Configuring Servers
AccelOps supports these servers for discovery and monitoring.
HP UX Server Configuration
IBM AIX Server Configuration
IBM OS400 Server Configuration
Linux Server Configuration
Microsoft Windows Server Configuration Sun Solaris Server Configuration
HP UX Server Configuration
What is Discovered and Monitored
| Protocol |
Information Discovered |
Metrics collected |
Used for |
| SNMP |
Host name, generic hardware (cpu, memory, network interface, disk), software (operating system version,
installed software, running processes, open
TCP/UDP ports) |
Uptime, CPU/Memory/Network Interface/Disk space utilization, Network
Interface Errors, Running Process Count, Installed Software change,
Running process CPU/memory utilization, Running process start/stop, TCP/UDP port up/down |
Performance
Monitoring |
| SSH |
Hardware (cpu details, memory) |
Memory paging rate, Disk I/O utilization |
Performance
Monitoring |
| Syslog |
Vendor, Model |
General logs including Authentication Success/Failure, Privileged logons, User/Group Modification |
Security Monitoring and Compliance |
Event Types
In CMDB > Event Types, search for “hp_ux” in the Description column to see the event types associated with this device.
Rules
There are no predefined rules for this device.
Reports
In Analytics > Reports, search for “hp_ux” in the Name column to see the reports associated with this device.
Configuration
SNMP v1 and v2c
- Make sure that snmp libraries are installed. Accelops has been tested to work with the default HP UX package that comes with snmpd preinstalled.
- Start snmpd deamon with the default configuration by issuing /etc/init.d/snmpd restart.
- Make sure that snmpd is running.
SSH
- Make sure that the vmstat and iostat commands are available. If not, install these libraries.
- Create a user account that can issue vmstat and iostat AccelOps will use that user account to login to the server.
Settings for Access Credentials
IBM AIX Server Configuration
SSH
What is Discovered and Monitored
| Protocol |
Information Discovered |
Metrics collected |
Used for |
| SNMP |
Host name, generic hardware (cpu, memory, network interface, disk), software (operating system version,
installed software, running processes, open
TCP/UDP ports) |
Uptime, CPU/Memory/Network Interface/Disk space utilization, Network
Interface Errors, Running Process Count, Installed Software change,
Running process CPU/memory utilization, Running process start/stop, TCP/UDP port up/down |
Performance
Monitoring |
| SSH |
Hardware (cpu details, memory) |
Memory paging rate, Disk I/O utilization |
Performance
Monitoring |
| Syslog |
Vendor, Model |
General logs including Authentication Success/Failure, Privileged logons, User/Group Modification |
Security Monitoring and Compliance |
Event Types
In CMDB > Event Types, search for “ibm_aix” in the Device Type and Description column to see the event types associated with this device.
Rules
There are no predefined rules for this device.
Reports
There are no predefined reports for this device.
Configuration
SNMP v1 and v2c
- Make sure that snmp libraries are installed. Accelops has been tested to work with the default AIX package that comes with snmpd preinstalled.
- Start snmpd deamon with the default configuration by issuing /etc/init.d/snmpd restart.
- Make sure that snmpd is running.
SSH
- Make sure that the vmstat and iostat commands are available. If not, install these libraries.
- Create a user account that can issue vmstat and iostat AccelOps will use that user account to log in to the server.
Syslog
- Makes sure that /etc/syslog.conf contains a *.* entry and points to a log file.
. @<SENSORIPADDRESS>
- Refresh syslogd.
# refresh -s syslogd
Settings for Access Credentials
IBM OS400 Server Configuration
What is Discovered and Monitored
Event Types
Rules
Reports
Configuration
Syslog
Sample Parsed IBM OS400 Syslog Messages
What is Discovered and Monitored
| Protocol |
Information
Discovered |
Metrics collected |
Used for |
| Syslog |
|
General logs including Authentication Success/Failure, Privileged logons, User/Group Modification |
Security Monitoring and
Compliance |
Event Types
In CMDB > Event Types, search for “os400” in the Device Type column to see the event types associated with this device.
Rules
There are no predefined rules for this device.
Reports
There are no predefined reports for this device.
Configuration
Syslog
AccelOps parses IBM OS 400 logs received via the PowerTech Agent as described here. The PowerTech agent sends syslogs to AccelOps. Sample Parsed IBM OS400 Syslog Messages
Mar 18 17:49:36 ROBINSON CEF :0|PowerTech|Interact|2.0|UNA0603|A File
Server transaction was allowed for user BRENDAN.|2| src =10.0.1.60 dst
=10.0.1.180 msg=TYPE:JRN CLS :AUD JJOB :QPWFSERVSO JUSER :BRENDAN JNBR
:025355 PGM :PLKR108JEL OBJECT : LIBRARY : MEMBER: DETAIL: OB BRENDAN
*FILESRV CRTSTRMFIL QPWFSERVSO LNS0811 000112 00023
/home/BRENDAN/subfolder
Mar 18 17:48:36 ROBINSON CEF :0|PowerTech|Interact|2.0|UNA0604|A File
Server transaction was allowed for user BRENDAN.|2| src =10.0.1.60 dst
=10.0.1.180 msg=TYPE:JRN CLS :AUD JJOB :QPWFSERVSO JUSER :BRENDAN JNBR
:025355 PGM :PLKR108JEL OBJECT : LIBRARY : MEMBER: DETAIL: OB BRENDAN
*FILESRV DLTSTRMFIL QPWFSERVSO LNS0811 000112 00025
/home/BRENDAN/BoardReport
Mar 18 17:53:00 ROBINSON CEF :0|PowerTech|Interact|2.0|UNA0703|A System i FTP Client transaction was allowed for user BRENDAN.|3| src =10.0.1.180 dst =10.0.1.180 msg=TYPE:JRN CLS :AUD JJOB :QTFTP00149 JUSER :BRENDAN JNBR :029256 PGM :PLKR108JEL OBJECT : LIBRARY : MEMBER: DETAIL:
ST BRENDAN *FTPCLIENT DELETEFILE QTFTP00149 LNS0811 000112 00033
/QSYS.LIB/PAYROLL.LIB/NEVADA.FILE
Linux Server Configuration
What is Discovered and Monitored
Configuration
Settings for Access Credentials
What is Discovered and Monitored
| Protocol |
Information Discovered |
Metrics collected |
Used for |
|
| SNMP |
Host name, generic hardware (cpu, memory, network interface, disk), software (operating system version, installed software, running processes, open TCP/UDP ports) |
Uptime, CPU/Memory/Network Interface/Disk space utilization, Swap space utilization, Network Interface Errors, Running Process Count,
Installed Software change, Running process CPU/memory utilization,
Running process start/stop, TCP/UDP port up/down |
Performance
Monitoring |
| SSH |
OS type, Hardware (cpu details, memory) |
Memory paging rate, Disk I/O utilization |
Performance
Monitoring |
|
|
| Syslog |
Vendor, Model |
General logs including Authentication Success/Failure, Privileged logons, User/Group Modification |
Security Monitoring and Compliance |
|
| Syslog (via
AccelOps LinuxFileMon agent) |
|
File or directory change: User, Type of change, directory or file name |
Security Monitoring and Compliance |
Event Types
In CMDB > Event Types, search for “linux” in the Description column to see the event types associated with this device.
Rules
In Analytics > Rules, search for “linux” in the Name column to see the rules associated with this device.
Reports
In Analytics > Reports, search for “linux” in the Name column to see the reports associated with this device.
Configuration
SNMP v1 and v2c
- Make sure that snmp libraries are installed. AccelOps has been tested to work with net-snmp libraries.
- Log in to your server with administrative access.
- Make these modifications to the /etc/snmp/snmpd.conf file:
- Define the community string for AccelOps usage and permit snmp access from AccelOps IP.
- Allow AccelOps read-only access to the mib-2
- Allow Accelops read-only access to the enterprise MIB: UCD-SNMP-MIB.
- Open up the entire tree for read-only view.
- Reduce the logging level to avoid per connection logging which may cause resource issues (see here for more details)
- Edit /etc/sysconfig/snmpd (on RedHat/CentOS) or /etc/defaults/snmpd (on Debian/Ubuntu)
- Look for the line that passes the command line options to snmpd. On RedHat Enterprise 6 this looks like
- Change the range from 0-6 to 0-5
- Restart the snmpd deamon by issuing /etc/init.d/snmpd restart.
- Add the snmpd daemon to start from boot by issuing chkconfig snmpd on.
- Make sure that snmpd is running.
SNMP v3
Configuring rwcommunity/rocommunity or com2sec
- Log in to your Linux server.
- Stop SNMP.
- Use vi to edit the /etc/snmp/snmpd.conf
Before you edit this file, make sure you have created a backup, as it is very important to have a valid version of this file so the snap daemon has correct credentials.
