One of the great benefits of Orion is that its really easy to install and easy to use. Nevertheless, new customers often find that they can get more out of the product if they invest a little time in training. Notice that I say time and not money, because SolarWinds offers quite a bit of online training for free. Here are a couple of useful resources for getting more out of what you’ve already bought. 

First, we’ve got a training session that’s already been recorded. Just click on the link below and start watching. 

NPM Customer Training Part 1 (90 minutes)

  • During this 90 minute training session we’ll cover:  
  • Optimizing hardware configurations for Orion
  • Understanding Orion’s architecture
  • Installation, discovery, and base configuration
  • Leveraging the information that Orion provides

Part 1 video is here

This class was designed for existing users of Orion NPM. The training is presented by Josh Stephens (Head Geek and VP of Technology), Chris LaPoint (Group Product Manager, Network products) and Brandon Shopp (Product Manager for NPM).

Level 2- Orion NPM 10 Customer Training (120 minutes) 

  • Using the Advanced Alert Engine
  • Customizing and building reports
  • Advanced uses for network maps
  • Customization of the Orion web console
  • Tuning the Orion polling engine

Part 2 of the training is available here

This class was designed for existing users of Orion NPM. The training is presented by Josh Stephens (Head Geek and VP of Technology), Chris LaPoint (Sr. Director of Product Management) and Brandon Shopp (Product Manager for NPM).


Some of you may already be familiar with this feature, but for those of you that are not, this is a handy little gem.  We often hear requests for the ability to put multiple data points on to a single chart/graph and while we have this on our list of items to make easier and more robust in the product going forward, you can accomplish this today on a single node leveraging the Universal Device Poller (UnDP).  For those of you not familiar with the UnDP, check out this tutorial here for more info.


A couple examples of what you may want to do with this are graphing utilization of multi-core CPU’s or looking at multiple interface utilization.  I have put example screenshots of both of these below. 


Ex. Multi-Core CPU Utilization




Ex. Multiple interface utilization




Now, we’ll get to the details on how to accomplish this with Orion. You can do in 9.5 and 10.0. 

  1. Remote Desktop to your Orion server and launch the Universal Device Poller application and create a new Universal Device Poller    
  3. Specify the MIB or OID you wish to poll.  Note this only works with polling a table
  5. Assign to the nodes you want to poll this information from
  7. Select where you want this data to appear, most likely this is going to be as a chart on the node details page
  9. Log into the Orion web console and navigate to one of the nodes you assigned the Universal Device Poller to and click Edit in the upper right hand corner of the resource
  11. Within the edit dialog you can modify multiple parameters to you preference including:
    • A more user friendly resource title name
    • Which items from the table you want to be graphed on this chart
    • Select the chart format of how you wish it to be displayed within the graph
    • Time period and sample period for the chart graph      
  13. Enjoy!

Here is another example of the same above interface utilization chart, but as a line chart instead of a bar chart.






Also, here are some of the OID’s we use to gather some of the more common statistic in Orion which you may find useful here.




Windows CPU & Memory:

  • hrProcessorLoad
  • hrMemorySize
  • hrSWRunPerfMem

Interface Errors and Discards:

  • ifInDiscards
  • ifInErrors
  • ifOutDiscards
  • ifOutErrors

Interface Bandwidth:


32bit Counter based

  • ifInOctets
  • ifInUcastPkts
  • ifInNUcastPkts
  • ifOutOctets
  • ifOutUcastPkts
  • ifOutNUcastPkts

64bit Counter based

  • ifHCInOctets
  • ifHCInUcastPkts
  • ifHCInMulticastPkts
  • ifHCOutOctets
  • ifHCOutUcastPkts
  • ifHCOutMulticastPkts

When you have several IP SLA operations, you may need a way to organize them quickly. The tag and owner fields allow you to input custom parameters that can then be used to track your IP SLA operations. This is an advanced feature and if you have configured it, IP SLA Manager will discover these parameters when you do an operation discovery.


To configure tag and owner for an existing operation, enter these commands at the enable prompt




In this example, I used operation number 2000. The operation number will vary depending on your configuration. To find the IP SLA operation number and other useful information about your IP SLA operations, type:


show ip sla monitor configuration


at the router prompt. Note: these commands are valid on IOS 12.4. Earlier versions used the rtr command where the tag and owner parameters are not available.




