be configured to only accept connection from a range of IP numbers. Information how to configure the IP numbers accepted by the web server can be found in the program settings page. By default the web server accepts all incoming connections. IP connection list In this field you can specify which IP number range is allowed to connect to the INM web interface. If the field is empty no restrictions applies. If you should enter an invalid IP range you can always connect to the interface from the INM host machine. Example 1 192.168.0.0 – 192.168.0.40 Allows every client with an IP number in-between and including this range to connect. More rules can be added below the first line. Example 2 192.168.0.98 Allows a single host to connect.
5.18.6 Setting system administrator message On the system admin page you can enter a message displayed to all operators on the index page. Enter the message and click the "Save message" button to save the message. To remove the message clear the message text and click "Save message".
114
Intellipool Network Monitor
System administration page
5.18.7 System administrator console The system administrator console can be found on the system administrator page. Click on the button under the header to open the console.
System administration page
The purpose of the system administrator console is to provide an easy way to perform reoccurring system administrative tasks. The interface is a normal Command Line Interface (CLI) that most system administrators are familiar with.
Advanced topics
115
The system administrator console
Commands calc - A built in calculator for simpler calculations. Usage example: calc 41+1
crash - A command that should only when requested by Intellipool support personal. The command crashes INM and produces a crash dump that can be used by Intellipool support personal to investigate problems with INM. disable - Disables a feature in INM. -all Disables all the listed features -testing Disables testing -actions Disables execution of actions -statistics Disable statistical storage -login Disables login for normal operators, system administrators can login dist-patch-gateways - (DE only) Command starts patching of all gateways that needs patching. dist-restart-server - (DE only) Command to restart the INM distributed testing server. dist-tarpit - (DE only) Command to add or remove IP numbers from the tar pit. The tar pit will protect the server from brute force login attempts and DOS attacks.
116
Intellipool Network Monitor
-block Blocks the specified IP number. -unblock Unblocks the specified IP number. -list Lists all IP numbers in the tar pit. -blocktime Sets the default block time. In minutes, default is 20 minutes. dist-tarpit -block 192.168.0.1
enable - Enable a feature in INM. -all Enable all the listed features -testing Enable testing -actions Enable actions -statistics Enable statistical storage -login Enable login for normal operators get-mac - Retrieves the MAC address for a certain IP number. Note that only IPs on the local area network of the INM host machine are likely to return a MAC address. get-mac 192.168.42.1
help - Displays help information for the different commands in the console. Type help "command" to display command specific help. log-level - Adjusts the log level, note that when INM restart it will default to the log level specified in the init.cfg file. The available values are 0,1 and 2. lookup - Queries a DNS server for information about a domain. lookup intellipool.se
ping - Pings an IP number or host name. resolve - Resolves a host name to an IP number resolve www.intellipool.se
send-mail - Sends a mail to the specified address using INMs built in e-mail client. send-mail
[email protected] , "Testing INM" , "This is a test mail"
send-wol - Sends a Wake on Lan package to the specified host. send-wol 192.168.42.1
shutdown - Shutdowns INM and flush all un-saved settings to disk. status - Displays feature status information. -thread Displays current total number of threads that INM is using -threadpool Displays the total number of threads in thread pool.
Advanced topics
-memory Displays the current INM memory usage -cpu Displays the current INM CPU usage -handle Displays the current INM handle usage -feature Displays the status of INM features. time - Prints the local date and time of the INM host machine. trace-route - Performs a trace route to the specified host. version - Prints version of INM. The command can also be used to check if a new version of Intellipool Network Monitor is available . version -check
117
118
5.19
Intellipool Network Monitor
System types The system type determine which types of monitors is available to the object and how they perform the test. Built into INM is all Windows system types, new system types can be created by a set of configuration files located in a folder in the \system directory. The documentation mainly refer to other system types as "UNIX" but it can be any type of system that have shell access trough SSH 2.0 or Telnet. System specification This document describes briefly how INM handles the different UNIX systems supported in INM. To support monitoring of disk, cpu, swap and so on, INM logs in using either SSH2 or Telnet, runs a command on the UNIX host and parses the result. What command and how the result is parsed is described in these configuration files in the \system subfolder. All system specifications inherit the one labeled "Generic UNIX" (sysid=5). So it is only necessary to write parsing information for those commands that are different from the ones specified in the "Generic UNIX" system type. The configurations in the Generic UNIX folder provide examples on how these files work. A note regarding system ID's The file containing the ID of the system type is called 'sysid.txt'. Every ID must be unique. When you are adding a new system type, please use ID's that begin on 1000 and up. When you create a sub folder for your new system, it is only after you create the sysid.txt file that you will be able to select your new system type in the object properties dialog. Configuration files The examples should provide the necessary info on how to write them. * When a value is specified with a - sign in front of it, that means to read the value "from the end". So: value_row=-1 means the last row of the output value_col=-5 means the 5th column from the right * Columns can be appended, added, subtracted, multiplied and divided if necessary (see filecheck.txt in the Free BSD folder) : operator appends the values of two columns + operator adds the values of two columns - operator subtracts the values of two columns * operator multiplies the values of two columns / operator divides the values of two columns * Final values can be divided (see memsize.txt in the Free BSD folder) CPU utilization File: cpu.txt Variables: $processor (the processor specified in the same agent field in INM.)
Advanced topics
119
This is somewhat special considering that INM use two different methods of measuring CPU load on UNIX machines. When no specific processor is specified in the agent settings, it uses vmstat by default. When a specific processor is entered in the agent settings, it uses mpstat to be able to measure a specific CPU. That's why we have 2 different commands in this parsing specification. Return values: % user time, % system time Disk utilization File: disksize.txt Variables: $volume (the name of the diskvolume specified in the agent field in INM.) Return values: amount of free disk in MB File change File: filecheck.txt Variables: $filename (the path of the file specified in the agent field in INM.) Return values: size in bytes, date modified, time modified Swap file utilization File: freeswap.txt Return values: avail swap space in KB, used swap space in KB Memory utilization File: memsize.txt Return values: amount of free system memory in MB Process status File: memsize.txt Variables: $processname (the name of the process specified in the agent field in INM.) Return values: the name of the process if it's still running Notes: For the most systems we just find a matching row of the output containing the process name, (the line "match=$processname"). Check Debugging information When you want to add support for a new system, disable all agents(CPU, Disk, Filecheck, Swap, Memory size, Process) but the one you want to add support for. Add the following line to the init.cfg file in the INM program folder (can be done without restarting INM). SYSTEMDEF_DEBUG=1 This will make INM log information about how it is trying to parse out the values according to your specifications (this is why it's a good idea to disable all agents but the one you are working on). The file is called debug.txt and will be written in the \system folder. Now when you change your parsing specification file, INM will notice and reload it automatically, there is no need to restart INM after you change it. If you write complete support for a new system type, please send the definitions to
[email protected] and we will include it in future releases. Thanks!
120
5.20
Intellipool Network Monitor
Toplists INM can calculate the min, max and average of recorded statistics data of all monitors over daily, weekly and monthly periods and present them in a toplist fashion. This calculation is done by a scheduled event called “Generate toplists”. New INM installations will get this event automatically configured. The toplist data is stored to disk and can be very quickly viewed. Adding the Generate toplist scheduled event This toplist event is automatically configured when you install INM, if you upgrade a current INM installation to you will need to add this event. Make sure to check if you already have an toplist event, adding a second is not recommended. Open the Schedules view by choosing Schedules from the Settings menu. Click “New event” in the Event schedule section, and then click on the “Generate toplists” event. Toplist data will be calculated up until the time when the event is run. So for example, to make INM update the toplist charts twice a day, configure the event like this:
Top list event In this example, the toplist data will be updated at 7 in the morning as well as 8 in the evening, every day of the week. INM will keep track of when the event was last ran, and will generate toplist data from that time up until the time the event is run again. Using toplists INM will currently calculate toplists on daily, weekly and monthly basis. This means that INM will calculate the min, max and one-day average of the recorded statistics data for each monitor, over those periods, and store in the respective toplist. To open the toplist view to browse the toplist data, select “Toplists” from the Monitor menu. The toplist view will appear:
Advanced topics
121
Top list page Toplist - Available toplists will be selectable from the select box. After choosing the desired toplist press the “Load” button and it will be loaded instantly. Up to 14 daily toplists, 8 weekly and 6 monthly toplists can be selected in the Toplist box. Older toplists can be accessed by typing the date of the toplist in the following formats: Daily toplist - YYYY-MM-DD Weekly toplist - YYYY-Wnn, where nn is the week number. The week-numbering is affected by the respective setting in the program settings. Type in the textbox next to the Load button, and then click on the Load button to load the desired toplist Monthly toplist - YYYY-MM Toplist type - To view different types of toplist data, choose the type of data in the “Type” select box. In the example above CPU load was selected. Once a toplist data type has been chosen INM will instantly update the toplist view. The same is true for all options in the Toplist view. When an option is altered the view will be updated immediately to reflect the settings. Entries/Mode - The “Entries” select box configures the number of monitors displayed in the list. The next setting, the “Mode” select box, configures if the list should start with the monitor with the highest or the lowest value. Use the Entries select box together with the Mode select box to configure the Toplist view to show for example the “Top 50 highest CPU load” entries or the “Top 10 machines with least amount of Free memory”. This box can also be used to choose the different compare modes available when comparing two toplists. More about this particular feature is explained below. Unit - With the “Unit” select box the presentation unit can be selected on some toplist types such as Free disk space, Memory or Temperatures. Data - The “Data” select box configures the Toplist to display either the recorded min or max values, or a 1-day average. For some data the average is a more interesting value than the recorded extremes, but in some cases the min and max values are also very interesting, such as in the “Top 10 CPU spikes” example below. Examples 1. Top 50 objects with highest average CPU load Type: CPU load Entries: 50 Mode: Highest entries Data: 1-day average
2. Top 10 CPU spikes
122
Intellipool Network Monitor
Type: CPU load Entries: 10 Mode: Highest entries Data: Sampled max value
3. 10 objects with least amount of Free memory Type: Free memory Entries: 10 Mode: Lowest entries Data: 1-day average Comparing toplists Two different toplists, of the same type, can be compared with each other. This feature is useful to see how certain monitored properties evolve over time. Is the temperature in your server hall slowly rising by the month or is your SAN running out of free space ? You can use the compare feature to find out those kinds of things. First, load up a toplist by selecting the toplist (or typing the date) and click on the "Load" button. This list will be considered as the "main" toplist. Next, select a different toplist and click on the "Load to compare" button. This list will be considered as the "compare" toplist. INM will present the two toplists as follows: the main toplist on the left, and the compare toplist will be placed to the right. You can now see how the monitored properties for a particular monitor changed between the two toplists. In addition to just looking at the toplists to see changes, you can ask INM for additional statistics while comparing two toplists. The available statistics can be chosen only when a compare toplist has been loaded and they can be selected from the "Mode" selectbox. Top movers - Displays the monitors who's values changed the most between the two toplists Top climbers - Displays the monitors who's values increased the most between the two toplists Top fallers - Displays the monitors who´s values decreased the most between the two toplists Example 1. Find out which of your servers that increased the most in CPU usage over two different months. Select the first month and click the Load button. Then select the second month and click the "Load to compare" button. Type: CPU load Mode: Top climbers Data: Period average
Advanced topics
123
Using toplist in reports You can add toplist information in your reports. To add a toplist in your report first open the report list and then click on the report you want to add the toplist information to. From the report info view, click on the "Add toplist" link in the Items section.
Toplist report item property page
To choose which toplist that will be included in the report is a little different than choosing a toplist in the toplist view. In a report, that will probably be scheduled on a specific day, it is more useful to be able to refer to a toplist relative to when the report is created, such as the "Current day" or "Current month". So in the Toplist box you can choose which toplist you want to include in your report in this manner. If you choose "Current day" INM will include the toplist data for the day the report is created.The other choices work in the same way. The other options in this screen such as Type, Unit or Mode work in the same way as when you are working in the toplist view. Click on the Save button to store the toplist in your report. When the report is generated INM will include the toplist data you specified and add it to the report.
5.21
Troubleshooting Windows monitoring and authentication
Troubleshooting Windows monitoring and authentication Intellipool Network Monitor is capable of agentless monitoring of remote Windows workstations and services. The pre-requisite for monitoring a remote object is an successful authentication with an Windows account that have access to a number of different resources on the monitored object. There is a number of different problems that can arise that this document will try to answer. This document is provided as a troubleshooting reference and Intellipool AB can not guarantee that these problems can be solved. All modifications to the system, including modifying the registry is done at your own risk.
124
Intellipool Network Monitor
5.21.1 INM Service account and rights assigment If INM is running under a user account other than LocalSystem, make sure the following local security policies are enabled for the service account. · Log on as a Service · Act as part of the operating system (Windows 2000) · Bypass traverse checking · Read, Write and Execute rights on the \Intellipool Network Monitor folder To make full use of the built in account manager all objects should be assigned an account other than the base service account. Monitoring accounts In INM you have the ability to assign an default account to each object. This account will be used to authenticate with the monitored object. In the following text we will refer to this account as the monitoring account. In the object property page its called the default account. In the monitor property page the account selection option should be set to ”Use object default account”. The monitoring account should be an member of the Administrators group on the object being monitored. In most cases this is the Domain Admin group. Account username format Depending on the location of the monitoring account INM requires you to format the username according to the following rules (that also applies to Windows in general). · .\username (Account is found by INM on the local machine) · username (Account is found by INM on the local machine) · domain\username (Account is found by INM on the domain "domain") ·
[email protected] (Same as above but valid for XP, 2003 and Vista)
Advanced topics
125
5.21.2 CPU/Disk/Memory/Process/Swap monitor These categorize of monitors uses the remote registry service to query the monitored object. Make sure the remote registry service is running on both the monitored object and the INM host. By default, only administrators can access the remote registry. This is controlled by the registry key HKEY_LOCAL_MACHINE \SYSTEM\CurrentControlSet\Control\SecurePipeServers\Winreg You can edit the permissions of this registry key to limit or grant access to the remote register. If the key do not exist access is granted to everyone. A special case for the disk utilization monitor is when in Win32 compatible mode. Then you need to specify the default share representing the disk. For example instead of specifying C: you should specify C$ and make sure this default share exists and is accessible by the monitoring account.
126
Intellipool Network Monitor
5.21.3 Event log monitor By default, everyone can read the eventlog except the Security eventlog, to read the security eventlog the user needs to be a member of the administrator group. The access to the different event logs are controlled by this registry key. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog You can edit the permissions of this registry key to limit or grant access to the remote eventlog.
Advanced topics
127
5.21.4 Service monitor This monitor type uses Remote Procedure Calls to query status of a service running on the monitored machine. Make sure the RPC service is running on the monitored object and the INM host. The monitor account needs to be an administrator on the monitored host to gain access to the service manager.
128
Intellipool Network Monitor
5.21.5 External resources These links are only provided as reference. All modifications to the system, including modifying the registry is done at your own risk. "How to restrict access to the registry from a remote computer" http://support.microsoft.com/kb/153183/en-us
"Removing the Everyone Group from Group Policies in the Remote Registry Services Permanently Removes All Access" http://support.microsoft.com/kb/281641/en-us
"A custom program that uses the RegConnectRegistry function can no longer access the registry of a remote computer in Windows Server 2003 with Service Pack 1 or in an x64based version of Windows Server 2003" http://support.microsoft.com/kb/906570
"Controlling remote Performance Monitor access to Windows NT servers" http://support.microsoft.com/kb/164018/EN-US/
"Troubleshooting Performance Monitor Counter Problems" http://support.microsoft.com/kb/152513/en-us
"Unable to complete the operation on . Access is denied." error message when you try to access a log on a Windows Server 2003-based computer" http://support.microsoft.com/kb/888189/en-us
Error message when you try to make a remote connection to the registry of a Windowsbased computer from a Windows Server 2003 SP1-based computer: "Access denied" http://support.microsoft.com/kb/913327/en-us
5.21.6 Troubleshooting 5.21.6.1 Access denied
Either spontaneous errors or permanent error when monitoring an object. "Access denied."
Advanced topics
129
Cause
Access to the monitored object is denied. This can be caused by an authentication failure or that the monitored object is to busy serving new requests. Resolution/workarounds
·
·
Make sure the monitoring account have access rights to the monitored object. In most cases this error is caused by the INM monitoring account not being an administrator on the monitored object. Firewall restrictions prevents INM from accessing the monitored object. This error can be resolved by unblocking port 445 to the monitored object.
5.21.6.2 Credential conflicts
Monitors are randomly entering alarm state with credential conflict as error message. ”Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed. Disconnect all previous connections to the server or shared resource and try again.” Cause Using more than one account to monitor the object, this includes individual objects pointing to the same address. Resolution/workarounds · Make sure only one account is used to access the monitored object from the INM host. 5.21.6.3 Network path can not be found
Either spontaneous errors or permanent error when monitoring an object. "The network path was not found." Cause The network path could not be found or accessed because of firewall restrictions, name resolution error or a network error. Resolution/workarounds · DNS server is overloaded and can not translate the object address, try entering the IP number as the object address. · Firewall restrictions prevents INM from accessing the monitored object. This error can be resolved by unblocking port 445 to the monitored object. · If the monitor type is a Disk utilization monitor and you are running in Win32 compatible mode, make sure the share is available. If you want to directly monitor a disk rather than a share, use the default share name of the disk (ex. C$) instead of the volume name (ex. C:). 5.21.6.4 Performance related issues with monitored object
Spontaneous errors occurs during specific time of day or other pattern, such as when backup starts or large queries are run in a database on the monitored object.
