We've got a POC (proof of concept, not to be confused with POS) server that is much-abused by our team. Software is added and removed with both frequency and impunity, leading to a system that is anything but standard.

In most cases, that's OK. But recently, as we test successive Beta versions of SolarWinds software (which have to be completely removed before subsequent betas are installed) we've come up against the message telling us that "Microsoft SQL Server 2008 System CLR Types" are missing, and they have to be re-installed. The SolarWinds installer helpfully offers a link to the required package (http:/go.microsoft.com/fwlink/?LinkID=116207).

Somewhat less helpfully, that link is dead.

After simply going through the pain of a full OS re-install a couple of times, we decided we'd had enough of that. So we dug into the issue, did research, tested a few things, went to the Oracle at Delphi, tried to read chicken bones and goat entrails, wept piteously, and finally swallowed our pride and asked SolarWinds for help.

The inimitable (and slightly un-pronouncable) Michael Hrncirik came to our aid, and provided the following instructions which I now share with the denizens of Thwack for all posterity:

1. Run the installer until it gets to the first screen. This unpacks all the sub-installers
2. Go to a DOS prompt
   1. Yes, it's called a DOS prompt. Not a CLI, not a command prompt. It's DOS.
   2. Why? Because I'm older than dirt and that's what it's called. Now let me sip my Ensure and leave me alone.
3. type "cd %TEMP%"
   1. this is actually why I needed you at the DOS prompt. The installer unpacks to whatever you have TEMP set to. For some it's C:\windows\temp\. For others it's C:\Users\your-username\AppData\Local\Temp.
   2. What-ev's, just get there.
4. Now go to SWOrionSetup\SubInstallers
5. In that directory you should see a whole mess of "Microsoft SQL" type directories. The ones you probably want are
   1. Microsoft SQL Server System CLR Types
   2. Microsoft SQL Server System CLR Types 2008
6. For each of those directories, go into both the x86 and x64 sub-directories and run the installer.
7. If you are prompted with the "Repair" or "Remove" option, first remove it. Then re-run the installer and install it clean.
   1. Otherwise just run the installer.

Just to be clear - you will be installing 4 things. the x64 and x86 versions for CLR Types and CLR Types 2008.

Once you are done, let the installer continue. You SHOULD now get past that pesky error, and on to enjoying the love, puppy dogs, sunshine, rainbows, and unicorns that is a SolarWinds installation.

Hi,

How do I mark a node as managed by NCM AND set the global connection profile through a powershell script?   I basically want to do the exact same thing through the UI as shown in the attached screenshot.

Thanks,

Chris

I have about a 100 old jobs I need to remove from the network sonar discovery page, if I have to remove them manually that's ok however Id prefer an automated way. Does any one have any suggestions, is there an SQL Table that I can delete them from?

Hello.

Looking for some help and support with a custom alert.

The trigger logic should be: When X number of interfaces on a single node have a receive utilization of >80%, trigger alert for that node.

The idea being that if you have (for example) a 48 port switch and 40 of those ports are all at >80% receive utilization, there's probably some kind of loop or broadcast storm happening. An alert should be triggered for that node.

This will need some custom SQL/SWQL but I'm not sure how to achieve this. Could someone please assist?

Thanks in advance.

I'm pulling together a (semi-comprehensive) comparison of the impact of monitoring via WMI versus SNMP.

The upshot for those who are impatient: WMI monitoring (whether WMI polling or WMI via SAM) has a measurable - but manageable - impact on both the target device and the poller.

That said, if you are considering converting your monitoring of Windows devices from SNMP to WMI, what are you gaining? What are you losing?

Here's the start of my list. Please add your own in the comments below. Note that this is an off-the-top-of-my-head list. Coherency comes later.

SNMP Monitoring (as compared to WMI)

• CON Cannot monitor Windows Volume Mount points
• CON Challenges configuring earlier versions of Windows (NT, W2k)
• CON Requires additional non-default configuration actions (enabling snmp agent, setting RO string, etc)
• PRO Fewer ports for enterprise firewall rules (translates to an easier time getting security to agree to variances)
• PRO No single point of failure for access
• CON Changing SNMP string requires enterprise-wide changes
• CON Uses SNMP service start time for uptime metrics, rather than actual server reboot time
  • Work-around: set up UnDP for hrSystemUptime
• PRO Extremely efficient use of CPU, RAM and bandwidth (on both target and poller)

WMI Monitoring (as compared to SNMP)

• CON WMI-only devices cannot use custom pollers (UnDP).
  • Work-around: If the machine has EVER been an SNMP polled device, the snmp info is retained and custom pollers can be used (at least until the SNMP RO string changes)
• PRO Account settings used by SAM automatically
• CON significantly more firewall ports required
  • Work around: per-server config can nail down WMI to just a couple of ports
• CON will not work across a NAT-ed WAN connection (VPN, etc)
• CON one password change in AD can cripple monitoring
• CON cannot monitor topology
• PRO doesn't try to monitor RAM as a volume (why does NPM do that, anyway?!?)
• PRO uses REAL reboot time for uptime metrics
• CON less efficient (vis a vis SNMP) use of CPU, RAM and bandwidth on both target and poller

OK guys, there's the start of my list. What did I miss?

SolarWinds has Product Upgrade Advisor website which helps users to validate compatibility of product versions.https://customerportal.solarwinds.com/support/product-upgrade-advisor

Do you use that prior any product upgrade?

I had a quick look through the forums and couldn't find anything specific (apologies if I missed something.)

Is it possible to export a view resource (from the web console) such as a table displaying multiple fields similar to how a UnDP can be exported?

Regards,

Peter

I am learning more and more about Solarwinds each day thank to you all.

Is there a way that we can create a report that will show us the serial numbers for our Juniper and Cisco switches?  We would like to see standalone and also all the serial numbers of the stack members?

Thank you

Dwane

Greetings all!

Recently upgraded to 11.5.2 from 11.0.1.  Really interested in using the worldwide map to show locations of certain devices.  The autolocation setting is enabled on the web console settings page. I've tried setting various values in the SNMP location field on some device, including the actual coordinates for lat/long, as well as the address, in the formats listed in other posts here on Thwack.  I've verified that I can reach open.mapquestapi.com from my NCM server.  I've even tried adding the new custom properties for latitude and longitude and populating those on some nodes.  Nothing seems to work, and I'm left with a blank map.  Anyone got any other suggestions for making this work?

I've used custom views to show clients and my Team many different things that NPM monitors, and those folks really appreciate the service.  You can be a rock star in their eyes when you give them something that helps them improve how they and their clients understand their systems and their performance.

Here's how to build a custom View that shows current and recent WAN interface utilization between routers connecting six different data centers.  Remember, your new View doesn't have to be of just interfaces on the same switch, or on the same router.

You can build this kind of report for as many interfaces as you'd like, from any switch or router or device interface that's monitored by your NPM.  This one shows a single WAN interface on six different routers that connect into the same MPLS cloud:

Here's how to do it:

Create the view:

1. From NPM, go to Settings > Manage Views > Add

2. Customize the new view:

• Name it intuitively
• Select Summary (there are MANY types of views.  Read up on them, test some to get a feel for the extreme versatility of NPM)
• Click Submit

3. Edit the View.

• You can change its name if you want.
• I chose not to enable Left Navigation--this will be simple, and won't load a lot of info.
• I added a Custom HTML Resource to Column 1, then cloned it three times.  Next I moved one instance into Column 2, and then cloned that one twice.  I ended up with three Custom HTML Resources in each column.
• I set the width to 500 px for each
• I set No View Limitation (but you can add one in if you need it)
• Click Done or Preview.  Preview lets you see it right away, without assigning it to any Menu Bar.  Plus, you can edit those custom HTML fields.

4. Here's the sweet spot to make you rock in the eyes of your boss & peers because it gives you the power to make a really useful view:

• Open a second browser window to your NPM
• Browse to a router node and open it
• Open the interface that faces the WAN
• Look at the URL bar and note the NetObject= section.   Example:
• http://your_server_name_here/Orion/Interfaces/InterfaceDetails.aspx?NetObject=I:XXXXX&view=InterfaceDetails
• Copy or write or memorize the NetObject number for use in the next step

5. Edit your new View in Preview, or assign it to a Menu Bar and open it

• Click Edit in the top left Custom HTML window
• Give it an intuitive Title
• Fill in the Subtitle if that helps you better identify the interface or feature you're displaying
• Copy and paste this into the html window:

<img src="/Orion/Netperfmon/Chart.aspx?ChartName=MMAvgBps&Title=&SubTitle=&SubTitle2=&Width=640&Height=0&NetObject=I:XXXX&CustomPollerID=&SampleSize=1H&Period=Last 10 Days&FontSize=1&NetObjectPrefix=I&SubsetColor=&RYSubsetColor=&Printable=true&ShowTrend=True&ResourceID=27" />

• Where I've put in the X's, remove them and enter in the NetObject ID number you wrote down from the previous step
• Click Submit

The new page should open, but this time the top left window won't say Custom HTML, it'll show the bandwidth used by that router's WAN interface for the last 10 days:

Now repeat this for every Custom HTML entry you've made, but change the NodeID info to the Node ID that's shown in the Interface Details page URL for new/different WAN routers and interfaces.

OK, you've made a new View.  But your team can't access it easily until you assign your new View to the Menu Bar they use.  If you don't know how to do that . . .

Here's how to define a new View to add to a Menu Bar:

1. Go to NPM > Settings > Customize Menu Bars
2. Edit the Menu Bar you or your team will use to access your new View
3. Find your new View in the Available Items column on the left
4. Drag it to the right column, drop it in where you want it.

If you can't find your new View, you'll need to discover its URL.  Follow this process:

1. Open a second browser window and Edit the View by clicking the Preview open
2. Copy the URL for the new View when you're previewing it
3. Go back to the original browser window from step 3 and click Add
4. Type in the Name of your View, paste in the URL address, give it a good Description
5. I clicked the option to Open in a New Window.  It's your choice.
6. Click OK

Now go back to NPM's Home Page, find the new View in the Menu Bar, and click on it.

Voila!

Tweaking and tuning:

If you're not afraid of a little keyboard editing of html, you can easily change the 10 days to show the last 7 days or last 23 hours or last 17 minutes or last pretty-much-anything.  Here's how:

Look for "SampleSize" and "Period" in the code you copied & pasted

<img src="/Orion/Netperfmon/Chart.aspx?ChartName=MMAvgBps&Title=&SubTitle=&SubTitle2=&Width=640&Height=0&NetObject=I:XXXX&CustomPollerID=&SampleSize=1H&Period=Last 10 Days&FontSize=1&NetObjectPrefix=I&SubsetColor=&RYSubsetColor=&Printable=true&ShowTrend=True&ResourceID=27" />

Note the SampleSize is 1H, or One Hour.

Node the Period is the Last 10 Days

Edit each window in your view and change the SampleSize and Period to whatever works best for you.  Keep in mind that some combinations of SampleSize and Period don't go well together (e.g.:  SampleSize=1M and Period=Last 10 Months) because NPM needs to have you be reasonable.  If you want a graph showing changes every 1 minute, you have to be polling & collecting the data pretty frequently.  Pick a Period that's reasonable for seeing good granularity of 1 minute points, like Last 20 Minutes.  If you just see points instead of a line in the chart, you've picked a combination of sample size & period that's too granular for what your NPM has polled.  Adjust until you've got something that meets your needs.

Remember to keep the spacing in the html code exactly the same as the example I show above.  If you add a space between words, or remove one, you risk breaking the pretty graph output.

Some examples:

Show the Last 3 Hours, in 10-minute increments uses this code:

<img src="/Orion/Netperfmon/Chart.aspx?ChartName=MMAvgBps&Title=&SubTitle=&SubTitle2=&Width=640&Height=0&NetObject=I:XXXX&CustomPollerID=&SampleSize=10M&Period=Last 3 Hours&FontSize=1&NetObjectPrefix=I&SubsetColor=&RYSubsetColor=&Printable=true&ShowTrend=True&ResourceID=27" />

Note how the graph automatically changed "Last 10 Days" to "Last 3 Hours" in the title.  Sweet!

Suppose you like the 10 minute samples, but want to show the last 24 hours.  Just change "Last 10 Hours" to "Last 24 Hours":

<img src="/Orion/Netperfmon/Chart.aspx?ChartName=MMAvgBps&Title=&SubTitle=&SubTitle2=&Width=640&Height=0&NetObject=I:25091&CustomPollerID=&SampleSize=10M&Period=Last 24 Hours&FontSize=1&NetObjectPrefix=I&SubsetColor=&RYSubsetColor=&Printable=true&ShowTrend=True&ResourceID=27" />

If it looks great, fire off an e-mail to your Team or your Boss and show off the new functionality you've provided to the organization.

If it doesn't look great, spend a little time fixing it up.  Look for typos, fix spelling & punctuation--this is your baby, and folks will judge you by your work.

Swift Packets!

Rick Schroeder

Perhaps I'm doing this incorrectly.  Perhaps I've found a bug.  Maybe there's a Hotfix to apply to fix it?

But each time I create a new View and select Interface Details, the resulting page always shows the name and Interface information for one of my network switches, which happens to be Node ID #2.

Check out my process:  Am I missing something?

1.  Open NPM > Settings > Views > Manage Views

2.  Click Add

3.  Name it, use the drop-down for Type of View to select Interface Details

4. Click Submit and the new View's configuration option page is displayed.

At this point I can add Resources, or even leave them all blank.  But when I click Preview, or Done and select the view to see it, I get a view showing a Node.

I can click Customize Page on the View, but it just goes back to the screen where I can add or remove resources--nothing about the header and sub header can be adjusted.

If I view the Page Info I see the Node name in the top, and an address with a net object referenced:

When I view the page source I can find that net object referenced several times there:

A different Net Object is referenced here:

Wish I were  JAVA scripting expert.

Why's this happening?

Have you seen this same issue?

How might I prevent/fix it?

Rick S.

What version of BIG-IP your F5s run?

I've setup a NOC view with 3 tabs which rotate every 15 seconds. The global refresh is set to 1 minute. It doesnt appear to update any of the values on the screen. Is there a setting i am missing to get the page to auto-refresh?

Hello,

Scenario :

85 Cisco switches

80 sites

Several firewalls between SW server and devices

SNMPv3

I had a problem several weeks ago. From time to time, some devices (totally random) started to have a blinking icon with a litte grey square.  I realized then that all interfaces switched to "unknown" state. I use SNMPv3.

I could "List ressources" from the web interface on those devices...so that prove the snmp connection works !

But I COULDN'T do it in the System Manager (with an error about SNMP credentials not correct (that was not the case)).

The ONLY way to resolve the problem was to delete the device and add it again.

I extend the SNMP request time out to max (5000ms).

Never had the problem again...since today. I added 5 new devices 4 days ago. They were working fine since this morning. All of a sudden, the little grey square appear again with unknown interfaces.

I did some network packet sniffing and I realize that when a device starts having this problem, the polling engine try to connect to the device using SNMPv2 and community name PUBLIC (remember I use SNMPV3 with user/password). This is odd because all SNMP settings weren't changed. I took a look directly in the database too and SNMP settings are exactly the same for all devices.....I really don't know where this SNMPv2/Public settings comes from.

I'm really out of ideas right out. Anyone has the same problem ?

thank you

Hi,

The color of the link is not changing  "Yellow" to show the warning status. However it goes red when the connectivity fail.

Afternoon Thwackers,

Quick question around dependencies. If I have the setup below:

1. Parent Group, containing two nodes (the logical entry point to that site network)
2. Child group, containing all the other nodes at that site

Does Orion include also any interfaces and application templates/components on the children in the dependency,or should we be creating 'Child Interfaces' and 'Child Application' groups to go along with the nodes?

Just scratching my head a bit at the theorycraft of the above, so if you could lend me the benefit of your experience I would appreciate it!

It took me a while to get the right combination of AIX SNMP Version 3 settings that will work with Authentication & Privacy enabled for Solar Winds.

Hopefully the steps below will help you get it working too. A list of sources which provided the clues I needed is at the end, its a long one as no single place had everything you will need. Hopefully this doco corrects that.

AIX Configuration

These steps worked ok on "AIX 6 TL08" and "AIX 7 TL 03".

• Install the snmp.crypto fileset to enable encryption (Obtained mine from AIX 6 Expansion Pack DVD 5765-G62 11/2012)

> lslpp -cl snmp.crypto

#Fileset:Level:PTF Id:State:Type:Description:EFIX Locked

/usr/lib/objrepos:snmp.crypto:6.1.2.0::COMMITTED:I:56-bit DES Encrypted SNMPV3 Support:

/etc/objrepos:snmp.crypto:6.1.2.0::COMMITTED:I:56-bit DES Encrypted SNMPV3 Support:

• Backup the /etc/rc.tcpip file as it's about to be modified
• Turn on encryption with the snmp switch command:

> /usr/sbin/snmpv3_ssw -e

This command will create symbolic links as required to enable/disable the encrypted/non-encrypted versions of snmpd & clsnmp

• Confirm and update /etc/rc.tcpip so that the following lines are no longer commented. Comment out dpid2 if it hasn't already been by the above.

---cut---

# Start up the Simple Network Management Protocol (SNMP) daemon

start /usr/sbin/snmpd "$src_running"

# Start up the hostmibd daemon

start /usr/sbin/hostmibd "$src_running"

# Start up the snmpmibd daemon

start /usr/sbin/snmpmibd "$src_running"

# Start up the aixmibd daemon

start /usr/sbin/aixmibd "$src_running"

---cut---

It looks like /usr/sbin/dpid2 functionality has been rolled into one of the above from at least AIX 6 TL08 onwards.

