Skip navigation
1 2 Previous Next

Geek Speak

28 Posts authored by: mark wiggans

How to Migrate Kiwi CatTools to Another Computer Along with Activities & Devices


1. From Start > All Programs > Solarwinds CatTools > click CatTools

2. Now, go to File > Database > Export and export the devices and activities using the options highlighted in the screen shown below:

3.Save the exported files, which are in '.kbd' format.

4. Save the 'Variations' folder from:<directory>\CatTools\

5. If you are using CatTools 3.9 or higher, deactivate the current license, using Licence Manager, which can be downloaded from here.

6. Install CatTools on the new system and license it.

7. Copy the following from the old system to the new system:

  • exported .'kbd' files &
  • 'Variations' folder

8. Open the Activities file and ensure that all paths are valid. For e.g., if CatTools was previously installed to c:\program files\ and is now installed to c:\program files (x86)\, you will need to reflect this within the INI file.

9. Open the CatTools Manager > File > Import > import the two '.kbd' files.

10. Copy the 'Variations' folder to the new CatTools installation directory.

11. Restart the CatTools service.


For more information about CatTools visit: Configuration Management and Network Automation | Kiwi CatTools

The licensed version of the software can handle around 2 million messages per hour and the Free versionhttp://www.kiwisyslog.com/free-edition.aspxabout 300000 per hour. The licensed version has been regularly tested to handle 400-600 messages per second while logging to file.

The licensed version has been increased to have a 20000 message buffer, while thehttp://www.kiwisyslog.com/free-edition.aspxfreeware has a 500 message buffer.


If you suspect that you may be losing messages then have a look at the File > Debug options > View message buffer option to check that the "Message Queue overflow:" value is always 0. This indicates the amount of messages that have been dropped. If you are running the Service version then this same information can be found from the Manage > Debug options menu.

To decrease the amount of messages being displayed, you may want to modify your device configurations to only send messages that meet a set level.


If the volume of syslog messages you send to Kiwi Syslog exceeds the above recommendations, you may experience instability and you should consider distributing the load to another installation of Kiwi Syslog Server.


Load Balance Kiwi Syslog Server

Overloading in Kiwi Syslog Server manifests in a couple of ways. 

The first (and most obvious) way, is when there is a non-zero value in the "Message Queue overflow" section of the Kiwi Syslog Server diagnostic information.  A non-zero value indicates that messages are being lost (due to overloading the internal message buffers).  To view diagnostic information in Kiwi Syslog Server, go to the View Menu > Debug options > Get diagnostic information (File Menu > Debug options, if running the non-service version).

The second way, is a little harder to discern, but is most obvious when the "Messages per hour - Average" value in the Kiwi Syslog Server diagnostic information is above the recommended "maximum" syslog message throughput that Kiwi Syslog Server can nominally handle.  This value is around 1 - 2 million messages per hour (average), depending on the number and complexity of rules configured in Kiwi Syslog Server.

If either of these two scenarios is true for your current Kiwi Syslog Server instance, then load balancing your syslog message load can mitigate any overloading that may occur.

To load balance Kiwi Syslog Server, start inspecting your Kiwi Syslog Server diagnostic information, specifically looking for syslog hosts that account for around 50% of all syslog traffic.  These higher utilization devices are candidates load balancing, through a second instance of Kiwi Syslog Server.

For example, consider the following "Breakdown of Syslog messages by sending host" from the diagnostics information.

Breakdown of Syslog messages by sending host  
 Top 20 Hosts
Messages  
Percentage 
162.19.168.153
143054
23,92%
162.19.168.136
121773
20,36%
162.19.168.154
30102
5,03%
162.19.169.100
29908
5,00%
162.19.169.83
28576
4,78%
162.19.168.86
26452
4,42%
162.19.168.21
17897
2,99%
162.19.169.4
12809
2,14%
 162.19.169.36
6780
1,13%
   ...   ...   ...




From these diagnostics, you can see that 162.19.168.153 and 162.19.168.136 account for ~50% of the syslog load.  We normally just start adding utilization figures from the top of the list, until we get to about 50%.  Most of the time 50% of all syslog events come from one or two devices, and this is indeed the case here.

To enable a load balanced Kiwi Syslog Server configuration, perform the following actions:

  1. Install a second instance of Kiwi Syslog Server (on a second machine).

  2. Replicate the config from first machine to the second. 

    On the original instance – (File Menu > Export Setting to INI file).
    and on the new instance – (File Menu > Import settings from INI file).

  3. Reconfigure devices 162.19.168.153 and 162.19.168.136 to send syslog events to the new instance.

 

 


For more information about Kiwi Syslog, see this link Syslog Server and CatTools Network Configuration Manager | Kiwi

Download the Free version here: Free Syslog Server | Kiwi Free Edition

Leverage the integrated power of SolarWinds IP Address manager (IPAM) User Device Tracker (UDT). With this dynamic duo, you can track down a device and user instantly. Simply use the integrated view to see IP address information along with the corresponding switch port details and user information—all within the same window. You also can get both current and past connection details. You can even shutdown the compromised port directly through the SolarWinds Web UI with the click-of-a-button.


UDT Integration Tips in IPAM

SolarWinds User Device Tracker (UDT) and IP Address Manager's (IPAM) utilize the same Orion platform, seamlessly extending their capabilities by adding the following into the same view:

  • End point details
  • Network connections history
  • Current network connections
  • Current users logged into the device
  • Port and User information on the same page as IP address Host or DNS assignment history

Automatic Integration

You do not need to take any integration steps. IPAM will automatically detect if UDT is installed and add the UDT Users and UDT Switch Port  columns to yourIP Address View providing end-to-end IP Address to user/device mapping.

How This Helps You Troubleshoot

The built-in integration provides a view of end-to-end mapping of an IP Address to any connected user/device, along with device port and connection details in the same window.

  • Find out which user or device is accessing a particular IP Address
  • Drill down to get network connection history for an IP Address
  • See port and user information related to an IP Address host or DNS assignment
  • View port usage and capacity on every switch
  • Detect endpoint devices having IP conflicts
  • Directly shutdown a port through the web interface

IP Address Conflict Resolution

IPAM can detect IP Address conflicts (both IP static and DHCP environments) and help you to troubleshoot the problem by simply drilling down to the actual switch port and shutting it down.Once you see an IP Address conflict event/alert, simply click on the IP or MAC address info in the alert message and it will take you to the IP Address Detailsview, where you can see the MAC address assignment history.If you determine you need to resolve the conflict on the spot, you can administratively shutdown the port using UDT.

How to Shut Down a Port:

  1. IP Address conflict is triggered and an Event is displayed giving you the Mac Address in conflict.
  2. IPAM displays the IP Address history assignment along with the MAC address of the IP Address in conflict.
  3. Click on the node port in the Current  Network  Connections resource on Endpoint Details.
  4. Click the Shutdown button in the Port Details resource.

»For more information on IPAM

»For more information on UDT

Perhaps you have wished for a one stop shop for answers to any questions you may have about our products?

Well for any customers who would like some additional information on the products they may have, check out these great links that provide a compendium of answers.

http://thwack.solarwinds.com/community/library-and-support_tht

blog01.png

Drill down into a product page and you'll see many options. For you visual learners, Video Zones have been added to all the pages – these videos include webcasts and youtube videos that are relevant to using the product. In the upper right corner you'll see the version # for this page. This changes when new content is added.

blog1.png

How to articles are divided into sub categories.

blog2.png

If there is something else you would like to see added to these pages let us know:

thwack.com help   solarwindscommunityteam@communications.

If you are having issues with Kiwi Syslog Daemon not receiving and displaying messages, then you can use a free packet capture program such as Wireshark, Wireshark · Go Deep.

 

This program provides the ability to capture packets as they are sent to your Network Interface Card (NIC). By filtering for and analyzing this traffic, you will be able to determine if your network devices are actually sending the expected information to your system

To set up Ethereal:

  1. Download and install the program from Wireshark · Go Deep.
  2. Use the Capture menu to open the Capture Options form.
  3. Select your NIC and define a capture filter that will look for all packets sent to UDP port 514 (the default syslog port).
  4. Press the Start button and you should see packets being as in the image below.
  5. Stop the capture and view the data. It should show packets with the protocol being Syslog.

