UDT best practices

Hey All,

We have NAM 5000 and we want to now utilize UDT module.

Can anyone help with below questions:

> What devices to be monitored with UDT ? [ doc says we can do 500k ports but can solarwinds really handle this ?)

> Polling intervals and retentions ( ex: If anyone doing more than 400-500k ports what is your polling interval and retention time ?)

> Whitelist/ Rouge device list ( Any use case if you are using it ?)

Any other use case of UDT if you can share will be really helpful

Thanks

AK

Parents
  • What devices?   All L2 and L3 devices.   L2 devices need to be monitored for MAC addresses on switch ports, it gets the MAC/IP address from the ARP tables on L3 devices.   On L2 devices (switches) only monitor end-user switchports, not uplinks.    Might need more pollers and to adjust retention intervals, but it probably can.   I recommend monitoring ports that aren't in use, at least if they potentially could be used.   ie: someone plugs into it on occassion.

    Polling intervals depends on how up-to-date you need the info?   If you're ok with less up-to-date info, relax them more.  If you need them to be accurate to the hour, add pollers.   Same logic with retentions, how long do you require the data for?

    Whitelist?  I don't use it.   The ignored defaults for HSRP/VRRP are useful though.

    It's really just a big database.   

    Stores MAC addresses from switchport scans, that's why you don't monitor trunks.   Do a "show mac addr" on a trunk and see all the MAC's on it, just gunks up and confuses the UDT database and results from it.  

    Stores MAC<->IP tables from the routers ARP tables.  Allows you to search by IP and find out what switchport their on.

    If you bring in the Active Directory logs, it then associates the Username<->IP, which allows you to see when a user logged into a host and what switchport they were on and such.

Reply
  • What devices?   All L2 and L3 devices.   L2 devices need to be monitored for MAC addresses on switch ports, it gets the MAC/IP address from the ARP tables on L3 devices.   On L2 devices (switches) only monitor end-user switchports, not uplinks.    Might need more pollers and to adjust retention intervals, but it probably can.   I recommend monitoring ports that aren't in use, at least if they potentially could be used.   ie: someone plugs into it on occassion.

    Polling intervals depends on how up-to-date you need the info?   If you're ok with less up-to-date info, relax them more.  If you need them to be accurate to the hour, add pollers.   Same logic with retentions, how long do you require the data for?

    Whitelist?  I don't use it.   The ignored defaults for HSRP/VRRP are useful though.

    It's really just a big database.   

    Stores MAC addresses from switchport scans, that's why you don't monitor trunks.   Do a "show mac addr" on a trunk and see all the MAC's on it, just gunks up and confuses the UDT database and results from it.  

    Stores MAC<->IP tables from the routers ARP tables.  Allows you to search by IP and find out what switchport their on.

    If you bring in the Active Directory logs, it then associates the Username<->IP, which allows you to see when a user logged into a host and what switchport they were on and such.

Children
No Data