Configuring Wireless LANs

AccelOps supports these wireless local area network devices for discovery and monitoring.

Aruba Networks Wireless LAN Configuration

Cisco Wireless LAN Configuration

Motorola WiNG WLAN AP Configuration Ruckus Wireless LAN Configuration

Aruba Networks Wireless LAN Configuration

What is Discovered and Monitored

Event Types

Rules

Reports

Configuration

SNMP V1/V2c

Sample Aruba Networks Wireless LAN Controller SNMP Trap Messages Settings for Access Credentials

What is Discovered and Monitored

AccelOps uses SNMP and NMAP to discover the device and to collect logs and performance metrics. AccelOps communicates to the WLAN Controller only and discovers all information from the Controller. AccelOps does not communicate to the WLAN Access points directly.

Protocol	Information Discovered	Metrics collected	Used for
SNMP	Controller host name, Controller hardware model, Controller network interfaces, Associated WLAN Access Points	Controller Uptime, Controller Network Interface metrics (utilization, bytes sent and received, packets sent and received, errors, discards and queue lengths), Radio interface performance metrics	Availability and Performance Monitoring
SNMP Trap	Controller device type	All system logs: User authentication, Admin authentication, WLAN attacks, Wireless link health	Availability, Security and Compliance

Event Types

In CMDB > Event Types, search for “aruba” in the Description and Device Type columns to see the event types associated with this device.

Rules

There are no predefined rules for this device.

Reports

In Analytics > Reports, search for “aruba” in the Name column to see the reports associated with this device.

Configuration

SNMP V1/V2c

1. Log in to your Aruba wireless controller with administrative privileges.
2. Go to Configuration > Management > SNMP.
3. For Read Community String, enter public.
4. Select Enable Trap Generation.
5. Next to Read Community String, click Add.
6. Under Trap Receivers, click Add and enter the IP address of your AccelOps virtual appliance.

Sample Aruba Networks Wireless LAN Controller SNMP Trap Messages

Settings for Access Credentials

Cisco Wireless LAN Configuration

 

What is Discovered and Monitored

Protocol	Information Discovered	Metrics collected	Used for
SNMP	Controller host name, Controller hardware model, Controller network interfaces, Associated WLAN Access Points	Controller Uptime, Controller CPU and Memory utilization, Controller Network Interface metrics (utilization, bytes sent and received, packets sent and received, errors, discards and queue lengths)	Availability and Performance Monitoring
SNMP Trap	Controller device type	All system logs: User authentication, Admin authentication, WLAN attacks, Wireless link health	Availability, Security and Compliance

Event Types

In CMDB > Event Types, search for “cisco wireless” in the Description column to see the event types associated with this device.

Rules

There are no predefined rules for this device.

Reports

There are no predefined reports for this device.

Configuration

SNMP V1/V2c and SNMP Traps

1. Log in to your Cisco wireless LAN controller with administrative privileges.
2. Go to MANAGEMENT > SNMP > General.
3. Set both SNMP v1 Mode and SNMP v2c Mode to Enable.
4. Go to SNMP > Communities.
5. Click New and create a public community string with Read-Only
6. Click Apply.
7. Go to SNMP > Trap Controls.
8. Select the event traps you want to sent to AccelOps.
9. Click Apply.
10. Go to SNMP > Trap Receivers.
11. Click New and enter the IP address of your AccelOps virtual appliance as a trap receiver.
12. Click Apply.

Sample SNMP Trap

2008-06-09 08:59:50 192.168.20.9 [192.168.20.9]:SNMPv2-MIB::sysUpTime.0

= Timeticks: (86919800) 10 days, 1:26:38.00

SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-SMI::enterprises.14179.2.6.3.2

SNMPv2-SMI::enterprises.14179.2.6.2.35.0 = Hex-STRING: 00 21 55 4D 66 B0

SNMPv2-SMI::enterprises.14179.2.6.2.36.0 = INTEGER: 0

SNMPv2-SMI::enterprises.14179.2.6.2.37.0 = INTEGER: 1

SNMPv2-SMI::enterprises.14179.2.6.2.34.0 = Hex-STRING: 00 12 F0 0A 3F 15

2010-11-01 12:59:57 0.0.0.0(via UDP: [172.22.2.25]:32769) TRAP2, SNMP v2c, community 1n3t3ng . Cold Start Trap (0) Uptime: 0:00:00.00 DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (9165100) 1 day, 1:27:31.00 SNMPv2-MIB::snmpTrapOID.0 = OID:

SNMPv2-SMI::enterprises.9.9.599.0.4

SNMPv2-SMI::enterprises.9.9.599.1.3.1.1.1.0 = Hex-STRING: 00 24 D7 36 A0

00  SNMPv2-SMI::enterprises.9.9.513.1.1.1.1.5.0 = STRING: “AP-2”

SNMPv2-SMI::enterprises.9.9.599.1.3.1.1.8.0 = Hex-STRING: 00 25 45 B7

66 70  SNMPv2-SMI::enterprises.9.9.513.1.2.1.1.1.0 = INTEGER: 0

SNMPv2-SMI::enterprises.9.9.599.1.3.1.1.10.0 = IpAddress: 172.22.4.54

SNMPv2-SMI::enterprises.9.9.599.1.2.1.0 = STRING: “IE\brouse”

SNMPv2-SMI::enterprises.9.9.599.1.2.2.0 = STRING: “IE”

2011-04-05 10:37:42 0.0.0.0(via UDP: [10.10.81.240]:32768) TRAP2, SNMP v2c, community AccelOps . Cold Start Trap (0) Uptime: 0:00:00.00 DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (1672429600) 193 days, 13:38:16.00 SNMPv2-MIB::snmpTrapOID.0 = OID:

SNMPv2-SMI::enterprises.9.9.615.0.1

SNMPv2-SMI::enterprises.9.9.599.1.3.1.1.1.0 = Hex-STRING: 00 25 BC 80 E8

77  SNMPv2-SMI::enterprises.9.9.599.1.3.1.1.8.0 = Hex-STRING: 6C 50 4D

7D AC 50  SNMPv2-SMI::enterprises.9.9.599.1.3.1.1.9.0 = INTEGER: 1

SNMPv2-SMI::enterprises.9.9.513.1.1.1.1.5.0 = STRING: “AP03-3.rdu2”

SNMPv2-SMI::enterprises.9.9.615.1.2.1.0 = INTEGER: 1

SNMPv2-SMI::enterprises.9.9.615.1.2.2.0 = INTEGER: 5000

SNMPv2-SMI::enterprises.9.9.615.1.2.3.0 = INTEGER: 1

SNMPv2-SMI::enterprises.9.9.615.1.2.4.0 = INTEGER: 31 SNMPv2-SMI::enterprises.9.9.615.1.2.5.0 = INTEGER: -60

SNMPv2-SMI::enterprises.9.9.615.1.2.6.0 = INTEGER: -90 SNMPv2-SMI::enterprises.9.9.615.1.2.7.0 = STRING:

“0,0,0,0,1,20,24,28,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0”

SNMPv2-SMI::enterprises.9.9.615.1.2.8.0 = INTEGER: 2 SNMPv2-SMI::enterprises.9.9.615.1.2.9.0 = STRING:

“6c:50:4d:7d:ac:50,e8:04:62:0b:b5:f0”

SNMPv2-SMI::enterprises.9.9.615.1.2.10.0 = STRING: “-83,-85”

SNMPv2-SMI::enterprises.9.9.615.1.2.11.0 = STRING: “1,1”

SNMPv2-SMI::enterprises.9.9.512.1.1.1.1.11.5 = INTEGER: 1

Settings for Access Credentials

Motorola WiNG WLAN AP Configuration

What is Discovered and Monitored

Protocol	Information Discovered	Metrics collected	Used for
Syslog		All system logs: User authentication, Admin authentication, WLAN attacks, Wireless link health	Availability, Security and Compliance

Event Types

Over 127 event types – In CMDB > Event Types, search for “Motorola-WiNG” to see the event types associated with this device.

Rules

There are no predefined rules for this device.

Reports

There are no predefined reports for this device.

Configuration

Configure devices to send syslog to AccelOps – make sure that the version matches the format below

Ruckus Wireless LAN Configuration

What is Discovered and Monitored

Event Types

Rules

Reports

Configuration

What is Discovered and Monitored

Protocol	Information Discovered	Metrics collected	Used for
SNMP	Controller host name, Controller hardware model, Controller network interfaces, Associated WLAN Access Points	Controller Uptime, Controller Network Interface metrics (utilization, bytes sent and received, packets sent and received, errors, discards and queue lengths), Controller WLAN Statistics, Access Point Statistics, SSID performance Stats	Availability and Performance Monitoring

Event Types

PH_DEV_MON_RUCKUS_CONTROLLER_STAT

[PH_DEV_MON_RUCKUS_CONTROLLER_STAT]:[eventSeverity]=PHL_INFO,[fileN ame]=deviceRuckusWLAN.cpp,[lineNumber]=555,[hostName]=guest-zd-01,[ hostIpAddr]=172.17.0.250,[numAp]=41,[numWlanClient]=121,[newRogueAP ]=0,[knownRogueAP]=0,[wlanSentBytes]=0,[wlanRecvBytes]=0,[wlanSentB itsPerSec]=0.000000,[wlanRecvBitsPerSec]=0.000000,[lanSentBytes]=16 6848,[lanRecvBytes]=154704,[lanSentBitsPerSec]=7584.000000,[lanSent

BitsPerSec]=7032.000000,[phLogDetail]=

PH_DEV_MON_RUCKUS_ACCESS_POINT_STAT

[PH_DEV_MON_RUCKUS_ACCESS_POINT_STAT]:[eventSeverity]=PHL_INFO,[fil eName]=deviceRuckusWLAN.cpp,[lineNumber]=470,[hostName]=AP-10.20.30 .3,[hostIpAddr]=10.20.30.3,[description]=,[numRadio]=0,[numWlanClie nt]=0,[knownRogueAP]=0,[connMode]=layer3,[firstJoinTime]=1404672517 29776,[lastBootTime]=140467251729776,[lastUpgradeTime]=140467251729

776,[sentBytes]=0,[recvBytes]=0,[sentBitsPerSec]=0.000000,[recvBits

PerSec]=0.000000,[phLogDetail]=

PH_DEV_MON_RUCKUS_SSID_PERF

[PH_DEV_MON_RUCKUS_SSID_PERF]:[eventSeverity]=PHL_INFO,[fileName]=d eviceRuckusWLAN.cpp,[lineNumber]=807,[hostName]=c1cs-guestpoint-zd01,[hostIpAddr]=172.17.0.250,[wlanSsid]=GuestPoint,[description]=We lcome SSID for not yet authorized APs.,[wlanName]=Welcome SSID,[authenMethod]=open,[encryptAlgo]=none,[isGuest]=1,[srcVLAN]=5 98,[sentBytes]=0,[recvBytes]=0,[sentBitsPerSec]=0.000000,[recvBitsP erSec]=0.000000,[authSuccess]=0,[authFailure]=0,[assocSuccess]=0,[a ssocFailure]=0,[assocDeny]=0,[disassocAbnormal]=0,[disassocLeave]=0 ,[disassocMisc]=0,[phLogDetail]=

Rules

There are no predefined rules for this device.

