I have an external server that is sending SNMP traps to my NPM server. These traps have a certain variable in them that indicate a circuit ID. The problem is that this server sends the same snmp trap (until the problem is corrected) every 5 minutes, and unfortunately its not something I am able to change. What I need to be able to do create alerts based on the unique string in the variable I am looking for AND suppress the alerts so we only get the same unique alert once every 4 hours. Can I do this with NPM? I see that I can suppress the the alerts by the total number of alerts that come in on the rule, but I need to suppress them by the number of unique alerts.
↧
SNMP Trap Alerting questions
↧
Custom Triggers for alerts on traps
I have read some posts on here that are related but, not specific to my case.
It seems that trap manager is not available to me but, I can create a custom SQL trigger from the trap list in the NPM web interface.
Error Condition looks like this (trapPerceivedSeverity = major(5) )
I created a trigger that sort of works but it does not address whether it's the alert trap or the clear trap.
It just tells me it either errored of cleared in the last 30 minutes
I think I need to do a second join to trapvarbinds to get the "trappercievedseverity" but I can't figure out the syntax.
↧
↧
To SaaS or not to SaaS, that is the question.
Please help us understand your organization's thinking on this topic by selecting how much you agree or disagree with the following statement:
"My company would never purchase a SaaS-based monitoring tool to monitor our on-premises IT infrastructure."
↧
Splunk app for Solarwinds
I am currently learning Splunk and found that an app was recently released to display Solarwinds data inside Splunk. I have created a simple dashboard with some pretty generic stats.
Has anyone else had a chance to use this app,and if so what have you done with it?
↧
Network Discovery of Already Managed Nodes
Hello all,
I'm trying to set up a network discovery for already managed nodes to catch any new volumes that have been newly added. Now, when you setup the discovery you need to specify what polling engine you are going to use. My question is, if i have 2 polling engines, with nodes i want to be "rediscovered" on both engines, will nodes show up as duplicates on the opposite engine? Do i have to worry about anything pertaining to this?
↧
↧
Polling interval and duration
Hello Guys,
I think solarwind is not as flexible as I though.
1. I want to adjust the polling interval for all devices being monitored, at Settings -> All Settings -> Polling settings, and changed polling interval to 60 seconds. But when I check individual node, I see 120 seconds.
Which will take priority and which and how to I correct setting for all devices at once.
2. I also want to review the Timeout Period. I learnt Solarwind polls every 120 seconds and then set the device to Warning and poll every 10 second for 120 seconds before declaring the device down, making 4 minutes timeout period. Please advise on how I can adjust the timeout period both indivdually and generally.
3. I want to restrict polling duration for let say 9am - 3pm, how do I do it per node and generally.
↧
VMWare ESXi Standard Lockdown and Solarwinds NPM
I am having an issue and would like some help.
Simply put, I am just using some of the SolarWinds virtualization settings that are built into the network performance monitor.
We tried turning on standard lockdown mode on a cluster. The performance monitoring is completely broken when lockdown is on and was wondering if there was something i could do to fix that or is this to work as intended.
Before you ask, Yes I am positive the root password is correct because it all works when I take it out of lockdown. We do have exception users setup as well and none of them work either.
I knew lockdown would shut off quite a bit but also though the root account and others specified in exception lists would bypass that restriction.
Has anyone tried this or can give some guidance on getting this to work?
↧
Cisco ASA is not getting data
I have configured Cisco ASA with SNMP V3 and CLi option, both the credential are fine, still if I select the view of Cisco ASA site-site VPN and remote VPN page is not showing any value.
↧
SolarWinds Agent using 2-3+ GB RAM
We're noticing that the SolarWinds agent is consuming a significant amount of RAM on our servers.
In this instance, it's using over 3GB.
Restarting the agent does temporarily alleviate the issue. I'm thinking of running a scheduled task on all my servers to restart the agent daily, but that seems to be masking the problem.
Does anyone have any ideas on how to resolve this?