130
Intellipool Network Monitor
Cause The monitored object can be unable to complete requests from INM since its busy performing other tasks. It can also be network bandwidth related, for example monitoring objects over an VPN connection can severely degrade network performance and latency. The error messages can vary but most commonly they are all related to RPC failures. Resolution/workarounds · Lower the test frequency to 300 seconds · Set the Alarm generation value to at least 5 to filter out false positives · If low network bandwidth or high network latency is a factor INM DE can be used to place an gateway closer to the monitored object. A gateway uses only a fraction of the network bandwidth that a normal test would do. 5.21.6.5 Remote session limit
INM is refused access to the monitored object seemingly random with the error text: ”An attempt was made to establish a session to a network server, but there are already too many sessions established to that server” Cause Each server or workstation have supports a maximum number of authenticated connections. An authenticated connection is considered as one connection from one machine to another, where the connection is associated with an set of credentials. If the maximum number of already connections already are filled the next connection request will be blocked. Resolution/workarounds · Review the max connection threads that can be used by the lan manager server and if possible, extend the limit. 5.21.6.6 The RPC server is unavailable
Errors occurring either randomly or all the time with the following error text. "The RPC server is unavailable" Cause The most common cause for this problem is that the remote registry of the monitored machine is either stopped or is experience problems accepting new connections. Resolution/workarounds · Restart the remote registry service of the monitored object. · Review the object overall performance, the object might be too busy to serve more connections. · Check the DNS entry for the monitored object, confirm that both a forward and reverse zone entry exists.
Section VI
132
6
Intellipool Network Monitor
Monitor reference and configuration exampels This section covers configuration of monitor specific parameters of all monitor types in INM.
Monitor reference and configuration exampels
6.1
133
Bandwidth utilization Monitors bandwidth utilization of an network interface. Can be configured with or without threshold alarm.
Bandwidth utilization monitor property page
Category - Performance System type - All Monitor specific properties Interface - Interface to monitor. Unit - Unit to record bandwidth utilization in. Threshold - The upper threshold in the selected unit. Leave this field blank to ignore threshold errors.
134
6.2
Intellipool Network Monitor
Citrix server The monitor checks if a Citrix is responding to connection attempts.
Citrix monitor property page
Category - Network services System type - All Monitor specific properties Port number - Port number of Citrix service
Monitor reference and configuration exampels
6.3
135
CPU utilization The monitor test the CPU utilization and triggers an alarm if its above the given threshold or if the object is unreachable.
CPU utilization monitor property page (Windows version)
Category - Performance System type - All but Generic/Unknown Monitor specific properties Max CPU load - The maximum allowed CPU load in percent. CPU number - The number of the CPU on the host. Zero based index. Detailed report (Windows only) - The alarm report will contain all processes and their current CPU usage. Logon account - To override the object default account select an account from the list. (?) 56 Ignore com. error - Check option to ignore errors that are not threshold errors. For example if the object is unreachable and this box is checked the monitor will not fail the test. Unix specific properties Port - Port number. Use telnet - Use telnet instead of SSH2.
136
6.3.1
Intellipool Network Monitor
Example CPU usage can be monitored in a couple of different ways, depending on what type of machine is monitored. Windows example 1. Make sure the objects system type is set to a Windows version 2. Open the object information page and click on Add monitor 3. Select the CPU monitor 4. Enter the max CPU usage in percent 5. Enter a zero based CPU number, or the string _Total , this value can also be enumerate by clicking on the button next to the filed. 6. Check the box "Detailed report" to get a list of processes running and their CPU usage in the event of an alarm. 7. Click save to create the monitor. Linux/Unix example This monitor uses the SSH2 protocol to perform the test, there must run a SSH2 server on the the monitored machine. 1. Make sure the objects system type is correctly set to the operating system running on the monitored machine 2. Open the object information page and click on Add monitor 3. Select the CPU monitor 4. Enter the max CPU usage in percent 5. Enter a zero based CPU number 6. Select an logon account to use when login on the monitored host, create a new if needed. 7. Click save to create the monitor
Monitor reference and configuration exampels
6.4
137
Database server Monitors a database using ODBC. The test verifies that the ODBC data source can be opened and accessed. The monitor can also execute SQL query and compare the result to a predefined value.
Database monitor property page
Category - Others System type - All Monitor specific properties Datassource name - Name of the ODBC data source to be used to connect to the database. This ODBC data source must be of the system type. Username/Password - Optional credentials. SQL query - Optional SQL query to perform. No rows fail - Check this option to make the monitor fail the test if the query returns no rows. Compare value - Value to compare query result with. Only numerical values are valid. Operation - Operation to evaluate the returned query result and the compare value to determine if the test succeeded or failed.
138
6.4.1
Intellipool Network Monitor
Example To monitor databases use the ODBC monitor. You will need to create a system DSN (datasource) before using this monitor, INM is a service and cannot access any other type of DSN. Consult the Windows help on creating a system DSN. 1. Open the object information page and click on Add monitor 2. Select the ODBC monitor 3. Enter the name of the DSN in the field datasource name 4. Enter a username and password if needed. This is optional, username and password can be specified directly in the DSN. 5. If you wish to execute a query, enter the query in the field SQL query. The query must return a numeric value. 6. (Optional) To make a comparison of the return value , enter the compare value and select an operation. The result of the operation should be boolean false to make the test fail. 7. Click save to create the monitor.
Monitor reference and configuration exampels
6.5
139
DHCP query The DHCP query monitor verifies that a DHCP server is able to lease IP addresses to clients in the network. At least one address must be free for the test to succeed. Important ! The INM host cannot use DHCP for its own network interface if this monitored is used. If the host machine use DHCP the result could be that INM is releasing the IP address allocated to the host. INM uses the MAC address of the first installed network card on the host to request an IP address from the DHCP server. Category - Directory services System type - All
6.6
Directory property The directory property monitor can test file count, directory size, relative size changes and age of files in a directory. The test can be limited in scope to files matched by a wildcard.
Directory property monitor
Category - Others System type - Windows Monitor specific properties Share - Name of share relative the object including wildcard of files to include in test. Ex. \temp\*.?xt. See below for additional formatting options. Ok if no files - If checked the option makes the monitor not fail the test if there is no matching files. The test will pass without checking the subsequent tests. Logon account - To override the object default account select an account from the list. (?) 56
140
Intellipool Network Monitor
Max files - Enter the maximum file count in directory for test to pass, leave blank to skip this test. Min files - Enter the minimum file count in directory for test to pass, leave blank to skip this test. Max age - Enter the maximum file age of the oldest file in the directory in hours and minutes (Ex. HH:MM) . Leave blank to skip this test. Max age newest - Enter the maximum file age of the newest file in the directory, leave blank to skip this test Rel. threshold - The relative threshold test enables you to test for relative changes between the current and the previous test. Select an option that will make the test fail if it evaluates to true. Abs. threshold - The absolute threshold test can be used to test the directory size against an absolute threshold in MB. The threshold together with the operation should evaluate to true for the test to pass. Path field formatting flags The following flags can be inserted into the path and expanded during the test: %time_hour - Hour in 24-hour format (00 - 23) %time_hour2 - Hour in 12-hour format (01 - 12) %time_minute - Minute as decimal number (00 - 59) %time_second - Second as decimal number (00 – 59) %date_year - Year with century, as decimal number %date_year2 - Year without century, as decimal number %date_month - Month as decimal number (01 – 12) %date_dayofmonth - Day of month as decimal number (01 – 31) %date_dayofyear - Day of year as decimal number (001 – 366) %date_weekday - Weekday as decimal number (0 – 6; Sunday is 0)
Monitor reference and configuration exampels
6.7
141
Disk utilization Monitors free disk space on the object. The monitor can also monitor a Windows disk using an alternative method that requires a share be specified as “Disk name” instead of a volume. The monitor does not support enumeration of shares. The alternative method can be used if the Windows performance API is disabled on the monitored machine.
Disk utilization monitor property page (Windows version)
Category - Performance System type - All but Generic/Unknown Monitor specific properties Free disk space - Minimum size left on volume Presentation unit - Select the unit to measure Logon account - To override the object default account select an account from the list. (?) 56 Windows specific properties Disk name - The name of the disk to monitor. Use Windows share - If checked the test is performed using a Win32 API function instead of Windows performance API. The disk name should be in the format diskletter$, for example C$. The enumeration function cannot enumerate Windows standard shares. Unix specific properties Disk name - The name of the disk to monitor SSH2 port - Port number of SSH2 server Use telnet - Makes the monitor use the telnet protocol instead of SSH2, remember to set the correct port number.
142
6.8
Intellipool Network Monitor
DNS lookup The monitor connects to a specified DNS server and tries to translate the specified address into another address form. The entered address can be in number form (255.255.255.255) or in name form (www.intellipool.se)
DNS lookup monitor property page
Category - Directory services System type - All Monitor specific properties Name - The address to use for translation test. To test more than one addresses at the time separate the addresses with a semi colon in this field. All fail - Selecting this option indicates that all the addresses must have failed lookups for the agent to go into a failed state.
Monitor reference and configuration exampels
6.9
143
Event log The monitor reads the event log and search for messages that matches the monitor parameters. Only event log entries created after the previous test is included in the current test.
Event log monitor property page.