Reports

There are no predefined reports for this device.

Configuration

Configure the Controller so that AccelOps can connect to via SNMP.

 

Configuring WAN Accelerators

AccelOps supports these wide area network accelerators for discovery and monitoring.

Cisco Wide Area Application Server Configuration

Riverbed SteelHead WAN Accelerator Configuration

Cisco Wide Area Application Server Configuration

 

What is Discovered and Monitored

Protocol	Information Discovered	Metrics collected	Used for
SNMP	Host name, Software version, Hardware model, Network interfaces	Uptime, CPU and Memory utilization, Network Interface metrics (utilization, bytes sent and received, packets sent and received, errors, discards and queue lengths), Disk space utilization, Process cpu/memory utilization	Availability and Performance Monitoring

Event Types

[PH_DEV_MON_SYS_PROC_COUNT]:[eventSeverity]=PHL_INFO,[fileName]=phP erfJob.cpp,[lineNumber]=11710,[hostName]=edge.bank.com,[hostIpAddr] =10.19.1.5,[procCount]=429,[pollIntv]=176,[phLogDetail]=

PH_DEV_MON_NET_INTF_UTIL

[PH_DEV_MON_NET_INTF_UTIL]:[eventSeverity]=PHL_INFO,[fileName]=phI ntfFilter.cpp,[lineNumber]=323,[intfName]=GigabitEthernet 1/0,[intfAlias]=,[hostName]=edge.bank.com,[hostIpAddr]=10.19.1.5,[p ollIntv]=56,[recvBytes64]=0,[recvBitsPerSec]=0.000000,[inIntfUtil]= 0.000000,[sentBytes64]=0,[sentBitsPerSec]=0.000000,[outIntfUtil]=0.

000000,[recvPkts64]=0,[sentPkts64]=0,[inIntfPktErr]=0,[inIntfPktErr

Pct]=0.000000,[outIntfPktErr]=0,[outIntfPktErrPct]=0.000000,[inIntf PktDiscarded]=0,[inIntfPktDiscardedPct]=0.000000,[outIntfPktDiscard ed]=0,[outIntfPktDiscardedPct]=0.000000,[outQLen64]=0,[intfInSpeed6 4]=100000000,[intfOutSpeed64]=100000000,[intfAdminStatus]=,[intfOpe rStatus]=,[daysSinceLastUse]=0,[totIntfPktErr]=0,[totBitsPerSec]=0. 000000,[phLogDetail]=

PH_DEV_MON_PROC_RESOURCE_UTIL

[PH_DEV_MON_PROC_RESOURCE_UTIL]:[eventSeverity]=PHL_INFO,[fileName] =phPerfJob.cpp,[lineNumber]=4320,[swProcName]=syslogd,[hostName]=ed ge.bank.com,[hostIpAddr]=10.19.1.5,[procOwner]=,[memUtil]=0.038191, [cpuUtil]=0.000000,[appName]=Syslog Server,[appGroupName]=Unix

Syslog Server,[pollIntv]=116,[swParam]=-s -f

/etc/syslog.conf-diamond,[phLogDetail]=

Rules

Regular monitoring rules

Reports

Regular monitoring reports

Configuration

AccelOps uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation, then follow the instructions in Setting Access Credentials for Device Discovery to establish the connection between the device and AccelOps, and to initiate the device discovery process.

 

 

Riverbed SteelHead WAN Accelerator Configuration

 

What is Discovered and Monitored

Protocol	Information Discovered	Metrics collected	Used for
SNMP	Host name, Software version, Hardware model, Network interfaces	Uptime, CPU and Memory utilization, Network Interface metrics (utilization, bytes sent and received, packets sent and received, errors, discards and queue lengths), Disk space utilization, Process cpu/memory utilization	Availability and Performance Monitoring
SNMP		Hardware status	Availability and Performance Monitoring
SNMP		Bandwidth metrics: Inbound Optimized Bytes – LAN side, WAN side, Outbound optimized bytes LAN side and WAN side Connection metrics: Optimized connections, Passthrough connections, Half-open optimized connections, Half-closed Optimized connections, Established optimized connections, Active optimized connections Top Usage metrics: Top source (Source IP, Total Bytes), Top destination (Destination IP, Total Bytes), Top Application (TCP/UDP port, Total Bytes), Top Talker (Source IP, Source Port, Destination IP, Destination Port, Total Bytes) Peer status: For every peer: State, Connection failures, Request timeouts, Max latency	Availability and Performance Monitoring
SNMP Trap		All traps: software errors, hardware errors, admin login, performance issues – cpu, memory, peer latency issues. Around 115 traps defined in CMDB > Event Types. The mapped event types start with “Riverbed-“.	Availability, Security and Compliance

Event Types

In CMDB > Event Types, search for “steelhead” in the Description and Device Type columns to see the event types associated with this device.

Rules

In Analytics > Rules, search for “steelhead” in the Name column to see the rules associated with this device.

Reports

There are no predefined reports for this device.

Configuration

SNMP

AccelOps uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation, then follow the instructions in Setting Access Credentials for Device Discovery to establish the connection between the device and AccelOps, and to initiate the device discovery process.

SNMP Trap

AccelOps processes events from this device via SNMP traps sent by the device. Configure the device to send send SNMP traps to AccelOps as directed in the device’s product documentation, and AccelOps will parse the contents.

Example SNMP Trap

Settings for Access Credentials

Configuring Vulnerability Scanners

AccelOps supports these vulnerability scanners for discovery and monitoring.

McAfee Foundstone Vulnerability Scanner Configuration

Nessus Vulnerability Scanner Configuration

Qualys Vulnerability Scanner Configuration

Rapid7 NeXpose Vulnerability Scanner Configuration

McAfee Foundstone Vulnerability Scanner Configuration

What is Discovered and Monitored

Protocol	Metrics collected	Used for
JDBC (SQL Server)	Scan name, Scanned Host Name, Host OS, Vulnerability category, Vulnerability name, Vulnerability severity, Vulerability CVE Id, Vulnerability Score, Vulnerability Consequence	Security Monitoring

Event Types

In CMDB > Event Types, search for “foundstone” in the Description column to see the event types associated with this device.

Rules

There are no predefined rules for this device.

Reports

There are no predefined rules for this device.

Configuration

JDBC

AccelOps connects to the faultline database in the McAfee vulnerability scanner to collect metrics. This is a SQL Server database, so you will need to have set up access credentials for the database over JDBC to set up access credentials in AccelOps and initiate discovery. Settings for Access Credentials

 

 

Nessus Vulnerability Scanner Configuration

What is Discovered and Monitored

Protocol	Metrics collected	Used for
Nessus API	Scan name, Scanned Host Name, Host OS, Vulnerability category, Vulnerability name, Vulnerability severity, Vulerability CVE Id and Bugtraq Id, Vulnerability CVSS Score, Vulnerability Consequence	Security Monitoring

Event Types

In CMDB > Event Types, search for “nessus” in the Description and Device Type column to see the event types associated with this device.

Rules

There are no predefined rules for this device.

Reports

In Analytics > Reports, search for “nessus” in the Description column to see the reports associated with this device.

Configuration

Nessus API

Create a user name and password that AccelOps can use as access credentials for the API. Make sure the user has permissions to view the scan report files on the Nessus device. You can check if your user has the right permissions by running a scan report as that user.

You can now configure AccelOps to communicate with your device by following the instructions in Setting Access Credentials for Device Discovery, and then initiate discovery of the device as described in the topics in Discovering Infrastructure.

Settings for Access Credentials

Qualys Vulnerability Scanner Configuration

What is Discovered and Monitored

Protocol	Metrics collected	Used for
Qualys API	Scan name, Scanned Host Name, Host OS, Vulnerability category, Vulnerability name, Vulnerability severity, Vulerability CVE Id and Bugtraq Id, Vulnerability Consequence	Security Monitoring

Event Types

In CMDB > Event Types, search for “qualys” in the Device Type column to see the event types associated with this device.

Rules

There are no predefined rules for this device.

Reports

In Analytics > Reports, search for “qualys” in the Description column to see the reports associated with this device.

Configuration

Qualys API

Create a user name and password that AccelOps can use as access credentials for the API.

You can now configure AccelOps to communicate with your device by following the instructions in Setting Access Credentials for Device Discovery, and then initiate discovery of the device as described in the topics in Discovering Infrastructure.

Settings for Access Credentials

Rapid7 NeXpose Vulnerability Scanner Configuration

What is Discovered and Monitored

Protocol	Metrics collected	Used for
Rapid7 Nexpose API	Scan name, Scanned Host Name, Host OS, Vulnerability category, Vulnerability name, Vulnerability severity, Vulerability CVE Id and Bugtraq Id, Vulnerability CVSS Score, Vulnerability Consequence	Security Monitoring

Event Types

In CMDB > Event Types, search for “rapid7” in the Description and Device Type columns to see the event types associated with this device.

Rules

There are no predefined rules for this device.

Reports

There are no predefined reports for this device.

Configuration

Rapid7 NeXpose API

1. Log into the device manger for your vulnerability scanner with administrative credentials.
2. Go to Administration > General > User Configuration, and create a user that AccelOps can use to access the device.
3. Go to Reports > General > Report Configuration.
4. Create a report with the Report format set to Simple XM

AccelOps can only pull reports in this format.

Settings for Access Credentials

Microsoft PPTP VPN Gateway Configuration

Configuring Microsoft PPTP

Windows 2003 Server

1. Logon with administrative rights
2. Configure PPTP VPN
3. Go to Start | All Programs | Administrative Tools | Configure Your Server Wizard, select the Remote Access/VPN Server role. The click the next button which runs the the Routing and Remote Access Wizard.
4. Configure Server Logging – Enable authentication and accounting logging from the Settings tab on the properties of the Local File object in the Remote Access Logging folder in the Routing and Remote Access snap-in. The authentication and accounting information is stored in a configurable log file or files stored in the SystemRoot\System32\LogFiles folder. The log files are saved in Internet Authentication Service (IAS) or database-compatible format, meaning that any database program can read the log file directly for analysis.
5. Configure Snare agent to send logs to Accelops.

Sample syslog messages

<13>Apr  1 09:28:03 dev-v-win03-vc MSPPTPLog 0

192.168.24.11,administrator,04/01/2009,09:28:00,RAS,DEV-V-WIN03-VC,44,29

,4,192.168.24.11,6,2,7,1,5,129,61,5,64,1,65,1,31,192.168.20.38,66,192.16 8.20.38,4108,192.168.24.11,4147,311,4148,MSRASV5.20,4155,1,4154,Use

Windows authentication for all users,4129,DEV-V-WIN03-VC\administrator,4130,DEV-V-WIN03-VC\administrato r,4127,4,25,311 1 192.168.24.11 04/01/2009 16:12:12 3,4149,Connections to Microsoft Routing and Remote Access server,4136,1,4142,0

PulseSecure Configuration

What is Discovered and Monitored

Configuration

Settings for Access Credentials

What is Discovered and Monitored

Protocol	Information Discovered	Metrics Collected	Used For
Syslog		Security and Performance alerts	Security and performance monitoring

Event Types

In CMDB > Event Types, search for “PulseSecure”  to see the event types associated with this device.

Rules

There are no predefined rules for this device.

Reports

There are no predefined reports for this device.

Configuration

Syslog

Sample PulseSecure Syslog Messages

Settings for Access Credentials

Juniper Networks SSL VPN Gateway Configuration

What is Discovered and Monitored

Configuration

Settings for Access Credentials

What is Discovered and Monitored

Protocol	Information Discovered	Metrics Collected	Used For
SNMP
Syslog

Event Types

In CMDB > Event Types, search for “junos_dynamic_vpn” in the Name column to see the event types associated with this device.

Rules

There are no predefined rules for this device.

Reports

There are no predefined reports for this device.

Configuration

SNMP

1. Log into your device with administrative credentials.
2. Go to System > Log/Monitoring > SNMP.
3. Under Agent Properties, enter public for Community.

Syslog

VPN Access Syslogs

1. Go to System > Log/Monitoring > User Access > Settings.
2. Under Select Events to Log, select Login/logout, User Settings, and Network Connect.
3. Under Syslog Servers, enter the IP address of your AccelOps virtual appliance, and set the Facility to LOCAL0.
4. Click Save Changes.

Admin Access Syslogs

1. Go to System > Log/Monitoring > Admin Access > Settings.
2. Under Select Events to Log, selectAdministrator changes, License Changes, and Administrator logins.
3. Under Syslog Servers, enter the IP address of your AccelOps virtual appliance, and set the Facility to LOCAL0.
4. Click Save Changes.

Sample Parsed Juniper Networks SSL VPN Syslog Messages

Settings for Access Credentials

Configuring Virtualization

AccelOps supports these virtualization servers for discovery and monitoring.

HyperV Configuration

VMware ESX Configuration

HyperV Configuration

What is Discovered and Monitored

Protocol	Information discovered	Metrics collected	Used for
Powershell over WMI		CPU, Memory, Network and Storage metrics both at Guest and Host level .	Performance Monitoring

PH_DEV_MON_HYPERV_CPU_GUEST_VIRTUAL_PROC: HyperV Guest Virtual Processor Usage

 

PH_DEV_MON_HYPERV_MEM_VID_PARTITION_PER_VM: HyperV per-VM VID Partition Memory Usage

[PH_DEV_MON_HYPERV_MEM_VID_PARTITION_PER_VM]:[phyMachIpAddr]=172.16 .20.180,[phyMachName]=WIN-HH2MFBPMHMR,[hostIpAddr]=172.16.20.185,[h ostName]=accelops-reporter-hyperv-4.3.1.1158,[vmName]=accelops-repo rter-hyperv-4.3.1.1158,[physicalPages]=1050632,[remotePages]=0

PH_DEV_MON_HYPERV_MEM_OVERALL: HyperV Root Memory Usage

[PH_DEV_MON_HYPERV_MEM_OVERALL]:[hostIpAddr]=172.16.20.180,[hostNam e]=WIN-HH2MFBPMHMR,[freeMemKB]=27519348,[pageFaultsPersec]=0

PH_DEV_MON_HYPERV_NET_VIRTUAL_SWITCH: HyperV Virtual Switch Network Usage

[PH_DEV_MON_HYPERV_NET_VIRTUAL_SWITCH]:[hostIpAddr]=172.16.20.180,[ hostName]=WIN-HH2MFBPMHMR,[vSwitch]=broadcom bcm5709c netxtreme ii gige [ndis vbd client] _34 – virtual

switch,[recvBitsPerSec]=719403.45,[recvPktsPerSec]=323.03,[sentBits PerSec]=3382443.50,[sentPktsPerSec]=283.90,[totalPktsPerSec]=323.03 [PH_DEV_MON_HYPERV_NET_VIRTUAL_SWITCH]:[hostIpAddr]=172.16.20.180,[ hostName]=WIN-HH2MFBPMHMR,[vSwitch]=broadcom bcm5709c netxtreme ii gige [ndis vbd client] _34 – virtual

switch,[recvBitsPerSec]=719403.45,[recvPktsPerSec]=323.03,[sentBits PerSec]=3382443.50,[sentPktsPerSec]=283.90,[totalPktsPerSec]=323.03

PH_DEV_MON_HYPERV_NET_VIRTUAL_ADAPTER: HyperV Virtual Switch Per Adapter Network Usage

[PH_DEV_MON_HYPERV_NET_VIRTUAL_ADAPTER]:[phyMachIpAddr]=172.16.20.1 80,[phyMachName]=WIN-HH2MFBPMHMR,[hostIpAddr]=172.16.20.182,[hostNa me]=accelops-va-hyperv-4.3.1.1158,[vmName]=accelops-va-hyperv-4.3.1 .1158,[intfName]=adapter_e1eb0a1f-1b36-48fe-be79-fde20d335364–3157 5d2f-5085-45d3-905f-2f3e17342a81,[recvBitsPerSec]=64970.24,[recvPkt sPerSec]=20.86,[sentBitsPerSec]=124741.68,[sentPktsPerSec]=42.61,[t otalPktsPerSec]=20.86

PH_DEV_MON_HYPERV_STORAGE_VIRTUAL_STORAGE: HyperV Virtual Storage Usage

HyperV Disk I/O Warning

HyperV Disk I/O Critical

HyperV Guest Critical

HyperV Guest Hypervisor Run Time Percent Warning

HyperV Logical Processor Total Run Time Percent Critical

HyperV Logical Processor Total Run Time Percent Warning

HyperV Page fault Critical

HyperV Page fault Warning

HyperV Remainining Guest Memory Warning

Reports

Look in Analytics > Reports > Device > Server > HyperV

HyperV Configuration and Health

Top HyperV Guests By Virtual Processor Run Time Pct

Top HyperV Guests by Large Page Size Usage

Top HyperV Guests by Remote Physical Page Usage

Top HyperV Root Partitions By Virtual Processor Run Time Pct

Top HyperV Root Partitions by Large Page Size Usage

Top HyperV Servers By Logical Processor Run Time Pct

Top HyperV Servers by Disk Activity

Top HyperV Servers by Disk Latency

Top HyperV Servers by Large Page Size Usage

Top HyperV Servers by Memory Remaining for Guests

Top HyperV Servers by Remote Physical Page Usage

Configuration

AccelOps needs WMI credentials to get the HyperV performance metrics. Configure this following the guidelines described in Microsoft Windows Server Configuration.

Settings for Access Credentials

Configure WMI on AccelOps

 

VMware ESX Configuration

What is Discovered and Monitored

Configuration

Settings for Access Credentials

What is Discovered and Monitored

Protocol	Information discovered	Metrics collected	Used for
VMWare SDK	ESX Server and the Guest hosts running on that server. ESX host clusters. Hardware (CPU, Memory, Disk, network Interface) for all guests, OS vendor and version for all guests. Virtual switch for connecting guest hosts to network interfaces.	Both ESX level and guest host level performance metrics. Guest host level metrics include CPU/memory/disk utilization, CPU Run/Ready/Limited percent, memory swap in/out rate, free memory state, disk read/write rate/latency, network interface utilization, errors, bytes in/out. ESX level metrics include physical CPU utilization, ESX kernel disk read/writre latency  etc	Performance Monitoring
VMWare SDK		ESX logs include scenarios like ESX level login sucess/failure, configuration change, Guest host movement, account creation and modification	Availability, Change and Security Monitoring

Configuration

AccelOps discovers and monitors VMware ESX servers and guests over the the VMware SDK. Make sure that VMware Tools is installed on all the guests in your ESX deployment, and AccelOps will be able to obtain their IP addresses.

Settings for Access Credentials

Configuring VPN Gateways

AccelOps supports these VPN gateways for discovery and monitoring.

