Network Device Monitoring Settings

The program's main function is monitoring current state of your network. Its operation is based upon periodical polling of each device on the network map. You can configure several different checks for each network device. The results of the checks will be signaled to you through the corresponding signaling channels. The program runs several threads for checking multiple network devices simultaneously. You can customize the number of threads to be run at the same. You can also configure the period of time to wait between consequent checks; i.e. for how long a device is not to be polled. This allows reducing network load by cutting the number of check packets sent over the network when the program is running. The upcoming versions of the program will have new check types on the regular basis. The following types of network monitoring checks are currently available in the program:

• TCP port monitoring
• ICMP ping monitoring
• DNS monitoring
• ARP monitoring
• SNMP monitoring
• SNMP traps receiving and monitoring
• Switch port monitoring
• WMI monitoring
• Printer monitoring
• FTP monitoring
• HTTP monitoring
• NetBios monitoring
• Service monitoring
• Process monitoring
• Installed software audit (monitoring)
• Event log monitoring
• Folder existence monitoring
• File existence monitoring
• File size monitoring
• File date/age monitoring
• Disk space monitoring
• CPU load/usage monitoring
• Mapped drive monitoring
• External application monitoring
• Java-Script monitoring
• Visual Basic Script monitoring
• MS SQL server monitoring
• MySQL server monitoring
• ODBC database server monitoring

TCP port
During this check, the program attempts to connect to a specified TCP port. If the connection is successful – the check is accepted as passed; otherwise the check is accepted as failed.

ICMP ping
During this check, the program sends a data packet formed according to the ICMP protocol to the target device with the specified address. If a response from the device is received, the check is accepted as passed.

DNS
During this check, the program sends a DNS query to the target DNS server. As a query, you can specify a domain address, which needs to be converted to IP address. If an answer from the server is received, the check is accepted as passed.

ARP
During this check, the program tries to detect MAC address by host address. If MAC address is received and it is equal to the specified MAC address, the check is accepted as passed. You can monitor MAC address changes using this feature.

Fig. 1: MAC address monitoring.

SNMP
During this check, the program monitors changes of parameters of active network equipment (routers, access points, printers, etc.) via SNMP protocol. Specify SNMP agent's address, community string, OID, value type, and the necessary value or substring to be checked. If detected values are equal to the specified values or contain the specified substring, the check is accepted as passed. For example, you can monitor router's capacity and rise alerts on traffic overload.

Fig. 2: SNMP monitoring.

See also: SNMP traps.

Switch port
All hosts connected to a switch are registered in it in a special MAC address table and in a port table. These tables set the correspondence between physical addresses (MAC) of the hosts and ports of the switch. This scanning allows to promptly respond to changes in this data related to the selected host. To ensure the successful scanning, define the list of IP addresses of all switches in the network, their Community (data access password) and original values of port parameters and IP addresses of the switch, in which the host is to be registered. The scanning routine periodically retrieves host registration data from the switch and compares it to the original parameters. If the host, for example, is found on a different switch or on a different port, the program will notify you of that.

WMI
During this check, the program monitors the state of some Windows parameters via WMI (Windows Management Instrumentation). To get the current value of some parameter, you need to know its name and the corresponding WMI class which represents the parameter. The program can run arbitrary queries written in WQL (a language similar to SQL) and analyze the results.

For example,

1) to get the free space available on the disk C: you will need to run the following query:

select FreeSpace from Win32_LogicalDisk where Name = "C:"

After that, you will need to select the FreeSpace data field from the list and define a condition (more/less) for analyzing the result value.

2) to monitor the CPU load you will need to run the following query:

select PercentProcessorTime from Win32_PerfFormattedData_PerfOS_Processor where Name = "_Total"

After that, you will need to select the PercentProcessorTime data field from the list and define a condition (more/less) for analyzing the result value.

3) to monitor the free RAM size you will need to run the following query:

select AvailableMBytes from Win32_PerfFormattedData_PerfOS_Memory

After that, you will need to select the AvailableMBytes data field from the list and define a condition (more/less) for analyzing the result value.

Warning! WMI may need to be configured on your machines if you want to run WQL queries on remote computers. Remote WMI execution can fail with default Windows security settings. Learn more: WMI troubleshooting.

Printer
During this check, the program monitors the state of locally-connected printers (these can be networked printers configured for printing via network but installed as a local printer on the system). The printer monitoring check allows you to find out whether the networked printer is ready before sending documents for printing to it. This check can be useful when users treat claims to a system administrator that the remote printing does not work. The administrator can check the printer remotely, watch the printer's current state, and take some measures if necessary.

Warning! This check operates via WMI (as the previous WMI check). Remote WMI execution can fail with default Windows security settings. Learn more: WMI troubleshooting.

FTP
During this check, the program monitors the state of FTP servers. The program tries to connect to the FTP server with the specified username and password. In addition, you can configure a proxy server with necessary authorization data.

HTTP
During this check, the program monitors the state of web (HTTP) servers. The program tries to connect to the HTTP server and get the specified document from it. In addition, you can configure authorization data and proxy server. You can also monitor the web page's content and raise alerts when the content is changed or a necessary substring is not found.

NetBIOS
During this check, the program tries to detect MAC address by host address using connection to NetBIOS service. If MAC address is received and it is equal to the specified MAC address, the check is accepted as passed.

Service state
This check allows monitoring the state of Windows NT services. The software will periodically poll the specific service on a local or remote computer and respond to the change of its state. Thus, the software helps to respond promptly to a possible halt (breakdown, for instance) of an important service. For the response action, you can set an attempt to restart the service automatically or even reboot the computer.

Process exists
This check searches for a specific process on the list of processes on a local or remote computer every certain period of time. This check can be helpful in situations where you need to make sure that users on remote computers do not run specific applications (games or media players, for example) or the other way around, i.e. you need to promptly respond to the unload of a certain application (a long-lasting process, for example).

Installed software audit
This check allows you to monitor the list of installed applications on a remote computer. The program will remember the list of existing programs and compare it with the actual list. When new or deleted programs are detected, the program will rise an alert and notify you about this. When the program is being closed, the list of installed applications will be saved to a file and will be loaded again on the next start.

Event Log
This check allows you to monitor Windows Event Log and its records. The program can read Event Log records and notify you about new critical events. Configure filters and categories for more flexibility. For example, you can monitor error messages only. Or, you can monitor records from some certain program or service. The program can also search for necessary key words in records' message text and notify you when such records occur.

Folder exists
During this test, the program checks whether the specified folder is available on a remote or local computer. In case with the remote computer, you will need to open access to the folder to be checked. Along with checking whether a folder exists, the program can check how many files are available in that folder and its subfolders. The check can return several results, indicating cases like number of files changed, folder not found, folder found, etc.

File exists
During this test, the program checks whether the specified file is available on a remote or local computer. In case with the remote computer, you will need to open access to the folder that contains the file to be checked. Along with checking whether a file exists, the program can check whether a specified string is available in that file. This may be helpful for viewing other program's logs. If you do not specify a search string, the program will attempt to open the file for reading. The check can return several results, indicating whether the sought file is or is not available, search string is or is not found, and the target file was or was not open.

File size
During this test, the program checks size of the specified file on a remote or local computer. In case with the remote computer, you will need to open access to the folder that contains the file to be checked. The check can be useful for managing size of other programs' log files, swap files, etc. The check can return several results, indicating situations when the size of the specified file changes one way or the other.

File date/age
This monitoring check allows you to monitor a file's age (or date/time). You can configure the monitoring of the file last access or modification date. When the date is changed, the program will notify you about that. If you want to monitor date of a file which is stored on a shared folder you can provide authorization credentials for accessing that share.

Disk space
During this test, the program monitors the amount of free space available in the specified folder or logical disk on a remote or local computer. In case with the remote computer, you will need to open access to the folder or disk to be checked. The check can return several results indicating the change of the amount of free space in the specified folder or logical disk.

CPU usage
With the help of the CPU usage monitoring check, the program monitors the current CPU load on a remote computer.

You can configure the critical CPU usage limit in per cent and the time period. If CPU is loaded higher than the limit during the specified period of time, the program will generate an alert and send a notification to you. Thus, you can monitor and detect hung processes on servers and workstations. Set the Attempts parameter to more than 1 to prevent false detections in case of temporary high CPU loads.

The CPU usage monitoring check can get the CPU load data via WMI or SNMP. Select a necessary access method when you are creating this check. The program will pre-configure the selected type of check for accessing the CPU load data on a remote system. WMI can operate on Windows systems only. SNMP can work on a variety of operating systems including network hardware like manages switches, routers, etc.

Mapped drive
This check tests whether a mapped drive is connected on a remote PC. Sometimes, some critical information is stored on a mapped drive and you would like to monitor the mapped drive availability. If a critical mapped drive is unmounted on a remote server, you will be notified about this in time.

Warning! Mapped drives are mounted for each user individually. I.e. if the user1 account has the M: mapped drive, the user2 account of the same workstation will possibly not have the same M: drive mounted. To configure the mapped drive monitoring check, you need to know the correct user account which should have the necessary mapped drive connected. The check also allows you to monitor the network share path which is connected as a mapped drive.

Warning! This check operates via WMI (as the WMI check). Remote WMI execution can fail with default Windows security settings. Learn more: WMI troubleshooting.

External Application
During this test, the program runs an external application or your own command file. The application returns an exit code (integer value) and the check compares the code with a specified value.

Java Script
During this test, the program runs a Java-Script command. The source code of the script is configured in the check settings. You should point to the main function which will be executed. If the function returns the "OK" string, the check is successful. Otherwise, the check is failed.

Visual Basic Script
During this test, the program runs a Visual Basic Script command. The source code of the script is configured in the check settings. You should point to the main function which will be executed. If the function returns the "OK" string, the check is successful. Otherwise, the check is failed.

MS SQL Database
MySQL Database
Database Server (ODBC)
These checks allow you to monitor database servers and receive alerts on failures. The program will connect to a database with the configured authorization parameters. If the program connects to the database successfully, the check will be considered as passed. Moreover, the program can run arbitrary SQL queries, get the results, and analyze the returned values.

Note: The MySQL check requires the LibMySQL.DLL dynamic library file. It can be located in the program's folder or in your Windows system folder.

The MS SQL check requires the MS SQL client to be installed on the local computer.

 

To set the number of checks to be performed for each device on the map, right-click on the object on the map and then select the Monitoring settings… item on the context menu that appears. The Monitoring settings window will appear.

Fig. 3: The Monitoring settings window.

 

This window displays the list of configured monitoring checks for the selected device. To add a new check, click on the Add button; to edit an existing one - click Edit; to delete a check – click on the Delete button. To change the period of time the program must wait between the consequent checks, edit the value in the corresponding edit box ("Check interval"). To disable a check temporarily, simply clear the checkbox by the check to be disabled.

You can assign an unique description to every check. This description can be contained in a message that will be displayed on the screen, sent via SMS or e-mail, or recorded to the log file when an alert raises. Learn more on the %DSC key in the alert settings topic. To assign a description to a monitoring check, select the check in the list and click Description. Enter the description text and click OK.

Note: After you have made any changes in the check settings or check intervals, please save the current map, for all monitoring settings are stored in that map's file.

When a new device is added to the map (manually, from the scanning results, from the network tree, etc.), the program will automatically assign the following checks to it: ICMP ping with the parameter values set by default, and TCP port with the following default settings: port - 139 (netbios), wait state - 500 ms. The check period for that device will also be set automatically (the default check period can be customized). These settings can be changed manually at any time.

You can configure Scheduled downtime for particular servers. The program does not rise alerts when server reboots during specified period of time.

Fig. 4: The Monitoring settings window - scheduled downtime.

While the program monitors network devices, it collects the response times and stores all the values in the internal file database for displaying charts and generating statistics reports. If there are quite a lot of devices being monitored on the network map, the size of the files storing the stats can reach hundreds of megabytes per year. You can turn off storing the stats for particular devices on the Stats tab of the Monitoring settings... window.

Fig. 5: The Monitoring settings window - storing stats.

Remove the selection from the "Store response time stats" setting for non-critical network devices (user workstations, for example).

On this window, you can also see the file size occupied by the stats database (for selected hosts and for all hosts on all maps). You can clear the stats for the selected hosts by clicking the "Clear stats for selected hosts" button.

The program can draw charts and generate colorful statistics reports on the basis of gathered response time data. To see the response time charts in real-time, select a device (or several devices), call the context menu, and select the "Charts and Statistics" item.

You can also generate and export the response time statistics reports to the RTF, PDF, HTML, XLS, CSV file formats. To do this, please select a device on the map and click the "Reports | Response time statistics report" main menu item. Or click the corresponding link on the chart window (see Fig.6).

The program can automatically manage the statistics file size and delete it when necessary.

On the Additional parameters tab, you can select whether the program should run further checks after the first check is failed (or succeded) or not. This helps decreasing the network and CPU load.

Fig. 6: The Monitoring settings window - additional parameters.

The program runs a new monitoring process for every loaded or created network map (if the Monitoring is turned on option is turned on in the monitoring program settings). You can stop the monitoring process for the current or for all loaded maps using the main menu item Monitoring | Stop monitoring the current map's devices (or Stop monitoring devices on all maps). The monitoring stopping process can take some time. Please wait until it finishes.

You can force monitoring checks to run for several selected devices on your map. To do this, select necessary devices on the map and click the main menu item Monitoring | Check selected devices (or press the Space bar).