1 2 Previous Next

Product Blog

30 Posts authored by: mavturner Employee

SolarWinds NetFlow Traffic Analyzer (NTA) 3.8 was released last month. In case you missed it, below is a quick overview of some of the cool new features now available. You can find the release notes here.


  1. BGP Support
  2. Huawei NetStream
  3. Flow Navigator
  4. Endpoint Centric resources
  5. Unified UI (most NTA resources can be placed on most views)
  6. Search
  7. Performance Enhancements


  1. Account limitations
  2. Service doesn't restart after database timeouts
  3. Export to PDF issues


BGP Support

NetFlow v5 and v9 include information in the flow about source and destination BGP Autonomous System (AS) fields. This is a feature for customers who need to track flows across multiple service providers. If you don’t have multiple service providers then you most likely don’t even need to worry about BGP. But if you do, then you are probably very interested in this feature. Here is a quick example of how to configure your router to include BGP information in the flow data(assuming you already have BGP and NetFlow configured on the router).

Router#configure terminal

Router(config)# ip flow-export version 9 origin-as

The origin-as command is saying to use record the AS that the traffic originated from. The other option is to use peer-as which will record the AS of the peer. I prefer recording the origin AS, but you’ll need to decide what information is the most useful in your network.

Adding the BGP AS data in to your flow data can have an impact on your router. I recommend monitoring the CPU of your device to make sure you don’t see any negative impacts after you enable this feature. Also, this should be enabled after hours or in your change management window instead of during the day. Once we are receiving the data, NTA includes two resources that will help you use this information; the Top 5 Autonomous Systems and the Top 5 Autonomous Systems Conversations resources.



Huawei NetStream

SolarWinds NTA now has full support for devices that use the  Huawei NetStream flow standard (ex: Quidway NetEngine 80 and 40 series routers). SolarWinds had support for other Huawei flow capable devices, but the NetEngine routers required special work to support. From a user perspective you monitor them just like any other flow enabled device in NTA:

  1. Add the device to NPM
  2. Monitor the source flow interfaces
  3. Configure the device to send flows to NTA
  4. The flows should be automatically picked up and added to NTA
  5. Enjoy your data!



Flow Navigator

Flow Navigator is an awesome new feature that makes finding specific traffic much easier. On all of the NTA pages, you will see a Flow Navigator icon on the upper left side of the page. If you click the chevrons (>>) then the Flow Navigator will fly out on the page and you can create a customized view of data. For example, if you want to see all web traffic from your site through a specific service provider, simply select port 80 on the Applications option and specify the appropriate BGP AS numbers. Here is a screenshot of the Flow Navigator expanded on to a page.



One other really handy feature is the “Save filtered view to menu bar” button. This allows you to quickly save your work so that you can re-use the view or make it available for other people. Simply click the button and provide a friendly name and the menu bar will be updated with your custom view.


Endpoint Centric Resources

Endpoint centric resources are essentially resources that have been added to your existing managed nodes so you can quickly see traffic information about that particular node. This can be particularly useful if you are trying to troubleshoot application and server issues because you will see the traffic being sent to and from that server on the same page where other pertinent application and performance data is displayed.



Please join us for an exclusive training session on SolarWinds Network  Performance Monitor (NPM).

Thursday October 6, 2011 @ 11:00 AM CDT


During this 60 minute training session we’ll cover:   

- The basics of  monitoring technologies

- Understanding monitoring for routers, switches, servers, and other  infrastructure

- Alerts! Making the most of your performance and availability monitoring

- Optimizing NPM features


Registration Link  https://www1.gotomeeting.com/register/508636512

SolarWinds Netflow Traffic Analyzer will keep detailed information for 60 minutes by default. This means you can get up to 1 minute granularity of flow information for the last 60 minutes. If you look for information from 2 hours ago, only the last hour will be represented up to 1 minute granularity. Below is a description of how exactly the NetFlow collector and database process information. Hopefully this will help in planning and understanding what you can do with the product to meet your needs.

1. Receive data and store in a temporary processing queue in memory

2. Every minute, this temporary queue will be processed before writing to the database. The main two processing steps are collapsing flows and Top Talker Optimization.

A. Flow Collapsing is the process of taking related flows (same source interface, source IP and port, destination IP and port) and aggregating the data into one record. When this information is written to disk, we will mark the time that the collapsed data was written. This means you cannot see granularity within this 1 minute interval.

For example: if you have this table of all collected raw flows



Source IP

Source Port

Destination IP

Destination Port

# Bytes

# Packets


























It will be collapsed into this table



Source IP

Source Port

Destination IP

Destination Port

# Bytes

# Packets











B. Top Talker optimization is the process of recording the flows that represent the most traffic in your network. By default, this value is set to 95%. For some users who need auditing precision, they change this setting to 100%. Based on research with internal testing and customers, 95% has the best results. Most of the other packets that are not being recorded usually have only sent a few packets and are not interesting from a traffic utilization perspective.

3. After the flows are collapsed and the top talkers are filtered, the data is written to disk. This data is written to a NetFlowDetail table. The exact table name depends on the node ID and a timestamp.

4. After the “Keep uncompressed data for X minutes” interval, this detail table will be further collapsed (compressed) and written to the NetFlowSummary1 table. The default of this interval is 60 minutes and can be increased up to 240 minutes in the web UI. The setting can be manually modified in the database by changing the NetFlowGlobalSettings.RetainUncompressedDataIn15MinuteIncrements value. We do not recommend you increase this value above what can be done through the web UI. The settings in the web UI are based on extensive testing with customers and internal performance testing. Once the data goes to this table from the Detail table, you can only see the traffic at a 15 minute granularity. That means, if your interval is from 10:00 – 10:15, you won’t be able to distinguish if the traffic was sent at 10:02 or 10:13 – we will just show you that is occurred in that range.

Here is a screenshot of the settings from the website with the settings.


5. 24 hours later, this information will be collapsed from 15 minute granularity to 1 hour granularity and stored in NetFlowSummary2 table. There is no way to modify this interval (24 hours) in the web UI. You can modify it manually in the database by changing the NetFlowGlobalSettings.CollapseTrigger2InHours value. This means, when you look at data from the previous day, you will only see that the traffic occurred in a 1 hour period.

6. After 3 days, this 1 hour data will be collapsed into daily data and stored in the NetFlowSummary3 table. This interval is set by the NetFlowGlobalSettings.CollapseTrigger3InDays value (default 3 days). This means, you will only know what day the traffic occurred and not what hour or minute. This data is kept for 30 days by default. This interval can be increased to up to 3650 directly in the web UI.

7. When flow data is expired (based on the above settings) the expired data will be permanently deleted from the database based on the “Delete expired flow data” interval (available in the web UI, once a day by default).


It's worth noting that this is just an example. All intervals are relative to the time when the flow arrives at the service. The various aggregation steps can happen at a later time if the service is too busy. However, the daily aggregation will always occur once a day.


UDT Tips and Tricks

Posted by mavturner Employee May 24, 2011

In case you haven’t heard yet, we have just announced a new product, User Device Tracker. This product helps you quickly find where a machine is connected in the network. We sometimes get questions about the difference between our other solutions for device tracking. To read more about that, see my Finding where devices are connected in your network. We have had a very positive response from our early adopters and testers. Some of the requests we’ve received are things we are working on building into the product, but I want to take a moment to share with everyone some of the more handy tips and tricks.


1. Change the type of interfaces that count for capacity


By default, UDT will use the following types of interfaces for capacity analysis: ethernetCsmacd(6), propPointToPointSerial(22), ppp(23), propVirtual(53), propMultiplexor(54), fibreChannel(56), fastEther(62), fastEtherFX(69), channel(70), gigabitEthernet(117), hdlc(118), l2vlan(135), l3ipvlan(136), pos(171). If you want to change this so that you will collect interface types that you are interested in tracking capacity for; delete the node (if you already added it), stop the Orion Module Engine service, modify the SolarWinds.UDT.BusinessLayer.dll.config file and update the UDT.MonitoredIfTypes values to include only the types you are interested in.


For example, the list of ifTypes can be changed from this initial list, to this second list:


<add key="UDT.MonitoredIfTypes" value="6,22,23,53,54,56, 62,69,70,117,118,135,136,171" />


<add key="UDT.MonitoredIfTypes" value ="6,56,62,69,70,117" />


After you update the list, you will need to start the Module Engine service and re-add the nodes and relevant ports. You capacity analysis charts should now include only the  IfTypes you are interested in.


2.More custom reports


UDT only has 1 out of the box report. Yes, we realize we need to do more. However, with all of the exciting new data we are collecting, customers are anxious to get access to it. Our developers have put together a few custom SQL reports and I placed them on the content exchange. In the future we would like to fully extend the schema so that these types of reports are easy for customers to modify and run on their own.


3. Finding machines with suspicious hostnames


UDT has a feature called the Watch List. The Watch List allows you to specify a machine that you are interested in keeping an eye on (maybe it is lost, or a recurring problem machine). You can quickly see where all of your Watch List items are connected in the network by looking at the list, or you can schedule a report to be sent daily so you can see when one of these machines connects to the network. Some people are excited about the potential for this set of use cases for rogue detection or unauthorized computers on the network. A quick (read hack) way to do this is to create a Custom SQL Report that looks for a specific pattern to match. For example, if I know that all of the computers at SolarWinds should start with “Solar”, I can create the following custom SQL report for all endpoints that DO NOT start with “Solar”:


select * from UDT_DNSName where UDT_DNSName.DNSName not like 'Solar%'


4. Integration with NPM and the difference between a port and an interface


Out of the box for v1, we wanted to have tight integration with our existing products. UDT can be installed completely independent of any other products, or it can be installed like a module with NPM. When it is installed with NPM, it will use the same database and you can simply run Port Discovery on the nodes you are already managing in NPM. Several resources are added to the Node Details View: Ports Currently In Use on Node Name, Port Details, and Ethernet Ports Used Over Time. If you install UDT standalone, you will still get these resources, but if you install with NPM, you get the benefit of being able to have the Network Management, Connection, and Capacity Analysis information all on one screen. You may then notice that there is a Port Details resource in addition to the Current Percent Utilization Interface table. This begs the question, what is the difference between a port and an interface? This is primarily a naming convention to make it easier to keep separate the different way these are licensed. An interface is an NPM construct that we collect utilization information about (bytes in/out, percent utilization, errors and discards, etc.). The interface impacts your NPM license count. A port is a UDT idea. When you have a monitored port, we will collect connection and capacity analysis information about that port and it will count against your UDT license. Here is a quick side by side graphic of the difference between ports and interfaces.




Some users get concerned when they learn they need to monitor all of their ports in UDT. This does not impact their NPM license at all. Take the example when you are monitoring the uplink interfaces in NPM on one 48 port switch. This should be 1 node license and 2 interfaces. When you add UDT, you will need to add the 48 ports that will count against the UDT license, but your NPM license will still be just the 1 node (since you are already monitoring the node) and 2 interfaces.


5. Deleting versus un-monitoring ports


This is more of a clarification for users who want to better understand the difference between deleting a port and un-monitoring it. Well you can’t actually delete a port in UDT (don’t worry, we’ll get this fixed in the future). If you want to permanently delete a port, you need to delete the node, the rediscover the ports and only select the ports you are interested in. If you select a port to unmonitor, we will not collect connection information (and it will not count against your UDT license), but we will still count it for capacity purposes.






For more information about UDT and to download a free 30 day eval, go here: User Device Tracker.

We spend a lot of time in the network world keeping track of data, hostnames, and IP addresses.   Everything we could want to know is only a few mouse clicks away, except perhaps where our devices are physically located.  User Device Tracker bridges the gap between the network and the physical world.  It sniffs out each device on each switch port, just waiting to let you know where something is, or where something was.  Tracking down a rogue device or anything naughty on your network has never been easier.  Historical data shows you where a device was last seen, so you can find that long lost laptop.  Switch capacity and utilization is consolidated for easy viewing.  Come and see what SolarWinds User Device Tracker can do for you!



SolarWinds User Device Tracker bridges the gap between the network and the physical world. It sniffs out each device on each switch port, just waiting to tell you where something is, or where something was. Historical data can even show you where a device was last seen, so you can find that long lost laptop. Come see what SolarWinds *NEW* User Device Tracker can do for you!


NA/LATAM - Thursday May 5, 2011 @ 11:00 AM CDT     
EMEA - Thursday May 5, 2011 @ 2:00 PM BST      
APAC - Wednesday May 4, 2011 @ 11:00 AM SGT

GoToWebinar link to sign up for the sneak peek:

NA/LATAM- https://www1.gotomeeting.com/register/614764688     
EMEA- https://www1.gotomeeting.com/register/233499057     
APAC- https://www1.gotomeeting.com/register/152541209

Here at SolarWinds, we like to offer options to our customers. A good example of that is the multiple choices we offer for device tracking. We have the Switch Port Mapper which helps with troubleshooting and runs against a single switch. In Network Configuration Manager we implemented some basic device tracking. In User Device Tracker, a new product we are building, we really focus on solving the problems associated with tracking users by offering a dedicated product for device tracking.

For a quick overview of the problems these various solutions solve, refer to this chart. For more details, read on.

Find what port a computer is connected to/XX
Continuous scanning of all network devices XX
Find where a  computer was connected historically  X
Receive an alert when a computer connects to the network  X
Find ports where users have plugged in a hub or AP  X
See a report of how many ports are used on a switch  X
See historical information about port utilization on a switch  X
See a total view of port utilization for your entire environment  X


Most long time customers should be familiar with our Switch Port Mapper tool. It was one of our most popular tools in the Engineer’s Toolset. It was so popular, that we wanted to make it more available to our customers so now you can just buy Switch Port Mapper and don’t need the full Toolset! The Switch Port Mapper tool is exactly that, a tool. It is focused on troubleshooting and providing detailed information about a specific switch. You can launch it and run against a single switch to see what is connected to the device and retrieve basic configuration information about the ports (VLAN, Duplex, Speed, etc.). This tool is really helpful for seasoned network administrators as well as newbies who you don’t want to give CLI access to. You can just give them the read only string to a switch and they can get more information that could help in troubleshooting why a device is having drops, can’t connect to the right resource, or just finding what physical port it is connected to (while you’re at it, have your newbie admin clean up your closet, it’s a right of passage and will make everyone’s life better Smile ).

You can buy Switch Port Mapper here, or download a free evaluation of Engineer’s Toolset which includes Switch Port Mapper here.



In our discussions with customer about Network Configuration Change Management, they often requested the ability to search and find what port a device is connected to on the network. Because of this, we added basic tracking capabilities into SolarWinds Network Configuration Manager (NCM). The main use cases for NCM include: backing up and restoring device configurations, configuration compliance, bulk configuration changes, and inventory information. Because of the demand for device tracking, we added limited support for this directly into NCM. You can search for a MAC Address, IP Address, Hostname, and Port Description. The search results will include a report that includes information about where the end host is actively connected. To respond quickly to our customer’s requests, we leveraged certain functionality in NPM, therefore, the NCM User Tracking feature requires both NCM and NPM. For more information on how to use NCM's user tracking, see Leveraging NCM’s “Find Connected Port for End Host” feature.



For users who need advanced device tracking information as part of a dedicated product, we are building the SolarWinds User Device Tracker (UDT). UDT will be able to find currently connected devices and will store historical information so you can find where something has been connected in the past. Also, we are working on providing alerting and reporting around this data, but that’s not all. Based on how we do data collection, we can provide really good data for network capacity analysis and planning. These are just some of the features we are currently working on for the first release. We plan to continue building out great functionality on top of this base going forward.


Here is a look at searching for devices and the results page.





Also, if you want to use the normal drill drown approach to see what is connected to a specific port, simply use the All UDT Nodes resource on the UDT home page to find the switch and port you are interested in.



When you click a port, you will get more specific information about what is connected to it.



One of the cool new features is the Watch List. You can add a computer to the Watch List and easily see where the device is connected. This is helpful if you lost a device or have a specific device that causes problems (virus, zombie, high traffic) and you want to know where it is connected so you can quickly find it and take it off the network.



Capacity analysis will help you better understand how you are utilizing your environment. Need to add some users to a floor but you don’t really know if you have port capacity? Simply look at and see how many ports are being used. If you need to understand a high level view of your entire network, use the resources on the main UDT page and you can see how many total ports are being used as well as quickly highlighting the top used switches.





There is much more to come for UDT. After we get out the first release, we will look at the following: more integration with other SolarWinds products (for example: NTA and IPAM), providing Active Directory integration for User information, more wireless information to better identify which AP a user is connected to, device fingerprinting (based on OUI), more reporting and alerting, data center specific information, and advanced endpoint information (think IP phones). I can’t say that we will definitely add these features or when, but these are the types of enhancements we are looking at to solve more of your problems in this area.

In summary, Switch Port Mapper is a quick troubleshooting tool that helps you understand what is connected to a single switch. Network Configuration Manager is a configuration change management solution which includes basic Device Tracking. User Device Tracker is a product focused on providing full features of user and device tracking as well as network capacity analysis.

Hopefully this article helps you understand the difference between the Switch Port Mapper, NCM User Tracking feature, and the User Device Tracker product. We are still working on UDT but we have a Beta available that should help whet your appetite until we can finish it and get it released. If you are interested, take this survey and I will send you the Beta.

SolarWinds IP Address Manager 2.0 is officially here. Here is a link to the Release Notes. Below is a quick overview of some of the cool new features now available.

1. Standalone

IPAM no longer needs NPM. A lot of our customers enjoy the benefits of running IPAM and NPM side by side. For those of you who like the single pane of glass, nothing changes. For people who are interested in more complex deployment scenarios or only need an IP Management solution, you can purchase and install IPAM on its own server.

If you want to install IPAM 2.0 on the same server as NPM, you will need to be running the latest version of NPM, 10.1.2. If you have additional polling engines or websites, those servers will need to be upgraded to the latest version of NPM as well.

2. Historical Tracking

Want to know who had a specific address from a week ago? Maybe you have a NetFlow log with an IP of suspicious traffic but no hostname, or another product with a security event for an address at a certain time; simply search for the IP address and click View Assignment History to find out who (hostname or MAC address) had that address at that time .







Or, for full details about an address, click the View Details button (available on the search results page and Subnet Management page). This is a new view in IPAM 2.0 and gives you all the information you need to know about a specific IP address.



3. IPv6 Planning

Heard about the depletion of the IANA Free Pool and don’t know how that will impact you? Get informed and make a plan. With the new features in IPAM 2.0, you can create IPv6 address plans to deploy address schemes that make sense for your network. Whether you already have your global prefix or if you just need to get more  familiar with working in Hex instead of Decimal, we’ve got the tools to help you get started. Some customers will establish multiple subnets below one global prefix while others will carve out their address space using some of the bits for creating a hierarchy that include sites then subnets - either way, we’ve got you covered.



Here are the dialog boxes to add a Global Prefix, then a Site (optional), then a Subnet. In this example, I created a global prefix of 2001:DB80 /32 and added a site for State (Texas 2001:DB80:A000 /36) and used another site for City (Austin 2001:DB80:AA00 /40) and a final subnet for my specific building (2001:DB80:AAA0 /44). This is just an arbitrary example and not a recommendation on  how you should design your address plan. Although it would be good to consider staying on nibble boundaries (single characters, 4 bits) when creating these hierarchies (unless you just really enjoy doing binary math and in general making everyone’s life difficult Smile ).





For a great source of information on IPv6 deployment planning, see this slide deck by Shannon McFarland from Cisco.

4. Duplicate Subnets

Some customers want to be able to  manage overlapping or duplicate subnets (for example, MSPs managing customers who are each using the 10 /8 network). For customers who do not need to manage environments with overlapping addresses, we’ve introduced a new setting to allow you to turn off duplicate subnets. For new installs, duplicate subnets are disabled by default, for customers upgrading from a previous version of IPAM, you need to change this setting. For more information, see my previous blog post SNEAK PEAK–IPAM 2.0 and Duplicate Subnets.

5. UI Tweaks and Search

There are several other fixes and UI tweaks. For example, we removed the redundant tabs from the management page and added search to more places.

Before and After



Want more? Go What we are working on post IPAM 2.0 what we are already hard at work on next to make your job (life?) easier.

The next release of IPAM is coming very soon. One of the behaviors we have modified is how we handle duplicate subnets. Many customers, mainly Managed Service Providers, need to manage address space for customers who may have overlapping subnets. For these customers, duplicate subnets are a must have. Unfortunately, for other customers who are managing their internal space and don’t want duplicate subnets, the current behavior of IPAM can cause issues.

In IPAM 2.0, we change all of that. Now, if you don’t want duplicate subnets, simply click on Settings –> IPAM Settings –> System Settings and make sure “Enable Duplicated Subnets” is not checked. New installs of IPAM will have duplicate subnets disabled by default, upgrades will retain the current setting (duplicate subnets allowed).




Duplicate Subnets


Now, I realize those are probably the most boring screenshots you’ve ever seen in a Product Blog post. The excitement is what happens behind the scenes. When the box is not checked (Duplicate subnets are not allowed), we will not allow you to create a subnet that is a duplicate or overlaps an existing subnet. Also, if you are monitoring multiple DHCP server scopes, IPAM will merge the status from those scopes into one subnet (rather than having different subnets in IPAM for each server’s scope). This example is often seen when you have multiple DHCP servers providing split scope assignments for the same subnet. See this documentation from Microsoft Technet on Optimizing DHCP Availability: http://technet.microsoft.com/en-us/library/cc757346(WS.10).aspx.

The next question is; I currently have duplicate subnets, how do I merge those duplicate subnets so I can take advantage of this new functionality? The easiest way to clean this up for scopes being monitored by DHCP is to simply delete one of the DHCP servers. When you add it and its scopes back, IPAM will merge this data into the remaining subnet. Be careful though, if you have custom fields or notes on any of these addresses, you will lose them if the subnets are deleted. As always, backup your database before making large changes like this.

If you have active maintenance, the IPAM 2.0 RC should be in your customer portal. If you don’t have IPAM yet, simply go here and download a free evaluation: http://www.solarwinds.com/products/orion/ip_address_manager/

We often get feedback from users on what they would like to see in the products. Sometimes the requests fit into our existing solutions, and sometimes, we decide to focus more extensively on the problem by creating a new product.


We are actively working on two new products that our users have requested.

  • A product to help monitor synthetic web transactions. If you are interested in the web transaction product, contact Christine Bentsen (thwack ID christineb) and she will give you more information.
  • A product that gives you more detailed information about where devices are plugged in to your network. If you are interested in this, read on!

For the user tracking product we are helping to address a long time request from many of our users, the ability to quickly find where a certain device is connected in the network. For example, search for the MAC address 0123.45.67.89ab, the results will include what switch and port that MAC address is connected to. See the screenshots below to get an idea of what this will look like.








Here is where we need your help. Did you notice the difference between the two screenshots? The first image incudes status directly in the icon, the second image indicates the status by using the ball icon. Which do you prefer? Just post below and we will gather your comments together and implement the solution that works the best!


Of course, this is not all the product will do. Stay tuned to see more screenshots and information about what we are working on for this. Also, we will be demonstrating some basic functionality for this new product at Cisco Live! in London (booth G4). Stop by the booth and let us know what you think in person! If you are really excited about this, please take this survey and we will include you in Beta opportunities and further chances to provide direct feedback with our developers and UI team!

In NCM 6.0 the development team produced a very powerful and cool new feature – Config Change Templates. On the back end, these are scripts that use a SolarWinds scripting engine. On the front end, they are simple to use, menu driven templates that allow you to make bulk changes to devices across your network from the web interface. The other great thing about these templates is they are easily shareable directly within the product!


For example, say I need to change the enable password on all of the Cisco devices in my network. On the NCM website, hover on the Configs tab then click the “Config Change Templates” link. Now click “Shared Config Change Templates on thwack” and find the template you’re interested in. In this example, click Cisco (wow, it just happens there is an exact script to accomplish what I am trying to do ).






After importing the template, I can quickly run it by selecting the template, clicking “Define Variables & Run”, and providing the relevant variables (in this case, the nodes and new enable password).
















After you click next, it will generate the full command output. You can preview what will be sent by expanding one of the nodes. For example, if I expand Bas-2621.lab.tex.local, I can see what will be run on the router. Also, you can specify whether the commands should be written to NVRAM or just to the running config.








Simply click Execute and you’re done. Easy enough right? Well now let’s really dig in and look at the actual script. Click on the “Config Change Templates” link again. Select the script you want to modify, and instead of clicking “Define Variables & Run”, click “Advanced Modify”. The interesting section is the “Config Change Template”, this is where the code is.








The scripting logic should appear familiar to most people with scripting or programming experience in other languages (except LISP, that’s just different((())) ).


The first section is commented out with the /* */. This is meta data to help the script engine know what variables it should ask for. To define variables, use the .PARAMETER_LABEL and .PARAMETER_DESCRIPTION pairs. Both of these are required for every variable you want to prompt the user for when they execute the script. The Context Node is the node that the script it being run against and is required for all scripts. In the example of the script to change the enable password we ran earlier, the only other information we needed was the new password.


After you have created all of your parameters, you are ready to begin with the script body itself. The next statement you should notice is “script ChangePassword”. ‘script’ should be followed by the name of the script, then the variable types and names. In our example, the new password is a string. Other valid data types are: int, string, and “swis.entity” (more on that in another blog).


After that, it is mainly a matter of defining the control flow, or logic, of your script. The standard statements are supported: If, If Else, and Foreach (see the documentation for full usage details). When you are ready to have your script write to the command line of the Node, use the follow structure:


  make a cup of coffee for me    


For example, in the Change Cisco Enable Password script, here is the CLI section:



  configure terminal 
  enable secret @NewPassword 
  write mem 














A great resource is the NCM documentation. Specifically, the Understanding Config Change Template Semantics help document goes into great detail about creating and modifying these scripts.


Whenever you use scripts, especially ones you download from thwack, make sure you review the script so you understand what it is doing. Also, before you click the final Execute button when running scripts, examine the output to make sure it is doing exactly what you intended.


Remember, “With great power comes great responsibility”.

We often get asked by users if there is a quick and easy way to enable SNMP on a lot of servers. It’s easy enough to add the server manually if you are only doing this for a handful of machines. But if you have a large server environment you are responsible for, this isn’t manageable. Using a combination of freely available tools, you can greatly simplify this process.

1. Download and install PsTools from Microsoft (Windows Sysinternals), specifically, you will need PsExec. PsExec allows you to execute commands against remote machines. Install this on your workstation, then you can run commands against the remote servers without needing to log in to them directly. You can click here for more information about PsExec and here for more information about Windows Sysinternals. These are essential tools for any systems administrator.


Happy Cloud


2. Depending on the OS, you will also be using one of Microsoft’s built in tools, sysocmgr or ocsetup. These tools enable you to install Windows components unattended directly from a command line and are part of the Windows distribution. You can find more information about sysocmgr here. For enabling SNMP on Windows Server 2008, you should use Microsoft’s ocsetup tool. You can find more information about that tool here.


If you want to enable SNMP on a Windows 2008 Server, simply follow these steps:

We will need to build the argument string you will pass to psexec. Here is an example string. You will need to replace all UPPERCASE words with the values relevant for your environment.

psexec \\COMPUTER –u USER –p PASSWORD “start ocsetup snmp /quiet /norestart”

If you have a list of computers, instead of specifying the individual computer name, simply put in a file name instead of the computer name. For example, if I had a file called “server.txt” which contained a list of servers (one per line), my command would look like this

psexec @servers.txt –u USER –p PASSWORD “start ocsetup snmp /quiet /norestart”

Notice the @ before the filename, make sure you add this. See the psexec documentation for more information. The username and password should be an account that has access the the machine you are attempting to install this on.


To install on an older OS (Server 2000 and 2003, XP), you will need to use sysocmgr.

psexec \\COMPUTER –u USER –p PASSWORD “sysocmgr /i:%SystemRoot%\inf\sysoc.inf /u:\\NETWORKSHARE\InstallSNMP.txt /x /q /r”

Sysocmgr requires a configuration file. In my example, I put the InstallSNMP.txt file on a network share so I didn’t need to copy the file to the local server each time. This should be a simple text file with the following commands:

netoc = on
SNMP = 1

The /r means, do not reboot automatically. You can find the full command options by simply opening a prompt and typing sysocmgr. This also assumes the i386 folder is available in the locally define default path.


As always, you should test this on a small inconspicuous area of your network before applying to the whole surface :-)

Oh, and if you are interested in monitoring servers, you should probably check out our Application Performance Monitor product.


Accelerating your WAN

Posted by mavturner Employee Sep 17, 2010

WAN Acceleration products are becoming more pervasive. For companies with more than a handful of remote sites, the technology will grow into a must have. But what are your options for monitoring them? Sure, the vendor supplied management consoles provide information and even alerting capabilities, but that undermines the advantages of a centralized management console for your network. Why not put the information where the rest of your network and application information is?

Some Orion users I talked to have already added their Cisco WAAS and Riverbed Steelhead appliances as nodes into NPM – why not? Right? But most want to know more than CPU, Memory, and Interface utilization. For example, if you want to monitor compression ratio and TCP connections.

We’ve created some content to help you with just that!

You can do this by creating customer pollers for specific SNMP values with this information. If you aren’t already familiar with our custom SNMP pollers (Universal Device Pollers / UnDPs), watch this video, Universal Device Pollers. Essentially, you can poll any SNMP value from any device in SNMP. As one of the sales guys says, if you have a toaster oven that supports SNMP we can monitor it :-)

Here is an example report created for Riverbed devices: WAN Optimization Reports for Orion.


If you are using WAN acceleration, please take this quick, 1 minute survey. To see the results of the survey, click here.



Have you ever right clicked a node and seen a list of tools drop down? Most of us have been trained never to right click on a website. In most instances, this is correct, however, we’ve provided a great way for you to interact with nodes without cluttering up the interface by using the right click functionality.

This is the current Toolset and Orion integration. It allows you to quickly launch relevant troubleshooting tools directly from the web interface. If you have Toolset installed on your local machine and access the Orion web console, you will see the right click integration. This integration is supported in IE as well as Firefox!

Here’s what it looks like:



There are several great tools here but what if you want to add your own application to the list? No problem! This blog post was motivated by this thwack forum, SSH in right click menu.

For example, say we are having problems with an application and want to understand what is happening by using Wireshark. By the way, if you don’t know what Wireshark (formerly Ethereal) is, go to their website now.

Find the SWToolset.MenuOptions file on your local machine. We recommend you backup your existing file first, then add the following text to the file between the <MenuOptions> and </MenuOptions> tags.

<MenuOption Order=”28” ID=”1028” Visible="TRUE" Title="Wireshark" BeginGroup="FALSE" HasSubMenu="FALSE" ExecString="C:\Program Files\Wireshark\wireshark.exe –i 1 –k –f &quot;host {TARGET}&quot;" Icon="" Extra="" Parent="" Required="4"/>



The Order and ID values will depend on the other values in the file, the ones I provided were the first available and should work for you. To break down the Wireshark parameters, –i indicates the interface index (in my case it is 1), –k means to start capturing immediately, and –f is the capture filter (in this case, “host {TARGET}” where {TARGET} is replaced with the IP Address of the device automatically when you right click in NPM). For more information on Wireshark Capture Filters, see the Wireshark Wiki. Obviously, this will only show you traffic that your machine can see. To configure port spanning on Cisco devices, refer to these resources from Cisco.

For other applications, simply replace the Title value and ExecString with appropriate values. Also, the Orion Admin Guide has a great write up of how to accomplish this in the “Adding Programs to a Toolset Integration Menu” section. You can find all of our documentation at http://thwack.com/support.

Saving the above changes and re-launching the right click integration menu should result in the newly updated menu.

You can post to this blog to brag about what cool and useful tools you launch from the Toolset menu! If you don’t have the Toolset, click here for more information and go try it for free!

When you have several IP SLA operations, you may need a way to organize them quickly. The tag and owner fields allow you to input custom parameters that can then be used to track your IP SLA operations. This is an advanced feature and if you have configured it, IP SLA Manager will discover these parameters when you do an operation discovery.


To configure tag and owner for an existing operation, enter these commands at the enable prompt




In this example, I used operation number 2000. The operation number will vary depending on your configuration. To find the IP SLA operation number and other useful information about your IP SLA operations, type:


show ip sla monitor configuration


at the router prompt. Note: these commands are valid on IOS 12.4. Earlier versions used the rtr command where the tag and owner parameters are not available.




The tag and owner field can include any text data. For more information on how to configure IP SLA operations, I highly recommend Cisco’s user guide.


If you want a step by step walk through of manually creating operations from someone other than Cisco or SolarWinds, Brad Reese at NetworkWorld has a good write up on creating a TCP Connect operation.


After you have the tag and/or owner field on the operation, when you do an IP SLA discovery with IP SLA Manager, the tag and owner will be added. You can then filter by these in the Manage Operations screen by right clicking on the field.




If you don’t see the tag or owner field try scrolling to the right more But if you still don’t see it, you may need to add it. To add a field, simply right click on one of the existing fields (Operation Name, Type, Source, Target, etc). Next, click Columns and select which fields you want to be displayed in the Manage IP SLA Operations screen.






I hope you find the tag and owner field helpful. This feature was specifically added in based on feedback from our users during the Release Candidate phase. We know we haven’t done everything requested but we definitely value your feedback and try to help where we can :-)




If you aren’t using the Orion IP SLA Manager, click here for more information. IP SLA Manager can be used to automatically create and monitor Cisco IP SLA operations to give you more information about your WAN health and your VoIP environment.

Filter Blog

By date: By tag:

SolarWinds uses cookies on its websites to make your online experience easier and better. By using our website, you consent to our use of cookies. For more information on cookies, see our cookie policy.