• Backup your existing snmp configuration files

---cut---

/etc/snmpdv3.conf

/etc/clsnmp.conf

/etc/snmpd.boots

/etc/snmpd.peers

---cut---

• Pick one of your servers /etc/snmpd.boots files and make that file uniform across all your servers. Here's an example of its contents:

---cut---

00000002000000000A454172 0000000082

---cut---

The first value is your EngineID, which can be something you made up, or one provided by the vendor. The second is the number of times snmp has been restarted. If you ensure this file is consistent across your AIX servers you can reuse your /etc/snmpdv3.conf file across them all. In turn, you can reuse the credentials when adding the nodes to Solarwinds. The auth/priv keys are married to the EngineID and won't work on another server if the EngineID is different there.

• Generate a new auth key with your local EngineID.

---cut---

pwtokey -e -u auth <auth password> $(cat /etc/snmpd.boots | cut -f2 -d' ')

Display of 16 byte HMAC-MD5 privKey:

5xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx0

Display of 16 byte HMAC-MD5 localized privKey:

axxxxxxxxxxxxxxxxxxxxxxxxxxxxxx5

---cut---

Make a note of the non-localized key value. E.g 5xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx0 of the two above. Also ensure you make a note of the passwords of course. You _must_ use the passwords when adding the node to Solarwinds. Attempts to use the key instead met with failure, likely due to the need for the EngineID to be paired up with the key somehow (context field didn't help).

• Generate a new priv key with your local EngineID. Again you're only interested in the non-localized key value. I'll use axxxxxxxxxxxxxxxxxxxxxxxxxxxxxx7 below for this.

---cut---

pwtokey -e -u priv <priv password> $(cat /etc/snmpd.boots | cut -f2 -d' ')

---cut---

• Clear your command history if you're worried about maintaining the privacy of these keys (good habit but a touch paranoid!)

---cut---

> ~/.sh_history

---cut---

• Update the /etc/clsnmp.conf file so it has an entry for local snmp testing. I'm using swro aka Solar-Winds-Read-Only. I might dabble with read-write later and want them segregated. Plug in your freshly generated auth/priv keys.

---cut---

/etc/clsnmp.conf

#winSnmpName  targetAgent  admin  secName  password  context secLevel authProto  authKey                           privProto  privKey

#----------------------------------------------------------------------------------------------------------------------------------------------------------

swro          127.0.0.1    snmpv3 swro     -         -       AuthPriv HMAC-MD5   5xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx0  DES axxxxxxxxxxxxxxxxxxxxxxxxxxxxxx7

---cut---

You can replace the first "swro" with the local server name if you like. In fact multiple duplicate lines with each server/IP (and consistant snmpd.boots & snmpdv3.conf files) will allow you to kick off clsnmp commands from this server to any other that has been updated with this process. Handy if you want to setup scripting to pull specific MIB/OID values etc from all servers etc.

• Update your snmpd.peers file to ensure it has the details required for the snmpd process to access other components (e.g hostmibd/snmpmibd etc) for specific MIB/OID resources.

---cut---

/etc/snmpd.peers

###############################################################################

#

"gated"     1.3.6.1.4.1.2.3.1.2.1.2     "gated_password"

"dpid2"     1.3.6.1.4.1.2.3.1.2.2.1.1.2 "dpid_password"

"muxatmd" 1.3.6.1.4.1.2.3.1.2.3.1.1 "muxatmd_password"

#

# Enables cpu & volume information visibility to snmpd

"xmtopas"       1.3.6.1.4.1.2.3.1.2.1.3 "xmtopas_pw"

#

## EOF

---cut---

The default AIX set of "passwords" is being used above (and in the following snmpdv3.conf) which should get you sorted. Sing out if you spot any issues with this approach as it depends on locking out non-local access to snmpd via the snmpdv3.conf file except for auth/priv key holders.

For example, I didn't have an entry here for xmtopas. Once I put that in place the SolarWinds discovered resources list suddenly included "Volume Utilization" values aka filesystem and logical volume info. Once selected they appear in the "Asset Inventory" tab under logical volumes.

• Update your /etc/snmpdv3.conf file with the one below. Swap out the auth/priv keys with the ones you generated above.

---cut---

##

## Solar Winds Specific Entries

##

#

USM_USER swro 00000002000000000A454172 HMAC-MD5 5xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx0 DES axxxxxxxxxxxxxxxxxxxxxxxxxxxxxx7 N -

#

VACM_GROUP swrogrp - swro readonly

#

VACM_VIEW swroview internet                    - included -

VACM_VIEW swroview 1.3.6.1.4.1.2               - included -

VACM_VIEW swroview 1.3.6.1.4.1.2.2             - included -

VACM_VIEW swroview 1.3.6.1.4.1.2.3             - included -

VACM_VIEW swroview 1.3.6.1.4.1.2.5             - included -

VACM_VIEW swroview 1.3.6.1.4.1.2.6             - included -

VACM_VIEW swroview directory                   - included -

VACM_VIEW swroview mgmt                        - included -

VACM_VIEW swroview mib-2                       - included -

VACM_VIEW swroview system                      - included -

VACM_VIEW swroview aix                         - included -

VACM_VIEW swroview 1.3.6.1.4                   - included -

VACM_VIEW swroview 1.3.6.1.6                   - included -

VACM_VIEW swroview 1.3.6.1.6.3.1.1.5           - included -

VACM_VIEW swroview 1.3.6.1.4.1.2021            - included -

VACM_VIEW swroview 1.3.6.1.4.1.2.3.1.2.2.2.1.4 - included -

#

# Include snmpv3 managed MIBs with this view

VACM_VIEW swroview snmpModules                 - included -

# Include aixmibd managed MIBS with this view

VACM_VIEW swroview 1.3.6.1.4.1.2.6.191         - included -

#

VACM_ACCESS swrogrp - - AuthPriv - swroview - sworoview -

##

## AIX Internal SNMP Agent Specific Entries

##

#

# Allow localhost(only) SNMPv1 general access

COMMUNITY public public noAuthNoPriv 127.0.0.1 255.255.255.255  -

VACM_GROUP group1 SNMPv1  public  -

VACM_ACCESS  group1 - - noAuthNoPriv SNMPv1   defaultView - defaultView -

#

VACM_VIEW defaultView internet                    - included -

# Exclude snmpv3 related MIBs from the default view

VACM_VIEW defaultView snmpModules                 - excluded -

VACM_VIEW defaultView 1.3.6.1.6.3.1.1.4           - included -

VACM_VIEW defaultView 1.3.6.1.6.3.1.1.5           - included -

# Exclude aixmibd managed MIBS from this view

VACM_VIEW defaultView 1.3.6.1.4.1.2.6.191         - excluded -

#

# Access to data from gated/muxatmd/xmservd/dpid

smux   1.3.6.1.4.1.2.3.1.2.1.2   gated_password  # gated

smux   1.3.6.1.4.1.2.3.1.2.3.1.1   muxatmd_password #muxatmd

smux   1.3.6.1.4.1.2.3.1.2.1.3   xmservd_pw   #xmservd

smux   1.3.6.1.4.1.2.3.1.2.2.1.1.2   dpid_password   #dpid

#

#

# These entries appear to be for IBM director at a guess

#  They allow it to participate with the above

#VACM_GROUP director_group SNMPv2c public -

#VACM_ACCESS director_group - - noAuthNoPriv SNMPv2c defaultView - defaultView -

#

# Trap definitions

NOTIFY notify1 traptag trap -

TARGET_ADDRESS Target1 UDP 127.0.0.1 traptag trapparms1 - - -

TARGET_PARAMETERS trapparms1 SNMPv1  SNMPv1  public  noAuthNoPriv -

##

## Global Defaults

##

#

# Set no access unless explicitly allowed by previous entries

DEFAULT_SECURITY no-access - -

#

# Set log location, maximum size, log level

logging         file=/usr/tmp/snmpdv3.log       enabled

#logging         size=100000                     level=0

logging         size=100000                     level=2

#

## EOF

---cut---

Still a work in progress locking down the AIX Internal SNMP agents and of course getting the right set of MIB included in the Solar Winds view. At least now I've something working I can fine tune and will be looking at other related posts here.

• Stop all snmp related services

---cut---

stopsrc -s snmpmibd;stopsrc -s aixmibd;stopsrc -s snmpd;stopsrc -s hostmibd;stopsrc -s dpid2

---cut---

• Start all snmp related servers (excluding the now redundant dpid2)

---cut---

startsrc -s snmpmibd;startsrc -s aixmibd;startsrc -s snmpd;startsrc -s hostmibd

---cut---

• Test things out locally by using the walk option on clsnmp (yup, IBM included a cleverly disguised snmpwalk command). I'm using the "internet" MIB in this example, lots of output!

