1 2 3 Previous Next

Monitoring Central

32 posts

Dashboards are important. Your NOC is an essential avenue for collecting and relaying information about your network, and combined with a finely crafted set of alerts there’s nothing that can get past you. Not only are dashboards effective, but they just look so stinkin’ awesome when done properly. In this post I’m going to focus on my ‘Dashboard Philosophy,’ which is all about efficiency, information, and design. A dashboard should display the most data possible in the space that you have, it should include pertinent information that summarizes your environment, and it should look good doing it. Let’s talk about what the SolarWinds® Orion® Platform brings to the table to help make our dashboards the best they can be.

 

  1. NOC Views

Using the NOC view feature is a must. These space-saving views allow you to combine multiple sub-views that can be set on a rotation. Creating one is easy: simply add a new summary view, edit it, then enable left navigation and the NOC view feature. Here you can enter an interval for how often the NOC view rotates between individual sub-views. If you aren’t using NOC views, you’re wasting valuable space on your dashboards! Enter NOC mode, full-screen your browser window, and bask in the glory of a massive canvas to display all your fancy metrics and charts. Rob Boss would be proud.

 

     2. Network Atlas

Admit it, you both love and hate Network Atlas. It’s an incredibly useful tool that requires a bit of extra patience, but the results can be amazing once you get the hang of it. As Henry David Thoreau probably once said, “SolarWinds Network Atlas is but a canvas for your imagination…” or something like that. Check out this amazing example from THWACK® user spzander:

 

 

Hungry for more? Here is some of my favorite THWACK content for tuning your Network Atlas skills and getting the creative juices flowing:

 

10 Hidden Gems in Orion Network Atlas

Using Custom Properties to send messages to your NOC using Network Atlas

The “Show us your Network Atlas Maps” thread

 

     3. PerfStack

With the release of NPM 12.1 came a game-changing new feature… PerfStack. This new charting tool allows you to quickly and easily create attractive charts that contain the data you need while optimizing page space. PerfStack is what makes you, the monitoring professional, shine when an application owner is looking for a way to view monitoring data for their systems. Check out the original release notes for PerfStack here. Since its first iteration, the SolarWinds team has been putting a lot of work into this tool. With PerfStack 2.0, they have added support for many major Orion modules including VMAN, SAM, VNQM, NCM, and DPA, along with a pile of new features such as fast polling, syslog/trap support, quick links, and full screen mode (which makes a great dashboard). As of this post, the next iteration of PerfStack is available in the latest NPM 12.3 Release Candidate and includes… drumroll please… A PERFSTACK WIDGET FOR YOUR DASHBOARDS!

 

 

Here we have a node detail view… WITH PERFSTACK! You can do the same thing with any view type in Orion, including Summary Views (which means dashboards). For dashboard nerds such as myself, this is truly a good day. Sign up for the NPM RC program for more details and awesome sneak peeks at what SolarWinds is doing to improve tools like PerfStack.

 

     4. AppStack

This is really one of the most efficient ways to display a mass amount of information in such a small space. AppStack is a one-size-fits-all tool that will satisfy your devs, their managers, and your director. An efficient dashboard should have MAXIMUM information in MINIMUM space, and AppStack is the answer. Whether you only have SAM or you’re running multiple products on the Orion platform the AppStack widget gives you a flexible, filterable, and fun-tastic (I couldn’t think of another word that started with ‘f’) resource to add to your dashboards and NOC views. There’s not much more to say. It’s the perfect widget for my Dashboard Philosophy.

 

     5. SWQL and Other Advanced Methods

Are you a dev nerd? Do you like to yell at code until it bends to your will? Are you ready to bring your SolarWinds deployment to an unreasonably awesome level? With a little bit of fidgeting and some help from THWACK, you can create your own charts, tables, dashboards, maps, and much more. Check out this post from THWACK MVP CourtesyIT, which has a master list of all the amazing ideas and customizations that have been posted in the community. Be sure to check out the section from THWACK MVP wluther:  he’s got some great content specifically tailored to dashboards. One thing to always keep in mind when using more advanced methods… SolarWinds support may not be able to assist you with the bending of spacetime. Fidget at your own risk!

 

In my opinion, one of the most powerful tools for creating custom resources is SWQL, the SolarWinds Query Language. With it, data is your slave. THWACK MVP mesverrum makes it easy in this post, where he provides an awesome example of how to create your own custom SWQL tables.

 

     Results

Let’s put all this together and create a shiny new dashboard that follows the idea of efficiency, information, and design. We need something that doesn’t waste space, contains useful data, and looks awesome. Something like this:

 

 

First thing’s first… we’re using the NOC view, indicated by the black bar at the top with the circles in the upper-right corner that represent the various sub-views in rotation. We have a map from Network Atlas (upper left), a PerfStack project added as a widget (lower left), AppStack (lower right), and a custom SWQL table that displays outage information (check out mesverrum's post about it here).

 

And there we have it! Five useful tools that you can use to make your dashboards amazing. Be sure to post your creations in the community. Here are some threads for NOC views and Network Atlas maps. Now go forth and dashboard!

Let’s be honest, all of us need an SSH client from time to time. And when that SSH client is needed, most of us just use the standard PuTTY tool without question. Does this mean that PuTTY is a really good tool? Sure, it is… but could it be even better? We believe so. And we decided to prove it.

 

After months of development, we’re happy to introduce you to SolarWinds® Solar-PuTTY, an enhanced version of the most popular SSH client on the internet. We like PuTTY for its reliability and speed. And when you have to change anything on the server remotely, it’s still a decent choice… until you need to manage saved sessions, or if you’d like to connect to more servers at one time, or if you want to use the same script 100 times.