- At the end of the file, add this line, substituting your username for snmpv3user and removing the <> tags: rouser <snmpv3user>.
- Save the file.
- Use vi to edit the /var/lib/snmp/snmpd.conf
Before you edit this file, make sure you have created a backup, as it is very important to have a valid version of this file for the SNMP daemon to function correctly.
- At the end of the file, add this line, entering the username you entered in step 4, and then passwords for that user for MD5 and DES.
If you want to use SHA or AES, then add those credentials as well.
- Save the file.
- Reduce the logging level to avoid per connection logging which may cause resource issues (see here for more details)
- Edit /etc/sysconfig/snmpd (on RedHat/CentOS) or /etc/defaults/snmpd (on Debian/Ubuntu)
- Look for the line that passes the command line options to snmpd. On RedHat Enterprise 6 this looks like
- Change the range from 0-6 to 0-5
- Restart SNMP.
- View the contents of the /var/lib/snmp/snmpd.conf
If this works, restarting snmpd will have no errors, also the entry that you created under /var/lib/snmp/snmpd.conf will be removed
- Run snmpwalk -v 3 -u <snmpv3user> -l authpriv <IP> -a MD5 -A <snmpv3md5password> -x DES -X <snmpv3des password> .
You will see your snmpwalk if this works, if there are any errors after this please reference net-snmp for further instructions.
Configuring net-smnp-devel
If you havenet-snmp-devel on your Linux server/client, follow these steps to configure SNMP v3.
- Stop SNMP.
- Run net-snmp-config –create-snmpv3-user -ro -A <MD5passwordhere> -X <DESpasswordhere> -x DES -a MD5
<SNMPUSERNAME>.
- Restart SNMP.
- Test by following step 10 from above.
SSH
- Make sure that the vmstat and iostat commands are available. If not, install these libraries.
- Create a user account that can issue vmstat and iostat AccelOps will use that user account to log in to the server.
Syslog
AccelOps uses the LinuxFileMon monitoring agent to detect user activity and create syslogs. When a change as defined in the configuration file is detected, the agent gets the user information from the Audit module and sends a syslog to AccelOps. You will need to install the agent on your Linux server to send syslogs to AccelOps.
- Log in to your server as root.
- Install the audit service.
This is needed for obtaining user information. For more information about Linux audit files, see this blog post.
- Copy the LinuxFileMon executable from the AccelOps /opt/phoenix/bin directory to any location on the server.
This is the agent that monitors the file changes.
- Edit the LinuxFileMon configuration file conf as shown here.
The file should be in the same directory as the executable.
- Start the LinuxFileMon agent.
Sample Parsed Linux Syslog Message
Settings for Access Credentials
Microsoft Windows Server Configuration
What is Discovered and Monitored
Configuration
Setting Access Credentials
What is Discovered and Monitored
Metrics in bold are unique to Microsoft Windows Server monitoring.
Installed Software Monitored via SNMP
Although information about installed software is available via both SNMP and WMI, AccelOps uses SNMP to obtain installed software information to avoid an issue in Microsoft’s WMI implementation for the Win32_Product WMI class – see Microsoft KB 974524 article for more information. Because of this bug, WMI calls to the Win32_Product class create many unnecessary Windows event log messages indicating that the Windows Installer has reconfigured all installed applications.
Winexe execution and its effect
AccelOps uses the winexe command during discovery and monitoring of Windows servers for the following purposes
- Windows domain controller diagnostic (dcdiag) and replication monitoring (repadmin /replsummary)
- HyperV Performance Monitoring
- Windows Custom performance monitoring – to run a command (e.g. powershell) remotely on windows systems Note that running the winexe command remotely will automatically install the winexesvc command on the windows server.
| Protocol |
Information Discovered |
Metrics collected |
Used for |
| SNMP |
Host name, generic hardware (cpu, memory, network interface, disk), software (operating system version, i
nstalled software, running processes, open TCP/UDP ports) |
Uptime, Overall CPU/Memory/Network Interface/Disk space utilization, Network Interface Errors, Running Process Count, Installed Software change, Running process CPU/memory utilization, Running process start/stop, TCP/UDP port up/down, |
Performance
Monitoring |
| SNMP |
vendor specific server hardware (hardware model, hardware serial number, fans, power supply, disk, raid battery). Currently supported vendors include HP and Dell |
Hardware module status – fan, power supply, thermal status, battery, disk, memory . Currently supported vendors include HP and Dell |
|
| WMI |
Win32_ComputerSystem: Host name, OS
Win32_WindowsProductActivation: OS Serial Number
Win32_OperatingSystem: Memory, Uptime
Win32_BIOS: Bios
Win32_Processor: CPU
Win32_LogicalDisk: Disk info
Win32_NetworkAdapterConfiguration: network interface
Win32_Service: Services
Win32_Process: Running processes
Win32_QuickFixEngineering: Installed Patches |
Win32_OperatingSystem: Uptime
Win32_PerfRawData_PerfOS_Processor: Detailed CPU utilization
Win32_PerfRawData_PerfOS_Memory: Memory utilization, paging/swapping metrics
Win32_LogicalDisk: Disk space utilization
Win32_PerfRawData_PerfOS_PagingFile: Paging file utilization
Win32_PerfRawData_PerfDisk_LogicalDisk: Disk I/O metrics
Win32_PerfRawData_Tcpip_NetworkInterface: Network Interface utilization
Win32_Service: Running process uptime, start/stop status
Win32_Process, Win32_PerfRawData_PerfProc_Process: Process CPU/memory/I/O utilization |
Performance
Monitoring |
| WMI |
|
Security, Application and System Event Logs including logon, file/folder edits, network traffic (Win32_NTLogEvent) |
Security and
Compliance |
| Snare agent |
|
Security, Application and System Event Logs including logon, file/folder edits, network traffic (Win32_NTLogEvent) |
Security and
Compliance |
| Correlog agent |
|
Security, Application and System Event Logs ncluding logon, file/folder edits, network traffic (Win32_NTLogEvent) |
Security and
Compliance |
| AccelOps
Agent |
|
Security, Application and System Event Logs, DNS, DHCP, IIS, DFS logs,
Custom log files, File Integrity Monitoring, Registry Change Monitoring, Installed Software Change Monitoring, WMI and Powershell output monitoring |
Security and
Compliance |
Supported Operating Systems
Windows Server 2003 Server
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016
Event Types
In CMDB > Event Types, search for “windows server” in the Description column to see the event types associated with this application or device.
Rules
In Analytics > Rules, search for “windows server”in the Name column to see the rules associated with this application or device.
Reports
In Analytics > Reports, search for “windows server” in the Name column to see the reports associated with this application or device.
Configuration
SNMP
Enabling SNMP on Windows Server 2003
SNMP is typically enabled by default on Windows Server 2003, but you will still need to add AccelOps to the hosts that are authorized to accept SNMP packets. First you need to make sure that the SNMP Management tool has been enabled for your device.
- In the Start menu, go to Administrative Tools > Services.
- Go to Control Panel > Add or Remove Programs.
- Click Add/Remove Windows Components.
- Select Management and Monitoring Tools and click Details.
Make sure that Simple Network Management Tool is selected.
If it isn’t selected, select it, and then click Next to install.
- Go to Start > Administrative Tools > Services.
- Select and open SNMP Service.
- Click the Security
- Select Send authentication trap.
- Under Accepted communities, make sure there is an entry for public that is set to read-only.
- Select Accept SNMP packets from these hosts.
- Click
- Enter the IP address for your AccelOps virtual appliance that will access your device over SNMP.
- Click Add.
- Click Apply.
- Under SNMP Service, click Restart service.
Enabling SNMP on Windows 7 or Windows Server 2008 R2
SNMP is typically enabled by default on Windows Server 2008, but you will still need to add AccelOps to the hosts that are authorized to accept SNMP packets. First you should check that SNMP Services have been enabled for your server.
- Log in to the Windows 2008 Server where you want to enable SNMP as an administrator.
- In the Start menu, select Control Panel.
- Under Programs, click Turn Windows features on/off.
- Under Features, see if SNMP Services is installed.
If not, click Add Feature, then select SMNP Service and click Next to install the service.
- In the Server Manager window, go to Services > SNMP Services.
- Select and open SNMP Service.
- Click the Security
- Select Send authentication trap.
- Under Accepted communities, make sure there is an entry for public that is set to read-only.
- Select Accept SNMP packets from these hosts.
- Click
- Enter the IP address for your AccelOps virtual appliance that will access your device over SNMP.
- Click Add.
- Click Apply.
- Under SNMP Service, click Restart service.
WMI
Configuring WMI on your device so AccelOps can discover and monitor it requires you to create a user who has access to WMI objects on the device. There are two ways to do this:
Creating a Generic User Who Does Not Belong to the Local Administrator Group
Creating a User Who Belongs to the Domain Administrator Group
Creating a Generic User Who Does Not Belong to the Local Administrator Group
Log in to the machine you want to monitor with an administrator account.
Enable Remote WMI Requests by Adding a Monitoring Account to the Distributed COM Users Group and the Performance Monitor Users Group
- Go to Start > Control Panel > Administrative Tools > Computer Management > Local Users and Groups.
- Right-click Users and select Add User.
- Create a user.
- Go to Groups, right-click Distributed COM Users, and then click Add to group.
- In the Distributed COM Users Properties dialog, click Add.
- Find the user you created, and then click OK.
This is the account you will need to use in setting up the Performance Monitor Users group permissions.
- Click OK in the Distributed COM Users Properties dialog, and then close the Computer Management dialog.
- Repeat steps 4 through 7 for the Performance Monitor Users group. Enable DCOM Permissions for the Monitoring Account
- Go to Start > Control Panel > Administrative Tools > Component Services.
- Right-click My Computer, and then Properties.
- Select the COM Security tab, and then under Access Permissions, click Edit Limits.
- Make sure that the Distributed COM Users group and the Performance Monitor Users group have Local Access and Remote Access set to
- Click OK.
- Under Access Permissions, click EditDefault.
- Make sure that the Distributed COM Users group and the Performance Monitor Users group have Local Access and Remote Access set to
- Click
- Under Launch and Activation Permissions, click Edit Limits.
- Make sure that the Distributed COM Users group and the Performance Monitor Users group have the permissions Allow for Local Launch, Remote Launch, Local Activation, and Remote Activation.
- Click OK.
- Under Launch and Activation Permissions, click Edit Defaults.
- Make sure that the Distributed COM Users group and the Performance Monitor Users group have the permissions Allow for Local Launch, Remote Launch, Local Activation, and Remote Activation.
See the sections on Enabling WMI Privileges and Allowing WMI Access through the Windows Firewall in the Domain Admin User set up instructions for the remaining steps to configure WMI.
Creating a User Who Belongs to the Domain Administrator Group
Log in to the Domain Controller with an administrator account.
Enable remote WMI requests by Adding a Monitoring Account to the Domain Administrators Group
- Go to Start > Control Pane > Administrative Tools > Active Directory Users and Computers > Users.
- Right-click Users and select Add User.
- Create a user for the @accelops.com domain.
For example, YJTEST@accelops.com.
- Go to Groups, right-click Administrators, and then click Add to Group.
- In the Domain Admins Properties dialog, select the Members tab, and then click Add.
- For Enter the object names to select, enter the user you created in step 3.
- Click OK to close the Domain Admins Properties dialog.
- Click OK.
Enable the Monitoring Account to Access the Monitored Device
Log in to the machine you want to monitor with an administrator account. Enable DCOM Permissions for the Monitoring Account
- Go to Start > Control Panel > Administrative Tools > Component Services.
- Right-click My Computer, and then select Properties.
- Select the Com Security tab, and then under Access Permissions, click Edit Limits.
- Find the user you created for the monitoring account, and make sure that user has the permission Allow for both Local Access and Re mote Access.
- Click OK.
- In the Com Security tab, under Access Permissions, click Edit Defaults.
- Find the user you created for the monitoring account, and make sure that user has the permission Allow for both Local Access and Re mote Access.
- Click OK.
- In the Com Security tab, under Launch and Activation Permissions, click Edit Limits.
- Find the user you created for the monitoring account, and make sure that user has the permission Allow for Local Launch, Remote Launch, Local Activation, and Remote Activation.
- In the Com Security tab, under Launch and Activation Permissions, click Edit Defaults.
- Find the user you created for the monitoring account, and make sure that user has the permission Allow for Local Launch, Remote Launch, Local Activation, and Remote Activation.
Enable Account Privileges in WMI
The monitoring account you created must have access to the namespace and sub-namespaces of the monitored device.
- Go to Start > Control Panel > Administrative Tools > Computer Management > Services and Applications.
- Select WMI Control, and then right-click and select Properties.
- Select the Security
- Expand the Root directory and select CIMV2.
- Click Security.
- Find the user you created for the monitoring account, and make sure that user has the permission Allow for Enable Account and Remot e Enable.
- Click Advanced.
- Select the user you created for the monitoring account, and then click Edit.
- In the Apply onto menu, select This namespace and subnamespaces.
- Click OK to close the Permission Entry for CIMV2 dialog.
- Click OK to close the Advanced Security Settings for CIMV2 dialog.
- In the left-hand navigation, under Services and Applications, select Services.
- Select Windows Management Instrumentation, and then click Restart. Allow WMI to Connect Through the Windows Firewall (Windows 2003)
- In the Start menu, select Run.
- Run msc.
- Go to Local Computer Policy > Computer Configuration > Administrative Templates > Network > Network Connections > Windows Firewall.
- Select Domain Profile or Standard Profile depending on whether the device you want to monitor is in the domain or not.
- Select Windows Firewall: Allow remote administration exception.
- Run exe and enter these commands:
- Restart the server.
Allow WMI through Windows Firewall (Windows Server 2008, 2012)
- Go to Control Panel > Windows Firewall.
- In the left-hand navigation, click Allow a program or feature through Windows Firewall.
- Select Windows Management Instrumentation, and the click OK.
You can now configure AccelOps to communicate with your device by following the instructions in Setting Access Credentials for Device Discovery, and then initiate discovery of the device as described in the topics in Discovering Infrastructure.
Syslog
Use the Windows Agent Manager to configure sending syslogs from your device to AccelOps.
Sample Windows Server Syslog
Configuring the Security Audit Logging Policy
Because Windows generates a lot of security logs, you should specify the categories of events that you want logged and available for monitoring by AccelOps.
- Log in the machine where you want to configure the policy as an administrator.
- Go to Programs > Administrative Tools > Local Security Policy.
- Expand Local Policies and select Audit Policy.
You will see the current security audit settings.
- Selet a policy and edit the Local Security Settings for the events you want audited. Recommended settings are:
| Policy |
Description |
Settings |
| Audit account logon events and Audit logon events |
For auditing logon activity |
Select Su ccess and Failure |
| Audit object access events |
For auditing access to files and folders. There is an additional configuration requirement for specifying which files and folders, users and user actions will be audited. See the next section, C onfiguring the File Auditing Policy. |
Select Su ccess and Failure |
| Audit system events |
Includes system up/down messages |
|
Configuring the File Auditing Policy
When you enable the policy to audit object access events, you also need to specify which files, folders, and user actions will be logged. You should be very specific with these settings, and set their scope to be as narrow as possible to avoid excessive logging. For this reason you should also specify system-level folders for auditing.
- Log in the machine where you want to set the policy with administrator privileges. On a domain computer, a Domain administrator account is needed
- Open Windows Explorer, select the file you want to set the auditing policy for, right-click on it, and select Properties.
- In the Security tab, click Advanced.
- Select the Auditing tab, and then click Add.
This button is labeled Edit in Windows 2008.
- In the Select User or Group dialog, click Advanced, and then find and select the users whose access to this file you want to monitor.
- Click OK when you are done adding users.
- In the Permissions tab, set the permissions for each user you added.
The configuration is now complete. Windows will generate audit events when the users you specified take the actions specified on the files or fold ers for which you set the audit policies.
Setting Access Credentials
Sun Solaris Server Configuration
What is Discovered and Monitored
| Protocol |
Information Discovered |
Metrics collected |
Used for |
| SNMP |
Host name, generic hardware (cpu, memory, network interface, disk), software (operating system version,
installed software, running processes, open
TCP/UDP ports) |
Uptime, CPU/Memory/Network Interface/Disk space utilization, Network
Interface Errors, Running Process Count, Installed Software change,
Running process CPU/memory utilization, Running process start/stop, TCP/UDP port up/down |
Performance
Monitoring |
| SSH |
Hardware (cpu details, memory) |
Memory paging rate, Disk I/O utilization |
Performance
Monitoring |
| Syslog |
Vendor, Model |
General logs including Authentication Success/Failure, Privileged logons, User/Group Modification |
Security Monitoring and Compliance |
Event Types
In CMDB > Event Types, search for “solaris” in the Device Type and Description column to see the event types associated with this device.
Rules
There are no predefined rules for this device.
Reports
There are no predefined reports for this device.
Configuration
SNMP v1 and v2c
- Check if the netsnmp package installed. Solaris has built-in snmp packages. If the netsnmp is not installed, use pkgadd cmd to install it.
- Start snmnp with the default configuration.
SSH
- Make sure that the vmstat and iostat commands are available. If not, install these libraries.
- Create a user account that can issue vmstat and iostat AccelOps will use that user account to log in to the server.
Settings for Access Credentials
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!
