Solarwinds and CyberArk Integration

November 7, 2017, 7:25 am

≫ Next: World Map automatic geolocation based on custom properties

≪ Previous: THWACK Monthly Mission - October 2018

Two main reasons to it:

1. CyberArk works as a password vault and hence it can securely store the credentials used by Solarwinds (user name + password)

2. CyberArk comes with certain level of automation as well which can sync/change the password on the tool (for service accounts where there is a restriction to change the password every 'X' days, this feature would come into play where CyberArk automation can be used, if Solarwinds can expose a API or something for automatic password change/sync on Solarwinds tool (credentials section like Windows Cred or SMTP Cred or ....) without any downtime on the tool or without affecting monitoring of devices performed by Solarwinds (without skipping a poll) then it would be a cool feature.

I have seen few idea's in the past with respect to the same:

Password vault integration

Consolidate/Integrate account and password utilization between modules

↧

World Map automatic geolocation based on custom properties

July 17, 2017, 8:30 am

≫ Next: running slow NCM 7.8

≪ Previous: Solarwinds and CyberArk Integration

SolarWinds supports automatic geolocation but this is limited to using the SNMP Location field and it is not always possible for this field to be modified to suit the requirements for geolocation.

I suggest that the geolocation feature be customisable to allow custom properties to be used for the device locations (e.g. longitude/latitude).

SolarWinds suggest using the following process but this is still manual and requires an export/import of the custom properties each time. This process also does not allow the name of each location to be imported (sites show unknown).

Place objects into the map using custom properties

This new feature would automatically update the map if certain custom properties have values (or have had values removed). Examples include:

Newly added devices will be automatically added to the map if values are entered
Newly added devices won't be added if they don't have values entered
Devices will be removed from the map if their values are removed

This request also ties in to a similar request - allowing us to import the location name when importing the coordinates.

Import location name when importing coordinates directly to the worldwide map

(Sorry if there is already a feature request for this; I fail at thwack search if there is)

↧

running slow NCM 7.8

August 3, 2018, 8:10 am

≫ Next: Need Help on Solarwinds Certified Professional : SAM exam

≪ Previous: World Map automatic geolocation based on custom properties

We have recently migrated from NCM 7.7 to NCM 7.8.

The Config Backup Jobs are running extremely slow. In NCM 7.7, it used to complete in less than 3 hours and with NCM 7.8 , it takes 18 hours !!

Has anyone experience this slowness ??

↧

Need Help on Solarwinds Certified Professional : SAM exam

October 12, 2018, 12:26 am

≫ Next: Help with getting Invoke-SwisVerb ExecuteScript working in powershell

≪ Previous: running slow NCM 7.8

Hi Guys,

I need to face for Solarwinds SAM exam in near future, So I have checked the preparation guide @ SolarWinds Certified Professional SAM Exam Preparation Guide - SolarWinds Worldwide, LLC. Help and Support

But all I need to know whether there any practice test or dump available for this? And how much is the pass mark? How many times I can retake the exam?

If anyone of you faced this SCP Server & Monitoring exam, Please help me out...

Thanks,

Nimesha J

↧

Help with getting Invoke-SwisVerb ExecuteScript working in powershell

October 10, 2018, 3:53 pm

≫ Next: How to monitor available disk space?

≪ Previous: Need Help on Solarwinds Certified Professional : SAM exam

Can anyone provide some details on what Invoke-SwisVerb is looking for:

Invoke-SwisVerb -SwisConnection $SwisConn -EntityName Cirrus.ConfigArchive -Verb ExecuteScript ($NCMID, $TestScript, "admin")

I have tried $NCMID with and without ' in it, but same results.

PS W:\> $NCMID

'c51a6a39-25aa-4ce1-8884-ff181f194746'

PS W:\> $TestScript

show clock

Get the following response:

Invoke-SwisVerb : Verb Cirrus.ConfigArchive.ExecuteScript cannot unpackage parameter 0 of type System.Guid[]

At line:1 char:1

+ Invoke-SwisVerb -SwisConnection $SwisConn -EntityName Cirrus.ConfigAr ...