Category - Log System type - Windows Monitor specific properties Event ID - Event id number to trigger an alarm on, separate multiple numbers with a comma. To include all event id’s, leave the field blank. Event ID filter - Event id number of events to filter out, separate multiple numbers with a comma. Event type -The type of event to search for. If alternative "all" is selected. All types of events will be considered for the test. Log name - The name of the log to search Source string - (Optional) The source of the event. Include string(s) - If one or more strings exists in the event record message text the record is included in the test (if the other criteria’s is meet). Exclude string(s) - If one or more strings exists in the event record message text the record is NOT included in the test (if the other criteria’s is meet). Include message - If checked the message text is include into the error report. Ignore open errors - Check this flag to ignore errors generated when the monitor failed to open the event log. This option can eliminate alarms if the host of the event log is down. Logon account - To override the object default account select an account from the list. (?) 56
144
6.9.1
Intellipool Network Monitor
Example Example 1 The message text of the event record should contain the user name “Administrator” but not the username “Robert”. § Set include string to “Administrator” § Set exclude string to “Robert” Example 2 The message text of the event record should not contain the user name “Robert”. § Leave include string blank § Set exclude string to “Robert”. To extract the message text from the event log record INM needs to read information from the DLL or application file that contains the event log record definition. This is done in 3 steps. 1. INM searches the local computer for the file, if found step 3 2. INM searches the monitored computer for the file 3. Opens the file and reads the event log record information If INM does not find the requested DLL, then the include/exclude test will be skipped. Message files can be copied into the INM host machines system directory or the INM root directory to speed up the search. The monitor automatically excludes all log items that is logged by Intellipool Network Monitor to avoid a monitor/log loop behavior.
Monitor reference and configuration exampels
6.10
145
File change The monitor checks a file for changes in size or modification date.
File change monitor property page (Windows version)
Category - Others System type - All but Generic/Unknown Windows specific properties Path - Absolute path of the the file, including the name of the host. Ex. \\myhost\c$\test.txt Unix specific properties Path - Path of the the file relative the host. Ex. /home/robert/test.txt Port - Port number. Use telnet - Use telnet instead of SSH2. Monitor specific properties Date - Check this option to trigger an alarm if the file is modified Larger size - Check this option to trigger an alarm if the file grows in size. Smaller size - Check this option to trigger an alarm if the file shrinks in size. Not change - Check this option if the file size or date not have changed since last test. Path field formatting flags The following flags can be inserted into the path and expanded during the test: %time_hour - Hour in 24-hour format (00 - 23) %time_hour2 - Hour in 12-hour format (01 - 12) %time_minute - Minute as decimal number (00 - 59) %time_second - Second as decimal number (00 – 59) %date_year - Year with century, as decimal number %date_year2 - Year without century, as decimal number %date_month - Month as decimal number (01 – 12) %date_dayofmonth - Day of month as decimal number (01 – 31)
146
Intellipool Network Monitor
%date_dayofyear - Day of year as decimal number (001 – 366) %date_weekday - Weekday as decimal number (0 – 6; Sunday is 0)
Monitor reference and configuration exampels
147
6.10.1 Example The file check monitor can be used to monitor file changes. The monitor can determine if a file have changed, grow or shrink in size. It can also detect if a file does not change if you wish to watch a file that should be updated periodical. The monitor can monitor files both on Windows machines and Unix machines. When monitoring a file on a Windows machine standard filesystem functions are used to access the file. When monitoring a file on the on a Unix machine the monitor connects and logs on to the machine via SSH2 and uses standard command line to get the current status of the file.
148
6.11
Intellipool Network Monitor
FTP server The monitor checks if an FTP server accepts new connections.
FTP server monitor property page
Category - Network services System type - All Monitor specific properties Logon account - Account used to logon to the FTP server Port number - The port number the FTP server is listening on.
Monitor reference and configuration exampels
6.12
149
IMAP4 server The monitor tests if it can login and select a mailbox. The test verifies that the authentication and storage part of the IMAP4 server is working. If no username or password is provided a simple connection test is preformed.
IMAP4 server monitor property page
Category - Web and mail System type - All Monitor specific properties Username/Password - Optional credentials to logon and check mail box. Port number - The port number the services listening on. Inbox name - Name of the inbox to check if credentials is given.
150
6.13
Intellipool Network Monitor
LDAP query The monitor checks if a LDAP server is responding to directory lookup requests.
LDAP query monitor property page
Category - Directory services System type - All Monitor specific properties Username/Password - Credentials that will be used in lookup. To override the object default account select an account from the list. (?) 56 Domain name - Name of the domain or workgroup the username is associated with.
Monitor reference and configuration exampels
6.14
151
Log file The monitor can read a text file and check for if new lines in the file contains one of the specified strings. The monitor generates an alarm if the specified search criteria are meet. The monitor uses the SMB protocol for access and authentication meaning that both Windows host and Unix host running Samba can be tested with this monitor type.
Log file monitor property page
Category - Log System type - All Monitor specific properties Logon account - Credentials used for authentication. To override the object default account select an account from the list. (?) 56 Path - Absolute path of the the file, including the name of the host. Ex. \\myhost\C$\test.txt Search string - String to search for. Multiple string can be searched, separate each sub string with a comma. If multiple string is entered the test will perform an logical OR option on the string. Invert function - Check option to make the test fail if the file have not changed since last test. If this option is checked the monitor will not test the text for the occurrence of the search strings. Path field formatting flags The following flags can be inserted into the path and search string to be expanded during the test: %time_hour - Hour in 24-hour format (00 - 23) %time_hour2 - Hour in 12-hour format (01 - 12) %time_minute - Minute as decimal number (00 - 59) %time_second - Second as decimal number (00 – 59) %date_year - Year with century, as decimal number %date_year2 - Year without century, as decimal number %date_month - Month as decimal number (01 – 12) %date_dayofmonth - Day of month as decimal number (01 – 31) %date_dayofyear - Day of year as decimal number (001 – 366)
152
Intellipool Network Monitor
%date_weekday - Weekday as decimal number (0 – 6; Sunday is 0)
Monitor reference and configuration exampels
6.15
153
Lua script The monitor executes a Lua (?) 208 script loaded from the \script folder in the INM directory.
Lua script monitor property page
Category - Script System type - All Monitor specific properties Script - Select the script form the list. The list is composed of scripts located in the \script folder in the INM root directory. Argument - Arguments to be passed to the script. Logon account - Optional credentials for Windows authentication if script needs authentication. To override the object default account select an account from the list. (?) 56
Do not logon using account - Check this option if you want to pass the authentication parameters to the Lua script and bypass the default authentication done by INM before the test starts.
154
6.16
Intellipool Network Monitor
Mail server QOS The monitor can test the ability of a mail server to send and receive mail. Statistics about round trip time, time to send and login time is stored.
Mail server QOS property page
Category - Web and mail System type - All Monitor specific properties Mail test timeout - The maximum time in seconds the monitor waits for the mail to arrive at the POP3 server. SMTP port - Port number of the SMTP server SMTP server - Address of SMTP server to send the test mail trough. POP3 port - Port number of the POP3 server. POP3 server - Is always the address of the object. Mail address - Mail address to be used in test. Note that the mail address must exists on the POP3 server and must be accepted by the SMTP server for delivery. The mail account should be exclusive to INM since the test will erase all e-mails after each test is done. Username/Password - Credentials used to logon to POP3 server with.
Monitor reference and configuration exampels
6.17
155
Memory utilization The monitor test the free memory and triggers an alarm if its below the given threshold or if the object is unreachable.
Memory utilization monitor property page
Category - Performance System type - All but Generic/Unknown Monitor specific properties Free memory - The lower threshold of free memory. If memory available goes below this value the monitor will fail the test. Logon account - To override the object default account select an account from the list. (?) 56 Unit - The unit the monitor will measure free memory in. The free memory threshold is specified in this unit Windows specific properties Process report - Check option to have a report of process memory consumption included in alarm message. Ignore com. error - Check option to ignore all errors that are not threshold errors. Unix specific properties SSH2 Port - Port number. Use telnet - Use telnet instead of SSH2.
156
Intellipool Network Monitor
6.17.1 Example Memory usage can be monitored in a couple of different ways, depending on what type of machine is monitored.
Windows example 1. Make sure the objects system type is set to a Windows version 2. Open the object information page and click on Add monitor 3. Select the Memory size monitor 4. Enter a value in MB in the field Free memory, this value should be the minimum free size 5. Check the box "Process report" to get a list of processes and their memory usage in the event of an alarm 6. Click save to create the monitor. Linux/Unix example This monitor uses the SSH2 protocol to perform the test, there must run a SSH2 server on the the monitored machine 1. Make sure the objects system type is correctly set to the operating system running on the monitored machine 2. Open the object information page and click on Add monitor 3. Select the Memory size monitor 4. Enter a value in MB in the field Free memory, this value should be the minimum free size 5. Select an logon account to use when login on the monitored host, create a new if needed. 6. Click save to create the monitor
Monitor reference and configuration exampels
6.18
157
NNTP server The monitor connects and checks status of a NNTP (Network News Transport Protocol) server.
NNTP server monitor property page
Category - Network services System type - All Monitor specific properties Port number - The port number the NNTP server is configured to use.
158
6.19
Intellipool Network Monitor
Ping The monitor uses the ICMP protocol to verify that the object responds to ping packets within a pre-defined time. The monitor can also calculate packet loss and round trip time during the test. The monitor will only trigger on packet loss level if the round trip time is within the specified range. Note that the ping protocol is one of the protocols with lowest priority in a network and some host does not respond to ping packets by default.
Ping monitor property page
Category - Network services System type - All Monitor specific properties Timeout value - Largest round trip time in milliseconds the monitor will wait for the ping packet to return from the host. Packet loss - Max packets lost when transmitted to the host. Specified in percent of total sent packages. Packets to send - The number of packets to send each test. A higher value will yield a more exact packet loss and round trip time value. Include trace - Select option to include a trace route log in alarm message. Max hops - Max number of trace route hops that will be performed in alarm state, default 255. Alt. IP - secondary UP to test. The monitor can ping an alternative IP number in the same test.
Monitor reference and configuration exampels
6.20
159
POP3 server The monitor connects to a POP3 mail server and verifies that it can logon to the server and check for mail (without affecting the status of the mailbox). The purpose is to verify that the POP3 authentication and the storage system of the POP3 server is working. If no username or password is provided a simple connection test is preformed.
POP3 monitor property page
Category - Web and mail System type - All Monitor specific properties Username/password - (Optional) A POP3 account username and password Port number - The port number the POP3 server is configured to use.
160
6.21
Intellipool Network Monitor
Process status The monitor can verify that a process is running on an object.
Process monitor property page (Windows version)
Category - Performance System type - All but Generic/Unknown Monitor specific properties Process name - Name of the process to monitor. Logon account - To override the object default account select an account from the list. (?) 56 Invert function - Check option to make the monitor fail the test if the process is running. Windows specific properties Process report - Check option to have a report of process memory consumption included in alarm message. Ignore com. error - Check option to ignore all errors that are not threshold errors. Unix specific properties SSH2 Port - Port number. Use telnet - Use telnet instead of SSH2.
Monitor reference and configuration exampels
6.22
161
Sensatronics device The Sensatronics device monitor is capable of monitoring temperature, humidity and wetness. It gets the readings from a Sensatronics Model EM1 or E-IT. The monitor have the capability to support new features in all Sensatronics products when they are released.
Sensatronics device monitor property page.
Category - Environment System type - All Monitor specific properties Select scale - Select the temperature scale to use Select port - Select the port number of the device. Per probe alarms - Enable the use of per-probe alarms for the monitor. Ignore com. errors - Check option to ignore all errors that are not threshold errors. Push mode - Check to set the device to push mode. Username/password - Credentials needed for device control. Update config - Check this option to have the monitor update its configuration during the next test. To enable each probe check the "enable" option and enter the threshold values. If you checked the Per probe alarm option you can set the alarm generation value for each individual probe.
162
6.23
Intellipool Network Monitor
Sensatronics EM This is a legacy monitor. Supports the older EM series of devices from Sensatronics. Use the Sensatronics device monitor type for new Sensatronics products. The monitor uses an EM1 device to measure temperature, humidity and wetness. The EM1 device supports up to 4 groups of probes. More information about the EM1 device can be found at Sensatronics web site, http://www.sensatronics.com Category - Environment System type - All Monitor specific properties Model - Currently only EM1 available Scale - Select the temperature scale to use, note that the scale cannot be changed once selected. Port - Port number the device listens to. Group properties Min/Max temp - Min and max temperature thresholds for this probe. Temp. Location - Description of the probe Enabled - Check to enable measurements from this probe Min/Max humidity - Min and max humidity thresholds (in percent) for this probe. Hum. Location - Description of the probe Enabled - Check to enable measurements from this probe Min/Max wetness - Min and max wetness thresholds (in percent) for this probe. Wet. Location - Description of the probe Enabled - Check to enable measurements from this probe
Monitor reference and configuration exampels
6.24
163
Sensatronics temptrax This is a legacy monitor. Supports the older Temptrax series of devices from Sensatronics. Use the Sensatronics device monitor type for new Sensatronics products. The monitor can measure temperature using a Sensatronics Model F (previously known as the TempTrax 2000) precision digital thermometer. The monitor supports up to 16 probes. Category - Environment System type - All Monitor specific properties Model - Select the Model F for the serial port model and Model E for the Ethernet connected model. Scale - Select the temperature scale to use, note that the scale cannot be changed once selected. TempTrax port - The port number used by the Model E version (default 80) Select com port - The serial port used by the Model F version. Per probe properties Max Temp - Max temperature in the scale selected. Min Temp - Min temperature in the scale selected. Location - Location string that will be included in alarm text. Enabled - Check to enable measurements from this probe.
164
6.25
Intellipool Network Monitor
SMTP server The monitor checks that it can connect to an SMTP server and that the SMTP server returns a valid return code.
SMTP monitor property page
Category - Web and mail System type - All Monitor specific properties Port number - The port number the SMTP server is configured to use.
Monitor reference and configuration exampels
6.26
165
SNMP The SNMP monitor is a dynamic tool for querying multiple object identifiers (OID) from an remote SNMP agent and perform calculations on the returned values.
SNMP monitor property page
The monitor features dynamic number of OID fields that are added and removed with the buttons below the field. The button next to the OID field can be used to select object identifiers from the remote SNMP agent. Category - SNMP System type - All Monitor specific properties Community - SNMP community to use, default Public. Port number - Port to use, default 161. Calculation - A calculation using the values queried from the object identifiers. The the examples in the image above calculates the network utilization from an interface. Unit - Displayed in realtime charts and reports Result translation - Translates the result into a readable string. This option is only available when the value type in the comparison is set to "string". See below for example. Ignore com. error - Check option to make the monitor only generate an alarm based on a failed value comparisons. All other errors such as protocol errors are ignored. Min/Max valid value - Enables the monitor to filter out all values below and above the given threshold. Compare value - Value to compare with the resulting value from the calculation. Operation - Operation to use when comparing. Result translation The result translation feature can be used to translate a non-descriptive OID value into a readable string. This feature is only available if the comparison value type is set to "string".
166
Intellipool Network Monitor
The OID value retrieved can still be a numeric value, but it will be treated as a string. Example 1: Unknown(1), Alarm(2), Failed(3), Ok(4)
Example 2: Unknown=1,Alarm=2,Failed=3,OK=4
The values 1,2,3 and 4 will be translated to Unknown,Alarm,Failed and OK. Both the above examples are valid notations. The final translated string is the string used in the comparison operation.
Monitor reference and configuration exampels
6.27
167
SNMP trap The monitor receives trap messages from SNMP monitors on remote hosts. The monitor will only receive messages that originate from the objects IP address. The include and exclude filter strings is matched against information in the current loaded MIB file. If the trap contain an OID that's not in the current MIB the match of the strings will fail.
SNMP trap monitor property page
Category - SNMP System type - All Monitor specific properties Community - SNMP community to use Include string(s) - If one or more strings exists in the description of the OID received the record is included in the alarm. Exclude string(s) - If one or more strings exists in the description of the OID received the record is NOT included in the alarm.
168
6.28
Intellipool Network Monitor
SSH2 script The monitor can execute a command or script on a SSH2 host and compare the returned value with a predefined string using a compare type. If the compare operation evaluate to “false” the monitor will generate an alarm.
SSH2 script monitor property page
Category - Script System type - All Monitor specific properties Logon account - To override the object default account select an account from the list. (?) 56 Command - A command to execute on the host. The command should return a value after execution. Unit - Unit for the returned value, used in realtime charts and reports. SSH2 Port - Port number. Use telnet - Use telnet instead of SSH2. Ignore protocol error - Makes the monitor only generate an alarm based on a failed value comparisons. All other errors such as protocol errors are ignored. Compare value - Value to compare returned result with. Value type - Type of value returned. Operation - Compare operation to use when evaluating the result. If the returned value compared with the compare value evaluates to Boolean false the monitor will fail the test.
Monitor reference and configuration exampels
6.29
169
SSH2 server The monitor verifies that a SSH2 server is responding to user login attempts. This monitor does not support the older SSH1.x protocol. If credentials is omitted the monitor performs a connection test only.
SSH2 server monitor property page.
Category - Network services System type - All Monitor specific properties Username/password - (Optional) Authentication credentials. SSH2 port - Port number that server listens to.
170
6.30
Intellipool Network Monitor
Swap file utilization Monitors swap space utilization on the object.
Swap file utilization monitor property page (Windows version)
Category - Performance System type - All but Generic/Unknown Monitor specific properties Minimum free - The lower threshold of free swap memory. If available swap space goes below this value the monitor will fail the test. Logon account - To override the object default account select an account from the list. (?) 56 Windows specific properties Detailed error report - List all processes and their memory usage in error report Ignore com. error - Check option to ignore all errors that are not threshold errors. Unix specific properties SSH2 Port - Port number. Use telnet - Use telnet instead of SSH2
Monitor reference and configuration exampels
6.31
171
Syslog The syslog monitor can intercept syslog message sent to INM from one or more syslog hosts. The monitor can be configured to receive different types of messages. More than one syslog monitor can be added to each object to receive different combinations of messages. Before you create an monitor of this type you need to start the internal syslog server (?) 87 . If another syslog service is executing on the INM host machine the result is unpredictable. Category - Log System type - All Monitor specific properties Include string(s) - Filter away messages not containing these strings. Separate multiple strings with a comma. Exclude string(s) - Message not included if it not contains one of the string specified in this field. Separate multiple strings with a comma.
172
6.32
Intellipool Network Monitor
TCP port scan The purpose with this monitor is to verify that a number of ports are open or closed depending on the use. In its default state the monitor is going to trigger an alarm if the port can be opened, if the invert flag is checked the monitor is going to trigger an alarm if the port is closed.