 

In all these scenarios, PuTTY has its limits. And at SolarWinds, we don’t like limits. So, we went beyond them and pushed PuTTY to the next level.

 

So, what are the key benefits of using Solar-PuTTY as your SSH client?

  • A new, fresh, browser-like interface—it’s easy to navigate, and everything is available in just a few clicks
  • Manage multiple sessions from a single console with a tabbed interface—you don’t have to run countless instances of the tool when you need work on more machines at the same time. All sessions are available in a single console with info about the name and status
  • Save your sessions, credentials, or private keys for easy login—you can access any saved session from the homepage with a single click. Usernames, passwords, and private keys can be stored and linked to one or multiple sessions when it’s needed
  • Filter saved sessions based on IP address, hostname, login, or tags—start typing into a search bar, and Solar-PuTTY will apply the filter in real time.
  • Automate all scripts you’re using when a connection is established—is there a set of commands you need to use right after initializing a telnet connection? When you need just a minute to do it one time, it sounds like no big deal… but what about a situation where you need to do it 100 times per a day? Save the script once and let Solar-PuTTY do it automatically
  • Auto-reconnect to a timed-out session—what if something goes wrong? Solar-PuTTY gives you details about what happened and the option to reconnect to the server with a single click. You don’t have to set up everything from scratch
  • Last but not least, Solar-PuTTY is available for free

 

As you can see, Solar-PuTTY keeps all the strengths of the original open source tool and adds the most-demanded features to bring you the best possible experience with SSH clients on the market. It’s time to say goodbye to Excel® spreadsheets and start managing your remote sessions in a more professional way.

What are you waiting for? Click the link below to download your Solar-PuTTY free tool by SolarWinds. No installation needed.

Solar-PuTTY Software – Download Free SSH Client

You’ve been asking and we’ve been listening.  We are excited to announce that the newest member of the SolarWinds product family, Log Manager for Orion, is now available for trial.  Built on the Orion Platform, Log Manager provides unified infrastructure performance and log data in a single console. No need to hop back and forth between your infrastructure and log monitoring tools.

 

Through platform integration with Network Performance Monitor, Server & Application Monitor, and other Orion based products, Log Manager closes the gap between performance and log data.  With Log Manager you get:

 

  • Log aggregation
  • Filtering by Log Type, Level, Node name, IP Address, and more
  • Keyword, IP address, and Event ID search
  • Interactive log charting
  • Color-coded event tagging

 

To learn more about Log Manager, visit the Log Manager Thwack Forum or to try for yourself in your environment, download a free trial.

Let’s face it. Traceroute is not what it used to be.

 

Van Jacobson and Steve Deering created the original “Traceroute” in 1987. They discovered it by editing the IPv4 packet header’s TTL field, so that they could derive a path from the packets being taken from each network hop. Network professionals quickly realized how valuable this tool was in terms of solving daily network issues. However, in recent years, Traceroute has not scaled to adapt to modern technologies, and has lost most of its useful functionality.

 

We note the following issues: When probing the network, the ICMP and UDP packets are blocked. The paths that the tool indicates, often don’t exist. And, ridiculously enough, there is no history function available. Even Ping has that! The list of issues is so vast that we’ve actually been able to find scholarly journal articles on the subject.

 

What’s the good news? The good news is that SolarWinds fixed Traceroute, and is offering it for free!

 

SolarWinds® Traceroute NG is a standalone free tool that effectively offers path analysis visibility via a CLI. By all standards, it’s a new, improved, and fully functional version of the older Traceroute generation tool. Yielding results in mere seconds, it provides an accurate single path from source to destination, and notifies users when the path is changed.

 

This new and improved version of Traceroute delivers the following information:

  • Number of hops
  • IP addresses
  • Fully qualified domain names (FQDNs)
  • Packet loss measured as a percentage
  • Current latency and average latency (ms)
  • Continuous probing that yields an iteration number for the user
  • Probe type used (if TCP, it also shows the port probed)
  • Issues (change in path, inability to reach destination)

 

SolarWinds Traceroute NG is able to get through firewalls, supports IPv6 networks, and can create a txt logfile containing the path number, probing time from source to destination, number of hops, IP addresses, FQDN, packet loss percentage, and average latency. It’s also able to copy data from the screen via the clipboard (copy/paste functionality), switch the probe type between ICMP and TCP using the switch command, and enable logging using the logging command, all while you’re probing simultaneously.

 

To sum it all up, Traceroute NG by SolarWinds brings back the power of the old Traceroute with new functionalities and capabilities that are adapted to modern technologies, so that you may once again reign supreme over the paths of your network, and never be lost when probing your long journey across the vast world wide web.

 

We hope you will enjoy this powerful new free tool. Click on the link below to download your Traceroute NG free tool by SolarWinds.

 

Traceroute NG Software - Download Free Traceroute Tool | SolarWinds

 

To find out more about what you can do with SolarWinds Traceroute NG, be sure to have a look at this article: Troubleshoot your network with a new free tool – Traceroute NG


 

Are IP requests for virtual machines overwhelming your current IP address management practices?  You are not alone. In a June 2016 survey of IP Address Manager customers[1], 46% of respondents stated that virtual machines were creating challenges for managing IP addresses for their company.

 

Independent author Brien Posey explores this topic in the whitepaper “Overcoming IP Address Management Challenges in VMware Environments.” A challenge with virtual environments is that their dynamic nature can quickly lead to depleted address pools if IP addresses are not quickly de-provisioned. Utilizing DHCP services is a less than ideal solution, as IPs can be tied up by lease expiration dates. Using manual processes for provisioning IP addresses is another option, but this can be slow, error-prone, and limit the dynamic scaling of virtual environments. DNS records obviously must also be updated in tandem.

 

A solution to overcoming these IP address management challenges is fully automating the process of provisioning IP addresses and updating DNS records. VMware developed vRealize® Automation (vRA) to automate tasks in virtual environments. However, as Brien discusses, vRA was not designed to be a comprehensive IP address management solution, thus the need for third-party solutions to fill this gap. SolarWinds® IP Address Manager (IPAM) helps overcome this limitation by providing a plug-in for VMware® vRealize Orchestrator (vRO). The plug-in provides actions and workflows critical for managing IP addresses and DNS records. These actions and workflows integrate with vRA and enable the creation of blueprints to automate the provisioning and de-provisioning of VMs.

 

To learn more about this topic, please read Brien Posey’s whitepaper, and attend the live webcast coming up February 21, where our very own IPAM Product Manager Connie Dowdle will take you through a demonstration of the plug-in and the latest and greatest that SolarWinds IPAM 4.6 has to offer.

 


IP Address Manager customer survey, June 2016, survey result


 

Reliable, recoverable backups have always been fundamental to a well-run data center. But the technology we use to accomplish that goal keeps reinventing itself. The old systems never quite go completely away, even as newer options come onto the scene. Too often, this results in a complicated mix of tools and media that can be a real headache to manage.

 

At one point, tape was the only storage medium, and the ubiquitous Iron Mountain® trucks hauled loads of tapes from place to place on a regular schedule. While those trucks haven’t gone away, today, they’re supplemented with disk and cloud storage.

 

Do you remember the simple days, when physical servers were the only thing needing protection? Traditional backup products were designed for this world, but increasing adoption of server virtualization led to new market leaders, like Veeam, with a virtual-first approach. Then laptops and an array of mobile devices needed protection.

 

Then came the cloud and SaaS applications. Every vendor sought to update their offerings to cover new use cases, new devices, and new storage options. Complexity multiplied, and prices went up and up.

 

Where does that leave you today?

 

In November, we surveyed the THWACK® community on server backup, and learned a lot. We heard from more than 500 of you that backup is too complicated, too time consuming, and too expensive.

 

Here are the top backup-related pain points our survey respondents listed:

 

We also learned, not surprisingly, that you’re using a diverse mix of products that represent every era of backup history. The largest section of the pie was “other”.

 

We believe there’s a better way. We decided to approach the problem with a few guiding principles:

 

  • Simplicity – One backup product for physical and virtual servers, for one price that includes software and storage. No add-ins or options, no hidden costs.
  • Ease of use – One web-based console to see all backup status at a glance, and drill down as needed.
  • Reliability – Easy to deploy, clean, efficient dashboard. Our customers tell us it “just works.”
  • Powerful technology under the hood – Innovative features working in the background to make backups and restores fast and efficient.

 

The result of this approach is SolarWinds® Backup, a cloud-first backup service designed for IT pros who are tired of spending hours every week managing their backups. While it’s a new offering from SolarWinds, the product has been in use for years among the MSP community, and is already trusted by thousands of organizations. Here’s what a few of them have to say:

 

- Justin Cremer, IT Professional, Libra IT

 

- John Treanor, IT Professional, Satellyte Technology

 

More customer comments and insights can be found on TechValidate®.

 

To learn more about SolarWinds Backup and begin your free trial, check out the Product Blog post. Find out how simple backups can be.

 

Update – February 7, 2018:

Cisco® updated their vulnerability advisory on Monday, February 5, 2018 after identifying “additional attack vectors and features that are affected.” What does this mean? If you patched last week, you may need to patch again. Be sure to read the advisory notice carefully to find out if your environment is at risk.

-------------------------------------

 

(Originally posted Wednesday, January 31, 2018):

 

What is it?

Earlier this week, Cisco revealed that there is a security vulnerability in the Cisco® ASAs, exposing these firewalls to remote attackers. Of course, now we all know about it, as does anyone who may want to exploit this opening. The good news: Cisco has released a critical update to address the issue. The bad news? There is no other workaround, so affected devices must be updated to be secured, and now you’re in a race against anyone who may be trying to take advantage. It’s worth noting that some FirePower devices are affected also, so read the Cisco post in detail to help ensure that you know where your vulnerabilities may lie.

 

What can you do?

Fortunately, if you have SolarWinds® Network Performance Monitor (NPM), our own KMSigma has created a report so you can quickly see if you have vulnerable devices. (For a refresher on implementing user-created reports, see How to export and import reports in the Orion® web console.)

 

Once you’ve identified affected devices, you can use Network Configuration Manager (NCM) to easily schedule, patch, and monitor your ASA devices using the firmware upgrade process. Are you running multi-context ASAs? No problem. The firmware upgrade path supports both single- and multi-context upgrades.

In this industry, it doesn’t take long to realize that discovering vulnerabilities of this nature—and subsequently addressing them—is a standard part of the job description. Having the right tools available can make a notable difference in how long your network is exposed and how much effort is required to remediate issues.

 

Tell us:

Were your devices affected? Have you already updated, and if so, did you use NPM and NCM to do so? Use the comments to tell us how it went. Were you affected but don’t have NPM or NCM? Download free 30-day trials of Network Performance Monitor and Network Configuration Manager today and see how they can help.