Cisco VPN 3000 Gateway Configuration

Juniper Networks SSL VPN Gateway Configuration

Microsoft PPTP VPN Gateway Configuration PulseSecure Configuration

Cisco VPN 3000 Gateway Configuration

What is Discovered and Monitored

Event Types

Rules

Reports

Configuration

SNMP

Syslog

Sample Parsed Cisco VPN 3000 Syslog Messages  Settings for Access Credentials

What is Discovered and Monitored

Protocol	Information Discovered	Metrics Collected	Used For
SNMP
Syslog

Event Types

In CMDB > Event Types, search for “cisco_vpn” in the Name and Device Type column to see the event types associated with this device.

Rules

There are no predefined rules for this device.

Reports

There are no predefined reports for this device.

Configuration

SNMP

1. Log in to your device with administrative credentials.
2. Go to Configuration > System > Management Protocols > SNMP Communities.
3. Click Add.
4. For Community String, enter public.

Syslog

1. Go to Configuration > System > Events > Syslog Servers.
2. Click Add.
3. Enter the IP address of your AccelOps virtual appliance for Syslog Server.
4. Add a syslog server with AccelOps IP address

Sample Parsed Cisco VPN 3000 Syslog Messages

Settings for Access Credentials

 

Configuring Storage

AccelOps supports these storage devices for discovery and monitoring.

Brocade SAN Switch Configuration

Dell Compellant Storage Configuration

Dell EqualLogic Storage Configuration

EMC Clarion Storage Configuration

EMC Isilon Storage Configuration

EMC VNX Storage Configuration

NetApp Filer Storage Configuration

Nimble Storage Configuration

Nutanix Storage Configuration

 

 

Brocade SAN Switch Configuration

What is Discovered and Monitored

Protocol	Information Discovered	Metrics collected	Used for
SNMP	Host name, Operating system version, Hardware model, Serial number, Network interfaces, Physical Disks, Components	Uptime, Network Interface metrics (utilization, bytes sent and received, packets sent and received, errors, discards and queue lengths)	Availability and Performance Monitoring
SNMP		Hardware Status: Fan, Power Supply, Temperature (AccelOps Event Type: PH_DEV_MON_HW_STATUS)	Availability Monitoring

Event Types

In CMDB > Event Types, search for “brocade” in the Description column to see the event types associated with this device.

Rules

There are no predefined rules for this device.

Reports

There are no predefined reports for this device.

Configuration

SNMP

AccelOps uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation, then follow the instructions in Setting Access Credentials for Device Discovery to establish the connection between the device and AccelOps, and to initiate the device discovery process.

Settings for Access Credentials

 

Dell Compellant Storage Configuration

What is Discovered and Monitored

Event Types

Rules

Availability

Performance (Fixed threshold) Reports

Configuration

SNMP

Settings for Access Credentials

What is Discovered and Monitored

Protocol	Information Discovered	Metrics collected	Used for
SNMP	Host name, Operating system version, Hardware model, Serial number, Network interfaces, Physical Disks, Components	Uptime, Network Interface metrics (utilization, bytes sent and received, packets sent and received, errors, discards and queue lengths)	Availability and Performance Monitoring
SNMP		Hardware component health: Power, Temperature, Fan	Availability Monitoring
SNMP		Volume Utilization	Performance Monitoring

Event Types

Ping Monitoring: PH_DEV_MON_PING_STAT

Interface Utilization: PH_DEV_MON_NET_INTF_UTIL

Hardware Status: PH_DEV_MON_HW_STATUS

Disk Utilization: PH_DEV_MON_DISK_UTIL

Rules

Availability

Storage Hardware Warning

Storage Hardware Critical

Performance (Fixed threshold)

NFS Disk space Warning

NFS Disk Space Critical

Reports

Dell Compellent Hardware Status

Top Dell Compellent Devices By Disk Space Util

Top Dell Compellent Devices By Disk Space Util (Detailed)

Top Dell Compellent modules by fan speed

Top Dell Compellent modules by temperature

Top Dell Compellent modules by voltage

Configuration

SNMP

AccelOps uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation, then follow the instructions in Setting Access Credentials for Device Discovery to establish the connection between the device and AccelOps, and to initiate the device discovery process.

Settings for Access Credentials

 

Dell EqualLogic Storage Configuration

What is Discovered and Monitored

Protocol	Information Discovered	Metrics collected	Used for
SNMP	Host name, Operating system version, Hardware model, Serial number, Network interfaces, Physical Disks, Components	Uptime, Network Interface metrics (utilization, bytes sent and received, packets sent and received, errors, discards and queue lengths)	Availability and Performance Monitoring
SNMP		Hardware component health: Component name (Disk, Power supply, Temperature, Fan, RAID health), Component status, Host spare ready disk count Overall Disk health metrics: Total disk count, Active disk count, Failed disk count, Spare disk count	Availability Monitoring
SNMP		Connection metrics: Connection Count, Read request rate (IOPS), Write request rate (IOPS), Read latency, Write latency, Read volume (KBps), Write volume (KBps) Disk performance metrics: Disk Name, Disk I/O Utilization, Disk I/O Queue, Read volume (KBps), Write volume (KBps) Group level performance metrics: Total storage, Used storage, Reserved storage, Reserved used storage, Total volumes, Used volumes, Online volumes, Total snapshot, Used snapshot, Online snapshot	Performance Monitoring

Event Types

In CMDB > Event Types, search for “equallogic” in the Description column to see the event types associated with this device.

Rules

In Analytics > Rules, search for “equallogic” in the Name column to see the rules associated with this device.

Reports

In Analytics > Reports, search for “equallogic” in the Name column to see the reports associated with this device.

Configuration

SNMP

AccelOps uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation, then follow the instructions in Setting Access Credentials for Device Discovery to establish the connection between the device and AccelOps, and to initiate the device discovery process.

Settings for Access Credentials

 

EMC Clarion Storage Configuration

What is Discovered and Monitored

Protocol	Information Discovered	Metrics collected	Used for
NaviSecCLI	Host name, Operating system version, Hardware model, Serial number, Network interfaces* Installed Software, Storage Controller Ports Hardware components: Enclosures, Fan, Power Supply, Link Control Card, CPU, Disk RAID Groups and the assigned disks LUNs and LUN -> RAID Group mappings Storage Groups and memberships (Host, Port, LUN).	Processor utilization: SP Name, Read request rate (IOPS), Write request rate (IOPS), Read volume (KBps), Write volume (KBps), Read/Write request rate (IOPS), Read/Write volume (KBps) Port I/O: Port name, Read request rate (IOPS), Write request rate (IOPS), Read volume (KBps), Write volume (KBps), Read/Write request rate (IOPS), Read/Write volume (KBps) RAID Group I/O:  RAID Group id, RAID type, Total disk, Read request rate (IOPS), Write request rate (IOPS), Read volume (KBps), Write volume (KBps), Read/Write request rate (IOPS), Read/Write volume (KBps) LUN I/O: LUN name, LUN id, Total disk, Used disk, Free disk, Disk util, Read request rate (IOPS), Write request rate (IOPS), Read volume (KBps), Write volume (KBps), Read/Write request rate (IOPS), Read/Write volume (KBps) Host HBA Connectivity: Source IP, Source Name, Source WWN, Dest IP, Destination Name, SP Port Name, Storage Group, LUN Names, Login Status, Registration Status Host HBA Unregistered Host: Source IP, Source Name, Source WWN, Dest IP, Destination Name, SP Port Name Hardware component health: Component name (Disk, Power supply, LCC, Fan, Link, Port), Component status, Host spare ready disk count Overall Disk health:  Total disk count, Total disk size (MB), Active disk count, Failed disk count, Spare disk count	Availability and Performance Monitoring

Event Types

In CMDB > Event Types, search for “clarion” in the Name column to see the event types associated with this device.

Rules

There are no predefined rules for this device.

Reports

There are no predefined reports for this device.

Configuration

Installing the NaviSecCLI Library in AccelOps

Changing NaviSecCLI Credentials

If you change the NaviSecCLI credentials on your EMC Clarion device, the certificates may also be changed and naviseccli may prompt you to accept new certificates. This should only happen the first time after a certificate change, however, AccelOps discovery and performance monitoring will fail. You will need to run NaviSecCLI manually on each Supervisor and Worker in your deployment and accept the certificate, and then rediscover your EMC Clarion device for performance monitoring to resume.

Configuration of your EMC Clarion storage device involves installing EMC’s NaviSecCLI library in your AccelOps virtual appliance, and then setting the access credentials that the appliance will use to communicate with your device.

1. Log in to your AccelOps virtual appliance as root.
2. Copy the file NaviCLI-Linux-64-x86-versionxyz.rpm to the AccelOps directory.
3. Run rpm –Uvh NaviCLI-Linux-64-x86-versionxyz.rpm to install the rpm package.

 

4. Change the user role to the admin su – admin and make sure that the user can run the command naviseccli -h -User <user> -Password <pwd> -Scope global getall -sp from the directory /opt/phoenix/bin.
5. Make sure that the Navisphere Analyzer module is on.

If the module is off, performance metrics will not be available and discovery will fail. This log shows an example of  the module being turned off.

[admin@accelops ~]$ naviseccli -user admin -password admin*1 -scope

0 -h 192.168.1.100 getall -sp

Server IP Address:       192.168.1.100

Agent Rev:           7.32.26 (0.95)

SP Information

————–

Storage Processor:                  SP A

Storage Processor Network Name:     A-IMAGE

Storage Processor IP Address:       192.168.1.100

Storage Processor Subnet Mask:      255.255.255.0

Storage Processor Gateway Address:  192.168.1.254

Storage Processor IPv6 Mode:               Not Supported Management Port Settings:

Link Status:                        Link-Up

Current Speed:                      1000Mbps/full duplex

Requested Speed:                    Auto

Auto-Negotiate:                     YES

Capable Speeds:                     1000Mbps half/full duplex

10Mbps half/full duplex

100Mbps half/full duplex

Auto

System Fault LED:              OFF Statistics Logging:            OFF    <—– Note: performance statistics are not being collected                                       <—— so AccelOp can not pull stats and discovery will fail.                                       <—— See how to turn ON Statistics Logging below.

SP Read Cache State            Enabled

SP Write Cache State           Enabled ….

6. If the Navisphere Analyzer module is off, turn it on with the setstats -on

 

7. Once this command runs successfully, you are ready to set the access credentials for your device in AccelOps and initiate the discovery process.

Settings for Access Credentials

EMC Isilon Storage Configuration

What is Discovered and Monitored

Protocol	Information Discovered	Metrics collected	Used for
SNMP	Host name, Operating system version, Hardware model, Serial number, Network interfaces, Physical Disks, Components	Uptime, Network Interface metrics (utilization, bytes sent and received, packets sent and received, errors, discards and queue lengths)	Availability and Performance Monitoring
SNMP		Hardware component health: Component name (Disk, Power supply, Temperature, Fan), Component status (AO event type: PH_DEV_MON_HW_STATUS) Environmental: Temperature (AO event type: PH_DEV_MON_HW_TEMP), Voltage readings (AO event type: PH_DEV_MON_HW_VOLTAGE) Cluster membership change: (AO event type: PH_DEV_MON_ISILON_CLUSTER_MEMBERSHIP_CHANGE)	Availability Monitoring
SNMP		Node health and performance: Overall health, Overall CPU, User CPU, System CPU, Read Bytes/sec, Write Bytes/sec, Network Read Bytes/sec, Network Write Bytes/sec (AO event type: PH_DEV_MON_ISILON_NODE_HEALTH) Cluster health and performance: Cluster name, Cluster health, Online nodes, Offline nodes, Total Space, Used Space, Available Space, Overall CPU, System CPU, User CPU,  Read Bytes/sec, Write Bytes/sec, Network Read Bytes/sec, Network Write Bytes/sec (AO event type: PH_DEV_MON_ISILON_CLUSTER_HEALTH) Cluster Snapshot: Snapshot name, alias, path, creation date, expiry date, size (AO event type: PH_DEV_MON_ISILON_CLUSTER_SNAPSHOT) Storage Quota metrics:  Cluster name, Soft Threshold, Hard Threshold, Advisable threshold, Usage, Usage with Overhead, Inode usage, Grace period (AO event type: PH_DEV_MON_ISILON_NODE_CLUSTER_QUOTA) Disk performance metrics: Operations/sec, Read Bytes/sec, Write Bytes/sec (AO event type: PH_DEV_MON_ISILON_NODE_DISK_PERF) Protocol Performance: Protocol name, Latency: current, average,  min latency and max, Operations/sec, Read Bytes: current, average, min, max, standard deviation, Write Bytes: current, average, min, max, standard deviation (AO event type: PH_DEV_MON_ISILON_NODE_PROTO_PERF)	Performance Monitoring

Event Types

In CMDB > Event Types, search for “isilon” in the Description column to see the event types associated with this device.

Rules

In Analytics > Rules, search for “isilon” in the Name column to see the rules associated with this device.

Reports

In Analytics > Reports, search for “isilon” in the Name column to see the reports associated with this device.

Configuration

SNMP

AccelOps uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation, then follow the instructions in Setting Access Credentials for Device Discovery to establish the connection between the device and AccelOps, and to initiate the device discovery process.

Settings for Access Credentials

EMC VNX Storage Configuration

Configuring EMC VNX

Like EMC Clarion, AccelOps uses Navisec CLI to discover the device and to collect performance metrics. The only difference is that a slightly different command and XML formatted output is used.

Protocol	Information Discovered	Metrics collected	Used for
Navisec CLI	Host name, Operating system version, Hardware model, Serial number, Network interfaces* Installed Software, Storage Controller Ports Hardware components: Enclosures, Fan, Power Supply, Link Control Card, CPU, Disk Storage Pools, RAID Groups and the assigned disks LUNs and LUN -> Storage Pool and RAID Group mappings Storage Groups and memberships (Host, Port, LUN)	Processor utilization: SP Name, Read request rate (IOPS), Write request rate (IOPS), Read volume (KBps), Write volume (KBps), Read/Write request rate (IOPS), Read/Write volume (KBps) Storage Pool I/O:  RAID Group id, RAID type, Total disk, Read request rate (IOPS), Write request rate (IOPS), Read volume (KBps), Write volume (KBps), Read/Write request rate (IOPS), Read/Write volume (KBps) LUN I/O: LUN name, LUN id, Total disk, Used disk, Free disk, Disk util, Read request rate (IOPS), Write request rate (IOPS), Read volume (KBps), Write volume (KBps), Read/Write request rate (IOPS), Read/Write volume (KBps) Host HBA Connectivity: Source IP, Source Name, Source WWN, Dest IP, Destination Name, SP Port Name, Storage Group, LUN Names, Login Status, Registration Status Host HBA Unregistered Host: Source IP, Source Name, Source WWN, Dest IP, Destination Name, SP Port Name Hardware component health: Component name (Disk, Power supply, LCC, Fan, Link, Port), Component status, Host spare ready disk count Overall Disk health:  Total disk count, Total disk size (MB), Active disk count, Failed disk count, Spare disk count	Availability and Performance Monitoring

Configuration

 

Installing the NaviSecCLI Library in AccelOps

Changing NaviSecCLI Credentials

If you change the NaviSecCLI credentials on your EMC Clarion device, the certificates may also be changed and naviseccli may prompt you to accept new certificates. This should only happen the first time after a certificate change, however, AccelOps discovery and performance monitoring will fail. You will need to run NaviSecCLI manually on each Supervisor and Worker in your deployment and accept the certificate, and then rediscover your EMC Clarion device for performance monitoring to resume. 

Configuration of your EMC Clarion storage device involves installing EMC’s NaviSecCLI library in your AccelOps virtual appliance, and then setting the access credentials that the appliance will use to communicate with your device.

1. Log in to your AccelOps virtual appliance as root.
2. Copy the file NaviCLI-Linux-64-x86-versionxyz.rpm to the AccelOps directory.
3. Run rpm –Uvh NaviCLI-Linux-64-x86-versionxyz.rpm to install the rpm package.

 

4. Change the user role to the admin su – admin and make sure that the user can run the command naviseccli -h -User <user> -Password <pwd> -Scope global getall -sp from the directory /opt/phoenix/bin.
5. Make sure that the Navisphere Analyzer module is on.

If the module is off, performance metrics will not be available and discovery will fail. This log shows an example of  the module being turned off.

[admin@accelops ~]$ naviseccli -user admin -password admin*1 -scope

0 -h 192.168.1.100 getall -sp

Server IP Address:       192.168.1.100

Agent Rev:           7.32.26 (0.95)

SP Information

————–

Storage Processor:                  SP A

Storage Processor Network Name:     A-IMAGE

Storage Processor IP Address:       192.168.1.100

Storage Processor Subnet Mask:      255.255.255.0

Storage Processor Gateway Address:  192.168.1.254

Storage Processor IPv6 Mode:               Not Supported Management Port Settings:

Link Status:                        Link-Up

Current Speed:                      1000Mbps/full duplex

Requested Speed:                    Auto

Auto-Negotiate:                     YES

Capable Speeds:                     1000Mbps half/full duplex

                                    10Mbps half/full duplex

                                    100Mbps half/full duplex

                                    Auto

System Fault LED:              OFF Statistics Logging:            OFF    <—– Note: performance statistics are not being collected                                       <—— so AccelOp can not pull stats and discovery will fail.                                       <—— See how to turn ON Statistics Logging below.

SP Read Cache State            Enabled

SP Write Cache State           Enabled ….

6. If the Navisphere Analyzer module is off, turn it on with the setstats -on

 

7. Once this command runs successfully, you are ready to set the access credentials for your device in AccelOps and initiate the discovery process.

Settings for Access Credentials

NetApp Filer Storage Configuration

What is Discovered and Monitored

Protocol	Information Discovered	Metrics collected	Used for
SNMP	Host name, Operating system version, Hardware model, Serial number, Network interfaces, Logical volumes, Physical Disks	Uptime, CPU utilization, Network Interface metrics (utilization, bytes sent and received, packets sent and received, errors, discards and queue lengths), Logical Disk Volume utilization	Availability and Performance Monitoring
SNMP		Hardware component health: Component name (Battery, Disk, Power supply, Temperature, Fan), Component status, Failed power supply count, Failed Fan Count Overall Disk health metrics: Total disk count, Active disk count, Failed disk count, Spare disk count, Reconstructing disk count, Scrubbing disk count, Add spare disk count	Availability Monitoring
SNMP		NFS metrics: Cache age, CIFS request rate (IOPS), NFS request rate (IOPS), Disk read rate (IOPS), Disk write rate (IOPS), Network Sent rate (Kbps), Network received rate (Kbps), RPC Bad calls, NFS Bad calls, CIFS Bad calls	Performance Monitoring
ONTAP API		Detailed NFS V3 metrics: Read request rate (IOPS), Write request rate (IOPS), Read latency, Write latency, Read volume (KBps), Write volume (KBps) Detailed NFS V4 metrics: Read request rate (IOPS), Write request rate (IOPS), Read latency, Write latency, Read volume (KBps), Write volume (KBps) Detailed CIFS metrics: Total Read/Write rate (IOPS), Latency Detailed ISCSI metrics: Read request rate (IOPS), Write request rate (IOPS), Read latency, Write latency, Read volume (KBps), Write volume (KBps) Detailed FCP metrics: Read request rate (IOPS), Write request rate (IOPS), Read latency, Write latency, Read volume (KBps), Write volume (KBps) Detailed LUN metrics: LUN Name, Read request rate (IOPS), Write request rate (IOPS), Read/Write latency, Read volume (KBps), Write volume (KBps), Disk queue full Detailed Aggregate metrics: Aggregate name, Read request rate (IOPS), Write request rate (IOPS), Transfer rate, CP Read rate Detailed Volume metrics: Volume Name, Disk Read request rate (IOPS), Disk Write request rate (IOPS), Disk read latency, Disk write latency, NFS Read request rate (IOPS), NFS Write request rate (IOPS), NFS Read latency, NFS Write latency, CIFS Read request rate (IOPS), CIFS Write request rate (IOPS), CIFS Read latency, CIFS Write latency, SAN Read request rate (IOPS), SAN Write request rate (IOPS), SAN Read latency, SAN Write latency Detailed Disk performance metrics: Disk Name, Disk Utilization, Read request rate (IOPS), Write request rate (IOPS), Read latency, Write latency, Transfer operations rate	Performance Monitoring

Event Types

In CMDB > Event Types, search for “netapp” in the Device Type column to see the event types associated with this device.

Rules

In Analytics > Rules, search for “netapp” in the Name column to see the rules associated with this device.

Reports

In Analytics > Reports, search for “netapp” in the Name column to see the reports associated with this device.

Configuration

SNMP

1. Log in to your NetApp device with administrative privileges.
2. Go to SNMP > Configure.
3. For SNMP Enabled, select Yes.
4. Under Communities, create a public community with Read-Only
5. Click Apply.

Settings for Access Credentials

 

Nimble Storage Configuration

What is Discovered and Monitored

Protocol	Information Discovered	Metrics collected	Used for
SNMP	Host name, Operating system version, Hardware model, Serial number, Network interfaces, Physical Disks, Components	Uptime, Network Interface metrics (utilization, bytes sent and received, packets sent and received, errors, discards and queue lengths)	Availability and Performance Monitoring
SNMP		Storage Disk Utilization: Disk name, Total Disk, Used Disk, Free Disk, Disk Utilization	Availability Monitoring
SNMP		Storage Performance metrics: Read rate (IOPS), Sequential Read Rate (IOPS), Write rate (IOPS),  Sequential Write Rate (IOPS), Read latency, Write latency, Read volume (KBps), Sequential Read volume (KBps), Sequential Write volume (KBps), Used Volume (MB), Used Snapshot (MB), Non-Sequential Cache Hit Ratio (AccelOps Event Type: PH_DEV_MON_NIMBLE_GLOBAL_STAT)	Performance Monitoring

Event Types

In CMDB > Event Types, search for “nimble” in the Description column to see the event types associated with this device.

Rules

There are no predefined rules for this device.

Reports

There are no predefined reports for this device.

Configuration

SNMP

AccelOps uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation, then follow the instructions in Setting Access Credentials for Device Discovery to establish the connection between the device and AccelOps, and to initiate the device discovery process.

Settings for Access Credentials

Nutanix Storage Configuration

What is Discovered and Monitored

Event Types

Rules

Reports

Configuration

SNMP

Settings for Access Credentials

What is Discovered and Monitored

Protocol	Information Discovered	Metrics collected	Used for
SNMP	Host name, Operating system version, Hardware model, Serial number, Network interfaces, Physical Disks, Components	Uptime, Process count, CPU utilization, Real and virtual memory utilization, Disk utilization, Process CPU/Memory utilization, Network Interface metrics	Availability and Performance Monitoring
SNMP		Disk Status: Cluster, Controller VM, Disk id, Disk serial, Disk utilization, Total Disk, Used Disk, Free Disk Disk Temp: Disk Id, disk serial, Controller VM, temperature Cluster Status: Cluster, Cluster version, storage utilization, total storage, used storage, IOPS, latency Service Status: Cluster, Controller VM, Cluster VM Status, Zeus Status, Stargate Status	Availability Monitoring
SNMP		Storage Pool Info: Cluster, storage pool name, storage utilization, total storage, used storage, IOPS, latency Container Info: Cluster, Container name, storage utilization, total storage, used storage, IOPS, latency	Performance Monitoring

 

Currently there are no system rules defined.

Reports

Nutanix Cluster Disk Usage

Nutanix Cluster Performance

Nutanix Cluster Service Status

Nutanix Cluster Storage Usage

Nutanix Container Performance

Nutanix Container Storage Usage

Nutanix Storage Pool Performance

Nutanix Storage Pool Usage

Configuration

SNMP

AccelOps uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation, then follow the instructions in Setting Access Credentials for Device Discovery to establish the connection between the device and AccelOps, and to initiate the device discovery process.

Settings for Access Credentials

 

Configuring Servers

AccelOps supports these servers for discovery and monitoring.

HP UX Server Configuration

IBM AIX Server Configuration

IBM OS400 Server Configuration

Linux Server Configuration

Microsoft Windows Server Configuration Sun Solaris Server Configuration

HP UX Server Configuration

What is Discovered and Monitored

Protocol	Information Discovered	Metrics collected	Used for
SNMP	Host name, generic hardware (cpu, memory, network interface, disk), software (operating system version, installed software, running processes, open TCP/UDP ports)	Uptime, CPU/Memory/Network Interface/Disk space utilization, Network Interface Errors, Running Process Count, Installed Software change, Running process CPU/memory utilization, Running process start/stop, TCP/UDP port up/down	Performance Monitoring
SSH	Hardware (cpu details, memory)	Memory paging rate, Disk I/O utilization	Performance Monitoring
Syslog	Vendor, Model	General logs including Authentication Success/Failure, Privileged logons, User/Group Modification	Security Monitoring and Compliance

Event Types

In CMDB > Event Types, search for “hp_ux” in the Description column to see the event types associated with this device.

Rules

There are no predefined rules for this device.

Reports

In Analytics > Reports, search for “hp_ux” in the Name column to see the reports associated with this device.

Configuration

SNMP v1 and v2c

1. Make sure that snmp libraries are installed. Accelops has been tested to work with the default HP UX package that comes with snmpd preinstalled.
2. Start snmpd deamon with the default configuration by issuing /etc/init.d/snmpd restart.
3. Make sure that snmpd is running.

SSH

1. Make sure that the vmstat and iostat commands are available. If not, install these libraries.
2. Create a user account that can issue vmstat and iostat AccelOps will use that user account to login to the server.

Settings for Access Credentials

IBM AIX Server Configuration

SSH

What is Discovered and Monitored

Protocol	Information Discovered	Metrics collected	Used for
SNMP	Host name, generic hardware (cpu, memory, network interface, disk), software (operating system version, installed software, running processes, open TCP/UDP ports)	Uptime, CPU/Memory/Network Interface/Disk space utilization, Network Interface Errors, Running Process Count, Installed Software change, Running process CPU/memory utilization, Running process start/stop, TCP/UDP port up/down	Performance Monitoring
SSH	Hardware (cpu details, memory)	Memory paging rate, Disk I/O utilization	Performance Monitoring
Syslog	Vendor, Model	General logs including Authentication Success/Failure, Privileged logons, User/Group Modification	Security Monitoring and Compliance

Event Types

In CMDB > Event Types, search for “ibm_aix” in the Device Type and Description column to see the event types associated with this device.

Rules

There are no predefined rules for this device.

Reports

There are no predefined reports for this device.

Configuration

SNMP v1 and v2c

1. Make sure that snmp libraries are installed. Accelops has been tested to work with the default AIX package that comes with snmpd preinstalled.
2. Start snmpd deamon with the default configuration by issuing /etc/init.d/snmpd restart.
3. Make sure that snmpd is running.

SSH

1. Make sure that the vmstat and iostat commands are available. If not, install these libraries.
2. Create a user account that can issue vmstat and iostat AccelOps will use that user account to log in to the server.

Syslog

1. Makes sure that /etc/syslog.conf contains a *.* entry and points to a log file.

. @<SENSORIPADDRESS>

 

2. Refresh syslogd.

# refresh -s syslogd

Settings for Access Credentials

IBM OS400 Server Configuration

What is Discovered and Monitored

Event Types

Rules

Reports

Configuration

Syslog

Sample Parsed IBM OS400 Syslog Messages

What is Discovered and Monitored

Protocol	Information Discovered	Metrics collected	Used for
Syslog		General logs including Authentication Success/Failure, Privileged logons, User/Group Modification	Security Monitoring and Compliance

Event Types

In CMDB > Event Types, search for “os400” in the Device Type column to see the event types associated with this device.

Rules

There are no predefined rules for this device.

Reports

There are no predefined reports for this device.

Configuration

Syslog

AccelOps parses IBM OS 400 logs received via the PowerTech Agent as described here. The PowerTech agent sends syslogs to AccelOps. Sample Parsed IBM OS400 Syslog Messages

Mar 18 17:49:36 ROBINSON CEF :0|PowerTech|Interact|2.0|UNA0603|A File

Server transaction was allowed for user BRENDAN.|2| src =10.0.1.60 dst

=10.0.1.180 msg=TYPE:JRN CLS :AUD JJOB :QPWFSERVSO JUSER :BRENDAN JNBR

:025355 PGM :PLKR108JEL OBJECT : LIBRARY : MEMBER: DETAIL: OB BRENDAN

*FILESRV CRTSTRMFIL QPWFSERVSO LNS0811 000112 00023

/home/BRENDAN/subfolder

Mar 18 17:48:36 ROBINSON CEF :0|PowerTech|Interact|2.0|UNA0604|A File

Server transaction was allowed for user BRENDAN.|2| src =10.0.1.60 dst

=10.0.1.180 msg=TYPE:JRN CLS :AUD JJOB :QPWFSERVSO JUSER :BRENDAN JNBR

:025355 PGM :PLKR108JEL OBJECT : LIBRARY : MEMBER: DETAIL: OB BRENDAN

*FILESRV DLTSTRMFIL QPWFSERVSO LNS0811 000112 00025

/home/BRENDAN/BoardReport

Mar 18 17:53:00 ROBINSON CEF :0|PowerTech|Interact|2.0|UNA0703|A System i FTP Client transaction was allowed for user BRENDAN.|3| src =10.0.1.180 dst =10.0.1.180 msg=TYPE:JRN CLS :AUD JJOB :QTFTP00149 JUSER :BRENDAN JNBR :029256 PGM :PLKR108JEL OBJECT : LIBRARY : MEMBER: DETAIL:

ST BRENDAN *FTPCLIENT DELETEFILE QTFTP00149 LNS0811 000112 00033

/QSYS.LIB/PAYROLL.LIB/NEVADA.FILE

Linux Server Configuration

What is Discovered and Monitored

Configuration

Settings for Access Credentials

What is Discovered and Monitored

Protocol	Information Discovered	Metrics collected	Used for
SNMP	Host name, generic hardware (cpu, memory, network interface, disk), software (operating system version, installed software, running processes, open TCP/UDP ports)	Uptime, CPU/Memory/Network Interface/Disk space utilization, Swap space utilization, Network Interface Errors, Running Process Count, Installed Software change, Running process CPU/memory utilization, Running process start/stop, TCP/UDP port up/down	Performance Monitoring
SSH	OS type, Hardware (cpu details, memory)	Memory paging rate, Disk I/O utilization	Performance Monitoring
Syslog	Vendor, Model	General logs including Authentication Success/Failure, Privileged logons, User/Group Modification	Security Monitoring and Compliance
Syslog (via AccelOps LinuxFileMon agent)		File or directory change: User, Type of change, directory or file name	Security Monitoring and Compliance

Event Types

In CMDB > Event Types, search for “linux” in the Description column to see the event types associated with this device.

Rules

In Analytics > Rules, search for “linux” in the Name column to see the rules associated with this device.

Reports

In Analytics > Reports, search for “linux” in the Name column to see the reports associated with this device.

Configuration

SNMP v1 and v2c

1. Make sure that snmp libraries are installed. AccelOps has been tested to work with net-snmp libraries.
2. Log in to your server with administrative access.
3. Make these modifications to the /etc/snmp/snmpd.conf file:
   1. Define the community string for AccelOps usage and permit snmp access from AccelOps IP.
   2. Allow AccelOps read-only access to the mib-2
   3. Allow Accelops read-only access to the enterprise MIB: UCD-SNMP-MIB.
   4. Open up the entire tree for read-only view.
4. Reduce the logging level to avoid per connection logging which may cause resource issues (see here for more details)
   1. Edit /etc/sysconfig/snmpd (on RedHat/CentOS) or /etc/defaults/snmpd (on Debian/Ubuntu)
   2. Look for the line that passes the command line options to snmpd. On RedHat Enterprise 6 this looks like

 

1. Change the range from 0-6 to 0-5

 

 

5. Restart the snmpd deamon by issuing /etc/init.d/snmpd restart.
6. Add the snmpd daemon to start from boot by issuing chkconfig snmpd on.
7. Make sure that snmpd is running.

SNMP v3

Configuring rwcommunity/rocommunity or com2sec

1. Log in to your Linux server.
2. Stop SNMP.
3. Use vi to edit the /etc/snmp/snmpd.conf

Before you edit this file, make sure you have created a backup, as it is very important to have a valid version of this file so the snap daemon has correct credentials.

4. At the end of the file, add this line, substituting your username for snmpv3user and removing the <> tags: rouser <snmpv3user>.
5. Save the file.
6. Use vi to edit the /var/lib/snmp/snmpd.conf

Before you edit this file, make sure you have created a backup, as it is very important to have a valid version of this file for the SNMP daemon to function correctly.

7. At the end of the file, add this line, entering the username you entered in step 4, and then passwords for that user for MD5 and DES.

If you want to use SHA or AES, then add those credentials as well.

8. Save the file.
9. Reduce the logging level to avoid per connection logging which may cause resource issues (see here for more details)
   1. Edit /etc/sysconfig/snmpd (on RedHat/CentOS) or /etc/defaults/snmpd (on Debian/Ubuntu)
   2. Look for the line that passes the command line options to snmpd. On RedHat Enterprise 6 this looks like

 

1. Change the range from 0-6 to 0-5

 

 

10. Restart SNMP.
11. View the contents of the /var/lib/snmp/snmpd.conf

If this works, restarting snmpd will have no errors, also the entry that you created under /var/lib/snmp/snmpd.conf will be removed

12. Run snmpwalk -v 3 -u <snmpv3user> -l authpriv <IP> -a MD5 -A <snmpv3md5password> -x DES -X <snmpv3des password> .

You will see your snmpwalk if this works, if there are any errors after this please reference net-snmp for further instructions.

Configuring net-smnp-devel

If you havenet-snmp-devel on your Linux server/client, follow these steps to configure SNMP v3.

1. Stop SNMP.
2. Run net-snmp-config –create-snmpv3-user -ro -A <MD5passwordhere> -X <DESpasswordhere> -x DES -a MD5

<SNMPUSERNAME>.

3. Restart SNMP.
4. Test by following step 10 from above.

SSH

1. Make sure that the vmstat and iostat commands are available. If not, install these libraries.
2. Create a user account that can issue vmstat and iostat AccelOps will use that user account to log in to the server.

Syslog

AccelOps uses the LinuxFileMon monitoring agent to detect user activity and create syslogs. When a change as defined in the configuration file is detected, the agent gets the user information from the Audit module and sends a syslog to AccelOps. You will need to install the agent on your Linux server to send syslogs to AccelOps.

1. Log in to your server as root.
2. Install the audit service.

This is needed for obtaining user information. For more information about Linux audit files, see this blog post.

4. Copy the LinuxFileMon executable from the AccelOps /opt/phoenix/bin directory to any location on the server.

This is the agent that monitors the file changes.

5. Edit the LinuxFileMon configuration file conf as shown here.

The file should be in the same directory as the executable.

6. Start the LinuxFileMon agent.

Sample Parsed Linux Syslog Message

Settings for Access Credentials

Microsoft Windows Server Configuration

What is Discovered and Monitored

Configuration

Setting Access Credentials

What is Discovered and Monitored

Metrics in bold are unique to Microsoft Windows Server monitoring.

Installed Software Monitored via SNMP

Although information about installed software is available via both SNMP and WMI, AccelOps uses SNMP to obtain installed software information to avoid an issue in Microsoft’s WMI implementation for the Win32_Product WMI class – see Microsoft KB 974524 article for more information. Because of this bug, WMI calls to the Win32_Product class create many unnecessary Windows event log messages indicating that the Windows Installer has reconfigured all installed applications.

Winexe execution and its effect

AccelOps uses the winexe command during discovery and monitoring of Windows servers for the following purposes

1. Windows domain controller diagnostic (dcdiag) and replication monitoring (repadmin /replsummary)
2. HyperV Performance Monitoring
3. Windows Custom performance monitoring – to run a command (e.g. powershell) remotely on windows systems Note that running the winexe command remotely will automatically install the winexesvc command on the windows server.

Protocol	Information Discovered	Metrics collected	Used for
SNMP	Host name, generic hardware (cpu, memory, network interface, disk), software (operating system version, i nstalled software, running processes, open TCP/UDP ports)	Uptime, Overall CPU/Memory/Network Interface/Disk space utilization, Network Interface Errors, Running Process Count, Installed Software change, Running process CPU/memory utilization, Running process start/stop, TCP/UDP port up/down,	Performance Monitoring
SNMP	vendor specific server hardware (hardware model, hardware serial number, fans, power supply, disk, raid battery). Currently supported vendors include HP and Dell	Hardware module status – fan, power supply, thermal status, battery, disk, memory . Currently supported vendors include HP and Dell
WMI	Win32_ComputerSystem: Host name, OS Win32_WindowsProductActivation: OS Serial Number Win32_OperatingSystem: Memory, Uptime Win32_BIOS: Bios Win32_Processor: CPU Win32_LogicalDisk: Disk info Win32_NetworkAdapterConfiguration: network interface Win32_Service: Services Win32_Process: Running processes Win32_QuickFixEngineering: Installed Patches	Win32_OperatingSystem: Uptime Win32_PerfRawData_PerfOS_Processor: Detailed CPU utilization Win32_PerfRawData_PerfOS_Memory: Memory utilization, paging/swapping metrics Win32_LogicalDisk: Disk space utilization Win32_PerfRawData_PerfOS_PagingFile: Paging file utilization Win32_PerfRawData_PerfDisk_LogicalDisk: Disk I/O metrics Win32_PerfRawData_Tcpip_NetworkInterface: Network Interface utilization Win32_Service: Running process uptime, start/stop status Win32_Process, Win32_PerfRawData_PerfProc_Process: Process CPU/memory/I/O utilization	Performance Monitoring
WMI		Security, Application and System Event Logs  including logon, file/folder edits, network traffic (Win32_NTLogEvent)	Security and Compliance
Snare agent		Security, Application and System Event Logs  including logon, file/folder edits, network traffic (Win32_NTLogEvent)	Security and Compliance
Correlog agent		Security, Application and System Event Logs ncluding logon, file/folder edits, network traffic (Win32_NTLogEvent)	Security and Compliance
AccelOps Agent		Security, Application and System Event Logs, DNS, DHCP, IIS, DFS logs, Custom log files, File Integrity Monitoring, Registry Change Monitoring, Installed Software Change Monitoring, WMI and Powershell output monitoring	Security and Compliance

Supported Operating Systems

Windows Server 2003 Server

Windows Server 2008

Windows Server 2008 R2

Windows Server 2012

Windows Server 2012 R2

Windows Server 2016

Event Types

In CMDB > Event Types, search for “windows server” in the Description column to see the event types associated with this application or device.

Rules

In Analytics > Rules, search for “windows server”in the Name column to see the rules associated with this application or device.

Reports

In Analytics > Reports, search for “windows server” in the Name column to see the reports associated with this application or device.

Configuration

SNMP

Enabling SNMP on Windows Server 2003

SNMP is typically enabled by default on Windows Server 2003, but you will still need to add AccelOps to the hosts that are authorized to accept SNMP packets. First you need to make sure that the SNMP Management tool has been enabled for your device.

1. In the Start menu, go to Administrative Tools > Services.
2. Go to Control Panel > Add or Remove Programs.
3. Click Add/Remove Windows Components.
4. Select Management and Monitoring Tools and click Details.

Make sure that Simple Network Management Tool is selected.

If it isn’t selected, select it, and then click Next to install.

5. Go to Start > Administrative Tools > Services.
6. Select and open SNMP Service.
7. Click the Security
8. Select Send authentication trap.
9. Under Accepted communities, make sure there is an entry for public that is set to read-only.
10. Select Accept SNMP packets from these hosts.
11. Click
12. Enter the IP address for your AccelOps virtual appliance that will access your device over SNMP.
13. Click Add.
14. Click Apply.
15. Under SNMP Service, click Restart service.

Enabling SNMP on Windows 7 or Windows Server 2008 R2

SNMP is typically enabled by default on Windows Server 2008, but you will still need to add AccelOps to the hosts that are authorized to accept SNMP packets. First you should check that SNMP Services have been enabled for your server.

1. Log in to the Windows 2008 Server where you want to enable SNMP as an administrator.
2. In the Start menu, select Control Panel.
3. Under Programs, click Turn Windows features on/off.
4. Under Features, see if SNMP Services is installed.

If not, click Add Feature, then select SMNP Service and click Next to install the service.

5. In the Server Manager window, go to Services > SNMP Services.
6. Select and open SNMP Service.
7. Click the Security
8. Select Send authentication trap.
9. Under Accepted communities, make sure there is an entry for public that is set to read-only.
10. Select Accept SNMP packets from these hosts.
11. Click
12. Enter the IP address for your AccelOps virtual appliance that will access your device over SNMP.
13. Click Add.
14. Click Apply.
15. Under SNMP Service, click Restart service.

WMI

Configuring WMI on your device so AccelOps can discover and monitor it requires you to create a user who has access to WMI objects on the device. There are two ways to do this:

Creating a Generic User Who Does Not Belong to the Local Administrator Group

Creating a User Who Belongs to the Domain Administrator Group

Creating a Generic User Who Does Not Belong to the Local Administrator Group

Log in to the machine you want to monitor with an administrator account.

Enable Remote WMI Requests by Adding a Monitoring Account to the Distributed COM Users Group and the Performance Monitor Users Group

1. Go to Start > Control Panel > Administrative Tools > Computer Management > Local Users and Groups.
2. Right-click Users and select Add User.
3. Create a user.
4. Go to Groups, right-click Distributed COM Users, and then click Add to group.
5. In the Distributed COM Users Properties dialog, click Add.
6. Find the user you created, and then click OK.

This is the account you will need to use in setting up the Performance Monitor Users group permissions.

7. Click OK in the Distributed COM Users Properties dialog, and then close the Computer Management dialog.
8. Repeat steps 4 through 7 for the Performance Monitor Users group. Enable DCOM Permissions for the Monitoring Account
9. Go to Start > Control Panel > Administrative Tools > Component Services.
10. Right-click My Computer, and then Properties.
11. Select the COM Security tab, and then under Access Permissions, click Edit Limits.
12. Make sure that the Distributed COM Users group and the Performance Monitor Users group have Local Access and Remote Access set to
13. Click OK.
14. Under Access Permissions, click EditDefault.
15. Make sure that the Distributed COM Users group and the Performance Monitor Users group have Local Access and Remote Access set to
16. Click
17. Under Launch and Activation Permissions, click Edit Limits.
18. Make sure that the Distributed COM Users group and the Performance Monitor Users group have the permissions Allow for Local Launch, Remote Launch, Local Activation, and Remote Activation.
19. Click OK.
20. Under Launch and Activation Permissions, click Edit Defaults.
21. Make sure that the Distributed COM Users group and the Performance Monitor Users group have the permissions Allow for Local Launch, Remote Launch, Local Activation, and Remote Activation.

See the sections on Enabling WMI Privileges and Allowing WMI Access through the Windows Firewall in the Domain Admin User set up instructions for the remaining steps to configure WMI.

Creating a User Who Belongs to the Domain Administrator Group

Log in to the Domain Controller with an administrator account.

Enable remote WMI requests by Adding a Monitoring Account to the Domain Administrators Group

1. Go to Start > Control Pane > Administrative Tools > Active Directory Users and Computers > Users.
2. Right-click Users and select Add User.
3. Create a user for the @accelops.com domain.

For example, YJTEST@accelops.com.

4. Go to Groups, right-click Administrators, and then click Add to Group.
5. In the Domain Admins Properties dialog, select the Members tab, and then click Add.
6. For Enter the object names to select, enter the user you created in step 3.
7. Click OK to close the Domain Admins Properties dialog.
8. Click OK.

Enable the Monitoring Account to Access the Monitored Device

Log in to the machine you want to monitor with an administrator account. Enable DCOM Permissions for the Monitoring Account

1. Go to Start > Control Panel > Administrative Tools > Component Services.
2. Right-click My Computer, and then select Properties.
3. Select the Com Security tab, and then under Access Permissions, click Edit Limits.
4. Find the user you created for the monitoring account, and make sure that user has the permission Allow for both Local Access and Re mote Access.
5. Click OK.
6. In the Com Security tab, under Access Permissions, click Edit Defaults.
7. Find the user you created for the monitoring account, and make sure that user has the permission Allow for both Local Access and Re mote Access.
8. Click OK.
9. In the Com Security tab, under Launch and Activation Permissions, click Edit Limits.
10. Find the user you created for the monitoring account, and make sure that user has the permission Allow for Local Launch, Remote Launch, Local Activation, and Remote Activation.
11. In the Com Security tab, under Launch and Activation Permissions, click Edit Defaults.
12. Find the user you created for the monitoring account, and make sure that user has the permission Allow for Local Launch, Remote Launch, Local Activation, and Remote Activation.

Enable Account Privileges in WMI

The monitoring account you created must have access to the namespace and sub-namespaces of the monitored device.

1. Go to Start > Control Panel > Administrative Tools > Computer Management > Services and Applications.
2. Select WMI Control, and then right-click and select Properties.
3. Select the Security
4. Expand the Root directory and select CIMV2.
5. Click Security.
6. Find the user you created for the monitoring account, and make sure that user has the permission Allow for Enable Account and Remot e Enable.
7. Click Advanced.
8. Select the user you created for the monitoring account, and then click Edit.
9. In the Apply onto menu, select This namespace and subnamespaces.
10. Click OK to close the Permission Entry for CIMV2 dialog.
11. Click OK to close the Advanced Security Settings for CIMV2 dialog.
12. In the left-hand navigation, under Services and Applications, select Services.
13. Select Windows Management Instrumentation, and then click Restart. Allow WMI to Connect Through the Windows Firewall (Windows 2003)
14. In the Start menu, select Run.
15. Run msc.
16. Go to Local Computer Policy > Computer Configuration > Administrative Templates > Network > Network Connections > Windows Firewall.
17. Select Domain Profile or Standard Profile depending on whether the device you want to monitor is in the domain or not.
18. Select Windows Firewall: Allow remote administration exception.
19. Run exe and enter these commands:
20. Restart the server.

Allow WMI through Windows Firewall (Windows Server 2008, 2012)

1. Go to Control Panel > Windows Firewall.
2. In the left-hand navigation, click Allow a program or feature through Windows Firewall.
3. Select Windows Management Instrumentation, and the click OK.

You can now configure AccelOps to communicate with your device by following the instructions in Setting Access Credentials for Device Discovery, and then initiate discovery of the device as described in the topics in Discovering Infrastructure.

Syslog

Use the Windows Agent Manager to configure sending syslogs from your device to AccelOps.

Sample Windows Server Syslog

Configuring the Security Audit Logging Policy

Because Windows generates a lot of security logs, you should specify the categories of events that you want logged and available for monitoring by AccelOps.

1. Log in the machine where you want to configure the policy as an administrator.
2. Go to Programs > Administrative Tools > Local Security Policy.
3. Expand Local Policies and select Audit Policy.

You will see the current security audit settings.

4. Selet a policy and edit the Local Security Settings for the events you want audited. Recommended settings are:

Policy	Description	Settings
Audit account logon events and Audit logon events	For auditing logon activity	Select Su ccess and Failure
Audit object access events	For auditing access to files and folders. There is an additional configuration requirement for specifying which files and folders, users and user actions will be audited. See the next section, C onfiguring the File Auditing Policy.	Select Su ccess and Failure
Audit system events	Includes system up/down messages

Configuring the File Auditing Policy

When you enable the policy to audit object access events, you also need to specify which files, folders, and user actions will be logged. You should be very specific with these settings, and set their scope to be as narrow as possible to avoid excessive logging. For this reason you should also specify system-level folders for auditing.

1. Log in the machine where you want to set the policy with administrator privileges. On a domain computer, a Domain administrator account is needed
2. Open Windows Explorer, select the file you want to set the auditing policy for, right-click on it, and select Properties.
3. In the Security tab, click Advanced.
4. Select the Auditing tab, and then click Add.

This button is labeled Edit in Windows 2008.

5. In the Select User or Group dialog, click Advanced, and then find and select the users whose access to this file you want to monitor.
6. Click OK when you are done adding users.
7. In the Permissions tab, set the permissions for each user you added.

The configuration is now complete. Windows will generate audit events when the users you specified take the actions specified on the files or fold ers for which you set the audit policies.

Setting Access Credentials

 

 

Sun Solaris Server Configuration

What is Discovered and Monitored

Protocol	Information Discovered	Metrics collected	Used for
SNMP	Host name, generic hardware (cpu, memory, network interface, disk), software (operating system version, installed software, running processes, open TCP/UDP ports)	Uptime, CPU/Memory/Network Interface/Disk space utilization, Network Interface Errors, Running Process Count, Installed Software change, Running process CPU/memory utilization, Running process start/stop, TCP/UDP port up/down	Performance Monitoring
SSH	Hardware (cpu details, memory)	Memory paging rate, Disk I/O utilization	Performance Monitoring
Syslog	Vendor, Model	General logs including Authentication Success/Failure, Privileged logons, User/Group Modification	Security Monitoring and Compliance

Event Types

In CMDB > Event Types, search for “solaris” in the Device Type and Description column to see the event types associated with this device.

Rules

There are no predefined rules for this device.

Reports

There are no predefined reports for this device.

Configuration

SNMP v1 and v2c

1. Check if the netsnmp package installed. Solaris has built-in snmp packages. If the netsnmp is not installed, use pkgadd cmd to install it.
2. Start snmnp with the default configuration.

SSH

1. Make sure that the vmstat and iostat commands are available. If not, install these libraries.
2. Create a user account that can issue vmstat and iostat AccelOps will use that user account to log in to the server.

Settings for Access Credentials