SeaDave

Perhaps too quick to judge on #2. Looks like it is populating.

Enabling this took SAM down for me for some reason. I'm on the latest everything; SolarWinds, Microsoft (Svr2016 PE, and SQL Svr w/SQL 2017) fully patched, dedicated OSE, lots of RAM and vCPUs, SSD storage. Enabling this must have exceeded a license count, but I get the dreaded: Unexpected Website ErrorThere was no…

Really time to support APs and Controllers other than Cisco. The Cisco focus gets tiring.

PLEASE MAKE IT VENDOR AGNOSTIC! I know Cisco is dominant and the solution should definitely support that line of hardware, but there are a lot of non-Cisco shops out there. We use Force10 which run like a top and sFlow is great on these. You have a lot of HP and Juniper customers also I would assume. It would be awesome if…

I really need this as I'm using a SAM custom poller and it is a PITA. Every time I add a new mount point I have to go set it up in the template. It sucks. I monitor everything via SNMP. I just did a test on a node using WMI and I see that it only sees CPU and volumes. What about NICs, L2 and L3? Please don't make this an…

I also love the mount point monitoring. Was not immediately obvious that I had to switch from SNMP to WMI but I understand why. Here are two thing that are not cool: 1. I have to delete all of my historical info for the node when I do this. 2. I no longer have L2/L3 topology info without the SNMP monitoring component.

No support for Dell Force10? Running FTOS 8.4.2.7 S50Vs and S50Ns, stacked and stand alone with VLANs and TenGig ports.

My servers have AppWhitelisting enabled on them and a true EDR tool (not AV) and we log all traffic and monitor with Splunk, so uncomfortable, but no panic. Once IOCs were published, we checked and we saw 5 DNS pings over the July 4th weekend. Nothing more. We confirmed this with our MSP who also monitors all of our inet…

Yes it is unnecessarily confusing and points to a lack of version control or naming convention SOP which perhaps led to this mess. When I look at the bottom of my Orion site I see this: Orion Platform HF1, SAM HF1, NCM, Toolset, NPM HF1, NTA: 2020.2 This seems to be the most up to date version, but the last update I…

We log to Splunk from our DNS hosts. You may also be able to do this if you have a UTM based firewall and logging solution (I know Fortinet and FortiAnalyzer can do this). We use the Spluk App for Stream to sniff the traffic to and from each DNS host. https://splunkbase.splunk.com/app/1809/

Chinese partnership back in May is also interesting, but the above suggests that it has been around longer than that. https://www.businesswire.com/news/home/20200517005007/en/SolarWinds-Expands-Partnership-With-M.Tech-to-Help-Technology-Professionals-Solve-Today%E2%80%99s-IT-Challenges-in-China Attribution is notoriously…

Be careful identifying C:\WINDOWS\SysWOW64\netsetupsvc.dll as a threat. We have 7 different MSFT signed versions of that file across 297 different systems in our org. The compromised version is NOT signed by Microsoft I believe. Mitigation: FireEye has provided two Yara rules to detect TEARDROP available on our GitHub.…

Everyone should note the traffic to the C2 servers was over 4th of July weekend. Also what we don't understand is we didn't see the "compromised" file until 6/28/20 when we updated Orion, but this very same file that is now identified as "compromised" is in the HF1 update that SW is advising everyone install? Maybe because…

Here's what we found so far: We updated to 2020.2.1 HF 1 on 6/28/20, going back through our logs, we saw the following DNS traffic on July 3rd through the July 6th from our Orion server.…

Thanks for the follow up Brandon. Love Orion BTW. No I had never seen it before. It occured after the 9.5 upgrade. I also made a seamless conversion to SQL Server from SQL Express. Amazing how easy it was with Orion as compared to trying to do something similar with SharePoint which is a total nightmare. I guess the…

This is now the correct OID. I'm still confused with Tables, but I was able to determine that if used the GET command in a third party OID browser, I was able to specify the exact data entry with the addition of 1.1 at the end of the MIB. It now works which is great. So I'm simply using GET instead of GET TABLE. I also…

I think once demand peak rates are figured in you are correct. One of the rates is 5.88c kWh, but peak is $1.26! http://www.seattle.gov/light/accounts/rates/docs/2012/Jan/2012Jan_mdc.pdf Hard to tell what gets charged when. I know we have 850kW of generator capacity but not sure what our nominal load on the grid is. Need…

I changed that at your suggestion to see what it did. The out of the box template setting is for "less than" (warning at 1000, critical at 640). These are free pages in SQL DB. Solar Winds has shown it as constantly critical since I provisioned this poller. I would assume 0 would be critical and some number greater would…

Regarding this question. With older versions of Orion I had one case where I had a firewall that Orion kept detecting new interfaces on. Something to do with serial IDs??? I've never understood why Orion doesn't use the combination of an IP and MAC to create a stable identifier for interface data. I guess IPs can change.…

Social networking, blah! Just another vector to be used by web hackers. You are smart to block Facebook and Myspace. Filled with malware. Good luck.

Sounds easy, perhaps not so for PS challenged. I'll give it a shot and thanks for your time.

Did you ever get any results. I have the same issue with Force10.

So is my assumption correct. IOPS counts only show up when polling via WMI? What are the implications of changing ~50 nodes from SNMP to WMI? Does WMI put more of a load on the nodes or the Orion system? It doesn't appear that all historical data is lost but some of it is. That really sucks. There should be some way to map…

Thanks everyone for the responses. My goal is to be able to monitor utilization but also specific protocol analysis. I would like to be able to baseline the current protocols in use and then be able to see when a new one shows up or when one that is in use spikes for some reason. I can imagine that getting flows from the…

I second Ruckus. We are deploying a Zone Director and Zone Flex 7363 APs. Orion reads them as net-snmp and can see interface but doesn't realize they are wireless. Do I need to import a MIB?

I'm in the same boat. I love Orion and UnDP, but man the interface can be difficult at times, not to mention finding the correct OID. I first started out simply wanting to get the total page count of all of my printers on the network. Ideally, UnDP would poll my printers, and using that value display the following in…

Thanks. Seems like this should be a box on the Orion SAM Setting Page that you can enter. Sure is cheaper in Seattle. Only 0.0588 kWh.

I've been fighting this for over a year. My use of Orion has suffered as a result. About once a month I spend a day trying to optimize with minimal results. Some type of a healthcheck/benchmark process would be helpful. I received the same "it is your hardware" response from support. Well, I keep throwing vCPUs and RAM at…

Thanks for the response. I'm the only person here so no shift issues. My network is fairly small. 10 Servers, 80 Workstations, 2 firewalls (connected with T-1WAN), and 5 switches. The problem appears to only be happening with Fortinet FG-60 firewalls. I have not been rebooting the firewalls but I will see if I can change…

Can also be caused by IOS or firmware updates if the revision is major enough. Orion tends to identify devices by some type of SNMP serial value and I've often thought if it had the option to identify by MAC this would be less of an issue. At least on physical interfaces.