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ CategoryInfo : InvalidOperation: (:) [Invoke-SwisVerb], FaultException`1

+ FullyQualifiedErrorId : SwisError,SwisPowerShell.InvokeSwisVerb

↧

How to monitor available disk space?

October 12, 2018, 10:34 am

≫ Next: THWACK Store Items & FAQ - Updated August 16th, 2018

≪ Previous: Help with getting Invoke-SwisVerb ExecuteScript working in powershell

Hello,

I have setup volume alerts for disk space. They use Orion global settings for Warning at 80% and Critical at 90%. That is all fine and dandy, until we need certain servers to actually have the ability to alert us on a specific disk space amount, say, 1 GB. I don't want to alert on a 1TB drive because it's 90% full....I want to be able to adjust that on per node basis, just like we can do with CPU and Memory.

Is there any way to accomplish that? We are cleaning up "baked in" alerts now and have quite few volumes that need to adjust.

Thanks for your help!

↧

THWACK Store Items & FAQ - Updated August 16th, 2018

September 4, 2012, 7:48 am

≫ Next: Multicast Troubleshooting

≪ Previous: How to monitor available disk space?

Welcome to the pride and joy of the THWACK team - our community-based store! Here, you can spend your hard-earned THWACK points on some amazing items. We're very excited to be able to give back to all who've helped us along the way with feedback, contributions, and your work with the SolarWinds teams. Below are the items available for purchase, and a little information on how the process works.

The THWACK Store can be found here, or by clicking the "SHOP" portion of the THWACK navigation, above.
We have an amazing new and improved order process. Check it our here.
Need more ways to earn points? Click here to find out how.
Having issues with an order? You can contact us here at any time. We'll be sure to get back to you within 2-3 business days.

SolarWinds Stickers

Pack of 5 - 300 points

Geek Buttons

Pack of 5 - 300 points

Foam Hat

500 points

Window Basketball Hoop

1,500 points

THWACK Hammer

1,500 points

Koozie

1,500 points

Retractable Badge Holder

Users. Also Known as "Job Security" - 2,000 points

Retractable Badge Holder

My Boss' Ego is Over-Provisioned - 2,000 points

SolarWinds Lanyard

3,000 points

THWACK Notebook

5,000 points

Laptop Sleeve

5,000 points

SolarWinds Geek Tee

5,000 points

SolarWinds Lab Tee

5,000 points

"Replace User and Try Again" Tee

5,000 points

Threat Hunter Tee

Guardians of Scurity - 6,000 points

"Rage Against the Virtual Machine" Tee

6,000 points

SolarWinds Lab Flask

25 oz - 6,000 points

SolarWinds Polo

8,000 points

SolarWinds USB Drive

8 GB - 8,000 points

Laptop Skin

SolarWinds Buttons - 8,000 points

SolarWinds Socks

Gray with Orange Flares - 10,000 points

SolarWinds Socks

White with Orange Stripes - 10,000 points

SolarWinds Socks

Gray and Orange Argyle - 10,000 points

SolarWinds Raincoat

12,000 points

SolarWinds Socks

Choarcoal and Blue - 12,000 points

SolarWinds Socks

Multi-Colored Triangles - 12,000 points

SolarWinds Socks

Blue with Orange Flares - 12,000 points

SolarWinds Hoodie

12,000 points

THWACK Messenger Bag

15,000 points

THWACK Hammock

15,000 points

Men's Zip-Up Jacket

15,000 points

Women's Zip-Up Jacket

15,000 points

THWACK Bluetooth Speaker

18,000 points

THWACK Backpack

25,000 points

Custom THWACK Cornhole Set

Includes Sandbags - 100,000 points

SolarWinds Beats Headphones

Bluetooth Wireless - 125,000 points

Frequently Asked Questions

Will I lose my spot on the leaderboard or my badges if I purchase an item from the store?

No, you will not lose your spot on the leaderboard nor your badges. However, the store will deduct these points from your available balance. For example, if you have 5,000 points and you purchase a laptop sleeve for 2,000 points, your point value will reflect 3,000 but your spot on the leaderboard will not change. In other words, the leaderboard runs off of your lifetime balance and all of your earned badges will stay in your profile.

