mcam · General dogsbody · ✭✭✭✭✭

that was interesting that one

seeing messages like this are always a sad/happy thing. You will be awesome in your next chapter, just as you were awesome in this.

decide first if you want to make use of the syslog messages in Orion. If you're going to use them, use Kiwi to just send the messages that you need. We use Kiwi as the syslog forwarder so we only have one destination for syslogs then can fan out/direct messages where they need to go. This was mainly because needed to be…

Probably time to break out the SNMP browser and look at the device. Try the one from ireasoning.com That will let you browse through and find the OIDs your looking for

there are some features in atlas that haven't migrated to maps yet. Our use case for clinging to atlas is our live weather map as a background to site status. As severe weather is often the root cause of outages, its really helpful. Pretty much everything else though, maps is much better.

I only asked because that happened to me using an AD account, but the web account users were fine. It was doing exactly the same as you described, but also kept asking to login.

Veritas backup for sure

its acting like you don't have access. Have you tried logging in as administrator?

Be sure that you have your device set to forward SNMP traps. Kiwi doesn't receive SNMP messages (port 161), only SNMP Trap messages (port 162) Also check that you have Kiwi configured to receive snmp traps and the port matches what your device is sending - this wasn't on by default for us. Note from the docs - don't use…

I'm the same as @"jm_sysadmin" in that we have a license for NTM but haven't used it in quite a long time. If you don't own it currently there probably isn't a reason to get it. Orion Maps does everything we need.

This doesn't directly answer your question but gives an alternative. A little while ago we installed Kiwi Syslog server so we could centralize our syslog data and send it on to wherever it was needed. Now our syslog data comes into one place and it then forwarded to places like Orion and splunk/logrhythm plus whatever…

did you get it resolved? It does sound like an AV related issue though.

on the linux box make sure that you have syslog configured to send to a remote syslog server. It won't do it by default. Just make sure send to where Kiwi is listening.

check your rules to make sure you aren't accidentally ignoring what is being sent.

count me in. We use the built in AWS monitoring but not container monitoring. I think we have spoken on this before though

You can certainly answer that question with Solarwinds, but you will need to be monitoring the services and infrastructure that make up your application. If you're starting from scratch, take a close look at how the application is delivered and start monitoring each of the components of your service delivery. You may find…

Older versions of WPM used to allow deploying a packed EC2 instance to AWS, so its definitely doable. We used to use this very configuration. In the end, the WPM agent is pretty simple to install which should make adding it to a simple windows image build process.

did you get to find out what was causing this?

don't forget that is only the file that starts everything off. It's well worth taking a bit of time to read the detailed description from FireEye of how this malware works and look for other indicators of compromise on your server. 

I see your problem now. It is difficult to get SAM to monitor that kind of thing. We started using Web Performance Monitor (WPM) for that very reason. It gave us the granularity to be able to drill into an external site to get so much more than the basic tcp load time. The other biggie for us was being able to monitor the…

That error means that basic comms aren't working between the two. First thing to try is that you can open a command line window on your Solarwinds server and ping the remote server you're trying to monitor. Once that is working, it looks like you are setting the host in the monitor to be different from the server you are…

One thing that is worth checking is the web url I notice that it has a full address/port etc so if the test host and site don't match it gets a bit odd Try https://${IP}:${PORT}/<the rest of your url here> That also means you can test on one site before moving to prod 

What you're after are the Universal Device Poller in NPM aka UnDP They will let you create a custom device poller for NPM that can pull almost anything out. You can do a similar thing with SAM monitors as well. Check out these articles/videos to give you way more info…

I have opened an case to help figure out what is happening

I am resetting my expectations instead We are using SW for two purposes One for giving a monitoring status and diagnostic view of the environment The other is alerting us when things go wrong We are looking at using custom properties to filter out the alerts and monitors we want to see alerts for etc. Really the purpose of…

That is the result you get - but how are you getting there? How do you make that page show up? Is there a link on the page that says "Show in NOC mode"

I like that solution - we just updated our NOC TV to use a Raspberry Pi to make it even more compact.

thanks again The alerts do have a reset and are sending the reset email etc. I think my issue is that SW does not have an auto acknowledge that is stopping me getting what I need. Really what I need is some way of distinguishing between those monitors I want to be used for alerts and those monitors I am using for…

right - your problem is that you have no way to tell the disconnected process where to download the file. Maybe have some other process like curl or wget grab the file, then use a file monitor to track the downloaded file?

Its probably best opening new topic for new questions but.... if you have a sql cluster, you can add the virtual instance as a node in SAM then monitor that