mestasew · Network Monitor

The component name is the same " attempted to logon explicit credentials event" But mine is from an application component called "windows server 2008-2016 domain controller security" I think both have the same purpose. So may be you can try to override template to get more options for specifying particular settings for the…

I have the same problem of getting an alert coming from accounts running some process that are identified as a valid explicit credential use . I have attempted to use the component feature setting intended to exclude events on the alert. This feature helps to exclude events by defining key words on the event. I defined a…

I was able to use exclusion keywords to define accounts and process for avoiding alerts from a known accounts with the help of a SolarWinds support representative. However the exclusion feature still needs improvement to define two combined key words as as a condition. For instance defining account "xyz" with process "abc"…

I just provided the same suggestion when discussing the features of the HA with Solarwinds support person. Today I see this post which seems to be over two years back. I wonder if there is any development , did not find so far that allows standby server to provide the availability while primary is being upgraded.

Hello Robert I edited application monitor component to exclude the accounts that we validated on the exclude events with key words Below option. You will find the match definition under the component by expanding the + sign. checkout screenshot below .

Very good Idea, how come this has not been implemented yet.

sorry for the delayed comment. HA availability was established after breaking the ha by truncating the HA table, modified DB tables and even registry to assign values of the server roles as primary or standby. Finally reestablishing HA. still we have some issue displaying web console when it failover to standby and the…

Hello Riggs- please reach me via private message for sharing. 

Thanks Tony - send me a private message so that I can share you a support case numbers that I have already uploaded diagnostics. Any ways discussing the future on the HA - why would the standby server has a disabled start up setting on the server ? Rather it make sense a server be set in automatic startup and when HA…

This is one of the problematic alert and is not that much exact with its prediction as well in my opinion. If we deselect memory under volumes resource list , we will be still getting monitoring notification for memory from CPU and Memory resource monitoring. however we will be still missing virtual memory monitoring and…

Just an update ....after downloading the offline NCM and running , the installation do not show HF 1 for NCM and SRM. Concluded the the HF released does not apply for the two modules. 

Now I was able to use my standby HA as probe. thanks for clarifying and sharing. what do you think about the port option? I am not clear if we used known port like 161 or 22 , netpath will test reachability via that port.

To share my experience, my attempt to create a secondary probe failed- I concluded netpath only works from the Orion itself. I would say the impact on the performance would be minimal since it uses icmp packets to trace route and delay statics. There is real time path monitoring that might impact the performance. Mostly…

I was evaluating ways to monitor FMC and the FTD Via NMC and found your comment. what I am not clear from your comment is that what device's user name and password used ? is it on FMC or FTD directly ? on the template script - my apologies this sounds lame question- what is is the role of commands such as reset , erase…

thanks providing the query. I also reviewed the audit events table at the time the events were reported , but no trace of the actions reported by the events. Also run the query but did not pull any result as shown below. I used report writer to view the result. is it possible an admin clear the audit events ?

thanks sharing your query. it did not find the the deleted or added nodes from Auditing table. I further expanded your query to look for action type (ActionTypeID) for Node added and Node deleted, but did not find the nodes I am looking. the audit event is not displaying recent days changes. I might reach support to check…

Thanks for your suggestion. I used the audit event as shown below , but the nodes removed/ added were not listed.

shutdown in the device

I am experiencing the same issue that restarting the alerting service didn't help to clear the triggered alert. In my cae the Vs are already decommissioned but it keep on triggering back after clearing. I disabled the alerte type , restarted the service etc it keep on triggering the alert after it is cleared.

our upgrade is on hold and planned at some point in the future for hosting environment needs an upgrade. But what I want to understand is how a disabled interface is listed sending a flow data ? why some of the flow data used an interface index number like # 4567. is this somthing a known NTA flaw ?

thank you for your general advice, coming back to the code ... because I get all the attribute in one table, I probably do not need the join statement. What I need is a way to filter the days and time . from your previous example we can use WHERE aa.[timestamp] BETWEEN ${fromtime} AND ${totime} WHERE aa.[timestamp]…

I agree the bottom line is the OOTB alerts management especially for large heterogeneous network could be difficult and their usefulness would be less. However until a custom alert is setup it would have been nice and easier if SW add a third option to exclude objects (since the oob alerts are already running ). For…

Thanks for your response and suggestion. However our NTA is already configured and match your suggested settings. 

Thanks for your comments and info. It is good to hear that they are working to add this feature. What would be the point to have two engines comparing actual performances with thresholds. i.e. if an alert is already available for a given metric, there is no need to compare and trigger an event. The alert gives much degree…

Thanks for your suggestion. I will miss the benefit of getting an overview of my monitored environment if event summary is removed from my dashboard view. In addition, it will not address the underlying problem such as overloading the server and database

forget to mention that I also used alerthistoryID as column name... assuming every triggered alert will be logged with unique identifier # alerthistoryID. correct me If I am wrong.

Hi Mburgeso, I thank you very much for sharing your suggestion to addressing the reporting problem. I am not that expert on sql that I couldn't understand well your first suggestion. I got some of the concepts on the 2nd query. How about if we use alert historyview table ? do we have to define for every event type because…

The VDI were supposed to be shown on servers located on some clusters hosting the VDI desktops. The problem is they are not detected or visible under the servers. The feature I am mentioning provides an overview of the overall VDIs in the virtual infrastructure that would help to detect performance issues etc

thank you for your suggestion to use the custom property in excluding some nodes. my situation is however more than that. let us say you want to take advantage of Orion auto discover feature. as a result your outofthebox alerts objects scope size has a very large number of objects. To the majority of objects the outof the…

I thank you for your response and detail coding info to rearrange severity level values. will share my experiance once I test in my environment.