 |
Statseeker Version 3.x Documentation
1. Release NotesRelease Notes 2. Hardware Requirements
3. Operating System
4. Supported Web Browsers
5. New Installation Procedure
6. Upgrade Statseeker Software
|
- Download and burn the appropriate "os" CD image. Download available from: Release Notes
- Use the Backup/Restore utility in ssadmin to perform a backup of the server.
- Perform a clean installation using the latest Statseeker Installation CDROM.
- Use the Backup/Restore utility in ssadmin to perform a restore of the server. The server will reboot after a successful restore.
8. Getting Started with the Network Infrastructure Monitor
The Network Infrastructure Monitor (NIM) console is the nerve center of the Statseeker product set. From this console you can access the Administration Tool, can login as another User, can access all the reports that you have been given rights to and get access to the many filters that can be applied to the reports.
Notes and Tips:
- To run a report from the Report List simply click on the report
- Some reports may require a Time Filter or General Filter to be selected before the report is run
- To view a list of reports that require a Time Filter or Device Filter, mouse over the down arrow on the right of the Time Filter or General Filter headings on the NIM console
- It is recommended that users select either a Device OR Group Filter prior to running a report to reduce the amount of data to be viewed. Users cannot select a Device AND Group Filter
- To create a new Group Filter see Entity / Group Assignments (EGA)
- Users can select multiple Devices OR multiple Groups
- Click on the Reset button at the bottom right corner of the NIM Console to reset / clear filters
- Click on "Sort Arrows" under each column heading to sort the report by that column type
- For your convenience most reports include a "Last N" drop down time filter which is centrally located above the report column headings
- Most reports have drill down features. Mouse over the rows, columns, and images of each report to familiarise yourself with the drill down fields of each report
The NIM console consists of seven easy to use sections:
8.1 Report List
The report list in Statseeker has been grouped logically into infrastructure types, technology types and vendor specific reports. Within these groups there are seven types of reports used by Statseeker in version 3. The report types are:
- Top N Graphs - (including Top Delay Graphs, Top Utilization Graphs, Top CPU Load Graphs etc)
- Statistics Reports - (including Interface Statistics Report, SNMP Poller Statistics etc)
- Event Reports - (including Syslog, SNMP Traps, Interface Events etc)
- Reporting Tool - (applicable to each report group)
- List views - (including MAC/IP/Switch Port report and Printer statistics)
- Configuration Reports - (Interface Details and Device Details reports)
- Vendor or Technology Specific reports - (including Cisco CPU Load, IPSLA, NBAR, UPS etc)
Top N Graphs:
- Top graphs rank all data in the filter selection showing the top 20 values over the last 6 hours.
- The graph is read left to right and top to bottom.
- Scaling is set to either 100% or will autoscale to the highest value on any of the top 20 entries. This scaling is then applied to all other entities in the report to allow comparison against the first / 'busiest' entity.
- For additional detail click on the graph to drill down to the detailed performance across additional timezones and time filter selections.
Statistics Reports:
- Statistics reports provide additional information against preset time periods. Statistics reports differ from the Top graphs in that they show more than just one data type - for example:
The Top Utilization Graph shows utilization over time,
whereas:
The Interface Statistics report shows Rx and Tx Utilization, bytes, bps, errors, discards, packets, % packets in error, % packets discarded etc.- The default setting for the Statistics Reports is the top 100 results. This length is controlled by the Top N Filter on the NIM Console.
- The reports are pre-calculated for the last 5 minutes, 1 hour, 24 hours and on some reports the last 90 days.
Event Reports:
- Event reports record entries as they occur.
- Since Events are not time series data they are stored with both the event and the time it occurred.
- Events can have notes added to them by selecting the Function column. Examples of NIM Events include ping_state_down, ping_state_up.
- SNMP Traps and syslog are also considered events and have their own reports.
- Event reports require that the Time Filter options on the NIM Console be set before running the report.
Reporting Tool:
- The reporting tool is used for advanced analysis (refer to The Reporting tool and Advanced Report Building for more information).
- Each report group has a reporting tool option.
- The reporting tool consists of an entity filter, a time filter and general output options.
- Selections must be made in each of these for the reports to generate successfully.
- Users can change the look and feel of a generated graph by changing the General or Graphing Options.
List Views:
- List views present data in a list format. Examples of this include the MAC/IP/Switch Port report, Syslog, and printer statistics.
- Users can reduce the viewed syslog messages by using the Text Filter on the NIM Console to search for specific syslog messages, OR use the Time Filter on the NIM Console to search through time ranges for messages.
Configuration Reports:
- The Interface Details and Device Details reports provide the ability to edit the configuration on the following fields:
- Interface Details Report - Interface Title, Tx and Rx Speeds, Oper Status and Polling Status.
- Device Details Report - Device Name, IP Address, Ping Status, SNMP Polling Status, Community String.
- Users can lock configuration changes so subsequent rewalks do not override settings.
Vendor/Technology Specific reports:
- There are a number of vendor specific or technology specific reports. For example - Reports List - Cisco Reports - IPSLA, Process Table and NBAR reports are all specific to Cisco devices.
- Vendor devices will continue to be added to the product.
8.2 Group Filter
Go to: Entity / Group Assignments (EGA)
8.3 Device Filter
The Device Filter displays the list of devices that your User profile has you access to. Reports can be filtered down to single or multiple devices through this filter.
8.4 Time Filter
Go to: Time Filter
8.5 General Filters
Go to: General Filters - Network Infrastructure Monitor
8.6 Administration Tool
Go to: Administration Tool
8.7 Change User
Click on the Change User button to log out as the current user and log in as a different user.
See: User Accounts
8.8 Edit User
Enables user to change their Email address, Password and default Time Zone.
9. User Accounts
9.1 Statseeker System User Accounts
There are three main Statseeker System User Accounts:
- admin - The "admin" web administrator account is the only account that can perform configuration changes. All other web users run as non-privileged users. The admin user has access to all groups and entities
- statseeker - The "statseeker" user is used by the Statseeker application
- root - The "root" superuser is used to run start / stop scripts and processes which need access to privileged files / network ports
9.2 How to Add / Edit a User
To add a new User or edit the details of an existing User:
Administration Tool -> General -> Add User
- Type the User name into the text box and select "Add"
- Enter an email address and password and select "Save User"
- The web server will automatically restart to make the User available.
Administration Tool -> General -> Edit User
- Select a User and select "Edit"
- Change relevant details and press "Save user"
- The web server will automatically restart to make the User's details.
10. Entity / Group Assignments (EGA)
10.1 Entity / Group concepts
Entity / Group Assignments (EGA) is used to:
- group entities into useful groups for reporting
- control who gets to see what within the product
- create user profiles based on role, geographical location, department etc or combinations of all
For example, by using the EGA it is possible to create one user group for the helpdesk team that only sees a specific list of reports, on certain devices, and with specific time filters. It is also possible to create another EGA for the server team that limited only to servers, with server specific reports etc ...
10.2 What is a Group ?
A "group" is simply a list of names. It is best to use descriptive group names.