↧
↧
Tell Us Your Unknown Devices v2.0
Those that have been part of the Thwack Community a while may be familiar with the long running Tell us your "Unknown" devices! thread which had been active since 2007. That thread had become too unwieldy, and most of the user submissions had been implemented many years ago. I recently reviewed each and every posting in that thread, verified what had been implemented in-product, and which ones had not so they could be included in a forthcoming release. With that done, it was time to lock that thread for good and start anew. This time, providing a bit more guidance along the way to ensure everyone is successful in providing the necessary information required to properly identify these devices.
What is an 'Unknown' Device anyway?
Orion does its best to automatically identify and classify nodes as they're added to Orion. There are however, new device types and models released all the time. It's entirely possible you might be managing a device right now that Orion is unable to properly identify. You can find these easily by going to [Settings - Manage Nodes], changing the 'Group by:' option to 'Machine Type' and clicking on the 'Unknown' category. It's also helpful to add the 'Polling Method' column to the layout, as this thread pertains exclusively to SNMP managed nodes.
Any SNMP managed nodes listed under the 'Unknown' Machine Type category are prime candidates for submission to this thread. All that's required is that you provide the devices SNMP System Object Identifier (SysObjectID), as well as the Make & Model of the device associated with that SysObjectID. This post is an excellent example of the perfect submission.
What Exactly is a SysObjectID?
I have yet to find a clearer definition for what the SysObjectID (System Object Identifier) is then the following excerpt which can typically be found written in virtually every vendor's MIB file verbatim.
Object Name: sysObjectID Object ID: 1.3.6.1.2.1.1.2.0 Object Syntax: OBJECT IDENTIFIER Object Access: read-only Object Status: mandatory Object Description: The vendor's authoritative identification of the network management subsystem contained in the entity. This value is allocated within the SMI enterprises subtree (1.3.6.1.4.1) and provides an easy and unambiguous means for determining `what kind of box' is being managed. For example, if vendor `Flintstones, Inc.' was assigned the subtree 1.3.6.1.4.1.4242, it could assign the identifier 1.3.6.1.4.1.4242.1.1 to its `Fred Router'.
Essentially, it's a string of numbers in dotted notation that is (hopefully) unique to at least the manufacturer, and in most cases, to the specific make and model of the device being monitored. It's how we identify for example, that the device vendor is 'Cisco' and the model is a 'Nexus C7018'. All System Object ID's begin with '1.3.6.1.4.1' followed by a number which uniquely identifies the manufacturer. The numbers which then follow typically identify the specific model of the device.
Where Can I Locate the SysObjectID?
If the device is already managed as a Node in Orion then you can locate the SysObjectID in the 'Node Details' resource as shown below, when viewing the node in the Orion web interface.
| Node Details | NET-SNMP |
|---|---|
 | Alternatively, you can use NET-SNMP to query the following SNMP OID to return the unique SysObjectID.
1.3.6.1.2.1.1.2.0
Below is an example of the 'snmpget' command line arguments which will return you the SysObjectID for the device.
snmpget -v2c -On -c public 10.199.5.103 1.3.6.1.2.1.1.2.0
The example above is executed against a device with the IP address of '10.199.5.103' using SNMPv2c, with the community string 'public'. Below is a screenshot of the resulting output from that command. The string of numbers and periods highlighted in yellow below is this device's unique SysObjectID.
|
My Device Incorrectly Appears Listed as 'NET-SNMP'
Linux hosts, virtual appliances, and even some network equipment built on Linux, FreeBSD, etc. are often identified as 'NET-SNMP'. This is because the SNMP Daemon running on those hosts is, you guessed it, NET-SNMP. Unfortunately, these vendors for some reason, have chosen not to implement their own unique SysObjectID, and instead kept the default SysObjectID '1.3.6.1.4.1.8072.3.2.10' which is designated for NET-SNMP. If you have a device such as this, fret not. There are a few options available to you if you'd like these devices to be properly identified by their appropriate vendor's make & model within Orion.
Install The Orion Linux Agent
The easiest solution would be to install the Orion Linux Agent on the device which is reporting itself to be 'NET-SNMP'. The Linux Agent does not rely upon SNMP to identify the machine type or vendor. Instead, the Agent will report the Vendor as 'Linux' and the 'Machine Type' as the Linux distribution running on the device as depicted in the screenshots below.
| Red Hat | Citrix XenServer |
|---|---|
 |  |
Modify NET-SNMP Configuration
Another approach is to customize NET-SNMP and Orion to properly reflect the Vendor and Machine Type. Simply following the steps outlined by adatole's post entitled No More Net-SNMP Nodes. This method uses a script osname.sh which is executed when a particular OID is is queried. Next, you would create a custom Device Poller to query that newly created OID and populate the Machine Type value in Orion for that device.
If you find it more fun to follow along, you can watch adatole walk you through the entire process in the following video.
Can't I Just Upload My Vendor's MIB File Here And You figure it Out?
While it would be nice if that's how it worked, unfortunately many (or most) vendors don't include this information within their MIB files. MIB files include a listing of all possible OIDs which could be polled across a wide variety of different devices (typically an entire product family), but it doesn't include the values which are returned by the devices (Enums notwithstanding). For that reason we need users, such as yourself, to post the SysObjectID's in this thread, along with the device vendor and model information so it can be included in our database.
If you'd still like your device's MIB file included in the Orion MIB database, for use with Network Performance Monitor's Universal Device Poller, or the Orion Platform's SNMP Trap Receiver, simply follow the steps outlined in KB article at the link below. The latest version of the MIB database, containing your submissions, can always be downloaded from within the Customer Portal.
↧
Which Help Desk / Service Desk are you using?
↧
Anyone else having issues with cortex queries and SQL server?
Just wondering if anyone else is having this issue. On July 27th we had some really weird lockups of Orion for about 30 mins and again the next morning. It was very similar to the port exhaustion issue but it would just make everything dog slow for some time and then finally Orion site would not load.
Support had me run these queries and it deleted rows in the database
delete from dbo.PendingNotifications
delete from dbo.SubscriptionTags
delete from dbo.Subscriptions
delete from dbo.ContainerMemberSnapshots
delete from dbo.LimitationSnapshots
Ran these and rebooted app server and that seemed to fix thing for a bit. Then support had me apply a hot fix to replace these files
And that broke the network atlas and also I started seeing DCOM connection errors.
So removed the HF and that still did not fix the issue. Rebooting the server fixed the issue. Anyone else with this issue - don't apply the hot fix.
↧
Add Device Work Instructions
| Quick Description: | Assign Work Instructions to Devices that are Discovered |
| Which Product?: | NPM, SAM, WPM |
| Question: | Is there a way to automatically assign device Work Instructions (HTML Links) to a a group of devices during a sonar discovery? |
| Value: | We would like to streamline the device discovery process to automatically add our device Work Instructions (HTML Links) to all of the device's we discover based on the devices OID. |
During the discovery of a device we would like to automatically have the group of discovered device's pre-configured with our Work Instructions (HTML Link), can the device templates or device custom properties be modified with pre-defined HTML Links and during the discovery have the HTML Links automaticallyapplied to the device depending on the devices OID?
↧
↧
NPM: What are the best out of box alerts for Network Monitoring?
I am rolling out NPM. What are the best out of box alerts for Network Monitoring? I have some ideas but wanted to see what others have done in their rollouts? Thanks
↧
SW is reporting servers memory/cpu always hits 100% utilization
Is this normal? It's not a consistent 100% utilization. It more so seems like I get hammered with alerts at least 1 once per every hour with random servers (some use IIS, SQL, etc). We have over 80 servers in our virtual environment.
↧
When adding a banner script to the already established template I receive this error: "Start Tranfer Error. See NcmBusinessLayerPlugin log for details; Fix connection in Device Template"
The network engineers within my organization created a banner which they would like to add to the existing template for a specific vendor device. We running the remediation script to test the banner against the existing template we get an error to fix the connection in the device template. I tested the device connection and there does not seem to be an issue with the connection. The template does not affect other nodes using the same template. Any suggestions?
↧
Does Solarwinds NPM turn off FIPS?
We recently installed Solarwinds NPM to a pre-hardened Windows 2012 R2 installation. This pre-hardened image was already configured to be FIPS compliant. After installing NPM we performed STIG compliance checks on the machine. We discovered that there were two checklist items in the Microsoft Dot Net Framework 4.0 STIG checklist that it failed. The first was checklist item v-30926. This one has us perform the following check:
"Examine the .NET CLR configuration files from the vulnerability discussion to find the runtime element and then the "enforceFIPSPolicy" element.
Example:
<configuration>
<runtime>
<enforceFIPSPolicy enabled="true|false" />
</runtime>
</configuration>
By default, the .NET "enforceFIPSPolicy" element is set to "true".
If the "enforceFIPSPolicy" element does not exist within the "runtime" element of the CLR configuration, this is not a finding.
If the "enforceFIPSPolicy" element exists and is set to "false", and the IAO has not accepted the risk and documented the risk acceptance, this is a finding."
We discovered that the enforceFIPSPolicy parameter had been changed to false in the Common Language Runtime configuration. Does the SolarWinds installation make this change?
The second checklist item that it failed was v-30968. This checklist item has us perform the following check:
"Open Windows explorer and search for *.exe.config.
Search each config file found for the "loadFromRemoteSources" element.
If the loadFromRemoteSources element is enabled
("loadFromRemoteSources enabled = true"), and the remotely loaded application is not run in a sandboxed environment, or if OS based software controls, such as AppLocker or Software Security Policies, are not utilized, this is a finding."
We discovered that the Orion.ActiveDiagnostics.exe.config file has the "loadFromRemoteSources enabled = true" set. Is this typical as well?
Thanks!
↧
↧
Monitoring CPU usage in all eight cores in a Checkpoint firewall
Hi guys,
when I added my checkpoint firewalls to Orion, I can see the information about CPU disks and interfaces, but the physical boxes (HP servers) have eight CPUs/cores that I'd like to be able to monitor individually. I'm thinking I need to create a universal device poller, so I've done a MIB walk of the firewall, with a view to finding the OID that I need to use. From the results of the MIB walk I can see that there are eight CPUs:
HOST-RESOURCES-MIB 1.3.6.1.2.1.25.3.2.1.3.768 hrDeviceDescr.768 "GenuineIntel: Intel(R) Xeon(R) CPU X5450 @ 3.00GHz"
HOST-RESOURCES-MIB 1.3.6.1.2.1.25.3.2.1.3.769 hrDeviceDescr.769 "GenuineIntel: Intel(R) Xeon(R) CPU X5450 @ 3.00GHz"
HOST-RESOURCES-MIB 1.3.6.1.2.1.25.3.2.1.3.770 hrDeviceDescr.770 "GenuineIntel: Intel(R) Xeon(R) CPU X5450 @ 3.00GHz"
HOST-RESOURCES-MIB 1.3.6.1.2.1.25.3.2.1.3.771 hrDeviceDescr.771 "GenuineIntel: Intel(R) Xeon(R) CPU X5450 @ 3.00GHz"
HOST-RESOURCES-MIB 1.3.6.1.2.1.25.3.2.1.3.772 hrDeviceDescr.772 "GenuineIntel: Intel(R) Xeon(R) CPU X5450 @ 3.00GHz"
HOST-RESOURCES-MIB 1.3.6.1.2.1.25.3.2.1.3.773 hrDeviceDescr.773 "GenuineIntel: Intel(R) Xeon(R) CPU X5450 @ 3.00GHz"
HOST-RESOURCES-MIB 1.3.6.1.2.1.25.3.2.1.3.774 hrDeviceDescr.774 "GenuineIntel: Intel(R) Xeon(R) CPU X5450 @ 3.00GHz"
HOST-RESOURCES-MIB 1.3.6.1.2.1.25.3.2.1.3.775 hrDeviceDescr.775 "GenuineIntel: Intel(R) Xeon(R) CPU X5450 @ 3.00GHz"
But further down the MIB walk, there are countless more OIDs that seem to relate to CPU as well. I think OIDs above are just ones that tell me "This is an Intel CPU and this is what type it is" but not the ones that will return dynamic CPU usage data.
Has anyone got this configured already, or can shed any light for me?
Thanks
ollydrew
↧
[Report] Devices Not Responding To SNMP, WMI Or Agent Queries
↧
Which Help Desk / Service Desk are you using?
↧