Manage NetVigil

The Manage menu in the NetVigil user interface allows creating and configuring of containers, devices, tests, actions, etc. using the web interface.

14.1 Managing Devices

The Manage Devices page displays all the department's devices and links to perform various administrative functions on the devices. Each row contains the device name and address, type of device, whether monitoring is currently active or suspended, a link for suspending or resuming monitoring, and the physical device location. Additionally, there are links for updating or deleting the device, and for managing the tests for the device.

To create a new device

Click on the MANAGE tab. You will be taken to the Manage Devices page.

Click on the Create A Device link

Select the type of device you are configuring via the drop down list (i.e. Linux or any other Unix server, WinNT/2K/XP server, managed switch/hub, IP router, Firewall Appliance, Load Balancer, Proxy Server, VPN concentrator, Wireless Access Point or Any Other).

Give your device a name in the Device Name box.

Type in the fully qualified host name or IP address of the device.

Optionally, add comments.

Use the Location dropdown list to assign the device to a DGE Location. (A DGE Location is a collection of DGEs, not necessarily in the same physical location, that are grouped for load-balancing purposes.) If this device will be monitored via WMI, select a DGE Location that contains WMI-enabled DGEs.

Optionally, select Smart Notification. Please see Section 8.2, "Smart Notification" on page 8-122 for more information.

Check all the boxes that apply for the test types you wish to discover on the device. Please note that not all tests are available on all devices. If you are not sure what tests are available on the device, please contact your administrator.

Optionally, for SNMP only: Select the SNMP version running on the device. If you are not sure what SNMP version is running on the device, please contact your administrator.

Optionally, for SNMP only: Enter the SNMP Community ID. If you are not sure of the SNMP Community ID on the device, please contact your administrator.

Click the Create Device button to begin the test discovery process.

To update a device:

Click on the MANAGE tab and you will be taken to the Manage Devices page.

Click on the Update link in the row for the device you wish to update and you will be taken to the Update Device page for that device. (This link will be visible only if you have read-write privileges and the device is not a read-only device)

Enter the desired changes. For example, if a device's IP address has changed, enter the new address. The properties that can be modified are: type of device (unix server, router, etc.), device name, device IP address (or fully qualified domain name), SNMP version, and community ID.

Click on the Update Device button at the bottom of the page.

The suspend/resume feature allows you to temporarily turn off all the tests for a device and turn them on again. This feature is useful if you are performing maintenance task on a device and do not want to receive alerts while the device is offline. Once a device is suspended, the polling and data collection for all the tests on the device is suspended and thus any associated actions to the tests will not generate notifications. The suspend/resume feature is available at both the device and the individual test level. Furthermore, when a device is suspended (e.g. for maintenance), this time is not included in the total downtime reports since it is considered a planned outage.

To suspend or resume a device:

Click MANAGE | devices.

On the Manage Devices page, find the device that you want to suspend or resume, and then click Update.

On the Update Device page, select Suspend/Resume This Device. (If the device is suspended, the option is Resume. Otherwise, the option is Suspend.)

Click Submit.

To delete a device:

WARNING: Deleting a device will remove all information about that device from the database, including all historical records. Deletions are not reversible. Suspending a device may be preferable because there is no loss of data.

Click MANAGE | devices.

On the Manage Devices page, find the device that you want to delete, and then click Update.

On the Update Device page, select Delete This Device (and associated tests).

Click Submit.

If you are sure that you want to delete the device, click Delete on the Delete Device confirmation page.

Auto-Update for Device Capacity Change

NetVigil provides a mechanism for refreshing maximum values or SNMP object identifiers (SNMP OID) when an SNMP test has changed. For example, when memory or disk capacity has changed, tests that return percentage-based values would be incorrect unless the max value (for determining 100%) is refreshed. Additionally, in some cases even replacing a device with similar hardware can cause the SNMP OIDs to change, thus creating a mismatch between the current SNMP OIDs and the ones which NetVigil discovered during initial provisioning.

If one of the previous situations occurs, the user need only repeat the test provisioning process in the web application for a changed device. NetVigil will discover whether any material changes on the device have occurred and highlight those changes on the Configure Tests page, giving the user the option to also change thresholds and/or actions that apply to the test.

14.2 Managing Standard Tests

14.2.1 Before You Provision Tests

Your User Group privileges determine whether or not you can create your own actions. Assigning actions to tests can be done in several ways, but all require that an action has already been created either by you or by your User Group administrator. Options include:

Assign your custom action to one or more tests during the test provisioning process.

Assign an admin-created default action to one or more tests during the test provisioning process. This option will appear as an action option in the drop down list on the Configure Tests page.

Update individual tests using a custom or default action after tests have been provisioned.

Mass update all tests on a device a custom or default action after tests have been provisioned.

14.2.2 Test Autodiscovery

For some monitors (test types), NetVigil can automatically discover which tests are supported by a given device. For example, if you add a new router to your network, NetVigil can discover which SNMP tests the router supports. You can then select which of the supported tests you want to run. Alternately, if you know exactly which tests you want, you can skip the autodiscovery process and provision those tests manually.

14.2.3 Grouping Tests by Subtype

One test configuration option, Group all SNMP tests with same type and sub-type together, only appears when you choose to auto-discover SNMP tests. The option gives the following advantages:

Compact, organized display of discovered tests (especially useful for large devices)

Mass configuration of thresholds and action profiles for similar tests

If the grouping option is not selected, every discovered SNMP test is listed individually, as shown in Figure 14.3. You can set a separate test interval, warning threshold, critical threshold, and action profile for each test.

If the grouping option is selected, discovered tests with the same subtype are grouped together. Figure 14.4 shows the results of autodiscovery of SNMP tests for the same device as the one shown in Figure 14.3. However, in this image, discovered tests are grouped by subtype. For example, the eth0 Util In and eth0 Util Out tests are grouped under the snmp/bandwidth (Interface Utilization) test subtype.

You can select/clear the checkbox near a subtype name (item A in Figure 14.4) to provision/not provision all tests within that subtype. To provision some, but not all, tests within a subtype, make sure that the subtype checkbox is selected. Then, from the list of tests within the subtype (item B in Figure 14.4), select only those that you want to provision.

The configuration parameters that you set (Interval, Thresholds, Action Profile) for a subtype are applied to all selected tests within the subtype. You can change the configuration for an individual test after it is provisioned.

This grouping feature is useful when you have many tests of the same subtype for a single device. For example, assume that you have a large switch with 100 ports, each of which supports Util In and Util Out interface utilization tests. If the grouping option is not selected, the list of discovered tests has 200 entries for these tests. If the grouping option is selected, the list of discovered tests is more compact, and instead of configuring and provisioning 200 tests, you can configure and provision a single subtype, snmp/bandwidth (Interface Utilization). The Interval, Thresholds, and Action Profile selected for the subtype are applied to all tests in the group. (You can change the configuration for individual tests after the tests are provisioned.)

NOTE: Internal settings in the TestType.xml file may sometimes override the Group all SNMP tests... option because of which some test subtypes may always be grouped, even if you do not select the grouping option.

To create standard tests:

Click MANAGE | devices.

In the Manage Devices window, find the device for which you want to provision tests.

If the device already has tests provisioned, click Tests and continue with Step 3.

If no tests are provisioned for the device, click Create Tests and continue with Step 4.

In the Manage Tests window click Create New Standard Tests.

In the Add Standard Tests window, from the Available test types list, select those categories that include tests that you want to provision for this device. Optionally, select Perform auto-discovery of supported (*) test types. NetVigil can perform autodiscovery for any test type marked with an asterisk (*).

Click Add Tests.

If one or more of the selected test types include multiple subtypes, you must refine your search by choosing the subtypes that you want to provision. (If you did not select any test type that contains multiple subtypes, continue with Step 9.) In the Create New Tests - Step 2 window, select the subtypes that you want to provision. For example, if you chose to provision ping tests, you can now choose to provision either or both of the subtypes: Packet Loss and Round Trip Time.

Optionally, select one or more of the following:

If one or more already provisioned tests are discovered, show a duplicate instance instead of ignoring them

If this option is cleared and NetVigil discovers a provisioned test of this subtype for this device (e.g., a Packet Loss test is already configured for this device), the test subtype does not appear in the list of tests that you can choose to provision.

If this option is selected and NetVigil discovers a provisioned test of this subtype for this device, the test subtype is listed and you can provision another test of the same subtype for the device.

If this option is not selected, but some of the configured parameters for the test do not match the re-discovered parameters (such as max, oid, etc.), then the test is displayed so that you have the option to update the values.

Group all SNMP tests with same type and sub-type together

Click Continue.

If you have chosen to autodiscover tests, please wait for the discovery process to complete. This may take a short time.

In the Create New Tests: Step 3 window, select those tests that you want to provision. (If you've chosen to group SNMP tests by subtype, select subtypes and, optionally, individual tests within subtypes.) For each test, enter the following:


Field	Used For
Test Name	A unique identifier for this test.
Interval	The frequency, in minutes, at which the test will run.
Thresholds/Units	If the test result passes the number of units specified by the Warning or Critical threshold, the test goes into Warning or Critical state, respectively.
Action Profile	The action (or series of actions) to be taken when the test enters specific states.

If you've chosen to group SNMP tests by subtype, these parameters are applied at the subtype level -- that is, to all selected tests within the subtype.

Click Provision Tests. The newly provisioned test(s) appear in the Manage Tests window.

To update an existing test:

Go to the Manage Tests page for the device being tested (see Figure 14.5).

Click on the Update link for the test you want to modify and you will be taken to the Update Test page.

Make the desired changes.

Click on the Update button to complete the changes.

To suspend or resume a test:

Note: When you resume a suspended test, the test is rescheduled to run on the monitor. If you visit the Test Summary page for the device that the test is on, you may see an unknown (question mark) icon in the status column. This indicates that the test has been rescheduled, but that its status is not yet known because it hasn't yet run. After the test runs, the unknown icon is replaced with the appropriate status icon.

Click MANAGE | devices.

On the Manage Devices page, find the device whose test(s) you want to suspend or resume, and then click Tests.

On the Manage Tests page, select the test(s) you want to suspend or resume in the Select column.

In the Apply the following updates to the tests selected above: area, select Suspend or Resume, as appropriate, from the Modify Test: list.

Click Submit to suspend or resume the test(s).

To delete a test:

Click MANAGE | devices.

On the Manage Devices page, find the device whose test(s) you want to delete, and then click Tests.

On the Manage Tests page, select the test(s) you want to delete in the Select column.

In the Apply the following updates to the tests selected above: area, select Delete from the Modify Test: list.

Click Submit to delete the test(s).

14.2.4 Configuring Test Schedules

You can configure a time schedule (hour and day of week) for runing a test, and assign this schedule to a test. By default, the test schedule is 24x7 (all the time).

To create a new test schedule:

Select MANAGE | other.

On the Manage Links page, click Manage Test Schedules.

On the Manage Schedules page, click Create a schedule.

On the Create Schedule page, enter a Schedule Name and, optionally, a Schedule Description. Then select the hours of the day on those days of the week on which you want this schedule to run. You can select or clear an entire row or column at a time by clicking the row or column header.

Click Create Schedule.

To schedule a test:

Click MANAGE | devices.

On the Manage Devices page, find the device whose test(s) you want to schedule, and then click Tests.

On the Manage Tests page, select the test(s) you want to schedule in the Select column.

In the Apply the following updates to the tests selected above: area, select the schedule that you want to apply from the Test Schedule list.

Click Submit to schedule the test(s).

14.3 Managing Advanced Tests

14.3.1 Monitoring Log Files for Patterns

You can configure NetVigil to watch text log files for specific patterns and raise alarms or take other action when a match is found. (Pattern matching is Perl 5 compliant.) This process has three steps, which are detailed in the paragraphs that follow:

Configure the DGE so that it recognizes the log file(s) to be scanned. This step must be performed by the NetVigil administrator as described in Section 3.6, "Monitoring Log Files" on page 3-42.

Create a list of regular expressions (patterns) to watch for

Create a Regular Expression test to take appropriate action when a match is found for a pattern in the list

Configure the DGE so that it recognizes the log file(s) to be scanned:

Create a list of regular expressions to watch for:

A single Regular Expression test can match multiple patterns. For example, if you wanted to watch for various security violations, you might name the regular expression list Security Violations and enter the following two patterns:

When you configured a test to monitor the Security Violations regular expression list, the test would take action when either pattern was matched. If the first pattern was matched, test status would be Warning. If the second pattern was matched, test status would be Critical.

Click MANAGE | Devices.

On the Manage Devices page click Tests (for any device).

On the Manage Tests page, click Create New Advanced Tests.

In the Regular Expression Test area of the Create Advanced Tests page, click Manage Message Regular Expressions.

On the Manage Message Regular Expressions page, click Create a Message Regular Expression.

On the Create Message Regular Expression page, enter a Name and Description for the list of regular expressions you want to watch for.

If you want an alarm to appear in the Alarms/Messages window when a regular expression is matched, select the Display in Message Window? option.

For each regular expression that you want to match, enter the following:

Message Regular Expression Fields
Field	Purpose
Regexp	The regular expression (pattern) that you want to match
Severity	If this regular expression is matched, what should test status be?
Reset in	Once test status is set, for how long should it stay in the new state?
Case Sensitive	If this is selected, the pattern match is case-sensitive. For example, Invalid Login is not flagged as a match for the pattern invalid login.

Click Create Regexp. The Manage Message Regular Expressions page displays the newly-added expression list.

Create a Regular Expression test to take appropriate action when a match is found

Now that you have configured the DGE to scan the necessary file and created a list of patterns to scan for, you can create a Regular Expression Test.

Click MANAGE | Devices.

On the Manage Devices page, find the device for which you want to create a test and click Tests.

On the Manage Tests page, click Create New Advanced Tests.

On the Create Advanced Tests page, select the Regular Expression Test option, fill in the test name, and then fill in the following:

Regular Expression Test Fields
Field	Purpose
Message Regular Expression	The name of the regular expression to be matched. (For information on creating a regular expression, see "Create a list of regular expressions to watch for:" on page 192.)
Action	The action to be taken if a match is found.
Display Category	The column on the Status Summary page under which this test's status is displayed.
Extract Message	The message to be parsed from the matched pattern. This tells NetVigil which part of the received trap or log entry is the actual message, so that it can be stored in the database (and, optionally, displayed). This field is not case sensitive.
Extract Device Name	The device name to be parsed from the matched pattern. This tells NetVigil which provisioned device the message belongs to. If the device name cannot be extracted from the message, or if it cannot be matched with the name of a provisioned device, the received message is silently discarded.
Device Aliases	If messages may use multiple names to refer to the same device, list alternate names here.

Click Provision Tests.

14.3.2 Processing SNMP Traps

SNMP traps that are received by NetVigil are treated like log files or text messages and processed by the Input Stream Monitor (ISM). In order to take actions against a trap, you must create a list of regular expressions and then create a test to trigger an action when a regular expression from the list is matched.

NetVigil only accepts and processes SNMP traps from devices it knows about. If a trap is received from a device that is not in the provisioning database, the trap is silently ignored. If you want to monitor SNMP traps from a certain device, and not perform any proactive monitoring, simply add the device in NetVigil without creating any tests (e.g. ping, snmp, etc.).

This process has three steps similar to the processing of log files described above. These steps are:

Configure the DGE so that it accepts incoming traps. This step must be performed by the NetVigil administrator.

Create a list of regular expressions (patterns) to watch for

Create a Regular Expression test to take appropriate action when a match is found for a pattern in the list

Configure the DGE so that it processes incoming traps:

This requires editing NETVIGIL_HOME/etc/dge.xml on the DGE and must be performed by the NetVigil administrator.

Create a list of regular expressions to watch for:

If DNS resolution is disabled, or DNS resolution failed, host_name will be the IP address. A regular expression pattern like TRAP:\s+\d+\s+(\S+)\s+(.*) would match all traps. For example, if you have a Cisco router that you wish to watch for link up/down traps via CISCO-SYSLOG-MIB, you would create the following regular expression list:

If DNS resolution is disabled, you will need to add the IP address (may be different from IP address of router as configured in NetVigil if "source interface" for SNMP traps is different) in the list of device aliases. When Serial0/0 loses link, a trap is received, and the following message is displayed in the message window with warning severity:

Sample ISM Regular expressions for Cisco MIBs
Pattern	Severity
`TRAP:\s+\d+\s+(\S+)\s+.\.4\.1\.9\.9\.41\.1\.2\.3\.1\.5[\.\d]+\s+=\s+\"(Interface.down)\`	WARNING
`TRAP:\s+\d+\s+(\S+)\s+.\.4\.1\.9\.9\.41\.1\.2\.3\.1\.5[\.\d]+\s+=\s+\"(Interface.up)\`	OK

Create a Regular Expression test to take appropriate action when a match is found

Lastly, you need to create a Regular Expression Test to trigger an action when a regular expression match is found. This procedure is similar to the one described above for Log File Monitoring.

As an example, if you wish to receive notification via E-mail when a particular trap is matched, you can assign an action profile with an E-mail notification to the pattern match test. A sample E-mail may look like this:


`This message has been generated by NetVigil for the following monitored object:` `Department Name : Network_Operations` `Device Name : router01.fidelia.com` `Device Address : 192.168.1.254` `Log File Monitor has detected a match against following regular expression:` `TRAP:\s+\d+\s+(\S+)\s+(.*)` `Matched log file entry:` `(.1.3.6.1.4.1.9.9.41.2) .1.3.6.1.4.1.9.9.41.1.2.3.1.5.106 = "Interface Serial0/0, changed state to down"`

Note that E-mail notification for SNMP trap/pattern match are bound by the parameters of the action profile. If the E-mail action has don't repeat it set for repeat frequency, then only the first match would be E-mailed. For trap specific action profile, the repeat frequency should be every test.

14.3.3 URL Transaction Tests

You can create a URL transaction test in NetVigil which can connect to a web site, fill in a form, click on various hyperlinks, etc. so as to simulate a real user. This is a very powerful feature in NetVigil which allows testing the response time and errors in most web enabled applications.

The system is fairly intuitive with context sensitive help and has a mini-browser that displays the various stages of the URL transaction. You can then save and even export/import this transaction for other sites.

14.3.4 Advanced SNMP Tests

NetVigil automatically detects standard MIBs and their tests. To run a test that is part of a vendor-specific MIB, you can create an Advanced SNMP Test containing the OID of the vendor-specific test.

To create an Advanced SNMP test:

Click MANAGE | Devices.

On the Manage Devices page, find the device for which you want to create a test and click Tests.

On the Manage Tests page, click Create New Advanced Tests.

On the Create Advanced Tests page, select the Advanced SNMP Test option. Fill in the test name, test Interval, warning and critical Thresholds, and, if desired, an Action Profile. Then fill in the following:

Advanced SNMP Test Fields
Field	Purpose
SNMP Object ID	The OID of the vendor-specific test that you want NetVigil to poll.
Result Multiplier	A number by which each test result is multiplied. If a test returns a number of bytes, for example, you can use a Result Multiplier of 8 to convert the result to bits.
Maximum Value	Maximum possible return value for this test. You can generally ignore this unless you are using the test result to calculate a percentage of a whole. In that case, enter the value of the whole in this field. For example, if a test returns the number of MB available on a disk and you want to calculate the percentage of the disk's storage space that is available, enter the disk's total storage space in this field.
Post Processing Directive	The computation applied to the test result after it has been multiplied by the Result Multiplier. Options include: `Delta` = current polled value - last polled value (e.g., 3 MB of disk space used since last poll) `Rate` = Delta / time between polls (e.g., rate of disk usage is 3 MB in 5 minutes) `Delta Percent` = (current polled value - last polled value) / Maximum Value (e.g., the difference between the current value and the last value represents 2% of total disk space) `Reverse Percent` = the difference between 100% and the percentage represented by the last polled value (e.g., last polled value for a disk usage test represents 20% of total disk space, so the reverse percent is 80%, which is the amount of free space) `Rate Percent` = percentage change since the last poll (e.g., rate of change measured as a percentage of the whole is 2% of total disk space in 5 minutes) `Percent` = current polled value / Maximum Value (e.g., current polled value represents 20% of total disk space) `None` = polled value is not processed in any way
Test Units	The units in which test results are displayed.
As test value rises, severity:	Specify the relationship between test value and severity. Options include: `Ascends`: As the value of the test result rises, severity rises. `Descends`: As the value of the test result rises, severity falls. `Auto`: If you select this option, NetVigil sets this option based on the Warning and Critical thresholds for this test. If the Critical threshold is higher, as test value rises, severity ascends. If the Warning threshold is higher, as test value rises, severity descends.

Click Provision Tests.

14.3.5 Advanced Port Tests

Advanced Port Tests allow you to send a text string to a TCP port, then check the response against an expected string (the return string does not have to be a perfect match, only a substring match).

To create an Advanced Port test:

Click MANAGE | Devices.

On the Manage Devices page, find the device for which you want to create a test and click Tests.

On the Manage Tests page, click Create New Advanced Tests.

On the Create Advanced Tests page, select the Advanced Port Test option. Fill in the test name, test Interval, warning and critical Thresholds, and, if desired, an Action Profile. Then fill in the following:

Advanced Port Test Fields
Field	Purpose
Send String	The string to be sent to the remote TCP port.
Expect String	The string against which the remote port's response is checked. The Action Profile is activated when the response is a substring match for the Expect String.
Port	The TCP port on this device to which the DGE will send the Send String.

Click Provision Tests.

14.3.6 External Tests

An External Test is one that is run outside of NetVigil (by a standalone script, for example). The test result is inserted into NetVigil via the External Data Feed (EDF) and aggregated as though NetVigil had collected it. Although the test itself is not run by NetVigil, by creating an External Test, you determine how test results will be processed after they are received via EDF.

To create an External test:

Click MANAGE | Devices.

On the Manage Devices page, find the device for which you want to create a test and click Tests.

On the Manage Tests page, click Create New Advanced Tests.

On the Create Advanced Tests page, select the External Test option. Fill in the test name, test Interval, warning and critical Thresholds, and, if desired, an Action Profile. Then fill in the following:

External Test Fields
Field	Purpose
Test Units	The units in which test results are displayed.
Maximum Value	Maximum possible return value for this test. You can generally ignore this unless you are using the test result to calculate a percentage of a whole. In that case, enter the value of the whole in this field. For example, if a test returns the number of MB available on a disk and you want to calculate the percentage of the disk's storage space that is available, enter the disk's total storage space in this field.
Result Multiplier	A number by which the test result is multiplied. If a test returns a number of bytes, for example, you can use a Result Multiplier of 8 to convert the result to bits.
Post Processing Directive	The computation applied to the test result after it has been multiplied by the Result Multiplier. Options include: `Delta` = current polled value - last polled value (e.g., 3 MB of disk space used since last poll) `Rate` = Delta / time between polls (e.g., rate of disk usage is 3 MB in 5 minutes) `Delta Percent` = (current polled value - last polled value) / Maximum Value (e.g., the difference between the current value and the last value represents 2% of total disk space) `Reverse Percent` = the difference between 100% and the percentage represented by the last polled value (e.g., last polled value for a disk usage test represents 20% of total disk space, so the reverse percent is 80%, which is the amount of free space) `Rate Percent` = percentage change since the last poll (e.g., rate of change measured as a percentage of the whole is 2% of total disk space in 5 minutes) `Percent` = current polled value / Maximum Value (e.g., current polled value represents 20% of total disk space) `None` = polled value is not processed in any way
As test value rises, severity:	Specify the relationship between test value and severity. Options include: `Ascends`: As the value of the test result rises, severity rises. `Descends`: As the value of the test result rises, severity falls. `Auto`: If you select this option, NetVigil sets this option based on the Warning and Critical thresholds for this test. If the Critical threshold is higher, as test value rises, severity ascends. If the Warning threshold is higher, as test value rises, severity descends.

Click Provision Tests.

14.4 Suppressing Tests

When you suppress a test, it continues to run at the specified interval and trigger events, notifications, etc., but its status does not affect the overall status of any associated device, Service Container, or Department. When the status of the test changes (e.g., from WARNING to CRITICAL or from CRITICAL to OK), the test is automatically unsuppressed and NetVigil agains takes the test's status into account for determining device, Service Container, and Department status.

In the default sort order of the Device Details and All Tests Summary pages, suppressed tests appear at the bottom of the list with a single arrow to the left of the status icon. (For additional information, see "To see which tests are suppressed:" on page 205.)

IMPORTANT: A suppressed test continues to run, but its status does not affect the overall status of related objects. A suspended test stops running and does not trigger events, notifications, etc. until it is resumed.

For example, assume that a device has two network tests configured. When both tests have status OK, the overall status of the device in the Network column of the Device Summary Page is OK. If one of these tests goes into WARNING state, the overall status of the device in the Network column of the Device Summary Page changes to WARNING. However, if you suppress the test that is in WARNING state, the status of the remaining tests determines device status. In this case, there is only one other test, with status OK, so the overall device Network status is OK.

If the suppressed test returns to status OK, it is no longer suppressed. The next time its status becomes WARNING, overall device status will also become WARNING, unless you suppress the test once again.

To suppress a test:

Click MANAGE | devices.

On the Manage Devices page, find the device for which you want to suppress a test, and click Tests.

On the Manage Tests page, find the test(s) that you want to suppress, and select their checkboxes in the Select column.

At the bottom of the Manage Tests page, in the Apply the following updates to the tests selected above area, select Suppress from the Modify Tests list, and then click Submit.

The suppressed tests at the bottom of the list on the All Tests Summary and Device Test Summary pages, and are marked by a single arrow to the left of the Status icon.

To unsuppress a test:

Click STATUS | Tests. By default, suppressed tests appear at the bottom of the All Tests Summary page, with a single arrow to the left of the Status icon.

On the All Tests Summary page, select a suppressed test and click the corresponding Modify

icon.

On the Update Test page, in the Update Test Parameters area, clear the Suppress checkbox, and then click Submit. On the All Tests Summary page, the test returns to its normal position in the list and no longer has a single arrow to the left of the Status icon.

To see which tests are suppressed:

Click STATUS | Tests. By default, suppressed tests appear at the bottom of the All Tests Summary page, with a single arrow to the left of the Status icon.

14.5 Smart Thresholds Using Baselining

Baselining is a process by which NetVigil can automatically set the Warning and Critical thresholds for each test based on the test's historical data. This allows one to set customized thresholds automatically based on each tests's individual behavior.

As an example, the response time for a local device is normally much smaller than the response time for a device in a remote datacenter because of network latency. Rather than setting the response time Warning threshold for all devices to be the same, you can use baselining to calculate the 95th percentile of the response time reported for each device over a three-month period, and then set the Warning threshold to be 10% higher than this 95th percentile value.

The Baseline Data Set

The baseline value is calculated for each test based on its own historical data. You select the devices and tests for which you want to run baselining by specifying a combination of device name, test name and test type.

Each time NetVigil aggregates a test result, it stores three values: The minimum, maximum, and mean values of the tested variable over the course of the aggregation period. For example, if NetVigil is configured to store data for 1 day at 10 minute samples, and a test is set up to run every 10 minutes, in the course of a day it generates 144 test results. Each test result includes the maximum, minimum, and mean values of the tested quantity for the 10 minute period. You can generate a baseline from the maximum, minimum, or mean samples within the specified date range.

Managing Baselines

Baseline Management fields
Field	Purpose
Device Name/RegExp	The name of a device whose tests are to be baselined, or a regular expression containing `*' wildcards to match multiple device names.
TestName/RegExp	The name of an individual test to be baselined, or a regular expression containing `*' wildcards to match multiple test names.
Test Type/Subtype	The Monitor and Subtype of the test(s) to be baselined. e.g. port/http, snmp/chassis_temp
Start Date, End Date	The start and end date of the test results to be used in calculating the baseline. Note: Each selected test must have test results available for the full date range.
Taking values of	The value from each test result (`maximum`, `minimium`, or `mean`) that is used to calculate the baseline. See "The Baseline Data Set" on page 205 for more information.
And using the	The method (`average` or `95th percentile`) used to calculate the baseline from the maximum, minimum, or mean test results. `average` is the mean of the test results (sum of test results / number of test results).
Warning Threshold	A percentage `above` or `below` the calculated baseline. Select `above` if the test result gets worse as it gets higher. Select `below` if the test result gets worse as it gets lower. When the test result crosses this threshold, test status is set to Warning.
Critical Threshold	A percentage `above` or `below` the calculated baseline. Select `above` if the test result gets worse as it gets higher. Select `below` if the test result gets worse as it gets lower. When the test result crosses this threshold, test status is set to Critical.

To create a baseline and set thresholds for one or more tests:

Select the MANAGE tab.

On the Manage Devices page, click Test Baseline Management.

Specify the Device(s), Test Name(s), and Test Type/Subtype of the tests you want to baseline.

Enter the date range of the test results to be used in calculating the baseline.

Near Taking values of:, specify whether you want the baseline to be calculated from the maximum, minimum, or mean values of the test results (see "The Baseline Data Set" on page 205 for more information).

Near And using the:, select a method for calculating the baseline from the selected results.

Correlate the Warning and Critical Thresholds to the baseline. For each threshold, enter a percentage above or below the baseline, and then click Submit.

The system calculates the baselines- this step might take some time depending on the amount of data to be processed.

Once the baselines are calculated, the Test Baseline Management window is displayed which lists each test that matches your search criteria along with the current thresholds (in the Old Warn/Crit column) and the new values that have been calculated from the baseline (in the New Warn/Crit column). At this point, thresholds have not yet changed. Select those tests whose thresholds you want to change, and then click Done.

Note If you access the Test Baseline Management page from either the Manage Tests page or the Update Test page, some of the Baseline Management information is filled in.

14.6 Managing Service Containers

Service containers allow you to group tests and devices to create logical, business-oriented views of your network in addition to your hardware-oriented views. An Administrator can create a service container that includes tests and/or devices from multiple Departments (e.g., any Departments associated with a User-Class that the Administrator controls).

You can generate reports on service containers, get uptime, and get real-time status if any of the underlying components fail or cross any threshold.

NOTE Service Container is a generic term, and can refer to either a Test Container (Virtual Device) or a Device Container (see below).

NOTE Updating or deleting a Service Container has no impact on devices or tests. If you delete a Test Container, for example, the tests included in the Test Container still exist in NetVigil.

Test Containers (or Virtual Devices) contain tests only. A real NetVigil device has a collection of tests associated with it. A Virtual Device is a collection of tests that are logically related, but not associated with the same physical device. For example, you can create a Virtual Device that includes ping tests for all devices on your network. This allows you to see at a glance which devices are unreachable without looking at test results for individual devices.

Device Containers can include both real devices and Virtual Devices (described above). They can also include other Device Containers, creating a nested hierarchy. For example, you can create a Device Container called Payroll that comprises the web server, router, and backend database used by the Payroll division. This allows you to quickly spot and troubleshoot problems that affect the Payroll group's ability to provide service.

Figure 14.6 illustrates a Device Container that encompasses real devices, a Service Container, and a nested Device Container.

Device Tags

In addition to standard device properties (device name, model, etc.) NetVigil provides five customizable tags, which you can define to meet your needs. You can use these tags to create rules for populating Device Containers, as described in "Rule-Based Device Containers" on page 210.

IMPORTANT: By default, tags are labeled on the Create Device page as Custom Attribute 1, Custom Attribute 2, etc. If you use tags to create rule-based containers, we strongly recommend that you (or your NetVigil Administrator) replace the defaults with meaningful labels (e.g., State, City, etc.) as described in Section 3.4.14, "Customizing Device Tag Labels" on page 3-34. Otherwise, users may confuse the different tags, which can cause devices to be incorrectly added to or omitted from Device Containers.

Rule-Based Device Containers

When you create a Device Container, you can populate it in one of the following ways:

Manually select the real devices, Device Containers, and/or Virtual Devices that belong to the new Device Container.

Create one or more rules. All real devices that match the rule(s) will automatically be added to the Device Container. Rule-based containers cannot contain Virtual Devices or Device Containers.

Rules work through Perl 5 regular expression matching and have the following form:

Where device_property can be device name, device type, device model, vendor name, or a tag (see "Device Tags" on page 209 for additional information).

When a rule-based container is created, existing devices whose properties match the rule(s) are automatically added to the container. When a new device is added to NetVigil, its properties are checked and it is assigned to all rule-based containers whose rules it matches.

A NetVigil administrator wants to create Device Containers for devices in specific locations. She also wants to create Device Containers for devices belonging to specific corporate groups. She defines tags as follows:

Custom Attribute 1: State

Custom Attribute 2: City

Custom Attribute 3: Branch Office

Custom Attribute 4: Corporate Dept.

When a user creates a device, they fill in the state, city, branch office, and corporate department properties. NetVigil then assigns the newly-created device to all of the containers whose rules it matches.

Container Name	Rules
NJ_branch_01_device_cont	State is like: NJ City is like: Princeton Branch Office is like: Pr*
NJ_branch_02_device_cont	State is like: NJ City is like: Trenton Branch Office is like: Tr*
Payroll_device_cont	Corporate Dept. is like: PAYROLL
Manuf_device_cont	Corporate Dept. is like: MANUFACTURING

To create a Test Container (Virtual Device):

Select MANAGE | containers.

On the Manage Service Containers page click Create a Service Container.

On the Create a Service Container page, enter the Service Container Name.

For the Container Will Include option, select Tests (Virtual Device).

Populate the container by selecting devices in the Available column and clicking the right arrow to transfer them to the Currently Used column. DO NOT select containers (those names that are prefaced with a # sign). If you select containers when creating a Virtual Device, the selection is silently ignored by NetVigil.

When you have selected all of the devices whose tests you want to include in this Virtual Device, click Create Container.

On the Create a Virtual Device (Test Container) page, select those tests that you want to include in the Virtual Device. For each real device that you selected, you can include all current and future tests, or you can specify only the selected tests. If you specify only the selected tests, select the desired tests from the scroll list provided.

Click Submit to create the Virtual Device.

To delete a Test Container

Select MANAGE | containers

Click on the Delete link for the container

Note that the component tests are not deleted since they still belong to real-devices, but the `test container' is deleted.

To create a Device Container:

Select MANAGE | containers.

On the Manage Service Containers page click Create a Service Container.

On the Create a Service Container page, enter the Service Container Name.

For the Container Will Include option, select Devices and Containers.

Choose the method by which you want to assign devices to the container. In the For Device Containers, Assign Devices: field, select one of the following:

Manually By Selecting Items From List Below

If you choose this option, you can manually add real devices, Virtual Devices, and nested Device Containers. Continue with Step 6.

Automatically Based on Specified Rule

If you choose this option, NetVigil automatically assigns all real devices that match the rules to this Device Container. Continue with Step 7.

To manually populate the container, select real devices, Virtual Devices, and/or Device Containers in the Available column and click the right arrow to transfer them to the Currently Used column. (The names of Virtual Devices and Device Containers are preceded by a # sign.) Continue with Step 8.

To create rules, enter a regular expression for pattern matching in one or more of the Property is like: fields. For example, if all devices belonging to the Finance group have device names starting with "Fin_", you can create a rule to match all devices where Device Name is like: Fin_*.

When you have either selected all of the devices and containers that you want to include, or created a rule for including real devices, click Create Container to create the Device Container.

Once the container is created, it is displayed in the Manage > Containers web page:

To delete a Device Container

You cannot delete a device container until it is empty. So, in a nested container hierarchy such as X->Y->Z, you must delete or move Z before you can delete Y.

Go to MANAGE -> Containers

Click on the Update link for container Y (to remove the nested container Z)

Move Z out of the right side "include" box and hit Submit

Delete the now empty container Y by clicking on the Delete link for Y

14.7 Managing Action Profiles

NetVigil supports actions in the form of alphanumeric paging, E-mail, Compact E-Mail, SNMP Trap or executing an external script. Typically, actions are some form of notification that a test result has crossed a defined threshold into OK, WARNING, CRITICAL or UNKNOWN status. An Action Profile is a list of up to five actions, allowing the user to define multiple notification recipients and specific notification rules for each recipient.

There are many types of built in notification and action mechanisms in NetVigil:

This is the simplest notification- it sends an email to the specified email address using the mail gateways specified by the NetVigil administrator.

To send a pager using a directly attached modem, select Alphanumeric Pager from the Notify Using list. Then, specify a Message Recipient in the format PIN@PC, where PIN is the recipient's Personal Identification Number (usually the pager number) and PC is a `paging central' location defined by your NetVigil Administrator for the DGE that will generate the notification. See "To create an action profile:" on page 218 for detailed instructions.

For example, assume that an Administrator has set up a `paging central' location called nextel that is used when NetVigil sends pages to Nextel customers. A typical pager message recipient might be 7325551212@nextel.

RT or Remedy Ticketing System

(This feature might require purchasing a license from Fidelia). You can directly open a trouble ticket in RT or Remedy, and have a URL to this ticket displayed in the Status page.

Run External Scripts

NetVigil's plugin architecture allows you to create any number of additional "plugins" that will be displayed in the drop down list. See Chapter 21, "Plugin Actions"for more details.

Action Profiles can be created by either end-users or an Administrator to notify up to five separate recipients when a test status changes, or when a test status has been in a particular state for a predetermined number of test cycles. In the above example, the action has been configured with three separate sub-actions in a typical escalation scenario. When the Ping RTT test on the NT Server reaches a WARNING status, the NOC Administrator receives an E-mail notification of the problem. If the test crosses the upper threshold to CRITICAL status, the NOC Manager is notified. Once the test has remained in CRITICAL status for three (3) test cycles, the senior management is notified.

To create an action profile:

Click on the MANAGE tab on main navigation bar.

Click on the ACTIONS tab on the secondary navigation bar. You will be taken to the Manage Action Profiles page.

Click on the Create An Action Profile link in the information window and you will be taken to the Create Action Profile page.

Enter a unique action name (required) and a description (recommended).

For each sub-action (maximum of 5), choose the type of notification in the Notify Using drop down list (i.e. E-mail or instant messenger provider) and the message recipient's address. This is usually yourself or someone else who is responsible for monitoring your system's performance. You can enter multiple message recipients, separated by commas (e.g., jdoe@acme.com, fcheng@acme.com).

Check the box for each instruction you want followed ("Trigger on Warning" and "Trigger on Critical" are checked by default).

If desired, check either the box to delay initial notification and/or the box to identify a repeat interval, and the number of applicable test cycles for each.

Repeat steps 4. - 7. as desired. If you are notifying the same person via different actions, remember to avoid overlapping logic between the sub-actions, otherwise the recipient may receive duplicate notifications for a single test event.

Click on the Create Action Profile button to create the new action.

To update an action profile:

Click on the MANAGE tab on main navigation bar.

Click on the ACTIONS tab on the secondary navigation bar and you will be taken to the Manage Actions page.

Click on the Update link in the row for the action you wish to update. You will be taken to the Update Action page for that action.

Make the desired changes to any one of the sub-actions.

If you have not already configured five (5) sub-actions, you may add more by filling in the fields as described above in "To create an action profile:" on page 218.

You can also delete sub-actions by checking the box marked Delete this Action next to the unwanted sub-action.

Click on the Update Action Profile button at the bottom of the page to save your changes.

To assign an action profile to multiple devices or tests:

Click on the MANAGE tab on main navigation bar.

Click on the ACTIONS tab on the secondary navigation bar and you will be taken to the Manage Actions page.

Click on the Select Devices for Action link in the row for the action you wish to assign. You will be taken to the Assign Actions page.

For each device in the list, checking the ALL TESTS checkbox will assign the action to all the tests on the selected device(s).

For each device in the list, checking the SELECT TESTS checkbox will display another window for you to individually select the test(s) to which you want the action assigned.

Click on the Assign Action button at the bottom of the page to save your changes.

To permanently delete an action profile:

Click on the MANAGE tab on main navigation bar.

Click on the ACTIONS tab on the secondary navigation bar and you will be taken to the Manage Actions page.

Click on the Delete link for the action you wish to delete and you will be taken to a confirmation screen.

Click on the Delete button to confirm the deletion or Cancel to return to the Manage Actions page.

14.8 Managing Account Preferences

To update your personal information, preferences, and/or password:

Click on the MANAGE tab on the main navigation bar.

Click on the prefs tab on the secondary navigation bar and you will be taken to the Update User page.

Enter any changes desired. Modifiable fields include: E-mail, day phone, evening phone, mobile phone, pager, timezone, and password. Please contact your administrator if you wish to modify your contact address.

In the Preferences section, select the checkboxes for all the device states you wish to view on the summary pages, leaving blank all those you wish to filter out by default.

Change the number of devices to view on each page in the Maximum To Display field.

Click the Update User button to save your changes.

These changes will become part of your user profile and will serve as defaults each time you log in to NetVigil.