For example:
- Report: Helpdesk
- Report: Network Guys
- Report: Managers
- ...
- Device: Core Routers
- Device: Core Switches
- Device: UPS
- ...
- Interface: 10G Ethernet
- Interface: Frame Relay
- Interface: Serial
- ...
- Vendor: 3Com
- Vendor: Cisco
- Vendor: Nortel
- ...
- Country: Australia
- Country: United Kingdom
- ...
Each group name is assigned an internal unique identifier. This identifier never changes. You can rename the group without effecting the assigned EGA permissions. There is a special group called "All Groups". If a user belongs to the "All Groups" group, then they have unrestricted access to that entity.
10.3 What is an Entity ?
An entity is a:
- report
- time filter
- device
- port
An entity can belong to zero, one or multiple groups. For convenience, the EGA configuration GUIs allow the administrator to assign "an entity to list of groups" or "a group to a list of entities". A user only has access to an entity if they belong to the same group as that entity.
10.4 Parent / Child Relationships
Some EGA types have a parent/child relationship. Having access to a parent automatically allows access to all its children. But, having access to a child does NOT allow access to its parent. Currently, only device and port EGA types are setup this way. For example, if you have access to a device, all port/interface statistics can be accessed. But if you have access to a port and not the device, then you can see the statistics for that particular interface, but not for the device or any other interface on that device. This allows an administrator to specify precisely what reports, devices and interfaces a user can access.
10.5 Understanding Intersects
EGA is implemented as "intersects", as per the diagram below. In this example, 'Fred' has access to 'Core-router' because they both belong to 'Group D'.
10.6 How to Add a Group
Administration Tool -> General -> Add / Edit Groups
- Type the Group name into the text box and select Add
10.7 How to Assign Entities to a Group
- Administration Tool -> Group Assignments -> Users to a Group
- Select a Group name and a list of Users will appear in the right window
- Select the Users you wish to assign to the Group
- Click on arrows to move the Users into the "Include" area
- Administration Tool -> Group Assignments -> Reports to a Group
- Select a Group name and a list of Reports will appear in the right window
- Select the Reports you wish to assign to the Group
- Click on arrows to move the Reports into the "Include" area
- Administration Tool -> Group Assignments -> Devices to a Group
- Select a Group name and a list of Devices will appear in the right window
- Select the Devices you wish to assign to the Group
- Click on arrows to move the Devices the "Include" area
- Administration Tool -> Group Assignments -> Interfaces to a Group
This is a non-mandatory selection.
- Select a Group name and a list of Interfaces will appear in the right window
- Select the Interfaces you wish to assign to the Group
- Click on arrows to move the Interfaces into the "Include" area
- Administration Tool -> Group Assignments -> Time Filters to a Group
This is a non-mandatory selection.
- Select a Group name and a list of Time Filters will appear in the right window
- Select the Time Filters you wish to assign to the Group
- Click on arrows to move the Time Filters into the "Include" area
10.8 How to Assign Groups to an Entity
- Administration Tool -> Group Assignments -> Groups to a User
- Select a User name and a list of Groups will appear in the right window
- Select the Groups you wish to assign to the User
- Click on arrows to move the Groups into the "Include" area
- Administration Tool -> Group Assignments -> Groups to a Report
- Select a Report name and a list of Groups will appear in the right window
- Select the Groups you wish to assign to the Report
- Click on arrows to move the Groups into the "Include" area
- Administration Tool -> Group Assignments -> Groups to a Device
- Select a Device name and a list of Groups will appear in the right window
- Select the Groups you wish to assign to the Device
- Click on arrows to move the Groups into the "Include" area
- Administration Tool -> Group Assignments -> Groups to an Interface
This is a non-mandatory selection.
- Select a Interface name and a list of Groups will appear in the right window
- Select the Groups you wish to assign to the Interface
- Click on arrows to move the Groups into the "Include" area
- Administration Tool -> Group Assignments -> Groups to a Time Filter
This is a non-mandatory selection.
- Select a Time Filter name and a list of Groups will appear in the right window
- Select the Groups you wish to assign to the Time Filter
- Click on arrows to move into the Groups the "Include" area
10.9 A Practical Example
As a practical example lets say that management has determined that the Server Team should only view server specific information. A single user/login called "serverteam" is to be created and given access to only server specific reports.
To set up an EGA to meet these criteria first open the Administration Tool to add a new user if they don't already exist.
Administration Tool -> General -> Add / Edit Users
- Type the User name into the text box and select Add
- Enter an email address and password
- Press "Add User"
The next step is to add a group called "Server Team".
Administration Tool -> General -> Add / Edit Groups
- Type the group name "Server Team" into the text box and select Add
Now assign the EGA relationships to the new group.
Administration Tool -> General -> Group Assignments -> Users to a Group
It is possible to assign an Entity to the Group or a Group to an entity. Either method is correct .
After selecting the Users to a Group link, we can now add the "serverteam" user to the "Server Team" group.
- Select the Group name "Server Team" and a list of Users will appear in the right window
- Select the user "serverteam"
- Click on arrows to move the user "serverteam" into the "Include" area
NOTE: If you create a Group with "All Groups" access then they will be added automatically to any new groups added at a later time.
Repeat the process to add Devices to the Group.
Administration Tool -> General -> Group Assignments -> Devices to a Group
Repeat the process to add Reports to the Group.
Administration Tool -> General -> Group Assignments -> Reports to a Group
NOTE: Selecting multiple entries makes the job easier!
Log in as the new user "serverteam" by returning to the Network Infrastructure Monitor console and changing the user to "serverteam".
10.10 Renaming and Deleting Devices
- Existing groups can be renamed or deleted if required.
- Renamed groups will retain associations with other groups or entities.
- To Rename a group find the group in the Administration Tool
Administration Tool -> Add/Edit Groups -> Click on appropriate group
- Type in a new name and press the "Rename" button.
- To delete a group find the group in the Administration Tool
Administration Tool -> Add/Edit Groups -> Click on appropriate group
- Click on the "Delete" button.
11. Time Filter
Statseeker databases and Reporting Tools utilize a single time/date filter mechanism for narrowing data searches. Time filters can be applied by making one or a number of selections from the time filter options. The resultant time filter can then be applied to a report or even saved as a favorite for future use.
Examples of applying a time filter range from relatively simple selections using Statseeker provided favorites through to complex user created filter selections. There are seven options available when creating a Time Filter for a report.
11.1 Favorites
- The most basic method of selecting a time filter is to use the Statseeker provided favorites - which is a list of pre-configured time filters.
- Using these favorites will automatically create a range for a report.
- The range can be seen in the Custom Filter text box.
- Some examples of the Favorites and the range they create include:
"Last 21 days" creates a "range = start_of_today - 21d to now;"
"Last 15 minutes" creates a "range = now - 15m to now;"
"Yesterday" creates a "range = start_of_today - 1d to start_of_today;"
"This month" creates a "range = start_of_this_month to now;"
- Favorites can be modified and then saved as a new favorite by clicking the Modify button.