---cut---

clsnmp -h swro walk internet

---cut---

If you get an error here, odds are you've a mismatched EngineID and auth/priv keys. Check out your /usr/tmp/snmpdv3.log for more details. As mentioned earlier the "swro" here is a reference to the matching line in /etc/clsnmp.conf. A server name could be used here (if defined there) instead and would result in a remote test.

• Once the dust settles, turn down the log level in snmpdv3.conf (level=0) to avoid excessive logging for daily operation.

Solar Winds Configuration

It should now be possible to add this node in Solarwinds.

Key Values

• SNMP Version: SNMPv3
• SNMPv3 Username: swro
• SNMPv3 Authentication Method: MD5
• SNMPv3 Authentication Password: Use the password from pwtokey above (don't use the key, it doesn't work)
• SNMPv3 Privacy Method: DES56
• SNMPv3 Privacy Password: Use the password from pwtokey above (don't use the key, it doesn't work)

Hit the test button to see if all is ok. If it isn't make sure the services have been started and check the snmpdv3.log for more clues (especially the "did solar winds get here at all" clue).

As I've standardized the /etc/snmpd.boot and /etc/snmpdv3.conf files across the estate I can re-use these credentials and have saved them as "aix-swro".

Update 09/11/2015 - Post AIX upgrade (TL08/SP02 -> TL09/SP04) - Repair links to encrypted binaries

After the upgrade the links to the alternate, encrypted binaries for SNMP were reset to the default non-encrypted ones. This wasn't immediately apparent on Solarwinds until you try to "List Resources" for the node, which fails.

Solarwinds error: "<node> is currently down, unreachable, or provided credentials are not valid"

• Login as root on the target server
• Attempt an snmp walk to confirm this is the same problem

> clsnmp -h swro walk internet 1>/dev/null

Error reading file /etc/clsnmp.conf(Line 46):    Invalid securityLevel

clsnmp: 1473-406 Error converting destinationName swro to Entity.

• Check the current snmp binaries being linked to

> ls -la /usr/sbin/snmpd /usr/sbin/clsnmp

lrwxrwxrwx 1 root system 9 Oct 14 12:02 /usr/sbin/snmpd -> snmpdv3ne

lrwxrwxrwx 1 root system 9 Oct 14 12:02 /usr/sbin/clsnmp -> clsnmpne

• Change the links to the encrypted snmpd binary with the command:

> snmpv3_ssw -e

In /etc/rc.tcpip file, comment out the line that contains: dpid2

In /etc/rc.tcpip file, remove the comment from the line that contains: snmpmibd

Stop daemon: snmpdMake the symbolic link from /usr/sbin/snmpd to /usr/sbin/snmpdv3e

Make the symbolic link from /usr/sbin/clsnmp to /usr/sbin/clsnmpe

Start daemon: snmpd

• Check the linked binary again

> ls -la /usr/sbin/snmpd /usr/sbin/clsnmpe

lrwxrwxrwx 1 root system 18 Nov 09 14:49 /usr/sbin/snmpd -> /usr/sbin/snmpdv3e

lrwxrwxrwx 1 root system 18 Nov 09 14:49 /usr/sbin/snmpd -> /usr/sbin/clsnmpe

• On the solarwinds console, retry "list resources" on the node to confirm all is ok again

Sources

- IBM Doco

-- IBM SNMPv3 Documentation [http://www-01.ibm.com/support/knowledgecenter/api/content/ssw_aix_71/com.ibm.aix.networkcomm/snmpv3_intro.htm]

-- Creating users in SNMPv3 in AIX [http://www-01.ibm.com/support/knowledgecenter/api/content/ssw_aix_71/com.ibm.aix.networkcomm/HT_commadmn_create_snmpv3_user.htm#create_snmpv3_user]

-- AIX 7.1 snmpdv3.conf file setup [http://www-01.ibm.com/support/knowledgecenter/ssw_aix_71/com.ibm.aix.files/snmpdv3.conf.htm?lang=en]

-- IBM SNMP key generation [http://publib.boulder.ibm.com/infocenter/aix/v6r1/index.jsp?topic=/com.ibm.aix.commadmn/doc/commadmndita/snmpv3_genkeys.htm]

-- Using the clsnmp command [http://www-01.ibm.com/support/knowledgecenter/ssw_aix_53/com.ibm.aix.cmds/doc/aixcmds1/clsnmp.htm?cp=ssw_aix_53%2F1-2-0-2-122&lang=en]

--- Useful to test an snmp configuration as this can interrogate your snmp server to confirm its working ok.

