RichardLetts ✭✭✭✭✭

I'm not sure that UDT is the best thing for this... I'd be running NMAP scans (or something similar) on the network looking for them. NMAP can fingerprint devices and identify what they are. See Chapter 8. Remote OS Detection on the NMAP website for more details. At most places these scans are done [and approved] by the…

what distribution? What is the actual device? the kernel version (which is what you provided) doesn't tell us where it's installed since the snmpd process is not part of the kernel.

Not yet... We need to upgrade NCM first, and that is scheduled for a couple of weeks out. what issues did you hit? Thanks

yes. what Object do you want to raise the alert on? write yurself a SQL query that returns true select count(*) from table having count(*)>100 then create a NODE custom SQL alert with the condition: WHERE exists (select count(*) from table having count(*)>100) AND nodeid=#### beyond that you'll have to experiment.…

No. You used to be able able to do this at a 1.x or 2.x version of the product but it got broken.

there is not enough information to answer your question. Simple: define criteria in the alert manager to generate the ticket and then use the action to post a SOAP-wrapped data blob to your ticketing application More complex: look at something like RightITNow to integrate the two.

Nice picture -- I wander if I can find one with the bridge on the right should be a rickety foot bridge: Some people think a 100Mbps circuit is going to be a useful backup for a 10Gbps circuit... now, a question: what would be your preferred way of load-balancing traffic? a) LACP / MLPPP bond the links together? b) OSPF…

is the ssg20 a firewall-like device? Have you permitted outbound SNMP packets from the management interface to your internal network?

Apart from the scaleability issue I am making use of additonal pollers to support VRFs -- this allows me to have a node with the same IP address and a different community string on a different polling engine. This allows UDT to collect the ARP tables from the most commonly used VRFs. This is totally a hack because of lack…

yes; the pollers (and main poller) for that matter make use of their internal routing tables to determine which interface to send packets out of. so If you make a main/additional poller multi-homed you can poll into otherwise unreachable networks. as to cost -- contact your VAR for pricing on that.

uninstall and reinstall NPM I've found upgrading over an existing install normally fails for me (in some subtle and non-obvious way that i only get to find out a couple of days later) If you go through support they can set a key in one of the XML files that drives the repair process that will cause it to perform a full…

yes.

isn't this a feature of User Device Tracker (UDT) and when linked with active directory it'll give you the login information as well?

1. We totally run into this issue; in our case our WAN links are 100Gbps(*) and stretch from Tokyo (through Seattle) to Chicago and the bandwidth-latency product is an issue, 2. For large datasets we use bbcp $ bbcp -N io -v -s 64 -W 16M -P 10 'tar -c .' username@host:'tar -x -C /gscratch/groupdir’ if you have smaller data…

that is a 'view', so the underlying query is pretty horrendous as it aggregates data for all nodes across all partitions of the ResponseTime Table for all times. this is what you actually executed: SELECT top 1000 NodeID, DateTime, AVG(Availability) AS AvailabilityFROM ( SELECT NodeID, FLOOR(DateTime / 24) AS DateTime,…

What the 15454 display as stats depends on the interface cards and what layer of the stack they are working at. In some configurations the node/slot/card isn't doing any processing of L2 traffic, it's simply multiplexing the L1 circuits together (especially for OCx modes). This means it doesn't process the traffic, and so…

add a custom poller that pulls the row from the TCPlistener table (if the end system exposes this: http://www.net-snmp.org/docs/mibs/tcp.html#tcpListenerTable ) all this tells you is something is listening, not that a firewall has blocked the port somewhere along the path between the client and the server (or on the server…

yes. a) if you mean you want to change the IP address of the server to poll from the new IP address then just add the interface to the server and it'll use the windows routing tables to use that interface as appropriate. b) if you mean that you have two IP addresses configured on your switches then it'll only use whichever…

I'd like to rate this update as Awesome. rob.hock if you make it to Seattle: /RjL

What type of AP/Controller? Does the controller generate traps indicating the tunnel between the AP and the controller has gone down? I use a script off the TrapReceiver to set the status of the AP automatically (saves increasing the polling time). This sets the AP whose IP address matches the command line argument passed…

Here are the two UnDP we use, Juniper - Red Alarm Count.UnDP Juniper - Yellow Alarm Count.UnDP Plus the Alert definition: Juniper Red Chassis Alarm -- Alert Aside: we write run-books for alerts, and reference them in the alert message so staff know what to do. I am not overly-specific about what to do, and the checklists…

You are going to need to do a custom SQL variable -- the MAC address isn't on the Nodes table (unless it's a custom property) something like {untested} ${SQL:SELECT TOP 1 MAC FROM NodeMACAddresses where NodeID=${nodeid}}

you have to be careful with SQL if you have a NULL set if (Select F5_Pools.NodeID From F5_Pools Where NOT F5_PoolsAvailabilityStatus = 3 AND F5_PoolsEnabledState = 1 AND F5_PoolsName Like '/Common/Prod%') is NULL then (I think) IN .... AND NOT IN ... is also NULL Select Nodes.NodeID AS NetObjectID, Nodes.Caption AS Name…

I think you need to specify the primary key to object created -- what is returned in the URI from a swql Studio query... eg swis://xxxx/Orion/Orion.WorldMap.Point/Instance="Orion.Nodes",InstanceID=12 leads me to think this might work: my $data = $self->{_swis}->Update($self->{_swis_url} .…

No. Unfortunately dependancy only affects the Node-Down type alerts, and not the others. i.e. if the parent node is down it puts the dependent notes into 'unknown' rather than 'down' state. this doesn't affect 'up but not working quite properly' type of alarms. For that you have to code them yourself in the filters, which…

If you have a NOC then they might have time to look at syslogs or traps in the message center, but if they have any volume of alerts this will be a challenge -- best to convert the significant ones to alert If you want to generate an alert: 1. In the trap viewer use the 'Tag a Trap' function to tag traps you are interested…

three-fold solution: 1. if your DNS servers don't have internet connectivity remove the root server list from them so they don't know how to resolve addresses outside their domain. [these are not servers of last resort, they are the root name servers.] Your servers should immediately return NXdomain and will improve…

I'm gathering diagnostics and opening a support case. Really like I can exclude UDT, NCM, and wireless data from the just-updated SolarWinds Diagnostics which will shrink the diagnostics by a lot, Also like that it's generated a nice unique name for the diagnostics file.

Yes... at least with AOS6x and the 7xxx series of controllers as described here: Wireless OIDs polled in NPM - SolarWinds Worldwide, LLC. Help and Support (this I have working today)

No :/ to a large extent the group availability is not working as [customers] expect. if you submit an idea to change Mixed availability calculation to be either the arithmetic (or geometric) mean then I'll vote for it. Group status rollup Best availability = 100% if any node is up, group status is green Mixed availability…