NetPath Missing Many / Most Hops with WAN Optimisation

February 15, 2018, 4:39 am

≫ Next: Microsoft Teams Integration with Orion Alerts

≪ Previous: hrSystemReboot.AlertDefinition

$

0

0

Hi All,

 

I've recently been getting into NetPath and thought I'd share something in the hope that it helps other who end up with the same head scratching issue.

Now, this problem is document by Solarwinds, but it did take me a while to find the document, so thought I'd add something to THWACK too.

 

After setting up a new NetPath Service to monitor an external partners service on port 443, NetPath worked perfectly and the route was mapped from the Site, over the MPLS, across various firewalls and then to the destination.

So after that success, I moved on to the next service. This next service uses TCP port 8194 and is allowed through all of the Firewalls, so I assumed this would be just as easy.

 

Unfortunately, instead of seeing around 10 nodes, including the MPLS & Firewalls, it appears that the path jumps from the Firewall in our node site to the destination!

 

Example - Path Missing Many Hops

 

After lots of time trying to work out why the our Firewalls were causing this, I stumbled upon this Solarwinds Article: NetPath graph issue: Missing all intermediate nodes - SolarWinds Worldwide, LLC. Help and Support 

Credit to Solarwinds, this was a perfect article, albeit not easy for me to find.

 

The solution was to add an In-Path Bypass rule to the Steelhead at the source Site for traffic from the Solarwinds Node to any destination (this could be made more specific, but I didn't want to add additional admin work for future paths).

In the example, the Agent Node is in New York, so the rule is added to the New York Steelhead with the Source IP being the IP of the Solarwinds Agent Node doing the polling.

 

Example - Steelhead Rule

 

 

After adding this rule, the Path now shows as expected!

 

It turns out that the paths using HTTPS/443 only worked because the Steelhead is configured to Bypass encrypted HTTPS traffic.

---

Microsoft Teams Integration with Orion Alerts

November 4, 2016, 2:30 pm

≫ Next: Volume Usage Spike Detection Alert

≪ Previous: NetPath Missing Many / Most Hops with WAN Optimisation

$

0

0

With the new release of Microsoft Teams, I got a tad curious and went to see what integrations were available.

 

Much like Slack, PagerDuty, and  a host of others; Teams gleefully accepts incoming webhooks as a native integration. Below is a summary of how to achieve this in your Teams environment.

 

Step 1:

As an administrator of your organization's Team software, login to your Teams desktop application and click on the Team that you wish to add your integration to, then select "Connectors"

 

 

Step 2:

Search for "Incoming Webhook" and click "Add"

 

 

Step 3:

Name your new Webhook, add an optional Icon, and click "Create"

 

 

Step 4:

Copy your URL to be used with your alert action in a moment

 

 

Step 5:

At this point, you should see that you have a newly configured Webhook in your Connectors list and you should also have a new message in your Team reflecting this addition as well

 

 

 

Step 6:

Configure an alert action (Send a GET or POST Request To A Web Server) and include your Webhook URL and associated payload (example below)

 

 

Step 7:

Enjoy your new feed of alerts!

 

 

 

Here's the payload snippet I am using in my action at present:

 

{  "title": "ALERT TRIGGER: ${N=SwisEntity;M=Caption} is currently ${N=SwisEntity;M=Status}",  "text": "DEVICE: [${N=SwisEntity;M=Caption}](${N=SwisEntity;M=DetailsUrl})  IP ADDRESS: ${N=SwisEntity;M=IP_Address}  VENDOR: ${N=SwisEntity;M=Vendor}  MODEL: ${N=SwisEntity;M=MachineType}  [ALERT DETAILS](${N=Alerting;M=AlertDetailsUrl})  [ACKNOWLEDGE THIS ALERT](${N=Alerting;M=AcknowledgeLink})"
}

 

Please note that there is some good information to be found in the API Reference as well: Office 365 Connectors API Reference - Outlook Dev Center

 

Enjoy!

Volume Usage Spike Detection Alert

February 16, 2018, 2:56 pm

≫ Next: Cisco 8540 CPU & Memory Poller

≪ Previous: Microsoft Teams Integration with Orion Alerts

$

0

0

Cisco 8540 CPU & Memory Poller

February 18, 2018, 2:49 am

≫ Next: Alerting on Volume Thresholds

≪ Previous: Volume Usage Spike Detection Alert

$

0

0

This is a poller to report CPU and Memory for Cisco WLC 8540

Alerting on Volume Thresholds

January 31, 2018, 8:08 am

≫ Next: Netops Interface Utilization alerts (Cisco)

≪ Previous: Cisco 8540 CPU & Memory Poller

$

0

0

Back in April of 2015, NPM 11.5 was released and with it came a brand new Web-based Alert Engine in the Orion Platform. At the time, and ever since, one of the most valuable capabilities of this new engine was the ability to dynamically alert on multiple objects based on their own individually assigned thresholds. Setting individual thresholds for things like CPU Utilization, Percent Memory Utilization, Packet Loss, Response Time, Interface Errors, and Interface Utilization was a game changer to a lot of alerting schemas that allowed us to reduce our custom property footprint, as well as the complexity of the alert definitions. However, a glaring "omission" was that the thresholds made available for Volumes were not presented to the alerting engine (or so we thought). This was a bit mind-boggling, and talking to other MVPs, seasoned SW Admins, and SW employees over the years, I had ever heard differently, so the assumption was cemented as a "missing item that requires a work-around". (On a side note, I am 42% sure that jbiggley was behind a very well orchestrated and elaborate trolling to keep me in the dark on this capability, but I digress...) But today, I'd like to present the solution that was hiding in the background this entire time, to save future admins the discomfort of maintaining "Disk_Crit" custom properties.

 

 

Background: Node and Interface metric thresholds are added to the alerting engine in a very intuitive way:

 

 

However, volume thresholds are obviously not:

 

 

The key was to take a step back and look at the alerting object options, there you shall find your salvation in the form of a "Volume Capacity Forecasting" object (as opposed to the intuitive "Volume" object type):

 

 

Which then presents those valuable thresholds!

 

 

From there, you need to setup a "Double Value Comparison" in the trigger:

 

 

And then create a comparison between the current and threshold values, respectively:

 

 

Which will then trigger on Volumes where their current percent utilization exceed the threshold you have defined on that specific volume:

 

 

 

For reference: thresholds are edited per object by editing the object's properties, and looking at the bottom of the page: (Pro Tip: you can edit multiple objects at once from the "Manage Nodes/Entities" page)

 

 

 

Verified via SQL search on the "VolumesForecastCapacity" view in the database:

 

 

SELECT TOP 100 * FROM VolumesForecastCapacity

 

 

 

There you have it. Happy monitoring everyone!

Netops Interface Utilization alerts (Cisco)

February 19, 2018, 5:11 am

≫ Next: Cisco Adaptive Security Appliance Remote Code Execution and Denial of Service Vulnerability (v3)

≪ Previous: Alerting on Volume Thresholds

$

0

0

Hi,

 

Please find the process to create an alert for interface utilization.

 

 

Cisco Adaptive Security Appliance Remote Code Execution and Denial of Service Vulnerability (v3)

January 30, 2018, 9:10 am

≫ Next: Send syslog using PowerShell

≪ Previous: Netops Interface Utilization alerts (Cisco)

$

0

0

Send syslog using PowerShell

February 19, 2018, 4:23 pm

≫ Next: Node Availability Report (Up / Down)

≪ Previous: Cisco Adaptive Security Appliance Remote Code Execution and Denial of Service Vulnerability (v3)

$

0

0

There was a need to send out syslogs to Orion through DMZ.  The "Kiwi Syslog message generator" did not work, so found a portable way to do this using powershell.   This is a well known script, just had to tweak the date format so that SW syslog understood it.

 

 

$Server = 'x.x.x.x'

$Message = 'From  - PowerShell'

#0=EMERG 1=Alert 2=CRIT 3=ERR 4=WARNING 5=NOTICE  6=INFO  7=DEBUG

$Severity = '1'

#(16-23)=LOCAL0-LOCAL7

$Facility = '22'

$Hostname= 'Test-DC01'

# Create a UDP Client Object

$UDPCLient = New-Object System.Net.Sockets.UdpClient

$UDPCLient.Connect($Server, 514)

# Calculate the priority

$Priority = ([int]$Facility * 8) + [int]$Severity

#Time format the SW syslog understands

$Timestamp = Get-Date -Format "MMM dd HH:mm:ss"

# Assemble the full syslog formatted message

$FullSyslogMessage = "<{0}>{1} {2} {3}" -f $Priority, $Timestamp, $Hostname, $Message

# create an ASCII Encoding object

$Encoding = [System.Text.Encoding]::ASCII

# Convert into byte array representation

$ByteSyslogMessage = $Encoding.GetBytes($FullSyslogMessage)

# Send the Message

$UDPCLient.Send($ByteSyslogMessage, $ByteSyslogMessage.Length)

 

I used this to show the client that the syslogs were actually blocked by the DMZ firewall by running the PowerShell on different subnets.  The good part is that no software installation is needed.

 

Thanks

Amit

---

Node Availability Report (Up / Down)

February 20, 2018, 3:09 am

≫ Next: Eaton 9PX 3000 UnDP.UnDP

≪ Previous: Send syslog using PowerShell

$

0

0

We’ve prepared a custom SQL query to reports node availability for last 30 days

30 days Node Availability – shows outage duration in hours and mins for each node and uptime

Eaton 9PX 3000 UnDP.UnDP

February 20, 2018, 8:47 am

≫ Next: Node Downtime Reports

≪ Previous: Node Availability Report (Up / Down)

$

0

0

Node Downtime Reports

April 28, 2014, 3:09 pm

≫ Next: Cisco Firepower 4100 Series Node Details

≪ Previous: Eaton 9PX 3000 UnDP.UnDP

$

0

0

We’ve prepared two reports within Report Writer to report on node downtime:

• Node Down Time Report – shows outage duration for each node when and how long it was down

• Summarized Node Down Report – summarize node outage duration for each node

These reports will work with or without view limitations applied.

Feedback most appreciated.

Cisco Firepower 4100 Series Node Details

May 26, 2017, 12:02 pm

≫ Next: Welcome to Solarwinds...........

≪ Previous: Node Downtime Reports

$

0

0

Welcome to Solarwinds...........

April 8, 2016, 5:49 pm

≫ Next: Group status bullseye style charts

≪ Previous: Cisco Firepower 4100 Series Node Details

$

0

0

For many us starting out with Solarwinds, we are not sure where to start, what should I do, where do I go, and how do I do "Solarwinds".  Trust me, I have been there and sometime when I work with a new product or have touched one in a while, I have to hunt for the information I need.  Well, I have developed this page as a Starting Point for All Starting Points.  The intentions is to provide general direction for those new to Solarwinds.

 

As I find more helpful posts for my use, I will reference them here.  Please follow&bookmark this page, if this would be a helpful resource for you.

 

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

For Beginners:  New to Solarwinds and not sure where to start.

 

Contribution of the Year 2016: Monitoring 101 by  adatole

 

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

 

If you are new to Solarwinds and have not already done so here is the link for the on-boarding mission.  This is a great tutorial on how to use the site and score yourself some excellent Thwack Points!  This mission will take you about 15 minutes.

 

You Don't Know Thwack - Onboarding Mission

NPM Core Training

Getting Started with Evaluations for Solarwinds Orion Products

New to Networking

 

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

This was submitted by ashley.heilbronn@lr.org on this thread Just starting as solarwinds admin and Im looking for some solarwinds best practices... HELP!. I liked it so much and thought it was a great starting point for new folks that I wanted to include it on the Welcome to Solarwinds...........  .  If you found this piece helpful please LIKE it and mark it as HELPFUL.

 

 

Here are some best practices I've learned for myself, i've looked after 2 solarwinds instances over the past 5 years, one was at a Refinery, Mine and Port where i was a network sys admin,it was just a one man show and my current gig .

 

• Create your own dashboard and views with some stuff that is relative to you? I've added the show last 25 audit logs as the 1st thing I see, I like to know who is access SW and where from (IP Address).
• Create a organize grouping structure for your nodes you are monitoring that works for your role, my company has a global presence about 190 offices or so, so my group nesting looks like this Company > Region > Country > City > Office > Office RTR > Office LAN
• Dynamic queries for groups, learn how to define dynamic queries to help automate the population of groups.
• Setup your dependency for your groups, like in my nesting above, if my RTR group goes down than than my LAN group is unreachable which tells the polling, hey back off on the polling on the LAN infrastructure, till it becomes reachable again, and reduce the load on the poller.
• Custom Properties, I've only just started using these bad boys and whole cow, these are very helpful in a lot ways, one such way is converting a inventory listing about our circuit providers for our office routers, which means i can build very flexible alerting schemes.
• If you have SAMs as apart of your build, deploy all the solarwinds application monitors to your monitoring environment, and monitor of every aspect of your build, IIS insight, SQL insight for database server, QoE Server sensors for solarwinds servers and database, vmware polling for database server and solarwinds server, EVERYTHING!!, it gives you very deep understanding  how everything works with each other and you can mature with the appstack approach.
• don't be afraid to try new things is the most important thing, get a virtual environment setup with SW with virtual box and GNS3 on a machine with decent CPU and RAM and run wild with it.
• set up meetings with stakeholders and ask the question how can the monitoring/reporting help you?

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

 

For Intermediates: Been around as a user/viewer but would like to know and do more.

Solarwinds Labs - One Stop Shop

Every SCP Question Ever

SolarWinds Certified Professional Launch

 

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Hardware/Virtualware:

 

Server Hardware/Virtualware Requirements for Solarwinds Servers

 

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Interesting Threads

 

Ideal Solarwinds Deployment

Show us a NOC view and (don't ) get 500 thwack points (we still want to see, points no longer awarded)

INFRA-AS-CODE: How do we start? - Good Change Management Process

 

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

If you are ready for some more fun stuff, try these out:

 

How to do various customizations with your Solarwinds

 

Everything DISA STIGs for your Network

 

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Top 10 Thwackers Content:

 

In the Presence of aLTeReGo..... by aLTeReGo

Learning and Understanding by mcbridea

Customizing your Solarwinds Orion - NPM by wluther

Network Configuration Manager - Configuration Change Templates and Things by goodzhere

 

 

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Group status bullseye style charts

May 6, 2016, 2:46 pm

≫ Next: ISR 4331 Memory Utilization FIX

≪ Previous: Welcome to Solarwinds...........

$

0

0

ISR 4331 Memory Utilization FIX

September 19, 2016, 7:00 am

≫ Next: Node Uptime Report (swql)

≪ Previous: Group status bullseye style charts

$

0

0

see the attached fix for ISR 4331 router memory issues.

 

Orion Platform 2016.1.5300, IVIM 2.1.2, NetPath 1.0, QoE 2.1.0, UDT 3.2.4, NCM 7.5, NPM 12.0, NTA 4.2.0 © 1999-2016 SolarWinds Worldwide, LLC. All Rights Reserved.

---

Node Uptime Report (swql)

January 16, 2018, 12:22 pm

≫ Next: api-ms-win-core-namedpipe-l1-1-0.dll

≪ Previous: ISR 4331 Memory Utilization FIX

$

0

0

Someone asked for a node up report and I came up with this one.  The person asked for the ability to search for vendor as well as node name and IP address.  And duration in a easy to read format.

 

SELECT

n.Caption AS [Node Name]

,DetailsUrl AS [_LinkFor_Node Name]

,'/Orion/images/StatusIcons/Small-' + StatusIcon AS [_IconFor_Node Name]

,n.IP_Address as IP_Address

,DetailsUrl AS [_LinkFor_IP_Address]

,'/NetPerfMon/Images/Vendors/' + n.VendorIcon as [_IconFor_IP_Address]

,tostring(tolocal(n.LastBoot)) as LastBoot

,CONCAT(HOURDIFF(tolocal(n.LastBoot),getdate())/24,' Day(s) ',

        HOURDIFF(tolocal(n.LastBoot),getdate())-(HOURDIFF(tolocal(n.LastBoot),getdate())/24)*24,'h ',

        MINUTEDIFF(tolocal(n.LastBoot),getdate())-(MINUTEDIFF(tolocal(n.LastBoot),getdate())/60)*60,'m') AS Duration

FROM Orion.Nodes n

WHERE n.LastBoot IS NOT NULL

and

(n.caption like '%${SEARCH_STRING}%'

or n.ip_address like '%${SEARCH_STRING}%'

or n.vendor like '%${SEARCH_STRING}%')

ORDER BY MINUTEDIFF(tolocal(n.LastBoot),getdate())  desc

 

 

Thanks

Amit

api-ms-win-core-namedpipe-l1-1-0.dll

February 26, 2018, 11:42 am

≫ Next: api-ms-win-core-errorhandling-l1-1-0.dll

≪ Previous: Node Uptime Report (swql)

$

0

0

api-ms-win-core-errorhandling-l1-1-0.dll

February 26, 2018, 11:42 am

≫ Next: Node Downtime Reports

≪ Previous: api-ms-win-core-namedpipe-l1-1-0.dll

$

0

0

Node Downtime Reports

April 28, 2014, 3:09 pm

≫ Next: Repetitive Email Alerts (Noise) - MUST HAVE REPORT!!!

≪ Previous: api-ms-win-core-errorhandling-l1-1-0.dll

$

0

0

We’ve prepared two reports within Report Writer to report on node downtime:

• Node Down Time Report – shows outage duration for each node when and how long it was down

• Summarized Node Down Report – summarize node outage duration for each node

These reports will work with or without view limitations applied.

Feedback most appreciated.

Repetitive Email Alerts (Noise) - MUST HAVE REPORT!!!

June 10, 2016, 11:41 am

≫ Next: Last xx Events. Filtered. 10.6; 10.4.2; 9.5.1

≪ Previous: Node Downtime Reports

$

0

0

< BACK TO TO THE MAGIC OF SQL SCRIPTS SERIES LIST

 

My Dear Thwackers,

 

If you are sick and tired of having to deal with continuous noise from hundreds of alerts and customer complaints due to missed problems - you must have this report, now!

 

Fact: 80% of your alerts and frustrations come from 20% of stuff within your infrastructure!

It is quite obvious that most of the negative impact on performance and productivity within the NOC is being caused by noise and repetitive alerts that is just keep coming through... non-stop. Ability to highlight them in a most efficient manner has never been easy, until now

 

I am here to offer you a gift - a custom made report that has served us for years in attacking and eliminating all the noise. It is compatible with Orion Platform 2015.1.2, NPM 11.5+ (also works with latest NPM 12)

 

Download > Import > Run > Action

... and just for fun - please publish a screenshot in the comments below of the top 5 stats that you will get- it is very interesting to know how this will play out in your environment

 

 

To your monitoring success,

Alex Soul

 

[UPDATES]

 

[30/08/2017]: Below we have discussed some bug fixes around extracting EmailTo from description. In the attached report this workaround was implemented, so, it should work for you straight out-of-the-box

[31/08/2017]: I have added % column, which will calculate percentage from total umber of email alerts sent over the defined period. I have also updated they way variables are being defined, so, you can now just open SQL script and change them all in one place defined in SET function on top of the script

[04/09/2017]: As suggested by tdanner - there is a better way of extracting EmailTo and EmailCC. This has been implemented in version 1.3 of the report