Quite often we get this query from our evaluators and customers. We already have this data exposed in the OpManager knowledgebase; however I thought it would be nice to do a blog on it as well.
To analyze bandwidth consumption, we ran OpManager in an isolated environment and monitored the devices as listed below
Servers are monitored through WMI with default monitors
(CPU, Memory & Disk) associated.
Monitors like CPU, Memory and Interfaces Rx & Tx Traffic/ Utilization/ Errors/
Discards are associated to Network Devices (like Switches, Routers, Printers
and Firewalls) by default.
Monitoring Interval is set to 1 minute for all monitors and the status polling
is also set to 1 minute.
Here is the report for you...
UDP Traffic: 5225 bps
TCP/ WMI Traffic: 39435 bps
ICMP Traffic: 1980 bps (18 bps per device)
So, OpManager generates a total traffic of approximately 47Kbps within the LAN in order to monitor 100 Servers, 3 Routers, 3 Switches, 2 Firewalls and 2 Printers.
Hope you find this information useful.
One more info…Recently, we brought
out a new SNMP tutorial for beginners.
Do check out the animated gifs to explain SNMP communication for
various commands like GET, TRAP and INFORM.
- Kalvin
The Drudgery of Deploying Enterprise Solution
Customer satisfaction through innovation is a way of life in ManageEngine. Normally, deployment of log management (SIEM) solutions of top brands are not so simple. You require a number of files to be downloaded. Innumerable installations, configurations, and tuning etc., to start the deployed application. Often times, without the assistance of consultants it will be impossible to deploy a enterprise solution. To start running the solution and get the desired output, will be a tough task. For IT managers/administrators, deploying any enterprise solution will surely give few sleepless nights.
Escape from the Drudgery!
Embrace ManageEngine!!
ManageEngine Firewall Analyzer deployment for enterprises is a child's play.
1 - 2 - 3
Deployment in three steps.
#1
Download, install Distributed edition as Admin server in your central office/head quarters. (very few install time configurations).
Run the application.
#2
Send the downloaded file or send the application download link (same file doubles as Admin and Collector server. How Simple!!) and the Admin server details to the geographically remote location (your branch/sub office). Get it installed as Collector server in the remote location (here again, very few install time configurations). Get the Firewalls configured to monitor.
Run the application.
Replicate this step in all remote locations.
#3
Wait for 10 minutes.
Open Admin client UI in a browser. The reports of Firewalls in different parts of the world are there. Check it out.
The Solution: Firewall Analyzer 6 Distributed Edition
The procedure may not take more than an hour, staring from download to report roll out.
No cumbersome downloads. No consultant required. No training required. Minimal configurations. Global deployment can't get any simpler.
Scalability and feature set exceeds any other enterprise SIEM solution. Distributed monitoring very few have.
Experience it to believe it. Try Firewall Analyzer 6 Distributed Edition.
When a server goes down or when the response time of a database query exceeds the normal query execution time, any monitoring system in place should perform two actions. One to generate an alarm with relevant information (preferably the RCA - Root Cause Analysis) and secondly to log a ticket into a Service Desk solution. It may additionally execute an SMS action to notify the right technician.
With IT360, you can do that without any external interference. IT360 allows you to automate these actions thereby reducing time taken to troubleshoot the issue. In today's post, we will see how to create threshold, assign action and configure alarms so that the action is properly executed.Creating Thresholds
Thresholds are values on based on which the alarm is generated. For example, lets say the response time of an Apache server which acts as the web server for a website optimal response time is 1ms. When this value is breached or when the response time value goes higher, the website takes longer to load. Hence, it is critical to ensure that there is a threshold assigned to this web server and is carefully monitored.
In order to assign a threshold for this web server, follow the steps given below:
1. Click on 'Admin' -> 'Servers & Apps' -> 'Configure Alarms'.
2. Select the appropriate web server from the pull down menu 'Alarm Configuration by Monitors'. This will display the list of attributes for which you can assign thresholds for the particular web server.
3. Click on 'Associate' opposite to 'Response Time'. This will open a pop-up configuration window, wherein you can select the correct threshold corresponding to response time.
4. Click on 'Save' and 'Close' button to save and close the configuration window. You will now find that the response time for the Apache server is now configured and ready for associating an action.
Create Ticket Action
Now once the threshold is configured, click on 'Action' under 'Servers & Apps'. Click on 'Add New' under 'Log a Ticket' option.
1. Provide a proper name for the ticket.
2. Select the correct Category, Sub Category, Item, Priority, Group and Technician who will be responsible for this web server.
3. IT360 also allows you to insert relevant details into the Ticket content. This enables the technician to view relevant information. This allows the technician to troubleshoot the performance issue quickly.
4. Click on 'Log a Ticket' button to complete the process.
Additionally, you can also execute this action manually by clicking on this
icon. You can also update ticket's content, change category, sub category, etc by clicking on the edit 
icon.
Assign Ticket Action
Once the ticket action is created, click on 'Configure Alarms'. Click on the attribute for which you would like the ticket action to be associated with (in our case, the Apache Server's response time). Click on the 'Response Time - Cr > 1500ms'. In the configuration pop-up window, select the check box labeled 'Configure actions at Attribute level'.
Select the appropriate action that needs to be associated with this threshold value. You can create actions and enable them in such a way that you can get alerted when there is an issue, or when the issue clears or when the issue is going to get critical. Once you have chosen the action and clicked the 'Save' & 'Close' button, the configuration is done. The next time when the response time threshold value is breached, the technician is automatically notified. A ticket is logged into the Service Desk solution. In addition to this, you can also associate an SMS action to this threshold thus ensuring the technician receives the information as soon as the incident occurs.
Similarly, you can create an ad-hoc action by clicking on 'New Action' link inside the configuration pop-up window. It will allow you to create the following actions as displayed in the screenshot below.
Reputed marketing firm IDC (India) Ltd has come out with a survey whose results should serve as an eye opener for all enterprises. The survey was commissioned by security solutions provider Symantec India.
The survey reveals that:
Details of the survey as published in the media..
What are the causes?
The survey results once again lend credence to the belief that a good proportion of the cyber threats are being caused by the insiders of the enterprises - either disgruntled staff or greedy techies or sacked employees.
It is also increasingly becoming clear that stolen identities could be serving as the ‘hacking channel’ for many cyber-crimes and improper management of the administrative passwords could potentially remain at the root of a good number of security threats. Many security breaches might stem from lack of adequate password management policies and internal controls.
How do we avoid cyber threats?
Not all security incidents could be prevented or avoided; But, the security incidents that happen due to lack of effective internal controls are indeed preventable. Enterprises should take preventive action to combat cyber-criminals and to ensure information security.
Read this paper "Combating Cyber Security Threats" from ManageEngine Password Manager Pro and share your feedback
NetFlow Analyzer, though the name says NetFlow, can work with quite a number of flow formats like sFlow, jFlow, NetStream, IPFIX etc. This blog will give you a brief idea on sFlow technology and also guide you on how to use NetFlow Analyzer with sFlow from HP Procurve devices.
What is sFlow?
sFlow is a monitoring technology which allows you to capture the traffic data from a switched or routed network to give complete visibility into the use of network bandwidth. This data helps in performance optimization, accounting/billing for usage, defense against security threats, capacity planning and much more.
sFlow datagrams are exported based on sampling due to which impact on the device CPU/Memory and available bandwidth is minimal. Based on a defined sampling rate, 1 out of N packets (where N is the sampling rate) is captured and sent to the NetFlow Analyzer for traffic analysis by the device. Though, this type of sampling does not provide 100% accurate statistics, it does provide a result with quantifiable accuracy.
sFlow analysis with NetFlow Analyzer:
NetFlow Analyzer can work with any devices which are capable of exporting NetFlow, sFlow and other compatible flow which are completely vendor dependent. You can check out the list of flow formats and devices with which NetFlow Analyzer can work from here.
HP Procurve and sFlow:
Just like Cisco has NetFlow and other vendors have thier flow formarts, some vendors use a technolgy called sFlow. HP Procurve devices are capable of exporting sFlow datagrams which can be used for bandwidth monitoring and traffic analysis. NetFlow Analyzer is capable of analyzing the sFlow datagram exported from the HP Procurve to give you the traffic statiscs on each active ports.
sFlow export on the HP procuve device can be configured using two different methods, We can enable sFlow on the HP device either by logging in to the router and configuring them for sFlow export. But this is available only in the older device models or OS.
On the new HP devices, sFlow can be enabled only through SNMP. To make the sFlow configuration on HP device a simple task, NetFlow Analyzer provides scripts to enable and disable the sFlow export. So, lets see how we can use the script and enable sFlow.
sFlow Enable utility:
The script to enable sFlow, named as sFlowEnable.bat (for Windows and .sh for Linux), is present under <\AdventNet\ME\NetFlow\troubleshooting> directory.
The usage for the script is as follows:
SFlowEnable.bat switchIp snmpPort snmpWriteCommunity collectorIP collectorPort samplingRate
Example:-
C:\AdventNet\ME\NetFlow\troubleshooting>sFlowEnable.bat 192.168.188.30 161 private 192.168.133.1 9996 4096
Once sFlow is enabled on the HP devices, NetFlow Analyzer server will receive the packets and the product will capture the packets to automatically generate the reports. You also need to ensure that no access control lists (ACLs) or firewalls block the NetFlow packets (on UDP 9996) and that even the software firewalls on the server are allowing the packets to reach the NetFlow Analyzer installation.
After enabling the sFlow on the HP devices, we need ensure a few points to get the accurate traffic statistics about the device in NetFlow Analyzer.
The first and foremost is the sampling rate. We suggest setting the sampling rate to 4096. We have observed from various setups and from our existing customers feedback that the sampling rate of 4096 gives the most accurate traffic statistics in NetFlow Analyzer.Most of the other sFlow collectors in the market suggest the sampling rate to 256 which means more number of exported sFlow datagrams. With a sampling rate of 4096, you get the additional benefit that the device is not being overloaded by sampling large number of datagrams and exporting to the NetFlow Analyzer.
Next point we need verify is the "sFlow receiver timeout". This determines how long sFlow remains active on the exporting device. When the value has expired, sFlow also gets disabled on the device forcing you to re-enable sFlow export. Due to this, we recommend setting the sFlow Receiver Timeout to the maximum possible value, which is 2147483647 seconds which is 68 years ! The command to be used on the HP device for setting the sFlow receiver timeout is:
setmib sFlowRcvrOwner.1 -D NetFlow Analyzer IP sFlowRcvrTimeout.1 -i 2147483647
sFlow Disable Utility:
Of course. We have thought about that too. Just in case you want to export sFlow to different server or stop the flows for some time or whatever be the reason, NetFlow Analyzer provides you the script to disable sFlow export on the HP device.
The disable can be done using the script sFlowDisable.bat (for Windows and .sh for Linux) and the file is present under <\AdventNet\ME\NetFlow\troubleshooting > directory. The usage of the script is as below:
SFlowDisable.bat switchIp snmpPort snmpWriteCommunity
Example :-
C:\AdventNet\ME\NetFlow\troubleshooting>sFlowDisable.bat 192.168.188.30 161 private
Go ahead and try our 30 day trial to see for yourself on how well NetFlow Analyzer works with sFlow and HP devices.
Thanks
Praveen Kumar
Download | Interactive Demo | Product overview video | Twitter | Customers
We found something interesting with our network monitoring software - OpManager. Last week one of my colleagues, who was working on a customer's issue found that SNMP requests sent from ManageEngine
products did not get any responses. We did all the basic steps -
verifying whether SNMP is enabled on the devices, SNMP credentials etc.
- and found everything was perfect. We then tried to send SNMP requests
from our MIB browser, a SNMP troubleshooting tool, but no luck. The
customer had a MIB Browser from another vendor and we tried sending the
SNMP requests from that MIB browser and we got the response from the device. After spending sometime on the
issue, we found the SNMP requests sent from OpManager were getting dropped at the server
itself (failed to reach the devices).
That reminded us of the few
issues we had with the firewall and anitivirus. We checked the firewall
and antivirus on the server. Firewall was disabled, but Symantec
antivirus was running. Once we stopped the antivirus, we could receive
responses from the devices for the SNMP requests sent from OpManager server. We were bewildered, at the same time very
eager to know about why SNMP requests sent from
ManageEngine applications are blocked, when the same from the other MIB
browser could pass through. We analyzed both the MIB Browsers in-depth.
The difference was the platform that they were built on. Our's were
built on Java, while the other one was built on .Net. We did some quick
research and found that antiviruses block SNMP requests when sent from
Java based applications.
Have you folks come across the same? Feel free to share your experiences and thoughts.
This
is the second time we had an issue with antivirus. The first one was
with McAfee. It didn't allow MySQL of OpManager 8 to start. We did some
changes in the McAfee policies to get it working. Please check this link
if you haven't checked it before. If you face any such issues, try
disabling the firewall and anti-virus during startup which should work.
Pravin
Sun Microsystems has released the security update for JDK 6 on November 3, 2009. The update is available for download from Sun website
Update 17 has some key security fixes detailed in their release notes.
Did you know that you can get the java updates installed to all the computers in the network silently using Desktop Central?
Let us now see how to get this done.
jre-6u17-windows-i586-p.exe /s ADDLOCAL=ALL IEXPLORER=1"
where <Share Path> has to be replaced with the network share that you have created. The above command will install all the components and also register the plug-in with Internet Explorer.
Hi,
Of late, cyber-criminal activities across the globe have
assumed such grave proportions that all enterprises - big and small,
are exposed to security breaches and identity thefts of various kinds.
Many sabotage were found to have been caused by the insiders of the
enterprises - either disgruntled staff or greedy techies or sacked
employees.
Lack of well-defined internal controls and access
restrictions generally pave the way for security incidents.
Particularly, as stolen identities seem to have served as the ‘hacking
channel’ for many cyber-crimes, improper management of the
administrative passwords is believed to be at the root of a good number
of security threats.
Security experts strongly believe that
many security incidents (though not all) are actually avoidable by
placing access restrictions and well-defined password policies.
From
ManageEngine Password Manager Pro, we have released an advisory, which
discusses the causes of security incidents in detail and suggests ways
to effectively tackle the challenge.
You may download the advisory from:
http://www.manageengine.com/products/passwordmanagerpro/combating-cyber-threats-advisory-paper-request.html
Today’s customer support environment puts your company under greater pressure to reduce operational costs and offer business value by your support, your support process needs a service level management and automation of your SLA actions that can:
SupportCenter Plus meets these objective at ease:
Earlier on crossing the SLA defined only a mail can be triggered to the respective manager, now the automation starts at marking the trouble tickets as L1, L2 and L3 and directing to groups as G1, G2, G3 and switches of levels and groups based on escalation criteria.
The benefit of our First Response SLA is to capture the unnoticed tickets which is the first level of escalation for immediate attention. You can configure upto to four levels of escalations where actions automatically get attached to Support Representatives.
SupportCenter Plus gives flexibility and automation of escalation to different levels of tickets or support representatives. This improves the efficiency of your support process by 15%
Also get e-mails triggered on the status of your trouble tickets.
To counteract a significant waste of existing support resources as manual methods of SLA administration are employed SupportCenter Plus SLA actions automate SLA activities. Most important among these are real-time and over-time monitoring and predictive early warning to impending SLA breaches, and the ability to integrate support process and business needs of your customer.
Team SupportCenter Plus
Couple of days back, we had an interesting conversation going on in our forums. One of our privileged ManageEngine customer wanted to have speed based alerting mechanism and gave us a real good reason to have this feature. Please find the conversation on the below link.
http://forums.manageengine.com/#Topic/49000003700030
I just wanted to check how the UI should look like and input configuration. Please share us your views and inputs to add the speed based alert feature.
Please write your technical questions to netflowanalyzer-support@manageengine.com. We are happy to assist you at any moment.
Thanks
Raj
Download | Interactive Demo | Product overview video | Twitter | Customers