Login to participate
Endpoint Management & Virtualization ArticlesRSS

Altiris Monitor Solution – Monitoring and Auditing Systems, Part 4

Antonp's picture
Antonp
May 13th, 2009
Filed under: , ,

SNMP:

By installing the SNMP service, you will enable the system to respond to requests from SNMP management consoles. Installing the SNMP service also adds performance counters for Internet Protocol (IP), Internet Control Message Protocol (ICMP), User Datagram Protocol (UDP), and Transmission Control Protocol (TCP). SNMP allows you to query the current state of many local resources, and also allows you to control a small number of operating system and application parameters.

WMI

Windows Management Instrumentation is Microsoft's implementation of the Web-based Enterprise Management (WBEM) industry-standard management architecture, which attempts to develop a common interface for accessing management information in an enterprise environment.

How you would perform WMI Monitoring with Altiris Monitor Solution

  • You can either use one of the predefined monitor pack rules or create your own if predefined is not available

    imagebrowser image

  • Select "Manage Metric" from the left hand pane as above and select the metric you need or select the plus sign to create a new metric for you performance counter.

    imagebrowser image

  • Metric Type: Would be "WMI"
  • Name: Specify name of the metric "DNS Server Service Status"
  • Polling Interval: Specify time between polling data.
  • Timeout: Leave as default
  • Property/Query: "Property"
  • Name Space: \\.\root\cimv2
  • Class Name: Win32_Service
  • Counter: State
  • Instance: Name="DNS"
  • Select "OK", to save the changes made to the WMI metric.

    imagebrowser image

  • Select the plus sign to create a new rule
  • Give the rule a name "DNS Server Service Status"
  • Metric Type: "Based on Metric" from the drop down.
  • Select "New" to create the conditions of the rule.
  • Metric Type: "WMI"
  • Metric: Previously created metric "DNS Server Service Status"
  • Polling Interval: "Enter time in seconds"
  • Statistic: "None"
  • Condition: "Is"
  • Value Type: "Constant"
  • Value: "Started"
  • Select "OK" to save the changes.

    imagebrowser image

  • Rule Configuration is now set and will now monitor System Related events according to the WMI Metric specified.
  • You can also specify "Rule Repetition", where the you specify how many times the rule has to occur within a specified time frame before an event is logged and notification is sent.
  • Select "Action" to specify an event after the event has been detected.

    imagebrowser image

  • There are various action options to select
    • Create incident
    • Create an NT Event
    • Send E-Mail
    • Many more
  • In this case we chose to send an e-mail notification to the administrator of the Altiris system, every time this event has been detected and poses a potential risk to business.
  • Select "OK" to confirm settings and then select "OK" again to save all changes to the rule

    imagebrowser image

How you would perform System Events Monitoring with Altiris Monitor Solution on Linux operating System

  • You can either use one of the predefined monitor pack rules or create your own if predefined is not available

    imagebrowser image

    imagebrowser image

  • Select the plus sign to create a new rule
  • Give the rule a name "Failed Logins Linux"
  • Metric Type: "Based on Log Event" from the drop down.
  • Select "New" to create the conditions of the rule.
  • Metric: Previously created metric "Syslogged Default Log Linux"
  • Property: "AllData"
  • Condition: "Matches Regular expression"
  • Value: "(error: PAM: .*|pam_unix.+|login.+|ftpd.+)([Aa]uthentication failure|account [^ ]* ?has expired|expired password for user|failed to change password|FAILED LOGIN [0-9]+ FROM|FTP LOGIN REFUSED)|FAILED SU|sudo.+incorrect password attempt|vsftpd:.*FAIL LOGIN: Client|Authentication failed for user"
  • Select "OK" to save the changes.

    imagebrowser image

  • Rule Repetition: Specify the amount of times this event has to occur within a specified time frame before an alert or notification is raised or sent to the Security Administrators.

    imagebrowser image

  • There are various action options to select
    • Create incident
    • Create an NT Event
    • Send E-Mail
    • Many more
  • In this case we chose to send an e-mail notification to the administrator of the Altiris system, every time this event has been detected and poses a potential risk to business.
  • Select "OK" to confirm settings and then select "OK" again to save all changes to the rule

How you would perform System Events Monitoring with Altiris Monitor Solution on Solaris operating System

  • You can either use one of the predefined monitor pack rules or create your own if predefined is not available

    imagebrowser image

  • Select the plus sign to create a new rule
  • Give the rule a name "Failed Logins Solaris"
  • Metric Type: "Based on Log Event" from the drop down.
  • Select "New" to create the conditions of the rule.
  • Metric: Previously created metric "Syslogged Default Log Solaris"
  • Property: "AllData"
  • Condition: "Matches Regular expression"
  • Value: "(su:.*failed)|(sshd.*Failed)|(ftpd.*failed login from)"
  • Select "OK" to save the changes.

    imagebrowser image

  • Rule Repetition: Specify the amount of times this event has to occur within a specified time frame before an alert or notification is raised or sent to the Security Administrators.

    imagebrowser image

  • There are various action options to select
    • Create incident
    • Create an NT Event
    • Send E-Mail
    • Many more
  • In this case we chose to send an e-mail notification to the administrator of the Altiris system, every time this event has been detected and poses a potential risk to business.
  • Select "OK" to confirm settings and then select "OK" again to save all changes to the rule

How you would perform System Events Monitoring with Altiris Monitor Solution on AIX operating System

  • You can either use one of the predefined monitor pack rules or create your own if predefined is not available

    imagebrowser image

  • Select the plus sign to create a new rule
  • Give the rule a name "Failed Logins AIX"
  • Metric Type: "Based on Log Event" from the drop down.
  • Select "New" to create the conditions of the rule.
  • Metric: Previously created metric "Syslogged Default Log AIX"
  • Property: "AllData"
  • Condition: "Matches Regular expression"
  • Value: "(su.* failed)|(sshd.*Failed password for)|(ftpd.*You entered an invalid login name or password)
  • Select "OK" to save the changes.

    imagebrowser image

  • Rule Repetition: Specify the amount of times this event has to occur within a specified time frame before an alert or notification is raised or sent to the Security Administrators.

    imagebrowser image

  • There are various action options to select
    • Create incident
    • Create an NT Event
    • Send E-Mail
    • Many more
  • In this case we chose to send an e-mail notification to the administrator of the Altiris system, every time this event has been detected and poses a potential risk to business.
  • Select "OK" to confirm settings and then select "OK" again to save all changes to the rule
+4 (6 votes)