acgarton

You get a link via email when you register.

You could definitely add in root cause analysis in there. No matter how proactive you are or how much monitoring you have, stuff is still going to break. Of course this isn't really something the powers that be usually like to hear, but it's the cold truth. The tools not only help you in reducing downtime, and pinpointing…

Are we gonna get points for this?

I think #3 might be most important. Devices not getting added, removed, slipping through the cracks will devalue any NMS system very quickly.

Works, I just can't spell @.@

There a few programs like that. A key would be to find one that is updated at least once a day. I am in a group with a member that's company was specifically targeted by an attack, including a new domain registration and all. It was pretty sophisticated, but luckily the attack failed. They are getting pretty crafty.

special credentials independent of any domain creds*

I believe there are already OIDs defined for those spanning tree fields.

You can't make this statement "user education is an essential component of spear phishing defensive strategies" bold enough. Not only does this help users in the workspace, but it helps mitigate threats in the personal space as well.

We mainly utilize Solarwinds for NTA. It appears to be the best solution for the job. As far as all other monitoring/management we utilize Netsight, which seems to be ample, considering we are mostly an extreme/enterasys shop. We do utilize NPM as more of a secondary monitoring solution. We are also in the process of…

Seem to be having the same problem as well, unless I'm putting in the wrong answer lol.

This can be very hairy nowadays. It's not quite as simple as backing everything up and throwing it in a cave. Now there are compliance standards to go by, PCI, SOX, FISMA, etc. PCI (financial/credit info), for example, seems to push for shorter retention times, and some types of data, such as CVV numbers on cards cannot be…

And what if you did have that brand/model of printer? Things could get squirley with an out-of-touch user. This goes back to user education.You want people to go with their gut - if it seems slightly suspicious, it might be best to notify. This could come back to bite the team - you don't want every user asking about every…

Back in the day we used NetQOS. It was pretty nifty. I believe it is a part of CA now; I'm not sure how it has evolved from there.

Come on! I know someone out there still uses swatch!

WMI comes with Windows OOtB now. SNMP requires a service install. Microsoft reccomends WMI, but I believe a domain admin account is required to utilize WMI - Many see this as a potential security risk and may even be frowned upon if you need to be HIPPA, PCI or SOX compliant. SNMPv3 on the other hand is encrypted and…

Unless you are running vrf-lite or something with multiple routing tables... and nating it through... but whaaaaat a mess.

Yea, NAT would do it - but it just seems so superfluous to me. It's only 254 max hosts, seems like it would be easier to re-ip, but either way it'll work.

Yea there might be some crazy SQL work you could do, but I have a feeling it would be very messy.

I am almost positive that is correct. A workaround might be to capture all of the historical data and store it somewhere prior to the switch then do an eyeball comparison.

All devices participating in that instance of spanning tree with tcguard enabled probably would show that message. A topology change in that spanning tree instance would affect the entire tree; as such tcguard would trigger the message. tcguard would need to be tuned to account for those topology changes. Spanning tree…

Looks like someone tried it in the past - Combining two NPM instances into one I doubt you would still be able to retain historical data, you would probably have to start fresh with the newly merged instance.

I believe UDT can show which switchports have multiple MACs associated with it. Maybe someone could back me up with the exact process. This wouldnt be exact as you would probably overlook switches that were connected that had no hosts connected to them. Some unmanaged switches do support SNMP and probably have a default…

Can you see the device details and other wmi information? WMI can be tricky, I believe the poller needs admin rights to the box you are monitoring.

I would think the devices would have to support SNMP to get information about alerts into NPM. Otherwise you might be stuck with simple ping tests. If they support logging (and sending of logs) you could send the logs over to LEM.

You could try running it in wine if you are feeling frisky. Though, you would still need a Windows box for the DB. Sounds messy, but it would be interesting to see someone give it a shot.

\q would be the regex for this

What does the script look like? Here's a page with a simple vbscript Windows Script Monitor - Free DIsk Space

Could try dropping a poller into each subnet - but I don't know how npm would handle it. Route NPM discovery into one subnet, then after the discovery re-route to the other subnet. Seems like a simpler solution would be just to re-subnet one of the 10.0.0.0/24s into 10.1.0.0/24.