 

By mirroring a port on your Ethernet switch, Wireshark will show you everything! You can then use Kiwi SyslogGen (Freeware)  to replay syslog messages from a Wireshark file.

For more information about how Kiwi products can work for you see: Remote Network Configuration Products | Kiwi Enterprises

Using the Serv-U Management Console on an iPad


What is Serv-U? Serv-U File Transfer Server provides a secure managed file transfer solution that gives you the ability to access files on the go through secure mobile access.

You can deploy Serv-U on Windows or Linux and you can also access the Management Console on an iPad.

 

The following Management Console functions are available on the iPad, including:

  • Resetting passwords and unlocking users.
  • Monitoring current activity via statistics and logs.
  • Viewing user activity and clearing sessions.
  • Granting additional access to users, groups or entire domains.
  • Configuring user, group, folder, protocol and server settings.

The only Management Console functions not available on the iPad are those that require specific files to be uploaded. These functions include:

  • Importing public SSH keys for SFTP authentication. (Creating or selecting existing SSH keys is supported on the iPad.)
  • Uploading logos for web client branding.

How to Connect to Serv-U with an iPad

  1. Make sure your iPad is running iOS v5 or greater. (how to check)
  2. Make sure you are running Serv-U MFT Server - our Serv-U FTP Server package does not support remote administration. (how to check)
  3. Connect to any HTTP or HTTPS Listener on Serv-U with the Safari web browser on your iPad. (By default, these listeners are bound to all of Serv-U IP addresses on TCP ports 80 and 443 respectively.)
  4. Sign on as an administrator to see the main screen of the Serv-U Management Console.

 

For more information about Serv-U and it's other great features, see RhinoSoft (Rhino Software, Inc.) - Home of Serv-U and FTP Voyager

Pre-requisites

 

A reasonable understanding or experience of Visual Basic Scripting is assumed in order to successfully add custom scripts to CatTools.

There are example code template files found in the /Templates sub folder of the CatTools root directory, that can help provide a reasonable level of assistance.

 

 

Overview

Suppose that you would like to create a simple version report for a Cisco Router device. Custom activities in CatTools can accomplish this.

Four files are required.  Three activity files and one custom device file:

 

Activity files:

 

1)  The activity type file (.ini file), which defines the following:

 

activity name,

 

 

activity ID,

 

 

activity main script filename (associated with the activity),

 

 

activity client script filename (associated with the activity),

 

 

the user interface field values and defaults which are displayed in the activity form Options tab when adding or editing an activity.

 

 

2)  The activity main script file (.txt file), which contains code to read the activity options from the CatTools database, prepare folders and files to store output data, set variables, marshal the CatTools Client threads and do any post processing of results in order to create reports or send messages to the CatTools main program.

 

3)  The activity client script file (.txt file), which contains a number of common function calls to the device scripts, i.e. the scripts that send device specific commands in order to get the device to log in, issue the commands required to perform the activity, then log out of the device again.

 

Device file:

 

4) The device script file (.custom file), which contains device type specific code for the custom activity, for example, the commands to send to the device and any parsing of the data before sending the results back to the client activity script.

 

 

The activity client and main script files also contains function calls and references to variables within the internal CatTools program code.  These are prefixed with 'cl.' in the client script and 'ct.' in the main script.    A list of these cl. and ct. functions and variables have also been made available within this chapter to help assist in the development of your custom activity scripts.

 

 

 

How to create a custom activity - a simple step-by-step guide on how to create a custom activity

 

 

The custom activity type file (.ini)  -  information and how to create the custom activity type file

 

 

The custom activity main script file (.txt)  -  information and how to create the custom activity main script file

 

 

The custom activity client script file (.txt)  -  information and how to create the custom activity client script file

 

 

The custom activity device script file (.custom) - information and how to create the custom activity device script file

 

 

cl. / ct. variables and functions - information on the CatTools internal variables and functions exposed to the custom activity script files

 

 

Testing your custom activity  - help and tips on testing your custom activity

 

For more information on what CatTools can do for you visit: Configuration Management and Network Automation | Kiwi CatTools

When managing your Cisco DHCP, ASA devices, and Windows DHCP servers with IPAM,  you may encounter errors that refer to DHCP connection errors. Generally speaking, most of these errors are easy to address.

 

IPAM uses Windows RPC calls to retrieve the list of scopes, leases, and reservations. Since IPAM runs within a local service, IPAM requires a Windows username and password to authenticate with the remote DHCP Server. IPAM will first impersonate the provided user on the Orion NPM box, and then proceed with using RPC calls. The following are some common errors and suggestions for troubleshooting.

 

IPAM Reports “Bad username or password

1) This error can occur when the valid user account on the Orion host has no meaning to the DHCP Server. Verify the account used is valid on the DHCP Server.

2) This error can also occur when the provided password is not correct on the DHCP Server. Verify that the provided account and password is both identical and functional on both the Orion host and DHCP Server.

 

IPAM Reports “The RPC Server is Unavailable

1) This error can occur when the DHCP Server is unable to receive or respond to RPC Requests. Verify there is no firewall preventing the Orion host from performing RPC calls. A simple method is to verify with Administrator accounts that windows file sharing is possible. An alternate way to verify this is a telnet to the IP address provided in the Orion node on port 445. If the connection is not rejected, it is likely something else.

2) If this occurs intermittently, verify that the DHCP server has enough client access licenses.

 

IPAM Reports “Insufficient permissions”

1) Verify that the provided user account is part of the “DHCP Users” group on the DHCP Server.

 

If you do not yet own IPAM and you are tasked with managing DHCP servers, check out the following overview pages to learn what IPAM can do for you.

 

 

 

Add new DHCP Server

 

 

Add new DHCP Scope

 

 

Add new Found DHCP Scope

 

 

DHCP Split Scopes

 

 

DHCP Reservations

Should the CatTools built-in activities not suffice your requirements, you can create your own custom activities and script activities.

 

Pre-requisites

 

A reasonable understanding or experience of Visual Basic Scripting is assumed in order to successfully add custom scripts to CatTools.

However, the help file documentation and comments within the example code template files found in the /Templates sub folder of the CatTools root directory, should provide a reasonable level of assistance for a technically competent novice to follow.

 

Overview

 

To add support for a custom activity in CatTools, four files are required.  Three activity files and one custom device file:

 

Activity files:

 

1)  The activity type file (.ini file), which defines the following:

 

activity name,

 

 

activity ID,

 

 

activity main script filename (associated with the activity),

 

 

activity client script filename (associated with the activity),

 

 

the user interface field values and defaults which are displayed in the activity form Options tab when adding or editing an activity.

 

 

2)  The activity main script file (.txt file), which contains code to read the activity options from the CatTools database, prepare folders and files to store output data, set variables, marshal the CatTools Client threads and do any post processing of results in order to create reports or send messages to the CatTools main program.

 

3)  The activity client script file (.txt file), which contains a number of common function calls to the device scripts, i.e. the scripts that send device specific commands in order to get the device to log in, issue the commands required to perform the activity, then log out of the device again.

 

Device file:

 

4) The device script file (.custom file), which contains device type specific code for the custom activity, for example, the commands to send to the device and any parsing of the data before sending the results back to the client activity script.

 

 

The activity client and main script files also contains function calls and references to variables within the internal CatTools program code.  These are prefixed with 'cl.' in the client script and 'ct.' in the main script.    A list of these cl. and ct. functions and variables have also been made available within this chapter to help assist in the development of your custom activity scripts.

 

To learn more about Network Configuration Management from your desktop see: Configuration Management and Network Automation | Kiwi CatTools

Kiwi CatTools can be installed as a standalone application or as a service on any Windows server.  Installing it as a service grants you the ability to schedule automated backups or config changes while you're away at your computer.

At the center of CatTools is a Batch processing machine. Once you have setup your network devices, such as, routers, switches, and firewalls, you can then have CatTools perform one of the many predefined activates against your devices. Some of these activities include sending commands directly to your device in normal or privilege mode, setting the password for your devices, either en masse or individually, testing connectivity, and backing up and restoring your running configurations.

Top Features

The first feature is the ability to mass backup the configuration of all your devices. If any configuration differences are found, you can then have them emailed to you.

Another excellent feature includes using activates to issue commands via telnet or SSH out to multiple devices at once. You can also change the configuration of devices at scheduled times. Another example would be to pull the IOS version you're running across multiple devices.

You can also compare two different configuration files in the Compare tab. This feature highlights the changes for you. You can even run a comparison between a network's current configurations to the startup configuration.


2-28-2013 6-33-39 PM.png

The Reporting tool provides you many options right at your fingertips. It allows you to run ARP table, or port, MAC, and version details reports. The ARP report automatically indexes MAC addresses against IP addresses and device interfaces, and then resolves their host names via DNS if required. By default  the table is updated with each run of the activity, so it provides a historical record of the devices attached to your network over time. Each entry is time stamped, and "First Seen" and "Last Seen" columns included in the report.

To see more of these features you can visit the CatTools website.

Kiwi Syslog Server can help you manage the large volume of messages you are getting from your devices.  Simply create filters and actions that will weed out insignificant events and then act upon important ones.

A good example is to send a text message when a site to site tunnel is dropped. Keep in mind that you can use any event that you would like to isolate a problem, and then trigger any necessary actions. The action can be is as simple as sending an email, to running a script that can do any number of complex responsive actions..

2-14-2013 2-09-49 PM.png

What if you want to isolate an event that tells you that one of your firewalls has issued a message that the IPSec tunnel was terminated because the connection was invalid? To be alerted about this type of message you would need to setup a Priority filter to catch this type of message. Each incoming message contains a Priority value. This value is made up of a Facility and Level. You specify which priorities will cause the filter result to be true. All Facility codes are defined in RFC 3164 if you need a refresher. Next, you would then set the priority field as Facility and define the importance level.

2-14-2013 2-07-18 PM.png

 

When you setup a network device or groups of devices to send syslogs to kiwi, you define what "facility" to use. For this example we'll use Facility = "Local5" as the firewall. The Importance level ranges from "debug" to "Emerg" (Emergency). You should select as appropriate, probably something at the warning level or greater to avoid getting Notice logs.

Next you would define an action. In this case a simple email works. Enter a message as needed or select from any number of variables to populate a customized one.

After you have entered in the dialog fields, verify that your e-mail servers are setup in kiwi so the email does not bounce.

2-14-2013 2-07-50 PM.png

2-14-2013 2-11-19 PM.png

 

Above is just an example of one simple filter you can use to isolate events of interest using Kiwi Syslog.


More information can be found here Syslog Server for Windows | Product Overview | Kiwi Syslog Server

One of the great benefits of using CatTools is its ability to roll out changes to multiple devices at once. A typical example of this would be to change the passwords of all of your network devices on a regular basis.


There are several ways in which to make multiple device changes like this:

To change the Enable, the Enable Secret, the VTY or the Console password you can create an Activity of type Device.Password Change and run this against the devices you wish to change. The benefit of using this type of activity is that as it is running it will update the CatTools database with the new password as it completes each device.


To change the Username Password you can create an Activity of type Device.CLI.Modify Config.
Using this type of Activity against a device automatically puts you into Config Mode and free text commands can be issued to make the necessary changes. When using this method you need to use CatTools Meta Commands.


These are commands that instruct CatTools to perform an internal action. These commands will update the database with the new passwords that you are assigning to the devices.

For Example: In the commands text box on the Options tab of a  Device.CLI.Modify Config activity you might type in the following.

username joe password fred
%ctDB:Device:AAAPassword:fred


This would update the username and password within the CatTools Device table which holds the properties for each device.


Above is just one of the many things you can automate with CatTools. CatTools is an application that provides automated device configuration management on routers, switches and firewalls. Currently supported devices include Cisco / 3Com / Dell / Enterasys / Extreme / Foundry / HP / Junpier / and Nortel device, among others.

To learn more about how you can utilize Meta Data, Meta Variables, and Meta Commands visit the Kiwi CatTools website.

What is Kiwi Syslog?

 

Kiwi Syslog is a "syslog server" - a passive listening application. It does not actively poll your network devices.


When installed and started Kiwi Syslog binds to specified port(s) on your system and then listens for any syslog messages, SNMP traps (if enabled), and Windows Event Log messages (if forwarded as Syslog messages by SolarWinds Log Forwarder). By default it will listen for syslog messages on UDP port 514.  It then logs, displays, alerts, forwards and performs many other actions on syslog messages and SNMP traps, received from hosts such as firewalls, routers, switches, Unix hosts and other syslog enabled, or SNMP capable devices.


You need to configure all your network devices to send their syslog information to the IP Address of the system that you have installed Kiwi Syslog on.


The Default Rule


The first time Kiwi Syslog is installed it contains a single Rule.  This rule does not have any filters defined which means that every message that is received by Kiwi Syslog will cause the actions defined within this rule to fire. There are two actions defined within this default rule:

  1. A Display action which sends all messages to "Display00" (the default display)
  2. Log to file action which writes all messages to the file specified. The default filename is called SyslogCatchAll.txt. This is located in the Logs directory


How the Rule engine works

 

When a message is received by Kiwi Syslog it is tested against each Rule in turn from the top down until either all Rules have been tested against, or a Stop Processing action is encountered. The next message is then tested in turn and so on.  For the actions within a rule to be fired, all the preceding filters of that rule must first be TRUE. When you have more than one filter specified within a rule each filter is effectively AND together not OR.

In the following scenario we have created two filters:

  1. Simple IP address filter.
  2. Simple Message text filter.

The two defined actions, Display and Log to file will only fire if the message that is currently being processed matches both of these filters:

For example, if it comes from IP address 192.168.1.90 AND it contains the words "link down" OR "link up" within the message text part of the syslog message.

If the message does not meet these requirements then both filters will not be TRUE and therefore the actions will not fire.

 

Should I use Kiwi Syslog as a Service or as a Standard application?


If you only want to run Kiwi Syslog every now and then to see what is happening on your network or diagnose a fault with a network device, then installing it as a Standard (or "foreground") application would be best for your needs.


However, if you intend to run the Kiwi Syslog 24/7, please run it as a service.  (You can switch between Standard and Service installations without losing any settings.) 

 

Where Can I Learn More?

 


IPv6 Subnet Masking

 

IPv6 subnet masking is similar to IPv4 with two key differences in the way IPv6 appear and what actually gets masked.


IPv6 uses 128 binary for each IP Address, as opposed to IPv4, which uses 32 binary digits. The 128 binary digits are divided into 16-bit words. Since using IPv4's octet notation to represent 128 bits would be difficult, we use a 16- digit hexadecimal numbering system instead.


Each IPv6 sets rep. Each IPv6 set represents 16 bits (4 characters at 4 bits each), and each 4-digit hex word represents 16 binary digits, for example:

  • Bin 0000000000000000 = Hex 000 (or just 0)
  • Bin 1111111111111111 = Hex FFFF
  • Bin 1101010011011011 = Hex D4DB

 

So, an IPv6 128-but binary address is represented by 8 hex words separated by colons:

  • FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF

 

With IPv4, every IP address comes with a corresponding subnet mask. IPv6 also uses subnets, but the subnet ID is built into the address. Every individual network segment requires at least one /64 prefix. The IPv6 equivalent to a IPv4 /24 subnet is a /64. This segment contains 64 network bits and 64 host bits. Regardless of hosts on an individual LAN or WAN segment, every multi-access network requires at least one /64 prefix.


Each character represents 4 bits (a nibble). A nibble boundary is a network mask that aligns on a 4-bit boundary. This makes it easier to understand and follow the IP address sequence, reducing incorrect configurations.


SolarWinds IP Address Manager (IPAM) provides a Subnet Allocation Wizard to help you efficiently organize your managed IP address space into subnets that are sized appropriately for the extent and traffic of your network.


The Subnet Allocation Wizard displays a list of available subnets. You can quickly choose from this interactive list to allocate new subnets on your network.



There are a few select tools created and designed solely for the purpose of backing up Hyper-V virtual machines. If you are a service provider rolling out one or more new Hyper-V servers in a new environment, or if you just want to evaluate new tools designed just for Hyper-V, re-visit this post regarding the How To's and Why Not's of using Windows Backup Server with Hyper-V.

 


Filter Blog

By date: By tag: