- 1 Welcome to Vunetrix Network Monitor+
- 2 Quick Start Guide+
- 3 Installing the Software+
- 4 Understanding Basic Concepts+
- 5 Ajax Web Interface—Basic Procedures+
- 5.1 Login
- 5.2 SSL Certificate Warning
- 5.3 General Layout
- 5.4 Sensor States
- 5.5 Review Monitoring Data
- 5.6 Compare Sensors
- 5.7 Historic Data Reports
- 5.8 Similar Sensors
- 5.9 Object Settings
- 5.10 Alarms
- 5.11 Logs
- 5.12 Tickets
- 5.13 Working with Table Lists
- 5.14 Object Selector
- 5.15 Priority and Favorites
- 5.16 Pause
- 5.17 Context Menus
- 5.18 Hover Popup
- 5.19 Main Menu Structure
- 6 Ajax Web Interface—Device and Sensor Setup+
- 6.1 Auto-Discovery
- 6.2 Create Objects Manually+
- 6.3 Manage Device Tree
- 6.4 Root Group Settings
- 6.5 Probe Settings
- 6.6 Group Settings
- 6.7 Device Settings
- 6.8 Sensor Settings+
- 6.8.1 List of Available Sensor Types
- 6.8.2 Active Directory Replication Errors Sensor
- 6.8.3 ADO SQL Sensor
- 6.8.4 Amazon CloudWatch Sensor
- 6.8.5 AVM FRITZ!Box WAN Interface Sensor
- 6.8.6 Cisco IP SLA Sensor
- 6.8.7 Citrix XenServer Host Sensor
- 6.8.8 Citrix XenServer Virtual Machine Sensor
- 6.8.9 Cluster Probe Health Sensor
- 6.8.10 Core Health Sensor
- 6.8.11 Dell PowerVault MDi Sensor
- 6.8.12 DHCP Sensor
- 6.8.13 DNS Sensor
- 6.8.14 Enterprise Virtual Array Sensor
- 6.8.15 Event Log (Windows API) Sensor
- 6.8.16 Exchange Backup (Powershell) Sensor
- 6.8.17 Exchange Database (Powershell) Sensor
- 6.8.18 Exchange Mailbox (Powershell) Sensor
- 6.8.19 Exchange Mail Queue (Powershell) Sensor
- 6.8.20 Exchange Public Folder (Powershell) Sensor
- 6.8.21 EXE/Script Sensor
- 6.8.22 EXE/Script Advanced Sensor
- 6.8.23 File Sensor
- 6.8.24 File Content Sensor
- 6.8.25 Folder Sensor
- 6.8.26 FTP Sensor
- 6.8.27 FTP Server File Count Sensor
- 6.8.28 Google Analytics Sensor
- 6.8.29 HTTP Sensor
- 6.8.30 HTTP Advanced Sensor
- 6.8.31 HTTP Apache ModStatus PerfStats Sensor
- 6.8.32 HTTP Apache ModStatus Totals Sensor
- 6.8.33 HTTP Content Sensor
- 6.8.34 HTTP Full Web Page Sensor
- 6.8.35 HTTP Push Count Sensor
- 6.8.36 HTTP Push Data Sensor
- 6.8.37 HTTP Push Data Advanced Sensor
- 6.8.38 HTTP SSL Certificate Expiry Sensor
- 6.8.39 HTTP Transaction Sensor
- 6.8.40 HTTP XML/REST Value Sensor
- 6.8.41 Hyper-V Cluster Shared Volume Disk Free Sensor
- 6.8.42 Hyper-V Host Server Sensor
- 6.8.43 Hyper-V Virtual Machine Sensor
- 6.8.44 Hyper-V Virtual Network Adapter Sensor
- 6.8.45 Hyper-V Virtual Storage Device Sensor
- 6.8.46 IMAP Sensor
- 6.8.47 INI File Content Check Sensor
- 6.8.48 IP on DNS Blacklist Sensor
- 6.8.49 IPFIX Sensor
- 6.8.50 IPFIX (Custom) Sensor
- 6.8.51 jFlow V5 Sensor
- 6.8.52 jFlow V5 (Custom) Sensor
- 6.8.53 LDAP Sensor
- 6.8.54 Microsoft SQL Sensor
- 6.8.55 MySQL Sensor
- 6.8.56 NetFlow V5 Sensor
- 6.8.57 NetFlow V5 (Custom) Sensor
- 6.8.58 NetFlow V9 Sensor
- 6.8.59 NetFlow V9 (Custom) Sensor
- 6.8.60 Oracle SQL Sensor
- 6.8.61 Packet Sniffer Sensor
- 6.8.62 Packet Sniffer (Custom) Sensor
- 6.8.63 Passive Application Performance Sensor
- 6.8.64 PerfCounter Custom Sensor
- 6.8.65 PerfCounter IIS Application Pool Sensor
- 6.8.66 Ping Sensor
- 6.8.67 Ping Jitter Sensor
- 6.8.68 Pingdom Sensor
- 6.8.69 POP3 Sensor
- 6.8.70 POP3 Email Count Sensor
- 6.8.71 Port Sensor
- 6.8.72 Port Range Sensor
- 6.8.73 Probe Health Sensor
- 6.8.74 QoS (Quality of Service) One Way Sensor
- 6.8.75 QoS (Quality of Service) Round Trip Sensor
- 6.8.76 RADIUS Sensor
- 6.8.77 RDP (Remote Desktop) Sensor
- 6.8.78 SCVMM Host Sensor
- 6.8.79 SCVMM Virtual Machine Sensor
- 6.8.80 Sensor Factory Sensor
- 6.8.81 sFlow Sensor
- 6.8.82 sFlow (Custom) Sensor
- 6.8.83 SFTP Secure File Transfer Protocol Sensor
- 6.8.84 Share Disk Free Sensor
- 6.8.85 SIP Options Ping Sensor
- 6.8.86 SMTP Sensor
- 6.8.87 SMTP&IMAP Round Trip Sensor
- 6.8.88 SMTP&POP3 Round Trip Sensor
- 6.8.89 SNMP APC Hardware Sensor
- 6.8.90 SNMP Cisco ADSL Sensor
- 6.8.91 SNMP Cisco ASA VPN Connections Sensor
- 6.8.92 SNMP Cisco ASA VPN Traffic Sensor
- 6.8.93 SNMP Cisco ASA VPN Users Sensor
- 6.8.94 SNMP Cisco CBQoS Sensor
- 6.8.95 SNMP Cisco System Health Sensor
- 6.8.96 SNMP Cisco UCS Chassis Sensor
- 6.8.97 SNMP Cisco UCS Physical Disk Sensor
- 6.8.98 SNMP Cisco UCS System Health Sensor
- 6.8.99 SNMP CPU Load Sensor
- 6.8.100 SNMP Custom Sensor
- 6.8.101 SNMP Custom String Sensor
- 6.8.102 SNMP Dell Hardware Sensor
- 6.8.103 SNMP Dell PowerEdge Physical Disk Sensor
- 6.8.104 SNMP Dell PowerEdge System Health Sensor
- 6.8.105 SNMP Disk Free Sensor
- 6.8.106 SNMP GSA System Health Sensor
- 6.8.107 SNMP Hardware Status Sensor
- 6.8.108 SNMP HP LaserJet Hardware Sensor
- 6.8.109 SNMP HP ProLiant Logical Disk Sensor
- 6.8.110 SNMP HP ProLiant Memory Controller Sensor
- 6.8.111 SNMP HP ProLiant Network Interface Sensor
- 6.8.112 SNMP HP ProLiant Physical Disk Sensor
- 6.8.113 SNMP HP ProLiant System Health Sensor
- 6.8.114 SNMP IBM System X Logical Disk Sensor
- 6.8.115 SNMP IBM System X Physical Disk Sensor
- 6.8.116 SNMP IBM System X Physical Memory Sensor
- 6.8.117 SNMP IBM System X System Health Sensor
- 6.8.118 SNMP interSeptor Pro Environment Sensor
- 6.8.119 SNMP LenovoEMC Physical Disk Sensor
- 6.8.120 SNMP LenovoEMC System Health Sensor
- 6.8.121 SNMP Library Sensor
- 6.8.122 SNMP Linux Disk Free Sensor
- 6.8.123 SNMP Linux Load Average Sensor
- 6.8.124 SNMP Linux Meminfo Sensor
- 6.8.125 SNMP Linux Physical Disk Sensor
- 6.8.126 SNMP Memory Sensor
- 6.8.127 SNMP NetApp Disk Free Sensor
- 6.8.128 SNMP NetApp Enclosure Sensor
- 6.8.129 SNMP NetApp I/O Sensor
- 6.8.130 SNMP NetApp License Sensor
- 6.8.131 SNMP NetApp Logical Unit Sensor
- 6.8.132 SNMP NetApp Network Interface Sensor
- 6.8.133 SNMP NetApp System Health Sensor
- 6.8.134 SNMP Poseidon Environment Sensor
- 6.8.135 SNMP QNAP Logical Disk Sensor
- 6.8.136 SNMP QNAP Physical Disk Sensor
- 6.8.137 SNMP QNAP System Health Sensor
- 6.8.138 SNMP RMON Sensor
- 6.8.139 SNMP SonicWALL System Health Sensor
- 6.8.140 SNMP SonicWALL VPN Traffic Sensor
- 6.8.141 SNMP Synology Logical Disk Sensor
- 6.8.142 SNMP Synology Physical Disk Sensor
- 6.8.143 SNMP Synology System Health Sensor
- 6.8.144 SNMP System Uptime Sensor
- 6.8.145 SNMP Traffic Sensor
- 6.8.146 SNMP Trap Receiver Sensor
- 6.8.147 SNMP Windows Service Sensor
- 6.8.148 SNTP Sensor
- 6.8.149 SSH Disk Free Sensor
- 6.8.150 SSH INodes Free Sensor
- 6.8.151 SSH Load Average Sensor
- 6.8.152 SSH Meminfo Sensor
- 6.8.153 SSH Remote Ping Sensor
- 6.8.154 SSH SAN Logical Disk Sensor
- 6.8.155 SSH SAN Physical Disk Sensor
- 6.8.156 SSH SAN System Health Sensor
- 6.8.157 SSH Script Sensor
- 6.8.158 SSH Script Advanced Sensor
- 6.8.159 SSH VMWare ESX(i) Disk Sensor
- 6.8.160 Syslog Receiver Sensor
- 6.8.161 System Health Sensor
- 6.8.162 TFTP Sensor
- 6.8.163 Traceroute Hop Count Sensor
- 6.8.164 Virtuozzo Container Disk Sensor
- 6.8.165 Virtuozzo Container Network Sensor
- 6.8.166 VMware Host Hardware (WBEM) Sensor
- 6.8.167 VMware Host Hardware Status (SOAP) Sensor
- 6.8.168 VMware Host Performance (SOAP) Sensor
- 6.8.169 VMware Virtual Machine (SOAP) Sensor
- 6.8.170 WBEM Custom Sensor
- 6.8.171 Windows CPU Load Sensor
- 6.8.172 Windows IIS 6.0 SMTP Received Sensor
- 6.8.173 Windows IIS 6.0 SMTP Sent Sensor
- 6.8.174 Windows IIS Application Sensor
- 6.8.175 Windows Last Update Sensor
- 6.8.176 Windows Logged In Users Sensor
- 6.8.177 Windows MSMQ Queue Length Sensor
- 6.8.178 Windows Network Card Sensor
- 6.8.179 Windows Pagefile Sensor
- 6.8.180 Windows Physical Disk Sensor
- 6.8.181 Windows Print Queue Sensor
- 6.8.182 Windows Registry Sensor
- 6.8.183 Windows Scheduled Task Sensor
- 6.8.184 Windows System Uptime Sensor
- 6.8.185 Windows Updates Status (Powershell) Sensor
- 6.8.186 WMI Custom Sensor
- 6.8.187 WMI Custom String Sensor
- 6.8.188 WMI Event Log Sensor
- 6.8.189 WMI Exchange Server Sensor
- 6.8.190 WMI Exchange Transport Queue Sensor
- 6.8.191 WMI File Sensor
- 6.8.192 WMI Free Disk Space (Multi Drive) Sensor
- 6.8.193 WMI HDD Health Sensor
- 6.8.194 WMI Logical Disk Sensor
- 6.8.195 WMI Memory Sensor
- 6.8.196 WMI Microsoft SQL Server 2005 Sensor (Deprecated)
- 6.8.197 WMI Microsoft SQL Server 2008 Sensor
- 6.8.198 WMI Microsoft SQL Server 2012 Sensor
- 6.8.199 WMI Process Sensor
- 6.8.200 WMI Remote Ping Sensor
- 6.8.201 WMI Security Center Sensor
- 6.8.202 WMI Service Sensor
- 6.8.203 WMI Share Sensor
- 6.8.204 WMI SharePoint Process Sensor
- 6.8.205 WMI Terminal Services (Windows 2008) Sensor
- 6.8.206 WMI Terminal Services (Windows XP/Vista/2003) Sensor
- 6.8.207 WMI UTC Time Sensor
- 6.8.208 WMI Vital System Data (V2) Sensor
- 6.8.209 WMI Volume Sensor
- 6.8.210 WMI Volume Fragmentation Sensor
- 6.8.211 WMI Windows Version Sensor
- 6.8.212 WSUS Statistics Sensor
- 6.9 Additional Sensor Types (Custom Sensors)
- 6.10 Sensor Channels Settings
- 6.11 Sensor Notifications Settings
- 7 Ajax Web Interface—Advanced Procedures+
- 7.1 Toplists
- 7.2 Arrange Objects
- 7.3 Clone Object
- 7.4 Multi-Edit
- 7.5 Create Device Template
- 7.6 Geo Maps
- 7.7 Notifications+
- 7.8 Libraries+
- 7.9 Reports+
- 7.10 Maps+
- 7.11 Setup+
- 7.11.1 Account Settings—My Account
- 7.11.2 Account Settings—Notifications
- 7.11.3 Account Settings—Schedules
- 7.11.4 System Administration—User Interface
- 7.11.5 System Administration—Monitoring
- 7.11.6 System Administration—Notification Delivery
- 7.11.7 System Administration—Core & Probes
- 7.11.8 System Administration—User Accounts
- 7.11.9 System Administration—User Groups
- 7.11.10 System Administration—Administrative Tools
- 7.11.11 Vunetrix Status—System Status
- 7.11.12 Vunetrix Status—Auto-Update
- 7.11.13 Vunetrix Status—Activation Status
- 7.11.14 Optional Downloads and Add-Ons
- 7.11.15 Chrome Desktop Notifications
- 7.11.16 Support—Contact Support
- 8 Enterprise Console+
- 9 Other User Interfaces+
- 10 Sensor Technologies+
- 10.1 Monitoring via SNMP
- 10.2 Monitoring via WMI
- 10.3 Monitoring via SSH
- 10.4 Monitoring Bandwidth via Packet Sniffing
- 10.5 Monitoring Bandwidth via Flows
- 10.6 Bandwidth Monitoring Comparison
- 10.7 Monitoring Quality of Service and VoIP
- 10.8 Monitoring Email Round Trip
- 10.9 Monitoring Backups
- 10.10 Monitoring Virtual Environments
- 10.11 Monitoring Databases
- 10.12 Monitoring Syslogs and SNMP Traps
- 11 System Administration Tools+
- 12 Advanced Topics+
- 12.1 Active Directory Integration
- 12.2 Application Programming Interface (API) Definition
- 12.3 Filter Rules for xFlow, IPFIX and Packet Sniffer Sensors
- 12.4 Channel Definitions for xFlow, IPFIX, and Packet Sniffer Sensors
- 12.5 Define IP Ranges
- 12.6 Define Lookups
- 12.7 Regular Expressions
- 12.8 Add Remote Probe+
- 12.9 Data Storage
- 12.10 Using Your Own SSL Certificate with Vunetrix's Web Server
- 12.11 Calculating Percentiles
- 13 Appendix+
Vunetrix Manual: Monitoring Syslogs and SNMP Traps
Vunetrix is utilizable as a full scale syslog server and SNMP trap receiver. Every Vunetrix installation includes this functionality so no additional software is needed. This manual section describes a sample configuration for Vunetrix's syslog and SNMP trap receiver and gives you an idea about how to use these features.
Syslog is a well-established standard for computer message logging. Many network devices support sending syslogs to communicate informational, analysis, and debugging messages which are intended for network management and security auditing. SNMP traps are asynchronous notifications from SNMP-enabled devices and can be used to report important incidents and data, just like syslog messages. Devices trigger these messages for various reasons, such as system events, outages, critical conditions, and many more.
Vunetrix provides two dedicated sensor types which work as full scale syslog resp. SNMP trap receivers:
Because both the syslog and the trap receiver are implemented as common sensor types, you do not need to install software in addition to Vunetrix (for example, you do not need an extra syslog server but only the Vunetrix web server). You can create the Syslog Receiver as well as the SNMP Trap Receiver sensors in the usual Vunetrix way via the add sensor dialog. Then configure your syslog- or SNMP trap-enabled device(s) to send messages to Vunetrix.
Vunetrix is able to handle about 10,000 syslog and trap messages per second on a quad core desktop machine. You can filter the incoming messages by various parameters so that Vunetrix will process only specific messages and purge other data right away. Processed messages are stored in an internal high-performance database on the particular probe machine and are available for reviewing and analyzing via Vunetrix's web interface. The main limiting factor for Vunetrix's syslog and trap receivers is the hard disk space on the machine running the Vunetrix probe with these sensors.
Follow the steps below for a sample configuration of Syslog and SNMP Trap Receiver sensors. You can apply these instructions to both the SNMP Trap Receiver as well as the Syslog Receiver because the setup works in a similar way for both.
- Adding the Receivers
- Configure the Source Devices
- Collect Messages
- Review and Analyze Messages
- Refine the Filters
- Create Notification Triggers
Step 1: Add a Syslog Receiver or SNMP Trap Receiver sensor to Vunetrix.
Both sensor types inherit an implicit filter by the IP address of the parent device. So, on the one hand, it is possible to add these sensors to a probe device. Then you will receive all messages from the system running the probe and can optionally filter for specific sources later. On the other hand, you can add these sensors directly to the source device. Then only messages from this device will be processed.
Add the receiver sensors to the desired device in the common way, for example, via the device's context menu. We recommend leaving the sensor's default settings unchanged for the first configuration (port, include and exclude filter, warning and error filter) to see what data actually comes in.
Note: Adding the sensor to a network device directly will increase its speed in comparison to a filter definition in the sensor settings. Distributing Syslog and SNMP Trap Receiver sensors over different probes will make the overall performance scalable and gives you variability for the place of data storage.
Syslog Receiver Sensor in the Add Sensor Dialog
Step 2: Configure your network device(s) which support sending syslogs or SNMP traps appropriately.
Configure your syslog or SNMP trap ready devices to send syslogs or traps (see documentations of the respective device vendors). They have to address the Vunetrix probe on which your Syslog or SNMP Trap Receiver sensor runs. So specify the IP address of the machine with the respective Vunetrix probe. If you keep your syslog or trap receiver's default settings, use the port 514.
Note: The protocol is User Datagram Protocol (UDP).
Default Sensor Settings: Sufficient for the First Configuration
Step 3: Start collecting syslog or SNMP trap messages from your devices.
You do not have to accomplish any further configuration steps to use Vunetrix as a syslog server or SNMP trap receiver. When your device(s) send syslogs or SNMP traps to the specified Vunetrix probe machine, the messages will appear automatically in Vunetrix's web interface. After each sensor scan (by default inherited from the parent device), Vunetrix will count the received syslogs or traps in the according channels (total number of messages during the last interval, error and warning messages, or dropped packets).
Let the syslog receiver or the SNMP trap receiver collect data for a while to see what comes in. By default, the respective sensor will go into a Warning status if there was at least one message with severity 4 and into an Error status if there was at least one message with severity 3 or lower during the last sensor scan.
Note: Incoming messages are counted per scanning interval, so it might take a few moments to see the received syslogs/traps, depending on the remaining time until the next sensor scan. Of course, you can use Check Now via the sensor's context buttons to perform an immediate scan and see corresponding data. The sensor states are also defined per scan.
So, for example, a message which is classified as error will count for the error channel only for one scanning interval; if there is no new error message in the following scanning interval, no message is shown in the error channel anymore and the error status will disappear after the next sensor scan. The syslog or trap itself will still be accessible on the Messages tab.
Syslog Receiver Sensor with Error Messages
Step 4: Review and analyze the collected data.
All incoming messages which match the include filter are processed and stored in Vunetrix's internal high-performance database. Review and analyze the received syslogs and traps via Vunetrix's web interface. For details, see the respective manual sections of SNMP Trap Receiver Sensor and Syslog Receiver Sensor. Then you can decide about further filtering of the incoming messages.
Note: The received data is also available in Vunetrix's data folder as common files. One data file is created per hour.
Note: For the SNMP Trap Receiver sensor, you can add the Management Information Base (MIB) files of your device(s) to the \MIB subfolder of Vunetrix. This will result in Object Identifier (OID) resolution and makes trap messages more comprehensible.
Received Syslogs on the Messages Tab
Step 5: (Optionally) refine the filters.
In order to enhance the productivity with your Vunetrix syslog servers and trap receivers, you can adjust the default filter settings. Vunetrix provides you a comprehensible formula system that you can use to describe which kind of messages you want to process and which of them will count as error or warning messages. You can configure the following filters for received messages in the settings of the respective receiver:
- Include filter: Process and store specific types of messages only.
- Exclude filter: Do not process specific types of messages and discard them.
- Warning filter: Define rules to categorize received messages as warnings.
- Error filter: Define rules to categorize received messages as errors.
Use the syntax which is provided in the corresponding manual sections to define your individual filter rules: SNMP Trap Receiver Sensor and Syslog Receiver Sensor.
Note: You can create filter rules with a few mouse clicks using the Advanced Filter on the Messages tab of a specific sensor and copy these rules into the sensor settings to apply them.
Advanced Filter Created on the Messages Tab
Step 6: (Optionally) create notification triggers.
By default, the warning and error channels of the Syslog and SNMP Trap Receiver sensors have a very low upper warning resp. error limit (0.00000001). The reason for this is that even when only one syslog or trap has been counted in the respective channel during a scanning interval, the overall status of the sensor will show this with the corresponding status. This way, you will always recognize if there is something wrong on the monitored system.
Because of this sensor behavior, best practice would be to add a State Trigger on the Notifications tab of the sensor if you want to get a notification when a warning or error message type comes in. Define a very low Down or Warning time condition to not miss any warnings or errors, for example 1 second; it has to be lower than the scanning interval in any case! Another option would be a Speed Trigger for notifications regarding messages per second.
State Trigger with a 1 Second Condition
Keywords: Note: