I am curious how folks out there show value in a SIEM solution to managers and/or customers?
↧
How do you show value in a SIEM?
↧
Best way to implement "group" alerts?
As the Network Admin I have NPM set up to alert me when just about any piece of equipment I care about goes down or runs into problems. That's working great. Now I have a need to alert OTHER people when a specific set of nodes go down, reboot, etc. What's the best way to accomplish this? I basically need: When a device in group1 has an alert, send an email to user1. When a device in group2 has an alert, send an email to user2, etc.
Any insights?
↧
↧
Request report for open unused ports in switch
Not sure if it hidden somewhere, but would really like to see a report when you drill down into a switch of the available unused ports. Preferably without having to turn on stat polling and logging. Just by going with status and last change greater then a defined period of say 3 months.
↧
Alert date and time display
Good morning,
Currently my system is showing alerts in this format, "dd/mm/yy". How can I change the settings so the alerts are shown in this format, "mm/dd/yy"?
Thank you.
↧
Retransmissions between nodes
Hi -- Is there a way in NPM to check if there were retransmissions between two servers? We see some in a trace from yesterday but I want to confirm in Solarwinds if possible.
I'm not sure where to look. I also have Netflow if the information is there. Can someone please point me in the right direction?
Thanks,
Aria
↧
↧
We are looking for Avaya users!
We are listening and you are asking for VoIP troubleshooting features for your Avaya call managers and devices.
We need your help - our engineering team is investigating technical possibilities and we would really need to see following information from you:
1) What Avaya devices do you use and what is their configuration (cluster details, network topology)
2) We would need to see at least few samples of your Call Detail Record files that contains information about each particular call (because of its structure).
3) We would like to take a SNMP walk of your Avaya call manager.
This information will really accelerate our development.
If you are willing to help us, please contact me directly (micha.hrncirik at solarwinds.com) and our engineers would schedule a short GoTo meeting with you.
I would like to say big thanks in advance to all who will participate on this.
thanks,
Michal
↧
How do i modify the url for Click here to acknowledge this alert
Currently we have two websites as the front end to our Orion environment. Which
is load balanced with f5.
When we have an alert to ack in an email
"Click here to acknowledge this alert"
it points to the default Orion server which users are not authenticated
against and their session is timed out.
how do i change the url in this link so that it points to our dns name that
is load balanced
↧
How to set topology data polling interval ?
Dear Sir or Madam -
In SAM version 5.2, a node property was introduced called "Poll for Topology Data Every [ ] minutes" (on the GUI).
I assume this property is only used if there is an associated poller for Layer 3 topology, correct ?
When adding a node via the SWIS interface from Powershell, how do we set the value of this property ?
I used SWQL and SQL Server Management Studio to look for the property in the Orion.Nodes, but I cannot find it.
Thank you.
James Troy
↧
SNMPv3 Trap / Trap Viewer
Hello all,
I've recently upgraded to solarwinds NPM 10.4, and am having some issues with SNMPv3 trap collection. I'm receiving the message under alerts - "bad trap packet received from node X.X.X.X, decryption of the incoming packet failed, local user credentials are not the right ones, or the packet is malformed".
Everything tests fine in the node configuration, it looks as if the nodes are being monitored properly, but I don't see any traps in the trap viewer being generated. I know my devices are sending the traps, but I'm not sure what's happening afterwards.
Anyone seen anything like this in the past, and can point me in the right direction?
My SNMPv3 configs look like this -
snmp-server group Solarwinds v3 priv read adminview
snmp-server view adminview internet included
snmp-server user adminsolarwinds solarwinds v3 auth sha adminpasssword priv des adminpassword
I can verify, and add devices to the Network Performance Monitor, but I don't see any traps being sent in the trap viewer. Something is most definately not right, I just can't figure out what it is.
Thanks -
Jon
↧
↧
Accessing Device "Primary IP" field in NOC view (or other device list)
I would love to be able to add the "Primary IP" field from each of my Device properties to my NOC view which shows the status of devices on the network in a list format.
I just don't seem to be able to find it in the field chooser.
Am I just being blind? Is there a way I can access this field in some sort of list view of my devices?
Kind Regards,
Andrew McKenzie
↧
WMI Calls Over VPN
When I tested Patch Manager, I successfully deployed third party patches to computers connected to our network via VPN. However, now it seems that WMI calls cannot be made to computers connected via VPN. This is prohibiting third party updates from reaching these machines. Does anyone know how to fix this? Any help would be appreciated 
↧
Queries regarding Orion SDK
Hi,
I am a newbie to Orion SDK . we actually want to implement/deploy SDK in our production environment. I had some queries..maybe some one can help me out..:
- we are running NPM v10.3 and soon gonna be using Orion FoE(Failover engine),I hope SDK's latest version is compatible with it.
- we have a inhouse developed CMDB, can SDK connect to that ?
- also can you please redirect me to some release note or installation guide, to better understand Orion SDK
Many thanks in advance.
Regards,
mohit
↧
Need a custom SQL report for discovery results
I am not a SQL expert, so I am having a little trouble with a report that I would like to create for scheduled discovery results.
I want a report that includes node name, IP address, engine ID, discovery profile name, identifies Found vs Changed, when discovery ran, etc. However, the tables in the database do not seem to contain all of these fields.
Has anyone configured such a report? Thank you for any help?
↧
↧
NPM 10.3.1 and SQL 2005 Express 9
I recently upgraded to NPM 10.3.1 since I believe I had an issue with my database filling which caused the web console to crash. Anyway, I have only added a portion of my network to NPM and I already see an alert in the web console that the database is 80% full. I have limited the database retention in the web console to 30 days, syslog messages to 7 days and traps to 30 days. Am I missing something, I have no experience in SQL so I was thinking perhaps there's a setting on the database software that needs to change. I know my database is limited to 4GB and I don't understand how information such as syslog, traps and text in the database could be using close to 4GBs already. The version of database software is Microsoft SQL Server Management Studio Express 2005 version 9.00.2047.00 Thanks for any help! -Mark
↧
Level of disruption for a LEM upgrade?
I am curious how long log collection disruption is when you upgrade a LEM appliance?
↧
Patch Management? I don't care for it but YOU should!
Patch Management! How exciting? Eagerly waiting up till the wee hours of the night on Patch Tuesdays, waiting for Microsoft to release the latest round of security patches and application fixes. I’m sure it’s like Christmas Eve EVERY SINGLE MONTH for Systems Administrators!
As a consultant though, who coincidentally doesn’t really care much for the holidays either (all the hustle and bustle of people shopping and deadlines for purchasing things – Bah, Humbug!), Patch Tuesdays don’t even raise an eyebrow for me. You see, I’m a project based consultant. I normally enter environments with a specific purpose and specific deliverable. Set up a solution, configure it, test it, document it, train the staff on it’s operations and then move on to the next project. When I implement a system, it is normally completely patched up with the latest build numbers, versions and security fixes. Honestly, patch management is not even on my radar (or in my scope). Sure, I know it will need to be done eventually, but it most likely will not be done by me… Yeah, maybe I’m a rotten consultant but I think I am much more like a typical consultant on a typical project at a typical client in a typical environment.
I have seen shrinking budgets that have pushed patch management to the bottom of most client’s priority lists. I think there is a misconception that you can just run Windows Update on your machines and keep them up to date. Of course if you manage 2 machines, go for it! But as you scale up, you DO need a patch management solution to keep your systems up to date and secure. As a consultant implementing solutions for clients, there is a reason that I am using the latest releases with up to date hotfixes and security patches. It helps ensure that the solution will not only be its most reliable and stable but also that software vendors will be able to support the solutions efficiently.
So I’m curious, when guys like me walk out of the building, are you (the client) putting in patch management solutions, clicking Windows Update every so often or just moving onto the next project (like me)?
*Reply to this post to earn 50 points and 1 entry to win an iPod Nano
↧
Publishing a group of patches as metadata-only without having to change from Full --> Metadata one at a time
I'm just revisiting Patch Manager after a short absence and had a request to check Dell driver levels. So I have the Dell catalog and filtered on "wifi" or "wireless". Now I want to publish them. By default it wants to download the content and then publish which is normally fine. However in this case there are 700+ patches that meet this criteria. When I go to the Publish wizard I can select individual updates one at a time to change it from Full content to Meta-data only. But I'd rather not do this for 700+ patches one at a time. I can't seem to multi-select and modify. What am I missing or is this not possible? I think in SCUP you can choose meta-data only during the publish wizard and I will go that route if I have to but I really wanted to do my 3rd party stuff inside of Patch Manager if possible.
Thanks,
Casey Robertson
↧
↧
Create hardware alerts based on group membership
Hello,
I'm still an Orion newb, so hopefully someone can help me out.
I have several nodes under a group. I want to have email alerts be generated for anytime there is a critical hardware failure for these nodes that fall under the group. Right now when I go into the Alert Manager and attempt to create an alert, I'm unable to find a way to break it down to only look at hardware failures for a certain group.
Can someone help me out?
↧
NPM 10.4 New Interface Graphs Not Updating
Just a heads up... Upgraded to NPM 10.4 this weekend and while they were OK initially the historical interface graphs stopped updating after awhile. Polling was OK as I could get current stats via Report Writer and one of the graphs on the Interface Details Page used the old style chart and that graph was up to date. Did an edit on each of the problem charts and changed the Default Zoom Range from 2 hours to 1 hour and all was well. Have gone back in and set them back to 2 hours and again as of now all is well.
↧
Feature request for NPM ( custom properties)
Hi
I would like to request that NPM custom properties under editing Node details become a drop down list of the current configured data or at least you can select which custom properties you want to be a drop down list. So the drop down list just sorts the data by alpha and does a unique on the list , so there are no duplicates.
I say this as adding custom properties like address, devicefunction, devicetype, location as so on will be fields that when adding nodes you will always populate if you use this logic.
This would allow people who add nodes and use this feature to be able to easily populate this fields without having to type it in.
Thanks
James
↧