manualshive.com logo in svg

Raritan COMMANDCENTER NOC, Руководство администратора

Административный мануал Raritan COMMANDCENTER NOC доступен для загрузки бесплатно с нашего веб-сайта. Получите инструкцию по использованию этого продукта, чтобы эффективно управлять вашей сетью. Скачайте мануал сейчас с manualshive.com и ознакомьтесь с функционалом Raritan COMMANDCENTER NOC.

Поделиться
Скачать
background image

C

HAPTER 

3:

 CONFIGURING INTRUSION DETECTION

 53 

 

 

 

 

Advanced Intrusion Detection Administration  

Advanced administration assists in fine tuning the set of signatures that an intrusion detection 
application will use to detect intrusion traffic on the network.  

Manage Signatures  

The 

Manage Signatures

 page allows you to disable specific signatures on a per-appliance basis. 

This allows you to disable signatures that may produce false-positive alerts because of conditions 
on your network. These settings will take precedence over the broader categories that may be 
selected in the Signature Profiler. 
1.

 

Click on the 

Admin

 

tab in the top navigation bar.  

2.

 

Click 

Intrusion Detection Configuration

.  

3.

 

Click 

Advanced Security Administration

.  

4.

 

Click 

Manage Signatures

.  

 

 

Figure 67 Selecting an Intrusion Detection Appliance for Changing Signature Set  

5.

 

Select the appliance you wish to enable/disable signatures for by clicking 

configure

 next to it.  

 

Figure 68 Generating New Signature Set  

6.

 

After you have finished making any changes to the signature set, you will need to manually 
generate a new signature set so that the appliance will get the latest settings. Click 

generate 

new signature set 

at the bottom of the screen to generate the signature set.  

Within several minutes, the signatures will be generated and the CC-NOC will load the new 
settings and continue to monitor for security events. 

Содержание COMMANDCENTER NOC

Страница 1: ...CommandCenter NOC Administrator Guide Release 5 4 Copyright 2006 Raritan Computer Inc CCNOC 0D E June 2006 255 80 5301 00...

Страница 2: ...This page intentionally left blank...

Страница 3: ...15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a commercial installation This equipment generates uses and can radiate radio frequency...

Страница 4: ...It is recommended to change this immediately Rack Mount Safety Guidelines In Raritan products which require Rack Mounting please follow these precautions Operation temperature in a closed rack environ...

Страница 5: ...te Devices 19 Configure Performance Thresholds 21 Configure Outage Report 22 SNMP Reparenting Exclusion List 23 Associate CommandCenter Secure Gateway CC SG 23 Configure a CC SG 23 Create a CC SG Peer...

Страница 6: ...2 Authenticate Windows Computers 64 Manage Unmanage or Rescan Devices 64 Configure Windows Performance Thresholds 65 Configure WINS Server or LMHOSTS File on 2500M 65 Edit WINS Settings 65 Edit LMHOST...

Страница 7: ...dresses in the SNMP Interfaces Table 111 Why Can t My CC NOC Manage X Service 112 Pollers 112 Notifications 113 Why am I Not Receiving Notifications 113 What Conditions Cause a Notification to be Sent...

Страница 8: ...ture Profiler and the Rules Engine 133 Responding to Events and Notifications 134 Event Categories 134 What do I do when 134 What if I have been hacked 135 Security An Elusive Goal 135 Appendix F Noti...

Страница 9: ...e 23 Associate a CommandCenter Secure Gateway 25 Figure 24 Create a CC SG Peer 25 Figure 25 Disconnect a CommandCenter Secure Gateway 26 Figure 26 Delete a CommandCenter Secure Gateway 26 Figure 27 Ma...

Страница 10: ...proxy authentication credentials 60 Figure 75 List of Windows Management Proxies 61 Figure 76Selecting Internet Protocol TCP IP for WINS Settings 62 Figure 77Selecting WINS Tab 63 Figure 78 Change Au...

Страница 11: ...g Modem Parameters 88 Figure 113 Editing Modem Parameters 88 Figure 114 Importing assets 90 Figure 115 Exporting assets 91 Figure 116 Mapping unassociated assets to nodes 91 Figure 117 Clear all asset...

Страница 12: ...xii FIGURES...

Страница 13: ...ly are deployed in smaller networks or satellite offices CC NOC 100 CC NOC 250 For instructions on deploying and configuring a CC NOC 100 or CC NOC 250 see Raritan s CommandCenter NOC Deployment Guide...

Страница 14: ...al Authentication By default CC NOC users will be locally authenticated if remote authentication is not configured Local authentication is also used if remote authentication is configured but the CC S...

Страница 15: ...devices connected to CC SG CSV comma separated value files are simple database files that can be easily imported into a spreadsheet or database program so that you can generate custom reports This ex...

Страница 16: ...ID coupled with the node label for the node experiencing the outage the address of the impacted interface the service name and the time the outage occurred are all tracked within the Outages Browser A...

Страница 17: ...users to the categories that they are most interested in Vulnerability Scan the CC NOC can be configured to scan for vulnerabilities for example unpatched systems and older known vulnerable server da...

Страница 18: ...ion Service availability polling SNMP performance data collection SNMP performance thresholding You can transition a device with an Infrastructure license to any of the following licensed states Works...

Страница 19: ...ted Workstation licenses provide a mechanism for you to obtain additional polling and performance data from a troublesome device on a temporary basis without taking up a Server or Infrastructure licen...

Страница 20: ...8 COMMANDCENTER NOC ADMINISTRATOR GUIDE...

Страница 21: ...afe state for power removal Appliance Shutdown Restart The System Shutdown and System Restart buttons are one way that your CC NOC can be shut down or restarted You can also shutdown and restart a CC...

Страница 22: ...ime will be reset when you continue to the next step 6 Click the drop down arrow and select your time zone from the select box The list is sorted first by country two character code then an order with...

Страница 23: ...default gateway 5 Click save changes Change the ISP Gateway Address This page provides a way to manipulate the address monitored for inclusion in the Internet Connectivity category The CC NOC handles...

Страница 24: ...e provide the IP address of an SMTP server below 1 Click on the Admin tab in the top navigation bar 2 Click Appliance Network Settings 3 Click Outgoing Email Communication Figure 5 Configure Outgoing...

Страница 25: ...3 Click Change Nameserver Addresses Figure 6 Configure Nameserver Addresses 4 Type addresses for primary required secondary tertiary DNS servers and WINS server Note The WINS Server that you can speci...

Страница 26: ...s and the last address and click add to includes Ranges may span multiple networks If there are any ranges or addresses that cannot or should not be discovered make sure to add an entry to add to excl...

Страница 27: ...55 Within that range you can specify one IP address we do not want managed 192 168 0 210 You also included a specific IP outside of the range we specified 192 168 5 100 to manage This is a good setup...

Страница 28: ...or range for each string if you wish to provide an SNMP string for all devices that the CC NOC is managing just specify the range as 0 0 0 0 255 255 255 255 Click remove if you wish to remove the defi...

Страница 29: ...1 Edit Scheduled Outages 5 Type a name for the scheduled outage 6 Select a node label that is a DNS hostname or IP address from the Included Node Label drop down list and click add Adding a node label...

Страница 30: ...default because in most cases the availability of SNMP data is not integral to the core business of a company thus it is excluded from availability calculations Even if this poller is disabled SNMP pe...

Страница 31: ...e custom poller click apply changes on the Configure Pollers page to apply the settings When specifying ports if there is more than one port where the service can be located it is recommended to creat...

Страница 32: ...equires that it is under Windows management please see Chapter 4 Configuring Windows Management for additional information You can have up to five promoted workstations 6 If you delete one or more dev...

Страница 33: ...d on a per device basis see Edit Performance Thresholds Per Device later in this chapter Per device thresholds override values that are configured here Please see Appendix C Performance Monitoring for...

Страница 34: ...ring the entire week Another for availability during business hours You can edit the time period that is used to calculate the business hours availability by changing the data in the fields in this pa...

Страница 35: ...se nodes separate 1 Click on the Admin tab in the top navigation bar 2 Click Network Management Configuration 3 Click SNMP Reparenting Exclusion List Figure 18 SNMP Reparenting Exclusion List 4 Type a...

Страница 36: ...ntirely 6 If you click Enable Link in Sidebar all normal and administrator users will have a link in the left hand sidebar that will take them directly to your CC SG appliance s user interface Note th...

Страница 37: ...s to you which you will enter here Once the certificate exchange process is complete a secure channel is established between CC NOC and CC SG The secure channel created here is available for one year...

Страница 38: ...to CC SG and a secure channel exists deleting the CC SG will tear down the secure channel You will not be able to access this CC SG from CC NOC 1 Click on the Admin tab in the top navigation bar 2 Cl...

Страница 39: ...strator group they will be given Administrator rights To map CC SG user groups to CC NOC user roles 1 Click on the Admin tab in the top navigation bar 2 Click Map Secure Gateway User Groups to Local U...

Страница 40: ...nagement platforms or Raritan appliances use Configure Event Recipients to specify where your events should be forwarded 1 Click on the Admin tab in the top navigation bar 2 Click Multi site Managemen...

Страница 41: ...Severities to Forward to specify which events should be forwarded 1 Click on the Admin tab in the top navigation bar 2 Click Multi site Management 3 Click Configure Event Forwarding 4 Click Configure...

Страница 42: ...ery queue For example if a new server has been added to your environment and you want to monitor it immediately it can be added here The discovery process will then determine the characteristics of th...

Страница 43: ...tive data samples e g triggers which must be exceeded before an event is generated 5 Enter values for Value Rearm At and Trigger The Value column indicates the threshold which varies by metric at whic...

Страница 44: ...2 Click Administrator Tools 3 Click Export Download Configuration Files Figure 35 Export Download Configuration Files 4 Access http CommandCenter_NOC_IP_Address public to view the file Download Log F...

Страница 45: ...tabase of collected management information that includes event and notification records It is possible to exhaust the storage space on this CC NOC if you are monitoring a number of devices that exceed...

Страница 46: ...en download this file by accessing http CommandCenter_NOC_IP_Address public 1 Click on the Admin tab in the top navigation bar 2 Click Administrator Tools 3 Click Generate Diagnostics File Figure 39 G...

Страница 47: ...rt tools which may be useful when troubleshooting specific problems such as when applying system patches upgrades or as directed by support personnel Options in this page allow you to perform several...

Страница 48: ...on 3 Click System Software Signature Updates 4 Click Download Updates Figure 43 Download Updates 5 The list is all of the updates that the CC NOC does know about If no updates are displayed click chec...

Страница 49: ...pdates 4 Click View Installed Updates Figure 45 View Installed Updates 5 If desired click the file to view details View All Updates The View All Updates page provides an overall view of updates which...

Страница 50: ...ing a proxy click Yes to the question and enter in the proxy information in the provided fields If you are not using a proxy click No 7 Click save settings Upload Update Manually For those who do not...

Страница 51: ...type of data you wish to purge 5 Click remove data and confirm your choices 6 Clicking recreate database causes the database structure to be purged and re built This is necessary if your database has...

Страница 52: ...have Internet access or choose not to use the web based upload functionality backup files can be manually uploaded to the CC NOC The Upload File dialog box was created to facilitate that upload Note t...

Страница 53: ...the route table click Add static route Figure 52 Add a New Network Route 2 Type the destination address netmask and gateway for the new network route The gateway is optional 3 Click add route Prune Un...

Страница 54: ...municate directly with the management data on the CC NOC If the management data is deleted on the CC NOC while a Windows Management appliance is connected the Windows Management appliance may continue...

Страница 55: ...Deployment Guide If you have not yet received the appliance license please contact Technical Support 1 Click on the Admin tab in the top navigation bar 2 Click Install CommandCenter NOC License Figure...

Страница 56: ...ces List The table above reflects all of the appliances that have been configured to report information back to this Web Console This listing of appliances also includes a free form note with each ent...

Страница 57: ...see the appropriate manuals for configuration of the Roving Analysis Port To ensure that the CC NOC is passing packets correctly you can view your network traffic please see Raritan s CommandCenter N...

Страница 58: ...re incoming or outgoing from the home network For this reason it is important to set up the home network for the device to ensure that the intrusion detection is as accurate as possible and that the n...

Страница 59: ...dresses that are not a part of a subnet This includes individual addresses and all addresses within your ranges 7 Click finish configuration Configure Port Scan Detection Intrusion Detection appliance...

Страница 60: ...box The Last Change field indicates the last time that the home network for the appliance was changed Figure 61 Selecting an Intrusion Detection Appliance for Portscan Detection 4 Choose the appliance...

Страница 61: ...ranges 7 To prevent detection of portscans originating from the home network of the appliance check the Exclude all traffic originating from your home network check box This can prevent some types of...

Страница 62: ...inistration for additional information If an Intrusion Detection appliance is listed as Not Configured you must use the Signature Profiler to configure its signatures so that it can begin relaying eve...

Страница 63: ...work does not contain any devices or services of a type listed below you may wish to disable detection of signatures that only affect that device or service For instance if you have Linux servers but...

Страница 64: ...rom the drop down selection list and click Load Configuration Figure 65 Load Intrusion Detection Settings 12 When you have changed the settings to reflect the devices and services on your network clic...

Страница 65: ...er 1 Click on the Admin tab in the top navigation bar 2 Click Intrusion Detection Configuration 3 Click Advanced Security Administration 4 Click Manage Signatures Figure 67 Selecting an Intrusion Dete...

Страница 66: ...nature file that is uploaded must adhere to these rules Custom signatures must be in a file with one signature entry per line Comment lines must begin with the character The signatures must be in Snor...

Страница 67: ...n Check that all MS Office applications are legally licensed Obtain a list of workstations that have just installed new software Pinpoint machines that are running Spyware which should be uninstalled...

Страница 68: ...l performance on your Windows external proxies as they collect management information Download and Run ProxyInstaller Configuring a system as a proxy is accomplished in two steps The first step is to...

Страница 69: ...vice type fileandprint mode enable scope custom address address of external proxy or 2500M For example if the IP address of your external proxy or CC NOC 2500M is 192 168 1 45 then you would enter net...

Страница 70: ...Windows Management 5 Click add new external proxy Note To access the Windows Management Configuration Wizard in a distributed environment that is from a CommandCenter 2500N in the navigation tab bar a...

Страница 71: ...tem is categorized as either a Server Infrastructure Device or Workstation device and the appropriate license is assigned if available Note It is recommended not to include DHCP devices in the discove...

Страница 72: ...that is associated with hosts you wish to manage you will need to provide authentication information for example username and password which will be used to log into the systems and pull performance...

Страница 73: ...arget system is a member a username that must be a member of the Local Administrators group on the target systems In most cases the Domain administrator will be a member of this group a username that...

Страница 74: ...igure it as explained in section Configure WINS later in this chapter To ensure successful name resolution a route for the remote network must exist on the default router and an entry is needed in the...

Страница 75: ...INS server Edit LMHOSTS File on External Proxy If a WINS server is not available but you need to resolve NetBIOS names to IP addresses for Windows servers that exist in another network you can also ed...

Страница 76: ...ect WMI data from the computer with the given username and password and it will be displayed with status Auth Failed in the device list Click cancel to end the authentication test and return to the li...

Страница 77: ...Configure Windows Performance Thresholds Figure 80 Configuring Windows Performance Thresholds Listed above are the current values at which Windows performance metrics are considered problematic which...

Страница 78: ...ettings 3 Select the CC NOC 2500M appliance from the pull down menu next to edit WINS settings 4 Click edit WINS settings Figure 82 WINS Server IP Address 5 Specify a WINS server for the remote applia...

Страница 79: ...ternal proxy on the CC NOC 2500M appliance and a WINS server is not available 1 Click on the Admin tab in the top navigation bar 2 Click CommandCenter NOC 2500M Configuration Figure 83 CommandCenter N...

Страница 80: ...RATOR GUIDE 5 Specify the IP address of each remote Windows server from which you wish to collect WMI data 6 You can also delete all of the lmhosts settings for the appliance by clicking delete LMHOST...

Страница 81: ...oftware updates to fix known security holes Shut down unwanted or unnecessary services Remove access to sensitive information on your network Change security settings and passwords to make them more d...

Страница 82: ...the target some nodes can be disabled by this type of port scanning Scan Level 1 has been proven potentially harmful to some platforms and services including but not limited to Solaris 2 6 some patch...

Страница 83: ...4 carry out real intrusion attempts against targets and can have negative effects on the target machines to the point of data loss and denial of services Use these scan levels with extreme caution You...

Страница 84: ...ur when it won t adversely impact your network This will allow you to perform the more intensive vulnerability scanning without impacting your network availability Recurring scans can also be configur...

Страница 85: ...h can have any arbitrary number of escalations or targets that is users or groups and can send notices through email pagers etc Each notification path can be triggered by any number of CC NOC events a...

Страница 86: ...ck arrange these notices for the particular list you want to order as shown below see section Arrange Notice Hierarchy for additional information The Send To column shows the notification path that th...

Страница 87: ...y be encountered select one of the event types to associate with this notification If the event that you pick occurs the system will send this notification 5 Click next Build and Validate an Interface...

Страница 88: ...Matches any address with 192 168 1 in the first three octets 192 168 0 1 99 Matches 192 168 0 1 192 168 0 2 192 168 0 3 etc Another example The following fields are all valid and would each create th...

Страница 89: ...the name is not unique the previous notice that had the name will be overwritten 11 Type a textual Description for this event notification This is optional 12 Type the Destination Path that describes...

Страница 90: ...hardware responsible for the notification Please see Appendix F Notification Parameters for a list of asset table variables Arrange Notice Hierarchy If you created multiple notices for a single event...

Страница 91: ...otification groups Each group is listed in its own panel and you may modify the definition of the group by clicking modify or remove a group by clicking delete next to it The next section explains how...

Страница 92: ...than one user or hold down the Shift key and click on the opposing end to select a range of users Select to move the users to the Currently in Group box 7 Change the ordering by selecting a user in th...

Страница 93: ...or information about how to configure the paging functions 1 Click on the Admin tab in the top navigation bar 2 Click Notification Configuration 3 Click Configure Notification Paths Figure 100 Configu...

Страница 94: ...re 101 Configuring a Notification Path To create a new notification path 4 Type a unique new path name The name must be alphanumeric and can include and and _ characters 5 Choose one of the target typ...

Страница 95: ...get and type an email address for the notification path Figure 104 Configuring an Email Target in Notification Path 6 Click add path Modify a Notification Path In this page you can confirm the notific...

Страница 96: ...ure 106 Define Escalation in Notification Path To define the escalation for a notification path 5 Select a time interval that is minutes hour or days that specifies how long to wait before sending the...

Страница 97: ...an interval that is minutes hour or days to indicate how long to wait before sending the notification to users in this group Then select one or more delivery methods for the group Figure 108 Configuri...

Страница 98: ...need to attach a modem to the CC NOC and to a phone line so that pager messages can be sent Please contact Technical Support for a list of supported modem devices Next you must set up the modem and se...

Страница 99: ...required are marked with an asterisk To add a TAP provider 4 Click add new tap service Figure 111 Editing TAP Service 5 Type a unique identifier for this TAP service in Service Name This is required...

Страница 100: ...meters 1 Click edit in the TAP Modem Settings box Figure 112 Editing Modem Parameters 2 Type the Modem Initialization Command which should be an AT command that is sent to the modem to bring it online...

Страница 101: ...nventory tracking delivers on demand reports of hardware and software inventory enabling greater productivity financial accountability and end user satisfaction Manage Assets This section describes ho...

Страница 102: ...ll be duplicated After importing you can supply a Target Node field that will be used to do a best guess mapping between an asset and a node based on a match between the Target Node and the node s IP...

Страница 103: ...have not yet been associated with a node Any assets that you imported with a Target Node field and have not already been associated with a node will be listed along with a best guess as to what node...

Страница 104: ...ver need to recover this data in the future If you are rebuilding the asset records from an export via the CC NOC you will need to clear the asset table prior to re importing Otherwise all asset recor...

Страница 105: ...tion addresses and duty schedules to individual technicians If adding or modifying users be prepared with user IDs passwords notification contact information for example email addresses and or pager e...

Страница 106: ...have configuration access to the CC NOC 7 Click create user Edit a User When adding or editing a user the procedure below will be the same 1 Click on the Admin tab in the top navigation bar 2 Click Us...

Страница 107: ...ll phone messaging services that cannot display text messages To configure a TAP pager service now gather your service provider s TAP information and click here please see section Configure TAP Paging...

Страница 108: ...ies are logical groupings of devices based on filters that you create CC NOC provides these default categories Category Description DNS DHCP Servers Includes all managed interfaces which are running e...

Страница 109: ...ddress matching functionality the filters can be created quickly and easily while being extremely powerful as well Note Categories should be created first before building a view 1 Click on the Admin t...

Страница 110: ...first three octets 192 168 0 1 99 Matches 192 168 0 1 192 168 0 2 192 168 0 3 etc Another example The following fields are all valid and would each create the same result set all TCP IP addresses fro...

Страница 111: ...ll receive the view that is alphabetically presented first The view under the Avail Report Default column is used when creating the Availability Report please see Raritan s CC NOC User Guide for addit...

Страница 112: ...them please see section Configure Categories earlier in this chapter for additional information Figure 127 Add Modify Views 1 To create a new view type a new name 2 Select the categories that will co...

Страница 113: ...re not mapped to a specific view then the Default view that was selected in section Configure Views will be displayed 1 Click on the Admin tab in the top navigation bar 2 Click Category and View Confi...

Страница 114: ...102 COMMANDCENTER NOC ADMINISTRATOR GUIDE...

Страница 115: ...dware Specifications Processor AMD Opteron 146 Memory 2 GB Network Interfaces 2 10 100 1000 Ethernet RJ45 Hard Disk Controller 2 80 GB SATA 7200 rpm RAID 1 CD ROM Drive DVD ROM Remote Connection Modem...

Страница 116: ...Shock N A Electrical Specifications INPUT Nominal Frequencies 50 60 Hz Nominal Voltage Range 100 240 VAC Maximum Current AC RMS 3A AC Operating Range 100 to 240 VAC 10 50 60 Hz OUTPUT 5 VDC 12VDC N A...

Страница 117: ...shooting issues surrounding your CC NOC If you next make certain that your CC NOC appliances are healthy they will be the tools that help you heal your network The Raritan Support Structure Raritan is...

Страница 118: ...the following messages Degraded RAID Array RAID Array Failure RAID Array Dissapeared These are critical errors and you should contact Raritan Tech Support immediately if they occur Important If instru...

Страница 119: ...ey are monitoring The default for most pollers is to run every five minutes unless an outage occurs You can adjust the polling interval from the Admin page but it is strongly advised that you consider...

Страница 120: ...ystem it will be identified in the scan list and all relevant information available for that vulnerability will be listed Events Historic Data and Graphs All events and historic data are stored or sum...

Страница 121: ...ery you must first understand when it runs and how it runs The discovery service initially runs after the managed IP address ranges are configured After that point it will run once per day for the ent...

Страница 122: ...elect on Settings 3 Select Network and Dial up Connections 4 Right click on Local Area Connection 5 Select Properties 6 Select Internet Protocol TCP IP 7 Select Properties Select Advanced Select the W...

Страница 123: ...formation Depending on the type of device and the services it provides you will need to check either the NetBIOS node names are resolving correctly or that the SNMP interfaces table contains both addr...

Страница 124: ...ry the device with SNMPv2 only as it s more efficient and there is no need to retrieve redundant data Pollers The pollers decide what to poll by analyzing the interfaces and services in the database a...

Страница 125: ...on the Outgoing Email Communications page under the Admin tab Appliance Network Settings use it to verify that the email system is configured You can easily change the configuration from this page to...

Страница 126: ...ormation has changed the Network Systems group will receive an Email notification Additionally when the Windows management sub system identifies a system fault or software installation removal on a ma...

Страница 127: ...at is hosting that agent In the case of an NT Server that sysObjectID might look something like 1 3 6 1 4 1 311 1 1 3 1 which when decoded reveals an embedded series of qualifiers that look something...

Страница 128: ...of GetIF is in using it to minimally expose the ability the gather data On the main panel you have a series of fields that if data is available are automatically populated In the case that they are y...

Страница 129: ...estion rather than a problem each section in this chapter will cover a common question In our next section we will return to the normal troubleshooting format How is Performance Data Summarized Perfor...

Страница 130: ...get percentage x x 10 thousandths of a percent divide by 10000 to get percentage Additional Support For additional support you can contact Technical Support We are here to help you In addition to our...

Страница 131: ...aritan com For technical support call the number as stated in the front of this document Note that Technical Support is intended to provide resellers and customers with technical assistance if necessa...

Страница 132: ...120 COMMANDCENTER NOC ADMINISTRATOR GUIDE...

Страница 133: ...s SNMP determines whether the device supports SNMPv1 and or SNMPv2 SNMPv2 introduced several mechanisms for making data collection more efficient and if the device supports it we will opt for the most...

Страница 134: ...rucial resources are being taxed Microsoft Windows CPU Utilization Drive Size Utilization C Drive Size Utilization D Provides insight as to processor scalability and drive usage Novell NetWare CPU Uti...

Страница 135: ...ail Waiting Mail Messages waiting for delivery Average mail delivery time Average mail size delivered Mail transmission failures Replication failures Average transactions minute Total calendar users T...

Страница 136: ...or you feel should be addressed differently please let us know at Technical Support Windows Performance Metrics Windows monitoring has been re engineered from the ground up to better allow Raritan to...

Страница 137: ...SNMP service be loaded and running however we interface with that service at the system level not via the SNMP protocol Logical Drives Free Space Free Kilobytes Total Kilobytes Kilobytes In Use This i...

Страница 138: ...r low threshold A high threshold means that an event will be generated if the actual value is higher than the threshold value Conversely a low threshold will cause an event to be generated when the ac...

Страница 139: ...is taken Eventually the reported value is 53 This is below the rearm value so the threshold is active again The next time the reported value exceeds 70 three times in a row another event will be gene...

Страница 140: ...ft reveals The event associated with a reported value violating a threshold is High Threshold Exceeded for a High threshold type and Low Threshold Exceeded for a low threshold type Note that all thres...

Страница 141: ...ry default asp url downloads list wmi asp On the page from the link above click the link titled Windows Management Instrumentation WMI Core 1 5 Once the agent is downloaded and installed on Windows 98...

Страница 142: ...venerable SNMP agent that exists on many platforms However instead of data being accessed via obscure numeric strings and often arranged into tabular views WMI uses an object hierarchy based upon CIM...

Страница 143: ...ll be made to the system registry by the binary provided by Raritan Note HKCR is short for HKEY_CLASSES_ROOT All values are of type REG_SZ strings HKCR AppID key value Wbem Scripting Object Path SetVa...

Страница 144: ...132 COMMANDCENTER NOC ADMINISTRATOR GUIDE...

Страница 145: ...ch is considered by many to be an industry best practice But too many false positives is not good either so Raritan has taken great strides to help you reduce them in your environment by leveraging th...

Страница 146: ...o generate the traffic or exploits necessary to create a denial of service attack Large Scale Information Leak This category includes attacks in which the loss of system or environmental information a...

Страница 147: ...following responses They might not save you this time around but considering the threats at play and the responses you ll need to take developing a planned response before an event is a critical piece...

Страница 148: ...136 COMMANDCENTER NOC ADMINISTRATOR GUIDE...

Страница 149: ...if node id is provided in the event notice nodelabel replaced by nodelabel if node id is provided in the event Events event uei Raritan s internal representation of the event event source The system...

Страница 150: ...ess 1 asset operatingSystem asset address2 asset port asset assetNumber asset rack asset building asset region asset circuitId asset room asset city asset serialNumber asset comment asset slot asset d...

Страница 151: ...ement tools On an arbitrary box we measured the traffic generated by four different CC NOC poll types ICMP pings TCP socket reachability used for monitoring database listeners HTTP synthetic transacti...

Страница 152: ...session close Due to the nature of the protocol this carries significantly more overhead than other more simple tests but it also proves conclusively that the server is responding and is capable of se...

Страница 153: ...bps Ethernet 00000431 of 100Mbps Ethernet 000000431 This data is extremely system time and network specific your results WILL undoubtedly vary However for the sake of our argument let s proceed to loo...

Страница 154: ...orm for example Raritan s CC NOC emerge this overhead will become increasingly nominal Additional Notes The design team at Raritan has gone to great lengths to minimize impacts on networks we are mana...

Страница 155: ...APPENDIX G NETWORK TRAFFIC OVERHEAD NETWORK MANAGEMENT S NECESSARY EVIL 143 255 80 5301 00...

Страница 156: ...1 03 3523 5991 Fax 81 03 3523 5992 Email sales raritan co jp http www raritan co jp Raritan Computer Japan Osaka Office Honmachi Phoenix Bldg 8F 1 15 8 Nishihonmachi Nishi ku Osaka Japan 550 0005 Tel...

Отзывы:

Нет отзывов

Похожие инструкции для COMMANDCENTER NOC

Multitech CommPlete MT3334HD8 User Manual preview
CommPlete MT3334HD8
Бренд: Multitech Страницы: 100
T-Mobile Web n Walk Stick Quick Start Manual preview
Web n Walk Stick
Бренд: T-Mobile Страницы: 8
Advantech Zlinx ZP9D-115RM-LR User Manual preview
Zlinx ZP9D-115RM-LR
Бренд: Advantech Страницы: 56
OUMAN GSMMOD4 Manual preview
GSMMOD4
Бренд: OUMAN Страницы: 4
Abocom FM56CC Specifications preview
FM56CC
Бренд: Abocom Страницы: 1
Sagem F@st 800 User Manual preview
F@st 800
Бренд: Sagem Страницы: 76
Zte Mblaze Ultra Wi-Fi User Manual preview
Mblaze Ultra Wi-Fi
Бренд: Zte Страницы: 73
Spectrum E31U2V1 Quick Installation Manual preview
E31U2V1
Бренд: Spectrum Страницы: 7
Spectrum 10G EPON DPoE User Manual preview
10G EPON DPoE
Бренд: Spectrum Страницы: 6
TT Systems Modem Mate MPA-100A User Manual preview
Modem Mate MPA-100A
Бренд: TT Systems Страницы: 4
APLIC 302352/20170405SZ147 User Manual preview
302352/20170405SZ147
Бренд: APLIC Страницы: 28
Paradise Datacom PD60S Specifications preview
PD60S
Бренд: Paradise Datacom Страницы: 4
AIS AIRCARD 3G Manual preview
AIRCARD 3G
Бренд: AIS Страницы: 14
Vololink VoloFone VF100 User Manual preview
VoloFone VF100
Бренд: Vololink Страницы: 50
Ubee DDM3513 User Manual preview
DDM3513
Бренд: Ubee Страницы: 22
CommScope ARRIS SURFboard T25 User Manual preview
ARRIS SURFboard T25
Бренд: CommScope Страницы: 32
Aritech Advisor RD 6203 Programming Manual preview
Advisor RD 6203
Бренд: Aritech Страницы: 60
Fargo Maestro 1800 User Manual preview
Maestro 1800
Бренд: Fargo Страницы: 23

Бренды по названию

Популярные бренды

Загрузить еще бренды