 

Learn more about Network Insight for Cisco ASA:

Did you know that SolarWinds added a new Network Insight feature for Cisco ASA in the NPM 12.2 and NCM 7.7 releases? Learn about all the functionality included in Network Insight for Cisco ASA.

Keeping a network up and running is a full-time job, sometimes a full-time job for several team members! But it doesn’t have to feel like a fire drill every day. Managing a network shouldn’t be entirely reactive. There are steps you can take and processes you can put in place to help reduce some of the top causes of network outages and minimize any downtime.

 

1. The Problem: Human Element

The dreaded “fat finger.” You’ve heard the stories. You may have done it yourself, or been the one working frantically late into the night or over a weekend to try to recover from someone else’s mistake. If you’re really unlucky (like some poor employee at Amazon® last spring), the repercussions can be massive. No one needs that kind of stress.


The Protection:
First, make sure only the appropriate people have access to make changes. Have an approval system built in. And, since even the best of us can make mistakes, ensure you have a system that allows you to roll back changes just in case.

 

2. The Problem: Security Breaches

Network security is becoming more and more critical every day. People trying to break the system get better, and privacy needs for users gets higher. There are many critical elements to trying to keep your network secure, and it’s important not to miss any. It doesn’t do any good to deadbolt your door when your window is wide open.

The Protection:

Protect your devices from unauthorized changes. Monitor configurations so you can be alerted to any changes, see exactly what was changed, and know what login ID was used to make the change. Also, you should be regularly auditing your device configurations for vulnerabilities. Whether you have custom policies defined for your organization or need to comply with HIPAA, DISA STIG, SOX, or other industry standards, continuously monitoring your devices to help ensure your network stays compliant is one way to help.

 

3. The Problem: Lack of Routine Maintenance

Over time, networks can become messy and disorganized if there aren’t standards in place, increasing both the risk of errors and the time needed to resolve them.

 

The Protection:

Network standardization simplifies and focuses your infrastructure, allowing you to become more disciplined with routines and expectations. Naming conventions, standard MOTD banners, and interface names are just a few things you can do to help troubleshoot and keep a balance within your team and devices, allowing for better management and less human error.

 

4. The Problem: Hardware Failures

It’s not if hardware will fail, but when. Are you ready to make a speedy recovery? When a device unexpectedly goes down, it can have a big impact, depending on which device it is and what redundancies you have in place.

 

The Protection:

Ensure that you can quickly recover devices or bring a replacement online by having device configurations automatically backed up so you can quickly bring new devices online.

 

5. The Problem: Firmware Issues / Faults in the Devices

When you support hundreds of devices, required firmware updates can be tedious, and executing commands over and over increases the risk of error.

 

The Protection:

With network automation, you can easily manage rapid change across complex networks. Bulk deploy configurations to ensure accuracy and speed up deployment times.

 

Increase your uptime and reduce the challenges of keeping your network running smoothly so you can focus on other projects. With SolarWinds® Network Configuration Manager, you can bulk deploy configuration changes or firmware updates, manage approvals, revert to previous configurations, audit for compliance, and run remediation scripts. Take action today to reduce these five causes of network outages.

We just can't have anything nice, now can we?  Oh, well. We knew there would be new vulnerabilities and ransomware attacks in 2018. However, this time hardware is the culprit, and patching is not going to be a cure-all for the situation. Consider yourself warned: expect more slowdowns in 2018.

 

Stop and think about this for a second: as the days progress, we are literally learning how much this new vulnerability impacts us. Anyone who says they have the full solution is not being honest with you or themselves. What I would like to do is help you to see how you can use the tools you likely already have to make you more aware of past, present, and future vulnerabilities and threats. That said, let's move on to the importance of using SolarWinds tools to do just that.

 

SolarWinds® Patch Manager will allow you to update your Windows® machines to their Microsoft® patches. If you are currently using this product, you should already be scheduling and looking for these. I discovered that there can be some issues with third-party Windows antivirus or you might get the BSOD. Read more here, because the awesome chart helps clarify these issues and how to prevent them from happening to you.

 

Further, Patch Manager will allow you to schedule and report on your Windows devices regarding updates. The reporting is key to showcase your compliance and, in this case, start your baseline. Plus, just because you update your devices does not mean you are 100% in the clear. Updating your third-party packages is an added bonus with Patch Manager, a fact that is often overlooked though desperately needed.     

 

SolarWinds® Server & Application Monitoring (SAM) will help you validate your business, yourself, and your vendor support for any degradation that patching may have on your applications. This is something you will want to have in place as soon as possible. It allows you to see any anomalies that may present themselves to your applications after the patching is applied. And because SAM is multi-vendor, you’ll be able to address even broad-scale hardware issues. The avid SAM users among you will likely know even more tricks for using the software, and I encourage you to share your knowledge in the comments to help us all be more aware in terms of application-centric monitoring.

 

SolarWinds® Network Configuration Manager (NCM) comes helps when there are firmware upgrades\updates that need to be applied to impacted network devices. It also helps you to roll these out. There is a compliance reporting function built into NCM that will assist with audits automatically. Remember, this incident is ongoing, which makes NCM’s ability to import very helpful. In fact, you can plug into firmware vulnerability warnings provided by the National Institute of Standards and Technology (NIST). This puts you even further ahead of future vulnerabilities.

 

SolarWinds® Network Performance Monitor (NPM) is all about the baseline. If you have ever been to one of our SWUGs, you have heard me preach endlessly about baselines and their extreme importance. However, I understand that sometimes you need black and white in front of you to truly understand this. The mindset I’m currently following regarding this vulnerability looks something like this:

 

  1. Patched and we have our checkbox
  2. Monitoring our application performances
  3. Ready for updates to needed network devices
  4. Monitoring the common vulnerabilities database
  5. Waiting for any anomaly that may present its ugly face (my favorite)

 

 

We can now show that we have implemented the patching to put a Band Aid® on the issues that could present themselves. However, as I’ve already mentioned, this is not a full fix. A hardware option would be the best solution, but is obviously not available to billions of devices at this time. YOU ARE THE THE FIRST RESPONDER!

 

Using NPM in combination with the other tools that I have outlined allows you to verify the patching and the results. Also, if there are ticks or drops or spikes that do NOT match your current baseline, you can share that solid reporting and documentation with your vendor to work out the possible issue, which makes you part of the solution. Is there anything better than working at the edge of technological advancements to create countermeasures to vulnerabilities? NO. The answer is a solid NO.

 

If you don’t already have it in place, set up threshold alerting and monitoring on critical devices that are housing your applications. That helps ensure that you are alerted to anything out of the ordinary, allowing you to get things back on track. It also shows your team and other departments that you are fully invested in the integrity of application uptime and performance. Also, if you have DevOps, you really need the documentation and baselines to prove that perhaps the performance issue is not the in-house application, but an actual patching issue. That, right there, can save a lot of unneeded cycles through rabbit holes.

 

Please let me know if you have additional ways to protect and help through these beginning stages of 2018 vulnerabilities. The ideas we share could literally help the many of you who act as a one-person army fighting your way to the top!

 

Thank you all for your eyes,

~Dez~

 

In case you’d like more information on any of the products mentioned above, check these out:

 

SolarWinds® Patch Manager

SolarWinds® Server & Application Monitor

SolarWinds® Network Performance Monitor

SolarWinds® Network Configuration Manager

 

Other resources:

 

https://www.pcworld.com/article/3245606/security/intel-x86-cpu-kernel-bug-faq-how-it-affects-pc-mac.html

https://www.nytimes.com/2018/01/03/business/computer-flaws.html

 

Check out our Security and Compliance LinkedIn® Showcase Page for ideas on how to socialize this content: https://www.linkedin.com/showcase/solarwinds-security-and-compliance/

Follow our Federal LinkedIn page to stay current on federal events and announcements: https://www.linkedin.com/showcase/4799311/

Looking back through previous content, I came across this post by Jerry Eshbaugh.

 

SQL Server Two Ways - SAM AppInsight for SQL and Database Performance Analyzer

 

I read through it again and realized it still resonates in a big way. I’d like to add this foreword and bring it up to speed given some recent changes. SolarWinds® Database Performance Analyzer (DPA) wait-time statistics and resource metrics were recently added to the Performance Analysis view (lovingly known as PerfStack) in the Orion® Platform. I believe this addition gives IT professionals the end-to-end visibility they want. I know we all tend to exist in silos, but that doesn’t mean we don’t want greater upstream and downstream performance metrics.

 

Now you can easily see if your database performance is impacting application response time, and if storage latency is causing longer I/O related database activities. Also, you can view existing dependencies and what relates to what. These customizable dashboards are way cool!

 

If you haven’t had a chance to check it out, you have a couple of ways to do so:

  • If you own just DPA (without any Orion products), you can now download a standalone DPA Integration Module (DPAIM) from your customer portal as part of your existing license. That’s right! It’s free. You will be limited to DPA data only, as there are no other modules running to collect application, server, storage, and network data, etc.
  • If you already have another Orion product and are on the latest release, DPAIM may be installed (it comes with Server and Application Monitor for example), or you can install the DPAIM module from your customer portal on your Orion Platform.
  • If you aren’t ready to commit to a download, you can check out oriondemo.solarwinds.com and try out the Performance Analysis view. This might be a good start to play around with, but remember, it is demo data. Things may not line up exactly. Some of the data might be invented. The best way to get the most out of the PerfStack dashboard would be to look at your own data with it, which is infinitely more interesting!

 

Let us know what you think about it!

Jogging is my exercise. I use it to tune out noise, focus on a problem at hand, avoid interruptions, and stay healthy. Recently, I was cruising at a comfortable nine-minute pace when four elite runners passed me, and it felt like I was standing still. It got me thinking about the relationship between health and performance. I came to the conclusion that they are related, but more like distant cousins than siblings.

 

I can provide you data that indicates health status: blood pressure, resting heart rate, BMI, body fat percentage, current illnesses, etc. Given all that, tell me: can I run a four-minute mile? That question can’t be answered solely with the data I provided. That’s because I’m now talking about performance versus health.

 

We can also look at health metrics with databases: CPU utilization, I/O stats, memory pressure, etc. However, those also can’t answer the question of how your databases and queries are performing. I’d argue that both health AND performance monitoring and analysis are important. They can impact each other but answer different questions.

 

“What gets measured gets done.” I love this saying and believe that to be true. The tricky part is making sure we’re measuring the right thing to ensure we’re driving the behavior we want.

 

Health is a very mature topic and pretty much all database monitoring solutions offer visibility into it. Performance is another story. I love this definition of performance from Craig Mullins as it relates to databases: “the optimization of resource use to increase throughput and minimize contention, enabling the largest possible workload to be processed.”

 

Interestingly, I believe this definition would be widely accepted, yet approaches to achieving this with monitoring tools varies widely. While I agree with this definition, I’d add “in the shortest possible time” to the end of it. If you agree that you need to consider a time component in regards to database performance, now we’re talking about wait-time analysis. Here’s a white paper that goes into much more detail on this approach and why it is the correct way to think about database performance.

 

We can only get to the right answer regarding root cause if we’re collecting (measuring) the right data in the first place. Below is a chart with some thoughts on data collection requirements. Adapt as needed, but I hope it provides a workable framework.

 

Remember: don’t stop with asking “What can we do?” Take it to the next level and instead ask, “What should we do?”

Do you know how to protect your organization's sensitive data from today’s cyberthreats? One way is to arm the enterprise with a security information and event management (SIEM) tool. SIEM solutions provide a meaningful contribution to defense-in-depth strategies with their ability to detect, defend against, and conduct post-mortem analysis on cyberattacks and general IT security anomalies. Over the years, they have become a contributing force in meeting, maintaining, and proving a business’ alignment with regulatory compliance frameworks such as HIPAA, PCI DSS, SOX, and more. Let's take a look at how SIEM software works and why it's a must have for your business.

 

What is SIEM?

 

Predecessors of SIEM solutions, security information management (SIM), and security event management (SEM) began merging into one security system over a decade ago. When you run a SIEM tool, all your relevant security data can come from multiple locations, but you can look at all that data from one dashboard. Being able to access data across numerous locations and evaluate it in one location makes it easier to spot unusual patterns and trends, and react and respond quickly to any possible threats.

 

The SIEM software collects information from event logs spanning all your devices, including anti-virus, spam filters, servers, firewalls, and more. It then uses key attributes (IPs, users, event types, memory, processes, ports) that can indicate security incidents or issues to alert and respond quickly—and in many cases, automatically.

 

How Does SIEM Help With Security?

 

The event management portion of a SIEM solution stores and interprets logs in a central location and allows analysis in near real-time, which means IT security personnel can take defensive actions much more rapidly. The information management component provides trend analysis, as well as automated and centralized reporting for compliance by collecting data into a central repository. As a whole, a SIEM tool provides quicker identification and better analysis and recovery of security events by combining these two functions. Another advantage is that compliance managers can confirm they are fulfilling their enterprise's legal compliance requirements with a SIEM tool.

 

Advantages of a SIEM Tool

 

There are many advantages to using a SIEM tool, other than only needing one tool to monitor cybersecurity. SIEM systems can be used for different purposes, so the benefits will vary from one organization to another, but every organization that uses a SIEM tool will experience these main benefits:

 

  1. Streamlined compliance reporting. SIEM solutions leverage the log data from various devices across an organization or enterprise.

 

  1. Better detect incidents that otherwise might be missed. SIEM products enable centralized analysis and reporting for an organization's security events. The IT security analysis may detect attacks that were not found through other means, and some SIEM products have the capabilities to attempt to stop attacks they detect—assuming they are still in progress.

 

  1. Improve their efficiency in handling activities. You can save time and resources with a SIEM tool because you can respond to security incidents more quickly and efficiently. IT professionals can quickly identify an attacker’s route, learn who has been affected, and implement automated mechanisms to stop the attack in its tracks.

 

What to Look for in a SIEM Tool

 

What features should you be looking for when shopping for a SIEM tool? Here are just a few of the important questions to consider when evaluating SIEM solutions:

 

  1. Does the SIEM provide enough native support for all relevant log sources?

 

  1. How well can the SIEM tool enhance current logging abilities?

 

  1. Can the SIEM software effectively use threat intelligence to your advantage?

 

  1. What features does the SIEM product offer to help carry out data analysis?

 

  1. Are the SIEM's automated response capabilities timely, secure, and effective?

 

Stay Protected with SolarWinds Log & Event Manager

 

There are numerous SIEM tools to choose from, but SolarWinds® Log & Event Manager (LEM) offers valuable features that can help you improve both your security and compliance, with relative ease and with limited impact on IT budgets.

 

These are just a few of the features LEM provides:

 

  1. Detect suspicious activity. Eliminate threats faster by instantaneously detecting suspicious activity and sending automated responses.

 

  1. Mitigate security threats. Conduct investigations of any security events and apply forensics for mitigation and compliance.

 

  1. Achieve auditable compliance. Demonstrate compliance with audit-proven reporting for HIPAA, PCI DSS, SOX, and more.

 

  1. Maintain continuous security. Your efforts to protect your business against cyberthreats should extend to the choices of software you employ to do so. LEM is deployed as a hardened virtual appliance with data encryption in transit and at rest, SSO/smart card integration, and more.

 

Purchase SolarWinds Log & Event Manager Software

 

Visit us online today to learn more about Log & Event Manager and get a free 30-day trial of the software. Learn more about the key features we offer in LEM, and watch our informative video explaining how it works. Get answers to frequently asked questions and hear from some of our very satisfied customers. This SIEM tool is clearly an industry favorite. Click here to see how it can help your enterprise or organization stay safe and secure from cyberthreats with the SolarWinds Log & Event Manager software.

In today's landscape of security breaches and cyberattacks, it seems like no company or network is completely immune to cybercrime. In fact, you don’t have to search very hard in the news to read about another cyberattack that has happened to a big corporation. Thankfully, developers are constantly looking out for these threats and building important security patches and updates protect the data. Let's look at some of the major vulnerabilities and attacks that have happened in 2017.

