Comments
-
I had the same situation with a client two months ago and took almost an hours to import the certificate. SW had to go in and clear the certs and import. Since this is a security tool, you would think there is an easier way of doing this. Hopefully this process will be made easier in the next release.
-
Not for NPM. Within NPM you specify which ports are monitored. For example, on a 24 port access switch, we typically monitor the trunk ports. That's just 2 ports on the switch. By the way, you can designate the other ports as plugged/unplugged and get a capacity report that way, but this is not typically done. For knowing…
-
Other clients who have wanted custom LEM reports have had Crystal developers on staff. This does not help regular users, as out of 100 clients only 2 have had Crystal developers. You can always hire a contractor to do it. The closest solution (as others have said) is to apply a filter to the existing report. But that's…
-
AlertLog is no longer used, unless you're using a older version of NPM. For NPM 12.2, the following should work: SELECT Nodes.Caption, Nodes.NodeID FROM Nodes Join AlertHistory on Nodes.NodeID = AlertHistory.AlertObjectID Where City = 'London' and (Convert(Char,AlertHistory.TimeStamp,108) >= '10:00:00' AND…
-
I looked at your report and it does give you the information, but with some small tweaks you get a lot more. For example, it's import to know how many emails were sent out. Did the emails fail to be sent? How many resets were triggered? All this in a nice little box - to have control over the view (swql) SELECT…
-
I have had the same issue with various clients. It's different for every single client as they all have different audit policies. Playing with the correlation time is the only way. This is something I used for a client in looking for an file open (ignore the last line with the HR Admin). Note the correlation time as 6…
-
Polling will never be real time. Since you are monitoring airplanes, I'm assuming you would want as near-real time as possible. For this scenario, syslogs/traps are the best way to go. Switches/routers can send traps/syslog if an interface goes down. If you want more than just interfaces, Cisco devices has Embedded Event…
-
It would be nice to have it built into Orion. But there are ways around it. For example, create a SQL schedule to execute a script to copy the component values into a custom property then display the custom property on Atlas. Amit Shah Loop1 Systems
-
Check the node to see if it had come up at any time which resulted in a reset. Even one successful ping would be a cause for a reset. This would trigger the condition again. Also check the availability for the node to see if there was a blip for an up condition.
-
When scheduling Orion jobs (NCM, LEM reports, etc), I like to verify it by checking the windows scheduler. The job should appear in there. Amit Shah Loop1 Systems
-
Got it to work and made some tweaks. There are two components: AppPools gives the name of AppPool and its State. AppPoolsStopped gives the name of the stopped AppPool and its state. Make sure you run this on x64 mode. I have upload this template to content exchange. AppPools: Import-Module WebAdministration $status=0…
-
NPM 10.7? That's pretty old. Have you thought about upgrading?
-
Not that I know of. You can always request SW to make a connect for it. Typically by opening a case, have the device send syslog to an empty local, then export the syslog and send that to SW.
-
True. i would check the group dependencies to see if the server is a child. Also see if the server has dual connections to the network. See what interface the node is defined to 'ping'. Sometimes, you may think it's on one interface, whereas it's looking at a different interface on the same node.
-
If you need more space, shutdown the appliance, increase the disk space up to 2TB, then power on the LEM. LEM should recognize the increase in disk and auto configure. LEM is a SEIM and does not allow any data deletes (at the user level). The data is auto deleted by file rotation when the disk capacity is 90% utilized.
-
I have done this in the past and it requires a lot of work and consulting with all of the teams (networking, server, etc). You can definitely use alert custom properties, but I have not done that and have modeled it around Orion's alert severity of: Notice, Informational, Warning, Serious, Critical. I would use that as a…
-
I have seen this situation with asymmetrical pings. For example, if the device has the IP addresses 10.1.1.1 and 10.1.1.2. NPM is pinging 10.1.1.1, but in the reply echo packet the address is 10.1.1.2. The device is replying, but using a different address for the replies. Are you monitoring the object using loopback…
-
AnyAlert is a great starting point. Once you narrow it down the event, I would use the specific Alert name. For example, to find a userlogon. Use the AnyAlert.eventinfo to find the specific event. Then using the details view, use the specific alert name (UserLogon). Once the filter is in place, use it as a basis for the…
-
There are a several things to check for: 1) Check the logs on the agent device. For windows it's in /contego. In should say 'connected' during the last connection attempt. If it says 'disconnect' or 'unable to connect' - there is something wrong. a) first step is to just reinitialize the agent. 1) stop the solarwinds lem…
-
There are ways to get this. Node Downtime Reports
-
Logs are generated. On the workstation/server side, you need to enable FIM and monitor the specific directories. For the USB, the USB defender needs to be installed as an option to the agent installer. Once these two things are done, you should be able to detect copy from server to usb. Of course, I'm assuming you have the…
-
To get an accurate count of number of events. Look at the all events filter, then send it to nDepth. This will give you the number of events per ten minutes. Times it by six to give you events per hour. According to the LEM scability guide, with the default of 2 vCPUs and 8GB memory - LEM can do 1.3Million per hour. If…
-
I assist clients in deploying NPM and NCM for more visibility and control over the networking devices. One particular client kicks off a NCM download of the router config, if the device goes from down to up state. In the past two years there is an increase clients using the Policy Compliance, which is something I really…
-
Hi Danielle Do you mean the Visualization tab...correct? Not the storage tab. Thanks Amit Loop1 Systems
-
Depends on what you need. I have seen full NOC views with three projection 110" project screens and four employees dedicated to monitoring SolarWinds. Another instance, I have seen smaller 23" monitors spread throughout the networking and server area which displayed the relevant information. I have seen Orion run on a 2…
-
In terms of security, I would be hesitant on allowing any SNMP monitoring on LEM by an external tool, especially SNMPv1 or v2c. If the need for monitoring CPU and memory is there, use the integration with vCenter to grab the information.
-
The config wiz should have the correct username/password filled in. If not, then type it in. Once you do config wiz will validate it as you move onto the next screen. Moving the Orion dB to a new server is relatively painless. I would advise on using SQL studio to backup and restore the database. Once the dB is moved, run…
-
It depends. If you have only NPM than the recommended path is 10.7 -> 11.5. Of course, backup the database with SQL Studio. But, being cautious, I would go from 10.7 -> 11.0 -> 11.5. If you have other modules, the upgrade can get a bit complicated and time consuming. With one client, who was at 10.7 with NPM, but also had…
-
For windows servers, I would look at the LastBoot setting. This should also be present for all SNMP devices. If not, then I would resort to the UnDP. Just be aware that on SNMP monitored devices, if the agent was restarted - the last boot will reflect the time when the agent was started. The code is same as Node DOwn with…
-
If something is referencing incorrectly within website, I generally do what janene recommended - but only if you're comfortable with sql. If the APE or the engine no longer exist, you can always delete it from the settings>polling engines once you have removed all of the nodes from it. Once that's done, to be on the safe…
