Supported Monitors and Tests

A monitor is a process that runs one or more categories of tests with similar functions. Each type of test is identified by the name of the monitor that runs it and the Test Subtype, a unique identifier within the monitor.

For example, the Port Monitor can run tests of several subtypes: FTP, HTTP, HTTPS, IMAP, IMAPS, etc. When you create a new FTP test for a device, NetVigil uses the test's Test Type/Subtype combination (Port/FTP) to look up provisioning information for this category of tests.

NetVigil provides standard monitors for network, servers, applications and URL transactions. (You can easily add new monitors with the plugin framework described in Chapter 22, "Plugin Monitors") Efficient and multi-threaded, the standard monitors are designed to minimize the impact of traffic monitoring on your network. The use of NetVigil tests does not result in a significant increase in resource utilization for the devices being polled because default time intervals are set to provide an accurate picture of device functioning without burdening the system.

NetVigil is designed to work with SNMP agents such as Empire, UCD, or BMC Patrol, and recognizes MIBs from a variety of standard devices such as Compaq servers and Cisco routers. Note that while information can be gathered from a device's private MIB, some MIBs do not provide enough information to enable the same array of tests that a standard SNMP agent would allow.

NetVigil's SNMP monitor is an extremely fast, multi-threaded poller with support for 64bit counters where available and also account for the rollover of 32bit counters. Multiple SNMP queries to the same host are sent in the same SNMP packet for speed and optimization. An alternate SNMP port can be queried instead of the default if needed.

In addition to using NetVigil's standard monitors or creating new ones to poll for data, you can insert numeric data into the system is via the External Data Feed (EDF) described in Chapter 18, "External Data Feed (EDF) Reference". NetVigil can also accept SNMP traps and scan log files for specific patterns (regular expressions) via the Input Stream Monitor (ISM) which is described in Chapter 19, "Input Stream Monitor (ISM) Server Reference".

11.2 Available Monitors

11.2.1 Network Monitors

Frame Relay & ATM

Measure parameters on frame relay and ATM circuits such as DLCI status, discards, traffic, FECN, BECN.

Firewalls

Monitor firewall parameters such as Packets accepted, rejected, drops, active connections for IP/FTP/HTTP etc.

Wireless Access Points

Monitor WLAN access point metrics such as wireless client count, neighbor count, SSID broadcasts, encapsulation errors, associations, duplicate sequence, WEP key mismatch, SSID mismatch.

BGP Route Monitor

RIP Routing Monitor

OSPF Routing Monitor

RMON2 Protocol Metrics

Measure traffic statistics for TCP, UDP, ICMP, ssh, telnet, http, pop3, imap, dns and snmp using RMON2 MIB.

Voice over IP

Measure delay, packet loss and jitter metrics such as response time, packet loss, positive & negative, out of sequence and late arrivals.

ICMP Packet Loss

Verify that the network hosts are available and reachable via the network and also indicate if reachability is degraded. Five packets are sent, and the packet loss is reported as a percentage.

ICMP Round Trip Time

Measure the response time (in milliseconds) of ICMP ping packets to detect network latency. 5 packets are sent in each pass and the average of these five packets is calculated for each test.

Bandwidth Utilization

Measure the traffic (bytes) transmitted between each test interval, and calculate the percentage utilization based on the maximum bandwidth of the interface.

Throughput on Network Interface

Interface Errors

Calculate CRC error rate and discards (per minute) calculated by the delta between sample intervals.

Load Balancer

Monitor Virtual server and real server status, connections, traffic, failover cable status for load balancers such as the Cisco Local Director.

LAN Switches

Measure VLAN traffic, buffer allocation failures, traffic per port, CRC errors and environment parameters such as chassis temprature, fan status, power supply.

SNMP Traps

Customizable trap handler which assigns a severity to received traps based on a customizable configuration file and inserts into the system.

11.2.2 Server Monitors

CPU load

Report on the percentage of CPU in use (average over past minute) to detect overloaded servers. Note that occasional spikes in CPU load is normal.

Disk space

Physical Memory Usage

Measure percentage of physical memory used. Note that some operating systems use any `available' physical memory for I/O buffers and hence the percentage of physical memory used will always be high.

Virtual Memory

Paging/Memory Swapping

Report on the number of page swaps per unit time. Paging is a normal phenonmenon, but excessive swapping is bad and indicates that the system requires additional physical memory.

Process & Thread Count

RPC Portmapper

Check if the RPC portmapper is running (a better alternative to icmp ping for an availability test).

LAN Manager

Report metrics such as authentication failures, system errors, I/O performance, concurrent sessions.

Compaq Insight Manager

Report metrics such as RAID controller information, temperature, fan, power supply, CPU load and network interface utilization.

Printers

UPS

Monitor battery status, capacity, battery temperature, voltage and output status on UPSs.

11.2.3 Application Monitors

Oracle database

Monitor database status, transaction rate, disk reads & writes, page reads & writes, out of space errors, query rate, committed transactions, aborted transactions, table status, table utilization, datafile reads & writes, replication status, listener status, SID connections.

Apache Web Server

Report on web server traffic, utilization, requests per second, average data bytes per request

Object Oriented (OODB) OQL query

Measures query response time; Required input: legitimate username, password, database name, and proper OQL query syntax.

LDAP database query

Connects to any directory service supporting an LDAP interface and checks whether the directory service is available within response bounds and provides the correct lookup to a known entity. Required input: base, scope and filter.

Generic SQL query

Measures SQL query response time and returned data value for Oracle, Sybase, SQL Server, Postgres, MySQL using JDBC.

Microsoft SQL Server

Measure the status, page reads, TDS packets, threads, page faults, connected users, lock timeouts, deadlocks, cache hit ratio, disk space utilization, transaction rate, log space utilization, replication rate.

Microsoft Exchange Server

Measure traffic, ExDS statistics, Address book Connections, ExDS metrics, MTS, LDAP queries, queue, SMTP connections, failed connections, thread pool usage, failures, disk operations.

Microsoft Internet Information Server

Monitor the traffic, files transferred, active users, active connections, throttled requests, rejected requests, 404 errors, and breakdown on the request types (GET, POST, HEAD, PUT, CGI).

DHCP Monitor

Check if DHCP service on a host is available, whether it has IP addresses available for lease and how long it takes to answer a lease request, request statistics such as discover, release, ack, nak requests.

URL transaction monitor

Measures time to complete an entire multi-step URL transaction. Can fill forms, clicks on hyperlinks, etc. Works with proxy and also supports https.

HTTP

Monitors the availability and response time of HTTP Web servers. Checks for error responses, incomplete pages.

HTTPS

Secure HTTP- This monitor supports all of the features of the HTTP monitor, but also supports SSL encapsulation, in which case the communication is encrypted using SSLv2/SSLv3 protocols for increased security. The monitor will establish the SSL session and then perform HTTP tests to ensure service availability.

SMTP Server

Simple Mail Transport Protocol - Monitors the availability and response time of any mail transport application that supports the SMTP protocol (Microsoft Exchange, Sendmail, Netscape Mail.)

POP3 Server

Monitors the availability and response time of POP3 E-mail services. If legitimate username and password is supplied, will login and validate server response.

IMAP4 Server

Internet Message Access Protocol - Monitors the availability and response time of IMAP4 E-mail services. If legitimate username and password is supplied, will login and validate server response.

IMAPS

Secure IMAP- This monitor supports all of the features of the IMAP monitor, but also supports SSL encapsulation, in which case the communication is encrypted using SSLv2/SSLv3 protocols for increased security. The monitor will establish the SSL session and then perform IMAP tests to ensure service availability.

FTP Server

File Transport Protocol - Monitors the availability and response time of FTP port connection. Connection request sent, receives OK response and then disconnects. If legitimate username and password is supplied, will attempt to login and validate server response.

NNTP News Server

Connects to the NNTP service to check whether or not Internet newsgroups are available, receives OK response and then disconnects.

Generic Port

Monitor the response time for any TCP port, and report a failure if supplied response string is not matched in the server reply.

NTP

Monitors time synchronization service across the network by querying the NTP service on any server and returning the stratum value. If the stratum is below the configured thresholds, an error is reported.

RADIUS

Remote Authentication Dial-In User Service (RFC 2138 and 2139) - performs a complete authentication test against a RADIUS service, checking the response time for user logon authentication to the ISP platform. Required input: secret, port number, username and password.

DNS

Domain Name Service (RFC 1035) - uses the DNS service to look up the IP addresses of one or more hosts. It monitors the availability of the service by recording the response times and the results of each request.

11.2.4 Custom Monitors

External Data Feed (EDF) Monitors

Use the EDF Server to insert numeric values into NetVigil via a socket interface. The inserted data is treated as if it were collected using standard monitors. See Chapter 18, "External Data Feed (EDF) Reference"

Input Stream Monitors (ISM)

Use the ISM Server to insert text strings (e.g., SNMP traps or syslog messages) into NetVigil via a socket interface. The inserted data is treated as if it were collected using standard monitors. See Chapter 19, "Input Stream Monitor (ISM) Server Reference"

Plugin Monitor Framework

You can write a custom monitor as a Java class, or as an external script/programming in any programming language. SeeChapter 22, "Plugin Monitors"

11.3 WMI Variables Supported

NetVigil can collect monitoring data from Windows computers directly using the native WMI interface. The following is the partial list of WMI parameters collected by NetVigil. Please note that the WMI variables library is continously being updated, so please contact Fidelia for the latest list of WMI parameters supported by Fidelia NetVigil.

11.4 SNMP MIBs Supported

11.4.1 RFC/Standard MIBs

The table that follows lists the standard MIBs supported by NetVigil. Support for new MIBs is continuously being added into NetVigil, so please contact Fidelia if you do not see a vendor MIB listed in this table.

Windows WMI Variables
Application	Supported Tests
SQL Server	Active Transactions Transaction Rate Log Cache Hit Ratio Log Space Used Lock Average Wait Lock Requests Lock Deadlocks Batch Requests Compilations Users Connected Users Logging In/Out Auto Param total/failed/safe
IIS	Total traffic File transfers Active connections Anonymous users Authenticated Users HTTP Operations GET/POST/PUT/HEAD/ISAPI Not Found Errors
DHCP	Request Discover Release Offer Pack Nack
Host	Disk Space CPU Physical Memory Virtual Memory Number of users Number of Processes Thread count Context Switches File R/W operations
Network	Interface Utilization Interface Traffic Interface Discards Interface Errors

RFC/Standard MIBs
MIB	Supported Tests
RFC1514 - Host Resources MIB	Disk Space Utilization Physical Memory Utilization Swap/Virtual Memory Utilization CPU Load Running Application/Process Count Logged In User Count
RFC1253 - OSPF Version 2	OSPF {neighbor} Status OSPF {neighbor} Errors OSPF External LSA OSPF LSA Sent/Received
RFC1657 - Border Gateway Protocol (BGP-4)	BGP {neighbor} Status BGP {neighbor} Updates Sent/Received BGP {neighbor} FSM Transitions
RFC1724 - RIP Version 2	RIP Route Changes RIP {interface} Updates Sent RIP {neighbor} Bad Routes Received
RFC1697 - Relational Database Management	{rdbms} Status {rdbms} Disk Space Utilization {rdbms} Transaction Rate {rdbms} Disk Reads/Writes {rdbms} Page Reads/Writes {rdbms} Out Of Space Errors
RFC1759 - Printer MIB	Printer Status Printer Paper Capacity Printer Door Status
RFC2115 - Frame Relay DTE	Frame Relay {dlci} Status Frame Relay {dlci} FECN/BECN Frame Relay {dlci} Discards/DE Frame Relay {dlci} Traffic In/Out
RFC2021 - RMON2	ICMP traffic (byte rate) TCP traffic UDP traffic SSH Telnet HTTP SMTP POP3 IMAP DNS SNMP
RFC2863 - Interfaces Group MIB	{interface} Status {interface} Utilization In/Out {interface} Traffic In/Out {interface} Packets In/Out {interface} Discards In/Out {interface} Errors In/Out

11.4.2 Vendor-Specific MIBs

Vendor-Specific MIBs
MIB	Supported Tests
APC UPS	UPS Battery Status UPS Battery Capacity UPS Battery Temperature UPS Voltage UPS Output Status
Checkpoint FW-1	Packets Accepted Packets Rejected Packets Dropped Packets Logged CPU Utilization
Cisco Wireless Access Points	Wireless Client count Neighbor Access Point count SSID Broadcast count Wireless Nodes roamed Wireless Associations Wireless Disassociations Wireless Reassociations Encapsulation/Decapsulation Errors Duplicate Sequence WEP Key Mismatch SSID Mismatch
Cisco Local Director	Virtual {server}:{port} Status Virtual {server}:{port} Connections Virtual {server}:{port} Traffic In/Out Virtual {server}:{port} Packets In/Out Real {server}:{port} Status Real {server}:{port} Connections Real {server}:{port} Traffic In/Out Real {server}:{port} Packets In/Out Failover Cable Status
Cisco PIX Firewall	Firewall Status Active IP Connections Active FTP Connections Active HTTP Connections Active HTTPS Connections Active SMTP Connections Active H.323 Connections Active NetShow Connections Active NFS Connections
Cisco Router/Catalyst Switch	{interface} CRC Errors Backplane Utilization VLAN Traffic In/Out VLAN Error In/Out CPU Utilization Memory Utilization Buffer Allocation Failure Chassis Temperature Fan Status Power Supply Status Module Status
Cisco SAA agent	Icmp Echo Response Time Jitter Response time Jitter Positive/Negative Jitter Packet Loss Jitter Out of Sequence Jitter Late Arrival
Compaq Insight Manager	Network Interface Status Network Interface Utilization In/Out Network Interface Alignment Error In/Out Network Interface FCS Error In/Out CPU Utilization Disk Space Utilization RAID Controller Status RAID Array Chassis Temperature RAID Array Fan Status RAID Array Power Supply Status
Foundry Network Router/Switch	CPU Utilization Chassis Temperature Fan Status Power Supply Status
HP/UX	Disk Space Utilization Physical Memory Utilization Swap/Virtual Memory Utilization CPU Load Running Application/Process Count Logged In User Count
LAN Manager (Windows Only)	Windows Login Errors System Errors Workstation I/O Response Active Connections
Microsoft DHCP Server	Available Address In Scope DISCOVER Request Received REQUEST Request Received RELEASE Request Received OFFER Response Sent ACK Request Received NACK Request Received
Microsoft Exchange Server	Traffic In/Out ExDS Access Violations ExDS Reads ExDS Writes ExDS Connections Address Book Connections LDAP Queries MTS SMTP Connections Failed Connections Queue Delivered Mails Looped Mails Active Users Active Connections Xfer Via IMAP Xfer Via POP3 Thread Pool Usage Disk Operation (delete) Disk Operation (sync) Disk Operation (open) Disk Operation (read) Disk Operation (write)
Microsoft Internet Information Server (IIS)	Incoming/Outgoing Traffic Files Sent/Received Active Anonymous Users Active Authenticated Users Active Connections GET Requests POST Requests HEAD Requests PUT Requests CGI Requests Throttled Requests Rejected Requests Not Found (404) Errors
Microsoft SQL Server	{database} Status {database} Page Reads/Writes {database} TDS Packets {database} Network Errors {database} CPU Utilization {database} Threads {database} Page Faults {database} Users Connected {database} Lock Timeouts {database} Deadlocks {database} Cache Hit Ratio {database} Disk Space Utilization {database} Transaction Rate {database} Log Space Utilization {database} Replication Rate
Oracle 8/9i Database	DB {database} Status DB {database} Disk Utilization DB {database} Transaction Rate DB {database} Disk Reads/Writes DB {database} Page Reads/Writes DB {database} OutOfSpace Errors DB {database} Query Rate DB {database} Committed/Aborted Transactions Table {table} Space Utilization Table {table} Status Datafile {file} Reads Datafile {file} Writes Replication Status Listener Status SID Connections
Sun Solaris	System Interrupts Swap In/Out to Disk CPU Load
NET-SNMP (formerly UCD-SNMP)	Disk Space Utilization Physical Memory Utilization Swap/Virtual Memory Utilization CPU Load System Interrupts Swap In/Out to Disk Block I/O Sent/Received System Load Average