TCP port scan monitor property page
The port range can be in the following format: 21-23
The monitor will scan ports between and including 21 to 23.
80,21-23
The monitor will scan port 80 and ports between and including 21 to 23.
The monitor can check up to 100 ports. Category - Others System type - All Monitor specific properties Port number range - ports to scan Invert function - Check this option if you want to make the test verify that certain port is open instead of closed.
Monitor reference and configuration exampels
6.33
Telnet server The monitor verifies that a telnet server is responding.
Telnet monitor property page
Category - Network services System type - All Monitor specific properties Port number - The port number the telnet server is configured to use.
173
174
6.34
Intellipool Network Monitor
Terminal service Monitors that Windows terminal server responds to new logon sessions.
Terminal service monitor property page
Category - Network services System type - All Monitor specific properties Port number - The port number the terminal server is configured to use. Default 3389.
Monitor reference and configuration exampels
6.35
175
TFTP server The monitor tests if a TFTP server is responding to a RRQ operation. The purpose of the test is to verify that the TFTP server is running. The monitor tries to download a file named “INM” this file does not have to exist for the test to succeed. The monitor merely checks that the TFTP server is responding in the correct way to such request.
TFTP server monitor property page
Category - Network services System type - All Monitor specific properties Port number - The port number the TFTP server is configured to use. Default 69.
176
6.36
Intellipool Network Monitor
Transfer speed The monitor measures the transfer speed between INM and an object. The test measure the time it takes to downloads the specified amount of data from the chargen service running on the object.
Transfer speed monitor properties
The chargen service must be installed and running on the object, Microsoft supplies a charge server for Windows in the "Simple TCP/IP Services" package. The chargen service uses port 19 (TCP) by default. Category - Network services System type - All Monitor specific properties Transfer speed - Minimum transfer speed in the selected unit. Unit - The unit to record the transfer speed test in. Shown in realtime chart and reports. Data size - Size of total (in kilo bytes) amount of data to receive in the test. Port number - The port number the TFTP server is configured to use. Default 19
Monitor reference and configuration exampels
6.37
177
Web server The monitor can test a web server and validate the content of the requested page, verify that the content in the requested page have not changed since previous test, search for a string in the page and verify links. The monitor needs to execute one test before it shows the links it can verify in the property view.
Web server monitor property page
To reset the checksum test (if the page has been updated) open the monitor property page and uncheck the checksum flag and save it, then open the monitor property page again and check the checksum flag and save the monitor. Category - Network services System type - All Monitor specific properties Username/password - Optional credentials to gain access to an restricted web page. Port number - Port number used to connect to the web server. Page URL - URL of the page to download, relative to the web server address. Search string - A string that the page will be searched for, if not found the test will fail. Page fetch time - A threshold value in milliseconds, if the page is not delivered within the threshold value the test will fail. Custom cookie - Optional cookie to send with the get request. Custom host - Optional host header field to support named base virtual hosts. User agent - Overrides the default user agent variable sent in the request. Verify checksum - Check option to have the monitor calculate the checksum vale of the page. If the checksum value changes between two tests the current test will fail. To reset the checksum, open the property page and save the monitor. Use secure HTTP - Check this option to enable the monitor to communicate using
178
Intellipool Network Monitor
secure HTTP (SSL), not that the port does not automatically change when checking this option. Ignore CN check - If checked the monitor will not validate the common name of the server certificate. This option is only valid if the monitor is using secure http. Ignore date check - If checked the monitor will not validate the expiry date of the server certificate. This option is only valid if the monitor is using secure http. Ignore CA check - If checked the monitor will not validate the certificate authority of the server certificate. This option is only valid if the monitor is using secure http. Cert. store - Name of the system certificate store. Use only if you want the monitor to send a client certificate to the server. Cert subject - Subject line of certificate to use in the system certificate store. Use only if you want the monitor to send a client certificate to the server. Verify links - Check option to verify links on the web page. The monitor needs to perform one test before links will be shown in the property page. Proxy server - Optional address of proxy server. Proxy port - Optional server port of proxy server.
Monitor reference and configuration exampels
6.38
179
WMI Query monitor The WMI query monitor can be used to execute WQL queries and and do conditional testing of the returned value. The monitor can execute all standard WQL queries, but the returned value comparison is limited to one field of the returned data.
WMI Query monitor
Category - Performance System type - Windows Monitor specific properties Namespace - Name space to execute the query within. The default namespace is root\cimv2 WQL - A WQL query Value name - The name of the value to retrieve when the query have been executed. If more then one result row is returned, the value is retrieved from the first row in the result set. Unit - String used in reports and email to denote the unit of the returned value. Compare value - Value to compare query result with. Value type - Type of value returned by the query. Operation - Operation to evaluate the returned query result and the compare value to determine if the test succeeded or failed.
180
6.39
Intellipool Network Monitor
Windows performance The monitor can query a Windows performance counter to compare with a compare value using a compare operation. If the compare operation evaluates to Boolean false the monitor will fail the test. Optionally two performance counters can be queried and combined before compared with the compare value.
Windows performance monitor property page
Category - Performance System type - Windows Monitor specific properties Object/Counter/Instance - Name of the primary performance object to test. These values can be enumerated by using the enumeration function. The instance field is intentionally left blank for some counter types. Object/Counter/Instance - (Optional) Secondary performance object . These values can be enumerated by using the enumeration function. The instance field is intentionally left blank for some counter types. Combine operation - Optional operation used when querying two counters. They can be combined into a final result by using the add, subtract, divide or multiplicative operation. Divisor - A value that the retrieved value will be divided with before the comparison. Unit - Unit for the returned value, used in realtime charts and reports. Logon account - To override the object default account select an account from the list. (?) 56 Ignore com. error - Check option to ignore all errors that are not threshold errors. Compare value - User defined compare value, only numerical values are valid. Value type - Type of value returned. Compare operation - Operation used to evaluate the returned result and the pre-defined compare value.
Monitor reference and configuration exampels
181
6.39.1 Example Example The Windows Performance Monitor can be used to track memory usage of a process. The most suitable counter to use to estimate process memory usage is the "private bytes" counter. The value of the counter is best described as memory that cannot be shared by another process. 1. Open the object information page and click on Add monitor 2. Select the WinPerf monitor 3. Object field Process 4. Counter field = Private Bytes 5. In the instance field enter the name of the process you wish to monitor memory usage. 6. Enter 1024 in the divisor field 7. Enter KB in the unit field 8. Enter 1 in the compare value field 9. Select integer as value type 10.Select not equal as operation 11.Click save to create the monitor The object, counter and instance field can be enumerated using the enumeration window.
182
6.40
Intellipool Network Monitor
Windows service status The monitor tests that a Windows service is running.
Windows service monitor property page
Category - Performance System type - Windows Monitor specific properties Service name - Name of the service to monitor. Separate multiple services with a comma. The name of the service should be the service name and not the display name listed in the Windows service manager. Logon account - To override the object default account select an account from the list. (?) 56 Ignore com. error - Check option to ignore communication errors. This will make the monitor only fail a test if the service is not running and not if the host is unreachable.
Section VII
184
7
Intellipool Network Monitor
Action reference Actions list Actions are executed when their alarm number equals the alarm generation number of the monitor. First time an monitor enters alarm state, all actions in the action list with alarm number one is executed. Next time an monitor fails a test while in alarm state the alarm generation of the monitor is incremented to two, then all actions in the action list with alarm number two will be executed. Several actions can share the same alarm number within an action list. The current alarm generation number of an monitor will reset when a monitor test succeed while in alarm state. The simulate alarm function is great way to better understand how an action list is working. (?) 46
Action reference
7.1
Clear event log The action clears an event log on a specified Windows host.
Clear eventlog properties.
Parameters Host - Host name or IP number. Leave blank to use the address of the object. Log name - Name of the log to clear. Ex. Application
185
186
7.2
Intellipool Network Monitor
Execute command via SSH2 The SSH2 action can be used to execute a command on a host via SSH2 connection. If the telnet protocol is used instead of SSH2 the telnet default parameters must be properly set in the program settings page.
SSH2/Telnet action property page
Parameters Command - Command to execute. In the command field flags can be inserted, the flags are expanded when the action is executed. %object_name (Object name) %monitor_name (Monitor name) %object_destination (Object address). Host - Host name or IP address of the SSH2 server. Leave blank to use the address of the object Port - Port number that SSH2 server is listening on. Username/Password - Username/password for authentication with the SSH2 server. Use telnet - Check this option to use the telnet protocol instead of the SSH2 protocol. Remember that telnet is encrypted and the username/password will be sent in clear text.
Action reference
7.3
187
Execute Lua script The Lua action can execute a Lua script. The object of the monitor that calls the action will be used by the script as the host.
Lua script action property page
Parameters Script - Select the script form the list. The list is composed of scripts located in the \script folder in the INM root directory. Argument - Arguments passed to the script. Flags can be inserted in the argument and expanded before the complete string is passed to the script. The following flags can be used. %object_name (Object name) %monitor_name (Monitor name) %object_destination (Object address)
188
7.4
Intellipool Network Monitor
Execute Windows command The action executes a command on the INM host machine. The command cannot be an interactive command that needs any interaction with a user. The action can fail if the user assigned to the INM service not has the rights to execute the command.
Execute Windows action property page
Parameters Command - Command to execute. The command is an executable that is located in a the INM root catalog or in the Windows or System32 catalog. Parameters - A string passed to the executed command as arguments. In the parameter field flags can be inserted, the flags are expanded when the action is executed.
Action reference
7.5
189
HTTP Get/Post Sends a Get or Post request to a web server.
HTTP Get/post action property page
Parameters URL - The URL can be an absolute URL or an relative URL to the object. Port - Port number (default 80) Get/Post - Method to use when sending request to web server. Parameters - The parameters should be entered in the form form of "name=value", on parameter per row. Flags can be inserted into the text and will be expanded when the action is executed, following flags are valid: %time (Current time) %object_name (Object name) %object_destination (Object address) %monitor_name (Monitor name) %monitor_error (Monitor error message) %monitor_error2 (Monitor error message, no time stamp) %sys_distributionlist (Distribution list) %monitor_dependencystatus (Dependency tree status) %object_description (Object description) %network_name (Network name) %network_contactinfo (Network contact information) SSL - Check option to use SSL. Remember that web server normally listens to a different port the the default port (80) for SSL traffic. If necessary, change the port number when selecting this option.
190
Intellipool Network Monitor
Username/Password - (Optional) Authentication option if needed.
Action reference
7.6
191
List reset The list-reset action, when executed, causes the execution to restart from the first action. The list-reset action can be used to get a “loop” behavior.
192
7.7
Intellipool Network Monitor
Net Send The net send action can be used to send messages to a Windows user, the message will be presented as a pop-up message box on the users computer. The action needs that the “Messenger” service is started on both the INM host and the users computer.
Net send action property page
Parameters User - The Windows user to send the message to. Host - Optional host where the user is located. Only needed if no domain can resolve the username.
Action reference
7.8
193
Paging via PageGate The action can send a message to a Pagegate user. The message sent is formatted from the alarm and restart message set in the monitor properties.
Pagegate action property page
Parameters Operator group - Sends the notification to all members of the operator group. Operator - Sends the notification to the operator on duty. The operator on duty is determined by examining the current operator schedules. If no operator is on duty the notification is sent to the group manager. If no group manager is set the notification is sent to all members of the operator group. PageGate recipient - Optional PageGate recipient Short message - If checked the following flags are omitted from the message. %object_description (Object description) %sys_distributionlist (Distribution list) %monitor_dependencystatus (Dependency tree status) %monitor_error (Monitor error message) %network_contactinfo (Network contact information)
194
7.9
Intellipool Network Monitor
Send mail The send mail action sends a e-mail to one or more recipients. The e-mail will be formatted according to the format specified in the monitor. If the monitor format specification is empty, the default format will be used. The default format can be changed in the program settings page (?) 87
Send mail action property page
Parameters Operators on duty - The message is sent to on duty operators only. If no operators are scheduled on duty, no message will be sent. Operator group - The message is sent to all operators in the operator group assigned to the object Group manager - The message will only be sent to the operator that is designated as group manager of the operator group assigned to the object. If the operator group do not have an designated group manager, no message will be sent. Specific operator group - The message will be sent to the selected operator group. Using this option you can escalate the alarm to include more operators then only the operators in the operator group assigned to the object. Group - If the the specific operator group option was selected, select a group from this list. Recipient - Optionally add e-mail addresses to non operators. Separate multiple e-mail addresses with an semi-colon. Short message - Check this option to send a compressed message, for example if the message is sent over an SMS gateway. This option will remove the following information to conserve size of message: %S (Object description) %L (Distribution list) %X (Dependency tree status) %E (Monitor error message) %I (Network contact information)
Action reference
7.10
195
Send SMS The send SMS action sends a SMS to one or more recipients. The SMS will be formatted according to the format specified in the monitor. If the monitor format specification is empty, the default format will be used. The default format can be changed in the program settings page (?) 87 To use this action a SMS device must be configured (?) SMS number set (?) 81
87
and the operators must have a
Send SMS action property page
Parameters Operators on duty - The message is sent to on duty operators only. If no operators are scheduled on duty, no message will be sent. Operator group - The message is sent to all operators in the operator group assigned to the object Group manager - The message will only be sent to the operator that is designated as group manager of the operator group assigned to the object. If the operator group do not have an designated group manager, no message will be sent. Specific operator group - The message will be sent to the selected operator group. Using this option you can escalate the alarm to include more operators then only the operators in the operator group assigned to the object. Group - If the the specific operator group option was selected, select a group from this list. Recipient - Optionally add e-mail addresses to non operators. Separate multiple numbers with an semi-colon. Short message - Check this option to send a compressed message, for example if the message is sent over an SMS gateway. This option will remove the following information to conserve size of message: %S (Object description) %L (Distribution list) %X (Dependency tree status) %E (Monitor error message) %I (Network contact information)
196
Intellipool Network Monitor
Action reference
7.11
197
SNMP Set The SNMP Set action can be used to change values of object identifiers in a remote SNMP agent.
SNMP set action property page.
Parameters Host - Host name or IP number of the SNMP agent host. Leave the field blank to use the address of the object. Community - SNMP community to use in call. OID - Object identifier to change. Value - Value to set Syntax type - Type of value. The value can be an integer or a string.
198
7.12
Intellipool Network Monitor
Wake-on-LAN The Wake-on-LAN action (WOL for short) can start a host that is compliant with the WOL standard. Refer to the documentation of the host to determine if the action can be used. Note that this action is restricted to start hosts on the same network segment as it uses an broadcast to send the WOL packet.
Wake-on-lan action property page
Parameters MAC - The MAC address of the interface to send the WOL packet to. The format of the MAC address is AA-BB-CC-DD-EE-FF. LEave the field blank to use the MAC address of the object. Packet count - How many times the packet should sent. Set this value to higher then one to be sure that the host is receives it. Interval - The time between the packets are sent in seconds. If packet count is set to 5 and the interval to 5, 5 packets will be sent during a 25 second period.
Action reference
7.13
199
Windows service control INM can start, stop, pause, continue and restart Windows services. All service actions share the same set of parameters.
Start service action property page
Parameters Service name - Name of server Host - Host name or IP number where the service is installed. Leave blank to use the address of the object. Username/Password - Optional credentials if needed. The format of the username is standard Windows domain format (domainname\username). If the network is a workgroup the format of the username should be nameofhost\username .
Section VIII
Distributed edition
8
201
Distributed edition Distributed testing makes it possible to monitor servers, routers and other network connected equipment that are inaccessible or only accessible trough low bandwidth connection. To accomplish this a gateway is installed in the remote network. The gateway will act on instruction from the master INM installation called the server. This feature is only available for customer that have bought the distributed edition.
Example distributed testing configuration
INM server The server contains the configuration and user interface. Remote objects are managed the same way as local objects making INM DE very simple to configure and administrate. INM Gateway A special configured version of INM that only acts on requests from the server. Except a small cache file gateways do not store configuration or statistics to disk, it’s all sent as fast as possible to the server. The gateway can be installed on any available machine in the remote network and does not require a dedicated server. User interface changes When an object is assigned to a gateway there is no difference between a local object or a
202
Intellipool Network Monitor
gateway object. Editing, test results, reports and enumeration works the same way for both local objects and objects assigned to a gateway.
8.1
Communication between server and gateway Communications is always initialized from the gateway to the server, the idea behind this solution is that more gateways then servers will be deployed and the user would only have to open one port on the server firewall to allow communication. If the gateway can not connect to the server it will start buffering test results while waiting for the server, the time the gateway will buffer data is configurable. Security and data integrity is achieved by using the state of the art communication protocol SSH2. The SSH2 protocol encrypts data with public key algorithms and protects connections from man-in-the-middle attacks. This is the same way VPN software establish secure tunnels over the internet.
8.2
Time synchronization INM will automatically adjust for time zone difference. The user must however ensure that the clock in the gateways are synchronized with the clock in the server. We recommend that server and gateways are synchronized with a time synchronizing service such as NTP (Network Time Protocol). Failure to synchronize time between server and gateway may lead to unpredictable results in alarm generation and statistical storage.
8.3
Server configuration 1. Install INM and make sure to use the INM DE installer 2. Logon INM with an administrator that have the rights to change operator settings. 3. In the operator settings, give the current operator the right "Distributed testing" and save the operator.
Server configuration page
4. In the settings menu, click on the "Distributed testing" menu. Enter the server parameters Server bind interface / port - The IP number and port of the interface for server to listen to. This is not necessarily the IP that the gateway will be configured with, it can be an IP behind a NAT firewall and then the gateway should connect to the IP of the firewall that will then redirect to this server IP. Notification email - E-mail address that notifications will be sent to. Notification
Distributed edition
203
includes gateways that fail to connect within specified notify time and related errors. Notify time - Time before a notification is sent, in minutes. The server configuration is now done and you can install a gateway.
8.4
Gateway configuration Before installing a gateway, make sure you have configured the server (?) 202 Installing the gateway Install the gateway using the gateway installer. Configuring the gateway in the server Create a gateway by clicking on the "Create gateway" link.
Gateway property page
Name - Name of the gateway. Description - Description of gateway. Address/Port - Primary address and port of the server. If the server is bound to a public address Address/Port - (Optionally) Server backup address. The gateway will try this address if it cant connect to the server using the primary address. Max buffer time - Time in minutes the gateway will buffer data before suspending test operation when not connected to the server. Save the gateway and open the gateway information page. Gateway configuration files Click on the "Download configuration" command and save the zip file that is uploaded to your browser. Extract the zip file into the root directory of the gateway. If you experience problem with downloading the zip file you can find the needed files in the \gateways directory on the INM server host.
204
Intellipool Network Monitor
Gateway information page
1. Stop the gateway 2. Copy the files created by the server to the gateway root directory and restart the gateway with the service control manager. The gateway is now ready for use. Remember that if you change the gateway configuration you will need to move the files to the gateway and restart the gateway. Server Address considerations The address and port number that the server is bound to may not be the same address and port the gateway should connect to if the firewall uses network address translation. You may need to configure the firewall to forward the incoming connection to the server. In this case you should specify the incoming IP number and port number of the firewall rule in the gateway configuration.
8.5
Assigning objects to a gateway INM Navigation - Menu bar -> Objects -> Object list Assigning objects to a gateway can be done either in bulk or one at the time. From the object list, select one or more objects. In the object property page, select the gateway you want to assign the object(s) to.
Assigning objects to a gateway
Distributed edition
205
Operator rights The operator must have access rights to distributed testing, otherwise the gateway select box will not show up in the object property page. Restrictions to object assignment Objects cannot have monitors in a dependency tree before they are assigned to an gateway. Dependency between monitors can only be created after the object is assigned to a gateway and then only between monitors assigned to the same gateway. Removing objects from a specific gateway If you want to remove objects from a specific gateway, the easiest way to do this is to navigate to the gateway information page. All the objects assigned to the gateway is listed on this page, selecting them and pressing "De-assign objects" will move the objects from the gateway back to the server.
Gateway information page
8.6
Action lists Action lists are executed differently if a monitor is assigned to a gateway. The actions send e-mail, send SMS and Pagegate are executed by the server, all other actions are executed by the gateway. The reason the server is executing these actions instead of the gateway is that the gateway lacks program settings such as e-mail server configuration.
8.7
Troubleshooting Trouble shooting gateway connection problems · Review the gateway configuration, make sure that the correct IP number and port number have been entered. · Make sure all the files in the server gateway configuration folder have been copied to the gateway gateway root directory. · If you have reinstalled the server on a new machine the gateway configuration needs to be saved in order to update the public.key file. After the gateway configuration is saved, move the gateway configuration files to the gateway root directory and restart the gateway. · If you changed the gateway configuration (IP number and port number) you will need to move the updated configuration files to the gateway and restart the gateway. · Make sure that the gateway and server is the same version, the server will shutdown any gateway that does not match the server version number.
206
Intellipool Network Monitor
Logging debug information To enable debug level logging on the gateway. Open the init.cfg file on the gateway an enter the following line LOG_LEVEL=2 Open the logs directory an check the log.txt files for information. Running the gateway in debug mode To run the gateway in debug mode you first need to stop the gateway service. When the service have stopped start cmd.exe and navigate to the INM root directory. Start the gateway by entering the following line. inmservice.exe -d This will run INM in consol mode, showing log information.
Section IX
208
9
Intellipool Network Monitor
LUA About Lua Lua is a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language. Lua is free software. Lua combines simple procedural syntax with powerful data description constructs based on associative arrays and extensible semantics. Lua is dynamically typed, interpreted from byte codes, and has automatic memory management with garbage collection, making it ideal for configuration, scripting, and rapid prototyping. INM and Lua Intellipool Network Monitor includes support for the Lua scripting language (www.lua.org). · Customers can create custom made monitors to test systems and equipment not supported by any current monitoring solution. · New monitors, actions and events can be created and tested in the development environment provided by Intellipool, before they are exported and used in Intellipool Network Monitor. · A comprehensive library of pre-made functions, such as FTP clients, HTTP clients and file management, are available to developers. · The develop environment includes keyword highlighting, integrated help and other features available in state-of-the-art development tools.
Intellipool Lua IDE
LUA
The development environment can be downloaded from the local download (?) the About page. Lua modules included in INM · Base · Math · String · Table
74
209
option on
210
Intellipool Network Monitor
Index
-D-
-AAccess denied 56 Access rights 81 Account manager 56 Accounts 56 Acknowledge alarm 57 Acknowledge message 87 Acknowledge subject 87 Add a company logo to a report Alarm delay 87 Alarm generation 87 Alarm message 87 Alarm subject 87 Assigning objects to a gateway Auto login 81 Autoscan 47
99
-E204
-BBackups 87 Bandwidth utilization monitor
Data extraction 61 Database server monitor 137 Debug level logging 205 Delay monitor test start 112 DHCP query monitor 139 disable 114 Disk utilization monitor 141 dist-patch-gateways 114 dist-restart-server 114 Distributed edition 201 dist-tarpit 114 DNS lookup monitor 142
133
-Ccalc 114 Change web interface bind IP 110 Change web interface port number 110 Citrix server monitor 134 Clear event log 185 Commonly used icons 20 Compression 26 Configure mail settings 15 Configure SMS device 16, 106 Configuring an action list 34 Copyright notice 3 CPU utilization monitor 135 crash 114 Create object template 78 Creating an operator account 14 Creating an Unix account 27 Creating an Windows account 27 Creating dependency trees 37 Creating monitors 31 Creating objects 29 Customized reports 92, 95
enable 114 Entering license key 25 EULA 4 Event log 87 Event log monitor 143 Event schedule 101 Example, CPU load monitor 136 Example, File check monitor 147 Example, Memory usage monitor 156 Example, ODBC monitor 138 Example, Winperf monitor 181 Execute command via SSH2 186 Execute lua script 187 Execute Windows command 188 Export object template 78 Export statstics 70
-FFile change monitor FTP server monitor
145 148
-Ggateway 202 Gateway configuration 203 Gateway troubleshooting 205 get-mac 114 Gizmo 72 Global dependency trees 37 GSM 16 GSM modem 195
Index
-H-
-N-
help 114 HTTP Get/Post
Net Send 192 NNTP server monitor
189
-IIDE 208 IMAP4 server monitor Import object template Index page 23 Init.cfg 112 INM Gizmo 72, 74 IP connection list 87
157
-O149 78
-LLDAP query monitor 150 Limitations to dependency trees Link object 79 List reset 191 Local dependency trees 37 Local downloads 74 Log file monitor 151 Log search 76 Logging 87 Login notice 87 Login page 22 log-level 114 lookup 114 Lua 208 Lua IDE 74 Lua Modules 208 Lua script monitor 153
-MMail server QOS monitor 154 Maintenance schedule 100 Memory usage 9 Memory utilization monitor 155 MIB 165 MIB compiler 59 Monitor information page 43 Monitor list 50 Monitor status icons 20 My settings 26
37
Object import 77 Object information page 44 Object list 52 Object templates 78 ODBC log 87 OID 165 Operator 85 Operator groups 85 Operator property 81 Operator schedule 103 Operator session timeout value Outlook 2007 26
112
-PPhone number 26 PIN Code 87 ping 114 Ping monitor 158 POP3 server monitor 159 Process status monitor 160 Program settings 87
-QQuick report 97 Quick reports 92
-RReport items 94 Report style template 99 Report template 92 Report templates 96 Reports 92 resolve 114 Restart message 87 Restart subject 87 Restrict access to web interface 113 Running INM in console mode 205
211
212
Intellipool Network Monitor Testing actions 184 Text log 112 TFTP server monitor 175 Thread pool 112 time 114 Time synchronization 202 Toplists 120 trace-route 114 Transfer speed monitor 176 Troubleshooting Windows monitoring and authentication 123
-SSchedules 100 Searching monitor list 50 Searching object list 52 Send mail 194 Send SMS 195 send-mail 114 send-wol 114 Sensatronics device monitor 161 Sensatronics EM 162 Sensatronics temptrax monitor 163 server 202 Server configuration 202 Service logon account 11 shutdown 114 Simulate alarm 46 SMS 16 SMTP server 87 SMTP server monitor 164 SNMP monitor 165 SNMP Set 197 SNMP Trap log 87 SNMP trap monitor 167 Software and hardware requirements SSH2 client timeout 112 SSH2 script monitor 168 SSH2 server monitor 169 SSL 111 Start page 26 status 114 Style template 92 Swap file utilization monitor 170 Syslog 87 Syslog monitor 171 Syslog server 87 Syslog server port 87 System administrator console 114 System administrator message 113 System types 118
-TTCP port scan monitor 172 Telnet login prompt 87 Telnet password prompt 87 Telnet prompt 87 Telnet server 173 Terminal service monitor 174 Test interval 87
-UUnlink object 80 Using toplist in reports
120
-Vversion 114 View report 97
-W10
Wake-on-LAN 198 Web server monitor 177 Web server port number 112 Windows accounts 56 Windows performance monitor 180 Windows service control 199 Windows service status monitor 182 WMI Query monitor 179
-XXML log
87