- Solar Winds Doco

-- Solarwinds SNMPV3 Implementation Guide [http://www.solarwinds.com/support/Orion/docs/Implementing_SNMPv3r1.pdf]

-- Managing SNMP credentials guidelines [http://www.solarwinds.com/netperfmon/solarwinds/wwhelp/wwhimpl/js/html/wwhelp.htm]

- Solar Winds Forums

-- Example SNMPv3 Configuration on AIX from Solarwinds forum [https://thwack.solarwinds.com/message/249258]

-- Help with SNMPv3.1 on AIX [http://thwack.solarwinds.com/thread/42695]

-- Using SNMPv3.1 on AIX [http://thwack.solarwinds.com/thread/36507]

-- Configuring 3rd party Net-SNMP [http://thwack.solarwinds.com/thread/19323]

-- AIX Specific mods [http://thwack.solarwinds.com/community/application-and-server_tht/server-and-application-monitor/content?filterID=content~category[application-monitor-templates]&filterID=content~objecttype~objecttype[document]&query=unix]

- Make AIX a Solarwinds client on snmpv3 [http://odme.blogspot.com.au/2012/09/make-aix-solarwinds-client-on-snmpv3.html]

- Configuring AIX snmpd for MIB subagent access [http://odme.blogspot.com.au/2012/09/snmpdv3-wont-talk-to-mib-subagents.html]

-- The aixmbid, snmpmibd and similar subsystems depend on snmp to talk to each other! Here's the settings they use to do so.

-- Very detailed setup of the AIX snmpd for MIB subagent config including extra mib defaultviews [http://forums.cacti.net/viewtopic.php?t=19040]

- Nagios setup for snmp [http://nagios.frank4dd.com/howto/aix-snmp-setup.htm]

-- Examples on using snmpwalk

-- Example snmpdv3.conf for Nagios with highlights for nagios specifics

- [http://lparbox.com/how-to/powerha-cluster/21]

- [http://www.mcpressonline.com/system-administration/techtip-monitoring-aix-with-snmp.html]

- Using snmpwalk [http://www.net-snmp.org/tutorial/tutorial-5/commands/snmpv3.html]

This is driving me up the wall. I simply want to execute a command in an alert action to send an IISRESET to a remote computer. I've been over the forums, I've tried many different things. Nothing works. I've tried using the following commands;

C:\windows\system32\windowspowershell\v1.0\powershell.exe invoke-command -computer ${N=SwisEntity;M=Application.Node.SysName} -command { iisreset }

C:\Windows\System32\iisreset.exe ${N=SwisEntity;M=Application.Node.SysName} /RESTART

Both execute flawlessly if I run them from the Orion server as myself, but they don't if used in an alert action. Furthermore, if I define a valid user for the alert action the test ALWAYS fails and testing the alert results in the error; Execute program failed with exit code 3221225794. This happens no matter what account is defined.

I've tried using a domain admin account and a local admin account.

I've tried setting the Alert Engine service to a domain admin account.

This really shouldn't be this painful or frustrating to do. Seems this functionality has some flaws. If I'm missing something, please clue me in.

I recently upgraded to ver 11.5 and I noticed that eDonkey was listed in my QOE widget.  I initially assumed it was just monitored out of the box and had intentions of turning it off, until I noticed a little traffic.  In the past 24 hours it has logged 4 transactions with 757 bytes of data.  This is very small and my experience tells me that anyone using a peer to peer application would register a much larger amount of data.  The truly odd part is 2 of the servers are RDP and I could see someone using an unauthorized piece of software on them, however one of the servers that registered 50% of the transactions is my Solarwinds server and I am the only person who has access to that server.  After some searching I am unable to find anything on the server that leads me to believe that eDonkey (or any other peer to peer system) is installed.

My questions are:

Is there something else that looks like eDonkey to Solarwinds?

Any tips on tracking down this issue?

Is anyone else seeing anything like this?

We're currently monitoring around 1,000 servers in Solarwinds.  When the nodes were added, someone made the mistake of enabling monitoring of Physical/Virtual memory (Buffers/cached/swap for linux) as volumes.

We'd like to bulk-remove those resource monitoring selections (or otherwise find ANY way other than manually modifying each individual server's resource list).

Is there any way to do this?

The problem: