Hardware Configurations for Receiving Messages

Hardware Configurations for Receiving Messages

Created 2004-12-08 by Hamid Ali Raja

I want to receive messages from various sources on my central server. What should be the hardware configurations for it?

It depends on the average and expected number of messages that each of the devices will generate.

In general, you can write the syslog data to a SQL database. HOWEVER, the SQL server performance is a key issue with such an approach. Even if the devices have moderate load, you need to highly optimize the SQL server backend and you probably also need multiple receivers. To learn more about this check out the article entitled performance optimizing syslog server.

Discussion on MonitorWare SystemID and CustomerID

Discussion on MonitorWare SystemID and CustomerID

Created 2004-12-06 by Hamid Ali Raja

SystemID

It is a user-configurable numerical value that has been added for grouping a group of systems and improves filtering. It is just like a numerical code to which you can assign a value and query it afterwards.

CustomerID

It is similar to SystemID. It depends on user that how he uses these.

Let us consider the following scenarios to better understand the functionality of these two:

Scenario 1

A service provider has 2 customers, customer A with 2 subsidiaries and customer B with 3 subsidiaries. How can he use SystemID and CustomerID to configure all systems in different subsidiaries to monitor his customers’ networks?

Solution

His configurations for this scenario will be:

  • For all systems in subsidiary 1 for customer A, CustomerID = 1 and SystemID = 1
  • For all systems in subsidiary 2 for customer A, CustomerID = 1 and SystemID = 2
  • For all systems in subsidiary 1 for customer B, CustomerID = 2 and SystemID = 1
  • For all systems in subsidiary 2 for customer B, CustomerID = 2 and SystemID = 2
  • For all systems in subsidiary 3 for customer B, CustomerID = 2 and SystemID = 3
  • Scenario 2

    A service provider has 2 customers. Customer A has 5 servers and Customer B has 2 servers. Both A and B happen to have a server named “SERVER”. How can the service provider use customer ID to monitor his customer’s servers and differentiate between them?

    Solution

    To monitor customer’s server, you can put in different CustomerIDs into each of the agents.

  • For all systems of Customer A, CustomerID = 1
  • For all systems of Customer B, CustomerID = 2
  • Now with the help of CustomerID, these machines are uniquely identifiable.

    You can also use Set Property feature to rename the server.

    Scenario 3

    A single user has two subsidiaries (A & B) and also wants to group machines by department (marketing, engineering and production). How can he do this using both CustomerID and SystemID?

    Solution:

    He can address his problem by assigning a unique CustomerID to each subsidiary and unique SystemID to individual department.

    Subsidiaries
  • A will be assigned CustomerID = 1
  • B will be assigned CustomerID = 2
  • Departments
  • Marketing department will be assigned SystemID = 1
  • Engineering department will be assigned SystemID = 2
  • Production department will be assigned SystemID = 3
  • If he wants to view all marketing department machines, he queries for SystemID = 1 and to view all machines in subsidiary A, he queries for CustomerID = 1. He can also get machines which belong to both production department and subsidiary 1 by using CustomerID = 1 and SystemID = 3.

    Scenario 4

    I have three subsidiaries A, B and C with 200, 2000 and 5000 machines respectively. If I can use “FromHost” to get the system information then why do I need “SystemID”?

    Solution

    To query all subsidiary C machines using “FromHost” is a lengthy task as it has 5000 elements and you also need to update the queries each time a new machine is installed in a subsidiary.

    If you just query the SystemID, you have a single query element PLUS you do not need to modify the queries when you install and configure your new machine correctly to the subsidiary.

    Authentication problem while using MySQL Version 4.X

    Authentication problem while using MySQL Version 4.X

    Created 2004-11-11 by Hamid Ali Raja

    I am facing problem while writing to MySQL 4.X database using Write to Database action. What should I do?

    This issue is related to MySQL authentication protocol built in MySQL 4.1 and above versions. This protocol is based on password hashing algorithm that is not compatible with the one used by older clients and stores passwords differentally as compared to older versions. Therefore, if you upgrade your server to 4.X and try to connect with the older client, you may end in a failure.

    You can do one of the following options to solve this problem.

    1. You can upgrade your all client programs to use 4.1.1 or newer client library.

    2. Use pre-4.1 style password to use a pre-4.1 client program.

    You can use SET PASSWORD statement and the OLD_PASSWORD() function to reset the password for user who wants to use pre-4.1 client program.

    mysql> SET PASSWORD FOR-> ‘someuser_abc’@’somehost_xyz’ = OLD_PASSWORD(‘somenewpwd’);

    You can also use UPDATE and FLUSH privileges to reset the password:

    mysql> UPDATE mysql.user SET Password = OLD_PASSWORD(‘somenewpwd’) -> WHERE Host = ‘somehost_xyz’ AND User = ‘someuser_abc’;
    mysql> FLUSH PRIVILEGES;

    Specify the password you want to use for “somenewpwd”. You can not get your old password from MySQL, so select the new one.

    3. Configure your server to use older password hashing algorithm:

    a) Start mysqld with the –old-passwords option.
    b) You can identify accounts those had updated their passwords to longer 4.1 format using the following query:

    mysql> SELECT host, user, password FROM mysql.user -> WHERE LENGTH(Password) >16;

    Now you can reset the password for records displayed by the query using the host and user values and assign a password using the OLD_PASSWORD() function. You can either use SET PASSWORD or UPDATE, as discussed above.

    Which Product Should I Purchase?

    Which Product Should I Purchase?

    Created 2003-02-16 by Wajih-ur-Rehman.
    Updated 2004-09-09 by Tamsila-Q-Siddique.

    1. Overview

    This article gives an overview of MonitorWare Line of Products and provides a guideline to select the right product. This article discusses EventReporter, MonitorWare Agent, WinSyslog, MonitorWare Console, Monilog and AliveMon.

    MonitorWare Agent, WinSyslog and EventReporter work on common concepts but target different needs. They also come in different editions and versions. Click on MonitorWare Agent, EventReporter and, WinSyslog respectively to see the available editions of each product set.

    If you want a product according to your needs, our product positioning chart helps you in taking the decision.

    2. MonitorWare Line of Products

    2.1) MonitorWare Agent

    MonitorWare Agent is a super set of EventReporter and WinSyslog. Since it can perform all tasks of EventReporter and WinSyslog, it can be used on the sending as well as on the receiving side. It also incorporates some of its own special services / services. MonitorWare services are listed below:

    No.Name of the ServicePurpose of the Service
    2.1.1Syslog Server Receives Syslog messages
    2.1.2SETP Server Receives SETP messages
    2.1.3Event Log Monitor Monitors Windows Event Log
    2.1.4File Monitor Monitors text/log files
    2.1.5Heart Beat Send periodic messages
    2.1.6Ping Probe Pings remote server
    2.1.7Port Probe Checks the specified TCP port on the specified machine
    2.1.8NT Service Monitor Monitors NT Service
    2.1.9Disk space Monitor Monitors disk space
    2.1.10SNMP Trap Receiver Receives SNMP messages
    2.1.11Database Monitor Monitors database tables
    2.1.12Serial Port Monitor Monitors devices attached to the local communication ports
    2.1.13CPU / Memory Monitor *Monitors CPU and Memory
    2.1.14MonitorWare Echo Reply *Provides response whether MonitorWare Agent is working or not. It works with MonitorWare Echo Request.
    2.1.15MonitorWare Echo Request *Checks the availability / detecting failure of MonitorWare Agent. It works with MonitorWare Echo Reply.

    You can click here to view more information about MonitorWare Agent.

    2.2) EventReporter

    EventReporter is meant for the purpose of monitoring Windows Event Logs. If you are looking for a product that should only pick up the Windows event logs and forward them to a Syslog server, then Event Reporter is the right choice. EventReporter provides the following services:

    No.Name of the ServicePurpose of the Service
    2.2.1Event Log MonitorMonitors Windows Event Log
    2.2.2Heart BeatSends periodic messages

    You can click here to view more information about EventReporter.

    2.3) WinSyslog

    WinSyslog is a typical Syslog Server. It is basically used for receiving Syslog or SETP messages. WinSyslog provides the following services:

    No.Name of the ServicePurpose of the Service
    2.3.1Syslog ServerReceives Syslog messages
    2.3.2Heart BeatSends periodic messages
    2.3.3SNMP Trap ReceiverReceives SNMP messages
    2.3.4SETP ServerReceives SETP messages

    You can click here to view more information about WinSyslog.

    2.4) MonitorWare Console

    MonitorWare Console is an analytical tool that is used to analyze the data that has been gathered by other Adiscon products. It is a modular application offers modules listed below:

    • Base Product (This has to be purchased in order to use other modules)
    • Network Scanning Tools
    • Windows Reporting Module
    • PIX Reporting Module
    • Knowledge Base Module
    • Devices’ Module
    • Views Module

    You can click here to view more information about MonitorWare Console.

    2.5) Monilog

    Monilog is also an analytical tool but it only generates one report.

    You can click here to view more information about Monilog.

    2.6) AliveMon

    AliveMon is a network monitor that lets you know when servers or routers fail. Configurable alarms enable you to quickly solve problems before they turn into real headache. You can even automatically take corrective actions by auto-starting programs.

    You can click here to view more information about AliveMon.

    3. Comparison

    MonitorWare Agent can act both as a WinSyslog or EventReporter. Whereas, MonitorWare Console and Monilog both act as analytical tools. In this section we are giving the following comparisons to best guide you in your product selecting decision.

      3.1) MonitorWare Agent (Sender) with EventReporter
      3.2) MonitorWare Agent (Receiver) with WinSyslog
      3.3) MonitorWare Console with Monilog

    3.1) Comparison of MonitorWare Agent (Sender) with EventReporter

    For monitoring of any system, you have 2 options. You can either go for EventReporter or you can go for MonitorWare Agent. Choice really depends on your requirements. If you are only interested in monitoring Windows Event Log, then EventReporter is the right choice for you but on the other hand, if you want to perform any of the functions (see 2.1.4, 2.1.6, 2.1.7, 2.1.8 or 2.1.9) on the client to be monitored, then you would have to go for MonitorWare Agent since these features are not present in EventReporter.

    3.2) Comparison of MonitorWare Agent (Receiver) with WinSyslog

    If you only want to receive data sent from various clients, you again have 2 options. You can either go for WinSyslog or for a MonitorWare Agent. Choice again depends on your requirements. If you are only interested to receive Syslog messages, SNMP traps or SETP messages then, WinSyslog is the right choice as a Syslog Server. On the other hand, if you also want to monitor the system on which Syslog Server is running then you would either have to use EventReporter with WinSyslog on that machine or you can use MonitorWare Agent alone since it can act both as a Syslog Server as well as the Monitoring System.

    3.3) Comparison of MonitorWare Console and Monilog

    There is actually a lot of difference between these two products and again, the selection really depends on the requirements at hand. If you just want to see one report on the logs, then you can go for Monilog. Additionally, Monilog is easy and quick to setup. If you are interested in an in-depth analysis which includes the analysis of not only the Windows Event logs but also PIX records, then you can opt for MonitorWare Console which offers about 15 reports in its current version. Hopefully these reports will keep on growing with client feedback. MonitorWare Console does not only offer Reports. There are a lot of other interesting and valuable modules in it which gives you a great power in analyzing your data. These modules include Views which can be auto refreshed at the specified interval and hence display the current state of the data as it enters your system, Network tools like Port Scan, Trace Route, Ping tool, Devices Module in which you can keep track of your devices, Knowledge base module in which you can keep track of the information, Job Manager in which you can schedule automatic generation of reports etc.

    4. Price

    All the above mentioned products come in different flavors and editions. For your convenience we have listed down all the prices at one single point.

    5. Conclusion

    MonitorWare Agent is a high end solution and fulfills all of your requirements but somewhat higher price is the drawback. Adiscon does not want to make you spend for something you do not even need. You can opt for a combination of different products to come up with a cost effective solution for your enterprise. This is a primary driver behind the decision which product to use. If you are in doubt, please contact us and let us know your requirements. We will gladly help you not only to find the best technical solution but also the most cost effective one. If you have any queries, please feel free to contact support@adiscon.com.

    Which Product Should I Purchase?

    Which Product Should I Purchase?

    Created 2003-02-16 by Wajih-ur-Rehman.
    Updated 2004-09-09 by Tamsila-Q-Siddique.

    1. Overview

    This article gives an overview of MonitorWare Line of Products and provides a guideline to select the right product. This article discusses EventReporter, MonitorWare Agent, WinSyslog, MonitorWare Console, Monilog and AliveMon.

    MonitorWare Agent, WinSyslog and EventReporter work on common concepts but target different needs. They also come in different editions and versions. Click on MonitorWare Agent, EventReporter and, WinSyslog respectively to see the available editions of each product set.

    If you want a product according to your needs, our product positioning chart helps you in taking the decision.

    2. MonitorWare Line of Products

    2.1) MonitorWare Agent

    MonitorWare Agent is a super set of EventReporter and WinSyslog. Since it can perform all tasks of EventReporter and WinSyslog, it can be used on the sending as well as on the receiving side. It also incorporates some of its own special services / services. MonitorWare services are listed below:

    No.Name of the ServicePurpose of the Service
    2.1.1Syslog Server Receives Syslog messages
    2.1.2SETP Server Receives SETP messages
    2.1.3Event Log Monitor Monitors Windows Event Log
    2.1.4File Monitor Monitors text/log files
    2.1.5Heart Beat Send periodic messages
    2.1.6Ping Probe Pings remote server
    2.1.7Port Probe Checks the specified TCP port on the specified machine
    2.1.8NT Service Monitor Monitors NT Service
    2.1.9Disk space Monitor Monitors disk space
    2.1.10SNMP Trap Receiver Receives SNMP messages
    2.1.11Database Monitor Monitors database tables
    2.1.12Serial Port Monitor Monitors devices attached to the local communication ports
    2.1.13CPU / Memory Monitor *Monitors CPU and Memory
    2.1.14MonitorWare Echo Reply *Provides response whether MonitorWare Agent is working or not. It works with MonitorWare Echo Request.
    2.1.15MonitorWare Echo Request *Checks the availability / detecting failure of MonitorWare Agent. It works with MonitorWare Echo Reply.

    You can click here to view more information about MonitorWare Agent.

    2.2) EventReporter

    EventReporter is meant for the purpose of monitoring Windows Event Logs. If you are looking for a product that should only pick up the Windows event logs and forward them to a Syslog server, then Event Reporter is the right choice. EventReporter provides the following services:

    No.Name of the ServicePurpose of the Service
    2.2.1Event Log MonitorMonitors Windows Event Log
    2.2.2Heart BeatSends periodic messages

    You can click here to view more information about EventReporter.

    2.3) WinSyslog

    WinSyslog is a typical Syslog Server. It is basically used for receiving Syslog or SETP messages. WinSyslog provides the following services:

    No.Name of the ServicePurpose of the Service
    2.3.1Syslog ServerReceives Syslog messages
    2.3.2Heart BeatSends periodic messages
    2.3.3SNMP Trap ReceiverReceives SNMP messages
    2.3.4SETP ServerReceives SETP messages

    You can click here to view more information about WinSyslog.

    2.4) MonitorWare Console

    MonitorWare Console is an analytical tool that is used to analyze the data that has been gathered by other Adiscon products. It is a modular application offers modules listed below:

    • Base Product (This has to be purchased in order to use other modules)
    • Network Scanning Tools
    • Windows Reporting Module
    • PIX Reporting Module
    • Knowledge Base Module
    • Devices’ Module
    • Views Module

    You can click here to view more information about MonitorWare Console.

    2.5) Monilog

    Monilog is also an analytical tool but it only generates one report.

    You can click here to view more information about Monilog.

    2.6) AliveMon

    AliveMon is a network monitor that lets you know when servers or routers fail. Configurable alarms enable you to quickly solve problems before they turn into real headache. You can even automatically take corrective actions by auto-starting programs.

    You can click here to view more information about AliveMon.

    3. Comparison

    MonitorWare Agent can act both as a WinSyslog or EventReporter. Whereas, MonitorWare Console and Monilog both act as analytical tools. In this section we are giving the following comparisons to best guide you in your product selecting decision.

      3.1) MonitorWare Agent (Sender) with EventReporter
      3.2) MonitorWare Agent (Receiver) with WinSyslog
      3.3) MonitorWare Console with Monilog

    3.1) Comparison of MonitorWare Agent (Sender) with EventReporter

    For monitoring of any system, you have 2 options. You can either go for EventReporter or you can go for MonitorWare Agent. Choice really depends on your requirements. If you are only interested in monitoring Windows Event Log, then EventReporter is the right choice for you but on the other hand, if you want to perform any of the functions (see 2.1.4, 2.1.6, 2.1.7, 2.1.8 or 2.1.9) on the client to be monitored, then you would have to go for MonitorWare Agent since these features are not present in EventReporter.

    3.2) Comparison of MonitorWare Agent (Receiver) with WinSyslog

    If you only want to receive data sent from various clients, you again have 2 options. You can either go for WinSyslog or for a MonitorWare Agent. Choice again depends on your requirements. If you are only interested to receive Syslog messages, SNMP traps or SETP messages then, WinSyslog is the right choice as a Syslog Server. On the other hand, if you also want to monitor the system on which Syslog Server is running then you would either have to use EventReporter with WinSyslog on that machine or you can use MonitorWare Agent alone since it can act both as a Syslog Server as well as the Monitoring System.

    3.3) Comparison of MonitorWare Console and Monilog

    There is actually a lot of difference between these two products and again, the selection really depends on the requirements at hand. If you just want to see one report on the logs, then you can go for Monilog. Additionally, Monilog is easy and quick to setup. If you are interested in an in-depth analysis which includes the analysis of not only the Windows Event logs but also PIX records, then you can opt for MonitorWare Console which offers about 15 reports in its current version. Hopefully these reports will keep on growing with client feedback. MonitorWare Console does not only offer Reports. There are a lot of other interesting and valuable modules in it which gives you a great power in analyzing your data. These modules include Views which can be auto refreshed at the specified interval and hence display the current state of the data as it enters your system, Network tools like Port Scan, Trace Route, Ping tool, Devices Module in which you can keep track of your devices, Knowledge base module in which you can keep track of the information, Job Manager in which you can schedule automatic generation of reports etc.

    4. Price

    All the above mentioned products come in different flavors and editions. For your convenience we have listed down all the prices at one single point.

    5. Conclusion

    MonitorWare Agent is a high end solution and fulfills all of your requirements but somewhat higher price is the drawback. Adiscon does not want to make you spend for something you do not even need. You can opt for a combination of different products to come up with a cost effective solution for your enterprise. This is a primary driver behind the decision which product to use. If you are in doubt, please contact us and let us know your requirements. We will gladly help you not only to find the best technical solution but also the most cost effective one. If you have any queries, please feel free to contact support@adiscon.com.

    Actively Monitoring Disk Free Space

    Actively Monitoring Disk Free Space By Rainer Gerhards Article Date: 2004-07-22

    Why care about disk free space?

    The obvious answer is that low free space means upcoming problems, like the inability to receive mail (for mail servers) or the inability to store new files (for file servers). There are numerous obvious reasons why free space is an operations management priority. But there are also less obvious reasons: disk space shortage may be caused by a process running wild. Sometimes space consumption is the only warning indicator in such a case. Also, intruders may be the cause of low disk space conditions. For example, movie pirates often break into public servers and mis-use them as FTP servers for pirated videos. As videos are large, this can cause a sharp decrease in disk free space. In this article I primarily address the operations management needs. Obviously, the security benefits come as a side-effect. But don’t rely purely on what I am presenting here if you would like to takle the security side of disk free space. In the article, I will first convey the idea of what can be done and then I will also provide a potential solution using Adiscon’s MonitorWare Agent software.

    The Idea

    Shortage on disk space does not (necessarily) come in an instant. Typically, free space decreases by a little every day. If left undetected, some day no space may be left at all. This is where we start at. In my point of view, a good disk space monitoring script must work with at least two thresholds:

    • disk space is low, but still acceptable
    • disk space is too low, problems will occur very soon (or already exist)

    The first level is a warning level, the second level is a real error level. In a typical setup, the warning level may not cause any big action. Typically, a notification email is sent to the administrator and that’s it. Again, in a typcial sample, the error level eventually causes more serious action. Now, the warning message may be sent to a pager email address. But a good disk space monitoring solution might also initiate some corrective action. For example, on a file server, many temporary files may fill up the disk. It may be agreed policy that such files (and eventually .bak backup files) can be automatically deleted – without asking each user. If so, a script can be started that tries to delete as many temporary files as possible, thereby freeing up disk space. In an optimal case, such a script may even delete enough space to recover from the very-low disk space condition. Ideally, it would even recover from the warning level, too. Now let’s consider that the very-low space condition triggered a pager alarm to the administrator. Poor John Admin is at the beach when his pager beeps. Too bad… Now consider he jumps off the beach and drives into his data center … just to see that the configured auto-action has already solved the issue. How would you feel in John’s place? I bet you’d be really happy and go back to the beach,wouldn’t you? I also guess you would have been even happier when the system had notified you that the low space condition was solved. So this is one more thing that we need to do within our free space monitoring: not only send an alert when things go worse, but also send an alert when the system has recovered from such a condition. Please note that the recovery case may even happen if no corrective action has been configured – just imagine a file server: a user may copy a hughe file set just to try something out. Later, he himself deletes it. Again, the low space condition is solved. Finally, a monitoring solution should only notify you once when the problem occurs and not continously (yes, I have seen solutions which do it ever and ever again…). The same goes for the “recovered” message, which obviously should only be sent once and only after a problem message has been sent first. So to sum up, a good disk free space monitoring solution must provide:

    • at least two thresholds for disk space shortages
    • notifications that only occur ones these thresholds are crossed
    • optionally automatically-triggered corrective actions
    • notifications when the shortage conditions have been triggered

    Of course, the system should be able to send different types of notifications. For example, you may want to send some of these via email while others are forwarded to a pager or a simple “net send” type notifications.

    A potential Solution

    As always in life, there are many ways to implement the disk space monitor. I am using a solution based on Adiscon’s MonitorWare Agent here. This is because it is a good fit to our requested functionality and it is also easy to setup and run. MonitorWare Agent is a multi-monitoring solution. It can monitor Windows Event logs, syslog devices, databases, files … and disk space. With MonitorWare, we create a so-called disk space monitor which then is bound to a “rule set”. The disk space monitor is the part actually checking disk free space. It does this in intervals. Each time, it creates an event, which includes the free space information. That event is then passed to the rule set, where the actuall processing takes place. This is where we implement our requirements. Inside the rule set, we just need a few rules to create our scenario. Basically, we utilize MonitorWare Agent’s status variables to keep track if we have a low or a very-low space condition. With this knowledge, we check the disk space report. If it is below the thresholds and the status variable is not yet set, we create an alert (and potentially action) and set the status variable. Similarily, when free space goes up, we check if we had one of the low conditions and, if so, create another alert. We utilize MonitorWare Agent’s other action types to start the low space recovery script. Of course, I could provide you with detailled setup instructions here and also include numerous screen shots. But this article should not become a product manual… For your convenience, though, I have created a the configuration with MonitorWare Agent. You can simply download it and try it yourself. I’ve placed plenty of comments inside the rule set in that configuration. If you review the comments, you will know pretty well what I have been doing.

    Related Software

    The MonitorWare Agent web site and free eval download

    .

    Revision History

    2004-07-22 Initial version created. 2004-10-19 Updated sample and added hyperlink to it.

    Author’s Address

    Rainer Gerhards Adiscon GmbH rgerhards @ adiscon.com www.adiscon.com

    Disclaimer

    The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user’s own risk.

    How can I send my configuration in a support case?

    How can I send my configuration in a support case?

    Created 2004-07-15 by Tamsila-Q-Siddique.

    I am using MonitorWare Agent / WinSyslog / EventReporter. How can I send the current configuration for a incident?

    When working on a support incident, it is often extremely helpful to re-create a customer environment in the Adiscon lab. To aid in this process, we have added functionality to export an exact snapshot of a configuration. This is done via standard Windows registry files. Please note that when we have received your file, we are also able to make adjustments (if needed) and provide those back to you. This is a very helpful support tool.

    To use it, please do the following:

    1. Go to “Computer Menu”
    2. Choose “Export Settings to Registry-File” be sure NOT to select a binary format – they are only for special purposes. You can also NOT review binary files for security-relevant data.
    3. Save this registry file.

    You may be reluctant to send the registry file because of security reasons. We recommend you to review the contents of the registry file for security purposes with a notepad or any other text editor.