 

Microsoft Security Bulletin MS17-010 (March 14, 2017)

 

Although this wasn't exactly a hack, it serves as a great reminder of how scary security vulnerabilities in Microsoft® Windows® software can be. The bulletin detailed several cyber security threats, but the most severe vulnerability was the potential for an attacker to execute code on the target server. This vulnerability was so huge that Microsoft called the security patches “critical for all supported releases of Microsoft Windows.”

 

Imagine the impact this could have had if the cyber threat was not discovered and a security patch was not created.

 

The biggest impact of this bulletin was that it showed how many zero-day level flaws were present in Microsoft products that made users vulnerable to cyberattacks. Essentially, the combination of the delayed rollout of crucial security patches and enterprises’ often slow adoption of patches made all Microsoft users vulnerable to the WannaCry and NotPetya ransomware attacks.

 

WannaCry Ransomware Attack (May 12, 2017)

 

The WannaCry Ransomware attack was one of the most significant cyberattacks in 2017. Seventy-five thousand organizations from 99 countries reported being attacked. How did it happen?

 

A vulnerability called EternalBlue was responsible for spreading the WannaCry attack. This vulnerability was actually addressed in Microsoft’s security patches released in March. Unfortunately, many users had not yet installed these critical patches.

 

Impact of WannaCry

 

As the name implies, many Microsoft users probably did want to cry after being hit by this cyberattack. It created a moment where global internet security reached a state of emergency. WannaCry affected the U.K., Spain, Russia, Ukraine, Taiwan, and even some Chinese and U.S. entities. In many cases, companies were forced to pay $300+ to regain access to their files/system. However, there was another even more severe impact, as sixteen National Health Service organizations were locked out of their systems. Many doctors were unable to pull up patient files and emergency rooms were forced to divert people seeking urgent care.

 

Petrwrap/Petwrap/NotPetya Ransomware Attack (June 27, 2017)

 

This attack was even worse than the WannaCry attack. NotPetya did not act like other ransomware malware. Instead, it rebooted victims’ computers and encrypted their hard drive’s master file table, which rendered the master boot record inoperable. Those who were infected lost full access to their system. Additionally, the cyberattack seized information about the file names, size, and location on the physical disk. NotPetya spread because it used the EternalBlue vulnerability, just like WannaCry.

 

Impact of NotPetya

NotPetya reportedly infected 300,000 systems and servers throughout the world, including some in Russia, Denmark, France, the U.K., the U.S., and Ukraine. Ukraine was hit the hardest. Within just a few hours of the infection starting, the country’s government, top energy companies, private and state banks, the main airport, and metro system all reported hits on their systems.

 

How to Protect Your Business From Cyberattacks

 

The evidence is clear. Hackers are always on the prowl and cyberattacks will happen. The key is to be ready for them so you can prevent an attack from being successful. You must take every step possible to protect your company and your private information. There are several important things you can do, including making sure you always install security patches and updates. For example, if infected organizations had installed the update patches in March, they would have been protected from the WannaCry attack. Therefore, this simple step could be the difference in whether or not a cybercriminal is able to successfully hack into your data.

 

Think Prevention, Not Cure

 

While installing every patch developers make might seem like a hassle, the fact is these patches play a significant role in your cybersecurity efforts. There is great wisdom in the saying of “an ounce of prevention is worth a pound of cure” when you’re dealing with cybersecurity. It’s so much easier to take the necessary steps to prevent a cyberhack than it is to overcome all the problems after a breach occurs. Regularly installing security patches is a must, especially since you might not be aware of the possible threats that could be coming.

 

Let SolarWinds Patch Manager Do the Work for You

 

Although constantly installing these updates and patches can be a pain, and it can feel like you get a new patch almost every other day, patches are a necessary evil. Thanks to the SolarWinds® Patch Manager software, you can now leave this tedious chore to someone else. This intuitive patch management software allows you to quickly address software vulnerabilities in your system. SolarWinds Patch Manager offers several key features, including:

 

  1. Simplified patch management. Automate the patching and reporting process and save time by simplifying patch management on servers and workstations.
  2. Extend the capabilities of WSUS patch management. Decrease service interruptions and lower your security risks by helping ensure patches are applied and controlling what gets patched and when.
  3. Extend the use of Microsoft System Center Configuration Manager. Protect your servers, desktops, laptops, and Virtual Machines (VMs) with the most current patches for third-party apps.
  4. Demonstrate Patch Compliance. Stay up to date on all vulnerabilities and create summary reports to show patching status.

 

Additionally, SolarWinds Patch Manager offers a Patch Status Dashboard. The dashboard tracks who got patched and what still needs to be patched. You will be able to see the most recent available patches, the top patches you are still missing, and the overall general health of your cyber environment. Patch Manager also allows you to build your own packages for many other types of files, including .EXE, .MSI, or .MSL.

 

Download SolarWinds Patch Manager now to identify the vulnerabilities in your system and help protect your business.

Were you affected by an internet connectivity outage earlier this week? This outage affected users across the U.S., and originated from Level 3, an ISP recently acquired by CenturyLink®. Because Level 3 also provides infrastructure to other internet providers, some Comcast®, Spectrum®, Verizon®, and AT&T® users experienced outages as well.

          Tweet from Level 3 - https://twitter.com/Level3NOC/status/927633534424141824
                (Source: Twitter)

 

A configuration error? That’s what I thought when I first read this. There are many crazy ways connectivity issues can occur, from rats chewing through cables to your standard PEBKAC error causing a user to holler, “the internet is down!” But configuration errors? This is an easy one to address.

 

Perhaps even more concerning than a massive telecommunications company losing connectivity due to a config error is the amount of time to recover. After the issue was corrected, Level 3 issued a statement to several publications (including TechCrunch, Slate, Mashable, and The Verge), saying:

 

"On Monday, November 6th, our network experienced a service disruption affecting some customers with IP-based services. The disruption was caused by a configuration error. We know how important these services are to our customers. Our technicians were able to restore service within approximately 90 minutes."

 

90 minutes to recover from an issue that is affecting potentially millions* of people in the middle of the workday is about 89 minutes too long. (*Total number of customers affected hasn’t been released, but it included customers of Comcast, Spectrum, Verizon, and AT&T across the U.S., among others.)

 

         

               (Source: DownDetector.com via CNN)

 

Are YOU ready to ensure that something like this doesn’t happen to you? With SolarWinds® Network Configuration Manager (NCM), you can rest easy knowing that you are prepared. Even if a config error does occur, you can quickly rollback to a known-good config that you have saved, thanks to NCM’s automatic backups. If you need to make updates across devices, you can easily push bulk changes. And no need to worry about someone else messing with your configs—you can control who can make changes, and what kind, directly from the NCM console.

 

While we can’t help you with rats chewing your cables, we CAN help with your config management. Download a free trial of Network Configuration Manager today.

 

What are some of the craziest causes of connectivity issues that you’ve encountered?

Imagine this scenario: You are running a Kiwi® server either on-premises or in the cloud, and need to push at least a portion of that log data to Papertrail. This would be especially helpful in situations where Kiwi is already in place, and you need to allow a developer, support contact, etc. external access to limited log data without providing access to the Kiwi server itself. Once these logs are pushed to your Papertrail account, you can grant users access to specific Papertrail log data. These Papertrail logs can be viewed from anywhere, while Kiwi servers are often locked down within a secured network. The best part is that you can maintain a complete local copy of your logs while pushing interesting log data to Papertrail for use with advanced search and alerting features.

 

From your Kiwi Syslog® Service Manager select File -> Setup.

 

In the setup page, you have a rule named Default that displays all log entries sent to Kiwi and logs them to a file.

 

Send everything to Papertrail! If you wish to forward ALL logs seen by Kiwi to Papertrail, add the Send to Papertrail action to your Default rule, or any rule with no filters configured.

 

However, if you want to send only certain messages to Papertrail, you’ll need to add a new rule with a filter to capture just the specific messages you want.

 

We'll be adding 1 New Rule with 2 Filters and 2 Actions.

 

 

FILTERS

 

Filters allow several methods of matching log data. Positive matches result in the actions for that rule being performed on those log lines. Hostname, IP, Message Text, and Priority are the most commonly used filters.

 

Add the new rule by right-clicking Rules and selecting Add rule.

 

 

Under the new rule, right click Filters and Add Filter.

 

 

In the Field section, choose Priority.

 

 

Click on the Priority headings to highlight all the columns.

 

 

Click the green check mark at the bottom, to select the highlighted fields.

 

 

Next, create a new filter to match the text in log lines using the Message Text field, and Simple filter type. Here I used "test" because it will match on all of the Kiwi default test log lines. You can use any text strings in this filter to match log entries you wish to send to Papertrail.

 

ACTIONS!

 

Now configure the actions to take place on log lines matching our filters. Start by adding them to a Kiwi display so we can see what's matching the rule right here in Kiwi.

 

Under the new rule, right-click Actions and Add action.

 

 

Select the Display action at the top of the menu. Set a Display number that corresponds to the display dropdown in the main Kiwi window. You should use a unique display that isn't used by other Kiwi rules. Display 00 shows ALL logs seen by Kiwi by default, so I’ve used Display 01 instead. This will only show everything sent to Papertrail.

 

 

Now add an action to send the matching logs to Papertrail.

 

Under the new rule, right-click Actions and Add action to add another action.

 

 

Select the Log to Papertrail.com (cloud) action to send logs to a Papertrail account. Replace the hostname and port with your own log destination found here: https://papertrailapp.com/account/destinations

 

 

After hitting Apply to save the configuration, use the File –> Send test message to localhost menu item to generate a log line that will be pushed to your Papertrail account and shown on the Kiwi display you set. In your Papertrail account, you’ll see your Kiwi server show up by IP or hostname, but you can rename it as I’ve done here. (Remember: The test log line shown has to match your filters.)

 

 

 

 

Troubleshooting

 

Not seeing log lines in Papertrail? Does the Kiwi server have outbound network connectivity that allows a connection to Papertrail? In ~90% of cases, this is caused by host-based firewalls or other network devices blocking connectivity to Papertrail.

 

The PowerShell® below will test basic UDP connectivity to Papertrail from a Windows® host. Replace the Papertrail Hostname/Port with your actual log destination settings found here. Copy and paste all lines at once into PowerShell. (Run PowerShell as Administrator if you have trouble.)

 

WINDOWS - PowerShell

 

$udp = New-Object Net.Sockets.UdpClient logs6.papertrailapp.com, 12345

$payload = [Text.Encoding]::UTF8.GetBytes("PowerShell to Papertrail - UDP Syslog Test")

$udp.Send($payload, $payload.Length)

 

You can use this similar script to replicate a log transfer to Kiwi. Run this from the same host the Kiwi server is on.

 

$udp = New-Object Net.Sockets.UdpClient 127.0.0.1, 514

$payload = [Text.Encoding]::UTF8.GetBytes("udp papertrail test")

$udp.Send($payload, $payload.Length)

SolarWinds uses cookies on its websites to make your online experience easier and better. By using our website, you consent to our use of cookies. For more information on cookies, see our cookie policy.