Is the shipping cost covered?

Yes. There will be no cost to you.

What countries do you ship to?

United States, Canada, United Kingdom, and Germany are currently the only countries we ship to.

My points were deducted, but I don't live in any of the eligible countries for shipping. How can I get my points back?

Please email thwackstore@solarwinds.com for assistance.

How soon will I receive my item?

After your order has been processed and shipped, you should receive your item within 7-10 business days. If an item is on backorder, you may not be notified automatically. You will receive your item, but it may take up to 30 days to restock the item.

How do I purchase an item from the store?

You will begin the purchasing process in a similar way, but will soon see the changes. You'll be presented with a list of products you're able to purchase. After clicking the purchase button, the item card rotates and presents a "confirm" button.

After clicking Confirm, you will be presented with a shopping cart dialog. Here, you can review the items in the cart, checkout, or keep shopping. A recent feature includes the ability to remove the item from the cart.

A new icon in the header will show you the current number of items in your cart. Clicking this icon will also bring up the shopping cart dialog. No longer will you lose your order if you have to step away!

Clicking the Checkout Now button will transition the dialog to a form that allows you to fill in a new address. Selecting the "Save this information to my user profile" checkbox will make sure your address is pre-populated for any future orders. You'll still be asked to verify your address before shiping.

Once finished, you click on the Complete Order button.

After clicking the Complete Order button, you will then be presented with an Order Complete dialog, explaining what happens next.

Until an order has been confirmed Received by our fulfillment vendor, you will see an order status icon in the header bar next to your login name. The number next to the icon indicates the number of open orders.

Clicking this icon will present an Order Status dialog that shows the fulfillment stage the order is in, along with a link to track the package it has already been shipped. You'll also note orders can be in three major stages: Order Submitted, Order Processing, and Order Shipping

Questions? Feel free to post a comment below.

↧

Multicast Troubleshooting

October 4, 2015, 11:32 pm

≫ Next: Cisco VPN bandwidth usage by user

≪ Previous: THWACK Store Items & FAQ - Updated August 16th, 2018

Hi,

NPM currently provides Multicast monitoring. However, we find multicast troubleshooting still fairly complex ..It would be good to have a Multicast Troubleshooting tab that incorporates the following -

1. Check Multicast Source

2. Check Multicast Network

3. Check Multicast Receivers

Source / Reciver checks -

show ip igmp groups

show ip mroute

Network checks -

show ip pim neighbor

show ip pim rp mapping

mtrace

mstat

mping

Some of these basic features could be a part of Engineers Toolset (Under the Enhanced Ping) while NM could have a tab under Multicast.

regards

↧

Cisco VPN bandwidth usage by user

September 12, 2013, 6:59 am

≫ Next: DiscoverVolumesOnNode and AddVolumesonNode verbs

≪ Previous: Multicast Troubleshooting

I would like to see the ability to report bandwidth usage by the user account when connected via VPN. When a user connects via VPN and browses the internet this traffic is not reported as being sourced from the VPN IP that the user was assigned, but by the firewalls outside interface IP. This makes it impossible to know how much internet bandwidth this user used while connected to the VPN. The username and source/destination IPs are reported in the firewalls syslog, so a way to correlate this information into a report would be very handy.

Thanks,

Abel

↧

DiscoverVolumesOnNode and AddVolumesonNode verbs

November 19, 2015, 7:08 pm

≫ Next: How did you do in... THWACK MONTHLY MISSION - SEPTEMBER 2018

≪ Previous: Cisco VPN bandwidth usage by user

Hello,

I would like the above verbs to be added to the Orion API so that I can programmatically and in an automated manner discover and add volumes into my SolarWinds environment. Currently this is a manual process that runs several times a day and eats up several man hours every month to just add the new volumes found in a discovery Thanks!.

↧

How did you do in... THWACK MONTHLY MISSION - SEPTEMBER 2018

September 28, 2018, 8:03 am

≫ Next: Attaching comments to reserved addresses in IPAM?

≪ Previous: DiscoverVolumesOnNode and AddVolumesonNode verbs

Let me know how did you do... It's just for fun...

↧

Attaching comments to reserved addresses in IPAM?

October 3, 2018, 7:45 am

≫ Next: IPAM DNS Scanning

≪ Previous: How did you do in... THWACK MONTHLY MISSION - SEPTEMBER 2018

Apologies for asking possibly silly questions.

Can we add comments to particular entries, so we can retain the full entries from our outgoing hosts file?

How ?

↧

IPAM DNS Scanning

October 5, 2018, 11:01 am

≫ Next: UDT not showing MAC address and connected device on ports

≪ Previous: Attaching comments to reserved addresses in IPAM?

Finally getting around to adding DNS to IPAM and a question came up that I didn't have an answer for.

Is there any reason we should add all of our DNS servers to IPAM? We have 7 domain controllers currently, but I have only configured one to allow zone transfers - merely testing at this phase. But later down the road, is there any reason to add the remaining servers?

Thanks in advance!

↧

UDT not showing MAC address and connected device on ports

June 7, 2018, 5:52 am

≫ Next: Unmonitor Ports AND Rogue Endpoints in UDT

≪ Previous: IPAM DNS Scanning

It seems that after changing switch devices from SNMPV2 to SNMPv3 UDT no longer show port information. NPM info all looks good interface , hardware monitoring etc.... all good

↧

Unmonitor Ports AND Rogue Endpoints in UDT

August 23, 2018, 7:01 am

≫ Next: IPAM update subnet range through SWIS?

≪ Previous: UDT not showing MAC address and connected device on ports

I need someone to explain how UDT and Rogue Endpoint detection should work. It seems miserably flawed to me and support is giving me the run around saying it's doing what it should be doing. If that is the case the product is severely crippled for our intended use case.

Our plan was to use UDT to monitor rogue endpoints when they show up on certain networks. We use all the other functions as all that integrate with IPAM as well. The problem we are seeing is that when you add a node from Orion or discover ports, it brings in all endpoints it sees even on trunk ports and adds them to the rogue device list. We want to start by monitoring and then whitelisting only devices connected to ports that are not secured in a data closet or data center. This approach is taking small bites off of the network evaluating endpoints that are not on our whitelists (initially comprised of AD exports and VM exports of known MACs, we only use MAC whitelisting as anything else doesn't really make much sense in our environment) and then deciding if they should be whitelisted, removed, or perhaps watched. Call it poormans NAC if you will but for now it's better than nothing.

Now here is the problem, when a node is added, or ports are discovered it starts monitoring all the ports by default. When it monitors things like trunk ports it brings in endpoints that at that moment are out of scope. So using common sense we decided OK lets just unmonitor those ports in UDT, if it's not monitoring the port it won't see the endpoint and those will go away. Well they don't, they remain and the endpoints on the unmonitored ports stay on our rogue device list indefinitely. The endpoint marks it as Last Seen: CURRENT which makes no sense if I'm not monitoring the port. I then took one step further and deleted the port from UDT, no change. I then, per support, wiped all data relating to UDT and started over, re-added a switch and router, performed the same steps and ended up with every endpoint it could see because it started monitoring all ports when added. Trying to create my own work around I decided to limit which ports it monitored as part of the discovery (UDT Settings --> Advanced Settings --> Monitored Port Types) Set this to only include the ethernetCsmacd (6) type which would exclude trunk ports etc. No luck the discovery by default ignored this setting and attempted to discover all available ports. So this setting does ?, nothing?

After going back and forth with support asking why I'm getting endpoints showing as current, why it's monitoring all ports, why they won't fall off the rogue device list (which we have set to "Past Hour"), and how someone is supposed to accomplish our use case.... the answers I received were start over, or whitelist all devices that are showing and review devices going forward. Well that last one violates pretty much every concept of whitelisting and authorized device review by blindly trusting that what we have in current state is good, awful idea. Not sure the point of UDT Rogue Device if for every device that shows up you just whitelist it, or as also suggested enable the 3 default rules for MAC, IP, and DNS to whitelist all nodes.... again not sure why you would want to ever do this if you WERE interested in reviewing and managing the devices on your network. I also can not get a good answer as to why when I unmonitor a port do the endpoints on that port remain, as if it's monitoring the endpoint now instead? We set retention settings to 1 day, ran database maintance and have waited 5 days and no change the endpoints all remain on the Rogue device list all marked as CURRENT.

HELP!! Can someone, anyone explain how this is supposed to work? I'm being told that this is normal but then that it's also not normal, and then silence from support. I'm doing 1. what the sales team said is normal and reasonable 2. The steps that are defined here:

https://www.solarwinds.com/-/media/solarwinds/swdcv2/licensed-products/user-device-tracker/resources/whitepaper/udt_wp_detect_prevent_rogue_devices.ashx

"Our first objective is to identify those devices (nodes and endpoints) that connect to the network. This information will then help us create device profiles and help us determine which devices are authorized."

"Our second objective is to identify and verify which devices are authorized to use the network and to construct access controls using whitelists"

↧

IPAM update subnet range through SWIS?

September 25, 2018, 11:41 am

≫ Next: What We’re Working on for Log Manager (Updated September 17th 2018)

≪ Previous: Unmonitor Ports AND Rogue Endpoints in UDT

Is there a way we can update subnet range through SWIS? I have a lot of subnets which don't have range populated & would be helpful to do it via an API.

↧

What We’re Working on for Log Manager (Updated September 17th 2018)

June 4, 2018, 9:17 am

≫ Next: Orion Dark Theme Option

≪ Previous: IPAM update subnet range through SWIS?

Log Manager for Orion 1.1 has shipped and we’re already hard at work building the next release. Here’s what we’re working on:

Windows Event support– you can currently leverage the Event Log Forwarder to transmit Windows Events as syslog to LM. We are working on native support for Windows Events.
Log Forwarding - forward important log data to other applications via a LM Log Rules, while optionally preserving the Source IP address.
Log Manager Rule Enhancement including processing order adjustment, pre-populated drop-down menus and field extraction.

↧

Orion Dark Theme Option

February 1, 2017, 9:25 am

≫ Next: Log & Event Manager 6.5 is now Generally Available

≪ Previous: What We’re Working on for Log Manager (Updated September 17th 2018)

Please provide the option to switch the website into a "Dark Theme"

Not only is this an often preferred experience for users, but it is a very standard practice in most NOC environments where the overhead lights are generally dim (think Mission Control)

Ideas:

↧

Log & Event Manager 6.5 is now Generally Available

September 17, 2018, 3:29 am

≫ Next: Alerts - Allow the email subject and body to be customized

≪ Previous: Orion Dark Theme Option

I am pleased to announce general availability of LEM 6.5, which introduces the ability to forward raw log data to other applications and support for LEM on Azure. If you are a customer on active maintenance, this is now available in your customer portal. If you are not an existing customer and interested in downloading a 30-day evaluation, you can do so here. This release includes the following features:

Log Forwarding: LEM now includes the ability to forward raw log data from both syslog and agent devices. This log data can be forwarded to any application including SIEM and log management tools which support syslog ingestion. Both RFC3164 and RFC5424 syslog formats are supported. You can view the steps to enable log forwarding here.

Azure Deployment: LEM 6.5 provides greater flexibility on where you deploy your LEM appliance thanks to official support for deployment on Microsoft Azure. You can now deploy LEM in the cloud and transmit both your on-premises and cloud based log data to LEM.

For more information on this release, please see the LEM 6.5 Release Notes

The SolarWinds trademarks, service marks, and logos are the exclusive property of SolarWinds Worldwide, LLC or its affiliates. All other trademarks are the property of their respective owners.

↧

Alerts - Allow the email subject and body to be customized

February 27, 2014, 1:02 pm

≫ Next: Change the (order of the) colors in the charts

≪ Previous: Log & Event Manager 6.5 is now Generally Available

I want to be able to customize the email subject and body for DPA alerts, including choosing dynamic data fields so I can deliver the information users need in the order they need it.

↧

Frequently Asked Questions

Latest Images