The tag and owner field can include any text data. For more information on how to configure IP SLA operations, I highly recommend Cisco’s user guide.


If you want a step by step walk through of manually creating operations from someone other than Cisco or SolarWinds, Brad Reese at NetworkWorld has a good write up on creating a TCP Connect operation.


After you have the tag and/or owner field on the operation, when you do an IP SLA discovery with IP SLA Manager, the tag and owner will be added. You can then filter by these in the Manage Operations screen by right clicking on the field.




If you don’t see the tag or owner field try scrolling to the right more But if you still don’t see it, you may need to add it. To add a field, simply right click on one of the existing fields (Operation Name, Type, Source, Target, etc). Next, click Columns and select which fields you want to be displayed in the Manage IP SLA Operations screen.






I hope you find the tag and owner field helpful. This feature was specifically added in based on feedback from our users during the Release Candidate phase. We know we haven’t done everything requested but we definitely value your feedback and try to help where we can :-)




If you aren’t using the Orion IP SLA Manager, click here for more information. IP SLA Manager can be used to automatically create and monitor Cisco IP SLA operations to give you more information about your WAN health and your VoIP environment.

From time to time, we hear requests for information about how to use NCM in tandem with RADIUS and/or TACACS for device authentication, that is:

NCM ----->  Device -----> RADIUS/TACACS Server.


The key lies in changing how NCM authenticates the user against the device. Typically, NCM is set up to authenticate using a set of credentials for each device. If you want to use the same credentials to log in to all devices, you can do this by going to File > Settings > Global Macro Settings > Login Information and choose the option to enable global login settings on all devices. You also have the option to set this up during installation. 

However, if you want to use an external authentication server - you'll want to configure user-level device credentials:

1.    Go to File->Settings->Device Connectivity Method and select the option to manage devices using individual set of credentials:

By changing this option as shown, NCM provides user-level device log in credentials for each NCM user. Also, there is special logic in our SSH/Telnet communication component to handle the RADIUS authentication prompt since devices connected to the RADIUS server may have a slightly different log in flow. 


2.  Next, go to File->Change My Device Login Credentials and specify user level credentials:

3.       On device- level control, specify  which credentials will be used to login on device (device-level or user-level):


And that's that. The device itself will authenticate the credentials against the RADIUS server - and use the permissions with the associated account. 

Orion NetFlow Traffic Analyzer (NTA) 3.7 is currently in Why Should I Care About Release Candidates? phase, so consider this our first post in our sneak peak series around this release.  

Most of us are always looking for an easier way to do our jobs (or perhaps just less work in general ;-).   Well, with that spirit in mind, in NTA 3.7 we’ve answered your numerous requests to see Top Talker details in your NPM high bandwidth utilization alerts.   After all, if you could save a trip to the Orion web console to hunt down bandwidth hogs and troubleshoot directly from your iPhone 4 without having to end your game of Words with Friends, who wouldn’t want that?

Here’s how to do this in NTA 3.7:

1. Open Orion Advanced Alert Manager and edit one of the new default “Top Talker” interface utilization alerts.   You’ll see two:  One for High Transmit Percent Utilization and one for High Percent Receive utilization.  It’s important to note that for this to work the triggered interface must be a NetFlow source that NTA is already collecting data about.


2. You’ll want to navigate to the Trigger Condition, Reset Condition, and Alert Suppression tabs and set your percent utilization thresholds as appropriate.


3. Click on the Trigger Actions tab and open the Email a web page action.  Fill out your email address and SMTP info and then navigate to the URL tab.   This is where the magic happens!  

The good news is there are only two things you need to worry about changing here from the default.   If you’ve changed your Admin password from the default (blank) then you’ll need to replace the $$Password$$ and $$User$$ with a user with Admin privileges in Orion.   If you haven’t changed the Admin password from the default, it will work without any changes but it’s probably a good time to change that now ;-)


4. That’s it!  Here’s what you’ll see in your email.  You’ll notice that the format is optimized for viewing in mobile devices and for email servers that restrict email size.   If you want to change which Top Talker resource details are included, you can go to Admin and Manage Views and edit the NetFlow Interface Details for Alerts view.


Ok, so what about those of you that live in the Orion web console and don’t want to leave it?   In addition to the email notification, the default Top Talker alerts include a trigger action for creating an “interface utilization exceeded” event in your Orion Events resource.   This means that your NOC operators and others with access to the Orion Events resource can click on those events and navigate directly to the associated NTA interface details view for deeper troubleshooting.


We’d love any feedback you have on this feature!


When you first install Orion NPM, it includes a number of views accessible from the built-in menus, and each of these views includes a large number of resources.  Our goal is to create an out-of-the-box experience that proves useful to most network engineers without requiring any customization.  We know, however, that one size doesn’t fit all.  That’s why we include many additional views and additional resources that, although available, are not visible by default. The design goal is to prevent the initial experience from being overwhelming to a new user while providing a rich source of new widgets that can be applied as a user grows in expertise.  We’re going to do a few posts on different non-default resources that you can add to solve different problems in your environment.


One useful resource that doesn’t appear anywhere by default is the “Report from Orion Report Writer Resource”.  The name describes the function:  It displays the results of a report from Orion Report Writer inside of an Orion view.  You know you can see a report by going to the Reports view and seeing the complete list of reports.  But what if you want to see the results of a report on a particular node?  In that case, the Reports view isn’t what you want. 


To edit a node details page, first drill down to a node details page.  In the upper-right corner, you’ll see the “Customize Page” button.  Click it.






You’ll see a list of the resources in the columns on the page.  Click the plus-sign to add a new resource.




Now you’ll see a long list of categories of resources.  Toward the bottom, you’ll see “Report Writer – Turn a Report from Report Writer into a Web Resource”.  Open that category to find “Report from Orion Report Writer”.  Select that one and click Submit.  Then click Done on the next page. 






You should now be on the Node Details page.  Scroll to the bottom (unless you placed it somewhere else) of the page to see your new resource.  It’s there, but it doesn’t know what to show.  You can either click “Edit” or the bright blue words “Click Here”.  They both go to the same place.






Next, you pick a report from the complete list of reports available in Report Writer.  Now, here’s the trick:  If you select a report, it will show the data for all nodes.  By default, it is not filtered to the current node.  Now, you may want to know the results for every node.  You may want to be able to compare the results for this node to everything else at a glance. 








In the figure above, I selected the “Interface Types” report, which will show the number of interfaces of each type across all devices monitored by NPM, which is the report you see below.




What if I just wanted to see the results for the current node?  In that case, I would need to add a filter.  So click “EDIT” and this time you’ll add a variable to the filter.  To limit the report to interfaces on the current node, we would add the statement “NodeID Like ${NodeID}”.  The first term, “NodeID” says you’re going to filter on the Node, and the second statement is an Orion variable that says this node, where this is defined by the node details page you’re currently viewing.  Check out the Admin Guide for a complete list of node variables and interface variables you can leverage.






BTW, that same report with the node filter applied looks like this:










That’s the long and short of the report resource.  It’s a simple resource, but it has a lot of flexibility because you use the Report Writer to modify any of Orion’s existing reports, or you can write reports from scratch, using either the wizard UI or, if you’re up for it, by writing raw SQL statements.  In essence, if there’s info in the database that you want to display on a resource, you can expose it virtually anywhere in the Orion UI.

Last week at Cisco Live was quite an experience!  It was great to meet Orion and Storage Profiler customers face to face.  Two items that users discussed most was End-to-End mapping (mapping storage back to its source) and file analysis.  Since we recently did a post on End-to-End mapping (Oh Storage, Where Art Thou?), I thought I would tackle the basics of file analysis.


In Profiler, file analysis allows you to look at all of your formatted space (Server, NAS and VM) and summarize usage by file age, file type, and ownership, and build rules to find specific files (“files of interest”).  In this post, we will turn on file analysis for a physical servers, and show the reports and rules you get by default.  We will add NAS and VM shares in future posts.


To turn on file analysis for a specific server, navigate to Configuration->Devices from the Getting Started page. On the Devices page, locate the server that has the agent installed on which you wish to enable File Analysis and click the wrench of the server.  In the configuration page that pops up, go to the file analysis section.


Set the Status to “On” and set the Start Time (defaults to midnight).  File analysis will run every day, you can change it by changing the frequency.

Once file analysis runs, when you review the “Files” tab for that server, you will have the summary file analysis data appear:

By default, you will get summary by file type, file age and user (ownership).

Also by default, you will get three rules:

  • Orphan Files: Files who have no owner
  • New Files: Files that have created in the last 24 hours (Windows Only)
  • Largest Files: The largest files on the drive

If you click the link under files reported, you will get the details on each file, including location, size, last accessed and ownership.

So armed with the information, you can summarize your files and find specific ones you might want to take an action on.  Some common use cases:

  • Find all MP3 (or other unwanted files)
  • Find all files over 1MB and not accessed in 1 year
  • Find all PST files

In future posts, we will review adding NAS and VM shares, and step through creating rules.


  • All of the above reports can be run across multiple servers through the reporting engine (Reports > Quick Reports).
  • If you want to create a rule, go to Administration > Rules > Add New Rule > File Analysis Rule.
  • If you want to change file analysis settings for multiple servers, you can go through Policies (Administration > Policies > Default OS Policy > File Analysis).
  • File analysis walks through the entire file system every time it runs, looking at the meta information of the file (it does not open the file and review the contents).  It does put a load on the system while it runs (generally 15-20% of CPU), so generally users run file analysis at night outside of the backup window.

First, I wanted to say it was great to meet so many of you out at Cisco Live last week and finally put a name with a face!  I had many various conversations while I was there, but there was one that I had a couple times, so I decided to dedicate a blog post to it. 


Since we released Orion NPM 9.5, there have been various System Manager functionality in version 9.5 and posts on thwack regarding Orion System Manager and some of the administrative functionality being disabled and having to use the Orion web console web node management to perform these functions.


The first question always is why? 


Well the answer is quite simple. As Orion grows and we add more features, modules, etc., they each require new administrative settings.  For us to put them in both places and maintain them in both places ultimately means we have less time to work on other enhancements and features.


Also, as Orion gets more widely adopted in organization you may have more than one person whom you want to have administrative access.  With Orion System Manager, users must be given permission to RDP to the Orion server which may create security issues and you may have to purchase Windows terminal server licenses depending on the number of users that need access.  In contrast, with the Orion web console, users can just hit a web browser from where ever they are which allows for controlled access and is much more efficient.


So why is the web console better than System Manager?

  1. You don’t have to RDP to the Orion server to use it
  3. You can do “multi” operations meaning multi-edit, multi-poll now etc.
  5. You can populate custom properties directly inline to editing a device, interface or volume
  7. You can directly assign Universal Device Pollers from here
  9. You can unmanage and remanage nodes and interfaces
  11. You can create VMWare API credentials directly inline creating and editing a node

The primary complaint we hear from users is that using the web node management in the web is slower that the win32 UI.  We have done some work to improve this and continue to do work here. For example, we introduced paging in the UI to load elements quicker.  However, I wanted to give ya’ll some tips and tricks to more effectively utilize the web node management


Question: I want to view specific interfaces and be able to filter on them without having to expand each node to see them.  
Answer: Use the show drop down and select interfaces and you can then filter or search for the specific interfaces you want




Question: I want to do a mass edit or delete of items that span across multiple pages, but I don’t want to have to go through and select them all.  
Answer: On the first page, when you select the checkbox next to name in the header, you will see a new dialog which allows you to manage just the elements on that page, or you can select all elements across all pages and then choose edit, delete, poll now etc.




Question: I want to view more than 40 elements on a single page, how do I do this?  
Answer: This is quite easy to change, just remember, the higher you increase the value, the longer it will take for the page to load and refresh.  Under page size you can change the value and hit enter.




Question: I don’t see the columns I want to view within the web node management console, can I change these?  
Answer: Yes, you can, it is somewhat hidden but in the screenshot below you can see the two arrows pointing to the right.  If you click on these you will get a new dialog which will allow you to choose which columns to display.





Filter Blog

By date: By tag:

SolarWinds uses cookies on its websites to make your online experience easier and better. By using our website, you consent to our use of cookies. For more information on cookies, see our cookie policy.