Next Level Performance Monitoring – Part I

Posted by on Jun 20, 2017 in NetEye, Network Traffic Monitoring, Real User Experience Monitoring | 0 comments

Network traffic keeps becoming more and more heterogeneous. In many cases, it is not enough to monitor a system as we have done in the past. Here I will present the key ingredients according to Würth Phoenix for successful state of the art performance monitoring and proactive analysis of those applications that are critical for your business.

Combining User Experience and Performance Metrics for new Insights

User experience is a very important factor. If your measurements seem in the right range, BUT end users complain about slow applications, you need to act. For this reason, user experience combined with an overview of all the servers being put under monitoring is the right place to start. In our opinion it is of vital importance to know when critical business applications begin to slow down before your users start to complain. You can achieve this by running continuous checks via Alyvix – our active user experience monitoring solution. Test cases can be written specifically for the most vital parts of your applications, and the functionality and speed of those very parts can be checked as often as needed. The outcome in terms of performance of each individual user interaction tested is then saved into the same central time series data base as the performance metrics registered from all original sources of interest (such as Perfmon data, ESX performance data, etc.) It is then possible to perform a multiserver zoom and with a single click to navigate to the most interesting servers during time periods where Alyvix detected problems.

Screenshot from 2017-05-29 10:42:58

Read More

How to extend or modify the APIs

Posted by on Jun 12, 2017 in Development, NetEye | 0 comments

NetEye API

Introduction

The NetEye APIs offer a simple way to automate and script common processes on NetEye. They expose more than 150 objects written in Perl, which can be easily used and extended. The NetEye APIs allow you to perform several actions: add/modify/remove a host, service or business process from Nagios, as well as compute the availability of these objects over a given period of time. The APIs are open source, and you can find the Perl code installed at /var/lib/neteye/API. However, if you modify your code locally, your changes will be overwritten at the next API update. In this article I will show you how to do make your changes to the NetEye APIs persist across updates. 

Read More

How to send logs from servers in the cloud to NetEye?

Posted by on Jun 6, 2017 in Log Auditing, NetEye, Syslog | 0 comments

LogManagement_03

Keeping an offline copy of your logs does not only provide better visibility from the system management point of view, but also turns out to be extremely precious in case of a security incident during which your local copies have been affected.

As many of you might know, the Log Management module of NetEye offers a complete solution to manage logs, in line with the obligations intended by the data protection authority. Moreover, it provides a handy way to centrally manage logs from various sources. (see also on our blog: “What to do with all those logs?” and “NetEye Log Management on the official Elastic blog” ).

NetEyeSyslog

Architecture of the Log Management module:

  • Log auditing and data collection system, based on rsyslog
  • Agent (Safed) for sending logs over the syslog protocol (RFC 3164 – configured by default to send over TCP on port 514 to guarantee the correct receiving of the sent logs)

It is crucial that the communication between the Safed agents and NetEye on the TCP port 514 is always guaranteed.

During one of my latest customer projects, I was asked to implement a possibility for collecting logs from remote systems in the cloud. The main challenge was that accessing the systems was possible just via SSH.

Now I will show you how I resolved this problem by using a reverse SSH tunnel and a Safed agent on a Linux/Unix machine.

Read More

EriZone – Security Advise

Posted by on May 31, 2017 in EriZone & OTRS | 0 comments

It was detected a vulnerability on the agent interface of the EriZone – OTRS system. The following is valid for all OTRS, Erizone 3.x and EriZone 5.x systems

The severity of this vulnerability has been categorized with “high”.

To guarantee the security of your system, we recommend to disable the Installer.pm module.
Modify the file /opt/erizone/otrs/Kernel/Config.pm and insert following lines:

# Security FIX # WP 31.05.2017
delete $Self->{'Frontend::Module'}->{Installer};

This lines has to be inserted directly after the following code block:

# ----------------------------------------------- #
# fs root directory
# ----------------------------------------------- #

$Self->{Home} = '/opt/otrs';

Further information regarding this topic can be found on http://www.cvedetails.com/cve/CVE-2014-9324/

 


 

Technical details:

  • Date: 2017-05-30
  • Title: Installer Routine Vulnerability
  • Severity: High
  • Product: OTRS 3.2.* EriZone 3.* and EriZone 5.*
  • References: CVE-2017-9324
Read More

IoT: The future, today.

Posted by on May 30, 2017 in NetEye | 0 comments

IoT 2017

The Smith-Family is driving on the highway to arrive to their holiday destination in Italy, as a car in front of them suddenly brakes. A truck accidently has lost demolition debris and thereby almost caused a multiple-vehicle collision. Mrs. Jones is driving the car just behind the truck and as her car brakes, it simultaneously sends a message to the following vehicles. Those activate the brakes too, shift down and forward the message to the cars behind them. In this way, also the following cars can immediately react. An accident has been  successfully avoided and all vehicles can go ahead. Moreover, the truck informs the highway company, who instantly sends the cleaning crew.

At the first moment, this might seem since-fiction, but it isn’t. We call it: IoT (Internet of Things).

Read More

Monitoring Microsoft Exchange Server

Posted by on May 25, 2017 in NetEye | 0 comments

Microsoft Exchange Monitoring

Microsoft Exchange server is one of the most used email server for companies but sometimes it is hard to monitor because usually the monitoring tools only control the availability of the server on the network.

Thanks to the 2013 update, Microsoft offered several URL (Healthcheck URL) to verify the real server availability for clients.

The URL address have the following structure:

https://<External FQDN>/<protocol>/healthcheck.htm

Whereas the <protocol> can be substitute by:

  • OWA Outlook Web App
  • ECP Exchange Control Panel
  • OAB Offline Address Book
  • AutoDiscover Autodiscover process
  • EWS Exchange Web Services (Mailtips, Free/Busy, Lync clients, Outlook for Mac)
  • Microsoft-Server-ActiveSync Exchange ActiveSync
  • RPC Outlook Anywhere
  • MAPI MAPI/HTTPS (da Exchange 2013 SP1)

A recurring control gives the possibility to anyone to monitor the server operations, but it doesn’t help to verify the presence of low performances and adjustments.

For a better control, it is necessary to use an agent set up on the server Exchange that can read periodically the performance data displayed by Exchange (Performance Counters), in order not to overload the server and worsen the service.

NetEye solution

Read More

NetEye as essential component of a Security Operations Centers

Posted by on May 22, 2017 in Log Auditing, NetEye | 0 comments

cyber-security-2296269_1280

During my last projects I noticed that the implementation of a „Security Operations Center“ (in short SOC) is becoming increasingly important, especially for our enterprise customers.

Mainly for big companies that are of public interest like banks, energy providers, assurances etc. the topic of cyber threats is getting more actual and requires special attention. This has been reinforced not at least by the fact that some of these companies already have felt victim to cyber-attacks.

Many companies are planning to introduce a Security Operations Center to prevent and combat cyber threats. (Security Operations Center on Wikipedia) Certainly, such a SOC has to be adapted to the requirements of the company, however, at the same time it has to be flexible enough to face challenges like rapid growth and continuously changing requirements.

The implementation of our Unified Monitoring solution NetEye supports the successful realization of a SOC in the following areas:

Read More

IoT and Industry 4.0: NetEye monitoring metamorphosis

Posted by on May 17, 2017 in NetEye | 0 comments

May 16, 2017 – IoT Conference: Nicola Degara highlights the challenges for the IT System Management in IoT and Industry 4.0 environments.
IoT_Nicola

If in the past often the Information Technology was not influencing the company strategy, today it becomes a Business Enabler. IT is no longer a cost center but a Corporate Strategy supporter. The digital transformation evolves the IT, making it a Vital Business Function. These were the topics of Nicola Degara’s presentation at the IoT Conference. “Only companies that can quickly respond to new opportunities by adapting to the needs of a digitized market will succeed in maintaining a competitive positioning,” explained Degara, head of the NetEye & EriZone consulting team at Würth Phoenix.

Read More

NetEye: Job Scheduler Integration

Posted by on May 16, 2017 in NetEye | 0 comments

JobScheduler

In one of my last projects, I had to implement a job scheduler to the IT environment of one of our NetEye customers, whereby a central requirement was that it had to be possible to launch jobs directly from NetEye. The customer had chosen the job scheduler solution from SOS Berlin, which had to be installed on a Linux environment.

Read More

EriZone 5.1: Improved ticket printing functionality

Posted by on May 10, 2017 in EriZone & OTRS | 0 comments

The PDF printing functionality has been improved with the last version of EriZone 5.1. It is now possible to print to PDF all images and html included in the ticket. In this way the generated / printed PDF becomes a true copy of the original ticket that can be used in different offline scenarios.  For instance, sometimes it’s useful to have a hard (printed) copy of the ticket to hand in a report to meeting participants.

Here is a simple example of a welcome ticket composed of tree articles:

Improved Printing functionality in EriZone 5.1

Read More

EriZone 5.1: Service Catalogue Translation

Posted by on May 10, 2017 in EriZone & OTRS | 0 comments

The service catalogue is a focal point in ITIL, and often it is even the starting point for ITSM implementation. EriZone is an ITSM tool that fully supports Service Catalogue Management. With the recently released verion 5.1 of EriZone the service catalogue has become multilingual to face the requirements of multinational service providers and their customers.

EriZone 5.1 - Service Catalogue Translation 1

Fig.1. Multilingual Service Catalogue

Read More

Synthetic Application Monitoring with Alyvix

Posted by on May 9, 2017 in NetEye, Real User Experience Monitoring | 0 comments

Alyvix Training - Synthetic Application Monitoring

Synthetic Application Monitoring:

Allows monitoring applications from the user’s point of view by simulating transaction sequences, followed by the measurement and recording of the perceived performance data.

Would you like to be independent from subjective statements as “application XY is slow” or outage indications from your users? In this case, the concept of synthetic application monitoring and the corresponding monitoring tool Alyvix are right for you. If you are interested to get to know this concept and tool, the Synthetic Monitoring Training offered by Würth Phoenix might be the right choice.

Synthetic Monitoring Training 2017

13th to 14th June – Bolzano/Italy

20th to 21st June – Niedernhall/Germany

Read More

SNMP – Agentless Monitoring

Posted by on May 4, 2017 in Configuration Management, NetEye | 0 comments

Agentless Monitoring

In this article, I am going to explain how to implement a monitoring on your system, using an agentless solution (without Nagios’ nrpe agents), and I will underline some advantages of this useful solution. The target machine will be Linux or Unix Operating Systems.

The need can arise from the fact that some of the Operating Systems do not provide the Nagios’ agent or the customer does not intend to install software of third parties, as the system is considered too critical or the customer wants to avoid discussions with the assistance offered by the system’s vendor.

Read More