Now you can start adding hosts to your system. Click the Hosts and Interfaces link in the first line of the Administration menu, and another line appears below that. Select Hosts, which displays the main Hosts Administration page that Figure 1 shows.
Click the Add link, which displays a blank table line where you can start entering details about the host you want to monitor. First, you define the host's name—how you want the device represented within JFFNMS. The next two fields in the host definition are Zone and IP. From the drop-down menu, select the appropriate zone for the first field and enter the device's IP address in the second. Ignore the Tacacs Source IP field (TACACS—Terminal Access Controller Access Control System—is a Cisco Systems authentication mechanism); you don't need it for your Windows servers. Make sure that the Polling check box is selected; this option indicates whether this device should be actively polled by JFFNMS. Leave the Satellite field set at the default option of Local for now.
The next two host-configuration fields are for your ReadOnly SNMP Community and ReadWrite SNMP Community strings; here, enter the community string(s) that you configured for your Windows server, as I explain in the Web-exclusive sidebar "Setting up SNMP." The last two relevant fields are AutoDiscovery and AD Default Customer. AutoDiscovery is extremely helpful because it lets JFFNMS automatically determine many details about your hosts for you. Select the Automagic configuration option for AutoDiscovery. For AD Default Customer, select the customer name that should be applied for new objects that JFFNMS discovers on your target server. Click Submit, and JFFNMS writes your host to its database and returns you to the Hosts Administration page. You can add more hosts one at a time.
After you've added all the hosts you want to monitor, select Hosts from the Views drop-down list at the top of the Hosts Administration page, and you should see an icon-based view of the system(s) you added. That icon might be green, blue, or purple, depending on where JFFNMS is in its autodiscovery process, or red or yellow if JFFNMS has found a warning condition. The autodiscovery process can take more than 30 minutes, depending on schedules assigned to the background tasks that support JFFNMS and because of the amount of processing that autodiscovery requires. Give JFFNMS the time it needs to do its work, and you'll be pleasantly surprised when you check back to see what it's learned.
When JFFNMS has finished autodiscovery, click a device's icon to drill down into the individual interfaces that JFFNMS has found. As Figure 2 shows, JFFNMS has detected useful information about my test server, including the open TCP ports on the system that NmapWin discovered (great for a quick security check), the NIC in my system, the storage subsystems on the server (drive letters and virtual memory), and that it has one CPU. All these items have automatically been made into interfaces, which JFFNMS automatically starts monitoring by using default parameters.
To display more detail about what JFFNMS has discovered about a device, select Hosts & Events from the Views drop-down list. Doing so displays the hosts in your configuration or the interfaces for a specific host with relevant events listed. Each event is timestamped and has an alarm icon next to it when it first appears. When you need to resolve the situation that caused the alarm, you can manually acknowledge events by using the fields at the bottom of the event list. When a situation has caused an alarm, which is subsequently cleared (e.g., a device goes offline for a minute, then returns online), JFFNMS automatically correlates the events and clears them for you. Host icons in this view are blue, purple, green, yellow, or red according to their current status within the system. When I added my test server to my JFFNMS configuration, JFFNMS immediately detected that I was using more than 80 percent of my virtual memory and displayed a yellow warning event, which Figure 3 shows.
I've found that after JFFNMS has fully autodiscovered a device, it's helpful to set the device from "automagic" discovery to "no discovery" because routine networking causes ports on systems to open temporarily, then close. JFFNMS discovers these temporary ports if they're open when it tries to rescan the system and will add them continuously to your host. Eventually, your host might have hundreds of those interfaces, which clutters the system and slows JFFNMS's monitoring. If you add new services to a host, you can always initiate a manual discovery at any time, which I'll explain later in the article.
After JFFNMS has discovered everything it can about your hosts, you can start looking at the hosts in detail and customizing the interfaces (i.e., items to monitor) on each device. In the next sections, I'll discuss sample monitoring situations you might want to set up for your target systems.
Content Checks
If you have Internet services on your device, you might want to perform a content check to ensure that not only the TCP port is available, but that the service (e.g., mail server, FTP server, Web server) on that port responds properly to connection requests. For instance, I want to make sure I always see the string "ESMTP MailEnable Service" in the banner that my mail server returns for an incoming connection. To do this, I define a content check for that specific interface: TCP port 25, the default SMTP port.
To set up the content check, select Administration, Hosts & Interfaces, Hosts, then select the View Interfaces option next to the server for which you want to add a content check. Doing so displays a list of the interfaces defined for your host, which Figure 4 shows. You can customize the properties for any of the specific interfaces shown in the list or delete those that you don't want tested (this is where you'd clean up autodiscovered data that you don't want monitored). If many interfaces are assigned to your host, some of them might be on additional screens; click >>Next (at the bottom of the scrolled page) to move to the next page.
For our specific task—checking the SMTP banner—I'll edit the properties for the interface that's assigned to port 25 by selecting the Edit link to the left of the line item. Doing so displays an editable view of that specific interface. I add "ESMTP MailEnable Service" to the Check Content RegExp object to tell JFFNMS that it not only should check to make sure this port is available but that it receives an appropriate response when it connects to the port. If these conditions aren't met, JFFNMS generates an alert for the interface.
)
Register
AH_employee February 05, 2005 (Article Rating: