Foglight NMS -...

FogLight NMS 5.2 Administrator Guide

© Quest Corporation, 2010

p2


Table of Contents

Introduction 3 Key Features 3 Copyright Notice 7 Trademarks 7 Contacting Us 7Getting Started 8 System Requirements 8 Adding a Customer / Organization 9 Network Discovery - Add New Device(s) 10 SNMP 13 Agent 15 SNMP Enablement Tool 16 Enabling WMI on Windows 16 Enabling SNMP on Windows Vista 18 Enabling SNMP on Windows XP 23 Enabling ptFlow 29 Enabling sFlow 30 Enabling JFlow 30 Enabling NetFlow 33 Upgrading 34Setting Up Your Network 34 Dashboard 34 Configure a Dashboard 35 Configure a Gadget 35 Devices 55 Device Overview 55 Add Device Groups 56 Run Network Discovery 57 Enable SNMP 58 Enable Traffic Analysis 59 Enable IP SLA Responder 60 Enable IP SLA Call Path 60 Device Details 61 Network Maps 62 Encrypted Credential Store 63 Policies 65 Monitors 67 Devices 71 Alerts 71 Scheduled Actions 72 Reports 74 Run a Report 74 Change Report Type 75 Change Report Period 75 Change Device for Report 75 Email a Report 76 Export a Report 76 Scheduled Reports 77

p3


Patch Management 78 Ticketing 79 Administration 79 Agent Migration 80 Auto Patch Settings 80 Baseline Configuration 80 Branding Configuration 81 Check for Updates 81 Credential Store 81 Flow Configuration 84 License Update 84 Port Management 84 Retention Configuration 84 SMTP Settings 84 Studio Deployment 85 User Management 85

IntroductionThis section will give you a brief introduction to this software.

Key FeaturesThis program provides a comprehensive and affordable network management and application monitoring solution for singleand multi-site networks. It solves the problems associated with bandwidth, performance, and connectivity and allows you totake back control of your network.

Panoramic View: Provides a 360 degree view of your network for local and remote locations Real Time Performance Monitoring: Monitors performance counters for routers, hubs, switches, applications,

servers, and applications in real-time Multi-Site: Supports single and multi-site networks and thousands of devices Advanced Alerting: Provides advanced email and SMS alerts for devices, including servers, switches, hubs,

routers, and other network infrastructure gear Traffic Analysis: Supports NetFlow, J-Flow and SFlow

Feature – At a Glance

Alerts and NotificationsAutomatically notifies you when network performance degrades, allowing you to fix problems before anyimpact on user and customer experience. Through a simple wizard, you can configure alerts for multipleconditions that meet the needs of your network. It monitors network events, traffic, and conditions tocreate a performance baseline which ensures that you don’t get inundated with false-positive alerts fromnormal network activity. Additionally, you can automatically escalate critical alerts until the problem isresolved and can suppress alerts for scheduled network maintenance.

Send alerts via email and SMS when network trouble arises Configure network alerts for interrelated events or conditions Escalate network alerts automatically for unresolved issues Ensure you don’t receive unnecessary and false-positive notifications

Application MonitoringProvides in-depth visibility of running processes and performance counters for mission-criticalapplications, network services, and web applications. Application failures are usually the most common

p4


problems that occur in IT infrastructure. These powerful monitors help IT Admins and network engineersprevent application failures and identify degradations early.

Easily identify the root cause of application performance issues across Windows, UNIX, andLinux devices

Deep support for MS Exchange, SQL, Active Directory specific counters Monitor Port availability, DNS, POP3, SMTP, HTML pages and much more Run historical reports and view in your dashboard

Automated RemediationAutomatically take actions to restore services when a failure occurs, including restarting applications andwindows services, or rebooting servers. Network administrators can focus more time onrevenue-generating initiatives by automating remediation.

Trigger self-healing scripts when specific network conditions exist Inventory of scripts for Windows and Linux devices Set scheduled actions for routine device and network maintenance

Load and Go DeploymentInstalls and more importantly configures in 15 minutes through a simple 3 step process. After installation,it performs a fast and comprehensive scan of the entire network to discover all devices. Leveragingvarious discovery techniques, it provides a complete set of attributes for each device that has beendiscovered. Each device is then assigned to a Smart Policy with recommended monitors to complete thedeployment process.

Simple 3 step process that loads the system and immediately begins monitoring the network in15 minutes

Leverage Smart Policies to assign recommended monitors and settings Intuitive, easy to use right out of the box

Log File ManagementUsing log monitoring and management capabilities, it has the ability to collect, analyze, alert, report, andarchive Event Log from Windows hosts, SysLog from distributed UNIX hosts, Routers, Switches, andother SysLog devices, and Application logs from IIS web server, IIS FTP server, and MS SQL server. Ithelps system administrators to troubleshoot, performance problems on hosts, select applications, andthe network.

Real-time display of log messages on your monitoring dashboard and in individual device details Send alert notifications when an event matching specific criteria is generated Archives all event logs and syslogs collected for forensic analysis and determining performance

and usage statistics for a host Trend reports to analyze the performance of hosts over a period of time

Monitoring DashboardsProvides unparalleled visibility into network performance, fault management, and device availabilityacross any size of network. The iGoogle like Dashboard is a “network management dashboard” with asummary display of key performance indicators (KPIs) like CPU load, network interface traffic, latency,packet loss and event logs, exposing troubled devices and areas of the network. With support for dragand drop, it’s easy to customize each dashboard by simply adding and removing gadgets. Nowmanagers and operations staff can continuously monitor key assets of the company to ensure that yournetwork is always running at peak performance.

Monitor availability, CPU load, memory, disk space utilization, network interface traffic, networklatency, and packet loss

Perform advanced monitoring of running services, process availability, and performancecounters for MS Exchange, SQL, Active Directory

Inventory of gadgets include charts, gauges, lists, text, and web links

p5


Drag and drop monitoring gadgets to create a custom view

Network Traffic AnalysisNetwork Traffic Flow provides in-depth visibility into traffic network patterns and usage to determine howtraffic impacts the overall health of the network. Drill down into applications, conversations, and devicesto identify the exact sources of spikes and bursts to take proper actions. Flows are stored for historicalreporting that proves invaluable for network capacity planning.

Captures packets for any device on the network - routers, switches, servers, desktops See traffic from the perspective of each device for easier troubleshooting Supports flow data for Cisco® NetFlow v1, 3, 5, 7 and 9, Juniper® J-Flow, and sFlow® View applications, conversations, devices, endpoints, and protocols in graphical charts Provides historical trends for all flows for network capacity planning

ptFlow Traffic Analysis ModuleptFlow is a packet capture and filtering engine that allows users to gather traffic information fromnon-Flow support devices. ptFlow capture flows by sniffing network traffic on active network adapters ona device. User selects list of interface(s). Supports TCP, UDP & ICMP (IPv4) traffic. IPv6 coming soon. Supports 32bit and 64bit platforms.

View applications, conversations, devices, endpoints, and protocols in graphical charts Provides historical trends for all flows for network capacity planning See traffic from the perspective of each device for easier troubleshooting

Performance BaselinePerformance Baseline automatically analyzes collected data to identify changes in network behavior andestablishes a baseline that represents the regular and expected activity of a device and network. Theestablished baseline accurately reflects your organization’s use of the IT infrastructure by taking intoaccount patterns and variations in usage – for example, increased processor utilization on Mondaymornings at 9:00am. Performance Baseline continuously logs subsequent activity of a device andcompares it to baseline. Once irregular behavior is detected, the program produces a qualified alert thatcontains details to be used as a starting point to help guide the troubleshooting and remediationprocess.

Reports more accurately on the device monitors that vary during a business cycle Identifies abnormal increases and decreases in network utilization, performance, and quality to

shorten mean time to repair Eliminates false positive alerts caused by normal behavior on the network Reduces manual configuration for administering setting and thresholds

Remote Office / Multi-Site NetworksDesigned for organizations with multi-site networks, this software provides secure connectivity betweenIT headquarters and any number of remote sites. The remote agent ensures that all key networkperformance data is collected and sent to the specified host server, providing visibility into the entire ITinfrastructure. Taking commands from the host server, the remote agent can also enforce policies andexecute actions.

Optimize network monitoring configurations with best practice settings Eliminate typical bottlenecks that plague distributed networks Accommodate network growth and changing network performance management needs

ReportsGenerate reports for all collected network data. Any report can instantly be printed, emailed, and saved.You can drill down into specific time periods or events or change chart type with a single click – a featurethat is particularly useful when troubleshooting issues. Leveraging the report scheduler, email reports ona daily, weekly or monthly basis to colleagues and executive management.

p6


Delivers critical information on monitors devices in an easy to read format One click configuration of time periods and data type for any device Schedule automatic reports for staff and executive management Plan future resource requirements leveraging historical trends reports

Role-based User AccessGives you control over what users can and cannot do on the system. User accounts are configured forwhich type of information is displayed in the local and web studios for an individual user or group ofpeople. In addition user accounts have email address for integration to alert notifications and scheduledreports. This layer of security ensures that the right people have access to the right information.

Gives you complete control over what authorized users can and cannot do Allows users to have custom dashboards with information relevant to them Maintains level of security required by your company

Router Configuration BackupAbility to automatically backup configurations files for your Cisco, Juniper, and HP routers and switches.Configuration backups can be scheduled to run as needed and are stored in the database. Config filescan be viewed and compared all in the same interface. In addition you can be immediately alerted whenany configuration has been changed. You can customize the backup settings to meet your particularneeds.

Schedule configuration backups across multiple Cisco, Juniper, and HP routers and switches Easily view and compare configuration historical configuration backups Detect changes that occur to configurations files and receive an alert notification

Smart PoliciesLeveraging device profiling intelligence, this software recommends monitors and data gathering intervalsfor all devices discovered in your network. Smart Policies encompass devices, monitors, alerts andscheduled task, so any configuration changes occur from one central location. This intuitive designsaves you time and dramatically improves ease of use.

Out-of-the-box ‘smart’ monitoring for the entire network Dramatic reduces time spent on configuring your NMS Lets IT departments focus on priorities items

SNMP EnablementAutomatically enable and configure SNMP on devices for monitoring:

Cisco HP ProCurve Windows Server ‘00, ‘03, ‘08 Windows XP, Vista Linux Debian 2.6 Fedora 9 Ubuntu 8, 9 SuSE 2.

VoIP and IP SLA MonitoringCollect and analyze VoIP performance statistics, including MOS, jitter, network latency, packet loss. Solve VoIP problems faster by isolating sources to specific locations, equipment, or transmission types.

Automatically configure IP SLA on Cisco routers Monitor call manager settings, status, active calls Evaluate historical call activity and plan for future updates

p7


Web Browser SupportUse the web interface to view all your critical network data, traffic bottle necks, and alert warning aboutpotential problems. In addition, see your system settings to ensure you are collecting the rightinformation at the right time.

Secure log in for each user of the system View dashboards, policies, and admin settings Supports IE, Firefox, and other popular

Wireless Infrastrcuture MonitoringAbility to monitor your wireless networks. As wireless become a more integrated in today’s network, it isimportant that IT managers maintain visibility into wireless access points, clients and sessions. Thewireless monitoring feature centralizes the management of distributed wireless networks withconfiguration in Smart Policies and monitoring in Dashboards. Understand how well your wirelessnetwork is performing and detect rogue users.

Monitor key variables on access points, including signal strength and quality View client statistics for Cisco devices Run reports on key performance data across all wireless devices

Copyright Notice© 2010 All rights reserved.

Under the copyright laws, this manual or the software described within, can not be copied, in whole or part, without thewritten consent of the manufacturer, except in the normal use of the software to make a backup copy. The same proprietaryand copyright notices must be affixed to any permitted copies as were affixed to the original. This exception does not allowcopies to be made for others, whether or not sold, but all of the material purchased (with all backup copies) can be sold,given, or loaned to another person. Under the law, copying includes translating into another language or format.Specifications and descriptions subject to change without notice.

TrademarksThe name Quest Software, the software, the product name Quest Software PT360 Tool Suite, and the Quest Software logoare registered trademarks of Quest Software. Quest Software is copyright 2010 by Quest Software. All rights are reserved.

Microsoft Windows 98, Windows NT, Windows 2000, Windows XP, Windows Server 2003, Vista, Windows 7, InternetExplorer, and Active Directory are trademarks or registered trademarks of Microsoft Corporation.

Adobe, Acrobat, and Acrobat Reader are either registered trademarks or trademarks of Adobe Systems Incorporated in theU.S. and/or other countries.

Firefox is a trademark of the Mozilla Foundation.

Other product and company names mentioned herein may be trademarks and/or registered trademarks of their respectivecompanies and are the sole property of their respective manufacturers.

Contacting UsYou can contact PacketTrap Networks in multiple ways:

Contact Information

p8


Sales [email protected]://www.quest.com

Support https://support.quest.com/ContactSupport.aspx

Getting StartedThis section will help you install and more importantly configure your system in a matter of minutes. In addition there areuseful resource guides of how to enable SNMP or WMI on your devices, configuring your encrypted credential store, andupdating the software when required.

Learn more:

System Requirements

Installation and Registration

Network Discovery

System RequirementsServer Sizing

This software is a comprehensive device, application, and traffic monitoring and troubleshooting solution. It is capable ofmonitoring single and multi-site networks of all sizes, from small corporate LANs to large enterprises or highly distributedenvironments. Most installations perform well on Pentium-class 2GHz systems with 1GB of RAM using the default monitorsettings within the Smart Policies. However, when monitoring larger networks or using the Traffic Network Flow module, youneed to give additional consideration to the hardware and system configuration used.

Scalability is affected in multiple ways. The first variable is the number of devices that you will be monitoring. Performancetuning may be required when there are more than 1,000 device monitors. The second variable is the amount of performancedata you collect for each device. Adjusting the Smart filters could cause a large spike in the amount of data collected. Thethird variable to consider is the monitoring time intervals. For example, if you set your monitor time intervals to collectperformance statistics every five minutes instead of the default time intervals, the system requirements will increase. Finally,the number of simultaneous Studios accessing the system will have a direct impact on the performance of the system.

When planning your installation, keep in mind CPU, memory, data monitor setting, and Traffic Flow monitoring. In situationswhere traffic flow is being collected from multiple routers/switches, has a large amount of 'traffic conversations', or 1,000 ormore devices are being monitored, it is recommended to use a dedicated, faster performance server. This solution offersseveral performance advantages, as the server does not have to share resources with other applications.

Host ServerSoftware /Hardware

100-250 devices 500 - 2000 devices Unlimited and MSP Version

Operating System 32-bit or 64-bit operating system:o Windows 2003 SP1

or latero Windows XP SP2 or

latero Windows Vista SP1

32-bit or 64-bit operating system:o Windows 2003 SP1

or latero Windows 2008

64-bit operating system:o Windows 2003 SP1

or latero Windows 2008

p9


(all versions)CPU 2.0 GHz 2.4 GHz 3.0 GHzMemory 2 GB or more 4 GB or more 8 GB or moreHard Drive Space 10 GB or more 50 GB or more 100 GB or more.Net Framework 2.0 or higherFirewall Exceptions- AllowedPrograms

Automatically configured during installation:

ptserverserviceptserverconfigptagentserviceptagentconfigptstudio

Ports 5053 (TCP) = (Encrypted Host Server port)

5055 (TCP) = (Encrypted Remote Control Tunnel Host Server port)

* Note: Pre-existing MSP installations may still be using 5054 (TCP) = (Host Server port)

69 (UDP) - TFTP Server514 (UDP) - Syslog Server2055 (UDP) - Netflow6343 (UDP) - SFLOW9555 (UDP) - Netflow Alternative port #29995 (UDP) - Netflow Alternative port #3

NOTE: The minimum server requirements listed above assume default configurations. Significantly increasing themonitoring intervals and traffic flow collections could result in additionl load on the server, which may require a larger CPUor additional memory.

StudioSoftware / Hardware StudioOperating System 32-bit or 64-bit operating system:

o Windows 2003 SP1 or latero Windows XP SP2 or latero Windows Vista SP1 (all versions)

.Net Framework 2.0 or higher

Adding a Customer / OrganizationAdding a new customer or a remote office for a distributed network is a simple process.

Step 1: Select New Customer or New Organization button in the upper left hand corner of the Devices section.

Step 2: Enter the information that is unique to the site or customer.

General InformationHow the customer or organization will be displayed

NameEnter a name that will be displayed in the system. For example, ACME Corporation or LondonOffice

p10


DescriptionGive a friendly description to the customer or organization.

Agent Authorization CriteriaCriteria that must be met for an agent to connect. While not required, it provides an extra layer ofsecurity to your system.

Internet GatewayEnter the internet gateway for the organization / customer's site

Windows DomainEnter the windows domain for the organization / customer's site

Agent Connection HostThe host that the agent will connect to.

HostnameWe recommend using the DNS name of your host, but IP Address can also be used.

Step 3: Click Save

Step 4: Select Add New Device(s) button in the upper left hand corner of the Devices section.

Step 5: Select the new Organization / Customer in the drop down box.

Step 6: Select Copy URL or Email URL and distribute the link to the machine where the ptagent will be installed at thecustomer's or remote site.

Step 7: Once the agent is installed, it is time to discover devices on the network. Check here for Network Discovery.

Network Discovery - Add New Device(s)Network Discovery Overview

After installation, the software performs a fast and comprehensive scan of the entire network to discover all devices.Leveraging various discovery techniques, it provides a complete set of attributes for each device that has been discovered.Each device is then assigned to a Smart Policy with recommended monitors to complete the deployment process.

Simple 3 step process that loads the system and immediately begins monitoring the network in 15 minutes Leverage Smart Policies to assign recommended monitors and settings Intuitive, easy to use right out of the box

Run Network Discovery


Step 2: Choose an Agent to run device discovery with. Local and remote agents will appear for selection.

p11


Step 3: Select to add devices via SNMP network discovery or by deploying Agents.

Note: Agents runs on Windows XP, Vista, and Server 03 machines. Click to learn more about the SNMP Enablement Tool

Step 4: Click Next.

Step 5: Enter CIDR, DNS, IP/SubnetMask or Range of IP Addresses into the Target field.

Step 6: Select Network Discovery Techniques

Exclude Devices in DatabaseSelect if you want to not include previous discovered devices that are in the device database inyour new search. This is speed up future discoveries on the same network.

PingUses ICMP to get responding status of a device. See below for Advanced Settings.

MAC Resolution Uses MAC Address to discover a device on the network.

Step 7: Choose Device Credentials you want to use to discover each device.

SNMP V1/2c CredentialSet the proper credential store for the network of the device you are going to monitor with theCPU Gauge. To configure the credential store, please see the section titled Encrypted CredentialStore.

SNMP V3 CredentialSet the proper credential store for the network of the device you are going to monitor with theCPU Gauge. To configure the credential store, please see the section titled Encrypted CredentialStore.

WMI CredentialSet the proper credential store for the network of the device you are going to monitor with theCPU Gauge. To configure the credential store, please see the section titled Encrypted CredentialStore.

Telnet CredentialSet the proper credential store for the network of the device you are going to monitor with theCPU Gauge. To configure the credential store, please see the section titled Encrypted CredentialStore.

Step 8: Click Next to discover the devices in your target field.

Step 9: Select the devices you want to do a deep discovery on. Filters available for all, SNMP responding or WMIResponding nodes

Step 10: Click Next.

Step 11: Network Discovery Complete. Smart Policy Assignment Options.

Apply Smart Policy Assignments (Recommended)Applies "Smart Policy" assignments to discovered devices based on the device type and detailsgathered during the discovery process. This process chooses the best fit policy for each device.

Apply to Default PolicyApplies the standard Default Policy to all the devices selected from the discovery process. TheDefault Policy attributes will be applies to all the devices selected.

Pending Device UpdatesLists the count of devices to be updated by the following criteria: Total devices selected, New

p12


devices discovered, and Devices for agent reassignment.

Step 12: Click Finish to proceed to the Device Viewer. Devices will appear in the appropriate Customer / Organization.

Configure Advanced Settings

Ping settings allow you to turn on or off which resolutions are displayed.

To configure click Settings button in the tool.

Ping Ping Timeout (ms)

Designates the maximum amount of time in milliseconds that Ping will wait for a response fromthe target. If the target does not respond within the number of milliseconds set, Ping will assume itis down.

Ping Packet TTL (Time-To-Live) Designates the number of hops along the way to the specified address. With a setting of 32, yourPing Scan could pass through up to 32 different routers on the way to the remote address beforebeing thrown away by the network.

Pings Per NodeAllows you to control the number of Ping attempts to send each address during a scan.

When scanning networks containing Cisco routers, set this number above two (2). If the target IPaddress is not in the ARP cache of a Cisco router, the router discards the ICMP query (Ping)while it requests the MAC address of the target IP. The first Ping will never arrive at the subnet ofthe target IP address. In this situation, the Cisco router responds to the second Ping.

Delay Between Pings Designates the time in milliseconds between each successive Ping to the target address. Settingthis value very low will send a constant stream of Pings to the target IP address.

TCP Ports Timeout (ms)

Designates the maximum amount of time in milliseconds that Port scan will wait for a responsefrom the target. If the target does not respond within the number of milliseconds set, Port scan willassume it is down.

Select Pre-loaded Ports Simply add or delete any listed port and click on “ok.”

Add Custom Ports Simply enter the Port number in the field seperating the numbers with a comma.

View Device Detail Information

The Device Viewer section provides the ability to drill into each discovered device.

Show Details Overview

p13


Displays a detailed overview of a device including status, DNS, and processor, disk, memory, andnetwork interface usage.

ProcessesProvides all the processes names and paths for a given device.

SoftwareGathers all the software installed on each device.

Adding Devices via SNMPAdding Devices using SNMP Network Discovery



Step 3: Select to add devices via SNMP network discovery.

Note: Click to learn more about the SNMP Enablement Tool

Step 4: Click Next.










Telnet Credential

p14


Set the proper credential store for the network of the device you are going to monitor with theCPU Gauge. To configure the credential store, please see the section titled Encrypted CredentialStore.







Pending Device UpdatesLists the count of devices to be updated by the following criteria: Total devices selected, Newdevices discovered, and Devices for agent reassignment.

Step 12: Click Finish to proceed to the Device Viewer. Devices will appear in the appropriate Customer / Organization.










p15


TCP Ports Timeout (ms)

Designates the maximum amount of time in milliseconds that Port scan will wait for a responsefrom the target. If the target does not respond within the number of milliseconds set, Port scan willassume it is down.

Select Pre-loaded Ports Simply add or delete any listed port and click on “ok.”

Add Custom Ports Simply enter the Port number in the field seperating the numbers with a comma.

View Device Detail Information

The Device Viewer section provides the ability to drill into each discovered device.

Show Details Overview

Displays a detailed overview of a device including status, DNS, and processor, disk, memory, andnetwork interface usage.


SoftwareGathers all the software installed on each device.

Adding Devices via Agent(s)Adding Devices via Agent(s)



Step 3: Select add devices via deploying Agents.

Note: Agents runs on Windows XP, Vista, and Server 03 machines.

Step 4: Click Next.


Step 6: Click Next.

Step 7: The software will assess if the device(s) are available for Agent installation and display a list of results.

Step 8: Click Next.

Step 9: Enter the Preferred Windows Domain Credential of the domains for agent deployment. To create a newcredential, select (new credential) from the drop down box.

p16



Step 11: Modify the preferred credential assigned to each device if needed. Highlight the device and you the 'Set Preferred'button at the bottom left corner.


Step 13: The agent will now be deployed to the device(s). You can see the log in the agent deployment status.

Step 14: Click Finish to complete the process.

SNMP Enablement ToolEnabling SNMP on Devices for Monitoring

Step 1: Right click on a device or group of devices and select Enable SNMP from the menu options.

Step 2: Confirm the device(s) you want to enable SNMP on. Add more devices by clicking the select targets button.

Step 3: Click Next.

Step 4: The software will Assess if the device(s) are available for SNMP Enablement and display a list of results.

Step 5: Click Next.

Step 6: Select the SNMP Credential you want to assign to the device(s). Enter new credentails with the ManageCredentials link.

Step 7: Click Next.


Step 9: Click Next.

Step 10: SNMP will now be Enabled on the device(s). You can see the log in the enablement status window.

Step 11: Click Finish to complete the process

Enabling WMI on WindowsWMI comes pre-installed on XP/Vista by default. To insure accessibility via WMI the user should check that the followingservice(s) are started:

Windows Management InstrumentationWindows Management Instrumentation Driver Extensions

Step 1: Go to the Control Panel and double click ‘Administrative Tools’.

p17


Step 2: Inside ‘Administrative Tools’ double click ‘Computer Management’.

Step 3: Expand Services and Applications, right click on WMI Control and follow the Windows menus.

p18


Additional Resources

Windows XP: http://support.microsoft.com/kb/875605Vista: http://msdn2.microsoft.com/en-us/library/aa822854.aspx

Enabling SNMP on Windows VistaEnabling SNMP on targeted devices is necessary if one wants to receive SNMP information from those devices. Thisinformation includes monitoring CPU, memory usage, and other critical performance details.

Enable SNMP on Windows Vista

Step 1: Navigate to the Control Panel and double click ‘Programs and Features

p19


Step 2: Click ‘Turn Windows features on or off’.

Step 3: Scroll down to the ‘SNMP feature’ check both boxes and click ‘Ok’. Wait for windows to enable the software.

p20


Step 4: Now go back to the Control Panel and double click ‘Administrative Tools’.


p21


Step 6: Under ‘Services and Applications’ click ‘Services’

Step 7: Scroll down to the ‘SNMP Service’ in the right hand pane.

p22


Step 8: Double click the ‘SNMP Service’ and navigate to the ‘Security’ tab. Make sure the ‘Accept SNMP packets from anyhost’ is selected. For routine public enablement, under ‘Accepted community names’ click ‘Add’. Leave ‘Community rights’as ‘READ ONLY’ and enter ‘Public’ for the ‘Community Name’. (A customized SNMP Community string can also be used.)

p23


Step 9: Click ‘Ok’ twice until you’re back at the above ‘Services’ screen. Right click the ‘SNMP Service’ and select ‘Start’.Done!

Additional Resources

An article containing useful information on SNMP can be found on the CISCO site at: http://www.cisco.com/warp/public/535/3.html Configuring SNMP Support for Cisco Devices: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/ffun_c/fcfprt3/fcf014.htm

Enabling SNMP on Windows XPEnabling SNMP on targeted devices is necessary if one wants to receive SNMP information from those devices. Thisinformation includes monitoring CPU and memory usage from the devices.

p24


Enable SNMP on Windows XP

Step 1: Navigate to the Control Panel and double click ‘Programs and Features’.

Step 2: Click ‘Add/Remove Windows Components’.

Step 3: Select and double-click on Management and Monitoring Tools.

p25


Step 4: Make sure both boxes are selected and click OK.

Step 5: You are returned to the previous dialogue. Click on Next

p26


Step 6: When that configuration is completed, click finish. Return to the Control Panel and double- click ‘AdministrativeTools’.

p27



Step 8: Under ‘Services and Applications’ click ‘Services’ and then scroll down to the ‘SNMP Service’ in the right hand pane.

p28


Step 9: Double click the ‘SNMP Service’ and navigate to the ‘Security’ tab. Make sure the ‘Accept SNMP packets from anyhost’ is selected. For routine public enablement, under ‘Accepted community names’ click ‘Add’. Leave ‘Community rights’as ‘READ ONLY’ and enter ‘Public’ for the ‘Community Name’. ( A customized SNMP Community string can also be used.)

Step 10: Click ‘Ok’ twice until you’re back at the above ‘Services’ screen. Right click the ‘SNMP Service’ and select ‘Start’. Done!

p29


Enabling ptFlowTraffic Analyzer supports ptFlow technology and industry standards NetFlow, sFlow, and J-Flow. ptFlow is a packet captureand filtering engine that allows users to gather traffic information from non-Flow supported devices such as computers,routers and switches. The results appear just as they would with any traditional flow technology.

Enable ptFlow to display traffic on devices

The following are steps to configure ptFlow successfully. Step 1: Establish port mirroring on the router or switch. Port mirroring is used on a network device to send a copy of all

network packets seen on one switch port (or an entire VLAN) to a network monitoring connection on another switch port.Port mirroring on a Cisco Systems switch is generally referred to as Switched Port Analyzer (SPAN); some othervendors have other names for it, such as Roving Analysis Port (RAP) on 3Com switches. Please consult your device'smanual to see if it supports port mirroring and instructions on how to enable it.

Step 2: Click on the Enable Traffic Analysis Button, select Enable ptFlow and click the Next. The host serv er IP willappear automatically. Select the Ingress (traffic in) and Egress (traffic out) on all your desired interfaces. Click Save,Next and Finish.

Step 3: Click on Devices, select the machine running this software and click View Details. ptFlow will appear underNetwork Traffic Flow.

Note: In order to maintain network connectivity, two NICs should be installed and active on the server.

Deployment scenarios

Case #1:After enabling port mirroring on the Swtich or Router, connect the mirrored port to the computer running host server.

Case #2:Insert a hub into your desired location. For example, to capture traffic from a firewall, install the hub just downstream fromthe firewall. Next, connect the hub to the network and also to the host server.

p30


Enabling sFlow on devices is necessary if one wants it collected.

Enable sFlow on Extreme, Foundry, and HP Devices

Extreme sFlow Configuration To support Extreme devices, you must configure the device using the following configuration template. enable sflow configure sflow config agent 10.199.5.10 configure sflow collector 192.168.72.67 port 6343 configure sflow sample-rate 128 configure sflow poll-interval 30 configure sflow backoff-threshold 50 enable sflow backoff-threshold enable sflow ports all The sFlow collector value must reflect the IP address where this software is installed.

Foundry sFlow ConfigurationTo support Foundry devices, you must configure the device using the following configuration template. Note: Ensure your Foundry device supports sFlow version 5. config> int e 1/1 to 4/48 interface> sflow forwarding config> sflow destination 10.199.1.199 6343 config> sflow sample 128 config> sflow polling-interval 30 config> sflow enable The sFlow destination value must be the IP where this software is installed.

HP sFlow Configuration To support HP devices, you must configure the device using the following configuration template. Note: This will not show up in the command line interface. Because of this it will not return if the switch is reset. setmib sFlowRcvrAddress.1 -o 0AC70199 setmib sFlowRcvrPort.1 -i 6343 setmib sFlowRcvrOwner.1 -D net sFlowRcvrTimeout.1 -i 100000000 setmib 1.3.6.1.4.1.14706.1.1.5.1.4.11.1.3.6.1.2.1.2.2.1.1.1.1 -i 37 setmib 1.3.6.1.4.1.14706.1.1.5.1.3.11.1.3.6.1.2.1.2.2.1.1.1.1 -i 1 setmib 1.3.6.1.4.1.14706.1.1.6.1.4.11.1.3.6.1.2.1.2.2.1.1.53.1 -i 8 setmib 1.3.6.1.4.1.14706.1.1.6.1.3.11.1.3.6.1.2.1.2.2.1.1.53.1 -i 1 Where 0AC70199 is the IP address of the computer (in hexidecimal) where this software is installed. Line 4 sets the samplerate. Line 5 enables sFlow. Line 6 sets the polling interval, and line 7 enables polling.

Enabling JFlowEnabling JFlow on a Juniper networking device is necessary to collect this data.

Enable JFlow on Juniper Devices

Enable J-flow on your device Enable J-Flow statistics. Enable J-Flow statistics on the desired interfaces. (Optional) Define the sampling interval at which you want to collect statistics. (Optional) Customize the size of the main flow cache. (Optional) Define flow cache aging timers. (Optional) Specify to where you want to export J-Flow statistics.

p31


Enabling Flow-Based Statistics

Use the ip flow statistics command to explicitly enable J-Flow.

NOTE: Issuing any configuration level commands implicitly enables J-Flow.

ip flow statistics

* Use to enable J-Flow.* Example

host1(config)#ip flow statistics

* Use the no version to disable J-Flow on the virtual router.

Enabling Flow-Based Statistics on an Interface

Use the ip route-cache flow sampled command to enable J-Flow on an interface.

NOTE: Issuing an interface-level flow command does not enable J-Flow on the virtual router. To enable J-Flow, issue the ipflow statistics command.

ip route-cache flow sampled

* Use to enable J-Flow on an interface.* Example

host1(config-if)#ip route-cache flow sampled

* Use the no version to disable J-Flow statistics on the interface.

Defining a Sampling Interval

Use the ip flow-sampling-mode command to define the packet-sampling interval for the virtual router. The sampling intervalspecifies the rate at which the virtual router samples J-Flow information. This rate is used for all interfaces that have J-Flowenabled. Once you enable an interface, the virtual router samples 1 packet at the specified packet interval. The possibleinterval range is from 10 packets to 4 billion packets (the default).

NOTE: Packet sampling occurs individually for each processor. Because the router distributes packets over multipleprocessors, sampling occurs when each processor reaches the specified packet interval.

ip flow-sampling-mode packet-interval

* Use to define the J-Flow packet-sampling interval.* Example

host1(config)#ip flow-sampling-mode packet-interval 50

* Use the no version to return the sampling interval to its default value.

Setting Cache Size

Use the ip flow-cache entries command to limit the number of main flow cache entries for the virtual router (as collectedacross all line modules that are running J-Flow). Once the cache size exceeds the flow-cache entry limit, the least recentlyused flow is removed.

p32


The possible flow-cache range is 1,024 to 524,288 entries. The default is 65,536 entries.ip flow-cache entries

* Use to limit J-Flow main flow cache entries.* Example

host1(config)#ip flow-cache entries 80000

* Use the no version to return the cache size to its default value, 65535.

Defining Aging Timers

Once the virtual router creates a flow in the cache, the flow can be removed at the expiration of either the active or theinactive timer.Specifying the Activity Timer

Use the ip flow-cache timeout active command to specify a value for the activity timer. The activity timer measures theamount of time that the virtual router has been recording a datagram for a given flow. When this timer expires, the virtualrouter exports the flow cache entry from the cache and removes the entry. This process prevents active flows fromremaining in the flow cache and allows collected data to appear in a timely manner. The possible range for the activity timeris 1 to 60 minutes. The default value is 30 minutes.ip flow-cache timeout active

* Use to define the activity timer.* Example

host1(config)#ip flow-cache timeout active 50

* Use the no version to return the activity timer to its default value.

Specifying the Inactivity Timer

Use the ip flow-cache timeout inactive command to specify a value for the inactivity timer. The inactivity timer measures thelength of time expired since the virtual router recorded the last datagram for a given flow. When this timer expires, the virtualrouter exports the flow cache entry from the cache and removes it. When, at a later time, another datagram begins that usesthe same flow characteristics, the virtual router allocates a new flow cache entry, and the inactivity timer begins again. Thepossible range for the inactivity timer is from 10 to 600 seconds. The default value is 15 seconds.ip flow-cache timeout inactive

* Use to define the inactivity timer.* Example

host1(config)#ip flow-cache timeout inactive 80

* Use the no version to return the inactivity timer to its default value.

Specifying Flow Export

Use the ip flow-export command to specify the location to which you want to export the J-Flow datagrams.ip flow-export

* Use to specify the location to which you want to export J-Flow datagrams or specify an alternate source address foroutbound export J-Flow datagrams.* Example 1—Specifies the destination address for J-Flow datagrams

host1(config)#ip flow-export 192.168.2.73 2055 version 5 peer-as

p33


* Example 2—Specifies the source address for outbound export J-Flow datagrams

host1(config)#ip flow-export source fastEthernet 5/0

* Use the no version to remove the export setting.

Enabling NetFlowEnable NetFlow for Cisco IOS Devices

Enable Cisco Express Forwarding:

router(config)# ip cef

In the configuration terminal on the router, issue the following to start NetFlow Export.

It is necessary to enable NetFlow on all interfaces through which traffic you are interested in will flow. Now, verify that therouter is generating flow stats - try 'show ip cache flow'. Note that for routers with distributed switching (GSR's, 75XX's) theRendezvous Point CLI will only show flows that made it up to the RP. To see flows on the individual linecards use the 'attach'or 'if-con' command and issue the 'show ip cache flow' on each LC.

Enable export of these flows with the global commands. 'ip flow-export source' can be set to any interface, but one which isthe least likely to enter a 'down' state is preferable. Netflow will not be exported if the specified source is down. For thisreason, we suggest the Loopback interface, or a stable Ethernet interface:

router(config)# ip flow-export version 5router(config)# ip flow-export destination <ip-address> <port>router(config)# ip flow-export source FastEthernet0

Use the IP address of your NetFlow Collector and configured listening port.

If your router uses BGP protocol, you can configure AS to be included in exports with command:

router(config)# ip flow-export version 5 [peer-as | origin-as]

The following commands break up flows into shorter segments.

router(config)# ip flow-cache timeout active 1router(config)# ip flow-cache timeout inactive 15

Use the commands below to enable NetFlow on each physical interface (i.e. not VLANs and Tunnels, as they are autoincluded) you are interested in collecting a flow from. This will normally be an Ethernet or WAN interface. You may also needto set the speed of the interface in kilobits per second. It is especially important to set the speed for frame relay or ATMvirtual circuits.

interface <interface>ip route-cache flowbandwidth

Now write your configuration with the 'write' or 'copy run start' commands. When in enabled mode, you can see currentNetFlow configuration and state with the following commands:

router# show ip flow exportrouter# show ip cache flowrouter# show ip cache verbose flow

Upgrading

p34


There are two ways this software will update. One approach is manual update and the other approach is auto update.

Manual Update

Step 1: Select Admin from the main Menu Bar.

Step 2: Select Check for Software Updates button to see if an update is available.

Step 3: Select Update Now to pull down the software updates and apply them. The software will close and openautomatically .

* Note: Pre-existing MSP installations may still use 5054 (TCP) for agent communication. Once the PacketTrap server hasbeen updated, the existing agent installations will continue to use port 5054 until the agent software updates. As soon asthe agent software has update, the agent will connect using the new port 5053 and will continue to use only port 5053 foragent communication.

Auto Update

Upon launch, the software will check for any updates available at the patch server. The software will automatically pull theupdates and store in cache. They will be applied the next time the software is launched.

Setting Up Your Network

DashboardDashboard OverviewThe dashboard provides unparalleled visibility into network performance, fault management, and device availability acrossany size of network. The iGoogle like Dashboard is a “network management dashboard” with a summary display of keyperformance indicators (KPIs) like CPU load, network interface traffic, latency, packet loss and event logs, exposing troubleddevices and areas of the network. With support for drag and drop, it’s easy to customize each dashboard tab by simplyadding and removing gadgets. Now managers and operations staff can continuously monitor key assets of the company toensure that your network is always running at peak performance.

Monitor availability, CPU load, memory, disk space utilization, network interface traffic, network latency, and packetloss

Perform advanced monitoring of running services, process availability, and performance counters for MS Exchange,SQL, Active Directory

Inventory of gadgets include charts, gauges, lists, text, and web links Drag and drop monitoring gadgets to create a custom view

Learn more:

Configure a Dashboard

Configure a Gadget


p35



The Dashboard can be customized to meet your needs. In addition to the settings below, you can drag and drop gadgetsfrom column to column and adjust the size of each column by moving the divider bar to the left or right.

Add TabCreate multiple dashboards full of key gadgets. For example, create a dashboard for routers,create one for servers, and even create one for your web properties to make sure they are up andrunning.

Add GadgetsProvides a list of gadgets to use on the dashboard. They encompass a broad suite of missioncritical data like device application, networking, devices, availability, and web-based tools. Pleasesee Configure a Gadget for more details.

These dashboard functions can be found by selecting the down arrow on each tab. Configure Columns

Set the number of columns for your dashboard page. Gadgets will resize automatically based onthe number of columns.

Rename TabGive every dashboard tab a friendly name for easy navigation across your multiple dashboards.

Clear GadgetsWill clear the dashboard of any gadgets and allow you to start fresh in configuring the dashboard.

Close TabWill permanently remove the dashboard tab and all its associated gadgets.

Configure a GadgetConfigure a Gadget

The Dashboard offers a wide range of gadgets to present any data being collected about your network. Every gadget takesyou through a similar and intuitive configuration wizard that makes setup quick and easy.

Active DirectoryMonitors the performance counters for Active Directory server.

o Name – enter a friendly nameo Refresh Interval – determine how often the gadget executes o Display Mode – IP Address or DNS Nameo Target - enter the host name or IP Addresso WMI Timeout (ms) - Designate the maximum amount of time in milliseconds that WMI will

wait for a response from the target. If the target does not respond within the number ofmilliseconds set, it is assumed down

o WMI Credential – Set the proper credential store for the network of the device you aregoing to monitor. To configure the credential store, please see the section titled CredentialSettings.

o Performance Counters Configuration – select the Active Directory performance countersthat you would like to monitor in the gadget

p36


DRA Inbound Bytes Total / Sec - This counter displays the number of bytes receivedthrough inbound Active Directory related replication. If this number is consistentlyequal to zero, it means that replication is not occurring. Low numbers may indicate thatthere is a network bottleneck or that the server's NIC is too busy with other traffic toreceive the requests in a timely manner.

DRA Inbound Object Updates Remaining in Packet - This counter displays thenumber of Active Directory objects that have been received through replication, butthat have not yet been applied. This number may start high, but should diminish veryquickly. If this value takes a while to diminish, it is a clue that the server's hardwaremight not be fast enough to keep up with the demand.

DRA Outbound Bytes Total / Sec - This counter displays the total number of bytes(compressed and uncompressed) that are being transmitted each second as a resultof the replication process. A lack of activity often indicates insufficient hardware.

DRA Pending Replication Synchronization - This number indicates the number ofobjects which must be synchronized. Like the DRA Inbound Object UpdatedRemaining in Packet counter, this value may start high, but should quickly dissipate. Ifthis counter's value remains high, it usually means that the hardware is having troublekeeping pace with the demands being made of it.

DS Threads in Use - This counter indicates the number of threads that are currentlyservicing client API calls. You can use this value to determine whether or not thedomain controller could benefit from additional processors.

Kerberos Authentications - The value from this counter indicates the number oftimes each second that clients use a ticket to authenticate to the domain controller. Alack of activity sometimes indicates that network problems are preventing requestsfrom reaching the domain controller.

LDAP Bind Time - This counter indicates the number of milliseconds that the lastsuccessful LDAP bind took to complete. This value should remain consistently low.Longer bind times can be an indication of network problems or of hardware that needsto be upgraded.

LDAP Client Sessions - This number indicates the number of LDAP sessions that areconnected to the domain controller at the moment. The appropriate value depends onyour network, but if this value remains at zero, it means that you probably have somenetwork problems that are preventing client sessions from connecting with the server.

LDAP Searches / Sec - The LDAP Searches / Sec counter indicates the number ofLDAP queries made by clients each second. I recommend viewing this counter alongwith the LDAP Successful Binds / Sec counter, which shows the number of successfulLDAP binds each second. The biggest thing that you are looking for in these twocounters is activity. A lack of activity would almost always indicate that networkproblems are disrupting the client's ability to interact with the domain controller.

