cnorborg · Network Professional IV · ✭✭✭✭✭

Well, thanks for the votes of confidence guys!! This "feature" is actually one I've wanted for quite some time, not necessarily for NTP servers, but for SNMP communities and such. As an FYI - this actually does work, I'm using it. But, especially when I'm telling someone to basically hack the way the system is working, I…

Understood. Our approach is to severely limit SNMP RW so that it is limited to coming from a server that has controlled access by only trusted network engineers. That way we have "emergency access" if needed, and its not something that folks use daily. Another approach that could be taken is to deploy a RW config during…

I'm guessing that might be partially the issue, but its probably also a bit of how Orion works. And it should be noted that I'm making assumptions here from what I've seen both in the database and the settings, Orion may work drastically different. Orion servers are generally busy though. They have a LOT going on. Pinging…

Correct, as I said above, it sees the router as a device type of "Cisco 891/891W IS Router", while it sees the AP as a device type of "Cisco AP801agn". If it was a lightweight AP that was embedded, I'd probably be happy with the controller being added, but these are autonomous...

Hmm... I'm not fully aware of the specs of our SQL server we're on, the DB guys set that up and its used by more than just Orion. Solarwinds reports it as having 6 CPU's, maybe 200GB of HD space, 16GB of RAM. I don't think your specs look bad though. I know our Orion server is probably a bit ridiculous, they put it…

There are a lot of good resources for doing it which are better than I am. Here are a couple... https://www.youtube.com/watch?v=N5LrXdwwqf4 https://www.youtube.com/watch?v=h5RgUvtz7Xg https://support.solarwinds.com/SuccessCenter/s/article/Create-custom-poller-alert Let me know if you have any specific questions on it after…

Huh?

 No such luck. There is a CustomPropertyEditor.cfg, but no CustomProperty editor application. You know, in looking at the release notes, one thing I forgot to do was update to 9.0SP2 on the AWS and it does update that file. However, I just tried applying the SP2 file and its telling me that its only for licensed versions…

Everything looks fairly straightforward and normal to me. I don't use the ip flow egress at this point in time, but I'm not doing alot with MPLS either, so you might need it... I would definitely try looking from the other end, I think your packets are getting marked properly and your just not seeing it because its on the…

Hmm... My next approach would be to check out the databases directly, either via SWQL or SQL. I tend to use SWQL first when playing, so I came up with a quick query and got very odd results. Maybe someone from solarwinds would want to weigh in on this, I'd also be curious about your results. I basically took your example,…

I think it was this discussion that led me to that belief... EOC Still seriously lagging behind

First, I don't see anything that sticks out on this configuration besides maybe the NAT configuration. Sometimes NAT can cause confusing issues in general, although I can't think of anything offhand. Do all the routers that are having issues have NAT configurations on them? (ie: if not that would rule this out). Not 100%…

Yea, routers with newer IOS might not have the ability to do SSH1, its probably been deprecated due to many security issues. SSH2 should work with any reasonably newer IOS and not give you problems... I would recommend putting "ip ssh version 2" in all your configs to prevent SSH1 based attacks against them once you get…

In general they do tend to work unless there is an error or something prone to misinterpretation. Have you gone into the "Jobs" section where your scripts/results should be and looked at what the "History" is showing you? It should be showing you how the Cisco box is interpreting what you're putting in. One thing to be…

Hmm... Unfortunately all the 2960x's we have apparently are lanlite which don't support this, so I can't get in and play and tell you for sure. I'd be working off this document: http://www.solarwinds.com/documentation/NetFlow/docs/NetFlowDeviceConfiguration.pdf‌ Which is generally a very good guideline. I don't see a 1:1…

Not unless you want to see that. Some people might find it interesting that the user is seen on both g1/0/14 of and end-user switch and g1/0/10 of the distribution switch. I personally don't, so I wouldn't monitor switches that were strictly for distribution. On the other hand, if you wanted to conserve licensing for lets…

Hmm.. That might be an "unmanageable interface", which I've never run across. What is the whole error message you're getting? Is there a link to follow in it where you can enable it from there? Check out this help page, it might get you where you need to be...…

Ok, one thing you have to remember is that Netflow is a completely different than NPM in terms of how it works. With NPM you poll the devices every X minutes for some basic traffic counters and other things. So NPM is actively going out and querying the device to see what is going on with it. All you need to do to get this…

Should be fairly simple. The config itself is contained in the NCM_ConfigArchive table. If you're doing SWQL it would be the Cirrus.ConfigArchive table (not the NCM.ConfigArchive table! which doesn't have the config there from what I can tell). So, a quick query might look like: SELECT * FROM [dbo].[NCM_ConfigArchive]…

Hmm... Not sure why changing this would impact the ability to run scripts or reports, unless the user running the scripts doesn't have the privileges to do the tasks in the scripts. Would need more details as to why this would be a problem? Now, if you want more granular control over what commands a person can do on a…

Ah, so you did a custom query for your alert condition? I didn't... I just used the built in... In the trigger condition I have: and my email looks like This works for me!

Back from our nice long break and still getting the same results. 8-( Anyone have any ideas? I've tried it both with and without "ip flow ingress" and "ip route-cache flow" on the interfaces, doesn't seem to make a difference. Like I said, the data is working great on our NetQoS... I've even tried setting up a cloned flow…

Hmm... So it appears that either we're interpreting the database contents incorrectly, or the displaying of this info in UDT is not correct. Possible bug? What do you think?

rmothersbaugh and all, might have figured out a solution that works in all cases, go check this thread for my response on groups and lookbehind regex's... Filtering for incorrect logging hosts Can easily be modified for SNMP communities, that was actually the test case I initially used on it. Note the example below…

Hmm... I found a use case where my solution doesn't work cvachovecj Was trying to weed out unknown SNMP communities on routers of a company we just merged with. I modified this to look for "^snmp-server community .*" instead of the NTP. Had it look for either community in the config block and ran it. Worked for most of the…

What specifically is out of order? You can customize what Orion ignores while doing a comparison, taking what is showing as a conflict and adding it to that should work.

Ok, so more questions before I answer again. How far apart are DC1 and DC2, and what kind of latency do you have between them? What kind of processing power does each box have? How is the storage on each box laid out? I can give a bit of guidance based on this though. Yes, you want to have a single DB for all the modules…

I never said he had to use physical servers, it may be perfectly fine in his environment to use VM's, but he gave us absolutely no insight to his environment. He seemed really concerned about performance though, so I'm assuming its probably a fairly large environment. If his 4 VM's that he's speaking about are all on the…

Hmm... From what I see this is the message you want to key in on: 111001 Error Message %ASA-5-111001: Begin configuration: IP_address writing to device Explanation You have entered the write command to store your configuration on a device (either floppy, flash memory, TFTP, the failover standby unit, or the console…

Oh, now thats interesting. I had a bunch of speeds of 4294967296. When I put them in the query above, they show me that they're 10Gb interfaces. Hmm... You know, I believe that number is 2^32 and guessing this box has 32 bit counters, or this value can only be 32bit at max... To fix this you would both have to edit the…