3 Replies Latest reply on Oct 17, 2012 11:56 AM by nicole pauls

    Tool Profiles and Individual Server Settings

    stevanpierce

      I am working on managing and monitoring servers with a Group Profile.  I add the necessary base tools; however, each server in the network management group is unique.  When I say unique one might have Cisco Secure ACS while others do not.  So, when I add ACS logging to the one server, a message is displayed which gives me the option to edit tool profile or agent tools, removing it from the group profile.  In trying to think my way around having it removed from the group profile, I added this software logging to the group profile and attempted to remove it from each individual server.

       

      Is it possible to have the servers in the same group but have an individual server with unique applications being logged?  If I have to add the tool to the group profile, what harm, if any, would there be if I added it to the group and other servers did not have the monitored software?

       

      Are there options in the future to create sub-group profiles?  For example, I deploy a set of net manage servers to the domain but then have 2 out of the 4 with specific packages and need to subgroup these underneath the main group or have a hierarchy setup.

        • Re: Tool Profiles and Individual Server Settings
          Jeffster

          I don't know about the future, but as it exists now, If you add a server to a group (tool profile) and then try to modify (add, edit or delete) the tools associated with a server you get a pop-up prompt.  It gives you the option to modify the "Tool Profile" or "Agent Tool Configuration".  If you do the latter it will remove the agent from the group.  Choose to change the Tool profile and you change it for all servers that are members of the group.  What we did was just setup many different profiles.  One for our Domain controllers, database servers, IIS, member servers, Exchange etc...

            • Re: Tool Profiles and Individual Server Settings
              stevanpierce

              If I add tools to to tool profile and the server does not have the service/application being monitored, does it necessarily matter?  For example, add Windows AD monitoring to a Win 2008 Server Tool profile and a server does not need it.  Will this affect the server or the SIEM appliance?

               

              (On those machines that did not have an app or windows service on a server group in a tool profile, I just disabled this on a per server basis.

                • Re: Tool Profiles and Individual Server Settings
                  nicole pauls

                  If I add tools to to tool profile and the server does not have the service/application being monitored, does it necessarily matter?  For example, add Windows AD monitoring to a Win 2008 Server Tool profile and a server does not need it.  Will this affect the server or the SIEM appliance?

                   

                  (On those machines that did not have an app or windows service on a server group in a tool profile, I just disabled this on a per server basis.

                   

                  Usually not.

                   

                  If you configure additional connectors and that system doesn't have them, it will generally just ignore those log files. In some cases, you'll see events generated that say "hey, I couldn't find this log/directory, something's weird here" (paraphrasing, of course ) from the agents that don't have those logs. Worst case scenario, they may detect this error and say "my configuration doesn't match the profile so I'm orphaning myself" but you'd be able to double check that to make sure it doesn't happen.

                   

                  Right now there's no sub-groups, just one level. You could of course create a second profile (you can even clone the first one so you don't have to start from scratch), but then you have to be sure to use them both when you do any rules, filters, or searches that use them.

                   

                  Hope that helps!