ViPNet StateWatcher 4.3: Monitoring System for ViPNet Networks. Monitoring Server Administrator's Guide
1991 2014 Infotecs. All rights reserved. Version: 00056-08 32 01 ENU This document is included in the software distribution kit and is subject to the same terms and conditions as the software itself. No part of this publication may be reproduced, published, stored in an electronic database, or transmitted, in any form or by any means electronic, mechanical, recording, or otherwise for any purpose, without the prior written consent of Infotecs JSC. ViPNet is a registered trademark of Infotecs JSC, Moscow, Russia. All brands and product names that are trademarks or registered trademarks are the property of their owners. Global contacts page http://www.vipnet.com/index_all.php
Contents Introduction... 8 About This Document... 9 Audience... 9 Document Conventions... 9 About Monitoring Server... 11 System Requirements... 11 ViPNet Software Version Requirements... 12 Recommended Internet Explorer Configuration... 13 Monitoring Server Licensing... 16 Distribution Kit... 17 Third-Party Code... 18 What's New in Version 4.3... 19 Feedback... 25 Chapter 1. How Can I Organize Monitoring?... 26 Monitoring Server Basics... 27 Data Processing Means... 28 Monitoring Events' Severity Levels... 29 Cascading of Monitoring Servers... 30 Managing Processing Rules in a Cascade... 33 Monitoring a Failover Cluster... 35 Monitoring Hosts over SNMP... 36 Monitoring the ViPNet IDS Appliance... 38 Managing a Monitoring Server... 39 Chapter 2. Monitoring Server Setup, Update, and Uninstallation... 40 Checklist: Monitoring Server Setup... 41 Third-Party Software Installation... 42 Monitoring Server Installation... 46 Verifying That Monitoring Server Has Been Successfully Installed... 53 Checklist: Upgrading Monitoring Server... 54 Upgrading Monitoring Server... 56
Upgrading Monitoring Server in a Cascade... 60 Updating the Customization Pack... 61 Uninstalling Monitoring Server... 63 Connecting to Monitoring Server... 65 Chapter 3. Configuring Monitoring Server... 67 Configuring Monitoring Server with a Wizard... 68 Managing User Accounts... 74 Creating and Editing a User Account... 75 Deleting a User Account... 78 Changing a User Password... 78 Configuring Monitored Hosts and Groups... 80 Creating and Editing a Monitored Group... 82 Adding Hosts to the Public Hosts List... 84 Moving New Hosts to a Monitored Group... 86 Editing Monitoring Parameters of a Host... 88 Deleting Monitored Hosts and Groups... 89 Stopping Monitoring of a Public Host... 90 Setting Monitored Host Types... 91 Configuring Processing Rules... 93 Creating and Editing a Processing Rule... 94 Configuring and Editing Rule Parameters in the Rule Constructor... 96 Copying a Processing Rule... 99 Deleting a Processing Rule... 99 Configuring Notifications... 101 Notification Types... 103 Creating and Editing Notification Templates... 105 Visual Notifications... 107 Sound Notifications... 107 Email Notifications... 108 Business Mail Notifications... 110 SMS Notifications... 111 Notification over the Syslog Protocol... 112 Configuring Connection to a Proxy Server... 114 Configuring the Map... 116 Adding a Host to the Map According to Its Geographical Coordinates... 119 Arranging a Monitoring Server Cascade... 121
Adding a Monitoring Server to a Cascade... 122 Adding a Child Monitoring Server to a Cascade. Administrator's Actions... 124 Removing a Monitoring Server from a Cascade... 125 Exporting and Importing Monitoring Server Settings... 127 Peculiarities of Settings Importing... 128 Fine-Tuning Monitoring Server... 131 [collection] Section... 133 [storage] Section... 133 [control] Section... 134 [sms] Section... 137 [gis] Section... 137 [export] Section... 138 Configuring Export of Hosts' Unprocessed Parameters to a Network Resource... 139 [bm] Section... 140 Schedule Format... 141 Data Rotation... 142 Viewing the Events Log... 144 Chapter 4. Processing Rules... 147 Processing Rules Components... 148 Processing Rules Syntax... 150 Variables... 150 Comments... 150 Literals... 150 Functions... 151 Operators... 151 Objects and Methods Used for Accessing Hosts' Parameter Values... 154 Collections... 155 Objects and Methods Used for Accessing Secondary Parameters... 156 Object Used for Specifying Severity Levels... 157 Objects and Methods Used for Setting Notifications... 157 Processing Rules Logging Objects and Methods... 158 Syntax Examples... 158 Verifying Processing Rules Syntax... 161 Chapter 5. Backup and Restore... 162
Backup and Restore Strategy... 163 Backing Up and Restoring Configuration Files and Debug Logs... 164 Backing Up a Database... 165 Getting General Monitoring Database Characteristics... 169 Restoring a Database... 171 Restoring a Database without Reinstalling the Monitoring Server Program... 171 Restoring a Database after You Reinstall the Monitoring Server Program... 180 Program and Database Health Check... 181 Appendix A. Troubleshooting... 182 PostgreSQL Can't Be Installed or Started... 182 The Unlimited Growth of the Database... 184 Can't Log Monitoring Events... 184 Apache Tomcat Service Does Not Start... 185 Can't Connect to the Monitoring Server via a Web Browser... 186 Problems with Access and Authentication in Monitoring Web Access... 186 Cannot Open a Host Details Window... 187 System Proxy Server Malfunctions... 187 Can't Add a Server to the Cascade... 188 Appendix B. Creating and Editing Mail Notification Templates... 189 Appendix C. Monitored Parameters... 193 Parameters Monitored on ViPNet Hosts... 194 Parameters Monitored on Public Hosts... 215 ViPNet IDS Monitoring Parameters... 229 Appendix D. Public Hosts Import File Template... 234 Appendix E. Monitoring System Capacity Index... 236 ViPNet StateWatcher Monitoring System's Performance... 237 Estimating the Traffic Load in the ViPNet StateWatcher Monitoring System... 239 Appendix F. Advanced Settings in Windows OS... 241 Configuring the SNMP Service on a Public Host... 242 Assigning the postgres Access Rights to a User in Windows OS... 247 Appendix G. Built-in Processing Rules... 249
Built-in Processing Rules for ViPNet Hosts... 250 Business Mail Status... 250 Coordinator Offline... 251 Failover Cluster Node Switching... 251 Failover Status... 252 Firewall Type... 252 Host Status... 253 MFTP On-Line... 254 MFTP Queue Parameters... 254 MFTP Status... 255 Network Interface Parameters... 256 Operating System Log... 259 Passive Failover Cluster Node Status... 261 Roles... 261 Security Level... 262 System Resources Warning... 264 ViPNet Monitor Offline... 265 ViPNet Monitor Status... 266 ViPNet Software Version Validation Rule... 266 Built-in Processing Rules for Public Hosts... 269 Disk Usage (SNMP)... 269 Installed Applications (SNMP)... 269 Many Attacks on the Current Sensor... 270 Many High Level Attacks on the Current IDS Sensor... 271 Memory Usage (SNMP)... 272 Started Services (SNMP)... 272 Stopped Services (SNMP)... 273 Uninstalled Applications (SNMP)... 274 Appendix H. Glossary... 275 Appendix I. Index... 281
Introduction About This Document 9 About Monitoring Server 11 What's New in Version 4.3 19 Feedback 25 StateWatcher 4.3 8
About This Document This document describes the purpose and scope of the Monitoring Server program that is part of the ViPNet StateWatcher software package, designed for monitoring ViPNet networks. It also describes the main program features and the basic aspects of working with the program. This document is a part of the documentation kit distributed with the ViPNet StateWatcher software package. The documentation kit consists of the following documents: ViPNet StateWatcher: Monitoring System for ViPNet Networks. Overview ViPNet StateWatcher: Monitoring System for ViPNet Networks. Monitoring Server. Administrator's Guide (this document). ViPNet StateWatcher: Monitoring System for ViPNet Networks. Monitoring Web Access. User s Guide. Audience This document is intended for the administrators who install and configure the Monitoring Server software. Document Conventions This document concerns the following conventions: Table 1: Document conventions Icon Description Warning: Indicates an obligatory action or information which may be critical for continuing user operations. Note: Indicates a non-obligatory, but desirable action or information which may be helpful for users. Tip: Contains additional information. StateWatcher 4.3 9
Table 2: Conventions for highlighted information Icon Name Key+Key Menu > Submenu > Command Code Description The name of an interface element. For instance, the name of a window, a box, a button or a key. Shortcut keys. To use the shortcut keys, press and hold the first key and press other keys. A hierarchical sequence of elements. For instance, menu items or sections in the navigation pane. A file name, path, text file (code) fragment or a command executed from the command line. StateWatcher 4.3 10
About Monitoring Server The Monitoring Server program is a part of the ViPNet StateWatcher software package. The purpose of this program is to monitor the current state of ViPNet hosts (see Monitored host on page 276), which are hereinafter called monitored hosts, and of the ViPNet software components (such as ViPNet Client, ViPNet Cluster, ViPNet Coordinator, ViPNet Coordinator Linux, and ViPNet Coordinator HW) installed on the hosts, as well as to notify you promptly about events occurring on them. To start monitoring, you should deploy your monitoring server on a ViPNet Client host running Windows OS. Third-party software is also required for the server's correct performance. You can manage Monitoring Server from Monitoring Web Access (MWA) which is a web interface on a Windows OS computer with the ViPNet Client software and a web browser installed. For more information about MWA, see the document ViPNet StateWatcher: Monitoring System for ViPNet Networks. Monitoring Web Access. User s Guide. System Requirements The minimum system requirements for your computer to run Monitoring Server are as follows: Processor: Intel Core 2 Duo or any other x86-compatible processor of similar characteristics with two or more cores. Note: When you use the Monitoring Server program in a large network, we recommend you to use a more powerful processor. If the number of monitored hosts reaches 10,000, we recommend you to use the Intel Core 2 1.8 GHz processor and 4 GB RAM. If the number of monitored hosts reaches 20,000, we recommend you to use the Intel Core 2 Quad 2.8 GHz processor and 8 GB RAM. Minimum RAM: 4 GB. Note: The minimum free space required on a hard drive depends on the Monitoring Server program configuration (see Fine-Tuning Monitoring Server on page 131). StateWatcher 4.3 11
Operating system: Microsoft Windows Server 2003 (32 bit), Server 2008 (32/64 bit), Server 2008 R2 (64 bit), Server 2012 (64 bit), Server 2012 R2 (64 bit), Windows 7 (32/64 bit), Windows 8 (32/64 bit). Before you install the Monitoring Server program, we recommend you to install the latest operating system update. Required software: ViPNet Client, version 3.1 (1.5119) or later. The latest Windows updates must be installed. Access to the Internet should be provided if you want to send SMS notifications. ViPNet Software Version Requirements Hosts involved in the ViPNet StateWatcher monitoring system should have ViPNet software of the following versions installed: The Monitoring Server program is compatible with ViPNet Client software version 3.1 (1.5119) or later. Requirements for the hardware configuration of your monitoring server and for third-party software are given in the System Requirements (on page 11) section of this document. You can install the ViPNet Client software of any version on a host running Monitoring Web Access (MWA). For more information about MWA, see the document ViPNet StateWatcher: Monitoring System for ViPNet Networks. Monitoring Web Access. User s Guide. On a monitored host, you should install ViPNet Client or ViPNet Coordinator software version 3.1 (1.5119) or later, or ViPNet Coordinator Linux software version 3.4 or later, or ViPNet Coordinator HW software-hardware appliance version 2.0 or later. Note: Some settings of monitored hosts are available only in later software versions: ViPNet Client or ViPNet Coordinator starting from version 3.1.3; for ViPNet Coordinator Linux starting from version 3.6.1; the ViPNet Coordinator HW softwarehardware appliance starting from version 2.2. On the host functioning as a ViPNet network administrator's workstation, you should install the ViPNet Network Control Center software version 2.8.18 or later (for 2.8.x versions) or 3.1.4 or later (for 3.1.x) or ViPNet Network Manager version 4.0 or later. ViPNet StateWatcher software licensing is supported starting from these versions. StateWatcher 4.3 12
Recommended Internet Explorer Configuration In order to correctly display the web interface, Internet Explorer should not be in Compatibility View mode. If you use Internet Explorer 8, prior to starting the Monitoring Web Access make sure that the required parameters are set in Internet Options. To do this: 1 Run Internet Explorer. 2 On the Tools menu, click Internet Options. 3 On the Advanced tab, under Multimedia, select the Play animations in webpages and Play sounds in webpages check boxes. Figure 1: Advanced Internet Explorer configuration 4 In the Internet Options dialog box, click Apply. If you are using the Internet Explorer 9 web browser and Windows Server 2003 or Windows Server 2008 R2, you should disable Enhanced Security Configuration. For this, depending on the used OS, do the following: 1 For Windows Server 2003: StateWatcher 4.3 13
1.1 Click the Start button and then click Control Panel > Add or Remove Programs. 1.1 In the displayed window, click Add or remove Windows components. The Windows Components Wizard will be started. 1.2 On the first page, in the Components list, clear the Internet Explorer Enhanced Security Configuration check box and click Next. Figure 2: Disabling Enhanced Security Configuration for Windows Server 2003 1.3 To exit the wizard, click Finish. 2 For Windows Server 2008 R2: 2.1 Click the Start button, and then click Control Panel. 2.2 In the All Control Panel Items window, click Programs and Features. 2.3 In the Programs and Features window, click Turn Windows features on or off. StateWatcher 4.3 14
2.4 In the Server Manager window, under Server Summary > Security Information, click Configure IE ESC. Figure 3: Setting Enhanced Security Configuration in Internet Explorer 2.5 In the displayed window, for Administrators and Users, select Disable and click OK. Figure 4: Disabling Enhanced Security Configuration in Internet Explorer StateWatcher 4.3 15
Monitoring Server Licensing To start using a ViPNet client as a monitoring server, you should assign the StateWatcher role to it in one of the programs: ViPNet Network Manager (in a ViPNet network deployed using the ViPNet Network Manager software). The maximum number of monitored hosts is defined by the license. ViPNet Network Control Center (in a ViPNet network deployed using the ViPNet Administrator software). For the monitoring server you are configuring, you can also specify the maximum number of monitored hosts and child monitoring servers. You can check whether this role is assigned to the host and what is the current number of the hosts it monitors either on the Monitoring Server start, or periodically during its operation. During the program operation, the current hosts' number may increase because you add new hosts (from the Hosts available for monitoring list) to monitoring groups. Also, the license limit for the monitored hosts' number may be decreased. If the StateWatcher role is not assigned to this host or the monitored hosts number exceeds the number specified in your license, you will be notified about it, and the monitoring server will stop monitoring the hosts and block access to the data it has collected. To continue working with your monitoring server, reduce the number of monitored hosts to the limit stated in the license (see Deleting Monitored Hosts and Groups on page 89). Note: When a check of the current number of monitored hosts is performed, hosts from all groups but the Hosts available for monitoring are counted, regardless of whether their monitoring is enabled. The StateWatcher role affects the host's interaction with other monitoring servers within the cascade. When you remove this role from the monitoring server, it stops interacting with other servers within the cascade. In such a case, the host can't be a monitoring server and becomes a common monitored object for all its child monitoring servers. It is automatically added to the Hosts available for monitoring group on each of these servers. When you assign the role to the monitoring server again, it appears on the list of candidates for establishing cascade relations on each monitoring server it is linked with on the ViPNet network. All events related to licensing terms violation are written to the event log (see Viewing the Events Log on page 144), which is stored in the monitoring server's database. StateWatcher 4.3 16
Distribution Kit All the components distributed as part of the ViPNet StateWatcher monitoring system are specified in the table below. Table 3: ViPNet StateWatcher distribution kit Software required for a monitoring server Item Monitoring Server program setup file Customization pack File name StateWatcherInstaller.jar default_pn.zip Software required for 32-bit operating systems Apache Tomcat web server 6.0.29 setup file PostgreSQL database management system 9.1.4-1 setup file Oracle Java Sun JDK 7u21 setup file apache-tomcat-6.0.29.exe postgresql-9.1.4-1- windows.exe jdk-7u21-windows-i586.exe Software required for Monitoring Web Access Software required for 64-bit operating systems Apache Tomcat web server 6.0.33 setup file PostgreSQL DBMS 9.1.4-1 setup file Oracle Java Sun JDK 7u21 setup file Adobe Flash Player plug-in for Mozilla Firefox browser Adobe Flash Player plug-in for Internet Explorer browser There is Adobe Flash Player plug-in in Google Chrome browser, You can download a setup file for the ireport visual designer from http://jasperforge.org/projects/ireport/ http://jasperforge.org/projects/ireport/ apache-tomcat-6.0.33.exe postgresql-9.1.4-1- windows-x64.exe jdk-7u21-windows-x64.exe flashplayer_11_plugin_debu g_32bit.exe flashplayer_11_ax_debug_32 bit.exe therefore it is not included in the distribution kit. ireport-3.7.6-windowsinstaller.exe StateWatcher 4.3 17
Documentation in PDF ViPNet StateWatcher: Monitoring System for ViPNet Networks. Overview ViPNet StateWatcher: Monitoring System for ViPNet Networks. Monitoring Web Access. User's Guide ViPNet StateWatcher: Monitoring System for ViPNet Networks. Monitoring Server. Administrator's Guide vipnet_statewatcher.pdf vipnet_statewatcher_usergu ide.pdf vipnet_statewatcher_admgui de.pdf Third-Party Code This section contains information about third-party code used in Monitoring Server software. OpenStreetMap OpenStreetMap (http://www.openstreetmap.org/) participants by Open Data Commons Open Database License (ODbL) Open Data Commons (http://opendatacommons.org/licenses/odbl/) \ СС-BY-SA (http://creativecommons.org/licenses/by-sa/2.0/). StateWatcher 4.3 18
What's New in Version 4.3 This section contains a brief description of changes made to the ViPNet StateWatcher monitoring system and its new features in version 4.3 in comparison to version 4.2.1. You can find information about earlier versions of the monitoring system in the document ViPNet StateWatcher: Monitoring System for ViPNet Networks. Overview in the appendix Version History. Monitoring hosts on the dashboard You can configure the dashboard to acquire up-to-date information about monitored hosts in a handy form. You can choose parameters for display on the Dashboard page. On the dashboard, current values of monitored hosts' parameters can be displayed in graphs or on a map. Figure 5: Dashboard Adding a host description In the Host Information window, the Description tab has been added for MWA users to type any useful information about the host. The added information can be viewed and edited by other users. StateWatcher 4.3 19
Figure 6: Adding host description Monitoring connection to coordinators You can monitor connection between the selected host and ViPNet coordinators with which it is linked. For your convenience all coordinators are displayed on one list in the monitored host properties window. Thus, you can quickly find out which network segment is disconnected. Moreover, you can configure the display of these data on the dashboard. StateWatcher 4.3 20
Figure 7: Viewing the connection status of a host with ViPNet coordinators Changes to Monitoring Web Access Interface The monitoring web interface has been improved and updated. Flat UI design has been developed for MWA, fonts are easier to read, and icons have been redesigned. StateWatcher 4.3 21
Figure 8: Interface differences Exporting and Importing Monitoring Server settings You can export Monitoring Server settings to a file or import settings from a file, for example in order to move the Monitoring Server software to a new computer or restore settings from the backup copy. StateWatcher 4.3 22
Figure 9: Importing Monitoring Server settings New principle of configuring notification about monitoring events Notification filters will not be used any more. Now you can create notification templates and enable the required notification types for certain users, hosts, and processing rules. StateWatcher 4.3 23
Figure 10: Enabling user notification Notification over the Syslog protocol In the new version of Monitoring Server, you can send information about monitoring events to the Syslog server. To do this, you just need to configure notification over the Syslog protocol. This notification type is available only for the Administrator user account. StateWatcher 4.3 24
Feedback Finding Additional Information For more information about Infotecs products and technologies, see the following resources: ViPNet documentation web portal http://www.vipnet.com/redir/doc_vipnet/. Information about current Infotecs products http://www.infotecs.ru/solutions/. Information about Infotecs solutions http://www.vipnet.com/redir/solutions/. Contacting Infotecs We value any feedback from you. If you have any questions concerning Infotecs products and solutions, any suggestions, complains or other feedback, feel free to contact us by means of the following: Global contacts page http://www.vipnet.com/index_all.php Telephone (Germany): +49 (0) 30 206 43 66 0 Telephone (USA): +1 (646) 589-8571 Errata Infotecs makes every effort to ensure that there are no errors or misprints in the text of all documents supplied with ViPNet software. However, no one is perfect, and mistakes do occur. If you find an error in one of our documents, like a spelling mistake or some inaccuracy in describing user scenarios or system features, we would be very grateful for your feedback. By sending in errata you may save other reader hours of frustration, and at the same time you will be helping us provide documentation of even higher quality. StateWatcher 4.3 25
1 How Can I Organize Monitoring? Monitoring Server Basics 27 Data Processing Means 28 Monitoring Events' Severity Levels 29 Cascading of Monitoring Servers 30 Managing Processing Rules in a Cascade 33 Monitoring a Failover Cluster 35 Monitoring Hosts over SNMP 36 Monitoring the ViPNet IDS Appliance 38 Managing a Monitoring Server 39 StateWatcher 4.3 26
Monitoring Server Basics Monitoring of ViPNet hosts' state is based on collecting and processing hosts' settings. To collect the data, a monitoring server establishes connection to its monitored hosts via the ViPNet software and polls them periodically (you can specify the polling frequency in the settings). The monitoring server waits for the host's response for the specified time span. The monitoring server writes the collected data into its database. If there is no data about certain parameter values, they are considered unknown. You may view the current parameter values for any monitored host in Monitoring Web Access (MWA). After new data is received, the Monitoring Server program starts processing the monitored hosts' current state. The processing is performed according to the rules that you have specified on the monitoring server. These rules are executed every time new monitoring data is received. The rules are executed and changes in the hosts' state are processed simultaneously. Events are detected based on the processing results. The Monitoring Server program saves detected monitoring events to its database. To view these monitoring events, in MWA, run a corresponding query to the database. For each detected monitoring event, a notification is created in processing rules. Event notifications are displayed in MWA on all hosts connected to the monitoring server. They are transferred via the channels enabled in Monitoring Server settings. If the monitoring server is within a cascade, the notifications are transferred to its parent monitoring server. However, if the rule has not been applied centrally on child monitoring servers, the notifications will not be transferred to the parent monitoring server. StateWatcher 4.3 27
Data Processing Means A monitoring server collects data from its monitored hosts and processes it by executing processing rules. Each rule serves for processing certain host's parameters using a certain algorithm. You may specify the algorithm in a rule component called processing rule code. You should write the algorithm in a special language that contains all basic elements and constructions used in programming languages (see Processing Rules Syntax on page 150). The rule code usually defines various parameter value checks. Monitoring and notification events displayed in Monitoring Web Access are defined based on the results of these checks. All processing rules are named; they are stored on the monitoring server. The ViPNet StateWatcher software has a set of built-in rules. They are available in the customization pack (on page 276) included in the default distribution kit of the ViPNet StateWatcher monitoring system. These built-in rules are always running on a monitoring server and track the most important events and changes in the hosts' state (see Built-in Processing Rules on page 249). You may change the set of built-in rules by installing a customization pack (see Updating the Customization Pack on page 61). You choose whether to apply processing rules, including the built-in rules, on all monitored hosts. The rules are associated with certain hosts in the following way. For each rule, you specify a certain list of hosts affected by this rule. As a result, in the course of data processing, a certain rule will be executed only for the hosts associated with this rule. After processing rules detect monitoring events, Monitoring Server logs these events to its database, where they are stored for a time period specified in Monitoring Server settings. By the end of this period, outdated monitoring events are deleted from the database. In Monitoring Web Access, you may view monitoring events and export them to a file for further viewing or processing in third-party programs. StateWatcher 4.3 28
Monitoring Events' Severity Levels The severity level of an event provides an indication of problems that the monitoring system has encountered. The monitoring system can issue the following events (top-down prioritization): Critical, for critical events; Warning, for significant, but not critical events; Standard, for standard events; Informational, for non-significant events. Knowing events' severity levels may be important, first of all, when you configure processing rules and you need to estimate the event's impact on system operation and to set up the corresponding notification type. Each processing rule detects events on the associated hosts, and then the program determines the detected events' severity level defined by the administrator. As a result of event detection and rule execution, a notification is created, and the event's severity level is displayed in it. Notification type depends on the severity level. In notifications settings, you may configure what notifications should be used for what severity levels. In these settings, you may also enable and disable notifications. StateWatcher 4.3 29
Cascading of Monitoring Servers The ViPNet StateWatcher software allows you to organize monitoring servers into a multilevel hierarchical structure called a cascade. You may need to organize the cascade interaction structure between monitoring servers to ensure load balancing and to monitor hosts in a segmented network even when ViPNet hosts in the network's segments are not linked with the parent monitoring server. For example, there are segments A and B in the network. The hosts of segment A have ViPNet links with the parent monitoring server, while the hosts of segment B don't have such links. In this case, the parent monitoring server may receive information about the hosts of segment B from the child monitoring server that has ViPNet links with those hosts. A cascade is a tree-like hierarchy of monitoring servers, which are connected by child-parent relations. Every parent monitoring server may have any number of child monitoring servers, but a child monitoring server may have only one parent monitoring server (except for the root monitoring server, which does not have a parent server). The cascade relation can be established only between monitoring servers linked with each other within the ViPNet network. Before the cascade relation is established, each monitoring server can be monitored by another monitoring server. However, after the cascade relation is established, the lists of monitored hosts are changed automatically and child monitoring servers can't monitor their parent servers. The figure below contains an example of a cascade established above inter-host connections of the existing ViPNet network. StateWatcher 4.3 30
Figure 11: A monitoring server cascade A child monitoring server transfers the following data to its parent monitoring server: Notifications about monitoring events. The list of cascaded hosts and changes applied to this list. Detailed information about cascaded hosts. A parent monitoring server receives data from its child servers and then transfers the data to the superior server in the cascade, in other words to its parent monitoring server. Since every parent monitoring server (except for the root one) is a child server for some other monitoring server, it transfers not only information from child monitoring servers, but also information about its own monitored hosts and events on those hosts. This is how information is transferred up to the root monitoring server. The restart and shutdown of a monitoring server will not affect its relations in a cascade, and it will remain in the cascade hierarchy after restart. When a monitoring server disconnects, notification stops, and the parent monitoring server stops displaying the current notifications it has received from the disconnected monitoring server. A monitoring server may be included in a cascade if the Monitoring server role has been assigned to it (see Monitoring Server Licensing on page 16). When you remove this role from a StateWatcher 4.3 31
monitoring server, it becomes a common object for all other monitoring servers and is automatically added to the list of hosts to be monitored. The parent monitoring server stops receiving information from the former child monitoring server. When you assign the role to the host again, it appears in the list of candidates for establishing cascade relations on each monitoring server it is linked with on the ViPNet network. You may set relations between monitoring servers within a cascade when you are configuring the cascade (see Arranging a Monitoring Server Cascade on page 121). StateWatcher 4.3 32
Managing Processing Rules in a Cascade In ViPNet StateWatcher, you can manage processing rules within a cascade all at once. This allows the parent monitoring server administrator to apply the rules created on that server on all its child monitoring servers. The administrator can check whether the transferred processing rules have been applied. On each parent monitoring server, you can define a set of processing rules, which must be applied on child monitoring servers. These rules are transferred to child monitoring servers and must be applied to all hosts. Note: You can't cancel a rule's execution on a child server, if this rule has been received from the parent monitoring server. Thus, child monitoring servers will transfer only the notifications created as a result of executing the rules received from their parent servers, and they will not transfer the notifications associated with their own rules. The scheme below illustrates an example of applying processing rules in a cascade. StateWatcher 4.3 33
Figure 12: Transferring processing rules and notifications in a cascade In our example, the cascade includes four monitoring servers: MS1, MS2, MS3, and MS4. MS1 is the root server. Processing rules PR 1.1 and PR 1.2 are set on it. Suppose we need the notifications on applying the rule PR 1.2 on all the hosts in this network to be accumulated on MS1. On other servers, their own processing rules are specified. These rules should be applied only to the monitored hosts of these servers. To ensure that the child servers' notifications are transferred to the server MS1 in the cascade, you should transfer the rule PR 1.2 down the cascade, as follows: on each child server, a copy of the rule PR 1.2 is automatically created, and this rule is mandatory for all hosts without exception. After the rule PR 1.2 is executed on the hosts monitored by the server MS2, notifications about it will be transferred directly to the server MS1. After this rule is executed on the hosts monitored by the servers MS3 and MS4, the corresponding notifications will be transferred via the server MS2. The notifications created as a result of executing the rules set on the servers MS2, MS3, and MS4 will not be transferred to the server MS1. StateWatcher 4.3 34
Monitoring a Failover Cluster ViPNet Coordinator Linux and ViPNet Coordinator HW/VA can work in the single or failover cluster mode. The failover cluster mode is designed for a quick transfer of the functions performed by a server within a cluster to the other server in case the first server fails. A failover cluster includes two connected computers; one of them (the active node) functions as a ViPNet coordinator, while the other one (the passive node) is in the standby mode. If the active node fails critically for the ViPNet software operability (first of all, in case of a network or network equipment failure), the passive node switches to the active state, taking the load and starting to function as a coordinator instead of the server that has detected the failure. The Monitoring Server program allows you to perform monitoring of the active and passive cluster nodes, which allows the administrators to detect and solve problems on both cluster nodes. Monitoring Server also notifies the administrators about switching the active/passive state of a cluster node. For a full list of parameters received from the active and passive cluster nodes, see the Appendix Parameters Monitored on ViPNet Hosts (on page 194). StateWatcher 4.3 35
Monitoring Hosts over SNMP Public hosts are monitored over the SNMP protocol. This protocol uses a distributed architecture consisting of the following components: SNMP manager, which is a component of Monitoring Server and is designed for managing public hosts using SNMP. SNMP agent, which is a program you run on public hosts and is designed for sending the hosts' settings to the SNMP manager. You may use Windows SNMP Service as an SNMP agent on public hosts. You can run and configure this service with the standard operating system means (see Configuring the SNMP Service on a Public Host on page 242). You can monitor the following types of hosts over SNMP: Public hosts. Tunneled hosts. ViPNet hosts. Monitoring Server transfers the commands requesting the hosts' settings (see Parameters Monitored on Public Hosts on page 215) to SNMP agents with a certain frequency or on the administrator's initiative. SNMP agents collect the requested data and transfer it to Monitoring Server. You can view the collected data about each host in Monitoring Web Access on the Detailed Information tab of the Host Information window. Every time a monitoring server polls its clients, it processes the collected data by applying the processing rules that you have configured on the monitoring server. StateWatcher 4.3 36
Figure 13: Viewing detailed information about a public host StateWatcher 4.3 37
Monitoring the ViPNet IDS Appliance With Monitoring Server, you can monitor the ViPNet IDS software and hardware appliance, which is designed for network attack detection and analysis. A monitoring server watches a ViPNet IDS host over SNMP (see Monitoring Hosts over SNMP on page 36) due to an integrated SNMP agent running on a ViPNet IDS host. This SNMP agent is specially configured for data exchange with Monitoring Server. With Monitoring Server, you can view the following information about network attacks detected by ViPNet IDS: the number of detected network attacks sorted by their severity levels; the list of detected network attacks; the total number of the attacks saved on the ViPNet IDS host; top 100 most attacked hosts; top 100 attacker hosts. For a complete list of parameters that Monitoring Server receives from ViPNet IDS, see the Appendix ViPNet IDS Monitoring Parameters (on page 229). To start monitoring a ViPNet IDS host, first add it to the public hosts list (see Adding Hosts to the Public Hosts List on page 84), and then add it to the corresponding monitored group (see Moving New Hosts to a Monitored Group on page 86). Also, you can configure processing rules for the events happening on the ViPNet IDS host (see Configuring Processing Rules on page 93). StateWatcher 4.3 38
Managing a Monitoring Server You may manage a monitoring server by using the Apache Tomcat service. However, you may only start or stop the Monitoring Server program. To start Monitoring Server, right-click the Apache Tomcat icon in the notification area and click Start. After you start Apache Tomcat, the Monitoring Server program starts as well. To stop Monitoring Server, right-click the Apache Tomcat icon in the notification area and click Stop. After Apache Tomcat stops, the Monitoring Server program stops as well. If you change Monitoring Server settings in the server.ini file (see Fine-Tuning Monitoring Server on page 131), you must restart Monitoring Server. To do this, stop Monitoring Server, and then start it again. For more information on working with the Apache Tomcat service, visit the web site http://tomcat.apache.org/ http://tomcat.apache.org/. StateWatcher 4.3 39
2 Monitoring Server Setup, Update, and Uninstallation Checklist: Monitoring Server Setup 41 Third-Party Software Installation 42 Monitoring Server Installation 46 Verifying That Monitoring Server Has Been Successfully Installed 53 Checklist: Upgrading Monitoring Server 54 Upgrading Monitoring Server 56 Upgrading Monitoring Server in a Cascade 60 Updating the Customization Pack 61 Uninstalling Monitoring Server 63 Connecting to Monitoring Server 65 StateWatcher 4.3 40
Checklist: Monitoring Server Setup To install Monitoring Server, you need the following: Setup files of the required third-party programs PostgreSQL, Oracle Java Sun JDK, and Apache Tomcat. The Monitoring Server setup file StateWatcherInstaller.jar. The customization pack file (by default, default_pn.zip). You must install Monitoring Server and required third-party software with OS administrator rights. Before you start the installation, disable User Account Control and accept the latest OS updates. To install Monitoring Server, follow the checklist. Table 4: Monitoring Server setup order Step Note Install PostgreSQL. Install Oracle Java Sun JDK. Install Apache Tomcat. Third-Party Software Installation (on page 42) Install the Monitoring Server program. Monitoring Server Installation (on page 46) Verify that Monitoring Server has been successfully installed. Verifying That Monitoring Server Has Been Successfully Installed (on page 53) Tip: We recommend you to print this checklist and select the check boxes as you advance through the steps outlined in this checklist. StateWatcher 4.3 41
Third-Party Software Installation You must install several third-party programs on your computer before you install the Monitoring Server program. Setup files of these third-party programs are included in the distribution kit (on page 17). To install the third-party programs and the Monitoring Server program, you must log on as Administrator, in other words, you must be a system administrator on your computer. Warning: We strongly don't recommend you to install other versions of the required third-party software than those in the distribution kit. Also, we don't recommend you to upgrade the third-party software after you install the Monitoring Server program. You must install the third-party programs in the following order: 1 Make sure that User Account Control (UAC) is disabled in your operating system. For more information on disabling UAC, see Help in your operating system. 2 Install PostgreSQL 9.1.4-1 version. In the setup process, use the default settings, except for the start of the Stack Builder component: when you are prompted to start this component automatically, refuse. Remember the port number of the database server. It is 5432 by default. If two versions of PostgreSQL are installed on your server (for example, you installed the other version when you upgraded Monitoring Server to 4.3), then for the PostgreSQL 9.1 the default port number is 5433. When you install and configure Monitoring Server, make sure that the same port number is specified in all its settings. In the setup process, set your password for the postgres user. The password may contain Latin characters and digits. The password length must be at least 8 symbols. You cannot use special symbols in the password. Note: During PostgreSQL 9 installation, it may conflict with Microsoft Visual Studio components. For more information about possible problems with PostgreSQL installation and their solutions, see the web site http://wiki.postgresql.org/wiki/running_%26_installing_postgresql_on_native_wi ndows#common_installation_errors. After you complete the setup, a new user, postgres, will appear in the system (PostgreSQL database superuser). Provide this user with full access (Full Control) to the StateWatcher 4.3 42
folder (see Assigning the postgres Access Rights to a User in Windows OS on page 247) where the monitoring database will be deployed (see Monitoring Server Installation on page 46). 3 Install Oracle Java SE Development Kit (7u21 version for a 32-bit or 64-bit OS). In the setup process, use the default settings. Figure 14: Choosing Java Sun JDK components 4 Install Apache Tomcat (6.0.29 version for a 32-bit OS or 6.0.33 version for a 64-bit OS). In the setup process, use the default settings. When you choose the components to be installed, select the Service and Native check boxes. Figure 15: Choosing components to install Apache Tomcat StateWatcher 4.3 43
Set a password for the admin user. Figure 16: Setting the administrator password At the last step, refuse to start the service by clearing the Run Apache Tomcat check box. Warning: After the ViPNet StateWatcher installation the Apache Tomcat service will use port 80. Make sure this port is not busy prior to installing ViPNet StateWatcher. 5 Make sure that the PostgreSQL and Apache Tomcat services start: o o To start Apache Tomcat, right-click the Apache Tomcat icon in the notification area and click Start. To start PostgreSQL: 1. Click the Start button, and then click Control Panel. 2. In the Adjust your computer's settings window, click Administrative Tools. 3. In the displayed window, double-click the Services shortcut. 4. In the Services snap-in, select the postgrescql-x32-9.1 (or postgrescql-x64-9.1) service and, on the toolbar, click Start Service. Warning: Access to the Internet via a system proxy server requires starting Apache Tomcat with the OS administrator rights. StateWatcher 4.3 44
Note: To work in Monitoring Web Access, you also must install browser plug-ins to playback notifications and the ireport tool for creating your own templates for email notifications. All the required software is included in the distribution kit (on page 17). To upgrade Oracle Java SE Development Kit to version 7u21: 1 Uninstall the current version of Oracle Java SE Development Kit (6u30). 2 Install Oracle Java SE Development Kit version 7u21. 3 Stop the Apache Tomcat service by right-clicking the Apache Tomcat icon in the notification area and clicking Stop. 4 Make sure that, in the Apache Tomcat settings, the correct version of the Java virtual machine is specified. To check, right-click the Apache Tomcat icon in the notification area and click Configure. In the Apache Tomcat Properties window, click the Java tab and make sure that the path to the Java Virtual Machine in the corresponding box is set as follows: C:\Program Files\Java\jdk1.7.0_21\jre\bin\server\jvm.dll. If, in the Java Virtual Machine box, the path to an outdated version is specified, change it to the new version's path. Figure 17: Setting a path to the Java Virtual Machine 5 Start the Apache Tomcat service by executing the Start command. StateWatcher 4.3 45
Monitoring Server Installation Before you install Monitoring Server: 1 Make sure that User Account Control (UAC) is disabled in your operating system. For more information on disabling UAC, see Help in your operating system. 2 Make sure that you have the setup file StateWatcherInstaller.jar and the customization pack (the default_pn.zip file installed by default). 3 Install the third-party software required for Monitoring Server work (see Third-Party Software Installation on page 42). 4 Create a folder for storing monitoring databases. Provide the PostgreSQL (see Assigning the postgres Access Rights to a User in Windows OS on page 247) database superuser with full access (Full Control) to this folder. You should specify the path to this folder when you install Monitoring Server. You may create this folder beforehand or in the setup process. Note: We do not recommend you to store the databases on the same logical disk with your operating system because it may slow down database requests processing. Create the folder in another disk section or on another hard drive, if possible. To install Monitoring Server for the first time: 1 Exit all applications that may interact with Apache Tomcat and PostgreSQL to avoid incorrect installation of Monitoring Server. 2 Double-click the StateWatcherInstaller.jar file. The ViPNet StateWatcher setup program will be started. On the start page, click Next and follow the instructions. 3 On the License Agreement page, read the license agreement, select I accept the license agreement, and click Next. 4 On the Verifying Third-Party Software page, view information about the required thirdparty programs (see Third-Party Software Installation on page 42) installed on your computer, their versions, and location. StateWatcher 4.3 46
Figure 18: Verifying third-party software Verify the displayed information. If necessary, add or edit paths to the required third-party programs. Note: If two versions of PostgreSQL database (for example, 8.4 and 9.1) are installed on your server, then, in the PostgreSQL client module name box, specify the path to version 9.1, which is required for operation of Monitoring Server 4.3. Click Next to continue. 5 On the Choose Installation Type page, you will see the sole variant if it is your first installation. Click Next to continue. 6 On the Configuring Database for the Monitoring Server page, you will see the default database server settings. StateWatcher 4.3 47
Figure 19: Configuring the database server If two versions of PostgreSQL are installed on your server, then, in the database server port box, the 5433 value will be specified. In the database server administrator's password box, type the password you have set when installing PostgreSQL and click Next. 7 On the Configuring Database for the Monitoring Server page, specify the parameters that will be used to create the monitoring database: o o o o In the database name box, type the database name (sw_olap by default). In the database administrator's name box, type the database owner's name (sw_admin by default). In the database owner password box, type the access password to the database you are creating. In the data storage folder box, specify the path to the folder you should have created to store the database in. If the folder does not exist, create it. Click Browse and then, in the displayed window, click. Note: Provide the postgres user (the database superuser) with full access (Full control) to these folders. If the required rights have not been installed, clicking Next will result in an error message. StateWatcher 4.3 48
Figure 20: Configuring the monitoring database Click Next. 8 On the next page, click Next. o o o We do not recommend you to change the values in the address of geoinformation system database server, port for geoinformation system database server, and geoinformation system database server administrator's name boxes, which are defined automatically. If necessary, in the geoinformation system database server name box, change the database name (sw_gis by default). In the geoinformation system database server administrator's password box, type the access password to the database you are creating. StateWatcher 4.3 49
Figure 21: Configuring the geoinformation system database After you specify the required parameters, click Next. Note: The geoinformation system database contains the information required to display monitored hosts and monitoring events on a map. 9 On the Configuring Notifications for Your Installation page, specify the parameters of the SMTP server you will use for sending notifications: o In the SMTP server address box, type the server's address. o In the SMTP server port box, type the port number (by default, 25). o o In the Email to send notifications from box, type the email address to send notifications from. If user authentication is required on the server, select the Use this user account to log in to the SMTP-server check box and, in the associated boxes, type the user credentials. StateWatcher 4.3 50
Figure 22: Configuring the SMTP server After you specify the required parameters, click Next. 10 On the Configuring Business Mail page, in the Path to a folder box, specify a folder where Monitoring Server will save notification files that should be processed by ViPNet Business Mail autoprocessing rules. Click Next to continue. 11 On the Required Disk Space page, you can view space available on the disk and space required for the installation. If the available space is not enough, free some more. Click Next to continue. 12 On the Install Customization Pack page, specify the full path to the customization pack (on page 276) file that you should install (the default customization pack from the distribution kit default_pn.zip or the one specially designed for your organization) and click Next. The customization pack that you install has to comply with the specific version of your Monitoring Server program. In the setup process, the customization pack is checked for consistency and compliance with the Monitoring Server version. Warning: If the customization pack does not comply with the program version or is invalid, you will be warned about it, and you will not be able to skip to the next step. StateWatcher 4.3 51
We strongly recommend you to use the default customization pack or the pack that has been designed specially for your organization. 13 On the Confirmation page, verify the specified parameters. To start installation, click Next. 14 The installation process will start. On the Execution page, information about the installation process will be displayed. After the installation is completed, click Next. 15 On the Operation Completed page, click Finish. After the ViPNet StateWatcher setup program is closed, the Apache Tomcat service will start and the Monitoring Server program will be ready to work with. Warning: Within the same cascade, you can place hosts with the Monitoring Server software of version 4.0 and later. Cascading is supported if the parent monitoring server's software version is the same as or later than the ones on the child servers. Cascading isn't supported if the parent monitoring server's software version is earlier than the ones on the child servers. To use the monitoring servers where earlier software versions are installed in the same cascade with 4.0 monitoring servers, upgrade their software to 4.3 (see Upgrading Monitoring Server on page 56). StateWatcher 4.3 52
Verifying That Monitoring Server Has Been Successfully Installed After the installation is completed, make sure the Monitoring Server program and the required third-party software have been successfully installed. To do this: 1 In Monitoring Web Access, connect to the monitoring server. To do this: 1.1 In your web browser's address bar, enter the address http://<server_address>. 1.1 In the displayed window, enter the account name Administrator and the password Administrator. 1.2 Click Log in. 2 On the Manage > Hosts page, add at least one host for monitoring. To do this: 2.1 Click Add hosts to monitoring. 2.2 In the Add Hosts to Monitored Group window, add at least one host to the Default group and select the Enable polling check box. 2.3 Click Save. 3 On the Monitor > List page, poll any monitored host. To do this: 3.1 Click the required host in the monitored hosts list. 3.2 In the Host Information window, click Poll. If you successfully connect to the monitoring server and poll the host, consider Monitoring Server and third-party software installation successful. StateWatcher 4.3 53
Checklist: Upgrading Monitoring Server Warning: If Monitoring Server version 2.1 is installed on your computer, you should upgrade it to version 3.2 first, and then to version 4.3. For information about upgrading Monitoring Server to version 3.2, see the document ViPNet StateWatcher 3.2: Monitoring System for ViPNet Networks. Monitoring Server. Administrator s Guide. Before you start upgrading Monitoring Server, install the required third-party software from the new Monitoring Server version's distribution kit (if the third-party software versions have changed). Before you start Monitoring Server upgrading, check the versions of the required third-party software in the distribution kit (on page 17) of the new Monitoring Server version. If any thirdparty program's version has changed, you should upgrade this program to the latest version. To upgrade Monitoring Server, you need the following: Setup files of the required third-party programs PostgreSQL, Oracle Java Sun JDK, and Apache Tomcat, if their versions changed. They are included in the distribution kit of your update. The Monitoring Server setup file StateWatcherInstaller.jar. The customization pack file (by default, default_pn.zip). You must upgrade Monitoring Server and required third-party software with OS administrator rights. To upgrade Monitoring Server, follow the checklist. Table 5: Upgrading Monitoring Server: checklist Step Note: Install third-party software only if its version has changed. In case you need to update Oracle Java Sun JDK, first uninstall the current version of this software, and then install the new version. Third-Party Software Installation (on page 42) Upgrade the Monitoring Server program. Upgrading Monitoring Server (on page 56) StateWatcher 4.3 54
Verify that the new Monitoring Server software is installed correctly. Verifying That Monitoring Server Has Been Successfully Installed (on page 53) Tip: We recommend you to print this checklist and select the check boxes as you advance through the steps outlined in this checklist. StateWatcher 4.3 55
Upgrading Monitoring Server Before you upgrade the Monitoring Server program, upgrade third-party software (see Third- Party Software Installation on page 42). The required setup files are included in the distribution kit (on page 17). You may upgrade the Monitoring Server program with the StateWatcherInstaller.jar file. To upgrade Monitoring Server: 1 Stop the Apache Tomcat service on the monitoring server (see Managing a Monitoring Server on page 39). 2 Double-click the StateWatcherInstaller.jar file. The ViPNet StateWatcher setup program will be started. 3 On the License Agreement page, read the license agreement, click I accept the license agreement, and then click Next. 4 On the Information page, click Next. 5 On the Verifying Third-Party Software page, view information about the required thirdparty programs installed on your computer (see Third-Party Software Installation on page 42), their versions, and location. Verify the displayed information. If necessary, specify or edit the path to the PostgreSQL 9.1 database management system. 6 Click Next to continue. 7 On the Choose Installation Type page, select Upgrade from version 3.2.x to 4.3.x. Click Next to continue. 8 On the Configuring Database for the Monitoring Server page, you will see the default monitoring database settings: o The values of the database server address, database server port, database name, and database administrator name boxes will be automatically defined. You may change these values if required. StateWatcher 4.3 56
o In the database administrator password box, type the access password to the monitoring database. Figure 23: Configuring the database server Click Next to continue. Note: When you upgrade Monitoring Server from version 3.2.x to version 4.3, as a result, two versions of PostgreSQL, 8.4 and 9.1, will be installed on your computer. In the process of Monitoring Server upgrading, the data will be automatically copied from PostgreSQL 8.4 tables to PostgreSQL 9.1 tables. After the upgrade is completed, you may uninstall PostgreSQL 8.4. 9 On the Configuring Geoinformation System Database for Monitoring Server (see figure on page 50) page, you will see the geoinformation system database settings: In the geoinformation system database server administrator's password box, type the access password to the database you are creating. Click Next. StateWatcher 4.3 57
10 On the Configuring Notifications for Your Installation (see figure on page 51) page, the current notification settings will be displayed. If required, type your SMTP server credentials and click Next. 11 On the Configuring Business Mail page, in the Path to a folder box, specify a folder where Monitoring Server will save notification files that should be processed by ViPNet Business Mail autoprocessing rules. 12 On the Required Disk Space page, you can view space available on the disk and space required for the upgrade. If the available space is not enough, free some more. Click Next to continue. 13 On the Install Customization Pack page, specify the full path to the customization pack (on page 276) that you should install and click Next. You may install the default customization pack from the distribution kit or the one specially designed for your organization. The customization pack that you install has to comply with the specific version of your Monitoring Server program. In the setup process, the customization pack is checked for consistency and compliance with the Monitoring Server version. Warning: If the customization pack does not comply with the program version or is invalid, you will be warned about it, and you will not be able to skip to the next step. 14 On the next page, choose which data should be copied to the new database when you upgrade Monitoring Server to version 4.3. Note: If you copy only a part of the older database to the new one, Monitoring Server will be upgraded much faster. StateWatcher 4.3 58
Figure 24: Choosing which data should be copied to the new database 15 On the Confirmation page, verify the specified parameters. To start the upgrade, click Next. 16 In the message window, click OK. Note: If the database is large, the upgrade process may take a few hours. For example, if the main database size is 5 GB, and the unprocessed database size is 15 GB, then upgrading Monitoring Server from version 3.2 to version 4.3 will take about 3 hours. 17 The Monitoring Server program upgrade process will start. On the Execution page, information about the upgrade process will be displayed. After the upgrade is completed, click Next. 18 On the Operation Completed page, click Finish. The ViPNet StateWatcher setup program will be closed. The Apache Tomcat service will start. After Apache Tomcat starts, the Monitoring Server program is ready to work with it. Warning: When you upgrade the Monitoring Server program, hosts' unprocessed parameters are not saved. StateWatcher 4.3 59
Upgrading Monitoring Server in a Cascade Note: If you want to upgrade a monitoring system organized as a cascade, we strongly recommend you to uninstall earlier versions of the Monitoring Server program on all servers within the cascade and then install Monitoring Server 4.3 on them. You should perform the upgrade of Monitoring Server in a cascade in the following order (you don't need to remove cascade relations this way): 1 On all child monitoring servers, uninstall the earlier Monitoring Server version (see Uninstalling Monitoring Server on page 63). 2 On the parent monitoring server, uninstall the earlier Monitoring Server version. 3 On the parent monitoring server, install Monitoring Server 4.3 (see Monitoring Server Installation on page 46). 4 On all child monitoring servers, install Monitoring Server 4.3. After you install the software, add a child server to the cascade (see Adding a Monitoring Server to a Cascade on page 122). If you can't uninstall the earlier program version from a server (for example, you don't want to lose the data stored in that version), you should perform the upgrade in the following way: 1 Connect to the parent monitoring server via Monitoring Web Access and cancel applying processing rules on child monitoring servers. 2 Remove all child monitoring servers from the cascade (see Removing a Monitoring Server from a Cascade on page 125). 3 On the parent monitoring server, upgrade Monitoring Server to version 4.3 (see Upgrading Monitoring Server on page 56). 4 On all child monitoring servers, upgrade Monitoring Server to version 4.3. After you install the software on a child server, add it to the cascade; do this for all child monitoring servers. As a result, the Monitoring Server program will be upgraded on all servers in the cascade. StateWatcher 4.3 60
Updating the Customization Pack If you work in the ViPNet StateWatcher monitoring system version 3.2 or later, you can use customization packs (see Customization pack on page 276), which help to configure the monitoring system according to your needs. By default, a customization pack is installed when you install the Monitoring Server software for the first time (see Monitoring Server Installation on page 46) or when you upgrade your Monitoring Server program (see Upgrading Monitoring Server on page 56). Also, you may update the installed customization pack when you work with Monitoring Server version 3.2 or later. You may update the customization pack you installed earlier by using the setup program. To update the customization pack: 1 Double-click the StateWatcherInstaller.jar file and follow instructions in the ViPNet StateWatcher setup program. 2 On the License Agreement page, read the license agreement, select I accept the license agreement, and click Next. On the Information page, click Next. 3 On the Verifying Third-Party Software (see figure on page 47) page, view information about the required third-party programs installed on your computer (see Third-Party Software Installation on page 42), their versions, and location. Click Next to continue. 4 On the Choose Installation Type page, select Install a customization pack. Click Next to continue. 5 On the Install Customization Pack page, specify the full path to the customization pack that you should install and click Next. The customization pack that you install has to comply with the specific version of your Monitoring Server program. The consistency check is performed during installation. Warning: If the customization pack does not comply with the program version or is invalid, you will be warned about it, and you will not be able to skip to the next step. We strongly recommend you to use the default customization pack or the pack that has been designed specially for your organization. StateWatcher 4.3 61
6 On the Confirmation page, verify the specified parameters. To start installation, click Next. 7 The customization pack installation process will start. On the Execution page, information about the installation process will be displayed. 8 On the Operation Completed page, click Finish. The ViPNet StateWatcher setup program will be closed. The Apache Tomcat service will start. After Apache Tomcat starts, the Monitoring Server program is ready to work with it. As a result of customization pack update, the following changes are made: Monitored hosts' geographic position is now adjusted to the coordinates system set in the customization pack. The list of supported host types is updated. The email notification template is updated. The interface language is changed. Note: Each of the above-mentioned changes is made only if the new customization pack has the corresponding data. StateWatcher 4.3 62
Uninstalling Monitoring Server Warning: After you uninstall the Monitoring Server program, both the monitoring database and the geoinformation database will be deleted. Before you uninstall the program, you may create backup copies of the databases (see Backing Up a Database on page 165) if you are planning to re-install Monitoring Server. To uninstall Monitoring Server: 1 Double-click the StateWatcherInstaller.jar file. The ViPNet StateWatcher setup program will be started. 2 On the License Agreement page, select I accept the license agreement, and click Next. On the Information page, click Next. 3 On the Verifying Third-Party Software page (see figure on page 47), view information about the required third-party programs installed on your computer, their versions, and location. Click Next to continue. 4 On the Choose Installation Type page, select Delete. Click Next to continue. 5 On the Configure Monitoring Server Database page (see figure on page 57): o o Verify the specified monitoring database server's parameters. In the database administrator password box, type the access password to the monitoring database. Click Next to continue. 6 On the Configuring Geoinformation System Database for Monitoring Server page (see figure on page 50): o o Verify the specified geoinformation system database server's parameters. In the geoinformation system database server administrator's password box, type the access password to the geoinformation system database. Click Next to continue. 7 On the Confirmation page, you will be warned that the databases will be deleted and Monitoring Server will be uninstalled. Click Next to continue. 8 The Monitoring Server program uninstallation process will start. On the Execution page, information about the uninstallation process will be displayed. After the program is uninstalled, click Next. StateWatcher 4.3 63
9 On the Operation Completed page, click Finish. As a result, Monitoring Server will be uninstalled and the databases will be deleted. StateWatcher 4.3 64
Connecting to Monitoring Server You may connect to a monitoring server from any Monitoring Web Access on a host that is linked (in the ViPNet Network Manager program) with this server. To start working with a monitoring server, on your host with Monitoring Web Access, do the following: 1 Connect to the monitoring server. There are two ways to do this: o o In your web browser's address bar, enter the address http://<server_address>:<port>. Specifying the port is optional if the monitoring server uses the default port (80). In the ViPNet Monitor program, in the Private Network section, click your monitoring server and do one of the following: on the toolbar, click Web; on the Actions menu or on the context menu, click this ViPNet Host. The logon window will be displayed. Open Web Resource on StateWatcher 4.3 65
Figure 25: User logon 2 In the User box, type the administrator account name. In the Password box, type the administrator password. Then click Log in. Note: The default name and password for the administrator's account are Administrator and Administrator. The administrator can create a new administrator's account (see Creating and Editing a User Account on page 75) or change the default password (see Creating and Editing a User Account on page 75). 3 If you connect to the monitoring server for the first time, the Quick Configuration Wizard will be displayed. Configure the settings and save the changes by clicking Finish. 4 Now you may view information and all actions on configuring and managing the Monitoring Server program. Note: For viewing web pages without scroll bars, set the screen resolution to 1024x768 or higher. StateWatcher 4.3 66
3 Configuring Monitoring Server Configuring Monitoring Server with a Wizard 68 Managing User Accounts 74 Configuring Monitored Hosts and Groups 80 Setting Monitored Host Types 91 Configuring Processing Rules 93 Configuring Notifications 101 Configuring Connection to a Proxy Server 114 Configuring the Map 116 Arranging a Monitoring Server Cascade 121 Exporting and Importing Monitoring Server Settings 127 Fine-Tuning Monitoring Server 131 Viewing the Events Log 144 StateWatcher 4.3 67
Configuring Monitoring Server with a Wizard When you log on to Monitoring Web Access as Administrator for the first time, the Quick Configuration wizard is started. With this wizard, you can: Configure notification types for each severity level. Choose hosts for monitoring. Add public hosts to the list for monitoring. Configure connection to the SMTP server and the SMS gateway. To refuse from using the wizard (for example, if you want configure the monitoring server later), click Cancel. You may run the Quick Configuration wizard later. To do this, in the upper right corner of the main Monitoring Web Access window, on the Settings menu, click Quick configuration wizard. This feature is available only if you log on as Administrator. Figure 26: Starting the wizard from the Settings menu To configure the monitoring server with the Quick Configuration wizard: 1 On the first page of the wizard, under Notification type, select how the program will notify about critical events. StateWatcher 4.3 68
Figure 27: Configuring critical notifications 2 Under Monitored hosts, add the hosts for which the notifications should be created. To do this: 2.1 Click Add hosts. StateWatcher 4.3 69
2.2 In the Hosts Available for Monitoring window, select the check boxes corresponding to the required monitored hosts. Figure 28: Adding hosts for monitoring 2.3 If necessary, add or import some public hosts to the list of the monitoring server's links. To do this: To add a public host, click Add and specify its name, IP address, network protocol, and port. Figure 29: Adding a public host StateWatcher 4.3 70
To import the list of public hosts, click Import and specify the file with the list of public hosts. Figure 30: Importing public hosts After you add the public hosts to the list, select the check boxes corresponding to these hosts. 2.4 Click OK. 3 On the second and third pages of the wizard, configure notifications for the events of the Warning and Informational severity levels. 4 If you choose notification by email, on the next page of the wizard, configure connection to the SMTP server that will be used for sending the notifications. Specify the IP address and port of the SMTP server, the source email address of the notifications, and the email addresses of the administrators who will receive the notifications. If necessary, specify the user credentials for authentication on the SMTP server. For more information on how to configure the SMTP server, see Configuring Email Notifications (see Email Notifications on page 108). StateWatcher 4.3 71
Figure 31: Configuring connection to the SMTP server 5 If you choose notification by SMS for a certain severity level, on the next page of the wizard, configure connection to the SMS gateway that will be used for sending the notifications. Specify the IP address, port, user name, and password for connection to the SMS gateway and the phone number of the administrator who will be notified by SMS. For more information on how to configure the SMS gateway, see Configuring SMS Notifications (see SMS Notifications on page 111). StateWatcher 4.3 72
Figure 32: Configuring connection to the SMS gateway 6 After you finish configuring, click Finish. StateWatcher 4.3 73
Managing User Accounts User and administrator accounts contain user's first and last names, passwords and other properties. They are stored in the monitoring server's database. One of the accounts, the Monitoring Server administrator account, is pre-defined. You can't delete the pre-defined account. You can assign rights to ViPNet StateWatcher users: If you log on as the administrator, you can view information about monitored hosts, configure and administer the Monitoring Server. If you log on as a user, you can only view information about monitored hosts. You should define the rights while you are creating or editing an account (see Creating and Editing a User Account on page 75). Only one user is permitted to access the Monitoring Server program (see Connecting to Monitoring Server on page 65) using one account. If another user is accessing this server from another Monitoring Web Access using the same account, then the first user is automatically forced to log off (with the corresponding warning), and the second user takes over the control of the account. You can configure user accounts via Monitoring Web Access if you connect as an administrator. This option allows you to manage user accounts (create, modify (see Creating and Editing a User Account on page 75), and delete (see Deleting a User Account on page 78) them) and search for specific accounts. To configure an account: 1 Connect to the required monitoring server under the administrator account. 2 On the Manage tab, click Users. A list of user accounts will be displayed on this page. User accounts with the administrator's right are indicated by the icon. StateWatcher 4.3 74
Figure 33: User accounts The accounts are sorted by users' last names. To filter out the accounts, start typing in the search box above the list. Every time you type a symbol, automatic list filtering is performed according to the occurrence of the typed substring in any user attribute. If you want to clear the search box, on the right, click. Creating and Editing a User Account To create or edit an account: 1 On the Users page, do one of the following: o o To create a new account, click Create new user. To edit an account, click its name. A window with the selected account's parameters will be displayed. If you are creating a new user account, all the account properties will be blank. StateWatcher 4.3 75
Figure 34: Editing a user account 2 Set or modify the following account properties: Note: The required properties are marked with an asterisk (*). o Last name, First Name, Middle Name, User, and Password are the main account properties. In the User box, type the account name. Confirm your password in the Confirm password box. In the Last name, First Name, and Middle name boxes, use only Latin or Cyrillic letters (no more than 30 symbols). In the User box, use only Latin letters and Arabic numerals (0-9). Make your user name no shorter than 4 and no longer than 20 symbols. StateWatcher 4.3 76
Warning: You cannot change the name of the built-in Administrator account. o o o In the Password box, use only Latin letters and Arabic numerals. The password length must be at least 6 symbols. Phone defines the user's phone number, where SMS notifications will be sent to (for example, 89012345678). Use only digits in this box. The E-mail addresses box contains the email addresses for sending notifications (no more than 15 addresses). For editing the emails list, use the Add and Delete buttons on the right of the corresponding list items. The Administrator permissions check box is used to set administrator or user rights for the account. If you select the check box, the administrator rights are assigned to the account. If you clear the check box, the user rights are assigned to an account. If you remove administrator rights from your own account (clear the Administrator permissions check box), the confirmation window will be displayed. Click Yes. As a result, user rights will be automatically assigned to your account and the logon page will be displayed. Description is a non-formalized account description (not more than a hundred symbols). Configure notification types and processing rules contains the list of processing rules and notification types for the selected user. Here you can assign the following notification types to the selected processing rules: visual, sound, email, and SMS. Moreover, you can set Business Mail and Syslog notifications for the built-in Administrator account. Move processing rules or rules templates to the In use list of the selected user by clicking and. In the In use list, select the required notification types for each rule or template. 3 Set the parameters and click Save. If you want to cancel the creation of a new account or to discard the changes that you have made, click Cancel. As a result, a user account will be created or edited. StateWatcher 4.3 77
Deleting a User Account To delete an account: 1 On the main page, on the Manage tab, click Users. 2 On the Users page, click the name of the account that you want to delete. 3 In the Edit User window, click Delete user. You will be prompted to confirm the deletion. 4 To delete the user account, click Save. To discard the changes, click Cancel. 5 If you remove administrator rights from your own account (clear the Administrator permissions check box), the confirmation window will be displayed. Click Yes. As a result, user rights will be automatically assigned to your account and the logon page will be displayed. Note: If the user of the account that you have deleted is logged on to Monitoring Server, then, after an attempt to take any action in Monitoring Web Access, the user will be notified that his or her account has been deleted, and the user will be automatically logged off. You can't delete the built-in Administrator account. Changing a User Password You may change a user or administrator password if you log on to Monitoring Server as an administrator. In the user mode, you may also change your password when working in the Monitoring Server program. To do this: 1 In the upper right corner of the web page, on the menu with your user name, click Edit. The password change window will be displayed. In the Name box, your user name will be displayed. StateWatcher 4.3 78
Figure 35: Changing a user password 2 In the corresponding box, type the current password. Then, in the Confirm password box, type the new password and confirm it. 3 To change the password, click Save. To discard changes, click Cancel. StateWatcher 4.3 79
Configuring Monitored Hosts and Groups In Monitoring Web Access, you can configure monitored hosts and groups if you connect to the server as an administrator. You can set the monitoring parameters for hosts and monitored groups and manage monitored groups (create, delete and edit groups). Figure 36: Current settings of monitored hosts and groups The Hosts available for monitoring pane is divided in two parts: ViPNet hosts and Public hosts. The hosts displayed in the ViPNet hosts section are the ones that are linked to the monitoring server. The links are configured in ViPNet Network Manager. On the server, the Monitoring Server program periodically polls the ViPNet Monitor program and receives the current information about other ViPNet hosts linked with it and their IP addresses (see Protected host on page 278). According to this information, in Monitoring Server, the hosts are displayed in the Hosts available for monitoring pane. You add hosts to the Public hosts list section manually. StateWatcher 4.3 80
On a monitoring server, there is the Default group which is pre-defined and includes all monitored hosts not included in other groups. Note: The hosts from the Hosts available for monitoring pane are not polled by the monitoring server, and their licenses aren't checked. When the monitoring server starts for the first time since it has been installed, all hosts available for monitoring are listed in the Hosts available for monitoring pane and monitoring is disabled for all hosts. If you want to configure monitoring, create monitored groups (if necessary), move some hosts from the Hosts available for monitoring pane to the Default group or another group that you have created, and set the hosts or groups monitoring parameters (at least to turn the monitoring on). Warning: The number of monitored hosts (that is, the number of hosts polled simultaneously) can't exceed 20,000. To move a host from the Hosts available for monitoring pane to monitored groups, do one of the following: change the monitoring parameters of the host (see Editing Monitoring Parameters of a Host on page 88); move all new hosts into some group at once (see Moving New Hosts to a Monitored Group on page 86). Note: After you add the hosts from the list of hosts available for monitoring to a monitored group, they are polled after a delay which depends on the polling period's current phase. Therefore, the newly-added hosts have the Unknown status. The status of a new host will be specified after its first successful polling. If you want to configure the monitored hosts and groups, on the Manage tab, click Hosts. A page with the monitored groups list will be displayed with groups' hosts and their settings. Hosts in the list are grouped according to the current Monitoring Server settings. You may expand and collapse any of the groups. To do this, use the arrow button to the left of the group name. To filter out the hosts, in the search box above the host list, type name or a part of a name. To change the monitoring parameters of a host, click it in the host list. StateWatcher 4.3 81
Each list entry (related to a monitored group or host) displays the following information: Table 6: Columns of the Monitored hosts list and the Hosts available for monitoring list Column name ViPNet type Poll Host name Identifier/IP address Polling interval Description Host type icon. Monitoring Server detects it automatically when adding the host for monitoring. A check box which shows whether the group or hosts monitoring is enabled or disabled. If the check box is selected, the monitoring is on, otherwise it is off. This check box is not displayed for the hosts in the Hosts available for monitoring pane. The monitoring server does not poll the hosts that don't have IP addresses or that have zero IP addresses (regardless of whether the monitoring or these hosts is on or off). If later these hosts get IP addresses, and if their monitoring is on, their polling starts automatically, so you don't have to turn it on manually. In the groups in the Monitoring hosts list, the check box may be shaded:. This means that some hosts in the group are monitored, but monitoring for the whole group is disabled. You can select or clear the shaded check box. When you select the group check box, check boxes of its hosts are selected too. A monitored host's name. For a public host, the host name is editable. For a protected (ViPNet) host, the host name is read-only. You specify this name in ViPNet Network Manager. The ViPNet host ID for a monitored ViPNet host or the IP address for a public host. The polling period of a monitored host by its monitoring server (seconds). It is displayed only when you select a monitored host. Creating and Editing a Monitored Group To create and edit a monitored group: 1 On the Manage > Hosts page, do one of the following: StateWatcher 4.3 82
o o Click Create a group to create a new group of monitored hosts. In the Monitored hosts list, click the name of the group to edit its parameters. Figure 37: Editing monitored group parameters 2 Set or edit the following parameters of the monitored group: o Group name for the monitored group name. For the group name, you may use only letters (Roman and Cyrillic), digits (0-9), the - (hyphen), and the _ (underline) symbols. Warning: Monitored groups' names for the same monitoring server must be unique. o Group hosts for the list of group's hosts. Fill the Group hosts list with the hosts that you want to be in the group. Warning: If you include a host into the new group, it will be automatically deleted from its current group. Move the required hosts from the All hosts to the Hosts in the group list by clicking and. When the Create Group window is displayed, the All hosts list displays all the monitored hosts in their groups (but does not display the hosts of the Hosts available for monitoring list). StateWatcher 4.3 83
Note: When you are moving hosts back to the All hosts group, they will go to the Default group, even if these hosts were in a different group before you brought them to the new group. You may filter the hosts of the All hosts and Group hosts lists by host name. To do this, type the name or a part of the name in the search box above the list. Note: When you are creating a new group, you may leave the host list blank and return to its filling later, when you will edit the group's properties. 3 After you set the monitored group's parameters, click Save. To discard changes, click Cancel. Adding Hosts to the Public Hosts List To be able to monitor a public host, first add this host to the Public hosts section of the Hosts available for monitoring pane. On the public host, the SNMP agent (service) must be configured and running (see Configuring the SNMP Service on a Public Host on page 242). To add a public host for monitoring: 1 On the main page, on the Manage tab, click Hosts. 2 In the Public hosts section, click Add. 3 In the Add Public Host window, specify the following parameters: o o o o The public host's IP address. The public host's name. The network protocol over which the monitoring server communicates with the public host. The network port, which the monitoring server uses to connect to the public host. StateWatcher 4.3 84
Figure 38: Adding a public host 4 Click Add. To cancel the operation, click Cancel. As a result, the added host will be displayed in the public hosts list in the Hosts available for monitoring pane. If necessary, you can import several public hosts at once and update the information about the previously added hosts by using a public hosts import file in the XML format. You may use a special template to create this file (see Public Hosts Import File Template on page 234). To import public hosts to the monitoring server's public hosts list: 1 On the main page, on the Manage tab, click Hosts. 2 In the Public hosts section, click Import. 3 In the Import Public Hosts window, click Browse and choose the public hosts import file you need (in the XML format). Figure 39: Importing public hosts 4 To update information about previously added public hosts, choose Update the existing hosts. 5 Click Import. If you need to cancel the public hosts import, click Cancel. StateWatcher 4.3 85
As a result, all the public hosts whose parameters you have specified in the import file will be added to the monitoring server's public hosts list. Moving New Hosts to a Monitored Group In the Hosts available for monitoring list, you can move new hosts to a monitored group in one go. To do this: 1 In the main window, on the Manage tab, click Hosts. 2 On the displayed page, click Add hosts to monitoring. A window with a list of hosts to be added for monitoring will be displayed. Figure 40: Moving new hosts to a monitored group StateWatcher 4.3 86
3 To simultaneously transfer new hosts: 3.1 In the Group name list, select the group to which you want to move the new hosts. 3.2 In the Hosts list, select the check boxes of the hosts that you want to add to the group. You may filter the hosts in the Hosts list by host name. To do this, type the name or a part of the name in the box above the list. To select all the new hosts, select the All check box. 3.3 For the selected group, you can set the following monitoring parameters: Enable polling to turn on and off the group's hosts monitoring. Host polling timeout (sec) to set the polling period of the group's hosts by the monitoring server (seconds). The minimal value is 30 (seconds). You can't edit the value in this box if the Enable polling check box is cleared. All rules is the list of all processing rules and the rules included in notification templates. In use is the list of all processing rules and the rules included in notification templates. Processing rules that are added to this list will be applied on the selected monitored hosts. Move processing rules to the In use list of the selected user by clicking and. In the In use list, select the required notification types for each rule. 4 Set the required group monitoring parameters and click Save. Click Cancel to discard the changes. Note: Moving many new hosts at once may take time. While the hosts are being moved, you will see the icon, and you will be notified when the hosts are successfully added to the selected group. Wait until the hosts moving completes. When new hosts are moved to a monitored group, the resulting number of monitored hosts is checked for compliance with the license, which limits the maximum number of hosts on this monitoring server. If the total of the monitored hosts of all monitored groups and the hosts selected for moving into a monitored group exceeds the limit specified in the license, then a corresponding notification is displayed, and the new hosts are not moved to the selected monitored group. The notification contains the number of hosts that are allowed by your license to be moved to monitored groups. StateWatcher 4.3 87
Editing Monitoring Parameters of a Host To edit the monitoring parameters of a certain host: 1 On the main page, on the Manage tab, click Hosts. 2 In the displayed window, in the Monitored hosts list, click the required host. A window with the current monitoring parameters will be displayed. Figure 41: Editing the parameters of host's monitoring 3 Configure the host monitoring parameters: o o o o o Enable polling to turn on and off the host's monitoring. Select this check box, if you want the host to be polled by the monitoring server; otherwise clear the check box. Group name to specify the name of the monitored group that includes the host. If you want to move the host to another group, open the group names list and select the required group. Host polling timeout (sec) to set the polling period of the host by the monitoring server (seconds). The minimal value is 30 (seconds). You can't edit the value in this box if the Enable polling check box is cleared. All rules is the list of all processing rules and the rules included in notification templates. In use is the list of all processing rules and the rules included in notification templates. Processing rules that are added to this list will be applied on the selected monitored StateWatcher 4.3 88
o o hosts. Move processing rules to the In use list of the selected user by clicking and. In the In use list, select the required notification types for each rule. Protocol to specify the network protocol over which the monitoring server communicates with the public host. Port to specify the network port, which the monitoring server uses to connect to the public host. Note: You should specify the Protocol and Port options only for public hosts. For a ViPNet host, there are no such options in the Edit Host window. For a public host, the host name is editable. For a protected (ViPNet) host, the host name is read-only. You specify this name in ViPNet Network Manager. 4 Set the required host monitoring parameters and click Save. To discard changes, click Cancel. Deleting Monitored Hosts and Groups If you want to delete a monitored host or a monitored group, do the following: 1 On the main page on the Manage tab, click Hosts. 2 Click the host's or the group's name: o o If you want to remove a host from a group, in the Edit Host window, click Remove from group. Upon deleting a host from a group, the host will be moved to the Hosts available for monitoring list. If you want to delete a group, in the Edit Group window, click Remove group. After you delete this group, all its hosts will be moved to the Hosts available for monitoring list. 3 To delete the selected host or group, click Save. To discard the changes, click Cancel. Note: When you delete a host, its data and events log is saved on its monitoring server. StateWatcher 4.3 89
Stopping Monitoring of a Public Host You can stop monitoring a public host if it hasn't been added to a monitored group previously (for example, if a host was added to the section by mistake). To stop monitoring a public host: 1 On the main page, on the Manage tab, click Hosts. 2 In the Public hosts section, do one of the following: o Click near the host you want to remove. o On the toolbar, click Remove. In the Delete public hosts window, select the check boxes near the host or several hosts you want to remove and click Remove. Figure 42: Stopping public hosts monitoring As a result, the selected public host (or several hosts) will stop being monitored and will not be displayed in the interface. StateWatcher 4.3 90
Setting Monitored Host Types The Monitoring Server program detects the types of monitored hosts automatically when you add the hosts for monitoring. The host type can be detected: For ViPNet hosts, based on the list of roles (see Role on page 278) assigned to hosts. For public hosts, based on parameters received over the SNMP protocol. Monitored host types allow the administrators to differentiate the methods of detecting events on hosts by fine-tuning processing rules for a certain host type. Another advantage of this feature is that you can easier see in Monitoring Web Access, which host requires troubleshooting and what you should do to solve the problem. The monitoring system supports the following host types: ViPNet hosts: o o o o Client. Coordinator. ThinClient. Smartphone. Unprotected hosts: o o o o o Public. UPS. Printer. Router. IDS. Unknown (the host type cannot be defined). If necessary, you can change the automatically detected host type. This may be helpful, for example, when the most used host type on your ViPNet network is different from the automatically set host type. To change a host's type, log on to Monitoring Server as an administrator. StateWatcher 4.3 91
Do the following: 1 In the main Monitoring Web Access window, in the host list, click the host whose type you want to change. 2 In the Host Information window, click the host type button in the upper left corner. 3 On the menu, click the required host type. Figure 43: Choosing a monitored host's type 4 Click Close. As a result, the host type will be changed. StateWatcher 4.3 92
Configuring Processing Rules A monitoring server processes the collected data to learn the current state of monitored hosts and to detect possible malfunctioning. Data processing is based on the rules you configure in the Monitoring Server program. In the ViPNet StateWatcher monitoring system, some processing rules are built in (see Built-in Processing Rules on page 249). The built-in rules can't be deleted or edited, but you can copy (for example, to create a similar rule with a different severity level or other parameters) and apply these rules to monitored hosts. Under the administrator account, you can create and configure new processing rules. Only an administrator can configure processing rules. If you are logged in as an administrator, you can: create processing rules; edit processing rules; copy processing rules (see Copying a Processing Rule on page 99); delete processing rules (see Deleting a Processing Rule on page 99); configure notifications (see Configuring Notifications on page 101). Processing rules are organized in groups with pre-defined names and purposes. To view the rules in a group, on the Manage tab, click Processing Rules and display the list by clicking the icon to the left of the group label. Monitoring Server supports the following processing rules groups: Built-in rules, a group of built-in rules (see Built-in Processing Rules on page 249). The content of built-in rules depends on the installed customization pack (on page 276). Parent rules, a group of rules created on parent monitoring servers and applied to their child monitoring servers in a cascade. You can set a rule to be applied on child servers in a cascade when you are creating or editing the rule on the parent monitoring server. User rules, a group of processing rules created by monitoring server's administrator. Deleted rules, a group of processing rules deleted by monitoring server's administrator. This group also includes the following: StateWatcher 4.3 93
o o o Previous variants of edited rules. When you are editing a rule's parameters, a new version of the rule is saved as the current version. The previous version of the rule is moved to the Deleted rules group. Rules deleted after updating the Monitoring Server program with a customization pack. Parent rules received from the parent monitoring server, in the following cases: the administrator of the parent monitoring server has canceled execution of userdefined processing rules on its child servers (including the server that you are accessing); the child-parent relation between the server that you are accessing and its former parent server has been removed. Creating and Editing a Processing Rule Warning: You cannot edit built-in rules' parameters. You only can edit the list of the hosts the rule will be applied to. If you remove all hosts from the rule application list, you disable the rule. To create or edit a processing rule: 1 On the Manage > Processing Rules page, do one of the following: o Click Create a rule and choose the rule type: Simple to create a simple processing rule with a rule constructor (see Processing Rules Constructor on page 278). Complex to create a complex rule in an editor. Figure 44: Choosing a rule type o In the navigation pane, select the rule you want to change. To do this, expand the group by clicking the icon to the left of its name and select the required rule. The rule parameters will be displayed in the view pane. StateWatcher 4.3 94
2 In the Processing rule name box, type or change the rule name. Warning: Processing rules' names must be unique but may coincide with the deleted rules' names (the Deleted rules group). 3 Set or edit the rule parameters by using a rule constructor or an editor depending on the rule type: o o In the editor, type the code of the processing algorithm in a special script language (see Processing Rules Syntax on page 150). In the rule constructor, specify the rule conditions (see Configuring and Editing Rule Parameters in the Rule Constructor on page 96). 4 In the Notification Options pane, in the Hosts list, select hosts or host groups that are monitored directly for the processing rule to be applied to them. You can also filter hosts by name by typing the name or a part of the name in the search box above the host list. Note: You cannot edit the list of the hosts parent processing rules apply to. Parent processing rules applied to child monitoring servers are always executed on all hosts monitored by the child server. Figure 45: Selecting the hosts to which the rule will be applied 5 In the Notification Options pane, in the Users list, select users who will be notified about events associated with this processing rule. In this list, select the required notification types for each user. To set some notification type for all users on this list, click it in the All line. Figure 46: Configuring notifications StateWatcher 4.3 95
6 To configure notifications for the rule using templates, in the Rules Templates list, select the required notification types for some templates or in the All line. After you have saved the changes, the rule and selected notifications will be added to the templates. 7 To apply the rule on child monitoring servers, in the navigation pane, next to the rule name click. The rule will be applied to all your child monitoring servers. Every child server will create a copy of this rule: o o If the rule applied to child servers is user-defined, its copy will be saved in the child servers' Parent rules group. If the rule applied to child servers is built in, its copy will be saved in the child servers' Built-in rules group. Note: If a child server is unavailable, the processing rule assigned to it will be applied only after the child server becomes available. You can view information about the servers' availability on the Manage > Cascade page. 8 Click Save. When you save a rule, its syntax will be checked automatically (see Verifying Processing Rules Syntax on page 161). If you do not want to save the rule, click Cancel. Note: Applying a processing rule to many monitored hosts at once may take some time. While the rule is being assigned, the icon and a corresponding notification will be displayed. Wait until the rule assignment is completed. The created or edited rule will be displayed on the User rules group. Configuring and Editing Rule Parameters in the Rule Constructor To set or edit parameters of a rule in the constructor: 1 In the view pane, click the Rule Constructor tab and, under Condition, specify the conditions for the processing rule to be applied. To do this: 1.1 In the Parameters list, select a host parameter to create a condition for (a ViPNet host identifier, a virtual IP address, and so on). If necessary, you may search for parameters in the list by their names. To do this, click the icon near the Parameters list and type the parameter's name or a part of its StateWatcher 4.3 96
name. The required parameter is then highlighted, and you can select the parameter by pressing Enter. Note: When you create a simple processing rule in a constructor, you may use only one parameter collection. This means that if you choose a parameter from one collection (for example: the Interface status parameter of the Network interfaces collection), then parameters from other collections (for example: the Disks collection) will be unavailable to you. 1.1 In the Value type list, select the parameter value type for the host, to which the condition will be applied (Current or Previous). 1.2 In the Operand list, select the operator. When you create processing rules in a constructor, you may use the following operators: equal ==; not equal!=; occurrence part of; greater than >; less than <; greater than or equal to >=; less than or equal to <=. Also, you may use these operators for comparison of the current parameter value with the previous one. To do this, in the Operator list, select the required operator with the Current or Previous token (depending on the parameter value type chosen from the Value type list). Then, in the Value box, the Current or the Previous value respectively will be displayed. 1.3 In the Value box, type or select the parameter value for the condition to be applied. 1.4 To add a condition, click. To delete a condition, click near the required condition. 1.5 In the list between two conditions, select the Boolean operator to connect them with (AND, OR). 1.6 To group several conditions, select the check boxes near the required conditions, click and, if necessary, in the list between the conditions, change the operator connecting them. To ungroup the conditions, click the button near them. Grouping allows you to establish the order in which the set conditions should be verified. Ungrouped conditions are verified in the same order they are following in the StateWatcher 4.3 97
Condition group. You can connect all the conditions only if you use the same operator. Figure 47: Creating a rule in a constructor 2 Under Processing rule message, type a notification that will be displayed when applying the rule. To do this: 2.1 In the Message text box, type the notification text. It should be short and instructive. The text must be no longer than 512 characters. 2.2 In the Parameters list, choose the host parameter that will be added to the text. 2.3 In the Value type list, select the parameter value type for the host, to which the condition will be applied (Current or Previous). 2.4 To add a message, click. To delete a message, click near the required condition. If you add several messages, their text will be displayed in the pop-up window Event Information, in the Message field, and in the Information about events registered on hosts window, in the corresponding cell of the Message column. If you don't add any messages, you will not be able to save the created rule. 3 In the Rule severity level section, choose the severity level for the rule to be applied. 4 When you are specifying conditions, you may also view the rule code. To do this, in the view pane, click the Rule Editor tab. The rule code will be read-only then. StateWatcher 4.3 98
Copying a Processing Rule To copy a processing rule: 1 On the main page, on the Manage tab, click Processing Rules. 2 In the navigation pane, select the rule that you want to copy. If the rule is not displayed, expand the list by clicking the icon label. to the left of the group 3 Click Create a copy. 4 If the chosen processing rule is a simple one, in the displayed window (see figure on page 94), choose the rule type for the copy: o o Simple to create a simple processing rule with a rule constructor (see Configuring and Editing Rule Parameters in the Rule Constructor on page 96). Complex to create a complex rule in an editor. After the rule is copied, you may edit it according to your needs. 5 Click Save. The copied rule will be added to the User rules group. The rule's copy is distinguished from its original version only by its name: to the original rule's name, the (copy) string is added. Warning: The new version's code, its assignment to hosts and child servers is copied from the original version. Deleting a Processing Rule Warning: Built-in rules can't be deleted. On a child monitoring server, the parent rules can't be deleted too. To delete a processing rule: 1 On the main page, on the Manage tab, click Processing Rules. 2 In the navigation pane, select the rule that you want to delete. StateWatcher 4.3 99
If the rule is not displayed, expand the list by clicking the icon label. to the left of the group 3 In the navigation pane above the rules list, click Delete. 4 Confirm the operation by clicking OK. The selected rule will be moved to the Deleted rules group and will stop detecting events. If necessary, you may copy a deleted rule (see Copying a Processing Rule on page 99). Note: When on a parent monitoring server you delete a user rule, it will be moved to the Deleted rules group. On the child monitoring servers where it was applied, the rule will disappear from the Parent rules group. In the log, an entry about the rule being deleted will appear. StateWatcher 4.3 100
Configuring Notifications In Monitoring Server, you can specify all the notification parameters for each severity level. Specified parameters are valid for all processing rules. Notifications and conditions of their occurrence are specified individually in each rule when it has been created or modified. To create notifications, the notify method of the Notificator object is used in the rules. In this method you can set the required severity level (see Objects and Methods Used for Setting Notifications on page 157). When the notify method is invoked, notifications of all specified types with the set severity level parameters are created. Note: Only an administrator can change notification settings. The following notification types are supported: Notifications in the host list. The purpose is to notify about the number of events registered on the host as well as about the event severity level. The event icon colors are specified in the Monitoring Server program settings (for example, ). Pop-up messages. On the Host List page, you can use notifications of two types: o o Pop-up messages, which are displayed in the lower right-hand corner of a page when an event takes place on a monitored host. Messages in the Information about events registered on hosts window. In this case, notifications are displayed in a separate window. Messages about events are displayed just after these events have been registered. For more information on visual notifications see ViPNet StateWatcher: Monitoring System for ViPNet Networks. Monitoring Web Access. User s Guide. Notifications on the map. This notification type is designed for highlighting hosts on the map. The notifications are displayed on the map by way of the hosts blinking. The blinking color corresponds to the event of the highest severity level among the events detected. The colors of the notifications on the map are the same as the colors of the notifications in the hosts list. Sound notifications. StateWatcher 4.3 101
Sound notifications are played in Monitoring Web Access. For each severity level, its own sound file (in MP3 format) should be set. Email notifications. Email notifications are email messages that are sent to users. The subject of the email message should include the name of the processing rule that generated the notification and the name of the host on which the processing rule was executed. The message text is formed according to a template specified in settings or in the customization pack (on page 276). A common template may be specified for different severity levels. The email address of a recipient is specified by the administrator in the account settings. ViPNet Business Mail notifications. ViPNet Business Mail notifications are text files that can be sent to users in ViPNet Business Mail messages. A notification may be a part of a message text or may be an attachment of a message. It depends on the settings of autoprocessing rules in ViPNet Business Mail. This file includes the text of the message specified in a processing rule. The file name is formed according to the following template: <host name>_<host identifier>_<rule name>_<execution time>.txt. If a file with the same name already exists, then the name is formed according to the following template: <host name>_<host identifier>_<rule name>_<execution time>_number.txt, where number is an ordinary number between the existing files with the same name (starting with 1). The files formed for sending are moved to the folder specified in the Monitoring Server program settings. According to autoprocessing rules, from this folder, they are sent to hosts where Monitoring Web Access is used. When the email messages are being received, the ViPNet Business Mail program notifies the users about it. SMS notifications. An SMS notification is an SMS message or a few SMS messages sent to users' phones. SMS notifications are formed based on the processing rule's message text. The maximum length of an SMS message is 70 characters. If the notification text is longer than that, the notification is divided into several SMS notifications, no longer than 70 characters each. Every SMS notification includes several fields displaying the following information: o o o o o o the Monitoring Server's name (maximum 40 characters); the processing rule's name (maximum 40 characters); the monitoring event's severity level (maximum 10 characters); the name of the host where the processing rule was applied (maximum 40 characters); the time when the processing rule is applied; the processing rule's message text (maximum 70 characters). StateWatcher 4.3 102
The length of each is limited. If any field exceeds this limit, the full text won't be displayed in the SMS notification. The number of SMS notifications sent per minute and per day is limited. You define these limitations while configuring Monitoring Server in the server.ini file. Warning: To send and receive notifications in ViPNet Business Mail, configure autoprocessing on your monitoring server. For more details about autoprocessing and its settings, see the document ViPNet Business Mail. User's Guide, which is a part of the ViPNet Client software distribution kit. Notification Types The following notification types are supported: Visual notifications (on page 107). This notifications group comprises: o o o o Notifications in the host list. The purpose is to notify about the number of events registered on the host as well as about the event severity level. The event icon colors are specified in the Monitoring Server program settings (for example, ). Pop-up messages on the Host List page. They are displayed in the lower right-hand corner of a page when an event takes place on a monitored host. Messages in the Information about events registered on hosts window. They are displayed in a separate window just after the events have been registered. Notifications on the map. This notification type is designed for highlighting hosts on the map. The notifications are displayed on the map by way of the hosts blinking. The blinking color corresponds to the event of the highest severity level among the events detected. The colors of the notifications on the map are the same as the colors of the notifications in the hosts list. For more information on visual notifications, see the document ViPNet StateWatcher: Monitoring System for ViPNet Networks. Monitoring Web Access. User s Guide. Sound notifications (on page 107). Sound notifications are played in Monitoring Web Access. For each severity level, its own sound file (in MP3 format) should be set. Email notifications (on page 108). StateWatcher 4.3 103
Email notifications are email messages that are sent to users. The subject of the email message should include the name of the processing rule that generated the notification and the name of the host on which the processing rule was executed. The message text is formed according to a template specified in settings or in the customization pack (on page 276). A common template may be specified for different severity levels. The mail server (SMTP) sends email messages. The email address of a recipient is specified by the administrator in the account settings. ViPNet Business Mail notifications (see Business Mail Notifications on page 110). Warning: ViPNet Business Mail notifications can be set only for the Administrator user account. ViPNet Business Mail notifications are text files that can be sent to users in ViPNet Business Mail messages. A notification may be a part of a message text or may be an attachment of a message. It depends on the settings of autoprocessing rules in ViPNet Business Mail. This file includes the text of the message specified in a processing rule. The file name is formed according to the following template: <host name>_<host identifier>_<rule name>_<execution time>.txt. If a file with the same name already exists, then the name is formed according to the following template: <host name>_<host identifier>_<rule name>_<execution time>_number.txt, where number is an ordinary number between the existing files with the same name (starting with 1). The files formed for sending are moved to the folder specified in the Monitoring Server program settings. According to autoprocessing rules, from this folder, they are sent to hosts where Monitoring Web Access is used. When the email messages are being received, the ViPNet Business Mail program notifies the users about it. Note: If the Monitoring Server program has to create a lot of notifications, they may be delayed or even partially lost when transferred via Business Mail or standard email. This may happen due to autoprocessing performance limitations of Business Mail and some SMTP servers. In this case, we recommend you to limit the number of generated notifications of specified types by disabling them for certain severity levels or to use an SMTP server with better performance. SMS notifications (on page 111). An SMS notification is an SMS message or a few SMS messages sent to users' phones. SMS notifications are formed based on the processing rule's message text. StateWatcher 4.3 104
In the Monitoring Server program, an SMS gateway is used for sending SMS notifications. Monitoring Server addresses the SMS gateway over the SMPP protocol. An SMS gateway is a server, which converts messages received from the monitoring server to SMS messages and sends them to the defined recipients' phone numbers. The maximum length of an SMS message is 70 characters. If the notification text is longer than that, the notification is divided into several SMS notifications, no longer than 70 characters each. Every SMS notification includes several fields displaying the following information: o o o o o o the Monitoring Server's name (maximum 40 characters); the processing rule's name (maximum 40 characters); the monitoring event's severity level (maximum 10 characters); the name of the host where the processing rule was applied (maximum 40 characters); the time when the processing rule is applied; the processing rule's message text (maximum 70 characters). The length of each is limited. If any field exceeds this limit, the full text won't be displayed in the SMS notification. The number of SMS notifications sent per minute and per day is limited. You define these limitations while configuring Monitoring Server in the server.ini file. Notification over the Syslog protocol (on page 112). Warning: Syslog notifications can be set only for the Administrator user account. Notifications over the Syslog protocol are messages about monitoring events that are created on the monitoring server and transferred over UDP/TCP to the Syslog server for processing. On the Syslog server, monitoring events description is saved to the data base. The description contains the following parameters: event time, IP address and identifier of the host where the event was detected, full version number of the ViPNet StateWatcher software, processing rule info, event severity, and some more. Creating and Editing Notification Templates A notification template contains the list of processing rules and notification types assigned to each rule. Using templates you can set notifications easier while configuring user accounts, monitoring groups, and processing rules. StateWatcher 4.3 105
To create or edit a notification template: 1 On the Manage > Templates page, do one of the following: o o To create a template, click Create a template. To edit a template, click the template name. 2 In the displayed window, in the Template name box, type or edit the template name. 3 Move processing rules and templates from the All rules to the In use list by clicking and. 4 In the In use list, select the required notification types for each processing rule. To set some notification type for all rules on this list, click it in the All line. Figure 48: Creating and editing notification templates 5 Click Save. In the Editing a Template window, you can delete the template by clicking Delete template and confirming the action. StateWatcher 4.3 106
Visual Notifications To configure visual notifications: 1 Enable or disable notifications (see Configuring Notifications on page 101) for certain processing rules. 2 If necessary, change the message color displayed on the host list, the map, and pop-ups (one color is set for all these message types). To do this: 2.1 In the main window, on the Manage > Options page, select Notification types > Visual. 2.2 Click Change next to the event severity level for which you are going to change the color. 2.3 Choose the color and click OK. 2.4 To save changes for all severity levels, click Save. Sound Notifications To configure sound notifications: 1 Enable or disable notifications (see Configuring Notifications on page 101) for certain processing rules. 2 If necessary, set another sound for the notification. To do this: 2.1 In the main window, on the Manage > Options page, select Notification types > Sound. 2.2 Click Change next to the event severity level for which you are going to change the sound. 2.3 Choose the sound file and click Open. 2.4 To configure sound duration for all severity levels, in the Set sound duration box, set the required value. 2.5 To save your changes, click Save. You can mute or unmute the notification sound by clicking in the notification pane. StateWatcher 4.3 107
Email Notifications To configure sending notifications by email, do the following: 1 Enable or disable notifications (see Configuring Notifications on page 101) for certain processing rules. 2 On the Manage > Options > SMTP page, configure connection to the SMTP server. Note: You can pre-configure a connection to the SMTP server when you are installing Monitoring Server (see Monitoring Server Installation on page 46). Later, when you work in the program, you may change SMTP server connection settings (for example, in case your mail server's IP address changes). To do this: 2.1 Under Required options, configure connection to the SMTP server: Server address is the IP address or DNS name of the mail server through which notifications about monitoring events will be transferred. Port is the port used to connect to the mail server. StateWatcher 4.3 108
Email address, from which notification messages will be sent is the email address from which notifications about monitoring events will be received. Figure 49: Configuring a connection to an SMTP server 2.2 If connection to the SMTP server requires authentication, then under Additional options, select the Use this user account to log on to the SMTP server check box and type user credentials in the User name and Password boxes. 2.3 To check the connection to the SMTP server, send a test email by clicking Send test email. The test email will be sent to the address you specified in the Email address, from which notification messages will be sent box. 2.4 After you finish configuring, click Save. 3 Make sure that an email address is specified for a user who must receive email notifications. To do this, on the Manage > Users page, click the user account on the list. If required, change the list of email addresses and click Save. 4 On the Manage > Options page, go to Notification types > By email and choose an email message template for each severity level. StateWatcher 4.3 109
Note: By default, a demo file (default.jasper) is specified for all severity levels that is distributed in the customization pack for the Monitoring Server program. You may edit this template or create another template (see Creating and Editing Notification Templates on page 105). To choose another template, click Change. To save the template file on your computer, click Download. To save your changes, click Save. Business Mail Notifications Warning: To send and receive notifications in ViPNet Business Mail, configure autoprocessing on your monitoring server. For more details about autoprocessing and its settings, see the document ViPNet Business Mail. User's Guide, which is a part of the ViPNet Client software distribution kit. To configure sending notifications by Business Mail, do the following: 1 Enable or disable Business Mail notifications (see Configuring Notifications on page 101) for certain processing rules. 2 In the main window, on the Manage > Options page, select Notification types > By Business Mail. 3 For each severity level, choose the template that should be used to form a Business Mail notification message subject. Figure 50: Configuring Business Mail notifications To do this, in the Subject template for email list, select the check boxes of the parameters you want to include in the message subject. You may change the parameters order by clicking. StateWatcher 4.3 110
Warning: A subject template for the email message can't be blank. The email message's subject length mustn't exceed 160 symbols. Otherwise, the ViPNet Business Mail program will terminate abnormally receiving such a message. To shorten the subject, clear the check boxes for optional parameters. 4 For each severity level, in the Email body template box, choose the template for the email message body. By default, a demo file (bmailtemplate.jasper) is specified for all severity levels that are distributed in a customization pack with the Monitoring Server program. You may edit this template or create another template (see Creating and Editing Notification Templates on page 105). To change this parameter, under Other, near the E- mail message text template box, click Replace and choose the required file. 5 Click Save. SMS Notifications To configure SMS notifications: 1 Enable or disable SMS notifications (see Configuring Notifications on page 101) for certain processing rules. 2 Configure connection to the SMS gateway. To do this: 2.1 In the main window, click Manage > Options > SMS. 2.2 Under SMPP options, specify the parameters for connecting to the SMS gateway over SMPP: Server address defines the SMS gateway's IP address or DNS name. Port defines the port used for connecting to the SMS gateway. User is the user name, under which you connect to the SMS gateway. StateWatcher 4.3 111
Password is the password to the account. Figure 51: Configuring connection to the SMS gateway 2.3 To check connection to the SMS gateway, send a test SMS message. To do this, specify the phone number the message should be sent to and click Send a test message. 2.4 After you finish configuring, click Save. 3 Configure limitations for SMS notifications in the server.ini file (see [sms] Section on page 137). 4 Make sure that telephone numbers are specified for the users who must be notified by SMS. For more details, see the section Creating and Editing a User Account (on page 75). Notification over the Syslog Protocol To configure notification over the Syslog protocol: 1 Enable or disable Syslog notifications (see Configuring Notifications on page 101) for certain processing rules. 2 In the main window, on the Manage > Options page, select Syslog. StateWatcher 4.3 112
3 In the corresponding boxes, choose the protocol (UDP is set by default) and type the IP address and port that will be used for connection to the Syslog server. 4 Click Save. Figure 52: Configuring notification over the Syslog protocol StateWatcher 4.3 113
Configuring Connection to a Proxy Server For configuring SMS notifications and monitoring hosts on an online map, the monitoring server must have access to the Internet. You may configure direct access to the Internet or access via a proxy server. If you connect to the Internet via a proxy server, you may configure access to this server via Monitoring Web Access. Warning: Access to the Internet via a system proxy server requires starting Apache Tomcat with the OS administrator rights. To configure connection to the proxy server: 1 In the main window, on the Manage > Options page, select Proxy. 2 Choose one of the following options: o o o No proxy to connect to the Internet directly. This is the default option. Use system settings for proxy server to connect to the proxy server as configured in your OS settings. Configure proxy server manually to specify the required proxy server settings in Monitoring Web Access. StateWatcher 4.3 114
Figure 53: Configuring connection to the proxy server 3 If you choose Configure proxy server manually, specify the following connection parameters: o o o In the Server address box, type the proxy server's IP address or DNS name. In the Port box, type the port that will be used to connect to the proxy server. In the Do not use proxy server for the following addresses box, specify the addresses of the resources to which you will connect directly. Separate the addresses by a semicolon. 4 If the connection to the proxy server requires authentication, select the Use this user account to access the proxy server check box and specify the following parameters: o o In the User box, type user name, under which you will connect to the proxy server. In the Password box, type the password to this account. 5 After you finish configuring, click Save. StateWatcher 4.3 115
Configuring the Map To configure the map and locate monitored hosts on it, log on to Monitoring Web Access as an administrator. The standard customization pack (on page 276) allows you to work with OpenStreetMap online solution. To configure the map: 1 On the Manage tab, click Map. A page with the current monitored hosts geographical locations will be displayed. Figure 54: Configuring a map 2 You may add hosts to the map or remove them as you need. o To add a host to the map, in the navigation pane, select a host or a host group, then drag and drop it to the required place on the map. As a result, the host or the host group will be added to the map. StateWatcher 4.3 116
Also, you can add a host to a map by using its real coordinates detected with the geopositioning system. Note: Adding a lot of monitored hosts to the map may take some time. During this process, the icon will be displayed and you will be prompted that the hosts are being added. Wait until the hosts are successfully added. Monitored hosts are displayed on the map according to their type, as follows: means a protected host with installed ViPNet Client software; means a protected host with installed ViPNet Coordinator software or with ViPNet Coordinator HW/VA; means a protected mobile host (a smartphone) with a special version of the ViPNet Client software; means a protected host with ViPNet ThinClient; means a public host; means an Uninterruptible Power Supply (UPS); means a printer; means a router; means an IDS; means a host of an unknown type; means a host group. The hosts you added to the map will be also displayed in the hosts list. Note: As soon as you add a host to the map, Monitoring Server will start displaying notifications about the events detected on the added host. o To remove a host from the map, click the host icon. In the Host Information window, click Remove from map and confirm. To remove all hosts from the map at once, on the toolbar, click Remove all the hosts from the map and confirm. StateWatcher 4.3 117
o To move a host on the map, point to the host, wait for the icon to be displayed, and then drag and drop the host to the required location. o To edit a host's parameters, click the host. Figure 55: Editing host's parameters Besides configuring hosts position on the map, you can customize the map display. When you edit display settings, you adjust the map's detailization level by including or excluding certain geographical objects and choose the way the monitored hosts will be displayed on the map. The display settings are user-specific (for the administrator as well). For more information, see the document ViPNet StateWatcher: Monitoring System for ViPNet Networks. Monitoring Web Access. User s Guide. This document also describes the advantages of working with the map. StateWatcher 4.3 118
Adding a Host to the Map According to Its Geographical Coordinates In Monitoring Server, you can add hosts to the map according to their real coordinates detected with the geopositioning system. The geopositioning system is a component of the Monitoring Server software. It has the following features: Getting real coordinates of the hosts by their IP addresses from public geolocation servers. Positioning the hosts on the map according to the received coordinates. Changing hosts' position on the map if their coordinates change. The geopositioning system detects the current coordinates of the monitored hosts at every poll. If the coordinates of any host have changed, the host's position on the map will be automatically changed. However, you may fix a host's position on the map so that its real coordinates won't affect it. To add a host to the map according to its real coordinates: 1 In the main window, on the Monitor > Host list page, poll the monitored hosts you want to add to the map. 2 On the Manage menu, click Map. 3 On the toolbar, click Locate hosts on the map. As a result, all the hosts whose current coordinators have been detected will be added to the map. To fix a host's position on the map: 1 On the Manage menu, click Map. 2 On the map, double-click the host whose position you want to fix. 3 In the Host Information window (see figure on page 118), click Fix location. Note: Also, you may first place a host on the map, and then fix its position. StateWatcher 4.3 119
As a result, at the following polls, even if the host's real coordinates change, its position on the map will remain the same. To make the host's position changeable again, in the Host Information window, click Unfix location. StateWatcher 4.3 120
Arranging a Monitoring Server Cascade Arranging a cascade (on page 275) allows you to set a hierarchical structure of monitoring servers by establishing parent-child relations between them. You can configure a cascade by changing the relations between monitoring servers. To configure a cascade, log on to Monitoring Web Access as an administrator. Within the same cascade, you can place hosts with the Monitoring Server software of version 4.0 and later. Cascading is supported if the parent monitoring server's software version is the same as or later than the ones on the child servers. Cascading isn't supported if the parent monitoring server's software version is earlier than the ones on the child servers. To use the monitoring servers where earlier software versions are installed in the same cascade with 4.0 monitoring servers, upgrade their software to 4.3 (see Upgrading Monitoring Server on page 56). Within a cascade, when the parent monitoring server communicates with its child servers where Monitoring Server 4.0 is installed, it can't receive information about public hosts because that software version doesn't support the SNMP protocol. Monitoring Server 4.3 supports all cascading features of version 4.0. After you arrange a cascade, make sure the parent-child relations have been formed correctly. To do this, view the Log tab of the event log, where the corresponding entries will be displayed: 1 When you establish a parent-child relation between servers, the following entries will be displayed: o Connection with child server <host name> ViPNet ID <host identifier> reestablished on the network level. o Parent-child relationship created with the child server <host name> ViPNet ID <host identifier>. The sequence of the two entries means that a relation is being established in the cascade: a parent monitoring server first checks connection to a child server on the network level, and then, if there is a connection, it establishes a parent-child relation. 2 If the parent-child relation is broken, the entry End of parent-child relationship with the child server <host name> ViPNet ID <host identifier> will be displayed. 3 When a connection between monitoring servers is broken on the network level, the entry Connection error on the network level with the child monitoring server <host name> ViPNet ID <host identifier> will be displayed. StateWatcher 4.3 121
4 When a connection between monitoring servers is restored on the network level, the entry Connection with child server <host name> ViPNet ID <host identifier> reestablished on the network level will be displayed. If the relations have been established correctly, the monitoring servers will function well in the cascade. If any relations haven't been established or have been broken, you need to reestablish these relations. Adding a Monitoring Server to a Cascade To add a monitoring server to the cascade: 1 Connect to the monitoring server that will be the parent server for all other servers. 2 In Monitoring Web Access, on the Manage tab, click Cascade. In the navigation pane, the current cascade structure will be displayed. The monitoring server you have connected to will be displayed at the top of the list. Figure 56: Arranging a cascade 3 In the navigation pane, in the list, choose the monitoring server to add (this server will be a child for its server) and, in the navigation pane, click Add to cascade. StateWatcher 4.3 122
Note: Only the monitoring servers that are linked (in the ViPNet Network Manager program) with the current monitoring server are displayed in the list. This server's parent monitoring server can't be added to the cascade because you can't make it this server's child server. Thus, you should start creating a cascade's structure from the root monitoring server, and then move down the cascade step-by-step. For each potential child monitoring server, in the view pane, a table is displayed, which contains the server's name, identifier, IP address, and cascade relation status (The relation has been established, The relation has not been established, and Waiting for the relation to be approved). To the left of the names of the servers with which no cascade relation has been established yet, the icon is displayed. 4 Wait for the relation with the chosen monitoring server to be approved. If you have been waiting for a relation to be established for too long, you may cancel the request and retry later. To do this, in the server's navigation pane, click Cancel request. To establish or break off a relation, monitoring servers exchange special messages. The monitoring server you are connected to sends a message to the monitoring server you have chosen from the list, requesting to make this server its child server. Then it waits for confirmation from this server's administrator. While the parent monitoring server is waiting for the child server to approve, the cascade relation between them gets the Waiting for the relation to be approved status. In the navigation pane, to the left of the server's name, the icon is displayed. After the response is received, the relation's status will be The relation has been established or The relation has not been established. Note: The reason that a relation in the cascade can't be established may be that the child monitoring server is inaccessible (servers that are accessible on the network are displayed in black, while the inaccessible ones are displayed in gray) or the administrator has denied the request to add the server in the cascade. In such a case, the relation will be established after the child server becomes accessible, and the administrator confirms the request. The connection with a parent monitoring server may be broken if the child server's administrator confirms a request for adding another parent monitoring server. As soon as the child monitoring server's administrator confirms the request, in the navigation pane, the icon will be displayed near the name of the added monitoring server. In the view pane of the current server, in the Relation column of the table, the cascade relation's status will be The relation has been established. StateWatcher 4.3 123
Warning: When you create cascade hierarchy, avoid cyclicity. In other words, no monitoring server can be both parent and child at the same time for any other monitoring server. Note that this condition is applied to all cascade elements. After relation between monitoring servers is established, the following changes are displayed in Monitoring Web Access: On the Monitor tab, the Cascaded hosts group is added to the hosts list. All child monitoring servers directly monitored by this server and their cascaded hosts are displayed here. On a child monitoring server, in the Parent rules group, user rules are displayed. These rules were created on the parent monitoring server, and the Apply on child monitoring servers check box was selected. On a child monitoring server, the built-in rules that have been applied by executing the corresponding command on the parent monitoring server are displayed in the Built-in rules group, and the Apply on child monitoring servers check box is selected. You can't clear this check box because these rules are associated with all hosts monitored by this child monitoring server. Adding a Child Monitoring Server to a Cascade. Administrator's Actions When arranging a cascade, the child monitoring server's administrator receives a request for establishing a relation in the cascade. The administrator can confirm the relation with a parent monitoring server or deny the request. If several parent monitoring servers are trying to establish a relation to this child monitoring server, the request will contain the list of such servers. A child server's administrator can choose the required parent server and confirm the relation (other servers will receive a denial) or deny all the requests. To allow a relation with a parent monitoring server: 1 Connect to the child monitoring server under the administrator's account. You will be prompted to establish a relation. StateWatcher 4.3 124
Figure 57: A prompt to establish a cascade relation 2 If several parent monitoring servers have sent you requests, choose the one required from the list. 3 Click Allow. To deny all the requests, click Deny all. As a result, a relation to the required server will be established. If you want to accept or deny the relation later, in the upper-right corner of the Request to establish cascade relation window, click. The request window will be closed. The icon will be displayed in the navigation pane. To open the request window again, click this icon. Removing a Monitoring Server from a Cascade To remove a monitoring server from a cascade: 1 Connect to the monitoring server that you want to add to the cascade. 2 In Monitoring Web Access, on the Manage tab, click Cascade. In the navigation pane, the current cascade structure will be displayed. The monitoring server you have connected to will be displayed on top of the list. 3 In the navigation pane, select the monitoring server, with which you want break the cascade relation. StateWatcher 4.3 125
4 In the navigation pane, click Remove from cascade. 5 In the Delete from the cascade window, make sure that you are removing the required server and click Delete. As a result, the server will be removed from the cascade. Note: You may remove a cascade relation only with your server's child servers, and not with child servers of your server's child. After you remove a server from the cascade, the following changes are displayed in Monitoring Web Access: On the child monitoring server, the rules that have been executed on the parent server will be moved from the Parent rules group to the Deleted rules group and will not be executed in future. On the child monitoring server, the built-in rules that have been executed on the parent server will not be executed in future. Monitoring statistics is not collected from the hosts monitored by the server that you have removed from the cascade. StateWatcher 4.3 126
Exporting and Importing Monitoring Server Settings Sometimes you may need to export your Monitoring Server settings to a file or import the settings from a file. The settings export and import is useful in the following cases: You need to move the Monitoring Server software with all its settings to a new computer. To do this: o o o On your old computer, export Monitoring Server settings. On a new computer, install Monitoring Server. On a new computer, import Monitoring Server settings from the file you have created earlier. You need to create a backup copy of Monitoring Server settings to restore configuration in case of equipment or software malfunctioning. To do this, export the file with program settings to a removable drive and put it in a safe place. Monitoring Server settings are saved to the file exportsettingsresult.xml (compressed to exportsettingsresult.zip) that contains the lists of users, hosts, and processing rules; notification templates; links of processing rules with users and notification types; settings of SMTP, SMPP, SNMP, and proxy; notification parameters; information about cascading and location of hosts on a map. Warning: Monitoring Server settings importing has some peculiarities. Read information in Peculiarities of Settings Importing (on page 128) to make sure that your actions will produce the desired outcome. To save the Monitoring Server settings to a file: 1 In the main window, click Manage > Options. 2 Click Export options. 3 Follow the instructions in the download manager of your browser. StateWatcher 4.3 127
To import Monitoring Server settings: 1 In the main window, click Manage > Options, and then click Import options. 2 In the Import options window, click Browse and choose the file with settings (*.xml or *.zip). Figure 58: Importing Monitoring Server settings Clear check boxes of the settings that you don't want to import. 3 Click Import. 4 Wait until the message about successful importing is displayed and click Close. Peculiarities of Settings Importing In this section, you will find the description of some importing features that should be taken into account. User list User accounts whose names are not specified in the settings list will be deleted. User accounts whose names are specified in the settings list and the Administrator account will be updated. StateWatcher 4.3 128
Based on the information about new users provided by the settings file, new user accounts will be created. Information (including a full user name) about added, updated, and deleted user accounts will be displayed. Host list All hosts will be removed from the list of monitored hosts. All public hosts from the settings file and protected hosts from ViPNet host links will be added to the list of public hosts that are available for monitoring. The hosts that are already on the list will remain there. Information about hosts, whose IP addresses are specified in the settings file, will be updated. After the importing is finished, information will be displayed about deleted hosts, updated public, and ViPNet hosts that could not be added because they are not included in the ViPNet host links. Notification templates All templates will be deleted except for the default one. New templates will be added from the settings file. The list of rules and notifications will be updated according to the settings file. After the importing is finished, the list of deleted and added templates will be displayed. The list of processing rules Processing rules that have not been specified earlier in Monitoring Server will be added. Processing rules that have been specified earlier in Monitoring Server but are not included in the settings file will be moved to the deleted group. Processing rules will be applied to monitored hosts and child servers due to the settings file. After the importing is finished, the list of added and deleted processing rules will be displayed. SMTP, SMPP, proxy server, and Syslog settings These settings will be updated based on the settings file. If protocol settings are not defined in the file, the current settings will remain unchanged. Notification types Associations between processing rules, users, and notifications will be set based on the settings file. StateWatcher 4.3 129
Cascading Relations with child servers that are not specified in the settings file will be broken. A request to establish cascade relations will be sent to the servers that meet all the conditions: they are specified in the ViPNet host links; they are appointed child servers in the settings file; they have not been child servers in relation to your monitoring server earlier. After the importing is finished, the list of monitoring servers will be displayed whose relations have been modified. Hosts on the map All hosts will be removed from the map. Other hosts will be added instead based in the information in the settings file. StateWatcher 4.3 130
Fine-Tuning Monitoring Server The parameters intended for Monitoring Server fine-tuning are stored in the server.ini configuration file. This file is in the folder \Tomcat_dir\webapps\ROOT\WEB-INF\classes, where Tomcat_dir is the Apache Tomcat installation folder. You can't change parameter values in Monitoring Web Access. To configure the parameters, you should edit the server.ini file in a text editor. For the new settings to be applied, after you edit and save the server.ini file, restart Monitoring Server (see Managing a Monitoring Server on page 39). Note: SMTP server connection parameters that are required for sending notifications about monitoring events are stored in a database. You can configure them in Monitoring Web Access. The server.ini file is a text file with a structure standard for configuration files. It consists of a limited set of sections, which contain various parameters. Each file line contains either a section name enclosed in square brackets, or a parameter name with a value. A line with a section name is considered the beginning of the section. A section ends where the next section starts or at the end of the file. The parameter name is always put as the first word in the line. It is followed by an equal sign ('='). Then the parameter value or a list of parameter values separated by a comma is specified. Here is an example of the server.ini file: [collection] MaxConnection=200 CollectionThreads=1 ThreadChannels=50 TCPConnectionTimeout=20 TCPReadWriteTimeout=60 UDPTimeout=10 PingTimeout=4 [storage] OlapDBUser=swadmin OlapDBPassword=tevaJsGaMpCNJaUVQLEfTw== DBServer=localhost DBPort=5432 DBName=sw_olap [analyze] AnalyzeThreads=1 AnalyzeThreadTimeout=10 AnalyzeThreadLatency=1 StateWatcher 4.3 131
[control] SyncInterval=300 OlapDBMaxSize=5000MB OlapDBMaxTime=365 RawDataMaxSize=15GB RawDataMaxTime=90 MaintananceDB=0 0 0-23/1 * *? MaintananceReindex=0 0 1 * *? MainLogLevel=ERROR AnalyzeLogLevel=ERROR MainLogPath=logs/statewatcher.log MainLogMaxSize=10MB MainLogBackups=7 AnalyzeDebugLogPath=logs/analyze-debug.log AnalyzeDebugLogMaxSize=5MB AnalyzeDebugLogBackups=0 SWJournalLogPath=logs/swjournal.log SWJournalLogMaxSize=5MB SWJournalLogBackups=1 SWJournalLogLevel=ERROR [smtp] SmtpQueueLimit=300 [sms] SMSperMinute=30 MaxSMSperDay=2000 SMSSendRepeatTime=120000 [gis] postgis.server=localhost postgis.port=5432 postgis.dbname=sw_gis postgis.user=swadmin postgis.password=tevajsgampcnjauvqleftw== [export] RawDataExportDir=log RawDataExportInterval=0 0 0/1 * *? AutomatedExport=OFF [bm] BmDir=C:/Users/Admin/AppData/Local/Temp/Business Mail BmEncoding=windows-1251 StateWatcher 4.3 132
[collection] Section This section contains Monitoring Server parameters that you can configure for collecting data: MaxConnection defines the maximum number of concurrent connections. The default parameter value is 200. CollectionThreads defines the number of threads that process input and output data on the transport layer. The default parameter value is 1. ThreadChannels defines the maximum number of connections operated by a single thread. The default parameter value is 50. TCPConnectionTimeout defines the time period, during which the monitoring server will be waiting for a TCP connection to public hosts to be established. The default parameter value is 20. TCPReadWriteTimeout defines the time period, during which the monitoring server will be waiting for the data from public hosts to be transferred over TCP. The default parameter value is 60. UDPTimeout defines the time period, during which the monitoring server will be waiting for the hosts to send response packets over UDP. The default parameter value is 10. PingTimeout defines the time period, during which the monitoring server will be waiting for the response while the connection is being checked (in other words, during the ping command execution). The default parameter value is 4. Warning: The parameters in the [collection] section are designed for optimal operation of Monitoring Server. We don't recommend you to change their values if it is not urgent. [storage] Section This section contains access parameters to the monitoring database and raw data storage settings: OlapDBUser is the monitoring database user name. This parameter's value is defined by the corresponding parameter's value, which you specify during Monitoring Server installation (on page 46). The default parameter value is swadmin. StateWatcher 4.3 133
OlapDBPassword is the monitoring database user password. This parameter's value is encrypted and defined by the corresponding parameter's value, which you specify during Monitoring Server installation (on page 46). DBServer is the monitoring server's name. The default parameter value is localhost. DBPort is the port number used by the monitoring server. The default parameter value is 5432. If two versions of PostgreSQL are installed on your server (for example, you installed the other version when you upgraded Monitoring Server to 4.3), the default value is 5433. DBName is the monitoring database name. The default parameter value is sw_olap. [control] Section This section contains data storage limits, a data rotation schedule, and logging settings. The data storage limits allow you to control the size of data stored on the monitoring server. Outdated data is periodically deleted due to rotation. You may set different data size and storage time limits for each type of processed data (raw data or processed data). The rotation procedure, which is started according to a schedule you specify, includes verification that these limits are not exceeded. If the size and/or storage time of the data exceed the specified limits, the oldest data is deleted from the database until the limits are matched. Warning: We recommend you to rotate your data once an hour. If you rotate the data less frequently, database requests slow down considerably (for example, when you are viewing monitoring events history). Besides setting a rotation schedule, you may also schedule reindexation of database tables in this section. You should accomplish this procedure periodically to prevent the slowdown of database requests. When reindexation is performed, access to Monitoring Server settings and monitoring events history is blocked. The reason for this is that service operations on the databases are performed, which makes the databases unavailable to read and to write. You may configure logging to control the size of the data stored in debugging logs. There are two debugging logs in the ViPNet StateWatcher monitoring system: the main log, to where user actions and monitoring events are written, and the processing rules log, to where events related to processing rules execution are written. You may set logging level limits, log size, and the number of log files to be stored for each log individually. A logging level defines how detailed log entries will be. The log size depends on it, as well: the higher the logging level, the more data will be written to the log. When the log size limit is exceeded, log files are automatically StateWatcher 4.3 134
rotated: the oldest files are deleted, outdated files are logically renamed, and the current log is overwritten with the newly created one. The number of log files remains the same as the one specified in the settings. The main debugging log uses the following logging levels (top-down prioritization): DEBUG is used to store detailed information about processes and components, which is critical for debugging. INFO is used to store messages related to the program operation. Usually, these messages notify about completing some operation or a component's status. WARN is used to store messages related to potentially dangerous situations, which may cause an error, malfunctioning, or are undesirable due to some reason. ERROR is used to store error messages. The processing rules log uses two logging levels: DEBUG and ERROR. The DEBUG level has the top priority and is used to log detailed information about processing rules, which is required for debugging. The ERROR level is used to store error messages. You may configure the following parameters in the [control] section: SyncInterval is the synchronization time span (in seconds). This parameter defines how often the monitoring server polls the ViPNet Monitor program to collect actual information about the hosts linked with it. The default parameter value is 300 (5 minutes). OlapDBMaxSize is the maximum monitoring database size (in bytes). You may specify the size in kilobytes, megabytes or gigabytes. To do this, specify KB, MB or GB after the value respectively. The default parameter value is 5 GB. Note: The maximum database size is considered separately for the events on directly monitored hosts and the events on cascaded hosts. For example, if the OlapDBMaxSize parameter has the 5 GB value, then the maximum database size will be 10 GB (5 GB for the directly monitored hosts' events and 5 GB for the cascaded hosts' events). OlapDBMaxTime is the maximum time span for storing the data in the monitoring database (in days). The default parameter value is 365 (1 year). StateWatcher 4.3 135
MaintananceDB is the schedule of data rotation start in the cron format (see Schedule Format on page 141). The default parameter value is 0 0 0/1 * *? (start every hour from 0:00). RawDataMaxSize is the maximum raw database size (in bytes). The default parameter value is 15GB. RawDataMaxTime is the maximum raw database storage time span (in days). The default parameter value is 90 (days). MaintananceReindex is the schedule of database table reindexation start in the cron format (see Schedule Format on page 141). The default parameter value is 0 0 1 * *? (the reindexation starts every day at 01:00). MainLogLevel is the logging level of the main debugging log. It may take the following values: ERROR, WARN, INFO, and DEBUG. The default parameter value is INFO. MainLogPath is the full path to the main debugging log. The default parameter value is logs/statewatcher.log. If the full path does not include the device name, the log is located in the Apache Tomcat installation folder. MainLogMaxSize is the maximum size of the main debugging log file. The default parameter value is 10MB. MainLogBackups is the number of main debugging log backups to be kept after rotation. The default parameter value is 7. AnalyzeLogLevel is the logging level of the processing rules debugging log. It may take the following values: ERROR and DEBUG. The default parameter value is ERROR. AnalyzeDebugLogPath is the full path name to the processing rules log. The default parameter value is logs/analyze-debug.log. If the full path does not include the device name, the log is located in the Apache Tomcat installation folder. AnalyzeDebugLogMaxSize is the maximum size of the processing rules log file. The default parameter value is 5MB. AnalyzeDebugLogBackups is the number of processing rules log backups to be kept after rotation. The default parameter value is 0. This section also contains SWJournal parameters. SWJournal is a text file, which backs up all the information from the monitoring server's events log and also contains additional information on the Monitoring Server internal events (users logging on and off, disconnection from and reconnection to the database server, and other events). The developers need this information to StateWatcher 4.3 136
analyze in case of emergency. SWJournal is available if you exit the Monitoring Server program. It helps you to understand what actions were performed on the monitoring server. SWJournalLogPath is the full path to the events log, where events related to monitoring are written. The default parameter value is logs/swjournal.log. If the full path does not include the device name, the log is located in the Apache Tomcat installation folder. SWJournalLogMaxSize is the maximum size of the events log file. The default parameter value is 5MB. SWJournalLogBackups is the number of events log backups to be kept after rotation. The default parameter value is 1. SWJournalLogLevel is the logging level of the events log. It may take the following values: ERROR, WARN, INFO, and DEBUG. The default parameter value is ERROR. [sms] Section In this section, you may specify how many SMS notifications can be sent, and how often. SMSperMinute defines the highest frequency of sending SMS notifications, in other words, how many SMS notifications can be sent a minute. After this number is reached, sending SMS notifications is postponed. The default parameter value is 30. MaxSMSperDay defines the maximum number of SMS notifications that can be sent a day. After this number is reached, sending SMS notifications is postponed, and the You have reached the maximal number of SMS messages entry is written in the event log. The default parameter value is 2,000. The sent SMS notifications counter is reset once a day at 12:00 AM or when the server is restarted. SMSSendRepeatTime defines the period of time, in which an SMS notification can be resent (for example, if the notification could not be sent first time because there was no connection to the SMS gateway). The default parameter value is 120 seconds. [gis] Section This section contains access parameters for the geoinformation system database. postgis.server defines the server where the geoinformation system database is stored. The default parameter value is localhost. postgis.port defines the database access port. The default parameter value is 5432. If two versions of PostgreSQL are installed on your server (for example, you installed the other version when you upgraded Monitoring Server to 4.3), the default value is 5433. StateWatcher 4.3 137
postgis.dbname defines the database name. The default parameter value is sw_gis. postgis.user defines the geoinformation system database user name. The default parameter value is swadmin. postgis.password defines the geoinformation system database user password encrypted. You can set all parameters of this section when you are installing Monitoring Server (see Monitoring Server Installation on page 46). [export] Section This section contains settings for automatic export of monitored hosts' unprocessed parameters (see Unprocessed parameters on page 279). You may enable and disable the export. If the AutomatedExport parameter is set to on, the automatic export runs in the background on schedule and affects all hosts. A time span for the next export operation is set since the moment of the previous export completion till the current moment. The export result is written to the file under a name in the following format: <day>.<month>.<year>-<hour>-<minute>.xml. Export files are moved to the folder specified in the settings. Note: You can't export unprocessed parameters of the cascaded hosts. You may configure the following parameters in the [export] section: AutomatedExport indicates whether automatic export is enabled or disabled. The parameter may take the following values: on (export is enabled) and off (export is disabled). The default parameter value is off. RawDataExportDir defines a folder for export results. The default parameter value is log. When the parameter is set to this value, the folder with export results is located at Drive:\Program File\Apache Software Foundation\Tomcat 6.0. If the path to the folder does not include the device name, the folder is located in the Apache Tomcat installation folder. Note: To configure automatic export to a network resource (see Configuring Export of Hosts' Unprocessed Parameters to a Network Resource on page 139), you should specify the path to the network folder in the following format: RawDataExportDir=\\\\path to folder\\shared folder StateWatcher 4.3 138
In other words, all backslash symbols (\) must be doubled. RawDataExportInterval is the schedule of unprocessed parameters autoexport start in the cron format (see Schedule Format on page 141). The default parameter value is 0 0 0/1 * *? (start every hour from 0:00). Configuring Export of Hosts' Unprocessed Parameters to a Network Resource Note: For correct export, the hosts whose parameters are being exported, must be available on the ViPNet network. Below, you will find an example of two variants to configure export of hosts' unprocessed parameters to a network resource, provided that: the computer where the monitoring system is installed and the computer that hosts the network resource are in a domain; the computer where the monitoring system is installed and the computer that hosts the network resource are not in a domain. Figure 59: A common scheme of exporting hosts' unprocessed parameters to a network resource StateWatcher 4.3 139
If the computer where the monitoring system is installed and the computer that hosts the network resource are not in a domain, to export the unprocessed parameters to the network resource, do the following: 1 On computer 1, create a user account A. 2 On computer 1, start the Apache Tomcat software under user account A. 3 On computer 2, create a user account with the same parameters as user account A and the same password. 4 On computer 2, provide the newly created user account A with unrestricted access to the network resource. 5 On computer 2, provide user A of computer 1 with permission to write to the network resource hosted on computer 2. 6 On computer 1, in ViPNet StateWatcher settings, configure the export of unprocessed parameters to the network resource (see [export] Section on page 138) on computer 2. 7 On computer 1, in the ViPNet StateWatcher monitoring system, export the unprocessed parameters. If the specified computers are in the same domain: 1 On computer 1, start the Apache Tomcat software under user account A. 2 On computer 2, provide the newly created user account A with unrestricted access to the network resource. 3 On computer 2, provide user A of computer 1 with permission to write to the network resource hosted on computer 2. 4 On computer 1, in ViPNet StateWatcher settings, configure export of unprocessed parameters to the network resource (see [export] Section on page 138) on computer 2. 5 On computer 1, in the ViPNet StateWatcher monitoring system, export the unprocessed parameters. [bm] Section This section contains a path to the MFTP transport module's autoprocessing folder. BmDir defines the path to the folder, where envelopes with notifications to be automatically sent via ViPNet Business Mail are stored. This parameter is set to the value you specify when you install the Monitoring Server program (see Monitoring Server Installation on page 46). If necessary, you may also set it in the server.ini file. StateWatcher 4.3 140
Schedule Format To set a schedule, use a cron-like format. A schedule in this format is comprised of 7 fields. You can specify the schedule as the following line: <seconds> <minutes> <hours> <month dates> <months> <days> <years> The <years> field is optional. You may specify the months either with a number from 1 to 12, or with a contracted English name of a month (JAN, FEB, and so on). You may specify the days either with a number from 0 to 7 (where 0 and 7 mean Sunday), or with a contracted English name of the day (SUN, MON, and so on). To set a range of numbers, use a hyphen (-). For example, the 1-4 value means 1, 2, 3, and 4. To set a list of values, use a comma (,). For example, the 3,4,6,8 value means the four numbers listed. You may use the following special symbols for the fields: A slash (/) means a value increment. For example, the 5/15 value in the seconds field means every 15 seconds, starting with the 5th second. A question mark (?) means there is no value. It is used only to set one of the <days of the month> or <days of the week> field in the following cases: o o if days of the month are specified, you should type? in the <days of the week> field; if days of the week are specified, you should type? in the <days of the month> field. For example, a line looks like: 0 0 1?. 1 SUN means that the scheduled operation will start every Sunday in January at 01:00:00. An asterisk (*) means any valid value. You may use it to set any field. For example, a line looks like: * * * * *?. This means that the scheduled operation will start every second of every minute of every hour on a daily basis. Here are some schedule examples: 5 0 0? * SUN means that the scheduled operation will start every Sunday at 00:00:05. 0 0/5 * * *? means that the scheduled operation will start every 5 minutes. StateWatcher 4.3 141
0 5 1 1-15 *? means that the scheduled operation will start at 01:05:00 from 1st till 15th every month. Data Rotation The data that a monitoring server has collected by polling hosts (raw data) and the data that is a result of processing rules execution (monitoring events) is stored in databases on the monitoring server. The size of stored data increases with time, which causes a drop in the free space on your hard drive. To limit the size of stored data, rotation is periodically performed on the monitoring server to delete outdated data. You may change rotation parameters in Monitoring Server settings. You may set different data size and storage time limits, as well as rotation periodicity (see [control] Section on page 134), for each type of processed data (raw data or processed data). The Monitoring Server administrator can start rotation automatically according to a specified schedule. If the size and/or storage time of the data exceed the specified limits, the oldest data is deleted from the database until the limits are matched. In the process of rotation, hosts polling and hosts' parameters processing by rules are not stopped. Only monitoring events are written to the database. Hosts' unprocessed parameters are not saved. This is why entries about events that have been detected during rotation don't contain any values of the processed parameters. Data rotation in the processing rules database has the following peculiarity: for every applied processing rule and for every host this rule has been applied to, at least one event must be left in the database. If, according to rotation conditions, all events related to a certain rule and host must be deleted, all events except for the latest one (for the moment the rule has been applied at) will be deleted from the database. For example, suppose rotation settings of the processing rules database imply that the data must be stored for one day and that rotation must be started daily at 14:00. Suppose there is a processing rule whose result is stored in parameter A. At 14:00 on 01.29.2010, this rule has been applied to a certain host 4 times, in the following way: 19:30 28.01.2010 A=1 10:30 PM 28.01.2010 A=2 10:22 29.01.2010 A=1 1:15 PM 29.01.2010 A=3 Then, after rotation is completed, two entries for the previous day will be deleted from the database, and two entries for the current day will be left. StateWatcher 4.3 142
10:22 29.01.2010 A=1 1:15 PM 29.01.2010 A=3 If this rule is not applied to the host at least once before the next rotation start (01.30.2010), after rotation is completed, only the latest entry (with the result A=3) will be left in the database, and this entry will be outdated. This entry will be stored in the database until the rule is applied and rotation starts again. For example, if the rule is applied next time on 02.02.2010 at 10:00, after the next rotation, the outdated entry for 01.29.2010 will be deleted and not displayed in the processing rules history. If, in the server.ini file, you have specified the database size (see [control] Section on page 134) considerably smaller than the current database size, then, after rotation is completed, the deleted data will not be displayed in the monitoring system. The database size will not be really decreased though. To genuinely decrease the database size: 1 Set the required limits for the size of the data stored in the database. To do this, in the [control section of the server.ini file, set the RawDataMaxSize and OlapDBMaxSize parameters to the required values. 2 Wait for the rotation procedure to be completed. 3 Stop the Monitoring Server program. 4 Start the pgadmin program and, in the navigation pane, select the database name. Then, on the toolbar, click the button (Execute Arbitrary SQL Queries). 5 On the SQL Editor tab, in the edit pane, clear the displayed text and paste the following SQL query: vacuum full; 6 On the Query menu, click Run or, on the toolbar, click the button. 7 After the query is completed, on the SQL Editor tab, in the edit pane, clear the displayed text and paste the following SQL query: reindex database sw_olap; 8 The database size will be decreased to the values specified in the RawDataMaxSize and OlapDBMaxSize parameters. Start Monitoring Server. StateWatcher 4.3 143
Viewing the Events Log Important events related to Monitoring Server work (users logon and logoff, disconnection and reconnection to the database server, and so on) are logged and stored in the monitoring server's database. You can view the events log in Monitoring Web Access if you log on as an administrator. To view the events log: 1 On the main page, click the Log tab. The log entries, sorted top-down in terms of time of the event will be displayed. Figure 60: Viewing the Monitoring Server events log 2 If necessary, filter the log entries. You may filter the log entries by the event's time and date and/or by typing a word from the event's description. StateWatcher 4.3 144
To start filtering, type the start and the end of a time period in the corresponding boxes and click Find, or type a string of symbols in the search box. ViPNet StateWatcher logs the following events: user logging on; user logging off; user session termination; disconnection from the database server (only the first entry about disconnection is logged); reconnection to the database server; disconnection from the SMTP server; reconnection to the SMTP server; disconnection from the SMS gateway; reconnection to the SMS gateway; reaching the maximum number of sent SMS notifications; fail to send an SMS notification; fail to export a Business Mail notification; fail to send an email notification about processing rule execution; normal shutdown of a monitoring server; establishment of parent-child relations; refusal to establish parent-child relations; removing parent-child relations; break of connection with a child monitoring server; reconnection to a child monitoring server; reconnection to a parent monitoring server; receiving a message about a normal shutdown of a monitoring server in the cascade; receiving a message from a child monitoring server that it has changed its parent; detection of a syntax error in a processing rule; an error while executing a processing rule; an error while exporting unprocessed host parameters; an error while exporting monitoring events; StateWatcher 4.3 145
applying a parent processing rule on a child monitoring server; cancelation of a parent processing rule on a child monitoring server; change of a Monitoring Server license related to a decrease of the monitored hosts limit; receiving a message that the Monitoring server role has been removed from this monitoring server; receiving a message that the Monitoring server role has been removed from a child or parent monitoring server; receiving a message that the Monitoring server role has been reassigned to this monitoring server. StateWatcher 4.3 146
4 Processing Rules Processing Rules Components 148 Processing Rules Syntax 150 Verifying Processing Rules Syntax 161 StateWatcher 4.3 147
Processing Rules Components Processing rules (see Processing rule on page 277) consist of the following components: processing rule name; processing rule code; monitored hosts the processing rule is applied on; association of the rule with users (see Creating and Editing a User Account on page 75) and notification templates (see Creating and Editing Notification Templates on page 105); the Apply on child servers flag. All these components are specified by the administrator in Monitoring Web Access on the Define Your Processing Rules page. The processing rule's name and code are mandatory components. You may specify a rule execution algorithm in the processing rule code, where the hosts' parameters are processed, the hosts' statuses are checked for changes and critical events, and notifications about the changes and new events are specified. The processing rule code contains host parameters, which you may set manually or insert from the parameters list. To insert a parameter from the list: 1 On the main page, on the Manage tab, click Processing Rules. 2 Create a new rule or edit an existing rule. 3 In the view pane, type Params. in the Rule Editor section. Figure 61: Processing rule parameters list 4 In the parameters list, double-click the parameter you want to insert into the rule code. StateWatcher 4.3 148
To assign a value to the parameter from the list, type a period after the parameter's name and select the required option. If a parameter value is not included in the fixed list, set it manually. After a host is polled, a rule is executed on all monitored hosts to which this rule applies. A rule is executed on one monitored host at once; thus, parameters of only one host are processed at a time. When an event is detected on a monitored host, Monitoring Server creates a notification and logs the following parameters into the database: the monitored host's identifier, the date and time when the processing rule was executed, the notification text, and the monitored host's parameters used in processing. Also, a notification about the registered event is created. All this information is available in the monitoring events history. A special language is used for rule coding. Valid constructions of this language and its syntax are described in Processing Rules Syntax (on page 150). StateWatcher 4.3 149
Processing Rules Syntax This section describes the processing rules' language. All basic elements and constructions used in programming languages are appropriate for this language as well. We don't describe basic concepts of the rules syntax here because we expect that the administrator is familiar with shellscript languages used in UNIX operating systems or batch files (.bat) used in Windows operating systems. Variables Must start with a - z, A - Z, _ or $. The rest of the name may contain 0-9, a - z, A - Z, _ or $. For example: Valid: var1, _a99, $1 Invalid: 9v,!a99, 1$ A variable name may contain periods but may not contain hyphens. Valid: my.dotted.var Invalid: commons-logging The last entry is treated as a subtraction of the variables commons and logging. Comments A whole row starting with ## is treated as a comment. For example: ## This is a comment Literals The valid literals are: integer literals; StateWatcher 4.3 150
real literals; string literals which start and end with either apostrophes ('line') or quotes ("line"); Boolean literals: true and false; null literal: null. Functions The following functions are available: 1 empty (var) checks the null literals var. The function returns true if the expression following is either: o o null; an empty string. In other cases the function returns false. 2 size (var) specifies the var value's size. The function returns: o o the size of a list; the length of a string. Operators The following operators are available: 1 The logical AND operator (and or &&) computes the logical AND of its operands; that is, the result is true if and only if both its operands are true: cond1 and cond2 cond1 && cond2 2 The logical OR operator (or or ) computes the logical OR of its operands; that is, the result is false if and only if both its operands are false: cond1 or cond2 cond1 cond2 3 The logical negation operator (not or!) is a unary operator that negates its operand: not cond1!cond1 StateWatcher 4.3 151
4 The binary AND operator (&) computes the logical bitwise AND of its operands: 9 & 2 1001 & 0010 = 0 5 The binary OR operator ( ) computes the bitwise OR of its operands: 9 2 1001 0010 = 1011 6 The binary XOR operator (^) computes the bitwise exclusive-or of its operands: 9 ^ 2 1001 ^ 0011 = 1010 7 The binary COMPLEMENT operator (~) performs a bitwise complement operation on its operand, which has the effect of reversing each bit: ~9 ~1001 = 0110 8 The equality operator (== or eq) returns true if the values of its operands are equal, false otherwise: val1 == val2 val1 eq val2 9 The inequality operator (!= or ne) returns false if its operands are equal, true otherwise: val1!= val2 val1 ne val2 10 A less than relational operator (< or lt) returns true if the first operand is less than the second, false otherwise: val1 < val2 val1 lt val2 11 A less than or equal relational operator (<= or le) returns true if the first operand is less than or equal to the second, false otherwise: val1 <= val2 val1 le val2 12 A greater than relational operator (> or gt) returns true if the first operand is greater than the second, false otherwise: val1 > val2 val1 gt val2 StateWatcher 4.3 152
13 A greater than or equal relational operator (>= or ge) returns true if the first operand is greater than or equal to the second, false otherwise: val1 >= val2 val1 ge val2 14 The addition operator (+) computes the sum of its two operands: val1 + val2 15 The subtraction operator (-) subtracts the second operand from the first: val1 - val2 16 The multiplication operator (*) computes the product of its operands: val1 * val2 17 The division operator (/) divides its first operand by its second operand: val1 / val2 18 The integer division operator (div) returns an integer: val1 div val2 19 The remainder operator (mod or %) computes the remainder after dividing its first operand by its second: 5 % 2 = 1 5 mod 2 = 1 20 The unary negation operator (-) performs the numeric negation of the operand: -42 21 An if-else statement identifies which statement to run. If condition evaluates to true, the then-statement runs. If condition is false, the else-statement runs: if (( x * 2 ) == 5) { y = 1; } else { y = 2; } 22 The foreach statement repeats a group of embedded statements for each element in an array: foreach (item in list) { x = x + item; } Warning: Type a semicolon (;) at the end of an expression to complete it. For example, the following fragment is invalid, because it does not contain a semicolon: if (Params.GIDNAMES_NAME == 'FIRST NODE') { INT_SCALE_PARAM = 5 } StateWatcher 4.3 153
The valid entry: if (Params.GIDNAMES_NAME == 'FIRST NODE') { INT_SCALE_PARAM = 5; } Objects and Methods Used for Accessing Hosts' Parameter Values To access the monitored hosts' parameters, use the Params object. To get the parameter value, use the following construction: Params.Parameter_name. For example: Params.GINFO_PVER. To get a part of a compound value (a list, or an enumeration separated by a period or a comma) the Params.Parameter_name.get(Index) construction is used, where Parameter_name is the name of the compound parameter, Index is the element's number in the sequence, starting from 0. The obtained score of the compound value can be either an integer or a string. You can find the elements types for certain parameters in the Appendix (see Parameters Monitored on ViPNet Hosts on page 194). For example, the GINFO_PVER parameter (product version) is compound and contains three version identifiers and build numbers separated by periods (for example, 1.0.0.24). To get the value of the first version identifier, use the Params.GINFO_PVER.get(0) construction. To access objects united into collections (see Collections on page 155), use the Params object. The Params object has the following methods of getting various hosts' parameter values: getcurrentvalue() returns the current parameter or collection value (you may also use the <PARAM_NAME> object). getprevvalue() returns the value of a parameter or a collection obtained during the previous poll. If a processing rule requests some data collected two or more polls earlier (data, which is older than OldParams), then the monitoring system will display an error message. The text of this message will be written to the event log and the monitoring server's logs. This error may occur if you have specified Params.XXX.getPrevValue().getPrevValue() in the processing rule code. getprevnonnullvalue() returns the first available parameter or collection value obtained during the previous or earlier polls. If there is no such value in the monitoring server's database, you will be warned about it. The text of this message will be written to the event log and the monitoring server's logs. hascurrentvalue() checks for the current valid parameter or collection value; returns true, if the current value is valid; otherwise, returns false. StateWatcher 4.3 154
hasprevvalue() checks for the previous valid parameter or collection value; returns true, if the current value is valid; otherwise, returns false. hasprevnonnullvalue() checks for the valid parameter or collection value obtained during the previous or earlier polls; returns true, if there is such a value; otherwise, returns false. Note: The monitoring system detects errors during processing rule execution. The errors are logged in the following format: Error when applying processing rule %s on the host %s: %s where %s means the following values: the processing rule name, the host name, and the message text corresponding to a specific processing rule. Collections In collections, you can join similar objects, which are used to access values of hosts parameters. For example, in general, a host has several network interfaces, and all network interfaces have the same parameters. The NETWORK collection (see later in this document) unites objects, which are used to access parameter values of network interfaces. The following collections are distinguished: EVENTS is used to access the system events log entries (see Monitoring Web Access, the System log parameters group). There are no similar objects in this group. NETWORKS is used to access the parameter values of network interfaces (see Monitoring Web Access, the Network interfaces parameters group). If the GIFINFO_IFID parameters of two objects are equal, the objects are considered similar. STORAGE_DEVICES is used to access the devices' parameters on hosts (see Monitoring Web Access, the Disks parameters group). If the GFOFSINFO_NAME parameters of two objects are equal, the objects are considered similar. TUNNELADDRESSES is used to access the tunneled IP ranges' values (see Monitoring Web Access, the Tunneled IP ranges parameters group). If both parameters GSERVLIST_TUNNEL_REAL_START and GSERVLIST_TUNNEL_REAL_END of two objects are equal, the objects are considered similar. StateWatcher 4.3 155
Objects, that are united in collections, are available through the Params object: Params.collection_name. For example: Params.NETWORKS. The foreach loop operator is used to loop through collection's objects. For example: foreach (interface in Params.NETWORKS). Objects' parameter values are available via the variable used in the loop. For example: interface.gifinfo_mode. Objects and Methods Used for Accessing Secondary Parameters To make operations over collections and to obtain values of secondary parameters, the Utils object is used. It is associated with the following methods: diff(set1, set2) is a difference between set1 and set2 collections; returns a set of objects from collection set1, which are not included in collection set2; equal(set1, set2) is an equality test of collections set1 and set2; returns true if collections are equal in each element; otherwise, returns false; intersection(set1, set2) is an intersection of collections set1 and set2; returns a set of objects that are simultaneously present in both collections; union(set1, set2) is a summation (sum) of collections set1 and set2; returns the set of objects included in both or at least one of the collections; gettaskname(task) gets the role assigned to the monitored host from the role identifier, specified in the task parameter; getlastrequestdate() gets the date and time of last poll (according to the monitoring server s local time zone). This object is associated with the following methods: o o getyear(), returns the year; getmonth(), returns the month: from 1 (January) to 12 (December); o getday(), returns the day (from 1 to 31); o getdayofweek(), returns the day of the week: from 1 (Monday) to 7 (Sunday); o gethours(), returns the hour (from 0 to 23); o getminutes(), returns the minute (from 0 to 59). You may invoke these methods through the Utils object or through the auxiliary variable. For example, to get the minutes value of the last poll, use the following: time = Utils.getLastRequestDate().getMinutes(); StateWatcher 4.3 156
or date = Utils.getLastRequestDate(); time = date.getminutes(); Object Used for Specifying Severity Levels To set the event's severity level, use the Severity object. This object contains all possible severity levels: HIGH level means the high level; MEDIUM level means the medium level; LOW level means the low level; INFO level means the informational level. A severity level is specified as Severity.Value, for example: Severity.INFO. Objects and Methods Used for Setting Notifications If you want to specify any kind of notification, use the Notificator object, which has a notify method: notify(int level, String message) To specify the severity level, use the level parameter. To specify the message text, use the message parameter. You may specify the severity level. as a valid object value of the Severity object (from HIGH to INFO); as a number from 1 to 4, these values correspond to the following severity levels: o o o o 1 means the high level; 2 means the medium level; 3 means the low level; 4 means the informational level. StateWatcher 4.3 157
You may specify the message text manually or by using a variable. For example: Notificator.notify(Severity.HIGH, 'Message'); or message = "Message"; Notificator.notify(1, message); Processing Rules Logging Objects and Methods The Logger object is used to log information about processing rules. The processing rules log is stored in a file that is specified by the AnalyzeDebugLogPath parameter, in the [control] section, in the server.ini configuration file (see Fine-Tuning Monitoring Server on page 131). Methods of notification logging have names similar to the corresponding severity levels of notifications (written in a lower case) with a message string value, where the notification text is defined. Logger.debug(String message) Logger.error(String message) Logger.info(String message) Logger.warn(String message) For example: Logger.info("Parameter param1 accepted a value " + param1); Logger.error("Rule test_rule_1: parameter value is test_param_1 more then 5!"); Syntax Examples Assigning a value to a string variable: STR_SCALE_PARAM = 'ERROR OCCURED'; Getting the current state of the software component ViPNet Monitor: Status = Params.MONITOR_STATUS; StateWatcher 4.3 158
Getting parts of a compound value: MajorNumber = Params.GINFO_PVER.get(0); GINFO_PVER is a compound parameter, which contains three product version identifiers and the build number separated by periods. The given example demonstrates getting the first version identifier from the list. Branching: if ((Params.GINFO_TYPE == 0) (Params.GIDNAMES_NAME eq 'Expected Node')) { INT_SCALE_PARAM = 2; } else if (Params.GINFO_TYPE == 1) { INT_SCALE_PARAM = 1; } else { INT_SCALE_PARAM = 3; } In the first condition, the GINFO_TYPE (monitored host type) and GIDNAMES_NAME (monitored host name) parameters are checked. If the host type is 0 or the polled host's name is Expected Node, then the INT_SCALE_PARAM integer parameter is set to 2; otherwise, the second condition is considered (the GINFO_TYPE parameter set to 1). If the second condition is satisfied, then the INT_SCALE_PARAM parameter is set to 1; otherwise, the parameter will be set to 3. Getting the previous or current host time value (depending on the host type): if (Params.GINFO_TYPE == 0) { scale_time = Params.GINFO_TIME_LOC.getPrevValue(); } else { scale_time = Params.GINFO_TIME_LOC; } Looping: foreach (interface in Params.NETWORKS) { test_param = test_param + interface.gifstat_recv_enc_pass; } The loop iterates through all the interfaces available on the host. In each iteration, the interface local variable accesses another network interface from the NETWORKS collection. The GIFSTAT_RECV_ENC_PASS parameter contains the number of encrypted packets received on an interface. In the end, the test_param variable will contain the total number of encrypted packets received on all interfaces. An example of a processing rules that checks connection of a coordinator with other coordinators: StateWatcher 4.3 159
if(params.connections.hascurrentvalue() && Params.Connections.hasPrevNonNullValue()) { foreach(node in Params.Connections) { if (!node.node_status && node.node_status. PrevNonNullValue() ) { Notificator.notify(Severity.INFO, "Узел " +Params. GIDNAMES_NAME + " потерял связь с узлом " + node.node_name+ " ViPNet ID "+ Params.GIDNAME_ID); } } } StateWatcher 4.3 160
Verifying Processing Rules Syntax Before you save a processing rule, its code is checked to comply with the following criteria: Correct language syntax (see Processing Rules Syntax on page 150). Only allowed objects are used (Params, Network, StorageDevice, Events, TunnelAddresses, Notificator and Logger). The foreach operator is applied only to Params, Network, StorageDevices, Events, TunnelAddresses objects. Only valid methods can be used in the Notificator and Logger objects (notify for the Notificator object and debug, error, info, and warn for the Logger object). The get(index) function can be applied only to compound parameters (in order to get a part of the value corresponding to the specified index). StateWatcher 4.3 161
5 Backup and Restore Backup and Restore Strategy 163 Backing Up and Restoring Configuration Files and Debug Logs 164 Backing Up a Database 165 Restoring a Database 171 Program and Database Health Check 181 StateWatcher 4.3 162
Backup and Restore Strategy Backup and restore operation provides an essential safeguard for protecting critical data stored on your monitoring server. To minimize the risk of catastrophic data loss, you need to back up databases to preserve modifications to your data on a regular basis. A well-designed backup and restore strategy maximizes data availability and minimizes data loss, while considering your particular business requirements. You can back up and restore the configuration file and files containing debug logs with standard means of your operating system by copying these files (see Backing Up and Restoring Configuration Files and Debug Logs on page 164). The data collected during network monitoring, the events history, and hosts' location on a map are stored in databases on the monitoring server. The database backup is performed by using the pgadmin application that is a tool for PostgreSQL database administration. This application is a part of PostgreSQL 9.1.x and is located in the installation folder of this program. The database backup procedure is described in the section Backing Up a Database (on page 165). To restore a database from a backup, follow instructions in the Restoring a Database (on page 171) section. You can restore information by using the pgadmin application, and you can choose whether to reinstall the Monitoring Server program or not. The restore procedure without reinstalling the program is more laborious, because before data restore you should create databases and all required service objects. In the event of reinstalling the Monitoring Server program, you only need to restore the data itself, while databases will be created automatically during installation. StateWatcher 4.3 163
Backing Up and Restoring Configuration Files and Debug Logs Configuration files and debug logs are text files. To back up these files, you only need to copy and paste them to the folder where the backups will be stored. For secure storing, we recommend you to move the backups of these files to an external device (a USB flash drive, a network drive, and so on). To back up the data, copy the following files: The server.ini file, which contains Monitoring Server settings. This file is in the folder \Tomcat_dir\webapps\ROOT\WEB-INF\classes, where Tomcat_dir is the Apache Tomcat installation folder. The file containing the main debug log. The full path to the file is specified by the MainLogPath parameter in the server.ini file. The default parameter value is logs\statewatcher.log, which means that the name of the debug log is statewatcher.log and the log is located in the logs folder, which is the Apache Tomcat installation folder. The file containing the debug log for processing rules. The full path to the file is specified by the AnalyzeDebugLogPath parameter in the server.ini file. The default parameter value is logs\analyze-debug.log, which means that the name of the debug log for processing rules is analyze-debug.log and the log is located in the logs subfolder of the Apache Tomcat installation folder. To restore the configuration files and debug logs, copy backups of the files and paste them into the corresponding folders. StateWatcher 4.3 164
Backing Up a Database You can back up a database with the pgadmin application. To create a database backup copy, in pgadmin, connect to the PostgreSQL database under postgres user name, with the password you specified during setup. Then, specify backup options and save the created backup copy to a secure place. You can back up the monitoring database and the geoinformation system database. To back up a database: 1 Start the pgadmin application. To do this: 1.1 Click the Start button, choose All Programs > PostgreSQL 9.1 > pgadmin III. The application's main window will be displayed. Figure 62: The pgadmin application's main window StateWatcher 4.3 165
In the navigation pane, the server where the ViPNet StateWatcher databases are located will be displayed. After the PostgreSQL 9.1 name, access options to the server, which you specified during the Monitoring Server program installation, will be displayed (by default, localhost:5432). To connect to the server, double-click the server's name, and the database logon window will be displayed. Figure 63: Database logon 1.1 Type the password you specified during the Monitoring Server program installation. To log on to the server automatically, select the Store password check box. After you log on to the server successfully, in the navigation pane, a list of objects located on server will be displayed. Figure 64: The database server objects' structure Databases can be found under Databases. By default, the databases' names are sw_olap (the monitoring database) and sw_gis (the geoinformation system database). StateWatcher 4.3 166
If these bases were given other names during the Monitoring Server program installation, in the objects list, these names will be displayed. 2 In the objects list, click the required database's name and, on the context menu, click Backup. Figure 65: Creating a database backup 3 In the displayed window, configure backup parameters: o o In the Filename box, type the full path to the backup. To specify the file location, click the Browse button. In the Format list, select Tar. As for the other options, you may keep the default values. StateWatcher 4.3 167
Figure 66: Configuring backup 4 Click Backup to start the backup process. If a backup copy with this name already exists, you will be prompted to rename your copy. Confirm the operation by clicking Yes. Figure 67: Overwrite the file 5 In case the backup is created successfully, the Backup button will be replaced with the Done button. You may view the backup result and the backup progress messages on the Messages tab. If the backup is created successfully, the messages end with a string Process returned exit code 0. To close the backup window, click Done. StateWatcher 4.3 168
Figure 68: Completing backup As a result, a backup copy of the monitoring database is created. Warning: You must back up all databases. For security reasons, you should copy the backups to an external device (a USB flash drive, a network drive, and so on). Getting General Monitoring Database Characteristics General monitoring database characteristics are used to check the database health (see Program and Database Health Check on page 181). Such characteristics include the total number of monitored network interfaces, processing rules, and host relations with processing rules, as well as the number of monitoring database entries. You can get the general characteristics with the pgadmin application. To do this: 1 In the objects list, select the monitoring database name (the default name is sw_olap). Then, on the toolbar, click (Execute Arbitrary SQL Queries). 2 On the SQL Editor tab, in the edit pane, clear the displayed text and paste the following SQL query: select 'node = ' count(n.id) as factor from node n StateWatcher 4.3 169
union select 'analyze_rules = ' count(id) from analyze_rule union select 'analyze_rules_to_nodes = ' count(*) from node_analyze_rule union select 'value_history = ' count(id) as vhistory from monitoring_event; Figure 69: An SQL query to get general monitoring database characteristics 3 On the Query menu, click Run or, on the toolbar, click. 4 In the Output pane, on the Data Output tab, the query result will be displayed: o o o o node is the number of monitored hosts; analyze_rule is the number of processing rules; analyze_rule_to_node is the number of host rule relations; value_history is the number of monitoring database entries (means the total number of the entries that contain unprocessed parameters and the entries that contain general information obtained after processing). 5 Write down the values and save them to compare with the same data later to check the database health after restoring. StateWatcher 4.3 170
Restoring a Database If ViPNet StateWatcher fails, you may need to restore the data acquired by network monitoring and the data that is a result of processing rules execution. You may restore databases with one of the following methods (the choice of the method depends on the problem type): If database error occurs, but ViPNet StateWatcher is working normally, you should create databases from scratch and restore them from a backup. This method is described in Restoring a Database without Reinstalling the Monitoring Server Program (on page 171). If ViPNet StateWatcher is malfunctioning or failing regularly, you should reinstall it and then restore data from a backup. ViPNet StateWatcher installation is described in detail in First Installation (see Monitoring Server Installation on page 46). Database restore for this case is described in Restoring a Database after You Reinstall the Monitoring Server Program (on page 180). You can back up and restore databases with pgadmin (see Backing Up a Database on page 165). Restoring a Database without Reinstalling the Monitoring Server Program To restore databases without reinstalling the Monitoring Server program, you need to create databases and all their service objects from scratch. Service objects include: a database user with any name and the rights to create other objects; a tablespace with the sw_olap_tbls fixed name, which is required for database tables of common data (OLAP). After you create these objects, you need to create a Monitoring Server database to store monitoring data (the monitoring server database) and a database for storing monitored objects' coordinates on the map (the geoinformation system database). You can specify a random name for each of the databases. After this, restore each of the databases from its backup copy. You can create and restore databases in the following order: 1 In the objects list, right-click Login roles and, on the context menu, click New Role. StateWatcher 4.3 171
Figure 70: Creating a new user account 2 In the displayed dialog box, configure user properties: o o o On the Properties tab, in the Role name box, type a user name (for example, swadmin). On the Definition tab, in the Password and Password (again) boxes, type and confirm the user password. On the Roles privileges tab, select the Can create database objects check box. StateWatcher 4.3 172
Figure 71: Specifying user properties As for the other options, you may keep the default values. To create a new user account, click OK. The created user will be displayed under Login roles in the objects list. 3 In the objects list, right-click Tablespaces and, on the context menu, click New Tablespace. StateWatcher 4.3 173
Figure 72: Creating a new tablespace 4 In the displayed dialog box, specify tablespace properties for monitoring database tables: o o On the Tools tab, in the Name box, type sw_olap_tbls. In the Owner list, select the user account you created at step 2. On the Definition tab, in the Location box, specify the path to the tablespace location (the folder). StateWatcher 4.3 174
Figure 73: Configuring a tablespace As for the other options, you may keep the default values. To create a new tablespace, click OK. The created tablespace sw_olap_tbls will be displayed under Tablespaces in the objects tree. 5 Make sure that the postgres user has full access (Full Control) to the sw_oltp_tbls folder set for tablespaces. If not, provide this user with full access (see Assigning the postgres Access Rights to a User in Windows OS on page 247). 6 In the objects list, right-click Databases and, on the context menu, click New Database. StateWatcher 4.3 175
Figure 74: Creating a new database 7 In the displayed dialog box, set the monitoring database properties: o o On the Tools tab: In the Name box, type the database name (for example, sw_olap). In the Owner list, select the user you created at step 2. On the Definition tab: In the Encoding list, select UTF8. In the Tablespace list, select sw_olap_tbls. In the Collation list, select English_United States.1252. In the Character type list, select English_United States.1252. StateWatcher 4.3 176
Figure 75: Configuring a database As for the other options, you may keep the default values. To create a new database, click OK. The new database will be displayed under Databases. 8 Repeat steps 6 and 7 to create a geoinformation system database: o o On the Tools tab: In the Name box, type the database name (for example, sw_gis). In the Owner list, select the user you created at step 2. On the Definition tab: In the Encoding list, select UTF8. In the Tablespace list, select pg_default. In the Collation list, select English_United States.1252. In the Character type list, select English_United States.1252. 9 In the objects tree, select or right-click the created database and, on the context menu, click Restore. StateWatcher 4.3 177
Figure 76: Restoring a database 10 In the displayed window, configure restore parameters: o o In the Filename box, type the full path to the file containing the monitoring database backup. To choose the file, click the Browse button. As for the other options, you may keep the default values. StateWatcher 4.3 178
Figure 77: Setting restore parameters 11 To start restore, click Restore. If the restore operation is completed successfully, the Restore button will be replaced with the Done button. You may view the restoring result and the restoring progress messages on the Messages tab. If the database is successfully restored, the messages end with the string Process returned exit code 0. To close the restore window, click Done. Figure 78: Completing restore 12 Repeat steps 9 11 to restore the geoinformation system database you created at step 8. As a result, the monitoring database will be restored. StateWatcher 4.3 179
Restoring a Database after You Reinstall the Monitoring Server Program During Monitoring Server installation, in the PostgreSQL database, all necessary objects are created, including ViPNet StateWatcher databases. In this case, the restore task is easier for you: you only need to restore the databases with the pgadmin application. For more information about ViPNet StateWatcher installation, see First Installation (see Monitoring Server Installation on page 46). Before you begin the installation, you should create a folder for storing monitoring database tables and provide the postgres user with full access to this folder. This folder identifies the location of tablespaces and will be required during the installation process. The following objects and databases are created during the installation: a database user with any name (by default, swadmin); the monitoring database (by default, sw_olap); the geoinformation system database (by default, sw_gis); database location (a server; by default, localhost:5432). After the installation is completed, in pgadmin, the server specified during the installation will be displayed, and, in the server's objects list, the created database will be displayed (with the name specified during the installation). To restore a database, follow instructions (steps 9-12) in Restoring a Database without Reinstalling the Monitoring Server Program (on page 171). StateWatcher 4.3 180
Program and Database Health Check To check the program and database health after restoring, you may use the following methods: 1 Visual control via Monitoring Web Access. Make sure that all monitored hosts are included in the monitored hosts list and that the following host parameters are specified on the hosts: the IP address, the current type, the date and time of the last poll, and so on. Poll some hosts to make sure that host parameters have been changed (for example, the current time of the host should have been changed). 2 Check the general monitoring database characteristics by using an SQL query. With the pgadmin application, create the same SQL query as when you backed up the database (see Getting General Monitoring Database Characteristics on page 169). The values should be similar to those that you got at the last backup. StateWatcher 4.3 181
A Troubleshooting Here you will find the list of possible ViPNet StateWatcher monitoring system malfunctions and corresponding troubleshooting guidelines. PostgreSQL Can't Be Installed or Started Description: The PostgreSQL service does not start when you are installing Monitoring Server. The ViPNet StateWatcher setup program can't connect to the database. After the installation, PostgreSQL does not run. Solution: Before you start PostgreSQL installation, be sure to accept and install all Windows OS updates. Uninstall the PostgreSQL program using the standard means of your operating system (in the Control Panel, select Uninstall a program). Delete the PostgreSQL program folder (by default, it is in C:\Program Files). Delete the postgres user account from your system (if it appeared after the installation). Install PostgreSQL again. StateWatcher 4.3 182
For more information about possible problems with PostgreSQL installation and their solutions, see the website http://wiki.postgresql.org/wiki/running_%26_installing_postgresql_on_native_windows# Common_installation_errors. For information on other problems with PostgreSQL installation or work, see documentation on the website http://archives.postgresql.org/. Description: The PostgreSQL service doesn't start when you are installing Monitoring Server. Solution: 1 Before you start Monitoring Server installation, for the postgres user, reassign access rights for the folder with the Monitoring Server's database (see Assigning the postgres Access Rights to a User in Windows OS on page 247). 2 For the postgres user, reassign the right Log on as a service. To do this: 2.1 Click the Start button, then click Control Panel. 2.2 In the Adjust your computer's settings window, click Administrative Tools. 2.3 In the displayed window, double-click the Local Security Policy shortcut. 2.4 In the Local Security Policy snap-in, in the navigation pane, click Local Policies > User Rights Assignment. 2.5 In the view pane, double-click Log on as a service. 2.6 In the Log on as a service Properties dialog box, click the postgres user and click Remove. 2.7 Click Add User or Group. 2.8 In the displayed window, in the Enter the object names to select box, add the postgres user name and click OK. 2.9 Click OK. 3 Remove the postgres user from the Users and Administrators groups. To do this: 3.1 Click the Start button, then click Control Panel. 3.2 In the Adjust your computer's settings window, click Administrative Tools. 3.3 In the displayed window, double-click the Computer Management shortcut. 3.4 In the Computer Management snap-in, in the navigation pane, click System Tools > Local Users and Groups > Users. StateWatcher 4.3 183
3.5 In the view pane, double-click the postgres user. 3.6 In the postgres Properties dialog box, on the Member Of tab, remove the Users and Administrators groups by using the Remove button. 3.7 Click OK. 4 Continue Monitoring Server setup. The Unlimited Growth of the Database Description: If the size of your database is growing rapidly, then, in the PostgreSQL log, you will find the following entries (with standard settings, the path to the log is Disk:\Program Files\PostgresSQL\8.4\data\pg_log\): 2012-01-10 23:52:06 MSK ERROR: could not read block 51 of relation base/18747802/2619: read only 0 of 8192 bytes This error may occur when your disk is corrupted. Solution: Scan your disk for bad sectors with Windows chkdsk or another similar program. If you find any bad sectors, replace your disk with a new one and restore your Monitoring Server from a backup copy (see Backup and Restore on page 162) or reinstall the Monitoring Server program (see Monitoring Server Setup, Update, and Uninstallation on page 40). Can't Log Monitoring Events Description: If you run out of free space on your hard disk when the monitoring system is enabled, logging of monitoring events will be stopped. If you free more space, the logging is not resumed. Solution: To resume the logging, restart the Apache Tomcat and PostgreSQL services. StateWatcher 4.3 184
Apache Tomcat Service Does Not Start Description: When you are trying to start the Apache Tomcat service, it does not start. Cause and solution: Check the Apache Tomcat service's log file. If you see messages from the list below, it is most probable that the msvcr71.dll library is missing. Add this file to the system folder C:\Windows\system32. You may see the following entries in the Apache Tomcat service log: [2010-02-02 14:25:23] [info] Procrun (2.0.4.0) started [2010-02-02 14:25:23] [info] Running Service... [2010-02-02 14:25:23] [info] Starting service... [2010-02-02 14:25:23] [174 javajni.c] [error] The specified module not found. [2010-02-02 14:25:23] [994 prunsrv.c] [error] Failed creating java C:\Program Files\Java\jre6\bin\client\jvm.dll [2010-02-02 14:25:23] [1269 prunsrv.c] [error] ServiceStart returned 1 [2010-02-02 14:25:24] [info] Run service finished. [2010-02-02 14:25:24] [info] Procrun finished. Description: After you install Apache Tomcat and reboot, the Apache Tomcat service will not start. The error message is displayed Application System Error Access is denied. Unable to open the service 'Tomcat 6'. Cause and solution: There may be a problem accessing the executable file of the Apache Tomcat service. Such errors may occur if, for example, the UAC is enabled. To solve the problem, do the following: o o o o o o Navigate to the folder C:\Program Files\Apache Software Foundation\Tomcat 6.0\bin. Right-click the file Tomcat6w.exe and choose Properties. In the displayed window, click the Compatibility tab. Under Privilege Level, select the Run this program as an administrator check box. Click OK. Run the Apache Tomcat service. StateWatcher 4.3 185
Can't Connect to the Monitoring Server via a Web Browser Description: You can't connect to the Monitoring Server program via a web browser, and you don't see the logon window. Cause and solution: The Apache Tomcat service has not started. Run the Apache Tomcat service. right-click the Apache Tomcat icon in the notification area and click Start. After you start the Apache Tomcat service, the Monitoring Server program starts automatically. The monitored host is not connected with the monitoring server. Check the connection between the host and your monitoring server in the ViPNet Client Monitor program or by executing the ping command. If there is no connection, check that host connections are properly set in the ViPNet Network Manager program. Problems with Access and Authentication in Monitoring Web Access Description: When you are browsing a web page (clicking a button, a link, a log entry, and so on), a message about monitoring server unavailability is displayed. Cause and solution: The Monitoring Server program has been stopped. Run the Apache Tomcat service on the monitoring server. After you start the Apache Tomcat service, the Monitoring Server program starts automatically. Description: When you are browsing a web page (clicking a button or a link, a log entry, and so on), the user authentication window is displayed. StateWatcher 4.3 186
Cause and solution: The Monitoring Server program has restarted, and Monitoring Web Access has reconnected to the monitoring server. To access the monitoring server again, enter your user name and password. Cannot Open a Host Details Window Description: You work in Internet Explorer version 9.0. On the Monitor > Host List page or on the Manage > Hosts page, you click the link with the monitored host name, but the host information window will not open. Cause and solution: To solve this problem, we recommend you to update Internet Explorer to version 10.0. If you do not want to update your browser, change security settings of Internet Explorer 9.0: 4.1 Open Internet Explorer. 4.2 Click Tools, and then click Internet options. 4.3 On the Security tab, select the Internet zone icon, and then click Custom level. 4.4 On the Settings list, navigate to Scripting > Active scripting. 4.5 Select Enable, click OK, and then click OK once again. System Proxy Server Malfunctions Description: You are using a system proxy server and experience problems with sending SMS notifications and loading of the online map. Cause and solution: You started the Apache Tomcat service without OS administrator rights. Started Apache Tomcat with OS administrator rights. StateWatcher 4.3 187
Can't Add a Server to the Cascade Description: Can't add a server to the cascade. On a child monitoring server, no prompt to establish a relation is displayed. Solution: On both the parent and child monitoring servers, in ViPNet Monitor, configure the following public network filters: o o An allowing filter for TCP inbound traffic sent from one of these monitoring servers to the other one, to port 80. An allowing filter for TCP outbound traffic sent from one of these monitoring servers to the other one, from ports 1154, 1132, and 1210. StateWatcher 4.3 188
B Creating and Editing Mail Notification Templates Templates of notification messages are files with the.jasper extension, which are compiled templates of Jasper reports. To work with these templates, you may use a freely distributed report designer ireport that is included in the distribution kit. To download the latest ireport version, click this link http://jasperforge.org/projects/ireport/. To create another template, you can use default.jasper template or bmailtemplate.jasper template distributed with the Monitoring Server program. To edit a template: 1 Start the ireport program by clicking File > Open, open a default.jasper file or a bmailtemplate.jasper file. Then you will be prompted to convert the file to Jrxml format. StateWatcher 4.3 189
Figure 79: Converting an email template 2 Specify a folder where you want to save the converted file, and select the Open the file after the conversion check box. Click Convert. The template will be opened for editing. Figure 80: Converting a message template The default.jasper and bmailtemplate.jasper templates contain a table with the following data: the executed processing rule, the monitored host, the monitoring server, and the notification created as a result of the processing rule execution. The table includes 2 columns and 7 rows. The first column contains fixed text (parameter description). The second column contains variable names that are, in the process of notification creation, replaced by the corresponding parameter values when the corresponding processing rule is executed (you can see the list and the description of the variables that correspond to the specified parameters in the table below). StateWatcher 4.3 190
Variable SEVERITY_LEVEL RULE_NAME NODE_NAME NODE_ID SERVER DATE MESSAGE Description Event severity level in notifications. It may have the following values: Critical; Warning; Standard; Informational. Processing rule name that was specified when a rule was created. The name of a monitored host a processing rule is applied to. The identifier of a monitored host a processing rule is applied to. The name of the monitoring server that sends notifications. The date and time when a monitored host was last time polled by the Monitoring Server program. Message text specified by a processing rule. When a report (a notification message) is being created, real values received after a processing rule execution are substituted instead of parameters. 3 You can verify the result of a template usage with the help of the preview option on the Preview tab. Before preview you will be prompted to type values for all parameters in the template. If a parameter value is not specified then null will be shown in preview. StateWatcher 4.3 191
Figure 81: Notification message preview StateWatcher 4.3 192
C Monitored Parameters
Parameters Monitored on ViPNet Hosts In this appendix, you will find a list of parameters that are monitored in the current version of the ViPNet StateWatcher monitoring system. The parameters are joined into the same logical groups as in Monitoring Web Access. Each logical group of parameters is described in a separate table. For each parameter, you can see its name, brief description, type of data, and, if necessary, the possible values with a comment. The parameter name is a name that you should use when creating the processing rules. Some parameters can be controlled only in later versions of the software: for ViPNet Client and ViPNet Coordinator, in 3.1.3 version or later. Such version-dependent parameters are marked with an asterisk (*). Note: If ViPNet Client or ViPNet Coordinator version earlier than 3.1, parameters can't be monitored. Table 7: General characteristics of a monitored host Parameter name Description Data type Possible values Comment GIDNAMES_ID ViPNet host identifier Integer In the Monitoring Server program version 1.0 and 1.1, this parameter is called COMMON_NODEID StateWatcher 4.3 194
Parameter name Description Data type Possible values Comment NODE_STATUS Host status Integer 0 means the host is accessible. 1 means the host is unavailable. GIDNAMES_NAME Host name String In the Monitoring Server program version 1.0 and 1.1, this parameter is called GINFO_NAME NODE_DESCRIPTION Host description String Maximum 1024 bytes GFINFO_TYPE ViPNet host type Integer 0 ViPNet client; GINFO_TIME_LOC Current time Date POLL_TIME Poll time Date When the parameter is checked, it returns an integer number (unixtime format date) Local current time GMT is displayed on the server at polling 2 ViPNet coordinator MONITOR_STATUS ViPNet Monitor status Integer 0 means the program is running. 1 means the program isn't running.
Parameter name Description Data type Possible values Comment GIDNAMES_TASKLIST Roles list (the list of roles assigned to the host) GFOSTATE_A_TOTAL_MEM* Total physical memory (RAM) Integer Compound type (commaseparated) When the whole parameter is checked, it returns a string When a parameter's element is checked, it returns an integer number 2 means an error in deciphering a response. 3 means the program state is unknown. 4 means the program isn't installed. GFOSTATE_A_FREE_MEM* Free physical memory (RAM) Integer MEM_USAGE* Memory usage Integer GFOSTATE_A_TOTAL_CPU* CPU load Integer GFOSTATE_A_BMAIL* ViPNet Business Mail Integer StateWatcher 4.3 196
Parameter name Description Data type Possible values Comment GIDNAMES_IPLIST List of host's IP addresses Compound type (commaseparated) GIDNAMES_ISSERVER GFOSTATE_A_FAILOVER GFOSTATE_A_UPTIME It detects whether the host functions as a coordinator on the ViPNet network The status of the Failover module on the active cluster node Duration of the active cluster element work (from the moment it switched to the When the whole parameter is checked, it returns a string When a parameter's element is checked, it returns an integer number Integer Integer Date DD/HH/MM/SS 1 means the host is a coordinator. 0 means the host isn't a coordinator. 0 means the Failover module is running. 1 means the module isn't running. 2 means the state of the module is unknown. 3 means the module isn't installed on the host.
Parameter name Description Data type Possible values Comment active mode or started in the active mode) GFOINFO_CLUSTER Signifies work in the failover cluster mode Integer 1 means work in the cluster mode. 0 means work in the single mode. GFOSTATE_A_BMAIL The status of the ViPNet Business Mail program on the host. Integer 0 means the program is running. 1 means the program isn't running. 2 means the state of the program is unknown. 3 means the program isn't installed on the host. Table 8: ViPNet Monitor parameters Parameter name Description Data type Possible values Comment StateWatcher 4.3 198
Parameter name Description Data type Possible values Comment GINFO_PVER Product version Compound type (pointseparated) When the whole parameter is checked, it returns a string When a parameter's element is checked, it returns an integer number GINFO_DEMVER Monitor version (daemon) Compound type (pointseparated) When the whole parameter is checked, it returns a string When a parameter's element is checked, it returns an integer number GINFO_DRVVER Driver version Compound type (pointseparated) When the whole parameter is checked, it returns a string When a parameter's element is checked, it returns an integer number GINFO_PACKTYPE IP packets type (encrypted Integer 0x400 (decimal 1024) 4.0 Only the real value of this parameter received during the last successful poll is saved as the previous value, in other words, the unknown (missing) values are not saved.
Parameter name Description Data type Possible values Comment packets format) format; 0x401 (decimal 1025) 4.1 format; GINFO_DUDP_TIMEOUT Allowed traffic absence timeout when working in the dynamic address translation mode Integer 25 GINFO_LOGVER IP packets log version Integer GIDSNATSETTINGS_FIREWAL LIP Firewall address Integer GIDSNATSETTINGS_PORT Firewall UDP port Integer GIDSNATSETTINGS_FIXFIREW ALL Fixing the parameter of external firewall Integer 1 firewall settings are fixed; 0 firewall settings are not fixed; GIDSNATSETTINGS_PROXYID Proxy server identifier Integer StateWatcher 4.3 200
Table 9: Disks Parameter name Description Data type Possible values Comment HD_USAGE* Total disk space usage (per cent) Integer GFOFSINFO_NAME* Disk name String GFOFSINFO_DEVICE* Device name String GFOFSINFO_TOTAL* Total disk space Integer GFOFSINFO_FREE* Free space volume Integer GFOFSINFO_USAGE* Space usage for a specified disk (per cent) Integer GFOFSINFO_USAGE = 100 * GFOFSINFO_FREE / GFOFSINFO_TOTAL Table 10: Tunneled IP addresses ranges Parameter name Description Data type Possible values Comment GSERVLIST_TUNNEL_REAL_S TART* Start IP address Compound type (pointseparated) When the whole parameter is checked, it returns a string When a parameter's element is checked, it returns an integer number
Parameter name Description Data type Possible values Comment GSERVLIST_TUNNEL_REAL_E ND* End IP address Compound type (pointseparated) When the whole parameter is checked, it returns a string When a parameter's element is checked, it returns an integer number Table 11: System events log Parameter name Description Data type Possible values Comment GFOSYSJ_TIME* Event time Date GFOSYSJ_TYPE* Event type Integer GFOSYSJ_SOURCE* Source String GFOSYSJ_CATEGORY* Category String GFOSYSJ_USER* User String GFOSYSJ_DESCR* Description String GFOSYSJ_JOURNAL* OS log that contains the event. String When the parameter is checked, it returns an integer number (unixtime format date) StateWatcher 4.3 202
Table 12: GIS Parameter name Description Data type Possible values Comment GEO_CODE_LAT Host location latitude String GEO_CODE_LON Host location longitude String Table 13: MFTP Parameter name Description Data type Possible values Comment GFOSTATE_A_MFTP* MFTP status Integer GMFTPSTAT_QUEUE_COUNT* GMFTPSTAT_QUEUE_SIZE* The number of envelopes in the queue Total size of all envelopes in the queue Integer Integer Table 14: Network interfaces list and its parameters Parameter name Description Data type Possible values Comment GIFINFO_NAME Interface name String
Parameter name Description Data type Possible values Comment GIFINFO_IPLIST List of access IP addresses Compound type (commaseparated) GIFINFO_MODE GIFINFO_STARTMODE Current level of unencrypted IP packets processing Level of unencrypted IP packets processing used on startup GIFINFO_NETMASK Subnet mask String When the whole parameter is checked, it returns a string When a parameter's element is checked, it returns an integer number Integer Possible values range from 1 to 5 Integer Possible values range from 1 to 5 When the parameter is checked, it returns an integer number GIFINFO_EXTERNAL Interface type Integer 1 for the external interface; 0 for the internal interface; GIFINFO_USED Interface status Integer 0 or missing the interface is unavailable; 1 the interface is available StateWatcher 4.3 204
Table 15: Network interfaces statistics Parameter name Description Data type Possible values Comment GIFSTAT_SEND_ENC_PASS GIFSTAT_SEND_ENC_PASS_B YTES* GIFSTAT_SEND_ENC_DROP GIFSTAT_SEND_ENC_DROP_B YTES* GIFSTAT_RECV_ENC_PASS GIFSTAT_RECV_ENC_PASS_B YTES* GIFSTAT_RECV_ENC_DROP GIFSTAT_RECV_ENC_DROP_B YTES* GIFSTAT_SEND_BR_PASS The number of allowed outgoing encrypted IP packets The total size of allowed outgoing encrypted IP packets (MB) The number of blocked outgoing encrypted IP packets The total size of blocked outgoing encrypted IP packets The number of successfully received encrypted IP packets The total size of allowed incoming encrypted IP packets The number of blocked incoming encrypted IP packets The total size of blocked incoming encrypted IP packets The number of allowed outgoing non-encrypted broadcast IP packets Integer Integer Integer Integer Integer Integer Integer Integer Integer GIFSTAT_SEND_BR_PASS_BY The total size of allowed Integer
Parameter name Description Data type Possible values Comment TES* outgoing non-encrypted broadcast IP packets GIFSTAT_SEND_BR_DROP GIFSTAT_SEND_BR_DROP_BY TES* GIFSTAT_RECV_BR_PASS GIFSTAT_RECV_BR_PASS_BY TES* GIFSTAT_RECV_BR_DROP GIFSTAT_RECV_BR_DROP_BY TES* GIFSTAT_SEND_NOT_ENC_PA SS The number of blocked outgoing non-encrypted broadcast IP packets The total size of blocked outgoing non-encrypted broadcast IP packets The number of allowed incoming non-encrypted broadcast IP packets The total size of allowed incoming non-encrypted broadcast IP packets The number of blocked incoming non-encrypted broadcast IP packets The total size of blocked incoming non-encrypted broadcast IP packets The number of successfully sent non-encrypted IP packets Integer Integer Integer Integer Integer Integer Integer GIFSTAT_SEND_NOT_ENC_PA The total size of allowed Integer StateWatcher 4.3 206
Parameter name Description Data type Possible values Comment SS_BYTES* outgoing non-encrypted IP packets GIFSTAT_SEND_NOT_ENC_DR OP GIFSTAT_SEND_NOT_ENC_DR OP_BYTES* GIFSTAT_RECV_NOT_ENC_PA SS GIFSTAT_RECV_NOT_ENC_PA SS_BYTES* GIFSTAT_RECV_NOT_ENC_DR OP GIFSTAT_RECV_NOT_ENC_DR OP_BYTES* GIFSTAT_SEND_BR_ENC_PAS S The number of blocked outgoing non-encrypted IP packets The total size of blocked outgoing non-encrypted IP packets The number of allowed incoming non-encrypted IP packets The total size of allowed incoming non-encrypted IP packets The number of blocked incoming non-encrypted IP packets The total size of blocked incoming non-encrypted IP packets The number of allowed outgoing encrypted broadcast IP packets Integer Integer Integer Integer Integer Integer Integer
Parameter name Description Data type Possible values Comment GIFSTAT_SEND_BR_ENC_PAS S_BYTES* GIFSTAT_SEND_BR_ENC_DRO P GIFSTAT_SEND_BR_ENC_DRO P_BYTES* GIFSTAT_RECV_BR_ENC_PAS S GIFSTAT_RECV_BR_ENC_PAS S_BYTES* GIFSTAT_RECV_BR_ENC_DRO P GIFSTAT_RECV_BR_ENC_DRO P_BYTES* TRAFFIC_TOTAL_IN* The total size of allowed outgoing encrypted broadcast IP packets The number of blocked outgoing encrypted broadcast IP packets The total size of blocked outgoing encrypted broadcast IP packets The number of allowed incoming encrypted broadcast IP packets The total size of allowed incoming encrypted broadcast IP packets The number of blocked incoming encrypted broadcast IP packets The total size of blocked incoming encrypted broadcast IP packets The total size of inbound IP traffic for a network interface, Integer Integer Integer Integer Integer Integer Integer Integer StateWatcher 4.3 208
Parameter name Description Data type Possible values Comment bytes (since the start of the ViPNet driver) TRAFFIC_TOTAL_OUT* TRAFFIC_TOTAL* TRAFFIC_LOAD* Total outbound IP traffic (outgoing bytes total for the network interface, since the start of the ViPNet driver) Total IP traffic (inbound and outbound, bytes, total for the network interface, since the start of the ViPNet driver) Network interface load (average traffic rate on the interface during the last polling period) Measured in megabytes per second (MB/sec) Integer Integer TRAFFIC_TOTAL = TRAFFIC_TOTAL_IN + TRAFFIC_TOTAL_OUT Integer If at least one of the previous values of the TRAFFIC_TOTAL_IN and TRAFFIC_TOTAL_OUT parameters is more than the current value, then TRAFFIC_LOAD = TRAFFIC_TOTAL (current) / polling period Otherwise, TRAFFIC_LOAD = (TRAFFIC_TOTAL (current) -
Parameter name Description Data type Possible values Comment TRAFFIC_TOTAL (previous)) / polling period Table 16: IP packets log settings Parameter name Description Data type Possible values Comment GDBS_MAXSIZE Maximum IP packets log size Integer GDBS_TIMEDIFF Logs aggregation period Integer GDBS_REGALL Log all IP packets Integer 1 register all IP packets; 0 register only blocked IP packets; GDBS_REGBROADCAST Log broadcast IP packets Integer 1 register broadcast IP packets; GDBS_REGTCPSERVERPORT For TCP connections, log only the remote server port Integer 0 do not register broadcast IP packets; 1 register only the server port; 0 register both the server port and the client port StateWatcher 4.3 210
Table 17: Passive cluster node parameters Parameter name Description Data type Possible values Comment GFOSTATE_P_MFTP* The status of the MFTP module on the passive cluster node Integer 0 means the module is running. 1 means the module isn't running. 2 means the state of the module is unknown. 3 means the module isn't installed on the host. GFOSTATE_P_IPLIR* The iplir daemon's status Integer 0 means the daemon is running. 1 means the daemon isn't running. 2 means the state of the daemon is unknown. 3 means the daemon isn't installed on the host.
Parameter name Description Data type Possible values Comment GFOSTATE_P_FAILOVER* GFOSTATE_P_UPTIME The status of the Failover module on the passive cluster node Duration of the passive cluster element work from the moment the failover system started in the passive mode Integer Date GFOSTATE_P_TOTAL_CPU* CPU load Integer GFOSTATE_P_TOTAL_MEM* Memory usage Integer GFOSTATE_P_FREE_MEM* Free physical memory (RAM) Integer DD/HH/MM/SS 0 means the module is running. 1 means the module isn't running. 2 means the state of the module is unknown. 3 means the module isn't installed on the host. Table 18: Failover system events Parameter name Description Data type Possible values Comment StateWatcher 4.3 212
Parameter name Description Data type Possible values Comment GFOJOURNAL_TIME The time when the Failover system event was registered Date When the parameter is checked, it returns an integer number (unixtime format date) GFOJOURNAL_EVENT The type of the registered event String FO_EVENT_BOOT means the system boot. FO_EVENT_SWITCH means switching to the active state. FO_EVENT_START_ACTI VE means the cluster node started in the active state. FO_EVENT_START_PASSI VE means the cluster node started in the passive state. Table 19: Connection with coordinators Parameter name Description Data type Possible values Comment GIDSNATSETTINGS_ID Host identifier Integer GIDSNATSETTINGS_NAME Host name String Based on ViPNet host links
Parameter name Description Data type Possible values Comment GIDSNATSETTINGS_STATUS Connection status Integer 0 coordinator is inaccessible 1 coordinator is accessible StateWatcher 4.3 214
Parameters Monitored on Public Hosts In this appendix, you will find a list of public hosts' parameters that are monitored in the current version of the ViPNet StateWatcher monitoring system. The parameters are joined into the same logical groups as in Monitoring Web Access. Each logical group of parameters is described in a separate table. For each parameter, you can see its name, brief description, type of data, and, if necessary, the possible values with a comment. The parameter name is a name that you should use when creating the processing rules. Table 20: System parameters Parameter name Description Data type Possible values Comment sysdescr Host description String sysuptime Up time Time (an unsigned number that is a number of hundredth parts of a second) syscontact Contact information for the person who administers this public host String sysname Host name String Matches the GIDNAMES_NAME parameter of monitored ViPNet hosts syslocation Host location String
Parameter name Description Data type Possible values Comment hrmemorysize Amount of RAM KB Matches the GFOSTATE_A_TOTAL_ MEM parameter of monitored ViPNet hosts hrsystemdate Host's current time Date When the parameter is checked, it returns an integer number (unixtime format date) Matches the GINFO_TIME_LOC parameter of monitored ViPNet hosts Table 21: Network settings Parameter name Description Data type Possible values Comment ipforwarding IPdefaultTTL IPinreceives ipinhdrerrors Whether the host is a router (performs forwarding) or not The lifespan of an IP datagram (TTL) The number of received IP datagrams The number of incoming IP datagrams containing errors in the packet heading Integer Integer Integer Integer StateWatcher 4.3 216
Parameter name Description Data type Possible values Comment ipinaddrerrors ipforwdatagrams ipinunknownprotos ipindiscards ipindelivers ipoutrequests ipoutdiscard The number of IP datagrams discarded because of an incorrect IP address Number of IP datagrams the forwarding of which was being attempted The number of IP datagrams whose protocol code is not supported The number of IP datagrams discarded because the buffer is full The number of incoming IP datagrams successfully processed on the IP layer The number of IP and ICMP datagrams intended for sending The number of IP and ICMP datagrams intended for sending, but discarded because the buffer is full Integer Integer Integer Integer Integer Integer Integer IPoutNoroutes The number of routing errors Integer
Parameter name Description Data type Possible values Comment ipreasmtimeout ipreasmreqds ipreasmoks ipreasmfails IPFragOKs ipfragfails ipfragcreates Maximum timeout in seconds for assembling the fragments The number of received fragments The number of received and successfully assembled IP datagrams The number of IP datagrams that could not be assembled The number of successfully fragmented IP datagrams The number of IP datagrams intended for fragmenting, but whose fragmenting is impossible (for example, because of a flag) The number of IP datagram fragments created by this host Integer Integer Integer Integer Integer Integer Integer Table 22: Network interfaces Parameter name Description Data type Possible values Comment StateWatcher 4.3 218
Parameter name Description Data type Possible values Comment IfNumber The number of network interfaces Integer IFindex Interface list Integer Possible values range from 1 to IfNumber value IfDescr Text description of the interface String IfType Interface type Integer For example: IfMTU The largest data unit that can be transmitted (maximum transmission unit) Integer IfSpeed The interface speed in bps Integer 6 Ethernet 9 802.5 Token Ring 23 PPP 28 SLIP IfPhysaddress Physical address Physical address For example, a0:b3:cc:a0:ac:26
Parameter name Description Data type Possible values Comment IfAdminStatus IfOperStatus The required state of the interface Current state of the network interface Integer Integer IfLactchange Current state time Time (an unsigned number that is a number of hundredth parts of a second) IfInOctets The number of received bytes Integer IfInUcastpkts IfInNUcastpkts The number of unicast packets delivered to the top system level Received broadcast and multicast IP packets delivered to the top system level Integer Integer Possible values: 1 the interface is enabled 2 the interface is disabled 3 the interface is being checked Possible values: 1 the interface is enabled 2 the interface is disabled 3 the interface is being checked StateWatcher 4.3 220
Parameter name Description Data type Possible values Comment IfInDiscads IfInErrors IfInUnknownProtos The number of received but discarded packets The number of packets received with errors The number of packets whose protocol code contains errors Integer Integer Integer IfOutOctets The number of sent bytes Integer IfOutUcastPkts IfOutNucastPkts IfOutDiscads IfOutErrors IfOutQlen The number of unicast packets received from the top system level The number of broadcast and multicast packets received from the top system level The number of sent but discarded packets The number of sent packets containing errors The number of IP packets in the send queue Integer Integer Integer Integer Integer
Table 23: Address information table (ARP) Parameter name Description Data type Possible values Comment IPAdEntBcastAddr The low bit value for a broadcast address IPadentifindex Interface identifier Integer IPAdEntAddr IP address of the interface IP address Integer Possible values are 0 and 1 (usually 1) IPadentnetmask Subnet mask for this interface IP address IPAdEntReasmMaxsize The maximum size of the IP datagram that can be collected Integer Possible values range from 0 to 65535 Table 24: Data storages Parameter name Description Data type Possible values Comment hrstorageallocationunits The data block size in bytes Integer hrstorageindex Data storage index Integer hrstoragesize Allocation unit size Integer hrstoragedescr Data storage description String hrstorageused Amount of used allocation units Integer StateWatcher 4.3 222
Parameter name Description Data type Possible values Comment hrstorageallocationfailuers The number of requests to the data storage, that could not be processed because of the space lack in the storage Integer hrstoragetype Data storage type String (containing the data storage identifier) Table 25: Disk data storages Parameter name Description Data type Possible values Comment hrdiskstorageremoveble The disk storage can be ejected Boolean Possible values true and false hrdiskstoragecapacity The size of the disk storage KB hrdiskstoragemedia The type of a disk storage Integer Possible values: 8 RAM 7 optical RW 6 optical WORM 5 optical ROM 4 floppy 3 hard drive
Parameter name Description Data type Possible values Comment 2 unknown 1 other hrdiskstorageaccess Permissions for accessing the device Integer hrdeviceindex Device identifier in the system Integer Possible values: 1 read and write 2 read only Table 26: Running processes Parameter name Description Data type Possible values Comment hrswrunindex Process ID in the system Integer hrswrunparameters A description of the parameters supplied to CPU when it was initially loaded String hrswrunstatus The status of the running process Integer Possible values: 1 launched 2 operable 3 inoperable 4 error StateWatcher 4.3 224
Parameter name Description Data type Possible values Comment hrswrunparth Location on a disk where the process was launched hrswruntype Process type Integer Possible values: hrswrunid hrswrunname Application identifier for the running process Description of the running process String String String 1 unknown 2 operating system 3 driver 4 application process Table 27: Installed applications Parameter name Description Data type Possible values Comment hrswinstalledtype The type of the installed program Integer Possible values: 1 unknown 2 operating system 3 driver
Parameter name Description Data type Possible values Comment hrswinstalledindex hrswinstalledname The index of the installed program A description of the installed program Integer String hrswinstalledid Program ID String hrswinstalleddate The date and time when the application was last modified Date When the parameter is checked, it returns an integer number (unixtime format date) 4 program Note: The SNMP client running on a host may fail to provide the monitoring server with a full list of applications installed on this host. Thus, some applications may be missing. Table 28: Network services Parameter name Description Data type Possible values Comment svsvcnumber Number of network services Integer svsvccanbepaused The ability to pause the service Integer Possible values: StateWatcher 4.3 226
Parameter name Description Data type Possible values Comment svsvcinstalledstate The status of the service installation Integer 1 pause impossible 2 pause possible Possible values: 1 not installed 2 pending installation 3 pending deletion 4 installed svsvcoperatingstate Current state of the service Integer Possible values: svsvcname Service name String 1 active 2 continue pending 3 pause pending 4 pause svsvccanbeuninstalled The ability to delete the service Integer Possible values: 1 can't be deleted 2 can be deleted
Table 29: Printer parameters Parameter name Description Data type Possible values Comment prtgeneralprintername.1 Printer name String prtgeneralserialnumber.1 Serial number of the printer String prtalertcriticalevents.1 The number of critical events Integer prtallevents.1 The number of all events Integer StateWatcher 4.3 228
ViPNet IDS Monitoring Parameters In this appendix, you will find a list of ViPNet IDS software and hardware appliance parameters that are monitored in the current version of the ViPNet StateWatcher monitoring system. The parameters are logically grouped the same way as in the monitoring web access interface. Each logical group of parameters is described in a separate table. For each parameter, you can see its name, brief description, type of data, and, if necessary, the possible values with a comment. The parameter name is a name that you should use when creating the processing rules. Table 30: System options Parameter name Description Data type Possible values Comment sysdescr Host description String sysuptime Up time Time (an unsigned number that is a number of hundredth parts of a second) syscontact Contact information for the person who administers this host String sysname Host name String Matches the GIDNAMES_NAME parameter of monitored ViPNet hosts syslocation Host location String
Parameter name Description Data type Possible values Comment infidssyssensid Current sensor identifier Integer infidssysreqbegin Report started Date infidssysreqend Report ended Date infidssysattacksnum Total number of attacks registered on the current sensor When the parameter is checked, it returns an integer number (unixtime format date) When the parameter is checked, it returns an integer number (unixtime format date) Integer Table 31: Available sensors Parameter name Description Data type Possible values Comment infidssensindex Sensor identifier Integer infidssensname Sensor name String StateWatcher 4.3 230
Table 32: Attacks statistics Parameter name Description Data type Possible values Comment infidssensindex Sensor identifier Integer infidsagrattacksseverity Attack severity Integer Possible values: 1 means a high severity level 2 means a middle severity level 3 means a low severity level infidsagrattacksnum Number of attacks Integer Table 33: Attack list Parameter name Description Data type Possible values Comment infidssensindex Sensor identifier Integer infidsattacksid Attack identifier Integer infidsattacksname Attack name String infidsattacksseverity Attack severity Integer Possible values: 1 means a high severity level 2 means a middle severity level 3 means a low severity level
Parameter name Description Data type Possible values Comment infidsattacksnum Number of attacks Integer infidsattacksurl A URL address with a description of the attack URL Table 34: Hosts under attack Parameter name Description Data type Possible values Comment infidssensindex Sensor identifier Integer infidsattackedhostindex Attacked host identifier Integer infidsattackedhostip Host IP address IP address infidsattackedhostnum Number of attacks targeting this host Integer Table 35: Attacking host list Parameter name Description Data type Possible values Comment infidssensindex Sensor identifier Integer infidsattackerhostindex Attacking host identifier Integer StateWatcher 4.3 232
Parameter name Description Data type Possible values Comment infidsattackerhostip Host IP address IP address infidsattackerhostnum Number of attacks initiated by this host Integer
D Public Hosts Import File Template If you need to add many public hosts for monitoring at once, you can do it by creating and using an import file in the XML format. The import file allows you to add the public hosts described in it for monitoring. It must contain the following information about each host: The host's IP address. The host's name. The maximum allowed host name length is 255 characters. If there is no host name specified, the host's IP address is specified in its place. The network port, which the monitoring server uses to connect to the public host. The maximum port number is 65536. The network protocol over which the monitoring server communicates with the public host. Only two protocols are supported: TCP and UDP. Public Hosts Import File's Template <?xml version=1.0 encoding=utf-8?> <xs:schema xmlns:xs=http://www.w3.org/2001/xmlschema elementformdefault=qualified attributeformdefault=unqualified> <xs:element name=opennodes type=opennodestype/> <xs:complextype name=opennodestype> <xs:sequence> StateWatcher 4.3 234
<xs:element name=opennode type=opennodetype minoccurs=0 maxoccurs=unbounded/> </xs:sequence> <xs:attribute name=version type=xs:float/> </xs:complextype> <xs:complextype name=opennodetype> <xs:simplecontent> <xs:extension base=xs:string> <xs:attribute name=ip type=xs:string use=required/> <xs:attribute name=name use=optional> <xs:simpletype> <xs:restriction base=xs:string> <xs:maxlength value=255/> </xs:restriction> </xs:simpletype> </xs:attribute> <xs:attribute name=port type=xs:integer use=required/> <xs:attribute name=protocol type=xs:boolean use=required/> </xs:extension> </xs:simplecontent> </xs:complextype> </xs:schema> An Example of a Public Hosts Import File's Template <?xml version=1.0 encoding=utf-8?> <opennodes version=1.0> <opennode ip=192.168.1.3 name=authorization server port=161 protocol=tcp/> <opennode ip=192.168.1.5 name=dns server port=161 protocol=udp/> </opennodes> StateWatcher 4.3 235
E Monitoring System Capacity Index StateWatcher 4.3 236
ViPNet StateWatcher Monitoring System's Performance Table 36: ViPNet StateWatcher monitoring system's performance Performance characteristics Maximum number of hosts (ViPNet and public ones), monitored by a single monitoring server Response time of the main pages of user interface Duration of exporting the hosts' unprocessed parameters Duration of executing a request to the monitoring server database under the maximum load Monitoring server database growth rate per monitored host Cascade traffic capacity Starting the ViPNet StateWatcher monitoring system with a standard database after an emergency system shutdown (blackout or OutofMemory error shutdown) Value 20,000 1 to 5 seconds Less than 30 seconds 1 to 5 seconds 15 kilobytes per hour (with the 5 minutes polling period) 2,000 notifications per 5 minutes up to 10 minutes Note: The maximum number of hosts monitored by a single monitoring server is calculated on the assumption of one notification per poll. Table 37: User interface pages response delay when monitoring 20,000 hosts Action Saving a processing rule that is appointed to a large number of monitored hosts Adding a lot of hosts from the hosts available for monitoring list to a host group Response delay up to 30 seconds may take up to 30-40 seconds StateWatcher 4.3 237
Assigning a large number of hosts to be monitored Deleting a large number of monitored hosts from the monitoring system Transferring a large amount of monitored hosts from one group to another may take up to 5-6 seconds may take up to 20-25 seconds may take up to 5-15 seconds Table 38: Raw database growth rate Number of hosts 1 day 1 week 1 month 50 40 MB 300 MB 1.2 GB 100 80 MB 600 MB 2.5 GB 200 160 MB 1.2 GB 5 GB 1,000 800 MB 6 GB 25 GB 10,000 8 GB 60 GB 250 GB 20,000 16 GB 120 GB 500 GB Note: Database growth rate has been estimated given that a host is polled every 5 minutes and 360 KB of unprocessed parameters per day are received from every host. StateWatcher 4.3 238
Estimating the Traffic Load in the ViPNet StateWatcher Monitoring System Here you can learn how to estimate the approximate traffic load in the ViPNet StateWatcher monitoring system. The suggested estimation assumes that failures occur on hosts with the maximum frequency. The given estimates are suggesting a peak traffic load and not likely in a real system. A monitoring server receives about 5 KB of data when polling a host. This is the maximum estimate assuming that the monitoring server gets data about all the parameters that the ViPNet StateWatcher monitoring system can control. The maximum amount of data transferred within a cascade is also approximately 5 KB. The rest of the messages that monitoring servers exchange within the cascade are substantially smaller. To estimate the approximate traffic load (in kilobytes) for a monitoring server in a given time span, you may use the following formula: 5 * <number of hosts> * <time span> / <polling period> The number of hosts includes the cascaded monitored hosts of the monitored server. It is suggested that during each polling period, on every cascaded monitored host, one of the processing rules is executed. For example, if there are one hundred hosts in the system, and the polling period is 300 seconds, then the monitoring server will be receiving not more than 6,000 kilobytes per hour (3,600 seconds). Warning: In this formula, use the same measuring units for the time span and the polling period. In the table below, you can find the estimation of daily, weekly and monthly monitoring server traffic load (in megabytes) for a different number of monitored hosts. The poll period is 5 minutes (300 seconds). StateWatcher 4.3 239
Number of hosts 1 day 1 week 1 month 50 72 MB 504 MB 2160 MB 100 144 MB 1,008 MB 4,320 MB 200 288 MB 2,016 MB 8,640 MB 1000 1,440 MB 10,080 MB 43,200 MB 10,000 14,400 MB 100,800 MB 432,000 MB 20,000 28,800 MB 201,600 MB 864,000 MB For monitoring 300 hosts with a 5-minute polling period, we recommend you to use a channel with a rate of no less than 40 kilobits per second (Kbps). For monitoring 20,000 hosts with a 5-minute polling period, we recommend you to use a channel with a rate of no less than 1 gigabit per second (Gbps). StateWatcher 4.3 240
F Advanced Settings in Windows OS StateWatcher 4.3 241
Configuring the SNMP Service on a Public Host A monitoring server can receive information about a public host if the SNMP service (SNMP agent) is properly configured. On the monitoring server's request, this service collects information about the public host's functioning and sends it to the server. To configure the SNMP service: 1 Open Control Panel. 2 Click Programs and Features. 3 On the Uninstall or change a program page, in the navigation pane, click the link Turn Windows features on or off. Figure 82: Programs and components StateWatcher 4.3 242
4 In the displayed window, select the Simple Network Management Protocol (SNMP) and SNMP WMI Provider check boxes and click OK. Figure 83: Enabling the SNMP service 5 Close the window and return to Control Panel Home. 6 Click Administrative Tools. 7 In the displayed window, double-click the Services shortcut. 8 In the Services snap-in, right-click the SNMP service and click Properties. StateWatcher 4.3 243
Figure 84: Windows services 9 In the SNMP Service Properties dialog box, on the Agent tab, under Services, select all check boxes. StateWatcher 4.3 244
Figure 85: Configuring the SNMP service 10 On the Safety tab, do the following: 10.1 Select the Send authentication trap check box. 10.2 Click Accept SNMP packets from any host. 10.3 Click OK. StateWatcher 4.3 245
Figure 86: Configuring the SNMP service security 11 In the Services snap-in, select the SNMP service and, on the toolbar, click Restart Service. As a result, on a public host, the SNMP service will be started. Now you can add the host to the monitoring system (see Adding Hosts to the Public Hosts List on page 84) and collect information about it. StateWatcher 4.3 246
Assigning the postgres Access Rights to a User in Windows OS To give a postgres user the maximum rights (Full Control) for working with the folder where the monitoring database tables will be stored: 1 Right-click the folder and, on the context menu, click Properties. 2 In the <Folder name> Properties window, click the Security tab and click Edit. Figure 87: Changing the folder's security settings 3 In the Permissions for <Folder name> window, under Group or user names, choose the postgres user. 4 Under Permissions for <group or user name>, in the Allow column, select the Full control check box. StateWatcher 4.3 247
Figure 88: Allowing full access to the folder 5 Click OK. As a result, the postgres user will have full control over the folder. StateWatcher 4.3 248