Alerts in Process

A detailed display of alerts that have been triggered.o Date and time the alert was triggered.o The name of the alert.o The policy name for the alert.o IP address of the device that the alert was triggered for.o The status of any automated remediation actions that occurred.

Average Latency Chart

Indicates the average latency of a node(s) by charting the ping results.

o Name – enter a friendly nameo Refresh Interval – determine how often the gadget executes o Display Mode – IP Address or DNS Nameo Target - type the host name(s) or IP Address(es)o Ping Timeout (ms) - Designate the maximum amount of time in milliseconds that Ping will

wait for a response from the target. If the target does not respond within the number ofmilliseconds set, Ping Scan will assume it is down.

p37


o Ping Packet TTL (Time-To-Live) – Designate the number of hops along the way to thespecified address. With a setting of 32, your Ping Scan could pass through up to 32different routers on the way to the remote address before being thrown away by thenetwork.

o Pings Per Node - Set the number of Ping attempts to send each address during a scan.o Delay Between Pings - Designate the time in milliseconds between each successive Ping

to the target address. Setting this value very low will send a constant stream of Pings tothe target IP address.

o Chart Type - Select the type from Spline or Area.o Chart Zoom - Select the zoom level interval: 15 minutes, 30 minutes, 45 minutes, and 1

hour.

Average Latency GaugeIndicates the average latency of a node based on response time and average packet loss.

o Name – enter a friendly nameo Refresh Interval – determine how often the gadget executes o Display Mode – IP Address or DNS Nameo Target - type the host name or IP Addresso Ping Timeout (ms) - Designate the maximum amount of time in milliseconds that Ping will





o Percent Thresholds – Set the warning and critical percent levels for your gauges. Whenthe warning threshold is met, the gauge will turn yellow; and when the critical threshold ismet, the gauge will turn red.

o Response Time Thresholds - Set the warning and critical percent levels for your gauges.When the warning threshold is met, the gauge will turn yellow; and when the criticalthreshold is met, the gauge will turn red.

Average Latency List

Indicates the average latency of a list of node(s) by showing the response time and a color indicatorbar.






Average Latency Text

p38


Indicates the average latency of a node by changing the color of the text. Green indicates the pingwas successful and red indicates the ping failed to reach the target.






Configuration Backup

Displays the current device configuration file and allows you to compare it to a historical version.o File – the current startup or running config from the deviceo Refresh IntervalNote: HP and Juniper devices require telnet credentials to backup the configuration file.

Call Path Jitter Chart

Monitors Call Path Jitter via IP SLA on Cisco Routerso Name – enter a friendly nameo Display Mode – IP Address or DNS Nameo Select Call Path Source - Select the IP of the Call Path Sourceo Select Call Path Destination - Select the IP of the Call Path Destinationo Chart Display Type - Select Area, Bar, or Line charto Chart Display Intervals - Select Last Hour, Last Day, Last Week, Last Month, and / or Last

Year

Call Path Latency Chart

Monitors Call Path Latency via IP SLA on Cisco Routerso Name – enter a friendly nameo Display Mode – IP Address or DNS Nameo Select Call Path Source - Select the IP of the Call Path Sourceo Select Call Path Destination - Select the IP of the Call Path Destinationo Chart Display Type - Select Area, Bar, or Line charto Chart Display Intervals - Select Last Hour, Last Day, Last Week, Last Month, and / or Last

Year

Call Path MOS Chart

Monitors Call Path MOS via IP SLA on Cisco Routerso Name – enter a friendly nameo Display Mode – IP Address or DNS Nameo Select Call Path Source - Select the IP of the Call Path Sourceo Select Call Path Destination - Select the IP of the Call Path Destinationo Chart Display Type - Select Area, Bar, or Line chart

p39


o Chart Display Intervals - Select Last Hour, Last Day, Last Week, Last Month, and / or LastYear

Call Path Packet Loss Chart

Monitors Call Path Packet Loss via IP SLA on Cisco Routerso Name – enter a friendly nameo Display Mode – IP Address or DNS Nameo Select Call Path Source - Select the IP of the Call Path Sourceo Select Call Path Destination - Select the IP of the Call Path Destinationo Chart Display Type - Select Area, Bar, or Line charto Chart Display Intervals - Select Last Hour, Last Day, Last Week, Last Month, and / or Last

Year

Call Path Statistics

Monitors Call Path MOS via IP SLA on Cisco Routerso Name – enter a friendly nameo Display Mode – IP Address or DNS Nameo Monitor Scope - Select Latest, Last Hour, Last Day, Last Week, Last Month, or Last Yearo Select Call Path Source - Select the IP of the Call Path Sourceo Select Call Path Destination - Select the IP of the Call Path Destination

Configuration Backup

Displays and backs up configuration files for Cisco, HP and Juniper devices. (Note: HP and Juniperdevices require read/write Telnet credential.

o Name – enter a friendly nameo Display Mode – IP Address or DNS Nameo Select Networking device Target - Select the IP of the device where backup is to occur.

CPU Chart

Monitors the CPU usage percentage of a device.

o Name – enter a friendly nameo Refresh Interval – determine how often the gadget executes o Display Mode – IP Address or DNS Nameo Target - type the host name or IP Addresso SNMP Timeout (ms) - Designate the maximum amount of time in milliseconds that SNMP

will wait for a response from the target. If the target does not respond within the number ofmilliseconds set, SNMP will assume it is down

o SNMP V1/2c Credential – Set the proper credential store for the network of the device youare going to monitor with the CPU Gauge. To configure the credential store, please seethe section titled Credential Settings.

o SNMP V3 Credential –Set the proper credential store for the network of the device you aregoing to monitor with the CPU Gauge. To configure the credential store, please see thesection titled Credential Settings.



hour.

CPU Gauge

p40


Monitors the CPU usage percentage and average usage percentage of a device.






CPU List

Monitors the CPU usage percentage of device(s) within in network.

o Name – enter a friendly nameo Refresh Interval – determine how often the gadget executes o Display Mode – IP Address or DNS Nameo Target - type the host name(s) or IP Address(es)o SNMP Timeout (ms) - Designate the maximum amount of time in milliseconds that SNMP




CPU/Memory Chart

Monitors the CPU and memory usage percentage of a device.







p41


hour.

CPU/Memory Gauge

Monitors the CPU and memory usage percentage of a device.



o SNMP V1/2c Credential – Set the proper credential store for the network of the device youare going to monitor with the Memory Gauge. To configure the credential store, please seethe section titled Credential Settings.

o SNMP V3 Credential –Set the proper credential store for the network of the device you aregoing to monitor with the Memory Gauge. To configure the credential store, please see thesection titled Credential Settings.


CPU/Memory List

Monitors the CPU and memory usage percentage of a device(s).

o Name – enter a friendly name. This step is optional.o Display Mode – show IP Address or DNS Nameo Monitor Scope - Select time period to be displayed.o Target – enter IP Address ranges or device groupso Percent Thresholds – Set the warning and critical percent levels for your gauges. When

the warning threshold is met, the gauge will turn yellow; and when the critical threshold ismet, the gauge will turn red.

CPU/Memory Status

Monitors processor and memory usage o Name – Enter a friendly nameo Display Mode – IP Address or DNS Nameo Monitor Scope - Determine the time scope of the gadgeto Select Target - Select a single target deviceo CPU Response Time Warning - Set the warning threshold. When the threshold is met,

the display will change to yellow.o CPU Response Time Critical - Set the warning threshold. When the threshold is met, the

display will change to red.o Memory Response Time Warning - Set the warning threshold. When the threshold is

met, the display will change to yellow.o Memory Response Time Critical - Set the critical threshold. When the threshold is met,

the display will change to red.

Device Alerts

Displays the alerts triggered for a given device.

o Date and time the alert was triggeredo The name of the alert

p42


o The policy name for the alerto The status of any automated remediation actions that occurredo Description of the conditions that caused the alert to triggero Reset - ability to manually reset a single alert triggered for a deviceo Reset All - ability to manually reset all triggered alerts for a device

Device Logs

Displays logs files triggered for a given device.o Name – enter a friendly nameo Display Mode – IP Address or DNS Nameo Target - type the host name or IP Addresso Type - display logs for alerts, scheduled actions, or patchero Severity - display logs based on critical, warning, or informational

Dial Manager Configuration

Displays Dial Manager Configuration via IP SLA on Cisco Routerso Name – enter a friendly nameo Display Mode – IP Address or DNS Nameo Select Dial Manager Target - Select the IP of the Call Manager.

Dial Manager Phone Chart

Displays Dial Manager phones via IP SLA on Cisco Routerso Name – enter a friendly nameo Display Mode – IP Address or DNS Nameo Select Dial Manager Target - Select the IP of the Call Managero Chart Display Type - Select Area, Bar, or Line charto Chart Display Intervals - Select Last Hour, Last Day, Last Week, Last Month, and / or Last

Year

Dial Manager Registration Status

Displays Dial Manager Registration Status via IP SLA on Cisco Routerso Name – enter a friendly nameo Display Mode – IP Address or DNS Nameo Monitor Scope - Select Latest, Last Hour, Last Day, Last Week, Last Month, and / or Last

Year o Select Dial Manager Target - Select the IP of the Call Manager

Disk Volume Chart

Monitors the disk utilization on a hard drive of a specific device.o Name – enter a friendly nameo Refresh Interval – determine how often the gadget executes o Display Mode – IP Address or DNS Nameo Target - type the host name or IP Addresso SNMP Timeout (ms) - Designate the maximum amount of time in milliseconds that SNMP




p43


o Storage Filters – Display storage capacity greater than a number of megabytes, gigabytes,or terabytes.


hour.

Disk Volumes

Monitors the disk utilization of each drive as a percent of capacity for a device.o Name – enter a friendly nameo Refresh Interval – determine how often the gadget executes o Display Mode – IP Address or DNS Nameo Target - type the host name or IP Addresso SNMP Timeout (ms) - Designate the maximum amount of time in milliseconds that SNMP




o Percent Thresholds – Set the warning and critical percent levels for your list. When thewarning threshold is met, the value will turn yellow; and when the critical threshold is met,the value will turn red.


Installed Applications

Displays installed applications via SNMP (some devices require Telnet or SSH)o Name – enter a friendly nameo Display Mode – IP Address or DNS Nameo Target - enter the host name or IP Address

IP Configuration

Displays the IP Configuration information for a device.o Name – enter a friendly nameo Display Mode – IP Address or DNS Nameo Monitor Scope - the time resolution that is displayed on the gadgeto Target - enter the host name or IP Addresso IP - the IP address assigned to the deviceo Subnet - the subnet on which the device lieso Interface - provides the active interfaces of the device

IP SLA Overview

Displays Dial Manager Registration Status via IP SLA on Cisco Routerso Select Device(s) – Select All or some devices.o Monitor Scope - Select Latest, Last Hour, Last Day, Last Week, Last Month, and / or Last

Year. o Group By Call Sites - Check or uncheck this feature for organization purposeso Sort By - Select by Jitter, MOS, ICPIF, Latency or Packet Losso Max Call Path - Select the maximum you wish to display

Memory Chart

p44


Monitors the memory usage percentage of a device.







hour.

Memory Gauge

Monitors the memory usage percentage and average usage percentage of a device.



o SNMP V1/2c Credential – Set the proper credential store for the network of the device youare going to monitor with the Memory Gauge. To configure the credential store, please seethe section titled Credential Settings.

o SNMP V3 Credential –Set the proper credential store for the network of the device you aregoing to monitor with the Memory Gauge. To configure the credential store, please see thesection titled Credential Settings.


Memory List

Monitors the memory usage percentage of device(s) within in network.




o SNMP V3 Credential –Set the proper credential store for the network of the device you are

p45


going to monitor with the CPU Gauge. To configure the credential store, please see thesection titled Credential Settings.

MS Exchange

Monitors the performance counters for MS Exchange server.




o Performance Counters Configuration – select the MS Exchange performance countersthat you would like to monitor in the gadget

o Exchange 2007 MSExchangeAD Topology - Provides Active Directory topology information to

Exchange services. If this service is stopped, most Exchanges services are unable tostart.

MSExchangeAntiSpamUpdate - The Microsoft Forefront Security for ExchangeServer anti-spam update service.

MSExchangeEdgeSync - The Microsoft Exchange EdgeSync Service. MSExchangeFDS - Microsoft Exchange File Distribution Service. MSExchangeImap4 Provides Internet Message Access Protocol (IMAP4) Services to

client. If this service is stopped, clients are unable to connect to this computer usingthe IMAP4 protocol.

MSExchangeIS - Manages the Microsoft Exchange Information Store. This includesmailbox stores and public folder stores. If this service is stopped, mailbox stores andpublic folder stores on this computer are unavailable.

MSExchangeMailboxAssistants - Performs background processing of mailboxes inthe Exchange store.

MSExchangeMail Submission - Submits messages from the Mailbox server to theHub Transport servers.

MSExchangeMonitoring - Allows applications to call the Exchange diagnosticcmdlets.

MSExchangePop3 - Provides Post Office Protocol version (POP3) Services to clients.If this service is stopped, clients are unable to connect to this computer using thePOP3 protocol.

MSExchangeRepl - The Microsoft Exchange Replication Service provides replicationfunctionality for Mailbox server role databases and is used by local continuousreplication and cluster continuous replication.

MSExchangeSA - Forwards directly lookups to a global catalog server for legacyOutlook clients, generates email addresses and offline address books, updatesfree/busy information for legacy clients, and maintains permissions and groupmemberships for the server.

MSExchangeSearch - Quickly creates full-text indexes on content and properties ofstructured and semi-structured data to allow fast linguistic searches on this data.

MSExchangeServiceHost - Provides a host for several Microsoft Exchange services. MSExchangeTransport - The Microsoft Exchange Transport Service. MSExchangeTransportLogSearch - Provides remote search capability for Microsoft

Exchange Transport log files. Msftesql-Exchange - Microsoft Full-Text Engine for SQL Server. System – Processor Time - Amount of processor being used by the System

Resources. Store – Processor Time - Amount of processor being used by the Information Store.

p46


Inetinfo – Processor Time - Amount of processor being used by the MicrosoftInternet Information Services.

Transport Queues - This counter displays the number of bytes received throughinbound Active Directory related replication. If this number is consistently equal tozero, it means that replication is not occurring. Low numbers may indicate that there isa network bottleneck or that the server's NIC is too busy with other traffic to receivethe requests in a timely manner.

RPC Packets/sec - The rate of Remote Procedure Call (RPC) packets RPC Average Latency - This indicates the Remote Procedure Call (RPC) averaged

latency in milliseconds for the past 1024 packets. Disk Transfers/sec - The average sum of all random read/write input/output (I/O)

operations to the Microsoft Exchange Database disk volumes (both .edb and .stmfiles).

o Exchange 2003 IMAP4Svc - Provides Microsoft Exchange IMAP4 Services. MSExchangeES - Monitors folders and fires events, for Exchange 5.5-compatible

server applications. MSExchangeIS - Manages Microsoft Exchange Information Storage. MSExchangeMGMT - Provides Microsoft Exchange management information through

WMI. MSExchangeMTA - Provides Microsoft Exchange X.400 services MSExchangeSA - Provides system related services for Microsoft Exchange MSExchangeSRS - No entry POP3Svc - Provides Microsoft Exchange POP3 Services RESvc - Processes Microsoft Exchange routing information System – Processor Time - Amount of processor being used by the System

Resources. Store – Processor Time - Amount of processor being used by the Information Store. Inetinfo – Processor Time - Amount of processor being used by the Microsoft

Internet Information Services. RPC Packets/sec - The rate of Remote Procedure Call (RPC) packets Averaged Latency - This indicates the Remote Procedure Call (RPC) averaged

latency. Disk Transfers/sec - The average sum of all random read/write input/output (I/O)

operations to the Microsoft Exchange Database disk volumes (both .edb and .stmfiles).

Local Queue Length - The number of messages in the local queue waiting delivery tolocal users.

o Exchange 2000 IMAP4Svc - Provides Microsoft Exchange IMAP4 Services. MSExchangeES - Monitors folders and fires events, for Exchange 5.5-compatible

server applications. MSExchangeIS - Manages Microsoft Exchange Information Storage. MSExchangeMGMT - Provides Microsoft Exchange management information through

WMI. MSExchangeMTA - Provides Microsoft Exchange X.400 services MSExchangeSA - Provides system related services for Microsoft Exchange MSExchangeSRS - No entry POP3Svc - Provides Microsoft Exchange POP3 Services RESvc - Processes Microsoft Exchange routing information SMTPSVC - Transports electronic mail across the network Inetinfo – Processor Time -Amount of processor being used by the Microsoft Internet

Information Services. MAD – Processor Time - Amount of processor being used by the Exchange System

Attendant Service. The process called mad.exe is a core part of Microsoft Exchange. Itperforms a number of key functions, for example, it will manage the loading ofadditional dlls when you make config changes to Exchange. It also performs themessage tracking logging. You should leave this process running if you use MicrosoftExchange. If you find that it is using a large amount of resources (e.g. 90% CPU) youshould check to see if there are any updates available for Exchange, from Microsoft.

p47


Store – Processor Time - Amount of processor being used by the Information Store. Local Queue Length - Local Queue Length indicates the number of messages in the

local SMTP queue. Messages Delivered/sec - Messages Delivered/sec indicates the rate that messages

are being delivered to local mailboxes. Messages Received/sec - Messages Received/sec indicates the rate that messages

are being received. Messages Sent/sec - Messages Sent/sec indicates the rate that messages are being

sent. Messages Open/Sec - Message Opens/sec indicates the rate that requests to open

messages are submitted to the Exchange store. Folder Opens/sec - Folder Opens/sec indicates the rate that requests to open folders

are submitted to the Exchange store. Local Delivery Rate - Local Delivery Rate indicates the rate at which messages are

being delivered locally. RPC Operations/sec - RPC Operations/sec indicates the rate that RPC operations

occur. This counter tells you how many RPC requests are outstanding. If Outlook isnotifying users that it cannot contact their Exchange server, it is likely that this counterwill show significant spikes.

RPC Requests - RPC Requests indicates the number of client requests that arecurrently being processed by the Exchange store. This counter should not exceed 100.You should also use this counter to establish a baseline of normal server performance.

Network Interface ChartMonitors the network interface performance for a device by showing the percent of capacity orthroughput.





o Traffic Display Mode – Percent of capacity or throughputo Select the network interface to displayo Chart Type - Select the type from Spline or Area.o Chart Zoom - Select the zoom level interval: 15 minutes, 30 minutes, 45 minutes, and 1

hour.

Network Interface List

Monitors the network interface performance for a device by showing the percent of capacity orthroughput.



o SNMP V1/2c Credential – Set the proper credential store for the network of the device youare going to monitor with the CPU Gauge. To configure the credential store, please see

p48


the section titled Credential Settings.o SNMP V3 Credential –Set the proper credential store for the network of the device you are

going to monitor with the CPU Gauge. To configure the credential store, please see thesection titled Credential Settings.

o Traffic Display Mode – Percent of capacity or throughputo Hide inactive interface – will not be displayed in resultso Include all network interfaces or select specific network interfaces to display – Customize

the view for your gadget.o Percent Thresholds – Set the warning and critical percent levels for your gauges. When


Network Statistics Summary

Displays Network Statistics via SNMP o Name – enter a friendly nameo Display Mode – IP Address or DNS Nameo Select Target device - Select the IP of the device

Network Traffic Flow

Displays the NetFlow / sFlow / JFlow / ptFlow for a switch or router.o Name – enter a friendly nameo Display Mode – IP Address or DNS Nameo Target - type the host name or IP Addresso Period - filter the time range for data displayo Show Top - filter the number of traffic flows that show in the display

Open Source Web Viewer

Monitors the CPU performance of a list of node(s) by showing the usage percentage and a colorindicator bar.

o Name – enter a friendly name.o URL – enter the URL for the browser-based open source network management tool or

website.o Enable Refresh – allow the gadget to refresh. Note that many websites have auto refresh

so you might consider disabling the refresh option.o Enable Scroll Bar – allow for a scroll bar on the gadget to move up and down

Log Information

Displays all the log files generated in a single view.

o Type - Display alerts, scheduled actions, or patchero Severity - display critical, warning, or information messages

Policy Scheduled Actions

Displays all the scheduled actions in a single view.

o Policy - name of the policy that contains the scheduled actiono Run Time - the actual time that the action will / has runo Count - the number of actions to be takeno Action Group - the friendly name assigned to the scheduled actiono Actions - the actions that will be triggered

p49


Running Processes

Displays IP Address, device type and roles, operating system, domain, and other detailed systeminformation for a device.

o Name – enter a friendly nameo Display Mode – IP Address or DNS Nameo Target - type the host name or IP Address

Software Inventory

Displays all the software installed for a device.


SQL Server

Monitors the performance counters for SQL Server.




o Select Instance – Select the specific SQL Instance that you want to monitoro SQL Server Version – Displays the version of SQL Servero Select Database(s) – Select the SQL Database(s) that you want to monitor. Use SHIFT,

CTRL keys to select multiple items.o Performance Counters Configuration – select the SQL Server performance counters that

you would like to monitor in the gadget Databases-Transactions/Sec - This counter measures the number of transactions

started per second. Transactions are the basis of everything in SQL Server, and mostqueries are implicit transactions. This measurement is extremely handy for determiningif the load has substantially increased over time. This also gives you an indicator tohow the workload is on your system.

Access Methods-Full Scan/Sec - This counter should always be captured. It showshow often a table index is not being used and results in sequential I/O. This is definedas the number of unrestricted full scans. These can be either base table or full indexscans. Missing or incorrect indexes can result in reduced performance because of toohigh disk access.

Buffer Manager - This counter shows the percentage of pages that are found in SQLServer’s buffer pool without having to incur a read from disk. A well-balanced systemwill have hit ratio values greater than 80%. The hit ratio ought to be 90% or better forOLTP-type databases.

Latches-Latch Waits/sec - This counter measures the average amount of time, inmilliseconds, that a latch request had to wait before it was serviced. Over time it is agood indicator for a general performance problem or if a performance issue is specificto one user.

Locks – Average Wait Time - This counter measures the average amount of time, inmilliseconds, that a user is waiting for a lock. Over time it is a good indicator for ageneral performance problem or if a performance issue is specific to one user. Locksare inevitable but a sometimes a blocking or a deadlock can skew the values. Having

p50


said that, less this wait the better it is. Wait Stats - The SQLServer:Wait Statistics performance object contains performance

counters that report information about wait status. Lock waits - Statistics for processes waiting on a lock. Log write waits - Statistics for processes waiting for log buffer to be written. Network IO waits - Statistics relevant to wait on network I/O. Wait for the worker - Statistics relevant to processes waiting for worker to become

available. Page IO latch waits - Statistics relevant to page I/O latches.

Syslog

Displays all the collected syslog messages for a specific device.

o Name – enter a friendly nameo Display Mode – IP Address or DNS Nameo Target - type the host name or IP Addresso Change Filters - ability to filter messages based on facility, severity, date, host, and text

System Information

Displays detailed system information on a device.


Top 10 – Average CPU Usage (%)

Monitors the CPU performance of a list of node(s) by showing the usage percentage and a colorindicator bar.





Top 10 – Average Memory Usage (%)

Monitors the memory performance of a list of node(s) by showing the usage percentage and acolor indicator bar.



p51




Top 10 – Average Packet Loss (%)

Indicates the average packet loss of a list of node(s) by showing the response time and a colorindicator bar.






Top 10 – Disk Volume Usage (%)

Indicates the highest average disk volume usage as a percentage of drive capacity for a list ofdevices by showing capacity used and a color indicator bar.

o Name – enter a friendly nameo Refresh Interval – determine how often the gadget executes o Display Mode – IP Address or DNS Nameo SNMP Timeout (ms) - Designate the maximum amount of time in milliseconds that SNMP




o Target – enter the IP Addresses or Device Groupso Percent Thresholds – Set the warning and critical percent levels for your list. When the

warning threshold is met, the value will turn yellow; and when the critical threshold is met,the value will turn red.


Top 10 – Highest Average Latency (ms)

Indicates the highest average latency of a list of node(s) by showing the response time and a colorindicator bar.

o Name – enter a friendly name

p52


o Refresh Interval – determine how often the gadget executes o Display Mode – IP Address or DNS Nameo Target - type the host name or IP Addresso Ping Timeout (ms) - Designate the maximum amount of time in milliseconds that Ping will





Top 10 – Network Interface Usage

Indicates the highest network interface usage for a list of nodes by showing the percent of capacityor throughput of a specific interface.

o Name – enter a friendly nameo Refresh Interval – determine how often the gadget executes o Display Mode – IP Address or DNS Nameo SNMP Timeout (ms) - Designate the maximum amount of time in milliseconds that SNMP




o Top 10 Traffic Criteria – Transmit + Receive, Transmit only, or Receive onlyo Traffic Display Mode – Percent of capacity or throughputo Hide inactive interface – will not be displayed in resultso Target – enter IP Addresses, Host Names, or Device Groupso Percent Thresholds – Set the warning and critical percent levels for your gauges. When


Top 10 – Network Traffic: Applications

Displays network traffic data by applications for the last hour.

o Name – enter a friendly nameo Display Mode – IP Address or DNS Nameo Target – enter device IP address or DNS

Top 10 – Network Traffic: Conversation

Displays network traffic data by conversations for the last hour.


Top 10 – Network Traffic: Domains

p53


Displays network traffic data by domains for the last hour.


Top 10 – Network Traffic: Endpoints

Displays network traffic data by endpoints for the last hour.


Virtual Machines

Displays VMware ESX Server virtual machineso Name – enter a friendly nameo Display Mode – IP Address or DNS Nameo Target – enter device IP address or DNS

VMware Host Summary

Displays VMWare ESX Server host summaryo Name – enter a friendly nameo Display Mode – IP Address or DNS Nameo Target – enter device IP address or DNS

VoIP Active Calls

Displays Active Calls via IP SLA on Cisco Call Managero Name – enter a friendly nameo Display Mode – IP Address or DNS Nameo Target – enter device IP address or DNS

VoIP Call History

Displays Call History via IP SLA on Cisco Call Managero Name – enter a friendly nameo Display Mode – IP Address or DNS Nameo Target – enter device IP address or DNS

VoIP Phone Status

Displays VoIP Phone Statusvia IP SLA on Cisco Call Managero Name – enter a friendly nameo Display Mode – IP Address or DNS Nameo Target – enter device IP address or DNS

Welcome

Displays hyperlinked checklist including Run network discovery, Configure SNMP settings,Customize device policies, alerts and actions, Setup additional system users, Distribute Studio to ITteam, and Customize Dashboard

p54


Windows Event Logs

Displays all the event logs collected for a device. Log files include application, security, and systemevent logs.


Windows Services

Displays critical windows services for up, down, disabled status and detailed information.


Wireless Access Point

Display visibility into a wireless access point, clients and sessions. Key variables include signalstrength and quality.


Wireless Access Point List

Display granular information of all wireless access points on the network.

o Select all or specific devices in the gadget configuration wizard

Wireless Clients Chart

Display a chart graph for the number of wireless clients connected to a wireless access point.

o Name – enter a friendly nameo Display Mode – IP Address or DNS Nameo Target – enter device IP address or DNSo Chart Display Type - Bar, area, or lineo Chart Display Intervals - select the chart(s) to be displayed on the dashboard

Wireless Clients List

Display key variables of each client connected to the wireless access point.

o Name – enter a friendly nameo Display Mode – IP Address or DNS Nameo Monitor Scope - select the time range of date to be displayed on the dashboardo Target – enter device IP address or DNS

Wireless Traffic Chart

Display the amount of receive and transmit network traffic generated by a wireless device.

o Name – enter a friendly name

p55


o Display Mode – IP Address or DNS Nameo Target – enter device IP address or DNSo Chart Display Type - Bar, area, or lineo Chart Display Intervals - select the chart(s) to be displayed on the dashboard

DevicesDevice Inventory Overview The Device Viewer creates a detailed repository of all devices on your network. It provides operating system, interface andport details, IP addresses, installed Windows software and many other details.

Gather complete device information without the need of an agent Store all inventory information locally for quick access Search for granular information across all devices for additional analysis Generate reports for each or all devices and export to HTML or .CSV

Learn more:

Create Device Groups

Add a Device(s)

Device Details

Device OverviewThe device overview provides a clear summary of key information for all devices being monitored.

A color indicator if ping requests to a device are successful The IP address of the device The Host name identified by DNS or Netbios CPU performance Memory performance Ping response time The policy the device is under Additional IP addresses associated with the device

Right Click FunctionalityThis software provides robust functionality in the right click context menu.

Set Name and Roles Add friendly names to your devices for ease of use. Override system-determined roles and selectroles.

Add to New Device GroupAbility to create a new device group and add the selected device(s) to it.

Add to Device Group

p56


Ability to add the selected device(s) to an existing device group.

Remove from Device GroupAbility to remove the selected device(s) from a device group.

Add to New PolicyAbility to create a new policy and add the selected device(s) to it.

Change PolicyAbility to change the policy assignment for the selected device(s).

Remove from PolicyAbility to remove the selected device(s) from a policy.

Delete DeviceAbility to delete a device from the database.

Set CredentialsAbility to assign or change credentials for a device. Select Managed Credentials to create a newcredential and assign it to a device. Learn more about Managed Credentials.

Enable Traffic Analysis Enable Netflow, sFlow, J-flow or ptFlow on a device.

Enable IP SLA Responder Configure a Cisco device as an IP SLA Responder to capture and measure connections. Enterthe Device IP, SNMP credentials, get settings and save settings.

Enable IP SLA Call Path Configure a Cisco device to establish an IP SLA Call Path. Enter the Device IP, SNMPcredentials, get settings and save settings.

Run ReportAbility to run any one of the many reports. Learn more about Reports.

RDPAbility to RDP directly to the selected machine.

TelnetAbility to Telnet directly to the selected machine.

Web BrowserAbility to web browser directly to the selected machine.

Add Device GroupsAdd Device GroupAllows the user to create new Device Groups. These groups can be used in any Target field in the Viewer.

Edit DevicesAbility to add or remove devices from the Device Group.

Edit Name

p57


Ability to edit the name of the Device Group.

RemoveAbility to remove the Device Group from the system.

Add Device(s)Run Network Discovery to add Device(s)

Step 1: Choose an agent to run device discovery with. The Server agent is automatically selected by default. Remoteagents (other locations)will be added when installed and configured.










Telnet CredentialSet the proper credential store for the network of the device you are going to monitor with theCPU Gauge. To configure the credential store, please see the section titled Encrypted CredentialStore.



Step 7: Click Next.


p58




Pending Device UpdatesLists the count of devices to be updated by the following criteria: Total devices selected, Newdevices discovered, and Devices for agent reassignment.

Step 9: Click Finish to proceed to the Device Viewer.










Enable SNMPEnabling SNMP on Devices for Monitoring

The easiest way to enable SNMP on a device is to leverage the SNMP Enablement Tool.

Step 1: Right click on a device or group of devices and select Enable SNMP from the menu options.

Step 2: Confirm the device(s) you want to enable SNMP on. Add more devices by clicking the select targets button.

p59


Step 3: Click Next.

Step 4: The software will Assess if the device(s) are available for SNMP Enablement and display a list of results.

Step 5: Click Next.

Step 6: Select the SNMP Credential you want to assign to the device(s). Enter new credentails with the ManageCredentials link.

Step 7: Click Next.


Step 9: Click Next.

Step 10: SNMP will now be Enabled on the device(s). You can see the log in the enablement status window.

Step 11: Click Finish to complete the process

Enable Traffic AnalysisThe enable traffic analysis tool offers a GUI interface which makes enabling flow traffic on Netflow, Sflow, J-flow and ptFlowdevices simple. The following are the prerequisites for the Enable Flow tool.

A read / write credential for the router must be supplied for either SNMP or Telnet UDP port 69 must be open on the machine running this software. The router must have an open route on UDP port 69 from the router to the machine running the host server

Enable Traffic Analysis Flow dialogue window

Start Traffic Analysis Enablement - Enable a device

Determine whether your device supports flow natively Click on the link to see of list of all devices that support Netflow, sFlow, J-flow

Select Flow TypeChoose the flow type; Netflow or Sflow. Or, click the J-flow link for separate instructions. If yourdevice does not support any of the preceding flow types, select Enable ptFlow. See EnablingptFlow.

Flow Enablement MethodSelect the method to enable. Select Autodetect, Netflow via config file, Netflow via CiscoNetflow-MIB, or sFlow via sFlow-MIB

SNMP or Telnet CredentialsRead / write credentials for the router must be supplied for either SNMP, SSH or Telnet.

Manage credentialsA link is provided to the Encrypted Credential Store. This is a protected store of SNMP, WMI,SSH and FTP credentials shared by all tools and gadgets which require them. It uses standard

p60


AES 256-bit encryption.

.

Get SettingsClick this button to reveal Flow Configuration Settings.

Flow Configuration SettingsSelect Export To checkboxes. Supply the address(es) where flow packets will be sent (This willbe the Server IP). Adjust the port for the flow traffic. Finally, select the interface(s) ingress oregress for which flow traffic will be displayed.

Save SettingsSaves the flow settings to the selected startup or running config.

Configure ptFlow settings Select the physical interface(s) ingress or egress for which you wish to monitor flows. SeeEnabling ptFlow.

Save Settings Saves the flow settings to the selected startup or running config.

Enable IP SLA ResponderEnable IP SLA ResponderIn order to test the performance from one Cisco device to another, you must set up the destination device to be aResponder.

Step 1: Right click on the call path destination device and select Enable IP SLA Responder.

Step 2: Verify the IP Address and SNMP credential of the device.

Step 3: Click Get Settings to set the settings dialogue for configuration.

Step 4: Select Responder Enabled at the bottom of the configuration window.

Step 5: Click Save Settings to complete the set up process.

Enable IP SLA Call PathEnable IP SLA Call PathIn order to test the performance from one Cisco device to another, you must set up an IP SLA Call Path.

Step 1: Right click on the call path initiating device and select Enable IP SLA Call Path.

Step 2: Verify the IP Address and SNMP credential of the device.

Step 3: Click Get Settings to set the settings dialogue for configuration.

Step 4: Configure the Call Path: Remote IP

The destination device for the call path test.

p61


FrequencyTime between each ping (test) in seconds.

Codec TypeDetermined by the type of traffic your system uses.

PacketsNumber of packets sent with each ping (test).

Payload SizeNumber of bytes that is sent with each packet.

IntervalTime between each packet in milliseconds.

Repeat the Configure Call Path process for additional devices as needed.

Step 5: Click Save Settings to complete the process.

Device DetailsDevice DetailsThe device details section is a central view for all the devices in the database. In this view, you can see detailed informationabout the peformance of each device and begin the troubleshooting process if needed.

View Details Overview

Displays a detailed overview of a device including status, DNS, processor, disk, memory, networkinterface usage, and a link to the Credentials assigned to the selected device.


SoftwareGathers all the software installed on each device

ApplicationsGathers important information related to the specific application being monitored.

LogsDisplays all the log files for a devie, including Windows Event logs, Syslogs, and Flow traffic.

SettingsDisplays which policy and credentials have been assigned to a device.

Configuration BackupsDisplays the most current configuration file backup which can also be compared to historicalconfiguration file backups.

p62


Run Tools Quick LaunchLaunches selected tool against selected device if the Tool Suite is also installed on the machine.

WHOISQuickly accesses multiple public domain databases and performs a search by IP address ordomain name.

Enhanced PingContinuously logs running response times and exports data on demand to HTML, XML and CSVfiles.

Wake on LANBoot any networked machine with previously enabled capability in the BIOS by means of a “magicpacket” from a remote location.

.

TraceRouteFinds the route from one IP host to another by sending specially configured packets in a series ofhops from node to node.

MAC ScanScans the subnet of its host and builds a table comprised of a pertinent MAC Address, pingresponse-time, DNS, network card manufacturer and manufacturer address information for eachIP Address.

Port ScanTests for open TCP ports on specified individual machines and ports as well as within targetedranges of IP addresses and ports.

DNS AuditMatches each IP Address in a specified range of IP Addresses to its domain name, and thenchecks back from the domain name to the IP Address to see if the resolution is the same forwardand in reverse.

Graphical PingA versatile graphing tool which offers graphing functions (spline chart, bar chart, and area chart)and variable ICMP parameters to optimize data collection for differing situations and purposes.

Ping ScanSends ICMP packets to a range of IP addresses; displays which are in use, measures theresponse time, and provides DNS name.

Network MapsDevice DetailsLeveraging robust network discovery techniques, PacketTrap’s network mapping produces a multi-level, comprehensive,easy-to-view network map for each of your customers. Drill into devices and links for granular statics on performance andother key metrics. Maps are updated as new devices are added to the customer’s network.

Auto-creation of topology maps Changes to maps as devices are added

p63


Drag and drop of devices to create customized views

Using Network Map

1. Create a new map by Right Click on network maps in the tree menu.

2. Enter friendly name of the map.

3. Select Add Devices from the top menu. A list of discovered devices will appear and highlight the devices to be included inthe maps.

4. The software will auto link the selected devices and display them on the screen.

5. Select Set Background to insert an image behind the devices to create a topolgy view.

Other mapping features unclude different device layouts, groups of maps for layered drill down, and auto rebuild of devicerelationships when new devices are added to the system.

Encrypted Credential StoreThe Encrypted Credential Store is a convenient, protected store of SNMP, WMI, SSH and FTP credentials shared by alltools and gadgets which require them. It uses standard AES 256-bit encryption.

Configuring Encrypted Credential Store

Step 1: Click Credentials from tree options in Devices.

Step 2: In the opened Credential Store dialogue box, click on New.

Step 3: From the dropdown menu next to Type select the type of credential protocol you wish to configure and save. Theconfiguration of each of the three choices displayed is described in the following three sections.

Note: See below for instructions on each type of credential.

Step 4: Click the Assign button to assign the credential to one or many devices. In addition there is an Unassign button toremove credentials from device(s).

Step 5: Click Close to Finish.

Configuring SNMP V1 and SNMP V2c

Step 1: From the dropdown menu next to Type select SNMP V1/2c

Step 2: Enter a friendly Name.

Step 3: Enter the appropriate Community string.

Step 4: Check Show if you wish the community string characters to be displayed in the dialogue box. Leave it unchecked ifyou wish the characters to be obfuscated.

Step 5: Click Save. Your friendly name and related community string will appear in the dropdown menu of the dialogue boxfor any relevant tool or gadget.

Configuring SNMP V3

p64


Step 1: From the dropdown menu next to Type, select SNMP V3


Step 3: If a Context is necessary for the protocol being defined, check the enable box next to Context and enter the contextname in the text box.

Step 4: In User name enter the name of the user with access to the device.

Step 5: In the Authentication section in the dropdown next to Type, select the appropriate hash function type for theprotocol being defined.

Step 6: Enter the Password and renter to verify.

Step 7: In the Encryption section in the dropdown next to Type, select the appropriate encryption type for the protocolbeing defined.


Step 9: Click Save to complete the process.

Configuring WMI

Step 1: From the dropdown menu next to Type, select WMI


Step 3: Enter the Domain name and the User Name and enter the Password (renter to verify).


Configuring Telnet/SSH

Step 1: From the dropdown menu next to Type, select Telnet/SSH


Step 3: Enter the User Name and enter the Password (renter to verify).

Step 4: Enter the Cisco Enable Password (renter to verify). If left blank, your Telnet password will be left blank.

Step 5: Select the Protocol to be used - SSH or Telnet


Configuring SMTP

Step 1: From the dropdown menu next to Type, select SMTP


Step 3: Enter the Hostname or IP Address of your SNMP server.

Step 4: Enter the designated SMTP Port. By default, it is port 25.

p65


Step 5: Select box for SSL Enabled or Disabled for your SNMP Server.

Step 6: Enter the name of your Domain.

Step 7: Enter your User Name for the Domain.

Step 8: Enter the Domain Password twice to Verify Password

Step 9: Select Save to complete the process.

Configuring POP3

Step 1: From the dropdown menu next to Type, select POP3


Step 3: Enter the Hostname or IP Address of your POP3 server.

Step 4: Enter the designated POP3 Port. By default, it is port 110.

Step 5: Enter your User Name for the POP3 Server.

Step 6: Enter the POP3 Server Password twice to Verify Password

Step 7: Select Save to complete the process

PoliciesPolicies Overview Policies allows the user to create, name and save permanent policies that are assigned to designated target IPs, IP rangesand Device Groups. Policies include email / SMS alerts and actions which automatically respond to configured conditions.

Add New Policy

Step 1: Click on Add a New Policy.

Step 2: Select Enabled or Disabled, enter a name for the policy and a description (optional).

Step 3: Add, Remove selected, or Remove all Members. Configure the devices associated with the policy.

Click Add to Select Device Members for Policy

SearchAllows the user to search for specific device.

ShowFilter the entire database by the following criteria: All, Devices, Device Groups, and Policies.

AddAdds selected element (All, Devices, Device Groups, and Policies) members to Selected Targetsfield at the bottom of the dialogue. Ctrl + click and Shift + click allow multiple selection. Double

p66


clicking on an element also adds the element to Selected Targets.

.

Add AllAdds the entire database to the Selected Targets field.

Selected TargetsLists the pending elements which will be added to the policy. Double clicking on an elementRemoves the element from Selected Targets.

.

RemoveRemoves selected element (All, Devices, Device Groups, and Policies) members from SelectedTargets field at the bottom of the dialogue. Ctrl + click and Shift + click allow multiple selection.

Remove AllRemoves all pending elements from the Selected Targets field.

Step 4: Click Next.

Step 5: Configure the data to be monitored for policy members by marking the monitor checkboxes. The interval for eachmonitor is selected by a drop down (combo box) menu and is tailored to the best fit interval choices.

Basic GroupThis group of monitors includes Ping, CPU, Memory, Disk Volumes, Programs Installed, RunningProcesses, System Information, and Network Interface Configuration.

Application GroupThis group of monitors includes Web Server, Active Directory, Exchange Server, SQL Server,Windows Services, DNS, POP3 and SMTP

.

Log GroupThe log group of monitors contains Syslog Listener, Application Event Logs, Security Event Logsand System Event Logs

Networking GroupIncludes Network Interface Configuration, Network Interface Traffic, Network Statistics and IPConfiguration.

Ports GroupTests for open TCP ports.

Cisco GroupThis group includes Configuration Backup, Wireless, and the Netflow Collector.

Step 6: Click Next.

Step 7: Set Alerts. Alerts are covered in another help topic.

Step 8: Configure Scheduled Actions. Scheduled Actions are covered in another help topic.

p67


Step 9: Click Finish.

MonitorsMonitors Overview

This software comes will a robust inventory of montiors:

Availability, CPU load, memory, disk space utilization, network interface traffic, network latency, and packet loss Running services, process availability, and performance counters for MS Exchange, SQL, Active Directory Easily identify the root cause of application performance issues across Windows, UNIX, and Linux devices Port availability, DNS, POP3, SMTP, HTML pages and much more

Basic Group

PingSends an ICMP (ping) command to a device. If the device does not respond to the request, thePing monitor is considered down.

Settings:Ping Timeout (ms) - Designates the maximum amount of time in milliseconds that Ping will waitfor a response from the target.

Ping Packet TTL (Time-To-Live) - Designates the number of hops along the way to thespecified address. With a setting of 100, your Ping Scan could pass through up to 100 differentrelay points on the way to the remote address before being discarded by the network.

Pings Per Node - Allows you to control the number of Ping attempts to send to each addressduring a scan.

When scanning networks containing Cisco routers, set this number above two (2). If the targetIP address is not in the ARP cache of a Cisco router, the router discards the ICMP query (Ping)while it requests the MAC address of the target IP. The first Ping will never arrive at the subnetof the target IP address. In this situation, the Cisco router responds to the second Ping.

Delay Between Pings (ms) - Designates the time in milliseconds between each successivePing to the target address. Setting this value very low will send a constant stream of Pings to thetarget IP address.

CPUMonitors the number of processors, current usage, and average usage over time.

MemoryMonitors the memory currently used, available free memory and total memory capacity of asystem.

Disk VolumesProvides disk usage and total capacity per volume for a device. Results are available in rawnumbers and as percentages.

Programs InstalledProvides a detailed list of all software programs installed on a device.

Running Processes

p68


Provides name, path, CPU and memory consumption for all processes running on a device.

System InformationProvides device IP Address, device type and roles, operating system, domain, and other detailedsystem information for a device.

Network Inferface ConfigurationProvides interface name, MAC Address and other network interface information for a device.

Application Group

Web ServerSends a HTTP or HTTPs request to a device. If the device doesn't respond or responds with thewrong string, the web server monitor is considered down.

Settings:Timeout (ms) - Designates the maximum amount of time in milliseconds that Ping will wait for aresponse from the target.

Port - Designate the port of the web server

HTTP or HTTPS - Designate the type of traffic for the monitor

Active DirectoryMonitors the status and performance of application specific counters for Active Directory server.

Exchange ServerMonitors the status and performance of application specific counters for MS Exchange server.

Settings:Services - Capture data like Imap4, POP3, and Transport.

Specific Processes - Capture data like system processor and store

Counters - Capture data like transport queues and logical disk

SQL ServerMonitors the performance counters for SQL Server.

Settings:Services - Capture data like SQL Browser and writer.

Specific Processes - Capture data like processor and privileged time.

Counters - Capture data like database transactions, buffer manager, latches and locks

Windows ServicesMonitors critical windows services for up, down, disabled status and detailed information.

DNS, NETBIOSDNS monitor sends a DNS lookup request and ensures a value is returned.

Settings:Resolve NetBIOS Name - Will resolve the NetBIOS name during the monitoring process.

p69


Resolve LMHost - Will resolve the LMHost during the monitoring process.

Resolve Host - Will resolve the Host during the monitoring process.

Resolve Forward DNS - Will resolve the Forward DNS during the monitoring process.

POP3Connects to a POP3 enabled server using the POP3 server and port information provided. Onceconnected, an attempt is made to retrieve the number of messages on the server and also to readthe 1st message in the list. If any of these attempts fails, the pop3 server is considered asnon-responding.

SMTPConnects to a SMTP server using the SMTP and port information provided. Once connected, anattempt is made to send a test message to the recipient selected using the SMTP server. If theseattempts fail, then we consider the smtp server to be non-responding.

Settings:Mail Recipient - Enter the email address for the test message

Log Group

Syslog ListenerReceives, logs and displays syslog messages from routers, switches, and any other syslogenabled device. Filter by facility, severity, date, host name, and key word.

Settings:Filters - Select the types of messages by facility and severity to be collected.

NetFlow/sFlow/JFlow/ptFlow CollectorProvides in-depth visibility into traffic network patterns and usage to determine how traffic impactsthe overall health of the network. Drill down into applications, conversations, devices will identifythe exact sources of spikes and burst to take proper actions. Learn how to enable NetFlow, sFlow, JFlow, and ptFlow.

Settings:

Uncheck TCP, UDP or ICMP if you do not wish to view that type of traffic.

Discard IP Traffic: Allows the user to disregard all traffic from the entereed IPs.

Configuration Backup - Cisco, HP, and Juniper Automatically backup configurations files for your Cisco, HP and Juniper routers and switches(note:HP and Juniper require Telnet read write credentials. Config files can be viewed and compared allin the same interface.

Settings:Timeout (ms) - Designates the maximum amount of time in milliseconds that the connectionwill wait for a response from the target.

Backup - Select running config and startup config

Application Event LogsReceives and displays complete information for application event logs from Windows devices foryou to detect occurrences or problems. Ability to set filters by event type.

Settings:

p70


Event Type - Collect errors, warnings and/or information logs. Use Ctrl to select more than onelog file type.

Security Event LogsReceives and displays complete information for security event logs from Windows devices for youto detect occurrences or problems. Ability to set filters by event type..

System Event LogsReceives and displays complete information for system event logs from Windows devices for youto detect occurrences or problems. Ability to set filters by event type.

Settings:Event Type - Collect errors, warnings and/or information logs. Use Ctrl to select more than onelog file type.

Networking Group

Network Interface TrafficMonitors network interface performance for a device by showing the percent of capacity orthroughput. Tracks the inbound and outbound traffic for each network interface in the device.

Network StatisticsProvides Netstat information of active connections and their state for a device.

IP ConfigurationProvides IP configuration details like IP Address, Subnet Mask, and Default gateway for a device

Network Statistics Summary Provides Network Statistics including, Last Boot Time, Snmp In Packets, Snmp Out Packets,Icmp In Messages, In Errors, In Destinations Unreached, In Time Exceeds, In Parm Probes, In SourceQuenches, In Redirects, In Echoes, TCP Max Connections, Current Established, Active Opens, PassiveOpens, Failed Attempts, Established Resets, In Errors Out Resets, UDP In Datagrams, Out Datagrams,No Ports, In ErrorsPorts Group

TCP PortsCreates a TCP client and attempts to connect to the defined port to determine if port is opened orclosed.

Settings:Timeout (ms) - Designates the maximum amount of time in milliseconds that the connectionwill wait for a response from the target.

Selected Ports - Enter the ports to be monitored. Seperate ports by a comma.

Wireless Group

Cisco WirelessAbility to monitor wireless networks and gain visibility into wireless access points, clients andsessions. Monitors key variables on access points, including signal strength and quality.

Voip Group

Voip Manager Settings Displays the Dial Manager Configuration

Voip Manager Status Lists the Voip Phone Status

p71


Voip Active Calls Lists the Active Voip calls.

Voip Call History Displays Call History.

IP SLA Displays IP SLA Overview, Call Path Statistics, Call Path Jitter Chart, Call Path MOS Chart, CallPath Latency Chart, and Call Path Packet Loss Chart.

Call Manager Registration Status

DevicesDevices Overview

Devices is an easy way for you to add or remove devices from a policy with a simple click.

Add Device(s)Provides a catalog of devices for you to add one or many of them to a policy.

Remove Device(s)Allows you to remove a device(s) from a policy. Highlight the device and select the remove button.

Remove All MembersAllows you to remove all devices in a policy. A helpful utility when there are many devices.

AlertsAlerts Overview This software automatically notifies you when network performance degrades, allowing you to fix problems before anyimpact on user and customer experience. Through a simple wizard, you can configure alerts for multiple conditions thatmeet the needs of your network. It monitors network events, traffic, and conditions to create a performance baseline whichensures that you don’t get inundated with false-positive alerts from normal network activity. Additionally, it can automaticallyescalate critical alerts until the problem is resolved and can suppress alerts for scheduled network maintenance.

Send alerts via email and SMS when network trouble arises Configure network alerts for interrelated events or conditions Escalate network alerts automatically for unresolved issues Ensure you don’t receive unnecessary and false-positive notifications

Add New Alert

Step 1: Click on New.

Step 2: Enter a Name for the policy and select enabled or disabled.

Step 3: Select a Notification if desired: Conditions met, Actions complete, and Alert reset. Set the email addresses thatyou wish to send the email alert to in the To and CC fields.

Step 4: Configure Alert Reset Options by checking desired boxes and adjusting time condition.

Step 5: Configure the Conditions, Actions and Escalations options.

p72


New ConditionAllows you to set the performance thresholds for monitors at which alerts are triggered. Conditionscan be set for all the monitors.

Note: A condition will only work if the associated monitor is enabled for a device. For example, theCPU montitor must be enabled for an alert to work on CPU over 90%.

Conditions include: Active Directory Counters Processor, Application Event Log, ConfigurationFled, Disk %, Disk Free Size, Exchange 2000 Counters, Exchange 2003 Counters, Exchange2007 Counters, HTTP, Memory, Network Adapter Status, Network Adapter Traffic, NetworkAdapter Traffic %, Ping Average Latency, Ping Average Packet Loss, Ping Response, POP3,Processor, Program Found / Not Found, Process Status, Security Event Log, SMTP, SQL ServerCounters, Syslog, System Event Log, TCP Ports, Windows Service Status, Software InventoryChanges, Windows Service Status, VoIP Average Latency, VoIP Average Packet Loss, VoIPAverage Jitter, VoIP Average MOS and VoIP Average MOS Range.

New ActionPersepctive can take actions on a device for you if the conditions are met. The inventory ofactions includes for Windows: Start Service, Stop Service, Pause Service, List Services, CreatProcess, Kill Process, List Process, List Process Top Cpu Usage, List Process Top MemoryUsage, List Process Top Read from Disk, List Process Write to Disk, List Network Statistics,Shutdown Restart, IP Config Info for Host, Route Table Info for Host

Linux: Start Linux Process, Kill, Linux process, List Active Connections, List Daemon Processes,List Directory Details, List File System Details, List Installed Packages, List IP Config Details, ListMemory Status, List Network Statistics, List Routing Table, List Running Processes, List Top CpuDetails, Shutdown Linux

Networking: Send a Syslog message

New EscalationAllows for notification to be sent when an alert has not been reset or addressed for a specificperiod of time. For example, if an alert is not reset after 30 minutes, send another notification tothe entire IT Department.

New Reset ConditionAllows you to set the performance thresholds that need to be met in order for an alert to be reset.This helps you ensure that the device is back to optimal performance.

Step 6: Click Ok to complete the process.

Scheduled ActionsScheduled Actions Overview This software can execute scheduled actions automatically to restore services when a failure occurs, including restartingapplications and windows services, or rebooting servers. Network administrators can focus more time onrevenue-generating initiatives by automating remediation.

Trigger self-healing scripts when specific network conditions exist Inventory of scripts for Windows and Linux devices

p73


Set scheduled actions for routine device and network maintenance

Add a New Scheduled Action

Step 1: Click on Add

DescriptionAdd details regarding the action.

SettingsSelect checkboxes for Enabled will enable or disable the action.

Notify on Start - Checking this box will send a notification to inform that the action has started andthe condition has been met.

Stop on Failure - Checking this box will send a notification to inform that the action will be stoppeddue to reset conditions being satisfied.

Notify On Finish - Selecting this option will send email to inform when the action has beencompleted.

NotificationsConfigure the To and CC addresses that will receive the action notifications.

RecurrenceSet the desired interval for the notification emails.

Step 2: Click Add

WindowsStart Service, Stop Service, Pause Service, List Services, Creat Process, Kill Process, ListProcess, List Process Top Cpu Usage, List Process Top Memory Usage, List Process Top Readfrom Disk, List Process Write to Disk, List Network Statistics, Shutdown Restart, IP Config Info forHost, Route Table Info for Host

LinuxStart Linux Process, Kill, Linux process, List Active Connections, List Daemon Processes, ListDirectory Details, List File System Details, List Installed Packages, List IP Config Details, ListMemory Status, List Network Statistics, List Routing Table, List Running Processes, List Top CpuDetails, Shutdown Linux .

EditAllows the user to configure created actions.

RemoveRemove selected action.

Remove AllRemove all actions for the current policy.

p74


Step 3: Click OK.

ReportsReports Overview

Reports enables you to generate reports for all collected network data. Any report can instantly be printed, emailed, andsaved. You can drill down into specific time periods or events or change chart type with a single click – a feature that isparticularly useful when troubleshooting issues. Leveraging the report scheduler, email reports on a daily, weekly or monthlybasis to colleagues and executive management.

Delivers critical information on monitors devices in an easy to read format One click configuration of time periods and data type for any device Schedule automatic reports for staff and executive management Plan future resource requirements leveraging historical trends reports

Learn more:

Run a Report

Change Report Type

Change Report Period

Change Device for Report

Email a Report

Export a Report

Run a ReportRun A Report

Step 1: Select the Type of Report you would like to run from the list on the left hand menu pane.

Step 2: Select the Device(s) to be displayed in the report.

Step 3: The Results will be displayed in both graph and /or list form in the right window pane.

Learn more:

Change Report Type



Email a Report

Export a Report

Scheduled Reports

p75


Change Report TypeChange Report Type

Step 1: Change Report Type via the drop down menu to quickly view other monitors associated with the device(s).

or

Step 1: Select the Type of Report you would like to run from the list on the left hand menu pane.


Learn more:

Run a Report



Email a Report

Export a Report

Scheduled Reports

Change Report PeriodChange Report Period

Step 1: Change Report Period via the drop down menu to view data over different periods of time for the device(s).

Learn more:

Run a Report

Change Report Type


Email a Report

Export a Report

Scheduled Reports

Change Device for ReportChange Device For Report

p76


Step 1: Select the Select Device for Report button on the left side of the report window.


Step 3: The Results for the new device(s) will be displayed in both graph and /or list form in the right window pane.

Learn more:

Run a Report

Change Report Type


Email a Report

Export a Report

Scheduled Reports

Email a ReportEmail A Report

Step 1: Select Email button in the upper right corner of the window.

Step 2: Select HTML or PDF for the type of report that will be emailed.

Step 3: Enter the Email Address to where the report will be emailed.

Step 4: Enter the Subject for the report that will be emailed.

Step 5: Select OK to email the report and complete the process.

Learn more:

Run a Report

Change Report Type



Export a Report

Scheduled Reports

Export a ReportExport A Report

Step 1: Select Export button in the upper right corner of the window.

Step 2: Select the Location of where the report will be saved.

p77


Step 3: Enter the Name for the report that will be saved.

Step 4: Select the Save As Type as HTML or PDF for the report that will be saved.

Step 5: Select Save to save the report and complete the process.

Learn more:

Run a Report

Change Report Type



Email a Report

Scheduled Reports

Scheduled ReportsCreate a Scheduled Report

Step 1: Select Scheduled Reports button at the bottom of the left window pane.

Step 2: Select Add to select the type of report you would like to send on a schedule.

Step 3: Enter a Description for the scheduled report.

Step 4: Select the checkbox to Enable (or Disable) the report.

Step 5: Select Notifications and enter the email address(es) of where you want the report sent.

Step 6: Set the Recurrence for the scheduled report. Adjust the recurrence pattern based on Date, Time, and ActivePeriod.

Step 7: Select the Report Period you want displayed in the report. Options include Last Hour, Day, Week, Month and Year.

Step 8: Select the Device(s) for the scheduled report.

Step 9: Select the Email Format, either HTML or PDF, for the scheduled report.

Step 10: Click OK to schedule the report and complete the process.

Edit a Scheduled Report

Step 1: Highlight the report to edit and select Edit from the menu bar.

Step 2: Modify the settings as needed.

Step 3: Click OK to save the schedule the report and complete the process.

p78


Remove a Scheduled Report

Step 1: Highlight the scheduled report you want to remove.

Step 2: Select Remove or Remove All in the top menu bar.

Step 3: Click OK to save the schedule the report and complete the process.

Learn more:

Run a Report

Change Report Type



Email a Report

Scheduled Reports

Patch ManagementPacketTrap Patch Management for Windows PacketTrap Patch Management allows administrators to automatically manage and control critical Windows updates. Create multiple patch groups to accomodate your customer's needs.

Add / Remove Device Members Configure the type of update scans desired Set the schedule to check for updates and set installation date and time Configure Windows Automatic Update Configuration Granular control of each individual update

Patch Management Settings Preliminary Notes:

Under the device view, click on agent view under the customer location. On the right hand side you will see whether ornot patch management settings are enabled/disabled under "agent services."

Patch management is only available for Windows agents.

Patch Management Overview Creating a New Group: Under the "Patch Management" view tab, you can create a new patch management group byselecting "New Patch Management Group" directly underneath your branding logo on the upper left hand side.

Option 1: Under the Patch Management tab, select "edit" for the dedicated Patch Management Group. The first listedoption under "group details" is to control Windows updates using Patch Management. You can configure how often to scanand install in the options below for any day of the week and what time (on the hour).

Step 1a: All updates are listed below. Select the listed action under each title to edit the patch. The number ofpatches available for that title are listed below for which you can select "approve," "pending approval" or "reject."

p79


Option 2: Configure Windows Automation Settings by selecting the second option under "Group Details." Schedule thesettings for scanning and installing automatic patches with the options listed below. You can also select options to turnon/off automatic Windows updates per the options listed below.

Option 3: Select "Monitor Windows Updates" for a read only list of patch updates.

Note:

TicketingTicketing Overview

Our Ticketing feature allows you to generate tickets and assign them to an administrator for the issue to be solved.

How To

Preliminary Note: There are three ways to generate a ticket, each described below.

Method 1: Once under the Ticketing tab feature, select on "New Ticket" in the upper left hand screen window.

Method 2: Under the devices view for the dedicated customer in the left hand side of the screen, click on "edit policy" in theupper right hand side or right click on the dedicated policy and select "edit policy." Double click or click "edit" on any of thealerts. Under "alert reset options" check mark "require manual reset." You can now generate a ticket by checkmarking"generate service ticket when alert is triggered. Edit the severity and priority of the alert as necessary.

Method 3: In the dashboard view, click on "alerts and logs" on the left hand side. Click on any of the alerts and select"create ticket."

Note: Under the ticketing tab, choose the customer whom the trouble ticket belongs to as well as the appropriated device.Then add the status of the ticket and priority level. You can choose the administrator whom you want the ticket to belong to. Add any notes to be added detailing the description of the problem. Click "save."

Note: The system will create a ticket number for the issue and it will appear in the ticketing mainpage once the ticketis saved.

Additional Notes

Filter by ticket number, customer, date, description, status, severity level, priority, user, source of hours worked. Click on "edit" to edit any of the ticket information.

AdministrationAdministration

Administration provides you with many of the configurations options. The right pane offers the Platform Informationincluding the Server IP, the DNS of the server, the server software version, the number of interfaces being monitored, thenumber of devices, and finally the number of users.

Learn more:

Baseline Configuration

Check for Updates

p80


Credential Store

SMTP Settings

User Management

Agent MigrationAgent Migration Overview

1. Select the Customer to migrate agents from and to.

2. Choose the devices listed for migration and select migrate.

3. Agent migration complete. The agent will now show under the new customer in the devices section.

Auto Patch SettingsAuto Patch Settings Overview

Check the "Automatically Patch" box to automatically receive patch updates. If you disable auto patch settings, you willneed to manually use the check for updates in the administration section to update your software.

Baseline ConfigurationBaseline Overview

Performance Baseline automatically analyzes collected data to identify changes in network behavior and establishes abaseline that represents the regular and expected activity of a device and network. The established baseline accuratelyreflects your organization’s use of the IT infrastructure by taking into account patterns and variations in usage – for example,increased processor utilization on Monday mornings at 9:00am. Performance Baseline continuously logs subsequent activityof a device and compares it to baseline. Once irregular behavior is detected, it produces a qualified alert that containsdetails to be used as a starting point to help guide the troubleshooting and remediation process.

Reports more accurately on the device monitors that vary during a business cycle Identifies abnormal increases and decreases in network utilization, performance, and quality to shorten mean time

to repair Eliminates false positive alerts caused by normal behavior on the network Reduces manual configuration for administering setting and thresholds

Baseline Configuration

Step 1: Determine the number of weeks you would like to calculate baseline from. This setting can range from 1 to 4 weeks.Any alerts based on performance baseline will start enacting after one week of data collection and analysis, even if yourperformance baseline is set for 4 weeks.

Step 2: Determine the week day groupings. You can group the days of the week to make baselines more accurate andreflect how the network is utilized in your company. To group any set of days, simply give those days the same number. Forexample, if your network load is the same Monday to Friday but lower on the weekends, then set Monday to Friday to thesame number (e.g.1) and set Saturday and Sunday to a different number (e.g 2). To have each day be its own baseline, seteach day to a different number (e.g. 1 - 7).

p81


Note: All settings take effect immediately, and can be changed at any time.

Branding ConfigurationBranding Overview

Branding configuration allows the administrator to upload icon and background images. These images will rebrand thesoftware for all users that login to the Studio or Web studio.

Branding Configuration

The Branding configuration dialogue allows the administrator to implement the look and feel of the software for his / herparticular brand. The applied changes take effect the next time the user logs into the studio or web studio

Enable branding: Check the box to enable this feature Company name: This name will appear in all dialogues in the Studio Contact email: Set the email address that will appear Copyright text: The entered text will appear to the right of the copyright logo Logo Image: Click the Set button to browse for a logo image Background Image: Click the Set button to browse for a background image Logo/Background preview: Displays a preview of the changes

Note: Branding will take effect the next time you launch a studio or browser.

Check for UpdatesCheck for Updates

This software comes with a robust software updating system that ensures the product is always running the latest andgreatest software release.

Manual Update

Step 1: Select Admin from the main Menu Bar.

Step 2: Select Check for Software Updates button to see if an update is available.

Step 3: Select Update Now to pull down the software updates and apply them. The software will close and openautomatically .

* Note: Pre-existing MSP installations may still use 5054 (TCP) for agent communication. Once the PacketTrap server hasbeen updated, the existing agent installations will continue to use port 5054 until the agent software updates. As soon asthe agent software has update, the agent will connect using the new port 5053 and will continue to use only port 5053 foragent communication.

Auto Update

Upon launch, the software will check for any updates available at the patch server. The software will automatically pull theupdates and store in cache. They will be applied the next time the software is launched.

p82


Credential StoreThe Encrypted Credential Store is a convenient, protected store of SNMP, WMI, SSH and FTP credentials shared by alltools and gadgets which require them. It uses standard AES 256-bit encryption.

Configuring Encrypted Credential Store

Step 1: Click Admin on the Main menu. Select Encrypted Credential Store.

Step 2: In the opened Credential Store dialogue box, click on New.

Step 3: From the dropdown menu next to Type select the type of credential protocol you wish to configure and save. Theconfiguration of each of the three choices displayed is described in the following three sections.

Configuring SNMP V1 and SNMP V2c

Step 1: From the dropdown menu next to Type select SNMP V1/2c


Step 3: Enter the appropriate Community string.

Step 4: Check Show if you wish the community string characters to be displayed in the dialogue box. Leave it unchecked ifyou wish the characters to be obfuscated.

Step 5: Click Save. Your friendly name and related community string will appear in the dropdown menu of the dialogue boxfor any relevant tool or gadget.

Configuring SNMP V3

Step 1: From the dropdown menu next to Type, select SNMP V3


Step 3: If a Context is necessary for the protocol being defined, check the enable box next to Context and enter the contextname in the text box.

Step 4: In User name enter the name of the user with access to the device.

Step 5: In the Authentication section in the dropdown next to Type, select the appropriate hash function type for theprotocol being defined.


Step 7: In the Encryption section in the dropdown next to Type, select the appropriate encryption type for the protocolbeing defined.



Configuring WMI

Step 1: From the dropdown menu next to Type, select WMI

p83



Step 3: Enter the Domain name and the User Name and enter the Password (renter to verify).


Configuring Telnet/SSH

Step 1: From the dropdown menu next to Type, select Telnet/SSH


Step 3: Enter the User Name and enter the Password (renter to verify).

Step 4: Enter the Cisco Enable Password (renter to verify). If left blank, your Telnet password will be left blank.

Step 5: Select the Protocol to be used - SSH or Telnet


Configuring SMTP

Step 1: From the dropdown menu next to Type, select SMTP


Step 3: Enter the Hostname or IP Address of your SNMP server.

Step 4: Enter the designated SMTP Port. By default, it is port 25.

Step 5: Select box for SSL Enabled or Disabled for your SNMP Server.

Step 6: Enter the name of your Domain.

Step 7: Enter your User Name for the Domain.

Step 8: Enter the Domain Password twice to Verify Password

Step 9: Select Save to complete the process.

Configuring POP3

Step 1: From the dropdown menu next to Type, select POP3


Step 3: Enter the Hostname or IP Address of your POP3 server.

Step 4: Enter the designated POP3 Port. By default, it is port 110.

Step 5: Enter your User Name for the POP3 Server.

Step 6: Enter the POP3 Server Password twice to Verify Password

Step 7: Select Save to complete the process

p84


Flow ConfgurationFlow noise filter threshold

This software has the ability to filter out network flow data (NetFlow, sFlow, and J-flow) based on size of conversation. Setthe "noise threshold" for individual conversations (source IP, destination IP, source port, destination port and protocol) foreach interval. Conversations that fall below the threshold for each time period will be discarded.

Filter thresholds: 1-minute-data noise threshold, 5-minute-data noise threshold, 30-minute-data noise threshold,2-hour-data noise threshold, 1-day-data noise threshold.

License UpdateLicense Update Wizard

The License Update Wizard will download updates for the following components: Network Flow Analyzer Module, RemoteAgent Module, VoIP Monitoring Module, Wireless Monitoring Module.

Licenses may also be entered manually by entering into the 'Product key' field.

A Configure proxy link is also provided if needed.

Port Management Overview

Port Management configuration allows the administrator to change the display of certain tcp ports. For example, tcp port ‘5054’ can be configured to display ‘login’ in the Tcp Monitor configuration screen. The Port Management settings alsoappear in Netflow / Ptflow Application results as well.

Configuration

Step1: Select Port Management icon from the list of utilities in the administrrations section.

Step 2: Scroll down the list to re-name a specific port. Or, scroll to the bottom of the list to add a new port anddescription.

Step 3: Click OK to complete the process.

Retention ConfigurationThe data retention settings can be adjusted to monitor certain data types. These include DNS, MAC, Ports, Networkadapter configuration, Hardware inventory, Software inventory, Process, Windows services, Exchange, SQL Server, Activedirectory, Base device information, System event log, Application event log, Security event log, Syslog, Cisco config, HTTP,SMTP, POP3, Network services, and Network addresses. The number of days retained can be adjusted by anyadministrator.

SMTP SettingsSMTP Settings

p85


This software has the capability to email alert notifications and scheduled reports. These are critical components for any ITdepartment to make sure they are aware of any issues immediately. Thus it is important that you configure your SMTPsettings as soon as possible.

Step 1: Assign a Configuration Name.

Step 2: Assign the From Email Address. If email will only be sent to internal email addresses, then the From email addresscan be fake. (e.g. [email protected]) If email will also be sent to external email addresss like Gmail, then the From emailmust be a valid email address.

Step 3: Configure the SMTP Server and Port. The default is Port 25.

Step 4: Enter your Logon User Name and Password.

Step 5: If your email server requires secure socket layer (SSL) encryption, then enable by selecting the checkbox.

Step 6: Save your SMTP Settings.

Step 7: Select Test Account Settings. Enter an email address to verify that you have configured it properly. A test email willbe delivered to the email account.

Studio DeploymentStudio Deployment Overview

You can choose a customer to deploy the thin client studio to install on a customer's machine.

Studio Deployment Steps

Step 1: Select your customer to deploy the studio to.

Step 2: Click "Copy URL" or "Email URL" to choose the location. Paste the URL into a web browser and the Studio is readyto launch.

User ManagementUser Management Overview

User Management allows the administrator to create, edit, manage and delete additional users. User Management providesfor three types of users: System Administrator, Site/Customer administrator, and Read-only.

User Configurations

Create a new user. Assign the user to desired site/customer. System administrator can view and make changes to allsites/customers. Also, the system administrator can create/manage users of all levels. The organization/customeradministrator can view/manage particular site(s) as determined by a system administrator. The organization/customeradministrator cannot create/manage additional users. Each new user requires the following fields:

Username: login name Email: The associated email address Authority: Set the user’s privileges. The three levels are Read-only, Customer/organization administrator, Systemadministrator Password / Verify password: Set the user’s password

p86


Invite user to connect via Hostname/IP: sends an email invitation for the user to connect with the selectedHostname/IP Customers/organizations: Select the Customer(s)/organization(s) that the user will have access to Preferences: Set the Auto-run go live settings when device details is selected

Foglight NMS -...

Documents

Transcript of Foglight NMS -...