SolarWinds Server & Application Monitor (SAM) offers even more power and flexibility thanks to the new features of version 5.0. This in-depth customer training looks at these new features and shares some best practice advice on using SAM, including a live product feature demonstration.


  • What SAM does – Systems and Apps
  • New Features in 5.0
  • New Vendor Support
  • Live Product Demo



Or everything you always wanted to know about Orion reports but were afraid to ask.

This post is meant for everyone who would like to create his/her own Orion report but is not sure how to start. We have collected a few useful resources that can help you start creating basic reports and also provide technical reference for future enhancements.


The Big Picture


A predefined set of reports is available in the Orion Web Console (HOME -> Reports).


Although the predefined reports are useful and easily accessible, you may sometimes find yourself in need of customization. In that case, there is the Orion Report Writer application that can be found on your Orion server under Start -> All Programs -> SolarWinds Orion -> Alerting, Reporting, and Mapping -> Report Writer.


Using the Report Writer, you can easily create your own Orion reports either from scratch or by editing an existing report. If you want, you can even directly enter the SQL commands implementing the desired report functionality.

And there is more. You can use the Orion Report Scheduler (Start -> All Programs -> SolarWinds Orion -> Alerting, Reporting, and Mapping -> Orion Report Scheduler) to schedule report-related actions. For example, you could create a job that would automatically e-mail you a report every Monday morning that included any significant network events that occurred over the weekend.



Do You Have a Tutorial?




As a quick start guide, you can use Video Tutorial: Using Report Writer within Orion NPM.


  • Report Writer overview
  • Report creation and customization
  • Exporting reports


Advanced topics on reports from SolarWinds’ NPM network monitor are included in Video Tutorial: Orion Network Performance Monitor (NPM) v10 Customer Training - Level II.


  • Orion reporting overview
  • Reporting architecture
  • Report types and customization
  • Report delivery options
  • A lot of hands-on examples


An exhaustive source of information is Customer Training: NPM Level 2 - Reporting - A Webcast from SolarWinds.


  • Introductions and Housekeeping
  • Top Report Features
  • Working with Existing Reports
  • Examining the Resulting SQL Queries
  • Filtering and Date Formats
  • A bit About SQL
  • Report Scheduler
  • Including Charts


I Want to Know More!


Then please refer to SolarWinds Technical Reference: Understanding Orion Report Writer.


Other Useful Links


Reports on Orion NPM thwack Content Exchange – what you need may already exist here

Video Tutorial: Managing Custom Properties in Orion NPM.

Orion Administrator's Guide

SolarWinds Knowledge Base

Every few months or so I like to take the opportunity to highlight many of the new application templates that have been recently released by the SAM development team. I’ve done so twice before, and will continue to do so on a fairly regular basis.


New application templates, (be it officially created by SolarWinds, or community created), are being posted to the SAM Content Exchange all the time. If you’d like more immediate updates when new application templates are released, I recommend subscribing to the SAM Content Exchange RSS feed using your favorite RSS news aggregator, such as Google Reader.


A listing of all SolarWinds officially created application templates available in the Content Exchange can be found here. You can even use your RSS reader to subscribe exclusively to SolarWinds officially published content.


NOTE: Recent changes to have changed the RSS feed URLs for the Content Exchange. If you’ve been following the SAM Content Exchange via RSS you may need to update your RSS reader using the above link.


As always, you can continue to browse and import new application templates shared on Thwack from within the product itself using the Shared Templates on Thwack located under Settings > SAM Settings.


Official application templates created by SolarWinds and posted to the Thwack Content Exchange eventually make it into a shipping release of the product. We recently released Server & Application Monitor 5.0 which included support for 30 new and updated applications out of the box. A soon to be released service release for SAM 5.0 also includes support for an additional 19 new and updated applications.


We are constantly striving to create a broad array of application templates to cover many different aspects of the IT infrastructure, and this latest batch is no exception. We welcome and encourage feedback on any of these templates, which can be posted in the comments section below, or in the posted application template itself. We also welcome requests for new application templates which can be posted in the SAM Feature Requests forum.


Operating Systems



Symantec Endpoint Protection Server


Symantec Endpoint Protection Client


Microsoft Forefront Endpoint Protection 2010 (Server)


Microsoft Forefront Endpoint Protection 2010 (Client)



MongoDB (Linux)


MongoDB (Windows)

Exchange 2010 Database Availability Group


Exchange 2007-2010 Mailbox Send and Receive Statistics with PowerShell


Lotus Domino Server Processes and Network Ports (Windows)


Lotus Domino Server Processes and Network Ports (Linux)

Symantec Backup Exec Server

Lotus Domino Server Statistics

Symantec Backup Exec Remote Agent




Proxy Server

Microsoft Dynamics CRM 2011 Statistics

Squid (Linux and Unix)

Microsoft Dynamics CRM 2011 Events

Squid (Windows)



Name Resolution

Custom Applications

Microsoft Windows Internet Name Service (WINS) Events

Microsoft Message Queuing (Performance)

Microsoft Windows Internet Name Service (WINS) Statistic

Microsoft Message Queuing Events





Server Clock Drift (Perl)

SolarWinds Synthetic End User Monitor (SeUM) Player

Server Clock Drift (PowerShell)

This blog complements the information available here, related to what SolarWinds has to offer to the Managed Service Providers (read also the FAQs) and focuses on the multi-tenancy capabilities of SolarWinds NPM network monitor (even if some of this document is actually applicable to other products relying on the SolarWinds Platform, aka Orion Core.

First, what is multi-tenancy?

Wikipedia defines it as a software architecture where a single instance of the software runs on a server, serving multiple client organizations (tenants). Multi-tenancy is contrasted with a multi-instance architecture where separate software instances (or hardware systems) are set up for different client organizations.

With a multi-tenant architecture, a software application is designed to virtually partition its data and configuration, and each client organization works with a customized virtual application instance.

The drivers behind multi-tenancy are mainly (but not only) cost savings (only one platform – HW and SW – is needed to support multiple customers) and easier release management (tasks like upgrade, high availability, database backup are performed only once and benefit all supported customers in a single operation).

Can SolarWinds products be deployed in a multi-tenant way?

Yes, and here is how.

For more clarity, let’s break down this discussion into 2 separate topics:

·         Visualization
How do I configure SolarWinds
products so a particular customer can safely login into the SolarWinds product portal and get a view restricted/limited to THEIR IT resources, even though they are being supported by a multi-tenant platform that also supports other customers like them?

·         Deployment and Data Collection
What should be my deployment strategy, so I can collect management information from my customer’s IT environment and feed it back in to a single shared (i.e multi-tenant) SolarWinds
instance? How do I deal with duplicate IP addresses that my customers have?

This discussion could be extended to other levels, such as storage, and this might be explored in further editions of this blog, but for now, let’s stick to this two main topics: visualization and data collection.

Configuration of the visualization in multi-tenant environments

How to create for my customers, the perception that they are on their own private IT management platform, while they are actually being hosted on a single instance, shared with other customers?

The SolarWinds platform provides two types of “Limitations” that will allow you to isolate the view and the data that each customer has access to:

  • Account limitations.
    This type of limitation is the most commonly used by MSPs and allows for the restriction of the Nodes that a given login will be able to view (or not). Simply put, the Account Limitation controls visibility that Accounts/Login have of Nodes. We will use this notation in the rest of this blog: Account => Nodes
  • View Limitations.

This type of limitation allows the MSP to restrict the Nodes that a given View will be able to display. This will be noted View=>Nodes. Of course, if all your accounts have access to the same Views (e.g. a TOP 10 view), this is not very helpful in the context of isolation, because then all your accounts will have access to all the nodes that this view has visibility on. This is useless for multi-tenancy, unless you can control visibility of Accounts on Views (Accounts => Views); then by combining this with Account Limitations above, you can configure this type of visualization model: Accounts => Views => Nodes.

What is a View?: A view is an HTML page displaying multiple resources (single graph, table, display widget), that have a common theme. A product usually comes with multiple out of the box views. Customers can create new or customize views. Views are selected by clicking on their names right below the product tabs.


Now that we understand the theory behind these 2 features, let’s look at concrete examples and how to configure them.


Account limitations: As said above, MSPs typically use this to control the Nodes visible by their Accounts (i.e. login) across all generic views (or regardless of the view).

To configure Account => Nodes, go to Settings>Manage Accounts>Select an Account>Edit>Account Limitations>Add Limitation:



As you can see, there are many different ways to express the list of nodes that will be visible by the account/login that you have selected. Let’s explore a few:

  • Single Network Node does what you would expect (you can select a single node). Easy for testing but fairly limited.
  • Group of Nodes (understand “list” of nodes), is more interesting: it proposes the list of Nodes so you can check one node or multiple nodes that your Account/Login will have visibility on. This is the most commonly utilized.
  • Single Group allows you to define a group and use its content to limit what a user shoud be able to view. This is an easy way for an MSP to define the views of each of their customers.
    Just create a group (Settings>Nodes & Group Management>Manage Groups) and use this group to configure your Single Group limitation.
    Any user associated to this group, will see his/her views restricted to the content of this group.

    Note that this was fixed in NPM v10.4, and used to be more tricky in previous versions , because it does not do what most people expect. Here is the behavior experienced pre-v10.4 abd how to workaround it. This section below is NOT required in NPM v10.4.

You would expect it to give visibility to all Nodes that have previously been put in a group, which would be very easy for MSP’s: put your nodes assigned to each customer in a group representing the customer and you are done, then just assign each Customer groups to the Account/Login allocated to this customer.
Unfortunately it does not work this way. Doing this restricts access to the Group itself but the visibility limitation does not extend to the content of the group. So this does not help you.
Here is how to make it work: make sure you have a Custom property for each Node in NPM network monitoring software, populated with the Customer name (you would probably do this to create the group anyway), but instead of creating your Account Limitation based on the group (which does not work), you create it based on a Custom Account Limitation based on a property. Creating a Custom Account Limitation based on a property is easy: Start Menu>App Programs>SolarWinds Orion>Grouping and Access Control>Custom Property Editor>Orion>Account Limitation Builder> Add>name your custom limitation, select your Custom property (e.g. CustomerTag in example below):
Once done, go back to your Account Limitation screen and notice your Custom Account Limitation method:
This is functionally equivalent to what you think it would do if you created your Account Limitation to a Group that was based on the Custom property “CustomerTag”. Just don’t use the group.


View Limitations: As seen above, MSPs typically use View limitation in this context: Accounts => Views => Nodes, and the most common use case is when Views are actually Home>Summary Views that need to be different per customer, because they have maps that are specific to customers. In other words, for the map to be specific to a customer, you need to create a view that has the correct map and assign it to the Account / Login attached to this customer.




Here is how to assign a Summary View to a account: go to Settings>Manage Accounts>[select an account]>Edit>Account Limitations>Default Menu Bar and Views:



Then, once you have assigned a view to your account, you can now restrict what Nodes will be visible from this view by using a View Limitation: Settings>Manage Views>[your custom view]>Edit>View Limitation> Edit:


From there, the same discussion as above applies.


Let’s take a concrete example and make sure you understand how the system behaves. Let’s say you have used this model Accounts => Views => Nodes to deploy your 2 customers ACME and EuroCust, respectively based in US and Europe, as follows:

  • Account ACME => US_View – use the home page view configuration
  • Account EuroCust => Europe_View – use the home page view configuration
  • US_View=>Chicago_Router, Austin_Router – use the View Limitation feature
  • Europe_View=>Frankfurt_Router, London_Router – use the View Limitation feature


This will provide the expected view, but you will want to know about the following behavior of the system: If the Account ACME user can modify the URL of his US_View page and figure-out what URL corresponds to the Europe_View page, he will not only be able to see the map of Europe (not big deal) but more importantly, see the Frankfurt_Router, London_Router, because these are attached to the Europe_View, as per the View Limitation.


If you are afraid of this behavior (some MSP consider this a back door), then you should NOT use the View Limitation and rather model your system like this:

  • Account ACME => US_View – use the home page view configuration
  • Account EuroCust => Europe_View – use the home page view configuration
  • Account ACME => Chicago_Router, Austin_Router – use the Account Limitation feature
  • Account EuroCust => Frankfurt_Router, London_Router - use the Account Limitation feature

The conclusion of this part is that you will want to think about how you will model your environment and customers, do some preliminary testing of SolarWinds products, based on the ones that you have deployed. Remember that different products may honor the Account and View limitations differently.

Ultimately, you will want to make your own opinion about the pros and cons that the various options offer. Hopefully the section above will help you understand the most important points, so you can figure out the details related to your particular environment.



Deployment and Data Collection in multi-tenant environments

The main issue at this level is dealing with duplicated IP addresses, which the MSP customers will usually have. Today, there are two recommended ways to deal with this: NAT and EOC-based deployments

NAT-based deployment: Network Address Translators translate the customer domain addresses, so that they are all unique from a SolarWinds product perspective. Basically, NAT eliminates the overlapping IP addresses.

Note that this makes the identification of managed devices more complex because the translated IP’s don’t necessarily make sense to report readers. This can be addressed by populating custom properties with IP’s or Names that will not be affected by any translation.



EOC-based deployment: a full instance of SolarWinds product is deployed per Customer (usually large ones) and they are consolidated at the MSP level, by EOC (Enterprise Operations Console)


Other deployment considerations

SolarWinds does not recommend the deployment of a central (NOC) instance of our network management product with one Polling Engine deployed on each customer’s network, because the WAN that would then connect the remote Polling Engines and the central database, would likely be the cause of lower reliability and higher latency which is not a certified environment.

Other solutions such as managing an entire customer environment via a unique IP address and differentiate their different managed devices (e.g. servers) using different SNMP ports (port forwarding) does not work.



You can find more on Orion architecture (non MSP-specific) here.

In case you missed it in our Log & Event Manager Release Roundup: Latest News post, the next release of LEM is now in Release Candidate status. You can join up by filling out the survey over on SurveyMonkey, I'll provision it to your Customer Portal and you can get crackin' on the new features.


LEM 5.4 RC Features: Flexibility!

The "theme" of this release is flexibility - extending the flexibility of your LEM deployment within your organization. We've added several features that make LEM more flexible to deploy, implement, and integrate into your environment.


Virtual Appliance Improvements: Deploy to Microsoft Hyper-V, Export/Import/Migrate Appliances

We've added the ability to deploy our virtual appliance on Hyper-V (instead of just VMware). It's got the same disk/CPU/RAM requirements (250GB disk, at least one 2GHz core preferably 2+, 8GB RAM dedicated) and the same ease of installation.


On all appliances, we've added the ability to export/import/migrate your appliance settings. This is useful in several different ways:

  • Migrating from a legacy TriGeo hardware appliance to the LEM virtual appliance
  • Migrating from one virtual appliance to another virtual appliance (standing up a new appliance and importing your configuration)
  • Disaster recovery scenarios where configuration settings have been lost, a mistake was made, or other unfortunate scenarios occur that make you wish you could go back to yesterday's config


For customers interested in either Hyper-V deployments or the appliance migration functionality, we've got new documentation we can provide that includes extra details if you need them.


Console in your Browser! Awesome!

We've had a lot of requests to not run the LEM Console in AIR, and instead run it in the browser. Good news - we did just that! For the most part, this Console is identical to the AIR console, and you can import/export your settings from your existing AIR install into the web and vice-versa. The browser-based Console does require Flash 11.


To access the LEM console after upgrading, just head to https://<your manager's IP or name>/ and it'll redirect you to the right port and URL. The full URL is actually https://<your manager's IP or name>:8443/lem/ but we put in a couple handy redirects to make it Just Work(tm).


Your settings will now be stored on the manager you're accessing in the URL, so wherever you log in, you'll see the same filters, widgets, saved searches, and customized configuration settings.


Tips & Notes:

  • I'd recommend verifying you're on Flash 11 before you access the Console, just in case. We've had situations where someone upgraded from Flash 9 to Flash 11 and the browser was most unhappy! You can manually download and install the latest flash player here.
  • If you're having issues with Firefox, try IE (seriously) or Chrome. We support Firefox 11, Chrome 16+, and IE9 and have done a cursory pass on Safari, but we found a few browser inconsistencies that generally apply more to Firefox than the other browsers.
  • There shouldn't be cases where you have to close/reopen your browser or tab to fix an issue - if this happens to you (especially consistently), please let us know so we can track down issues where the Console seems to get "stuck" and stops functioning. The same is true of a browser or flash plugin crash, if you see this consistently, let us know.
  • If you've been using the AIR console and want to import your settings to the web, first upgrade your AIR Console to 5.4, then go to Manage > Appliances, then click the rightmost gear (underneath the Help icon) and choose "Export User Settings".  In the web console, do the same thing, but select "Import User Settings". Your settings will be pushed up to the appliance and applied, and viola! Instant customized Console.
  • When reporting issues with the browser Console, be sure to let us know what browser & version you're using, and make sure you're up to date on Flash (Adobe's trying to make it even easier to update Flash, but you never know, you might have hit "stop yelling at me" and not manually upgraded in a while).
  • When building rules & filters, you might notice that the item you're dragging appears away from your mouse cursor; there are some timing issues that we're working on here and may not be able to resolve before release. Follow your mouse cursor arrow, not the item text, to determine where it'll be dropped.


Authenticate to LEM via Active Directory Services

As a bonus management feature, we've added the ability for you to authenticate to LEM via Active Directory (not just a LEM built-in user). You can add AD Groups or individual AD Users and assign them to a LEM Role, then the authentication works like magic.


To Configure:

First, configure the "Directory Service Query" inside of LEM to authenticate to the directory:

  1. Go to Manage > Appliances: 
  2. Click the Gear icon next to your appliance, and click Tools:
  3. Under "System Tools", click the Gear next to "Directory Service Query" and click "New":
  4. Specify the (fully qualified) domain name (e.g. corp.local), the IP of your domain controller (preferably IP, DNS name may work if your appliance is configured with reliable DNS), the service account username & password to use, and whether your DCs require SSL or not. If you don't use a custom port, you can ignore that field (the defaults are 389 for non-SSL and 636 with SSL).
    1. NOTE: If you want to test your connection, you can type in your FQDN in the "Test Domain Connection" box, but don't be alarmed if the button doesn't do anything - it can't actually test until we entirely finish.
  5. Click Save when you're done.
  6. IMPORTANT: To actually start/enable the connection, you need to start the tool/connector. Click on the gear again, and click "Start":
  7. At this point, everything should be configured and running.
    1. NOTE: If you entered your FQDN in the "Test Domain Name" box, you can click the "Test Domain Connection" button now. Success or failure won't be reflected here, you'll find alerts over in the Monitor area that will indicate success or failure. The alert is an "InternalInfo" alert that says "Connection to Directory Service succeeded", or an "InternalWarning" alert that will let you know it failed and give you some idea of why (password failed, timed out, etc).
  8. When you're done, click "Close".


Next, add users in LEM that you want to authenticate with the directory:

  1. Head over to Build > Users:
  2. Click the + icon on the far right hand side and choose the option corresponding to what you'd like to add:
    1. LEM User: adds a new built-in LEM user, using built-in LEM authentication. After adding the user, fill out all the information, including the e-mail address(es).
    2. Directory Service User: lets you specify a new SINGLE user from the directory to add to LEM, using directory authentication.
      1. In the leftmost panel, select the OU you wish to add the user from.
      2. In the center panel, select the Group you want to use to narrow down the user. The group in brackets at the top that mirrors the name of the OU will show ALL members of that OU, which might take a while if you've got a big organization (which is why we let you search using groups, too!).
      3. In the rightmost panel, select the User you want to add to LEM and click "Select User". All of that looks a bit like this (adding the user "npauls" from the "Engineering" OU, using the entire OU to search) - names hidden to protect the innocent:
      4. After you add the user, specify their LEM Role (Administrator/Auditor/Monitor/Contact), click the "Save" button on the bottom right to officially add them to the list.
    3. Directory Service Group: lets you specify a new GROUP (and all members therein) from the directory to add to LEM, using directory authentication.
      1. In the leftmost panel, select the OU you want to view the group in. You might find that your OU contains sub-folders that contain hidden group containers for things like distribution/global groups.
      2. In the rightmost panel, select the Group you want to add (that is, all members in this group should be able to log in to LEM, and be assigned the same LEM role). All of that looks a bit like this (adding the group "Domain Admins" from the parent domain's built-in "Security Groups" area, which would normally appear in the parent domain itself):
      3. After you add the group, specify their LEM Role (Administrator/Auditor/Monitor/Contact), click the "Save" button on the bottom right to officially add them to the list.
  3. Don't forget to hit the "Save" button after you add a group, it's easy to miss!


A few important notes:

  • When using Directory Service users, the email address is imported from the directory and not editable inside of LEM.
  • The same connector/tool that interfaces for Directory Service Groups in LEM (for use with filters, rules, and searches) is used for authentication, so you only have to configure it once.
  • You'll want to set aside a service account that can be used to do this, and you might want to set it to never expire, or suddenly you'll find all your Directory Service users unable to log in.
  • Don't forget your LEM built-in admin user password! You can always get in using this account, even if directory services are down. If you've forgotten it, there's a command at the appliance to reset it back to the default of "password".
  • When logging in, use DOMAIN\user to indicate you're logging in as a Directory Service user.
  • I found it a little confusing at first to have to look in the "Security Groups" folder for my Windows 2003 domain controllers, so don't forget to check there if you don't see the groups you'd expect.


SNMP Notification Support & Integration with NPM/SAM

In LEM 5.4, we've added new connectors to receive data from NPM/SAM and Virtualization Manager. Set up your alerts in the Alert Manager (or via Virtualization Manager's Console) to send to LEM, and use LEM to correlate those events with other events across your enterprise, perform root-cause analysis of problems across systems, and use LEM's active responses to triage or respond to issues.


Receiving SNMP Alerts from NPM/SAM/Virtualization Manager in LEM

Some examples of awesome ways you can use the systems together:

  • NPM detects a device outage or performance issue; use LEM to trace back the issue to its FIRST occurrence and determine the problem may be a DoS attack, virus, or other security issue - possibly even detected on an endpoint.
  • SAM detects an issue with a service, use LEM to determine if there are errors being generated from that service, when the issue started, and respond by restarting the service, and building a rule to detect & notify you future outages before the service actually goes completely down.
  • Build rules inside of LEM that combine data from NPM or SAM with your event log, device log, and application log data, to combine the power of what's happening in the log with the knowledge that something's gone bad.
  • Respond to an event detected from SAM or NPM in the LEM Console to isolate an issue, quarantine a user or system, restart a service, or kill a process, among others.


To send data from NPM/SAM/Virtualization Manager to LEM, first on the LEM side:

  1. Enable SNMP on the appliance, if you don't already have it enabled. From the virtual/hardware appliance "Advanced Configuration" console, type "service" (at the "cmc" prompt) then "enablesnmp" (at the "cmc::scm#" prompt).
  2. Configure the SolarWinds tool on your LEM appliance via Manage > Appliances, then Gear>Tools:
  3. In the "Network Management" category, create a new "SolarWinds Orion" tool/connector by clicking Gear>New (this connector does cover all of NPM, SAM, and Virtualization Manager):
  4. Click "Save" to save the configuration (you can change the default name/alias that appears in all of the messages from these tools, if you'd like).
  5. Click Gear>Start to enable the tool/connector to monitor for incoming data:


On the NPM/SAM side, use Alert Manager to enable SNMP alerts for different settings. For more information on setting up alerts with SAM, check out the "Creating Alerts" section in the SAM User Guide. For more information on setting up alerts with NPM, check out the "Creating & Managing Alerts" section in the NPM User Guide. For more information on setting up alerts with Virtualization Manager, check out the "Alerts" section in the Virtualization Manager User Guide.


Sending SNMP Notifications from LEM to NPM/SAM and Other Systems

We've also added the ability to send SNMP traps to other systems, including NPM/SAM, so that you can correlate data in LEM and notify other departments, systems, and people, via the infrastructure you've already got set up.


Some examples of how this is useful:

  • If LEM correlates an issue, you can send the notification to SAM/NPM, where it'll appear in the SNMP Traps section of the system, and you can perform root cause analysis from the SAM/NPM side to determine if there was a security or other event found in the log data around the time your issue started.
  • Rather than using SAM/NPM to receive ALL your event log, syslog, and other data, use LEM and forward only the critical/useful events on to the teams that need them.
  • Notify and forward events to third party systems (outside of NPM/SAM) to share data across your organization.


To use the SNMP notifications in LEM, first you'll need to enable the SNMP response tool/connector, then you'll need to add the SNMP notification to any rules you want to pass on to another system.

  1. Configure the SNMP Active Response tool/connector via Manage > Nodes, then Gear > Tools:
  2. In the "System Tools" category, click Gear > New next to "SNMP Active Response":
  3. Click "Save" after creating a new item (all of the configuration regarding which host, ports, etc to use is in the action itself, not in the configuration). You can customize the name/alias if you want it to appear differently.
  4. Be sure to click Gear > Start to enable the new connector/tool (or no SNMP notifications will be sent!):
  5. Click "Close" to exit configuration.
  6. Identify or build a rule you wish to add the SNMP notification to over in Build > Rules. I'll use the NATO5 "Critical Server Suspicious Network Traffic" rule as my example (Clone it to Custom Rules first!), since this might be important information about a node that I want to forward over to SAM or NPM so that if that machine begins behaving unexpectedly (consuming excessive bandwidth, performing poorly), that information is present. This rule also has a default Block IP action that you could choose to keep (and would want to let other systems know the action was taken) or remove in favor of only sending a notification.
  7. In "Actions", select and drag over the "Send SNMP Trap Alert" notification to the "Actions" box.
  8. Specify the destination SNMP Trap Host (where you want to send the trap) and port (if you do not specify one, the default of 162 will be used). You'll need to go to "Constants" and drag over a "Text" constant into the "Destination Host" box in order to edit it first.
  9. Specify the category of alert you'd like to escalate. For now, you can pick from the default "Incident" type of alerts. The type of alert will dictate the kinds of fields you can send over - for example, "HostIncident" will contain fields like Source/Destination Account, where "NetworkIncident" will contain fields like Source/DestinationMachine (and "HybridIncident" tries to be the best of both worlds). Pick the one that best suits this type of rule - in my case, I'm going to go with Network Incident (since the events were detected on the network and I'll find the most useful fields there), but if I'm more server minded, I could also go with Host or Hybrid Incident (indicating there's a problem with a host, but it was detected on the network).
  10. Fill out the fields from the alerts that contributed to your rule, just like you would other LEM actions. In this case, I'm going to use the "Network Audit Alerts" Alert Group, since that's what my rule uses, and that's where I want the data to come from in the original event. Here's what it'll look like in the end (it goes on, but you get the idea):
  11. If you want to notify more than one SNMP host, add another "Send SNMP Trap Alert" action and fill it out similarly.
  12. Save the rule, and don't forget to Activate Rules when you're done! It's at the top right, this tells the appliance/manager you're ready to use the new rule you've built:

At this point, when your rule fires, the SNMP Trap will be sent on to the server you specified. In SAM/NPM, you can view this in the SNMP Traps area of the console.


We Want Your Feedback!

If you join the RC, be sure to check out the Log & Event Manager RC group here on thwack. We'll put up any known issues there and are happy to answer questions about the RC or features in the RC.

We're also interested in any RC customers willing to do a quick screen sharing session/phone call with us to talk about the new features and your experience with them. Let me know via comment, e-mail, or Thwack post and I'll get it set up.

Lastly, for those of you already on the RC, we'll be updating to RC2 early next week, with a couple of quick fixes.

For those of you who haven’t heard, Solarwinds now has a powerful set of remote control and Windows administration tools called Dameware. The Dameware Mini Remote Control (MRC) lets you remotely connect to Windows machines for remote support and administration. Dameware NT Utilities provides you with a rich set of Windows administration tools (like AD and Exchange), as well as easy access to native Windows systems tools. NT Utilities also includes MRC. Let’s say you are responsible for supporting desktops or servers and you frequently require the need to remote into those machines to perform certain support-related or administrative tasks. RDP has worked in the past, but has some serious limitations in terms of interactivity, and doesn’t provide any functionality around screen sharing, chat, screenshots, or file transfer. NT Utilities and MRC are your answer. NT Utilities gives you a wealth of real-time system information on the machine you’re connecting to, as well as direct access to native Windows and AD administration tools all from the same console. MRC gives you the ability to quickly and easily connect to a desktop or server to initiate an interactive screen sharing session, almost as if you were standing over the shoulder of the user on that machine.


If you’d like to learn more, we are hosting a webinar on Tuesday (details below). Please join us to learn more about the Dameware products and how they can make your life easier.

When Native Windows Admin Tools are Not Enough - A Look at the Options


Windows comes with its own management utilities. But what if you need more? Are there options available that will save you time, hassle, and effort? In this webinar, we take a look at some of the most common tasks sys admins face on a daily basis, and look how you can save time with some tips, tricks, and tools.

We will overview:

  • Included Windows Tools
  • Time-saving tips for managing systems, AD, Exchange, and more
  • Other tools available - DameWare, free tools, and more


Register to attend this live event:

WHEN: Tuesday, April 10, 2012

TIME: 11:00am (US Central Time)

I have a great news for all existing customers (under active maintenance) who are awaiting new features announced in What we are working on: "IPAM 3.0 RC is behind the door"!


It is also good news for those who participated in our IPAM Beta program and would like to install new IPAM 3.0 on their production servers.

We would appreciate if you took a few minutes to fill this survey. It contains a few questions related to your current IPAM experience and it also gives you possibility to ask for future features.


Just to remind all folks about the main features of IPAM 3.0, here is a quick summary:


  • Microsoft DHCP server management
  • Microsoft DNS server monitoring
  • Improved User Delegations
  • Improved IP Address importing - brand new wizard
  • Enhancements and fixes to the user interface


DNS Monitoring:



Improved user delegations rules:




This is obviously just a small piece of what we have prepared for you. We would be glad for any kind of feedback you can provide regarding IPAM RC builds when they become available - as you know, we always listen to you so your feedback is very important.




We are currently working on STM version 5.7 and beyond (in parallel).  Some of the items we hope to deliver:

  • Storage Manager Server and Agent health and status overview
  • Product stability improvements
  • Preservation of Agent and Server settings on upgrade
  • Improved graphs
  • User-defined LUN Grouping
  • EMC PowerPath Support
  • Better "Storage Group" Dashboards

Disclaimer:  Comments given in this forum should not be interpreted as a commitment that SolarWinds will deliver any specific feature in any particular time frame. All discussions of future plans or product roadmaps are based on the product teams intentions, but those plans can change at any time.



SolarWinds Server & Application Monitor 5.0 is just a few weeks old but we're already busily working on some great new features and enhancements to the product, such as...


  • Native support for Microsoft Hyper-V
  • Improvements to Application Template Editing, Including Multi-Edit Functionality
  • Hardware Health Summary Resource
  • Charting Improvements as Demonstrated Here
  • Windows Event Log Monitor Enhancements to Display Event Message Details
  • Additional Hardware Monitoring Support, including IBM MegaRAID Controllers and other Miscellaneous items.
  • Enhancements to the Real-Time Process Explorer, Including Ability to End Task on a Process


PLEASE NOTE:  We are working on these items based on this priority order, but this is NOT a commitment that all of these enhancements will make the next release.  We are working on a number of other smaller features in parallel.   If you have comments or questions on any of these items (e.g. how would it work?) or would like to be included in a preview demo, please let us know!

Filter Blog

By date: By tag:

SolarWinds uses cookies on its websites to make your online experience easier and better. By using our website, you consent to our use of cookies. For more information on cookies, see our cookie policy.