3 Replies Latest reply on Jun 23, 2009 7:50 AM by denny.lecompte

    APM Default Templates & Scans

    outsidesys

      TCP Port Scans

      The option to schedule TCP port scans on nodes for certain "Well Known" and "Registered" TCP ports (see list below for suggested TCP ports to scan). 

      If a new open TCP port is discovered, the Node Details web page shows you a list of which TCP ports have been discovered, and then gives you the ability to:

      • A:  "Setup" and use/configure a Template to monitor the TCP port
      • B:  "Dismiss" an item in the list
      • C:  "Dismiss All" items in the list

      During the setup process, if there are Templates that already exist with a Component Monitor for the discovered port, you are asked if you want to use one of them.  If you choose not to use one, you are redirected to the New Template page so you can configure what you want and assign it to the node.

      Additionally, it would be nice to have the ability to alert when a new TCP port is discovered.

      Default (Out of the Box) Templates

      In addition to all of the great Templates that come with APM, include individual Templates for each TCP port in the below list.  Just use the "TCP Port Monitor" Component Monitor for each one.  These will be a great starting point for simple TCP port up/down status monitoring.

      So why am I requesting this? 

      • Many of the servers we monitor are not fully under our control
      • Some servers get repurposed, and "network aware" applications are installed without our knowledge
      • We want to be proactive with our monitoring.  We want to say to our users and clients, "Hey we noticed that a TCP port is open on one of your servers.  Let's discuss your monitoring options."
      • Not reliant on SNMP or WMI credentials
      • I have control issues

      Benefits to APM Users

      • Simple (Out of the Box) TCP port monitoring with up/down status and automatic discovery of common TCP ports
      • Not reliant on SNMP or WMI credentials
      • Proactive Monitoring:  APM gives us a heads up when things change
      • Discovery of Insecure Protocols:  Telnet is a good example
      • We Can Up Sell our Monitoring:  At any time, we can use APM to scan a client's server and if changes have occurred, we can renegotiate our monitoring services based on what APM discovers.

      Benefits to SolarWinds

      • More Component Monitors are used.  More licenses are sold.  The paychecks keep coming.
      • Leverage the scanning functionality as a security enhancement
      • This functionality can be incorporated into ipMonitor, but only allow a subset of TCP ports that can be monitored for up/down status, which gives a better taste of what the NPM/APM combination does. 
      • I'm not familiar with the other SW products, so this functionality may be incorporated into other products too.

      Here's the List of TCP Ports to Scan

      Before I list the TCP ports, I would like to add that I don't think the TCP port scans should be comprehensive.  Orion is a monitoring tool, not a security tool, but it should be noted that by having these scans available, security is enhanced.

      Backup Exec  (10000)
      Citrix  (1494)
      CommVault  (8400)
      DB2  (50000)
      DHCP  (67)
      DNS  (TCP/UDP 53)
      DominoIIOP  (63148)
      FTP  (21)
      HTTP  (80)
      HTTP-8000  (8000)
      HTTP-8080  (8080)
      HTTP-MGMT  (280)
      HTTPS  (443)
      IMAP  (143)
      Informix  (1536)
      LDAP  (389)
      MySQL  (3306)
      NFS  (2049)
      NNTP  (119)
      NTP  (123)
      NetBIOS-NS  (137)
      NetBIOS-SSN  (139)
      Oracle  (1521)
      POP3  (110)
      Postgres  (5432)
      RDP  (3389)
      RPC-Locator  (135)
      SMB  (445)
      SMTP  (25)
      SQLServer  (1433)
      SSH  (22)
      Sybase  (1498)
      Telnet  (23)
      VNC  (5900)
      VNC-HTTP  (5800)
      WINS  (1512)

      I'm sure others will add to this list.

      Thanks for listening,

      - John