- Statseeker Administrators can also add or delete custom Time Filters as Favorites in the Administration Tool. Administration Tool -> General -> Time Filter Favorites
11.2 Range
- Allows users to make selections using the drop down boxes for different time periods (year, month, days hours minute); the duration of the range; the workdays and specific hours.
- It is also possible to select the Timezone that the report will be generated in.
- Note that year, month, day, hour and minute selections are the starting points for the time filters. A duration also needs to be applied to complete the range.
- Three examples of the different levels of time filters built from the range drop downs include:
- Creating a time filter for March and April 2008, can be achieved by selecting:
year = 2008;
Month = March;
Duration = 2 months
This will create the range:
"range = 2008-03-01 to 2008-05-01;"
- Creating a time filter for the 15 days from June 20, 2008 for Monday to Friday only:
year = 2008;
Month = June;
Day= 20
Duration = 15 days
Weekday = Mon to Fri
this will create the range:
"range = 2008-06-20 to 2008-07-05; wday = Mon to Fri;"
- Creating a time filter for the 15 days from June 20, 2008 for Monday to Friday, from 8am to 5pm only:
year = 2008;
Month = June;
Day= 20
Duration = 15 days
Weekday = Mon to Fri
Time: 8:00am to 5:00pm
this will create the range:
"range = 2008-06-20 to 2008-07-05; wday = Mon to Fri; time = 08:00 to 17:00;"
11.3 Duration
- Adjusts the end time of the query. Granularity of Duration is determined by the last used drop down of the Range filter.
11.4 Weekday
- Inserts start day only OR start and end day into the query.
11.5 Time
- Inserts start time only OR start and end time into the query.
11.6 Time Zone
- Many organizations span multiple time zones making it necessary to view data in the time zones of those distributed locations.
- Statseeker stores all historical data in GMT/UTC and can report the data in any time zone by using the Time Zone selector.
- Administrators can select what time zones appear in the Time Filter via Administration Tool -> General -> Time Zone Selection
11.7 Custom Filter Text Box
- An alternative to using the Favorites and Range drop down boxes is to use the custom filter text box.
- The custom filter allows users to create their own detailed time filters using regex.
- The following query options are available for use:
Note:
- The = operator includes the specified option
- The != operator excludes the specified option
time
At least one range value must be defined to specify the start/end times of the query. The range can be specified in multiple query formats and may contain basic arithmetic.
The following range keywords are available for use:
now forever start_of_today start_of_this_year start_of_this_month start_of_this_week start_of_last_year start_of_last_month start_of_last_week end_of_today end_of_this_year end_of_this_month end_of_this_week end_of_last_year end_of_last_month end_of_last_weekEach of the following result in the same query:
range = 2008 range = 2008-01-01 to 2009-01-01 range = start_of_this_year to end_of_this_year (Assuming the year is 2008 of course!)time
Each of the following result in the same query:
time = 8am to 6pm time = 08:00 to 18:00 time = 08:00:00 to 18:00:00wday (weekday)
Each of the following result in the same query:
wday = mon,tue,wed,thu,fri wday = mon to fri wday != sat,sun wday != sat to sun wday = 1,2,3,4,5 wday = 1 to 5 wday != 6,7 wday != 6 to 7mday (day of the month)
Each of the following result in the same query:
mday = 5,6,7,8,9,10 mday = 5 to 10 mday != 1 to 4 mday != 11 to 31month
Each of the following result in the same query:
month = jun,jul,aug,sep month = jun to sep month != jan to jun month != oct to dec month = 6,7,8,9 month = 6 to 9 month != 1 to 6 month != 10 to 12year
Each of the following result in the same query:
year = 2006 to 2008 year = 2006,2007,2008Custom Filter Examples:
Each of the following result in the same query:
range = 2008 wday = mon to fri time = 8am to 5pm range = 2007-08 wday != sat,sun time != 01:00 to 03:00- An example of a complex time filter may be:
"range = start_of_today - 21d to now; wday = Mon to Fri; time = 06:00 to 20:00; time != 11:00 to 13:00;"This filter limits the report to Monday to Friday from 6am to 8pm for the last 21 days but excludes 11am to 1pm.
- Note: a range must always be specified for a time filter to be applied.
11.8 Examples of Filter Combinations
- Filter combinations allow users to create reports using one or a number of the methods above.
- For instance, the complex filter created above can be simply created by using a combination of the available options. For instance, to create this filter without needing to type in the entire regex directly:
- select "Last 21 Days" from the Favorites. The custom Filter Box now updates as:
"range = start_of_today - 21d to now;"- select Monday to Friday from the weekday drop downs:
"range = start_of_today - 21d to now; wday = Mon to Fri;"- Select 6am to 8pm from the Time option:
"range = start_of_today - 21d to now; wday = Mon to Fri; time = 06:00 to 20:00;"- To add in the not including 11am to 1pm copy the time portion of the above range (time = 06:00 to 20:00) and paste at the end of the current expression. Edit the times. The new range now becomes:
"range = start_of_today - 21d to now; wday = Mon to Fri; time = 06:00 to 20:00; time != 11:00 to 13:00;"11.9 Saving Filters
To create a favorite from the NIM console after making the selections:
- Custom time filters can be saved for use again as needed.
- These filters can be saved from the time filter selection box on any report using the Modify button or from the Administration Tool from the time filters favorites option.
- Any time filters that have been created can then be assigned to groups by the administrator using the Time filters to groups option.
- This is useful in assigning a group of users the same time filters that may be relevant to them.
To create a favorite from the Administration Tool
- click the modify button
- provide a title for the filter
- ensure the range box has the desired filter
- adjust as necessary
- save
- Go to administration tool
- Go to Time Filter Favorites
- Select Add (or edit if editing an existing filter)
- create the filter
- provide a title
- save
12. General Filters
12.1 General Filters - Network Infrastructure Monitor
Notes and Tips:
- Mouse over the down arrow on the right of the General Filters Heading on the Network Infrastructure Monitor console for a list of reports that these filters apply to
- Use the Reset button to clear all Filters
- Top N
Top N sets the number of records that Statseeker will show in its reports. The default setting of 100 determines the report length of 100 entries. Changing this number will change the number of records shown in reports that this filter applies to. Selecting the Interface Statistics report will display the Top 100 interfaces. Changing the Top N General Filter to 250 will display the Top 250 entries.- Text Filter
Adding text into this box limits the results of certain reports. This is useful in those reports containing many text entries (such as syslog and SNMP traps reports).12.2 General Filters - Traffic Analyzer
Notes and Tips:
- Use the Reset button to clear all Filters
- Need to use "inc" to signify inclusions.
- Address
Filter by IP Address<inc|exc> <src|dst|both|either> [and|or] ... Some examples: inc src 10.2.1.23 - traffic from this IP inc src 10.2.1.0/24 - traffic from this subnet inc dst 10.2.1.0/24 - traffic coming to this subnet inc both 10.2.1.0/24 - traffic only on this subnet inc src 10.2.1.0/24 and inc dst 10.3.1.0/24 - traffic from one subnet to another subnet- Protocol
Filter by protocol and sub protocol type.<inc|exc> {protocol}.{subprotcol} .... e.g. inc tcp.telnet inc tcp.telnet inc tcp.ssh inc udp.dns inc arp.Request inc icmp.* inc tcp.*Wildcards can only be used for subprotocols.
- Top N
Specifies the number of entries in a report. (Default of 0 "zero" turns off the TOP N filter and shows all entries.- Sort
Sort by Bytes, Protocol, Destination, Source or Packets.- Interval
Used to quickly break a query down into day, hour or minute intervals. Format: (Nd, Nm, Ns) e.g. 5d = 5 days, 5h = 5 hours, 5m = 5 minutes.- Format
Specify number formats: (Short format:- 98M / Long format:- 99,999,999 / Raw format:- 99999999).
13. Administrator Tools
Statseeker provides two administration tools for the administration and configuration of the Statseeker server and product. ssadmin is a command line tool used to configure the Statseeker server, while the Administration Tool is a web based tool accessed from within the product, used to configure the Statseeker software.
13.1 ssadmin
ssadmin is a command line tool is used to configure the Statseeker server.Use ssadmin to:
To run ssadmin :
- Set system time/date
- Configure NTP servers for time synchronization
- Configure SMTP email
- Configure HTTP proxy settings
- Configure network interface settings
- Turn on/off network services (telnet, ftp, DNS lookups)
- Perform software upgrades
- Configure backup and restores
- Change Statseeker system passwords
- Configure various operating system parameters / reboot server
- Create an RNA USB flash drive
- Login to the server as the "statseeker" user via the console, telnet, or ssh.
- Run ssadmin. ssadmin requires superuser access so you will need to know the 'root' password.
- Follow the menus.
13.2 Administration Tool
The Administration Tool is accessed via the Network Infrastructure Monitor Console and is used to configure the Statseeker software.
Use the Administration Tool to:
- Set Server ID Number and add a License Key
- Create an internal diagnostics report to aid in technical support
- View Statseeker log files
- Configure available time zone selections
- Add time filter favorites
- Add and edit Users
- Add and edit Groups
- Assign Users, Reports, Devices, Interfaces or Time Filters to a Group
- Assign Groups to a Report, a Device, an Interface or a Time Filter
- Enter SNMP Community names
- Enter Hosts file
- Enter IP Address discover ranges
- Enter Discover Include text strings
- Enter Discover Exclude text strings
- Enter Interface Types to be monitored
- Run the NIM Discover program
- SNMP Walk Tool
- NIM, Ping, SNMP and Crontab Config Tools
- Configure NIM Filters, Actions and Events
- Configure Syslog Filters and Actions
- Configure SNMP Traps Filters and Events
- Configure the Traffic Analyzer (NetFlow, sFlow, LAN Traffic Analyzer)
13.3 How to Configure NIM Discover
To configure the NIM Discover go to Administration Tool -> NIM Configuration and add the following information:
- SNMP community strings
Add a plain text file which lists the community names to use for discovering devices.
For example: public, mycommunityname
NOTE: Do not use the following types of characters in community names as they may be stripped by the Statseeker SNMP applications:
- Spaces
- Single quote
- Double quote
- Back quote
- Forward slash
- Backslash
- Hash
- Star
- Ampersand
- Discover Ranges
Add a plain text file listing the IP Address ranges that will be used by the Ping and SNMP discover programs.
File Format = {include or exclude} {NetworkAddress}/{Netmask}
For example: include 10.2.1.0/255.255.255.0
or
include 10.2.1.0/24
will include all IP addresses from 10.2.1.0 to 10.2.1.255
Notes
- Multiple network ranges can be defined
- IP network ranges must fall on a natural subnet boundary
- Blank lines and lines starting with a hash character are ignored
Warnings
- Do not include massively large network ranges (e.g. 0.0.0.0/0)
- Only include ranges relevant to your site's address ranges
Example
include 10.2.0.0/16
exclude 10.2.4.0/24
include 10.13.0.0/16
include 10.80.0.0/24
This will result in the following address ranges to be probed by the discovery:
10.2.0.0 to 10.2.3.255
10.2.5.0 to 10.2.255.255
10.13.0.0 to 10.13.255.255
10.80.0.0 to 10.80.0.255
- Discover Includes
Enter a list of text strings (i.e. regular expressions) to be matched against each device's system description. If the text string is found in the device's SNMP sysDescr object then it will be included in the discover.
- Discover Excludes
Enter a list of text strings (i.e. regular expressions) to be matched against each device's system description. If the text string is found in the device's SNMP sysDescr object then it will be excluded from the discover.
- Interface Types
Enter a list of interface types to monitor.
Example
ethernetCsmacd
fastEther
fibreChannel
frameRelay
For a compete list of interface types please go to Administration Tool -> NIM Configuration -> Interface Types
- You can now run the NIM Discover program.
13.4 How to Perform a Backup / Restore (FTP)
This utility has been specifically designed to backup and restore Statseeker data only. Non-Statseeker data, the operating system and Statseeker applications programs are NOT backed up. If you create additional Unix user accounts/directories/scripts, or install other software packages, they will NOT be included in the backup. The utility assumes the server is used for the Statseeker application only and that no modifications have been performed. Local changes must be reapplied after a machine restore.
Never stop a restore while in progress as the server will be left in an unknown/incomplete state. A full reinstallation will need to be performed if a restore does not complete fully.
When using a MS Windows based machine as the FTP server, make sure you are not trying to use anonymous FTP as the user login as this will stop the backup cycle feature from operating. Also make sure that Unix directory listing format is selected, otherwise the utility will not retrieve a list of backup files and a failure will occur on both a backup and restore.
On your FTP server:
On the Statseeker server, use ssadmin to set:
- Create the username and password.
- Create the directory, making sure that the user has read/write. permissions to the directory.
- IP Address of the FTP server.
- Username and Password for logging into the FTP server.
- The full path to the directory where the data is to be stored. You can determine this by manually ftp'ing to the server, changing to the relevant directory, and typing 'pwd' to print the entire directory path.
- Set the Cycle count (i.e. the number of backups to keep on the remote host).
- Use the "Backup Test" option in ssadmin to verify that the Statseeker server can login, create a file, and then delete the file.
13.5 How to Migrate to a New Server
- Email keys@statseeker.com and inform us that you wish to migrate your server. Make sure to include your current Hardware and Server ID numbers which can be obtained from Administration Tool -> General -> License Key.
- We will confirm via reply email that a new License Key has been issued and is ready to download.
- Perform a clean installation of the software onto a new machine.
- Use the Backup/Restore utility in ssadmin to perform a backup of the server.
- Use the Backup/Restore utility in ssadmin to perform a restore to the new server.
- Download a new License Key via Administration Tool -> General -> License Key.
14. Remote Network Appliance (RNA)
14.1 What is a Remote Network Appliance ?
The Remote Network Appliance (RNA) is a platform on which "Remote" Statseeker applications (NetFlow collectors, sFlow collectors and LAN Traffic collectors) are deployed.
The architecture is based around a bootable USB flash drive which turns any PC connected to the network into a remote platform within minutes. The RNA operates entirely in RAM, therefore any PC can be turned into an RNA without effecting its local operating system.
Your Statseeker license permits you to install and deploy an Unlimited Number of RNAs and RNA applications across your network infrastructure.
When RNAs are deployed the Statseeker server:
- Communicates with the RNAs via HTTP and can operate through proxies
- Regularly polls all enabled RNAs
- Synchronizes the system time of each RNA to within one second
- Automatically updates older RNA flash versions
- Downloads all applications and configuration files to each RNA
- Monitors the health and logfiles of each RNA
14.2 RNA Hardware Requirements
Minimum hardware requirements:
Note: The PC BIOS must be configured to boot from a USB Device as its first boot device.
- CPU: 1GHz
- RAM: 128M
- NIC: PCI Ethernet card (Maximum of 8).
- USB flash drive
14.3 How to Deploy an RNA
To deploy an RNA:
- Create a RNA flash drive
- Configure the RNA
- Add the RNA to the Statseeker server configuration
14.4 Creating an RNA Flash Drive
Notes and Tips:
- The "Create RNA USB Flash" utility works by scanning the bus twice and installing on the new device found on the second scan. Make sure the USB flash drive is unplugged when starting the utility and only plug it in when prompted
- All data on the USB flash drive will be lost
- Ignore all messages except for the "WARNING: ABOUT TO ERASE ALL DATA ON DEVICE" message
To create an RNA USB Flash Drive run ssadmin :
- Login to the server's console as "root".
- Run ssadmin (Make sure the USB flash drive is NOT inserted).
- Select menu Option 9 in ssadmin to "Create RNA USB Flash".
- When prompted, insert USB flash drive
- After the USB flash drive has been detected press Enter
- Continue to erase data and create flash drive
14.5 Configure an RNA
Note: The PC BIOS must be configured to boot from a USB Device as its first boot device.
- Boot a PC with the RNA flash drive.
- Switch to the configuration menu (Alt-F2).
- Select menu Option 3 Edit Config.
- You will be prompted for:
- IP Address
- Subnet mask
- Default gateway
- Select menu Option 1 Reboot the PC with the RNA flash drive for the new IP configuration to take effect.
14.6 Add an RNA to the Statseeker Server Configuration
- Go to: Administration Tool -> Traffic Analyzer -> Remote Network Appliance -> Add
- Fill in the required fields and click the Save button.
- RNA Name (allowable characters are a-z, A-Z, 0-9, and underscore)
- Title (allowable characters are a-z, A-Z, 0-9, underscore and space)
- Details (allowable characters are a-z, A-Z, 0-9, underscore and space)
- IP Address
- Mode (enabled or disabled)
- Via Proxy (enable if deploying an RNA on the outside of a firewall and all communications are only possible via your HTTP proxy)
- Rate Limit (Allows you to limit the data transfer rate of all RNA client/server communications)
- Interface descriptions 0 to 7 (allowable characters are a-z, A-Z, 0-9, underscore and space). A short description of what network the interface is connected
- The newly added RNA will appear in the list. It may take a few minutes for the RNA to change status
14.7 Duplicating the RNA Flash Drive
To duplicate the RNA flash drive:
- Boot a PC with an RNA flash drive.
- Switch to the configuration menu (Alt-F2).
- Select menu Option 5 Copy drive and follow the prompts. This will read the current drive image into memory, then ask you to insert a target flash drive. The diskcopy program will write the drive image and then verify it.
- Once a drive has been successfully copied, you will be asked to enter a new IP configuration.
- When you are finished copying flash drives, re-insert the original flash drive into the PC.
15. Traffic Analyzer
15.1 What is the Traffic Analyzer
The Traffic Analyzer is a consolidated tool for reporting on:
- NetFlow (V5, V7, V9)
- sFlow
- LAN Traffic on LAN segments locally connected to the server
- LAN Traffic on LAN segments that are connected to Statseeker Remote Network Appliances (RNAs)
The Traffic Analyzer reports on data gathered by Stateeker Traffic Collectors.
15.2 What is a Traffic Collector ?
A Traffic Collector is a Statseeker application that resides on the Statseeker server and/or on a Statseeker Remote Network Applicance (RNA).
Traffic Collectors build conversation matrix tables and dump these tables to a highly compressed file every five minutes. The tables are then downloaded by the Statseeker server and processed into a central historical database.
A Traffic Collector is automatically started for every:
- Network interface on the Statseeker server
- Network interface of every deployed Statseeker RNA
- Configured NetFlow and sFlow
Traffic Collectors can decode 802.1q VLAN packets.
No historical data is stored on the remote devices and the server regularly prunes historical data after a user defined period of time (default of 90 days).
To deploy "Remote" Traffic Collectors, you must first deploy an RNA. The Traffic Collectors will be automatically downloaded to each RNA at boot time.
15.3 How to Deploy Traffic Collectors
- Determine where to connect Traffic Collectors
- Configure Traffic Collectors
15.4 Where to Connect Traffic Collectors
- Traffic Collectors for NetFlow and sFlow will use the first interface on the RNA and should be connected to a non-mirrored switch port.
- Traffic Collectors for LAN Traffic should be deployed as follows:
Port mirroring
VLAN mirroring
Note: Many of the newer switches do not allow packets to be transmitted on the mirrored interface, therefore the RNA will need to be fitted with at least two network interfaces (i.e. one to monitor and the other to talk to the network).
15.5 How to Configure Traffic Collectors
- To configure a Traffic Collector for NetFlow or sFlow:
- Go to: Administration Tool -> Traffic Analyzer -> Flows
- Select the appropriate RNA
- Specify a Port number
- Specify a Label
- Press "Save"
- Configure the device to send NetFlow or sFlow to the specified port number on the Traffic Collector
- Traffic Collectors for LAN Traffic do not require configuration
15.6 Getting Started With the Traffic Analyzer
Network Infrastructure Monitor -> General -> Traffic Analyzer
The Traffic Analyzer is one consolidated reporting tool used for accessing and reporting on Netflow, sFlow and LAN Traffic data.
Notes and Tips:
- To run a report from the Report List, select a Time Filter, a Traffic Collector and then click on the report
- Use the Reset button in the bottom right corner of the Traffic Analyzer console to reset / clear the filters
- Use meaningful names for each Traffic Collector e.g. Netflow_New_York_Router_1
- Go to: Administration Tool -> Traffic Analyzer -> General to set:
- Keep History For: Number of days (Default is 90 days)
- Password: For Real Time LAN Traffic Analyzer
- Data is collected and reported in five minute intervals
The Traffic Analyzer consists of four easy to use sections:
Report List
The Report List consists of the following reports:
- Nodes: (IP source, Protocol, Packets, Bytes)
- Node Totals: (IP source, Total packets, Total bytes)
- Conversations: (IP source, Destination, Protocol, Packets, Bytes)
- Conversation Totals: (IP source, Destination, Total packets, Total bytes)
- Protocols: (Protocol totals)
- Totals Only: (Total packets, Total bytes)
Traffic Collector
A list of every deployed Traffic Collector: (NetFlow, sFlow and LAN Traffic)
Time Filter
Go to: Time Filter
General Filters
15.7 Realtime LAN Traffic Analyzer
The realtime LAN Traffic Analyzer uses a terminal user interface to display realtime LAN statistics. All commands are listed on the initial help screen.
The LAN Traffic Analyzer supports a limited number of terminal emulators including:
- vt100
- vt200
- vt220
- xterm
Note: Before using the realtime LAN Traffic Analyzer you must set the password via Administration Tool -> Traffic Analyzer -> General
To utilize the realtime LAN Traffic Analyzer, telnet to the RNA with the following command:
telnet ipaddress portnumber
ipaddress is the IP address of the RNA or Statseeker Server
portnumber is 30000 for the first interface, 30001 for the second interface ...
The Display Modes consists of the following options:
- IP nodes: (Source IP, Source MAC, Total packets, Total bytes, Packets / sec, Bytes / sec)
- IP conversations: (Source IP, Destination IP, Total packets, Total bytes, Packets / sec, Bytes / sec)
- MAC nodes: (Source MAC, Source IP, Total packets, Total bytes, Packets / sec, Bytes / sec)
- Total protocol counts: (Protocols, Total packets, Total bytes, Packets / sec, Bytes / sec)
- Undefined TCP/UDP ports: (Port number, TCP/UDP, IP Address)
- Alerts: (Duplicate IP Addresses, Possible Routers)
15.8 Undefined Protocols
To define a previously undefined protocol:
- Go to: Administration Tool -> Traffic Analyzer -> Protocols
- Tick the Enabled box
- Select the protocol Type
- Specify a Port number
- Specify an IP Address
- Specify a Label
- Press "Save"
- Press "Apply"
16. Syslog
Statseeker can store and report syslog messages from any monitored device. Before Statseeker can store and report on syslog messages, the device must be configured to send syslog messages to the Statseeker server, otherwise we won't collect any messages. Applying Filters and Actions to the syslog data will make the data more useful.
17. SNMP Traps
Statseeker can store and report SNMP trap messages from any monitored device. Before Statseeker can store and report on SNMP Traps, the device must be configured to send SNMP trap messages to the Statseeker server. Applying Filters and Actions to the trap data will make the data more useful.
18. Filters and Actions for NIM Events, SNMP Traps and Syslog Messages
18.1 Concepts
Statseeker provides a powerful advanced tool that runs an Action when a user specified NIM Event, SNMP Trap or syslog message occurs.
- NIM Events are entries stored in the Statseeker Event Database. Examples of NIM Events include ping_state_down, ping_state_up. To view NIM Events go to: Network Infrastructure Monitor -> Report List -> Events -> Generic
- To view SNMP Traps go to: Network Infrastructure Monitor -> Report List -> Events -> SNMP Traps
- To view syslog messages go to: Network Infrastructure Monitor -> Report List -> Events -> Syslog
NIM Events, SNMP Traps and syslog can be filtered by user defined Filters.
18.2 Filters
Filters are used to determine when an associated Action will run.
Each new NIM Event, syslog and SNMP Trap is checked against a set of "user defined" Filters to determine if it should be saved or discarded. The Filters use "regex" (regular expressions), allowing for simple or complex filter expressions.
To apply a Filter:
Administration Tool -> NIM Events -> Filters Administration Tool -> SNMP Traps -> Filters Administration Tool -> Syslog -> Filters The Filter Configuration section is identical for NIM Events, SNMP Traps, and syslog messages. Provide a Filter Name, a Regular Expression to filter on, and select the Status, Action, Group, Entity and Time Filters.
The drop down Action List contains the default "Discard" and any User configured Actions.
18.3 Actions
An Action runs a commmand that executes a user created script written in shell, C, PERL, etc... These scripts can be as simple as piping a NIM Event, SNMP Trap or syslog message to an email or as complex as raising a trouble ticket.
To apply an Action:
Administration Tool -> NIM Events -> Actions Administration Tool -> SNMP Traps -> Actions Administration Tool -> Syslog -> Actions The Action Configuration section is identical for NIM Events, SNMP Traps, and syslog messages. Provide a Action Name, a Command, and select Status and Time Filters. Statseeker provides two email command scripts. Go to: Statseeker Provided Email Scripts
18.4 Statseeker Profided Email Scripts
Statseeker provides the following two email scripts:
1. base-event-alert
usage: base-event-alert { -g group | -u user | -e email } "{}" means at least one of the option must be provided (or multiple) "|" is a separator meaning "or" /usr/local/statseeker/ss/bin/base-event-alert Reads one line at a time from stdin, and generates an email for each line from stdin. Command line switches: -g group: any user associated to the group will receive the email -u user: Will use the email associated to the Statseeker user -e email: Will use this email address as a receipent Note: You may have multiple -g or -u or -e switches or multiple combinations of the switches, but you must have at least one of them. Examples: /usr/local/statseeker/ss/bin/base-event-alert -u admin This will generate an email with the following details: Subject: "Statseeker Alert: {entity_name}: {event_text}" To: (determined from -g, -u, and -e command line switches) Body: server_time: {String representation of utc_time in server local time) when: {utc_time} event_id: {event_identifier} entity_id: {entity_id} entity_name: {entity_name} text: {event_text}2. base-mail
usage: base-mail -s subject { -g group | -u user | -e email } "-s" subject is compulsory "{}" means at least one of the option must be provided (or multiple) "|" is a separator meaning "or" /usr/local/statseeker/ss/bin/base-mail Reads from stdin and puts the contents of stdin into the body of an email message. Command line switches are as follows: -s subject: is used as the email's subject line. -g group: any user associated to the group provided will receive the email -u user: Will use the email associated to the Statseeker user. -e email: Will use this email address as a receipent. Note: You may have multiple -g or -u or -e switches or multiple combinations of the switches, but you must have at least one of them. Examples: echo "This is a test message" | /usr/local/statseeker/ss/bin/base-mail -s "Test subject" -u admin This will generate an email with the following details: Subject: Test subject To: admin Body: This is a test message
19. Frequently Asked Questions
19.1 How to Delete / Rename a Device
At the Network Infrastructure Monitor main console go to the Reports List and select the Device Details report in the General Section. Click on the Device Name (far left column) that you wish to delete. A pop up window will allow you to rename or delete the device.
19.2 How to Change Interface Details
At the Network Infrastructure Monitor main console go to the Reports List and select the Details report in the Interfaces section or for Frame Relay select the Details Report in the Frame Relay section and run the report.
The following options can be changed by clicking on the link and opening the NIM Config Editor:
- Title – the interface title you wish to see appear in reports
- Tx (speed) – the Tx speed for calculations and reporting
- Rx (speed) – the Rx speed for calculations and reporting
- Oper (poll) – polling oper status on interfaces
- Poll (on/off) – sets polling on or off (off will stop Statseeker polling interface)
NOTE: The "lock" flag will lock this field so that future SNMP walks do not change these fields. The "nolock" will enable the change only until the next SNMP walk updates this field again.
19.3 How to Change Device Details
At the Network Infrastructure Monitor main console go to the Reports List and select the Device Details report in the General section.
The following options can be changed by clicking on the link and opening the NIM Config Editor:
- Device – (Change name)
- IP Address - (Change name, lock / nolock)
- Ping - (poll on / off)
- SNMP (poll on / off)
- Community (Change name, lock / nolock)
NOTE: The "lock" flag will lock this field so that future SNMP walks do not change these fields. The "nolock" will enable the change only until the next SNMP walk updates this field again.
19.4 Can Version 2.8.x be Upgraded to Version 3 ?
Version 3 is a complete replacement for the current product and is NOT an incremental upgrade to Version 2.8.x. The entire code base has been re-written from the ground up to accommodate expanding network sizes, new technologies and many new data types.
You will need to install Version 3 onto another piece of hardware and we strongly recommend that you run both systems in parallel until you are ready to turn off your Version 2.8.x server.
Every customer will get a new set of unlimited license keys for Version 3.
19.5 Can Version 2.8.x Data be Migrated to Version 3 ?
The simple answer here is No.
Version 3 collects a far greater number of data types, from many different technologies, at far greater granularity than Version 2.8.x. This unfortunately means Version 2.8.x data becomes incompatible with Version 3.
You will need to install Version 3 onto another piece of hardware and we strongly recommend that you run both systems in parallel until you are ready to turn off your Version 2.8.x server. If you wish to continue viewing your historical 2.8.x data, and are ready to rely on Version 3 for your day to day monitoring requirements, Statseeker will provide you with a script that will turn off the poller on your Version 2.8.x server. You can leave your Version 2.8.x server running for as long as you wish.
For script instructions: Please log a Technical Support call via the Statseeker website.
19.6 Can Version 3 Run on VMware ?
No.
19.7 What are Server ID, Hardware ID and Customer Numbers ?
A Server ID Number is required to activate every Statseeker server. The Server ID Number is generated by Statseeker and can be obtained by emailing keys@statseeker.com. Once this number is applied to the Server via the Administration Tool -> General -> License Key section, the system will generate a Hardware ID Number based on the hardware footprint of the server. The Hardware ID Number and Server ID number are then used to create a License Key. The License Key is downloaded directly from Statseeker's backend systems to the server. If the server does not have a connection to the Internet then email a License Key request containing the Server and Hardware ID Numbers to keys@statseeker.com. A License Key will be manually produced and sent back via email.
Your Customer Number is a unique number used to identify your organization. You will need this number to log Technical Support Requests via www.statseeker.com/Support.html. Your Customer Number can be found at the bottom of the main Network Infrastructure Monitor console.
19.8 What are appropriate alphanumeric characters in my Host File?
In version 3, the host names are compliant with RFC 952.
RFC 952 states
A "name" (Net, Host, Gateway, or Domain name) is a text string up to 24 characters drawn from the alphabet(A-Z), digits (0-9), minus sign (-), and period (.) Note that periods are only allowed when they serve to delimit components of "domain style names".
19.9 How does the NIM discovery differentiate from a server and a pc?
The short answer is "it doesn't". There is no "server" list.
Statseeker will add SNMP objects to be polled into the configuration for any devices that respond with HOST-RESOURCES-MIB objects when they are discovered.
For example, if the device responds with details about the processor load SNMP object hrProcessorLoad during the discover, it will be added to the configuration, and it will be polled.
When the CPU Load report is run, then it will report on any SNMP object in the configuration for hrProcessorLoad.
Any device that responded with hrProcessorLoad during the discover would appear in the list of the CPU Load report.
Any device that responded with hrStorageUsed, hrStorageAllocationUnits, hrStorageDescr; hrStorageSize SNMP object and hrStorageType of hrStorageFixedDisk during the discover would appear in the File System Usage Report.
Any device that responded with hrStorageUsed, hrStorageAllocationUnits, hrStorageDescr; hrStorageSize SNMP object and hrStorageType of hrStorageVirtualMemory during the discover would appear in the Memory Usage (Virtual) Report.
Any device that responded with hrStorageUsed, hrStorageAllocationUnits, hrStorageDescr; hrStorageSize SNMP object and hrStorageType of hrStorageRam during the discover would appear in the Memory Usage (Physical) Report.
So PCs and Servers are responding with HOST-RESOURCES-MIB objects and therefore are appearing in the reports under the Server sections. Any device with HOST-RESOURCES-MIB implemented would be considered a server including UNIX servers, FreeBSD Servers, Windows Servers and Windows PCs.
19.10 Can I exclude servers and a pcs from my configuration?
During the discovery, all of the IP Address in the Discover Range (for Discovery Using Ranges) or in the Host File (for Discovery Using Hosts) are pinged.
Any device that responds to the ping is a candidate to be added for SNMP polling.
The candidates are then polled for the sysDescr object. If the response contains any string in the Discover Include and does not include any string in the Discover Exclude section of the Administration Tool, they are then walked and added to the configuration.
So to excluded a device from being added, add any part of the sysDescr for the device to the Discover Exclude section of the Administration Tool.
To determine the sysDescr for a particular device, you can use the SNMP Walk in the Administration Tool to query for sysDescr.
A Microsoft PC would return a string for sysDescr similar to
x86 Family 15 Model 3 Stepping 4 AT/AT COMPATIBLE - Software: Windows 2000 Version 5.0 (Build 2195 Multiprocessor Free)So you could add any part of this to the Discover Exclude to exclude the device.
For example, if you want to exclude all windows devices, you could add
Windowsto the Discover Exclude section.
19.11 What characters can I use for my User passwords?
Special characters are not supported (@, $, !, # etc). Please user alphanumeric characters.
20. System Security
20.1 Server
Open PortsProtocols Used
- tcp port 23: telnetd
- tcp port 20/21: ftpd
- tcp port 22: sshd
- tcp port 80: httpd
- udp port 162: snmptrap
Server Processes
- icmp
- udp snmp
- udp snmptrap
- tcp http
- Sendmail is configured to only process local mail. It will NOT accept remote SMTP connections
- Sendmail runs as a non-privileged user
- Sendmail will make outgoing connections to the configured SMTP gateway
- The syslog daemon only processes local messages. It will not accept messages from remote hosts
- You can not login as root via a network connection. You must login as a normal user and then 'su'
20.2 Remote Network Appliance
The RNA is a custom designed platform based on FreeBSD.Open Ports
- There is no command line shell (eg. /bin/sh)
- The RNA will only execute Statseeker certified programs
- The client/server protocol runs over HTTP. The data is not encrypted, however it is obscure and would require a lot of effort to reverse engineer it
- The telnet daemon runs on tcp ports 30000-30007. All telnet data is sent across the network in plain text
- tcp port 80: http
- tcp port 30000-30007: LAN Analyzer telnet
21. Development Tools
Tools for building reports
Most Statseeker reports are generated with short perl scripts (wrappers around various command line tools).These tools perform functions such as:
- Decode CGI/Cookie queries
- Decode TFC queries
- Interact with the EGA
- Interact with the time series database
- Interact with the event database
- Interact with the message databases
- Interact with the Traffic Analyzer database (i.e. NetFlow, sFlow)
- Interact with the NIM configuration
- Build graphs (line, strip, filled, bar, stacked bar, pie, calendar, etc...)
- Build HTML table reports
- Perform SNMP get/walk/poll requests
base-cgi
base-cgi decodes Statseeker HTTP GET and POST requests. The output is presented as a key/value pair.base-tfc
base-tfc [-ir] [-z tz] query -i: Display filter info -r: Display results in raw format tz: Time zone string, e.g. 'Australia/Sydney' query: The time filter querybase-ega
base-ega [command ...] EGA Types: device port report time user access { add|set } group { <name|id> } { {ega} { <name|id> } } access clear { {ega} { <name|id> } } group { <name|id> } add { group|{ega} } { <name> } check { group|{ega} } { <name|id> } { group|{ega} } { <name|id> } delete { group|{ega} } { <name|id> } get group [ {ega} { <name|id> } ] ... get {ega} [ { group|{ega}|parent } { <name|id> } ] ... get {ega} info { <name|id> } [ { <name|id> } ... ] rename { group|{ega} } { <name|id> } { <name> } flushbase-event
base-event dbname [...] add action { -a <action name> } { -c <action command> } [ -t <tfc> -z <timezone> ] add filter [ -e <entity id|name> | -g <group id|name> ] [ -f <filter name> ] { -r <filter regex> } [ -t <tfc> -z <timezone> ] [ -a <action id|name> ] add event { { -e <entity id|name> & -m <event text> } [ -T <time> ] add note { -i <event id> } { -T <time> } { -m <note text> } modify event { -i <event id> } { [ -x <event flag> ] [ -a <action id|name> ] } modify record { -i <event id> } { -t <time> } { -x <record flag> } modify action { -a <action id|name> } { [ -x on|off ] [ -t <tfc> -z <timezone> ] [ -c <action command> ] } modify filter [ -e <entity id|name> | -g <group id|name> ] { -f <filter id|name> } { [ -x on|off ] [ -t <tfc> -z <timezone> ] [ -r <filter regex> ] [ -a <action id|name> ] } delete action { -a <action id|name> } delete filter { -f <filter id|name> } delete event { -i <event id> } delete record { -i <event id> } { -T <time> } delete note { -i <event id> } { -T <time> } get action [ -a <action id|name> ] get filter { -f <filter id|name> } get event [ -e <entity id|name> [ -m <event text> ] | -g <group id|name> | -i <event id> ] [ -r <regex> ] get record [ -e <entity id|name> [ -m <event text> ] | -g <group id|name> | -i <event id> ] [ -r <regex> ] [ -T <time> | -t <tfc> -z <timezone> ] [ -s <sort by +|- time|id|entity|group|text> ] get note { -i <event id> } { -T <time> } expire records { -T <time> }base-message
base-message dbname [...] expire message time add message { -e <entity id|name> } { -m <message text> } add action { -a <action name> } { -c <command> } add filter { -f <filter name> } { -r <regex> } modify filter { -f <filter id|name> } { -r <regex> } modify action { -a <action id|name> } { -c <command> } get filter [ -f <filter id|name> ] get action [ -a <action id|name> ] get message { -e <entity id|name> -e ... | -g <group id|name> -g ... } [ -s <sort by +|- time|id|entity|group|text> ] { -t <time filter> } [ -z <timezone> ] [ -r <regex> ]base-timeseries
base-timeseries [-w] <dbname> ... new { <type> <width> <interval> [ <cachesize> <cachemin> <zblocksize> ] save { <id> <time|seqnum> <value> } delete { <id> } timezone <zonename> stat clear [ all|interval|scale|results ] stat set { range|interval|seqnum|varcnt|scale <values> } stat set range "<tfc>" stat set interval <value> stat set seqnum <value> stat set varcnt <value> stat set scale <time> <multiplier> <divisor> stat add <id ... > stat get [ min|max|avg|tot|cnt|data|stats ... ] output format: min,<seqnum>,<interval>,<num_results>,<min ...> max,<seqnum>,<interval>,<num_results>,<max ...> avg,<seqnum>,<interval>,<num_results>,<avg ...> tot,<seqnum>,<interval>,<num_results>,<tot ...> cnt,<seqnum>,<interval>,<num_results>,<cnt ...> data,<id>,<time>,<year>,<month>,<mday>,<hour>,<minute>,<second>,<interval>, <nonzero>,<min>,<max>,<avg>,<tot>,<num_results>,<data ...> stats,<id>,<cnt>,<nonzero>,<min>,<max>,<avg>,<tot>ltm-db
ltm-db { -t <time filter> } [ -a <address filter> ] [ -p <protocol filter> ] [ -i <interval> ] [ -s <sort filter> ] [ -l <limit to N records> ] [ -z <timezone> ] <probe name> <interface number> <report type> where: -t {TFC query} -a <inc|exc> <src|dst|both|either> [ <and|or> <inc|exc> <src|dst|both|either> ] -p <protocol.subprotocol> (e.g. tcp.telnet or tcp.*) -i <Nh|Nm|Nh> -s <src|dst|proto|packets|bytes> -l <limit> (e.g. limit to top N) -z <timezone> (e.g. Australia/Brisbane) type <conv|node|proto|total>nim-cfg
build delete entity:mib:oid:index get entity:mib:oid:index getflag entity:mib:oid:index getvalue entity:mib:oid:index list entity:mib:oid:index rename entity:mib:oid:index entity:mib:oid:index set entity:mib:oid:index flags value setflag entity:mib:oid:index flags setvalue entity:mib:oid:index value statusbase-graph
base-graph config options: background <colour_hex> calendar { 0|1 } colour <index> <colour_hex> font-axis-title <font> font-axis-label <font> font-legend <font> font-title <font> interval <value> legend <index> "<string>" margin <top> <right> <bottom> <left> margin-col <value> margin-row <value> margin-title <value> radius <value> start-time <value> title "<string>" type { line|filled|bar|stacked|strip } x-gridlines { 0|1 } x-step <value> x-title "<string>" y-gridlines <number> y-height <value> y-labels "<string>" ... y-max <value> y-title "<string>" commands: data <value>,<value>,... save </path/to/file> clear statusbase-report
All tabular reports are created by the base-report program.base-tfc-gui
base-tfc-gui produces the HTML of the Time Filter. If you are building a new control panel which requires the Time Filter control, simply call base-tfc-gui from within your perl script to create the HTML.nim-snmp
nim-snmpget [-f config file] ipaddr version community varbinds nim-snmpgetnext [-f config file] ipaddr version community varbinds nim-snmpwalk [-f config file] ipaddr version community varbinds nim-snmppoll [-f config file]