Keeping an eye on your EriZone process tickets

Posted by on Jul 10, 2017 in EriZone & OTRS | 0 comments

ProcessOverview

Usually, during a new EriZone implementation, we are not just implementing “simple” Incident Management, but also defining processes to standardize existing procedures within the company.

Investing time now in the implementation of a standardized process will pay dividends later, especially in the case of multilevel authorizations or other workflows where the ticket needs to follow a predefined path.

Thanks to EriZone’s “process bundle”, tickets that have a given service and category automatically trigger a predefined process flow. Thus a new ticket automatically enters the appropriate pipeline defined in the standardization process.

Read More

Importing Tickets in EriZone

Posted by on Jul 7, 2017 in EriZone & OTRS | 0 comments

Ticket_Import

Service desk systems are of great importance to most IT departments. They are used to manage not only incidents and service requests, but also for authorizations and the management of internal projects. Moreover, data obtained from an ITSM system can be used for time accounting, invoicing and cost estimates. Finally, yet importantly, tickets and their metadata build a structured and searchable request history and knowledge base.

In the event a ticketing system needs to be merged with another system or has to be completely shut down, it is important that this precious data be preserved.

Read More

NetEye – Action Launchpad

Posted by on Jul 6, 2017 in NetEye | 0 comments

ActionLaunchpad

Whether you are responsible for your company’s Network Operations Center (NOC), or you are just generally interested in the topic of infrastructure monitoring, this article will be of interest to you.

We built the Action Launchpad module for NetEye to simplify the execution of remote commands (proactive actions). When resolving some anomaly you find yourself needing to execute a well-defined sequence of steps, you can automate this using the Action Launchpad. The Launchpad works by exposing a web interface to execute predefined commands on certain servers.

Read More

Towards Self-Adaptive Service Desk Systems

Posted by on Jul 5, 2017 in EriZone & OTRS | 0 comments

Self-Adaptive Service Desk Systems

If you don’t work in the field of IT service management, you might suppose that a service desk, and especially an IT service desk, is something quite standard… having similar services and a similarly structured support staff structures across all companies.

However, despite having (apparently) a very similar goal and trying to follow a common terminology and guidelines such as the ITIL standard for IT service management, each company has its own specific demands and processes put into practice for providing service to both their internal and external customers. These processes differ on the type of service given, the number of service requests, their distribution among services, the complexity of requests, etc.  In addition, the level of expertise of the support staff members, the internal organization of the (IT-)department, and the concepts and architecture of the supporting tools have a decisive influence on the service processes being implemented.

Read More

Quick Ticket Template

Posted by on Jun 29, 2017 in EriZone & OTRS | 0 comments

“Is there any way to speed up opening new tickets?”

This is a typical question new EriZone customers ask during project implementation. The reason is quite obvious: If you have a large Service Desk team that is opening several hundred tickets each day, every second counts. Especially in situations where the resolution time is critical, a shortcut for quickly selecting service, category, and potentially other fields may be of great advantage.

Thanks to an additional configuration which will be available starting with EriZone 5.2, you will be able to add the menu item “Ticket Template”. This new option will allow you to add and configure this item within the webpage itself. Once a template has been created, the agent will be able to use that template to create a new ticket. The form that appears will contain the predefined content inside the corresponding fields. Then the agent just has to fill in the remaining fields in order to create the new ticket.

Depending on the groups an agent belongs to, he will see a different set of templates. For example, agents in the group “ServiceDesk_Template_G” will see templates different from those available for members of the group “Network”.

Below you can see an example of a ticket regarding a malfunction of the email service.

new ticket email malfunction

Read More

Icinga Web 2 Theming

Posted by on Jun 28, 2017 in NetEye | 0 comments

Theming 1200x628

Icinga Web 2 is a powerful PHP framework for web applications in a clean, minimal design. It’s fast, responsive, accessible and easily extensible with modules. It can be installed quickly and easily from packages found in the official package repositories (see the resource links at the bottom of this blog post).

Besides the global configuration settings, each user has individual configuration options like the interface’s language, the current time zone, and the preferred theme. My aim here is to explain how you can easily create a new customized theme to make your Icinga interface the one you’ve always dreamed of.

Read More

Nutanix Monitoring with NetEye

Posted by on Jun 26, 2017 in Nagios-Plugins, NetEye | 0 comments

Nutanix Monitoring with NetEye

Doing my work as monitoring consultant, I often have to monitor Nutanix systems on customer site. Nutanix is a integrated systems vendor that produces a hyper-converged storage system called “Virtual Computing Platform”.

It is quiet easy to monitor the Nutanix system and with NetEye you will be able to get the best results and visualization possibilities.

You will monitor the Nutanix system by using the SNMP protocol:

Read More

Next Level Performance Monitoring – Part I

Posted by on Jun 20, 2017 in NetEye, Network Traffic Monitoring, Real User Experience Monitoring | 0 comments

Network traffic keeps becoming more and more heterogeneous. In many cases, it is not enough to monitor a system as we have done in the past. Here I will present the key ingredients according to Würth Phoenix for successful state of the art performance monitoring and proactive analysis of those applications that are critical for your business.

Combining User Experience and Performance Metrics for new Insights

User experience is a very important factor. If your measurements seem in the right range, BUT end users complain about slow applications, you need to act. For this reason, user experience combined with an overview of all the servers being put under monitoring is the right place to start. In our opinion it is of vital importance to know when critical business applications begin to slow down before your users start to complain. You can achieve this by running continuous checks via Alyvix – our active user experience monitoring solution. Test cases can be written specifically for the most vital parts of your applications, and the functionality and speed of those very parts can be checked as often as needed. The outcome in terms of performance of each individual user interaction tested is then saved into the same central time series data base as the performance metrics registered from all original sources of interest (such as Perfmon data, ESX performance data, etc.) It is then possible to perform a multiserver zoom and with a single click to navigate to the most interesting servers during time periods where Alyvix detected problems.

Screenshot from 2017-05-29 10:42:58

Read More

How to extend or modify the APIs

Posted by on Jun 12, 2017 in Development, NetEye | 0 comments

NetEye API

Introduction

The NetEye APIs offer a simple way to automate and script common processes on NetEye. They expose more than 150 objects written in Perl, which can be easily used and extended. The NetEye APIs allow you to perform several actions: add/modify/remove a host, service or business process from Nagios, as well as compute the availability of these objects over a given period of time. The APIs are open source, and you can find the Perl code installed at /var/lib/neteye/API. However, if you modify your code locally, your changes will be overwritten at the next API update. In this article I will show you how to do make your changes to the NetEye APIs persist across updates. 

Read More

How to send logs from servers in the cloud to NetEye?

Posted by on Jun 6, 2017 in Log Auditing, NetEye, Syslog | 0 comments

LogManagement_03

Keeping an offline copy of your logs does not only provide better visibility from the system management point of view, but also turns out to be extremely precious in case of a security incident during which your local copies have been affected.

As many of you might know, the Log Management module of NetEye offers a complete solution to manage logs, in line with the obligations intended by the data protection authority. Moreover, it provides a handy way to centrally manage logs from various sources. (see also on our blog: “What to do with all those logs?” and “NetEye Log Management on the official Elastic blog” ).

NetEyeSyslog

Architecture of the Log Management module:

  • Log auditing and data collection system, based on rsyslog
  • Agent (Safed) for sending logs over the syslog protocol (RFC 3164 – configured by default to send over TCP on port 514 to guarantee the correct receiving of the sent logs)

It is crucial that the communication between the Safed agents and NetEye on the TCP port 514 is always guaranteed.

During one of my latest customer projects, I was asked to implement a possibility for collecting logs from remote systems in the cloud. The main challenge was that accessing the systems was possible just via SSH.

Now I will show you how I resolved this problem by using a reverse SSH tunnel and a Safed agent on a Linux/Unix machine.

Read More

EriZone – Security Advise

Posted by on May 31, 2017 in EriZone & OTRS | 0 comments

It was detected a vulnerability on the agent interface of the EriZone – OTRS system. The following is valid for all OTRS, Erizone 3.x and EriZone 5.x systems

The severity of this vulnerability has been categorized with “high”.

To guarantee the security of your system, we recommend to disable the Installer.pm module.
Modify the file /opt/erizone/otrs/Kernel/Config.pm and insert following lines:

# Security FIX # WP 31.05.2017
delete $Self->{'Frontend::Module'}->{Installer};

This lines has to be inserted directly after the following code block:

# ----------------------------------------------- #
# fs root directory
# ----------------------------------------------- #

$Self->{Home} = '/opt/otrs';

Further information regarding this topic can be found on http://www.cvedetails.com/cve/CVE-2014-9324/

 


 

Technical details:

  • Date: 2017-05-30
  • Title: Installer Routine Vulnerability
  • Severity: High
  • Product: OTRS 3.2.* EriZone 3.* and EriZone 5.*
  • References: CVE-2017-9324
Read More

IoT: The future, today.

Posted by on May 30, 2017 in NetEye | 0 comments

IoT 2017

The Smith-Family is driving on the highway to arrive to their holiday destination in Italy, as a car in front of them suddenly brakes. A truck accidently has lost demolition debris and thereby almost caused a multiple-vehicle collision. Mrs. Jones is driving the car just behind the truck and as her car brakes, it simultaneously sends a message to the following vehicles. Those activate the brakes too, shift down and forward the message to the cars behind them. In this way, also the following cars can immediately react. An accident has been  successfully avoided and all vehicles can go ahead. Moreover, the truck informs the highway company, who instantly sends the cleaning crew.

At the first moment, this might seem since-fiction, but it isn’t. We call it: IoT (Internet of Things).

Read More

Monitoring Microsoft Exchange Server

Posted by on May 25, 2017 in NetEye | 0 comments

Microsoft Exchange Monitoring

Microsoft Exchange server is one of the most used email server for companies but sometimes it is hard to monitor because usually the monitoring tools only control the availability of the server on the network.

Thanks to the 2013 update, Microsoft offered several URL (Healthcheck URL) to verify the real server availability for clients.

The URL address have the following structure:

https://<External FQDN>/<protocol>/healthcheck.htm

Whereas the <protocol> can be substitute by:

  • OWA Outlook Web App
  • ECP Exchange Control Panel
  • OAB Offline Address Book
  • AutoDiscover Autodiscover process
  • EWS Exchange Web Services (Mailtips, Free/Busy, Lync clients, Outlook for Mac)
  • Microsoft-Server-ActiveSync Exchange ActiveSync
  • RPC Outlook Anywhere
  • MAPI MAPI/HTTPS (da Exchange 2013 SP1)

A recurring control gives the possibility to anyone to monitor the server operations, but it doesn’t help to verify the presence of low performances and adjustments.

For a better control, it is necessary to use an agent set up on the server Exchange that can read periodically the performance data displayed by Exchange (Performance Counters), in order not to overload the server and worsen the service.

NetEye solution

Read More

NetEye as essential component of a Security Operations Centers

Posted by on May 22, 2017 in Log Auditing, NetEye | 0 comments

cyber-security-2296269_1280

During my last projects I noticed that the implementation of a „Security Operations Center“ (in short SOC) is becoming increasingly important, especially for our enterprise customers.

Mainly for big companies that are of public interest like banks, energy providers, assurances etc. the topic of cyber threats is getting more actual and requires special attention. This has been reinforced not at least by the fact that some of these companies already have felt victim to cyber-attacks.

Many companies are planning to introduce a Security Operations Center to prevent and combat cyber threats. (Security Operations Center on Wikipedia) Certainly, such a SOC has to be adapted to the requirements of the company, however, at the same time it has to be flexible enough to face challenges like rapid growth and continuously changing requirements.

The implementation of our Unified Monitoring solution NetEye supports the successful realization of a SOC in the following areas:

Read More