administrator guide - akips · 8.2 pagerduty 79 8.3 slack 79 9 availability 81 9.1 settings 81 10...

Administrator guideAKIPS Release 20.9

Copyright notice

© 2020 AKIPS Holdings Pty Ltd

All rights reserved worldwide. No part of this document may be reproduced by any means, nor modified, decompiled, dissembled, published or distributed, in whole or in part, or translated to any electronic medium or other means, without the written consent of AKIPS Holdings Pty Ltd. All rights, title and interest in and to the software documentation are and shall remain the exclusive property of AKIPS and its licensors.

All other trademarks contained in this document are the property of their respective owners.

Disclaimer

AKIPS disclaims all warranties, conditions or other terms, expressed or implied, statutory or otherwise, on software or documentation furnished hereunder including, without limitation, the warranties of design, merchantability or fitness for a particular purpose and non-infringement. In no event shall AKIPS, its suppliers or its licensors be liable for any damages, whether arising in TOR contract or any other legal theory, even if AKIPS has been advised of the possibility of such damages.

Publication history

Edition Software release Date

6 20.9 June 2020

Publisher

AKIPS, PO Box 3422, Shailer Park, Queensland, 4128, Australia

Email: [email protected]

Website: https://www.akips.com

2

Contents

1 About this guide 12

1.1 Conventions used in this guide 12

1.1.1 Text 12

1.1.2 Syntax 13

1.1.3 Notes, tips & cautions 13

2 Overview 15

3 AKIPS settings 16

3.1 System settings 16

3.1.1 Changing settings 16

3.1.2 Platform 17

3.1.3 Hostname 18

3.1.4 Interface vtnet0 18

3.1.5 Default gateway 19

3.1.6 Static routes 19

3.1.7 Name servers 19

3.1.8 NTP 19

3.1.9 Timezone 20

3.1.10 Email server 20

3.2 Private AS numbers 20

3.3 SSL certificate 21

3.3.1 Internal CA template 21

3.3.2 External CA template 22

3

3.3.3 Installing an SSL certificate 22

3.4 Service forwarding (fanout) 23

3.5 Miscellaneous settings 24

3.5.1 Changing settings 25

3.5.2 Syslog/trap history 25

3.5.3 Temperature scale 25

3.5.4 Adaptive polling 26

3.5.5 Tune interface title 26

3.5.6 Tune interface state 26

3.5.7 Tune interface speed 26

3.5.8 HTTPS only 27

3.5.9 Unused reports 27

3.5.10 CGI debugging 27

4 Discover/rewalk 28

4.1 Settings 29

4.1.1 Daily discover schedule 29

4.1.2 Pingscan ranges 29

4.1.3 SNMP parameters 31

4.1.4 Existing SNMP parameters 32

4.1.5 Devicematch rules 32

4.1.6 Devicenaming scheme 33

4.1.7 Strip domain names 33

4.1.8 Optional features 33

4.1.9 Interface types 34

4.1.10 Discover/rewalk process 34

4

4.2 System logs 35

4.2.1 Discover 35

4.2.2 Rewalk 39

4.2.3 Single device 39

4.2.4 Hourly interface speed 40

4.2.5 Hourly interface title 41

4.2.6 Hourly IP tables 41

4.2.7 Hourly MAC tables 42

4.2.8 Hourly SNMPv3 engine IDs 42

4.2.9 Discovered devices 43

4.2.10 Pingscan results 43

4.2.11 SNMPscan results 43

4.2.12 Excluded devices 44

4.2.13 MAC address table 45

4.2.14 IP address table 45

4.2.15 IP address to name 46

4.2.16 SNMP walk results 46

4.2.17 SNMP walk failures 47

4.3 Other discover/rewalk reports & tools 48

4.3.1 Discover summary 48

4.3.2 SNMP walk statistics 49

4.3.3 Pingonly device 49

4.3.4 Single SNMP device 50

4.4 Troubleshooting 51

5

4.4.1 SNMPscan output 51

4.4.2 Adding a regex rule 51

4.4.3 Disabling a regex rule 53

4.4.4 Duplicate SNMPv3 engine IDs 54

4.4.5 Duplicate SNMPv2MIB sysNames 55

4.4.6 Duplicate MAC addresses 55

4.4.7 Locating missing devices 56

5 Grouping 58

5.1 Auto grouping 58

5.1.1 Hierarchy of super groups 59

5.1.2 Adding groups 60

5.1.3 Renaming groups 60

5.1.4 Assigning components 61

5.1.5 Empty groups 62

5.2 Manual grouping 63

5.2.1 Adding groups 63

5.2.2 Renaming groups 64

5.2.3 Assigning/removing components 64

5.2.4 Deleting groups 65

5.2.5 Grouping rules 65

5.2.6 Deleting broken rules 65

6 Event handling 66

6.1 SNMP traps 66

6.1.1 Additional credentials 66

6

6.1.2 Troubleshooting 67

6.2 Filtering syslog & SNMP traps 68

6.2.1 Creating a filter 68

6.2.2 Removing a filter 69

6.3 Filtering event notifications 69

6.3.1 Unwanted notifications 69

6.3.2 Interface warnings 70

6.3.3 Network noise 70

7 Alerts 72

7.1 Status alerts 72

7.1.1 Filters 73

7.1.2 Actions 73

7.1.3 Status attributes 73

7.2 Examples of status alert configurations 74

7.2.1 Catchall rule 74

7.2.2 Muting spanningtree alerts 74

7.2.3 Filtering unwanted ping & SNMP alerts 74

7.2.4 Troubleshooting 74

7.3 Syslog alerts 75

7.3.1 Filter 76

7.3.2 Message volumes 76

7.4 Threshold alerts 76

7.4.1 Filter 77

7.4.2 Threshold attributes 78

7

7.5 SNMP traps 78

7.5.1 Filter 79

7.5.2 System log viewer 79

8 Integration 80

8.1 Opsgenie 80

8.2 PagerDuty 81

8.3 Slack 81

9 Availability 83

9.1 Settings 83

10 Report scheduling 84

11 Config crawler & viewer 86

11.1 Crawler settings 86

11.1.1 Script & device rules 86

11.1.2 Run 86

11.1.3 Crawler Log Viewer 87

11.2 Config Viewer 87

11.2.1 Last change 87

11.2.2 Current revision 88

11.2.3 Compare revisions 88

12 NetFlow 89

12.1 Protocols 90

12.1.1 Unknown ports 90

8

12.1.2 Port names 91

12.1.3 Deleting ports from list 91

12.1.4 Resetting list 91

12.2 NetFlow meters 92

12.2.1 Deleting data 92

12.2.2 Dashboard 93

13 Switch port mapper 94

13.1 Functionality 94

13.1.1 Settings 94

13.1.2 Switch port mapper collector 95

13.1.3 ARP tables collector 95

13.1.4 Bridge tables collector 95

13.1.5 VLAN tables collector 96

13.1.6 VLAN auto grouping 96

13.1.7 Automated VLAN groups 96

13.1.8 Pingscan settings 96

13.1.9 Excluding devices from switch port mapper data collection 97

13.1.10 Excluding devices from ARP data collection 97

14 Admin user tools 99

14.1 Profile selector 99

14.2 Muting alerts 100

14.2.1 Hiding unused reports 100

9

15 Additional tools 101

15.1 Settings History 101

15.1.1 View & compare 101

15.1.2 Last change 101

15.1.3 Download 102

15.1.4 Recover a config 102

15.2 Ping/SNMP walk features 103

15.2.1 Ping/SNMP fields 103

15.2.2 Pings 105

15.2.3 SNMP walk 105

15.2.4 SNMP walk download 106

15.3 Traceroute 106

15.4 Packet capture 107

15.4.1 Results 107

15.4.2 Download 107

15.5 Device editor 108

15.6 Mapping device to IP address 109

16 Access control 110

16.1 Authentication 110

16.1.1 Local (Unix) 110

16.1.2 LDAP 111

16.1.3 RADIUS 113

16.1.4 TACACS+ 114

16.2 Profile groups 114

16.2.1 Creating a profile group 115

10

16.2.2 Settings 115

16.2.3 Deleting a profile group 116

16.3 User accounts 116

16.3.1 Adding an account 116

16.3.2 Settings 117

16.3.3 Deleting an account 117

16.3.4 Changing a password 118

16.3.5 Muting alerts 118

17 Requesting a MIB object 119

11

About this guide

This guide aims to assist administrators in using AKIPS Network Monitoring System.

Conventions used in this guide

Text

Formatting used throughout this document to define certain text: • keywords, menu names, menu options and field names are shown in bold,

e.g. Go to Admin > System > System Settings

• links, including to websites and email addresses, are shown in blue, e.g. https://www.akips.com

• code is shown in monospace. Further:

– command syntax is shown in red, e.g.

{ddd} {hh:mm} to {hh:mm}

– input is shown in blue, e.g.

tf dump last7d

– output is shown in cyan, e.g.

cisco-74-1-1 sys ip4addr = 10.74.1.1

12

1

1.1

1.1.1

Syntax

Command syntax and variables are formatted as follows:

• command keywords are typed exactly as they appear in the API syntax

• parameters (fields expecting a substituted value) are contained within braces, e.g.

{type} {value}

• optional parameters are contained within square brackets, e.g.

[index,{description}]

• optional parameters may be nested, e.g.

mlist {type} [{parent regex} [{child regex}

[{attribute regex}]]]

• for values separated by a | (pipe), choose one option only, e.g.

[any|all|not group {group name} ...]

• multiple parameters will have ellipses, e.g.


Throughout this document, syntax may be formatted across multiple lines for instructional purposes. Commands should be run in a single line.

Notes, tips & cautions

The following icons identify key information:

Note

Necessary information to ensure a successful outcome.

13

1.1.2

1.1.3

Tip

Useful information to help you to optimise performance or avoid pitfalls.

Caution

Vital information necessary to avoid the risk of data loss or damage.

14

OverviewAKIPS is an integrated suite of network monitoring tools designed to help you to:

• monitor the performance of your network

• collect and store data about network events

• generate alerts

• collect data about network traffic flow

• and more.

AKIPS is continuously updated as new MIBs become available. Each time you upgrade your version of the software, you will gain access to these.

15

2

AKIPS settingsMost settings were defined when AKIPS was installed and can be changed, if required.

Most settings are grouped as:

• system settings: how AKIPS operates

• general settings: what AKIPS monitors

• user settings: who can access tools and reports.

System settingsThe system settings provide details of the AKIPS operating environment.

Changing settings

System settings which you can review and update include:

• platform • hostname • interface vtnet0 • gateways • static routes • name servers • NTP

16

3

3.1

3.1.1

• timezone • email server.

To change system settings:

Go to Admin > System > System Settings.

Make any changes necessary (see guidance in the following subsections) and then click Save.

Some changes to system settings require a system reboot.

To reboot the system server:

Go to Admin > System > System Shutdown.

Click Reboot Server. The system server will reboot and restart the AKIPS software, applying any new settings.

Platform

The platform refers to the operating environment used to run AKIPS. Select the appropriate platform from the list:

• Physical Hardware

• Hyper-V Guest

• QEMU Guest

• Virtual Box Guest

• VMware Guest.

When the platform type is set for VMware Guest, AKIPS will install and activate the VMware Guest tools. Guest tools are not required for other virtual environments.

17

3.1.2

Hostname

A hostname is a domain name assigned to the AKIPS system server. This is a combination of the server (host) local name and its parent domain name.

The hostname must be an FQDN owned by your organisation. Do not use an invalid domain name, such as domains ending in .local, .int or .home

E.g. netmgr1.mybiz.com consists of:

• a local hostname:

netmgr1

• and the organisation's domain name:

mybiz.com

Hostnames may contain only:

• letters A through Z (not case sensitive) • digits 0 through 9 • hyphens (-).

A hostname cannot start or end with a hyphen.

Interface vtnet0

This setting refers to the network location (IP address) of the vtnet0 interface, which links the system server to the network. In the text boxes, type the:

• IPv4 Address and IPv4 Netmask OR

• IPv6 Address.

Reboot the system after changing the IP address.

18

3.1.3

3.1.4

Default gateway

The default gateway is the network location (IP address) of the router which AKIPS will use to reach the network.

In the text boxes, type the:

• IPv4 Gateway Address OR

• IPv6 Gateway Address.

Static routes

To add static route rules:

In the Static Routes fields, type the Net (subnet mask) and Gateway (IP address) details for each rule.

Click Save.

To remove an entry, clear the text boxes and then click Save.

Click Show Routing Table to see a list of all static route rules.

Name servers

This setting refers to the DNS responsible for your organisation’s domain tree structure and domain name resolution.

In the IPv4 Nameserver or IPv6 Nameserver box, type the network location (IP address) for your organisation’s DNS.

NTP

The NTP server is responsible for keeping accurate time across the network.

In the NTP Server box, type the network location (IP address) for your organisation’s NTP server.

19

3.1.5

3.1.6

3.1.7

3.1.8

Timezone

This setting refers to the timezone location of the AKIPS server.

Select your closest location from the list.

Email server

This setting is used to enable AKIPS to send email alerts. It includes:

• email domain name

• SMTP server details

• authentication details (username and password).

By default, email messages are sent from akips@{hostname}.{yourdomain}

If you wish to change this (e.g. to akips@{yourdomain}), type the domain name in the Email Domain text box.

In the SMTP Server text box, type the hostname or IP address of your SMTP server and optional port number, e.g.

smtp.mydomain.com:587

A secure SMTP server requires authentication details (username and password) when sending email messages.

To test the email server settings:

Type your email address in the Test Email field.

Click Send. AKIPS will attempt to send a test email to the address.

Private AS numbersTo help identify AS numbers, which appear in BGP peer-state reports and NetFlow reports, you can replace the number with a meaningful name.

20

3.1.9

3.1.10

3.2

To update private AS numbers:

Go to Admin > General > Private AS numbers.

In the text box, type the private AS number and name using the format {AS Number} {Name}

E.g.

64501 GnoEile_Philadelphia

64511 GnoEile_Atlanta

Click Save. An error message will display if there are any syntax errors.

SSL certificate

SSL certificates in AKIPS require both the certificate and private key in unencrypted PEM format.

If the files are in PKCS or PFX format, convert them before proceeding, e.g.

openssl pkcs12

-in <pkcs-12-certificate-and-key-file>

-out <pem-certificate-and-key-file>

Internal CA template

Provide the entire trust chain: private key, host certificate, intermediate certificates and root certificate.

Use the following template:

-----BEGIN RSA PRIVATE KEY-----

{private key data}

-----END RSA PRIVATE KEY-----

-----BEGIN CERTIFICATE-----

{primary certificate data}

-----END CERTIFICATE-----21

3.3

3.3.1


{intermediate certificate data}

-----END CERTIFICATE-----


{root certificate data}


External CA template

Provide the private key and your host/domain certificate.

Use the following template:

-----BEGIN RSA PRIVATE KEY-----

{private key data}

-----END RSA PRIVATE KEY-----


{primary certificate data}


Installing an SSL certificate

To generate a certificate signing request (CSR):

Go to Admin > General > SSL CSR.

Complete the fields, using the following guidance:

Common Name: the fully qualified hostname of your AKIPS server, e.g. akips.example.com

Organization: the legal incorporated name of your organisation, e.g. AKIPS Pty Ltd

Department: your organisational unit name, e.g. network operations

City: the city in which your organisation is located, e.g. Brisbane. This should not be abbreviated.

22

3.3.2

3.3.3

State / Province: the state or province in which your organisation is located, e.g. Queensland. This should not be abbreviated.

Country: the two-letter code of the country in which your organisation is located, e.g. AU

Key Size: the default and recommended value is 2048 bits

Email (optional): the CSR will be emailed to this address, if completed

Click Generate.

AKIPS will generate a CSR which you can provide to your organisation's security team. They will issue you with the certificate and private key required to install an SSL certificate.

To install an SSL certificate:

Go to Admin > General > SSL Settings.

Copy the required template from the help text (on the right-hand side of the page) and paste into a text editor.

Copy and paste the required certificate and private key into the appropriate fields of the template.

Copy the completed template.

Return to AKIPS and then paste the completed template into the SSL Settings text box.

Click Save.

AKIPS will check the script and display either:

• ‘Installed SSL certificate’ OR

• an error message with details.

Service forwarding (fanout)Service forwarding (fanout) allows you to send the same information to several destinations at once.

23

3.4

You can configure up to 10 IPv4 addresses to receive data collected about:

• syslog

• SNMP traps

• NetFlow.

To configure serviceforwarding destinations:

Go to Admin > General > Service Forwarding.

In each text box, type the destination IPv4 addresses. You can defineup to 10 addresses for each service.

Syslog Forwarding: all syslog messages received on UDP port 514 are forwarded to the defined list of IPv4 addresses and optional port number (default 514). E.g.

10.1.8.35

10.1.8.82 514

10.2.9.1 20514

Trap Forwarding: all SNMP trap messages are forwarded to the definedlist of IPv4 addresses on default port 162.

NetFlow Forwarding: all raw NetFlow packets are forwarded to the

defined list of IPv4 addresses on default port 514.

Miscellaneous settingsA number of miscellaneous settings are also available when configuring AKIPS.

Default values (generally, enabled or disabled) deliver optimum performance. In some circumstances, you may need to temporarily change these, e.g. to enable CGI debugging.

24

3.5

Changing settings

You can review and change miscellaneous settings at any time after installation. These include:

• syslog/trap history

• temperature scale • adaptive polling

• tune interface title/state/speed

• HTTPS only

• unused reports

• CGI debugging.

To review or change miscellaneous settings:

Go to Admin > General > Miscellaneous.

Make any changes necessary (see guidance in the following subsections) and then click Save.

Syslog/trap history

You can select the number of days (from one to 1000) to store the history for both the syslog and traps. The default is 365 days.

To change the default setting, either type a value or use the arrows in the text box to increase or decrease the value.

Temperature scale

AKIPS collects and displays the temperature from all devices in degrees Celsius.

To change from the default setting, select Fahrenheit from the list. AKIPS will convert the values and change the graphs and reports.

25

3.5.1

3.5.2

3.5.3

Adaptive polling

Adaptive polling is set to ON, which significantly reduces the volume of SNMP network traffic. The majority of counters and gauges (e.g. interface errors and discards) rarely change value.

Adaptive polling adjusts the polling interval as required, between 60 and 180 seconds.

Tune interface title

Tune interface title is set to ON, ensuring that the interface title (ifAlias) for all interfaces is retrieved and updated in the AKIPS database every hour.

If switched OFF, AKIPS will not detect any interface title changes until the next discover/rewalk.

Tune interface state

The default and recommended state is ON.

When an interface is down, polling stops for that interface, which significantly reduces the amount of SNMP network traffic.

When the operational state of an interface returns to up, AKIPS immediately restarts polling the interface and retrieves the new interface speed.

If the setting is switched OFF, AKIPS will continually poll interfaces with an operational status of down, which can increase SNMP traffic with little gain.

Devices with Wake-on-LAN enabled are always active on the network switch. E.g. the operational status (IF-MIB.ifOperStatus) is always UP for the port connected to a PC with Wake-on-LAN enabled. Therefore, even though the device might be powered down, all interface statistics will continually poll.

Tune interface speed

The default setting for tune interface speed is ON.

26

3.5.4

3.5.5

3.5.6

3.5.7

The speed for all interfaces are retrieved and updated in the AKIPS database every hour to ensure accurate calculations are displayed in all interface reports.

If this setting is switched OFF, AKIPS will not detect any changes until the next rewalk.

If tune interface speed is disabled, reporting in AKIPS will be inaccurate if an interface changes speed.

A PC with Wake-on-LAN enabled might be powered down, but its NIC is active, in low-power mode, with its interface speed reduced to 10Mbps.

HTTPS only

The default is set to OFF to allow both HTTP and HTTPS connections to the AKIPS server.

Set the switch to ON to allow only HTTPS connections.

Unused reports

The default is set to OFF so that all reports display in the Reports menu, including those which are not in use.

You can choose not to show unused reports by setting the switch to ON.

CGI debugging

The default and recommended state is OFF.

Switch this option ON only if directed by the AKIPS support team.

27

3.5.8

3.5.9

3.5.10

Discover/rewalkA daily scheduled discover performs ping and SNMP scans of the network (or specified IP address ranges) to:

• find and add new devices

• update the configuration for existing devices.

A daily scheduled rewalk detects any changes to the configuration of existing devices.

Rewalk does not scan for new devices.

The Discover / Rewalk settings page has eight sections for setting up parameters. Not all are applicable to both; see the following:

Section Discover Rewalk

Daily discover schedule Y Y

Ping-scan ranges Y N

SNMP parameters Y N

Existing SNMP parameters N Y

Device match rules Y N

Script domain names Y Y

Optional features Y Y

Interface types Y Y

28

4

To configure discover/rewalk settings:

Go to Admin > Discover > Discover / Rewalk.

Make any changes required, using the boxes on the left-hand side of the page.

Click Save Changes.

Settings

Daily discover schedule

You should schedule a daily discover/rewalk during business hours when all devices are most likely to be detected.

If both the discover and rewalk are scheduled for the same time, rewalk will take place before discover.

Pingscan ranges

Each rule is evaluated and executed in order, one rule per line.

Parameter Description Examples

{IP range} {address}/{mask} 10.1.0.0/16

{address}.* 10.200-210.0/24

{address}[{range}] 10.1.*.1-20

{address}[{range}]/{mask}

{address}[{range}].*

(continued)

29

4.1

4.1.1

4.1.2

Parameter Description Examples

rate The number of ping requests Scan the 10.1.0.0sent per second. The default subnet and limit the raterate is 1000, with a maximum of ping requests to 2000 of 100,000 per second

rate 200010.1.0.0/16

pass The number of ping requests Increase the number of sent to each IP address. The passes and ping default is two, which allows requests per secondremote devices to awaken

from sleep mode pass 3 before responding rate 10000

limit The maximum number of Scan the 10.1.0.0seconds a rule is allowed per subnet and limit thepass. The default is 60 runtime of the rule toseconds. The maximum limit 120 seconds is 1800 seconds (30 minutes). If the calculated runtime of a limit 120rule exceeds the limit, then the 10.1.0.0/16 rule is skipped

wait The number of seconds to A small number of pings wait for a ping response. The to a remote link, with adefault is three seconds and longer waiting period for the maximum is 10 seconds the response and

increased passes

rate 50wait 5pass

The following output is an example of the ping-scan results from a successful discover process. The estimated runtime is six seconds. One IPv4 address was located from the defined rules.

*** Starting Device Discovery ***Fri, Jan 18, 2019 at 15:20Performing Ping Scan# Estimated runtime 6s# Single IP rules: total 1, found 1# Total Found: IP4 = 1, IP6 = 0

30

# Ping scan runtime 0sPerforming SNMP Scan. This may take approximately 2 mins 30 secs

SNMP parameters

The SNMP parameters define the authentication credentials to scan during the SNMP discover.

The following are available when defining the SNMP parameters for your network:

version {1, 2, or 3}

community {community name}

user {username}

md5 | sha {password}

des | 3des | aes128 | aes192 | aes256 {password}

E.g. SNMPv3 with no authentication and no encryption:

version 3 user mysnmpuser

SNMPv3 with authentication and no encryption:

version 3 user mysnmpuser sha myauthpasswd

SNMPv3 with authentication and encryption:

version 3 user mysnmpuser sha myauthpasswd aes256 mycryptpasswd

SNMPv1/2 devices:

version 1 community public version 2 community public

For optimal performance and security, use SNMPv3 SHA authentication and AES encryption. Avoid DES and TDES (3DES) encryption, if possible.

31

4.1.3

Existing SNMP parameters

Existing SNMP parameters cannot be modified. Rewalk uses these parameters to walk the devices that AKIPS has already configured.

Devicematch rules

Device-match rules enable you to selectively import devices found during discover, by matching them against values for various system attributes. You can use matching rules to either include or exclude a device.

Place your rules before the vendor (default) rules to ensure that your rules take precedence.

Use the following syntax:

include {mib}.{object} {regex}

exclude {mib}.{object} {regex}

The following MIB objects are supported:

SNMPv2-MIB.sysName

SNMPv2-MIB.sysDescr

SNMPv2-MIB.sysObjectID

SNMPv2-MIB.sysLocation

E.g.

# wildcard entry (.*) to include all devices

include SNMPv2-MIB.sysDescr .*

# all Cisco devices

include SNMPv2-MIB.sysDescr Cisco

# exclude Cisco 366X models

exclude SNMPv2-MIB.sysObjectID CISCO-PRODUCTS-MIB.cisco366.* 32

4.1.4

4.1.5

Devicenaming scheme

Devices can be identified by:

• sysName

• IP address.

Changing the device-naming scheme renames all devices using the selected option.

Strip domain names

By default, strip domain names is set to ON. AKIPS adds device names retrieved from the SNMPv2-MIB.sysName MIB object with the domain name stripped, so that only the information up to the first . (period) is retrieved.

E.g. AKIPS adds a device with sysName = core1.its.mochomhlacht.com into the config as core1. If you define the domain name by typing mochomhlacht.com into the Strip Domain Names field, AKIPS adds the device to the config as core1.its

Optional features

Optional features are MIB objects which discover/rewalk does not add by default because they may have a significant impact on the size of the configuration and polled data.

To include an optional feature in the discover/rewalk process, set the switch to ON.

Cisco access points

When set to OFF (default), AKIPS creates access points as ping only. SNMP objects are assigned to the access point, but the data is collected from the wireless LAN controller associated with each access point.

33

4.1.6

4.1.7

4.1.8

CBQoS

Due to the large number of MIB objects, it is advised to instead specify the devices that require QoS data collection, by using grouping.

E.g.

add device group tech_cisco_qos

assign device router1 = tech_cisco_qos

Refer to 5 Grouping for more information.

Ethernet pause frames

The default (when set to OFF) is 13 IF-MIB objects per interface. To collect Ethernet pause data (i.e. when the switch is set to ON), AKIPS adds two objects for each Ethernet interface.

Generic IS-IS

Generic IS-IS is disabled by default.

Interface types

During the initial discover, AKIPS selects the interface types to be included and excluded from data collection and reporting. You can review the list and select or remove interface types for future discovers/rewalks.

In the Discovered iftypes column, AKIPS displays the interface types that have been discovered but have not been selected for data collection and reporting.

Discover/rewalk process

Immediately after making any changes to the discover/rewalk settings, run a discover or rewalk of the network.

34

4.1.9

4.1.10

Click either Discover (to include new devices) or Rewalk (to update existing devices).

AKIPS will immediately start the process and create a log with the details.

System logsA number of logs and reports are available to review a discover, rewalk, component, or group of components. AKIPS also produces a number of network performance logs every hour, in the following order:

• interface speed

• interface title

• SNMPv3 engine IDs

• IP tables

• MAC tables.

To view or download system logs and reports:

Go to Admin > Discover > Discover Log Viewer.

The last log that AKIPS produced will display.

Select the log you wish to view from the Log File list.

To download a copy, click Download Logs. AKIPS will send you a compressed archive (.txz) file.

Discover

The discover log can be useful when troubleshooting device discover issues. You can view the log that was produced during the last scheduled or unscheduled discover.

35

4.2

4.2.1

The log includes the:

• date and time:

*** Starting Device Discovery ***Mon, Nov 4, 2019 at 00:09...

• results from the ping scan, including the potential number of IP addresses and the actual number found:

Performing Ping Scan# Estimated runtime 31s# .............................# 10.131.0.0/16 total 65536, rate 5000, passes 2: 1775 found...# Total Found: IP4 = 1775, IP6 = 0# Ping scan runtime 30s...

• results from the SNMP scan, including devices added or removed based on include/exclude rules:

Performing SNMP Scan. This may take approximately 3 mins 0 secs...................................SNMP Scan found: 588 devicesPruning IP list by Include regex rules: 588 devices, 0 prunedPruning IP list by Exclude regex rules: 588 devices, 0 prunedPruning IP list using SNMPv3 Engine ID: 588 devices, 0 prunedPruning IP list using SNMPv2-MIB.sysName: 588 devices, 0 pruned

Retrieving MAC address tables: 588 walks completed in 26 secs

Processing MAC address tables: 575 devices, 43439 MAC entries

Pruning IP list by MAC address tables: 588 devices, 0 pruned...

*** Starting Configuration Discovery ***Loading configuration stats: donePerforming SNMP walks:...................................

36209 walks completed in 11 mins 28 secs

Loading SNMP Walk results: 3218167 objects in 8 seconds2 devices pruned: failed SNMPv2-MIB walk

36

Creating configuration:........

586 devices in 32 secs

• list of any errors encountered:

ERROR: AKIPS does not support polling temperature sensors configured in degrees Fahrenheit. Configure the following devices for Celsius:

apc-131-0-150 apc-131-0-160 bitsight-131-1-102

• auto grouping rules, including the number of devices and technologies assigned to each group:

Running Auto Grouping Rules:add device group 3Comadd device group A10add device group Accedianadd device group ADVAadd device group Aerohiveadd device group Alcatel ......(1) assign * * sys SNMPv2-MIB.sysObjectID value /ECI-SMI/ = ECI(2) assign * * sys SNMPv2-MIB.sysObjectID value /EIP-(MON|STATS)-/ = EfficientIP(3) assign * * sys SNMPv2-MIB.sysDescr value /Sonoma/ = Endrun(1) assign * * sys SNMPv2-MIB.sysDescr value /Cabletron/ = Extreme(9) assign * * sys SNMPv2-MIB.sysDescr value /Enterasys/ = Extreme(15) assign * * sys SNMPv2-MIB.sysDescr value /Extreme/ = Extreme(2) assign * * sys SNMPv2-MIB.sysObjectID value /EXTREME/ = Extreme......

• manual grouping rules:

Running Manual Grouping Rules:add report group Support_reports(0) assign group APC = Support(0) assign group Cisco = Support(0) assign group PaloAlto = Support(0) assign group Support_reports = Support(1) assign report config_viewer = Support_reports

373

• summary of devices polled, including newly discovered devices:

Building poller configuration: doneBuilding discover summary: done1461 Devices

0 IPv4/IPv6 1461 IPv4 only 0 IPv6 only 593 SNMP 0 SNMPv1 259 SNMPv2...

...

• totals for each included interface type:

43239 Interfaces 3 adsl 2 atm 138 ds0 202 ds1 6 ds3 26621 ethernetCsmacd 15 fibreChannel 220 gigabitEthernet 106 mpls 8406 other 164 propPointToPointSerial 7357 propVirtual...

...

• totals for each discovered vendor technology:

1 Aerohive Memory 8 Aerohive Radio 3 AKCP Humidity 3 AKCP Temperature 5 Alcatel CPU 5 Alcatel Memory 5 Alcatel Temperature 1 APC ATS 22 APC Battery Capacity 22 APC Battery Time...

...

38

• total runtime for the process:

Total runtime: 17 mins 40 secsMon, Nov 4, 2019 at 00:27*** Done ***

Rewalk

The rewalk log contains details of the most recent rewalk. It provides details in the same format as the discover log, and includes configuration changes to any monitored device.

Rewalk does not scan for new devices.

Single device

AKIPS produces a single-device log whenever you add a single SNMP device to the network. The log remains available until superseded by another SNMP device added through the same process.

It provides details in the same format as the discover log.

*** Starting Device Discovery ***Fri, Nov 1, 2019 at 10:07

Using SNMP parameters: version 3 maxrep 20 user fred sha password aes256 password

Performing Ping Scan# Estimated runtime6.1.7PING scan settings6s # # Single IP rules: total 1, found 1# Total Found: IP4 = 1, IP6 = 0# Ping scan runtime 0s

Performing SNMP Scan. This may take approximately 30 secs

SNMP Scan found: 1 devicePruning IP list by Include regex rules: 1 device, 0 prunedPruning IP list by Exclude regex rules: 1 device, 0 prunedPruning IP list using SNMPv3 Engine ID: 1 device, 0 pruned

39

4.2.2

4.2.3

Pruning IP list using SNMPv2-MIB.sysName: 1 device, 0 pruned Retrieving MAC address tables: 1 walk completed in 0

secs Processing MAC address tables: 1 devices, 27 MAC

entriesPruning IP list by MAC address tables: 1 device, 0 pruned<script>status_div.text("Building configuration...");</script>*** Starting Configuration Discovery ***

Performing SNMP walks:...

Hourly interface speed

The hourly interface speed log provides details of the:

• devices it could not reach

• number of interface walks completed (tables accessed) and the time taken • number of speeds updated.

*** Starting Discover Interface Speed *** Mon, Nov 4, 2019 at 13:00 Skipping 4 unreachable devices: f5-131-1-212 hp-131-2-15 nortel-131-2-109 trapeze-131-6-1 Retrieving interface tables: 2945 walks completed in 41 secs Updating interface speeds: 85 updated Total runtime: 43 secs Mon, Nov 4, 2019 at 13:00

*** Done ***

40

4.2.4

Hourly interface title

The hourly interface title log provides details of the:


• number of interface walks completed and the time taken

• changes made to the interface description, e.g. adding a router or switch.

*** Starting Discover Interface Title *** Mon, Nov 4, 2019 at 13:00 Skipping 4 unreachable devices: f5-131-1-212 hp-131-2-15 nortel-131-2-109 trapeze-131-6-1 Retrieving interface titles: 1767 walks completed in 8 secs Updating interface titles: 12681 interfaces Total runtime: 9 secs Mon, Nov 4, 2019 at 13:00

*** Done ***

Hourly IP tables

The hourly IP tables log provides details of the:


• number of walks completed and the time taken.

*** Starting Discover IP Tables *** Mon, Nov 4, 2019 at 13:01 Skipping 3 unreachable devices: f5-131-1-212 nortel-131-2-109 trapeze-131-6-1 Retrieving IP v4/v6 Address tables: 2360 walks completed in 1

min 45 secs Processing IP tables: done Total runtime: 1 min 46 secs Mon, Nov 4, 2019 at 13:02

*** Done ***

41

4.2.5

4.2.6

Hourly MAC tables

The hourly MAC tables log provides details of the:


• number of table walks completed and the time taken

• number of devices located and the count of MAC entries.

*** Starting Discover MAC Tables *** Mon, Nov 4, 2019 at 13:02 Skipping 1 unreachable device: f5-131-1-212 Retrieving MAC address tables: 592 walks completed in 26 secs Processing MAC address tables: 580 devices, 43678 MAC entries Total runtime: 29 secs Mon, Nov 4, 2019 at 13:03

*** Done ***

Hourly SNMPv3 engine IDs

The hourly SNMPv3 engine IDs log provides details of the:


• number of walks completed using engine IDs and the time taken.

*** Starting Discover Engine IDs *** Mon, Nov 4, 2019 at 13:00 Skipping 4 unreachable devices: f5-131-1-212 hp-131-2-15 nortel-131-2-109 trapeze-131-6-1 Retrieving SNMPv3 Engine IDs: 332 walks completed in 6 secs

Processing SNMPv3 Engine IDs: done Total runtime: 6 secs Mon, Nov 4, 2019 at 13:01

*** Done ***

42

4.2.7

4.2.8

Discovered devices

The discovered devices log displays details of devices added to the network since the previous discover, including sysObjectID, sysName and sysDescr for each device. The SNMP version determines the other credentials shown.

IP Address 10.131.0.5name cisco-131-0-5sysName cisco-131-0-5sysObjectID CISCO-PRODUCTS-MIB.ciscoASA5585Ssp20sysDescr Cisco Adaptive Security Appliance Version 9.1(7)4version 2community publicmaxrep 20

Pingscan results

The ping-scan results log contains a list of the IP addresses that successfully replied to ping requests during the most recent discover.

10.131.0.110.131.0.210.131.0.310.131.0.4 ...

SNMPscan results

The SNMP-scan results log checks all IP addresses against the SNMP credentials defined as a result of the discover. It fails if the IP address does not match the device configuration.

10.131.1.161 SNMPv2-MIB sysDescr 0 DisplayString 3916 Service Delivery Switch10.131.1.161 SNMPv2-MIB sysObjectID 0 ObjectIdentifier WWP-RODUCTS-MIB.cn391610.131.1.161 SNMPv2-MIB sysUpTime 0 TimeTicks 943980310.131.1.161 SNMPv2-MIB sysContact 0 DisplayString [email protected] SNMPv2-MIB sysName 0 DisplayString ciena-131-1-16110.131.1.161 SNMPv2-MIB sysLocation 0 DisplayString Rm 287 #,tt=1572790222,runtime=0,ip=10.131.1.161,status=success,reason=outside requested scope,object=SNMPv2-MIB.system,packets=1,retries=0,bytes=432,oids=20,maxrep=20,

43

4.2.9

4.2.10

4.2.11

rtt=10 10 10,version=2,community=bne_hq...

If there is a failure, check for errors in the configuration of the device and IP address.

Excluded devices

The excluded devices report contains a list of devices that were excluded from the last discover. This report is most useful when resolving issues that arise from the discover/rewalk process.

Devices can be excluded as part of the parameters defined in the discover/rewalk (see 4.1.5 Device-match rules).

Devices may also be excluded because of potential conflicts arising from duplicates of the following:

• SNMPv2 sysNames

• SNMPv3 engineIDs

• MAC address tables.

See 4.4 Troubleshooting for more information about how to use the excluded devices log.

10.1.0.6 no matching include rule sysObjectID=BROTHER-MIB.net-printer sysDescr=Brother NC-8500h Firmware Ver.1.16 (16.06.28)MID 8CE-416FID 210.1.15.1 no matching include rule sysObjectID=BEGEMOT-SNMPD-MIB.begemotSnmpd AgentFreeBSD sysDescr=dev15.akips.com 3935255930 FreeBSD 11.1-RELEASE-p810.22.80.27 matching exclude rule SNMPv2-MIB.sysObjectID CISCO-PRODUCTS-MIB.cisco366*10.122.160.13 duplicate sysName swt0f5.mybiz.com with 110.122.160.1010.2.6.1 duplicate EngineID 800000090300a0e0afd20740 with 10.2.2.129*10.122.160.20 duplicate MAC address table with 10.122.160.19...

44

4.2.12

MAC address table

The MAC address table log contains a list of all devices and their MAC addresses found and summarised in the most recent MAC tables log.

*** MAC Address Table *** Mon, Nov 4, 2019 at 13:02

accedian-131-3-1 (10.131.3.1) 00:15:ad:86:01:0a 00:15:ad:86:01:0b 00:15:ad:86:01:0c 00:15:ad:86:01:0d 00:15:ad:86:01:0e 00:15:ad:86:01:0f 00:15:ad:86:01:00 00:15:ad:86:01:01 00:15:ad:86:01:02

...

IP address table

The IP address table log contains a list of all IP addresses found on devices as a result of the most recent discover. The polling address is shown beside the device name, and the subsequent addresses are those found on the device.

swt9-3 (10.1.9.3) 10.1.9.3 fd00:10:1:8 250

cisco-131-0-1 (10.131.0.1) 152.19.178.2 152.2.252.58 172.31.185.193 172.31.185.161 10.19.178.2 152.2.207.142 172.28.2.1 10.131.0.1

...

45

4.2.13

4.2.14

IP address to name

The IP address to name log contains a list of all IP addresses and their related device names found during the most recent discover.

swt9-3 10.1.9.3 10.1.9.3swt9-3 10.1.9.3 fd00:10:1:8 250cisco-131-0-1 10.131.0.1 152.19.178.2cisco-131-0-1 10.131.0.1 152.2.252.58cisco-131-0-1 10.131.0.1 172.31.185.193cisco-131-0-1 10.131.0.1 172.31.185.161cisco-131-0-1 10.131.0.1 10.19.178.2cisco-131-0-1 10.131.0.1 152.2.207.142cisco-131-0-1 10.131.0.1 172.28.2.1cisco-131-0-1 10.131.0.1 10.131.0.1...

SNMP walk results

The SNMP walk results log contains a list of all SNMP devices, including:

• IP address

• version

• status

• MIB object

• authorisation and authentication credentials.

tt=1572877002,runtime=0,ip=10.131.0.223,status=success,reason=outside requested scope,object=SYNOLOGY-DISK-MIB. diskEntry,packets=1,retries=0,bytes=136,oids=1,maxrep=20,rtt=11 11 11,version=3,engine=80000009030000550a8300df,boots=5, boottime=1571035111,uptime=1841891,user=fred,auth=sha,auth_password=password, priv=aes256,priv_password=passwordtt=1572877002,runtime=0,ip=10.131.0.69,status=success,reason=outside requested scope,object=ISIS-MIB.isisISAdj,packets=1,retries=0,bytes=493,oids=16,maxrep=20,rtt=11 11 11,version=3,engine=80000009030000550a830045,boots=839,boottime=1572876189, uptime=813,user=barney,auth=sha,auth_password=password,

46

4.2.15

4.2.16

priv=aes128, priv_password=password...

SNMP walk failures

The SNMP walk failures log contains a list of SNMP devices that failed the most recent SNMP walk.

The list contains device details, including:

• IP address

• version

• status

• MIB object

• authorisation and authentication credentials.

tt=1572877002,runtime=0,ip=10.131.0.223, status=success,reason=outside requested scope,object=SYNOLOGY-DISK-IB.diskEntry,packets=1,retries=0,bytes=136,oids=1,maxrep=20,rtt=11 11 11,version=3,engine=80000009030000550a8300df,boots=5,boottime=1571035111,uptime=1841891,user=fred,auth=sha,auth_password=password,priv=aes256,priv_password=passwordtt=1572877002,runtime=0,ip=10.131.0.69, status=success,reason=outside requested scope,object=ISIS-MIB. isisISAdj,packets=1,retries=0,bytes=493,oids=16,maxrep=20,rtt=11 11 11,version=3,engine=80000009030000550a830045,boots=839,boottime=1572876189, uptime=813,user=barney,auth=sha,auth_password=password,priv=aes128, priv_password=password

47

4.2.17

Other discover/rewalk reports & tools

Discover summary

The discover summary provides a count of all of the devices, interfaces and vendor technologies which AKIPS has found in your network. It provides a high-level snapshot so you can quickly identify any missing components.

To view the discover summary:

Go to Admin > Discover > Discover Summary. The summary of network components will display.

48

4.3

4.3.1

SNMP walk statistics

SNMP walk statistics provides performance and error statistics from the most recent discover.

To view the SNMP walk statistics:

Go to Admin > Discover > SNMP Walk Statistics.

Things to take note of include:

• long runtimes

• failed walks.

Pingonly device

You may need to collect data for a device which is vital to your network but is not under your direct control, e.g. a switch owned by a service provider.

By adding a device only to be polled by ping, you can report on its availability without requiring SNMP authentication.

To add a pingonly device:

Go to Admin > Discover > Add Ping Device.

Complete the following fields:

Field Status Action

Name Mandatory Type the device name (no spaces)

IPv4/IPv6 Mandatory Type the network location (IP address)

Description Optional Type a device description to appear on the device dashboard

(continued)

49

4.3.2

4.3.3

Field Status Action

Location Optional Type a physical location to display on the device dashboard

Contact Optional Type contact details for the device

Group Optional Select from the list to assign the device to a device group

Click Save.

Single SNMP device

After installing a new piece of hardware, you can add a single SNMP device to AKIPS without having to run the discover for the entire network.

If you need to add several devices, use the discover process, specifying SNMP parameters for the devices. Refer to 4.1.3 SNMP parameters.

To add a single SNMP device:

Go to Admin > Discover > Add SNMP Device.

Complete ONLY the IP address field.

The SNMP version and credentials have previously been defined through the discover configuration.

Click Discover. AKIPS will scan for the device.

When completed, the single-device log will display details.

Refer to 4.2.3 Single device.

50

4.3.4

TroubleshootingThis section includes examples of issues that might arise during discover/rewalk, with possible remedies. Device issues include:

• imprecise, incorrect or obsolete regex rules

• duplicate SNMPv3 engine IDs

• duplicate system names

• duplicate MAC addresses.

SNMPscan output

Review the discover log for any devices that have been excluded or removed. Excluded devices are all devices that failed to be included in the AKIPS configuration (see 4.2.12 Excluded devices). The SNMP-scan summary lists the devices removed due to regex rules or duplicate identifiers (see 4.2.1 Discover).

Adding a regex rule

In this example, a device was removed during discover because its sysDescr or sysObjectID failed to match the device-match rules.

The excluded devices report contains:

10.22.160.12 no matching include rule SNMPv2-MIB.sysObjectID NET-SNMP-TC.linux.SNMPv2-MIB.sysDescr Tektronic Load Balancer

The SNMP-scan summary from the discover log contains:

Pruning IP list by Include regex rules: 588 devices, 1 pruned

51

4.4

4.4.1

4.4.2

To remedy the problem, you need to:

• obtain the values for sysDescr or sysObjectID

• write a rule to include the device, using at least one of the values

• run discover to add the device. Refer to 4.3.4 Single SNMP device.

To obtain the attribute values for a device:

Go to Tools > Ping / SNMP Walk.

Complete the following parameters in the appropriate fields, based on your SNMP version:

• SNMPv2

– Community

• SNMPv3

– Username

– Auth

– Priv

Click SNMP Walk. The completed walk will list the attribute values for the device.

To write a rule to include a device:


Type a new inclusion rule into the 5. Device match rules text box.

E.g.

include SNMPv2-MIB.sysDescr Tektronic

OR

include SNMPv2-MIB.sysObjectID NET-SNMP

52

Click Save. The AKIPS database will update with an inclusion rule.

Run discover to add the device. Refer to 4.3.4 Single SNMP device.

Disabling a regex rule

In this example, a device was removed during discover due to an exclusion rule.


10.22.80.27 matching exclude rule SNMPv2-MIB.sysObjectIDCISCO-PRODUCTS-MIB.cisco366*


Pruning IP list by Exclude regex rules: 588 devices, 1 pruned

To remedy the problem, you need to:

• disable the exclusion rule for the device

• run discover to add the device. Refer to 4.3.4 Single SNMP device.

Disable (rather than delete) an obsolete rule. It can then easily be restored, if necessary.

To disable a regex rule:


Review the exclusion rules defined in 5. Device match rules.

To disable a rule, place a # in front of the code.

E.g.

# exclude SNMPv2-MIB.sysObjectID CISCO-PRODUCTS-MIB.

cisco366*

53

4.4.3

Click Save. The AKIPS database will update and disable the rule.


Duplicate SNMPv3 engine IDs

In this example, a device was removed during discover due to a duplicate engine ID for an SNMPv3 device.


10.2.6.1 duplicate EngineID 800000090300a0e0afd20740 with 10.2.2.129*


Pruning IP list by SNMPv3 Engine ID: 588 devices, 1 pruned

SNMPv3 uses the engine ID as a unique identifier for devices. AKIPS monitors the first discovered device and ignores any devices with duplicate SNMPv3 engine IDs.

To resolve a duplicate SNMPv3 engine ID:

Review the details on the excluded devices report. The duplicate engine ID will be shown along with the conflicting IP addresses.

Change the engine ID on the excluded device to make it unique.


54

4.4.4

Duplicate SNMPv2MIB sysNames

In this example, a device was removed during discover due to a duplicate sysName for an SNMPv2 device.


10.122.160.13 duplicate sysName swt0f5.mybiz.com with 110.122.160.10


Pruning IP list by SNMPv2-MIB.sysName: 588 devices, 1 pruned

SNMPv2 uses a sysName as a unique identifier for devices. AKIPS monitors the first discovered device and ignores any devices with a duplicate SNMPv2- MIB.sysName.

To resolve a duplicate SNMPv2MIB.sysname:

Review the details on the excluded devices report. The duplicate sysName is shown along with the conflicting IP addresses.

Change the sysName on the excluded device to make it unique. By convention, it is the node’s fully qualified domain name.

E.g.

rm205sw.mydomain.com


Duplicate MAC addresses

In this example, a device was removed during discover due to duplicate MAC addresses.


10.122.160.20 duplicate MAC address table with 10.122.160.19

55

4.4.5

4.4.6


Pruning IP list by MAC address tables: 588 devices, 1 pruned

For devices configured for SNMPv2, duplicate MAC addresses can occur when MAC address tables are shared across several VMs.

To resolve duplicate MAC addresses:

Review the conflicting IP addresses on the excluded devices report.

For the excluded device, change the device configuration to be monitored using SNMPv3, so that the engine ID replaces the MAC address as the unique identifier.


Locating missing devices

After establishing that a device is missing from the excluded devices log, you can:

• check whether the device responds to a ping

• perform an SNMP walk for the device.

To ping a device:


In either the IPv4 Address or IPv6 Address field, type the IP address.

Click Ping.

56

4.4.7

To perform an SNMP walk for a device:


Ensure that the IP address, version, authentication and encryption details (community or username, auth and priv) are valid.

Click SNMP Walk. AKIPS will attempt to collect OID information from the device.

Check the sysDescr and sysObjectID details.

Update the device details to ensure they are valid.

Other ways to check for missing devices:

• Is there a firewall between the AKIPS server and the device? • Has AKIPS got permission to access the device? • Is the device online/powered on?

If you still cannot locate the missing device, contact [email protected]

57

GroupingAKIPS's grouping provides flexibility for monitoring, reporting, alerting and event management.

Using grouping rules, you can: • specify what to include and exclude from monitoring and

event management

• define a hierarchical structure to meet your organisation's needs.

Examples of hierarchies include:

• location (floor, building, campus, city, state, country, etc)

• hardware/software type (model, range, software version, etc)

• business groups (sales, back office, manufacturing, etc).

Take time to design a structure and naming conventions before creating groups and their interactions.

AKIPS offers the following grouping options:

• auto grouping

• manual grouping.

Auto grouping Auto grouping enables you to:

• tailor a hierarchical structure to your organisation

• configure and manage events and alerting

• manage access to data.

Auto grouping automatically creates groups for interface speed, type and VLANS.

58

5

5.1

Auto grouping maintains a comprehensive list of vendor rules (add and assign rules), which should be left unchanged.

When AKIPS identifies a vendor which is not present in the network, the rule is ignored. One advantage of leaving the default unchanged is built-in redundancy: at any time when new devices are added, the vendor rules are already in place.

Hierarchy of super groups

You can begin anywhere in the hierarchy, although starting at the highest level and working down often provides clarity.

Group names cannot contain spaces. To differentiate words, you can use an _ (underscore) or a - (hyphen), e.g.

global_data_centre

global-data-centre

To create a hierarchy of super groups:

Go to Admin > Grouping > Auto Grouping.

(Optional) At the beginning of the rule, add a comment to identify it, e.g.

#{Top Level Group}

Add each super group on a new line.


add super group {supergroup_name}

Assign each super group to the higher-level super group where required.


assign super group {lower_supergroup_name} =

{higher_supergroup_name}

Click Save and Apply. AKIPS will validate the rules.

59

5.1.1

Use a new line for each add and assign rule.

Adding groups

Typically, network entities are assigned to a group of the same type (devices, interfaces, systems, processors, memory, storage, temperature, NetFlow, etc).

To add and assign groups:


Add each group on a new line.


add {group_type} group {group_name}

add device group {devicegroup_name}

add interface group {interfacegroup_name}

Assign each group to an appropriate super group.


assign group {group_name} = {super_group_name)

Renaming groups

To rename a group:


Update the add and assign rules with the new name.

Click Save and Apply.

60

5.1.2

5.1.3

Assigning components

Assign each network component to its relevant device group.

To assign a component to a group:

On a new line, assign each component to its respective group.


assign device {device_name} = {devicegroup_name}*

*device_name may be a *, regex or device name

assign interface {device_name} {interface_name} =

{interfacegroup_name}*

*interface_name may be a *, regex or interface name

assign system {device_name} {system_name} =

{systemgroup_name}

assign processor {device_name} {processor_name} =

{processorgroup_name}

assign memory {device_name} {memory_name} =

{memorygroup_name}

assign ipsla {device_name} {ipsla_name} =

{ipslagroup_name}

assign temperature {device_name} {temperature_name} =

{temperaturegroup_name}

E.g.

assign device {*|name|/regex/} = {group}

assign device core-swt01 = core

assign device /^NW-/ = NorthWestCampus

assign device /rtr$/ = routers

61

5.1.4

assign interface {*|name|/regex/} {*|name|/regex/}

= {group}

assign interface * /^Se/ = serial-links

assign * {*|name|/regex/} {*|name|/regex/}

{*|name|/regex/} [value|descr {match}] = {group}

assign * * * IF-MIB.ifDuplex value /half/ = Half-Duplex

assign * * sys SNMPv2-MIB.sysLocation value /bne/

= HeadOffice

Click Save and Apply. AKIPS will display the number of components which match the assign rules.

Empty groups

The group settings default is ON, indicating that AKIPS automatically prunes any empty super groups, device groups or interface groups during: • auto grouping

• VLAN grouping.

Pruning removes empty groups from menus.

To display empty groups:

Go to Admin > Grouping > Settings.

Switch the required settings to OFF and then click Save.

62

5.1.5

Manual groupingWhile auto grouping when enables quick and efficient rules using regex, manual grouping adds individual components.

Use manual grouping to:

• refine auto groups • remove broken rules.

Adding groups

To add a manual group:

Go to Admin > Grouping > Manual Grouping.

Select the group type: • CPUs

• devices

• ipsla

• interfaces

• memory

• NetFlow exporters

• storage

• super groups

• temperature.

In the Groups field, type the name of the new group and then click Add.The new group name will display in the list.

You can now assign components to the new group.

63

5.2

5.2.1

Renaming groups

When you rename a group, AKIPS automatically updates its associated rules.

To rename a group:


Select the group type.

Select the group name.

In the field to the right of the list, overtype the existing group name with the new name.

Click Rename.

Assigning/removing components

Use manual grouping to add or remove a single component.

To manually add to/remove from a group:



Select the group name and then click Edit.

Select the checkbox next to a component to add it to the group, or clear the checkbox to remove it from the group.

Click Save.

64

5.2.2

5.2.3

Deleting groups

You can delete obsolete groups, e.g. decommissioned equipment.

To delete a group:



Select the group name and then click Delete. AKIPS will remove the group and unassign its compnents.

Grouping rules

To view grouping rules:


Select Grouping Rules. AKIPS will display a list of current rules.

Deleting broken rules

To delete broken rules:


Select Delete Broken Rules.

65

5.2.4

5.2.5

5.2.6

Event handlingThis section looks at how to identify relevant network data and ensure that it is properly collected, stored and made available to authorised users.

SNMP traps Rather than wait for AKIPS to poll a device, SNMP traps enable a device to notify the system of significant events, by sending an unsolicited SNMP message.

To enable AKIPS to decode SNMP traps, ensure that you have: • configured the device using either version 2 or version 3

• defined the SNMP credentials.

AKIPS does not support SNMPv1 traps.

Additional credentials

Some devices require additional SNMP authentication specifically for trap messages.

When defining credentials, ensure that:

• SNMPv2 has a Community name

• SNMPv3 has a combination of Username, Authentication and Encryption.

66

6

6.1

6.1.1

To define SNMP trap credentials:

Go to Admin > General > SNMP Traps.

In the text box, type the SNMP credentials:

Version Syntax

2 community {community name}

3 version 3 user {username}

version 3 user {username} md5|sha

{auth password}

version 3 user {username} md5|sha

{auth password}

des|3des|aes128|aes192|aes256 {priv password}

Click Save.

Go to Tools > SNMP Traps.

Check the Trap Reporter to verify that AKIPS is collecting the data.

Troubleshooting

AKIPS logs any errors encountered by SNMP trap configurations.

To view the system log:

Go to Admin > System > System Log Viewer.

From the Log File list, select SNMP.

In the Filter field, type trap.

Click Search.

67

6.1.2

Identify the error and take the corrective action:

Error Action

No SNMP trap credentials Define the additional SNMP have been configured Trap Settings

Trap auth failed version Check the Discover Log and 2 community... SNMP Trap Settings to locate

and correct the credentials

SNMPv1 traps are Configure the device to version not supported 2 or 3. Define the additional

SNMP Trap Settings

Filtering syslog & SNMP trapsYou can filter syslog data and SNMP traps so that unwanted entries are not captured and stored in the AKIPS database (entries captured before the filter is activated will remain).

After saving a filter, a short buffering delay will occur before it becomes active.

Creating a filter

To create a syslog/trap filter:

Go to Tools > Regex Checker.

In the sample text field, paste some sample data.

Type your rule into the Regex field, and then click Test Regex.

Go to Admin > General > Syslog / Trap Filters.

Copy and paste your tested rule and then click Save.

68

6.2

6.2.1

Removing a filter

To remove a syslog/trap filter:

Go to Admin > General > Syslog / Trap Filters.

Select the filter text and then delete it.

Click Save.

Filtering event notificationsAKIPS logs events every 60 seconds for all discovered devices except for interfaces (these can be added as required).

Unwanted notifications

You can identify events which are of no interest and clear them from the Events Dashboard

To remove unwanted event notifications:

Go to Admin > Alerting > Status Alerts.

Scroll to the Status Attributes list.

Copy the attribute.


Scroll to the Event Handling section.

Create a rule to clear an event from the database. E.g. type * * *, paste the attribute, and then type = warn_event

Click Save and Apply. AKIPS will verify the rule and indicate if there are any errors.

Matching events will be cleared from the database and will no longer display in the Events Dashboard.

69

6.2.2

6.3

6.3.1

Interface warnings

By default, interface events are not logged or shown in the Events Dashboard because the number of entries can be prohibitive and unnecessary (e.g. every time someone logs onto a computer).

However, several interfaces would have a large impact on the business if not operating, e.g. Uplinks.

To specify which interfaces display in the Events Dashboard:


Scroll to the Event Handling section.

Create a rule to include specific interface groups.


assign * * * any group (group_name) = log_event

assign * * * any group (group_name) = warn_event

Click Save and Apply. AKIPS will verify the rule and indicate if there are any errors.

Events generated by interfaces will be logged and will display in the Events Dashboard.

Network noise

Network noise can include:

• BGP flapping up and down (continuously switching from idle to active as the route is no longer valid)

• poor configuration of the spanning tree, e.g. someone turning a phone on and off

• vendor-specific noise, e.g. Juniper running at full speed or switching between states.

70

6.3.2

6.3.3

To identify network noise:

Go to Tools > Events.

Change the default duration from 30 minutes to 24 hours or longer.

Select Summary.

Review the Events and Counts by event type to determine where to investigate further.

You can view the events by interface, ping, SNMP or vendor.

After you identify network noise, you can apply filters to either discard the events so that they are stored in the database, or mute them so that they are logged and stored but do not display in the Events Dashboard.

71

Alerts AKIPS's alerting allows you to:

• opt in to receive alerts for all devices on your network

• filter unwanted alerts and noise from the Events Dashboard

• create rules to add interfaces

• apply threshold and timing rules

• define email rules.

When creating a rule, regardless of the type of alert, use the following syntax:

{filter} = {action}

An alert rule can be commented out by inserting a # as the first character.

Status alertsStatus alerts (changes in state) can be viewed using the Events Dashboard or Status Reporter.

To add or edit a status alert:


Specify a filter and then an action.

Assign to an alert group: log_event, warn_event or crit_event

Syntax and instructions for specific alerts are in the following subsections.

72

7

7.1

Filters

When defining a status alert filter, use the following syntax:

[wait {N}m|{N}h]

[time {time filter}]

{type} {device regex} {child regex} {attribute regex}

[descr {/regex/}]

[value {text|/regex/}]


Actions

When specifying a status alert action, use one of the following syntaxes:

email * | {profile name} | {email address} [...]

mute [ {profile name} | {email address} [...] ] stop

call {function}

Status attributes

The status attributes table is regularly updated as MIB objects are released by vendors. You must select an attribute when defining a filter as part of a status alert rule.

To select a status attribute:

Access the Status Attributes table via the status alert guidance.

Copy and paste the required attribute into the rule.

Click Save.

73

7.1.1

7.1.2

7.1.3

Examples of status alert configurations

Catchall rule

This rule captures all changes to all devices.

It sends an email to the users who are assigned that device group as part of their profile.

Muting spanningtree alerts

This rule is used when a device in the spanning tree is sending large volumes of status change alerts.

By muting the alerts, they are logged but are not displayed on the dashboard or emailed to users.

This rule should be temporary and removed when the issue is remedied.

Filtering unwanted ping & SNMP alerts

This rule can filter large volumes of ping and SNMP alerts.

For ping alerts, emails are sent only after five minutes, and for SNMP alerts, emails are sent only after 30 minutes.

Troubleshooting

A warning message will display when an alert rule does not match anything in the database. Typically, it will display when configuring interface status alerts, although it can occur at other times.

Both status and threshold alerts operate off events logged to the Events Database. If an event is not logged, it will not trigger an alert.

74

7.2

7.2.1

7.2.2

7.2.3

7.2.4

The log_event, warn_event (default) and crit_event groups control the severity level of events.

Interface events are not logged, because a typical large network will constantly have edge ports going up and down, thereby logging thousands of events per day.

To create interface status alerts, you will need to configure auto grouping rules.

Syslog alerts The filters used in syslog alerts differ from those in status and threshold alerts because there are no configuration items (each vendor formats syslog messages differently).

This has resulted in a wide range of possible messages. Therefore, because

there is usually a part of the message that is unique, AKIPS uses regex to filter syslog messages.

Devices can be filtered by:

• name

• group

• IP address.

To add or edit a syslog alert:

Go to Admin > Alerting > Syslog Alerts.



75

7.3

Filter

When defining a syslog alert filter, use one of the following syntax options:

/syslog regex/ [time {time filter}]

/syslog regex/ [time {time filter}] address {IP address}

/syslog regex/ [time {time filter}] device {device regex}

[any|all|not group {group name}]

When defining a syslog alert action, use one of the following syntax options:


mute [ {profile name} | {email address} [...] ]

forward {ip address}

call {function}

Message volumes

If you are not sure of the impact of a regex filter, check the results against the syslog.

To check the regex filter:

Go to Tools > Syslog.

Review the log to identify the text which is unique to the message.

Copy the text and paste it into the Regex Filter field.

Select Table. The results will indicate the expected impact of the filter.

76

7.3.1

7.3.2

Threshold alertsAKIPS checks threshold rules every 60 seconds and logs an event for each match, with optional email alerts.

Threshold rules can be created for any attribute defined as a counter/gauge/meter.

AKIPS advises creating the rule and then gauging the quantity of alerts for seven to 14 days, before adding the email action. This will ensure that a surplus of email alerts are not sent if the rule is incorrectly configured.

To maintain a threshold alert:

Go to Admin > Alerting > Threshold Alerts.



Filter

When defining a threshold alert filter, use the following syntax:

{lastN} avg|total above|below {value}[%]

[time {time filter}]

{type} {device regex} {child regex} {attribute name or regex}


When specifying a threshold alert action, use one of the following syntax options:

log discard flag warning|critical



call {function}

77

7.4

7.4.1

To test the threshold rule:

When you have configured the rule, select Test.

Modify and retest the rule until there are very few breaches.

Click Save.

Continue to monitor the rule for seven to 14 days before adding the email action.

Threshold attributes

AKIPS regularly updates the threshold attributes table as MIB objects are released by vendors.

It is mandatory to select an attribute when defining a filter as part of a threshold alert rule.

Access to the threshold attributes table is via the threshold alert guidance. Scroll down the page and copy and paste the required attribute into the rule.

The same issues that arise within status alerts apply to threshold alerting. Refer to 7.2.5 Troubleshooting.

SNMP trapsTo enable AKIPS to decode traps sent from an SNMP device, ensure that you have:

• configured the device using either version 2 or 3 (AKIPS does not support SNMPv1 traps)

• defined the SNMP credentials.

To maintain SNMP trap alerts:

Go to Admin > Alerting > Trap Alerts.

Specify a filter (by name, group or IP address) and then an action.

78

7.4.2

7.5

Filter

When defining a trap alert filter, use one of the following syntax options:

/trap regex/ [time {time filter}]

/trap regex/ [time {time filter}] address {IP address}

/trap regex/ [time {time filter}] device {device regex}

[any|all|not group {groupname} ...]

The following actions can be specified as part of an SNMP trap rule:

• email

• mute

• call.

When specifying an action after completing the filter, use one of the following syntax options:



call {function}

System log viewer

AKIPS logs all configuration errors when using SNMP traps.

To access the system log viewer:

Go to Admin > System > System Log Viewer.

Go to the Log File drop-down list and select SNMP.

Type trap in the Filter field.

Click Search.

79

7.5.1

7.5.2

IntegrationSelected third-party applications can be integrated into AKIPS for alerting whenever an event occurs.

For quick and seamless integration into AKIPS, pre-configure your settings in the third-party application.

Once an application is correctly integrated into AKIPS, its alert functionality will be active.

Opsgenie

To integrate Opsgenie into AKIPS:

Sign into your Opsgenie account.

Go to Settings > Configured integrations.

Copy the API key.

In AKIPS, go to Admin > API > Integration Settings.

Paste the API key into the appropriate field and then click Save.

In Opsgenie, go to Settings > Heartbeats > Add heartbeat.

Complete the fields and copy the heartbeat name.

In AKIPS Integration Settings, paste the heartbeat name into the appropriate field.

Select ON to enable the heartbeat and then click Save.

Once the heartbeat has been activated, AKIPS will ping Opsgenie every minute.


80

8

8.1

Specify call post_alert_opsgenie on any rules you would like to send to Opsgenie, e.g.

* * ping4 PING.icmpState = call post_alert_opsgenie

* * * * = call post_alert_opsgenie

PagerDuty

To integrate PagerDuty into AKIPS:

Sign into your PagerDuty account.

Go to Configuration > Event Rules > Default Global Ruleset >

Integration Key.

Copy either the default, or a manually created, integration key.


Paste the integration key into the field on the left-hand side and then click Save.


Specify call post_alert_pagerduty on any rules you would like to send to PagerDuty, e.g.

* * ping4 PING.icmpState = call post_alert_pagerduty

* * * * = call post_alert_pagerduty

Slack

To integrate Slack into AKIPS:

Create a webhook for the Slack channel to which you want to post, by following the instructions at https://api.slack.com/messaging/webhooks

Copy the incoming webhook url.

81

8.2

8.3


Paste the url into the Slack Webhook URL field on the left-hand side.


Specify call post_alert_slack on any rules you would like to send to Slack, e.g.

* * ping4 PING.icmpState = call post_alert_slack

* * * * = call post_alert_slack

82

AvailabilityYou can define availability settings in AKIPS for:

• IPv4 and IPv6 ping reachability

• SNMP reachability

• interface up status.

For ping reachability:

• a good state is up (normal)

• a bad state is down.

SettingsFor each device or interface group:

• set a target (a percentage of the time when it is available, e.g. 97 per cent) • specify a time filter (times of the day; days of the week) for when it is

expected to meet the required target.

You can view the collected data (with target breaches highlighted) in the Events Dashboard and Availability Reporter graphs.

To add or change availability settings:

Go to Admin > General > Availability Settings.

Next to the required device or interface group, define a Target and Time Filter:

• the Target must be a value between 95.00 and 100.00

• leave the Time Filter box blank for 24/7 coverage.

Click Save and Test. AKIPS will highlight any detected errors.

83

9

9.1

Report scheduling

To schedule a report:

Go to Admin > General > Scheduled Reports.

Copy the syntax from the right-hand pane and paste it into the Scheduled Reports field.

In a new browser window, navigate to and customise the report.

Run the report.

Copy the report url, without akips.company.com

Return to Scheduled Reports and paste the url parameter.

Complete the following, using the guidance on the right-hand side:

• when

• subject

• filename

• profile

• email.

84

10

Click Save. AKIPS will check the details and either indicate success, or identify any errors.

If AKIPS has identified an error, correct the syntax and then click Save.

To schedule multiple reports, repeat these steps for each report.

85

Config crawler & viewerThe configuration feature in AKIPS comprises:

• Crawler Settings: defines script and device rules to retrieve configuration information and manage previous revisions

• Crawler Log Viewer: displays scripts

• Config Viewer: views the results of scripts, both current and past, to compare revisions

• Crawler Tool: runs the crawler for a single device, tests scripts, and logs high-level debugs which AKIPS support may use to diagnose device issues.

Crawler settings Crawler settings uses SSH to log in to network devices and capture configuration data which is stored in a revision control system.

An SSH session is created and managed for each device in each script.

Script & device rules

To add or update a script:

Go to Admin > Crawler Settings.

Complete or edit the parameters. Instructions for specific scripts are in the following subsections.

Click Save.

Run

To execute all scripts immediately, select Run.

86

11

11.1

11.1.1

11.1.2

Crawler Log Viewer

To display the most recent scripts:

Go to Config Crawler > Crawler Log.

Select Last Log from the drop-down list.

To display the PSSH log:

Go to Config Crawler > Crawler Log Viewer > PSSH Log.

Config ViewerConfig Viewer enables you to:

• view a list of all revisions by script and device

• compare revisions to identify differences

• download the results of both current and previous revisions.

Last change

To show the last change:

Go to Tools > Config Viewer.

Click Show Last Change.

The two revisions will display side by side with the differences highlighted.

87

11.1.3

11.2

11.2.1

Current revision

To view the current revision:


Click View.

Compare revisions

To compare revisions:


Click All Revisions.

Select Diff beside the second revision which you would like to compare.


88

11.2.2

11.2.3

NetFlow To aid capacity planning, AKIPS collects and analyses NetFlow records and graphs network traffic (transmitted, received, packets discarded and lost, and overall volume).

Configure your router to send NetFlow records to AKIPS on port numbers 2055, 4739, 9995 or 9996. AKIPS will automatically collect the flows and display them in reports and graphs after approximately five minutes.

AKIPS supports:

• NetFlow v5 and v9*

• J-Flow v5 and v9

• IPFIX Netstream.

*Although AKIPS supports NetFlow v5, it doesn't support index numbers or AS numbers for this protocol. We therefore recommend that you use NetFlow v9.

AKIPS uses the industry protocols list as its default, which you can modify by adding, deleting or renaming ports.

You can specify how long to retain the history for each meter.

Using service forwarding (fanout), you can specify up to 10 IPv4 destinations to which to forward NetFlow data.

AKIPS provides a number of reporting tools to aid your analysis:

• NetFlow dashboard

• NetFlow reporter

• NetFlow API

• performance graphs

• graph reporter.

89

12

Protocols You can customise the industry protocols list by changing the name of a port or by adding or deleting ports.

E.g. when deploying an in-house application in your environment, you define a port number from which to run the application. Alternatively, when deploying an external application, you may customise the application to run from a port not designated by the vendor.

AKIPS bundles these customised ports nto either TCP, UDP or GRE unknown.

You can label key ports or ports with high volumes (bytes and flow).

Unknown ports

You can use NetFlow protocols in conjunction with NetFlow reporter (unknown ports report) to configure individual ports.

To identify unknown ports:

Go to Tools > NetFlow.

Select the required meter from the Exporter drop-down list.

Select Unknown Ports. The page will redisplay with any unknown ports for that meter for the past five minutes.

To add unknown ports to the protocols list:

Go to Tools > NetFlow.

Select the required meter from the Exporter drop-down list.

Select Unknown Ports.

Select the Port Number from the list.

The NetFlow protocols settings page will populate with the Protocol and Port Number.

Select Add.

90

12.1

12.1.1

Port names

To change a port name:

Go to Admin > General > NetFlow Protocols.

Update the fields.

Select Add.

Deleting ports from list

You can select individual ports not to appear in the protocols list.

E.g. you may choose to remobe a port if it is no longer used after an internal application is decommissioned.

To delete a port:


Select the Delete checkbox beside the port.

Select Delete in the left-hand pane.

Resetting list

To revert to the industry protocols (default) list:


Select Reset to Defaults.

Click OK.

Any ports that you have added will no longer appear in the list.

91

12.1.2

12.1.3

12.1.4

NetFlow meters

The NetFlow meters feature enables you to:

• select meters to display in the NetFlow dashboard

• define the length of time for which to retain the history for each meter

• delete any redundant/unwanted data from the database.

Deleting data

You can delete unwanted data from the AKIPS database on a meter-by-meter basis.

To delete NetFlow data:

Go to Admin > General > NetFlow Meters.

Select the Delete checkbox beside the IP address of therequired exporter.

Click Delete.

Click OK.

AKIPS will remove the history from the NetFlow dashboard.

92

12.2

12.2.1

Dashboard

To configure exporters to populate the dashboard:

Click NetFlow Exporter Settings or go to Admin > General > NetFlow Meters.

Select the Dashboard checkbox beside the required exporter.

Complete the History field to define the number of days for which to retain NetFlow data. The default is 90 days.

Click Save.

Return to the NetFlow Dashboard.

The exporters you previously checked will display. Depending on your timing, traffic flow may also display.

93

12.2.2

Switch port mapper

FunctionalitySwitch port mapper enables you to find any IP address or MAC address on your network and show its history for the past 60 days.

You can search by:

• IPv4 or IPv6

• MAC address.

You can filter by device.

Switch port mapper completes SNMP walks of the following tables to locate IP and MAC details and map them to their switch port:

• ARP

• bridge forwarding

• IP address

• VLAN.

Settings By default, all switch port mapper options are ON.

You can change the ping settings, or suspend data collection for:

• switch port mapper entirely • specific (ARP, bridge or VLAN) tables.

Alternatively, you can exclude individual devices from:

• switch port mapper data collection

• ARP data collection.

94

13

13.1

13.1.1

To change switch port mapper settings:

Go to Admin > General > Switch Port Mapper.

Set options ON and OFF as required.

If required, in the Ping Scan field, type the details for the ping-scan ranges. See 13.1.8 Ping-scan settings.

Click Save.

Switch port mapper collector

By default, switch port mapper runs every hour.

Set to OFF to stop all data collection.

To exclude individual devices, see 13.1.9 Excluding devices from switch port mapper data collection.

ARP tables collector

Set the ARP tables collector to OFF to stop all data collection from ARP tables in routers and switch management interfaces.

To exclude individual devices, see 13.1.10 Excluding devices from ARP data collection.

Without the data from ARP tables, switch port mapper can no longer provide information such as IP addresses assigned to a MAC.

Bridge tables collector

Set the bridge tables collector to OFF to stop all data collection from bridge tables in switches.

95

13.1.2

13.1.3

13.1.4

VLAN tables collector

Set the VLAN tables collector to OFF to stop all data collection from VLAN tables in switches.

AKIPS collects switch port mapper, ARP table, bridge tables and VLAN tables data and caches it for one day. If any of the settings are switched OFF, the data collected from the previous SNMP walk will be available for the next 24 hours.

VLAN auto grouping

Set the VLAN auto grouping collector to OFF to stop switch port mapper from automatically creating interface groups for each discovered VLAN.

Automated VLAN groups

The discover locates any VLANs and lists them in the Discovered column.

In the Grouped column are VLAN groups that AKIPS automatically creates when switch port mapper runs.

Use the Include and Exclude buttons to move VLANs from one column to another.

Pingscan settings

When set to ON, switch port mapper uses ping requests to scan the network and populate router ARP/NDP tables. This also populates the bridge forwarding tables for each switch port.

As a result, switch port mapper can map close to 100 per cent of the network in a single pass.

You can configure rules in the Ping Scan Ranges text field. For syntax and examples, see 4.1.2 Ping-scan ranges.

If set to OFF, fewer MAC and IP addresses will be returned on each pass.

96

13.1.5

13.1.6

13.1.7

13.1.8

So that a single link/interface is not adversely affected, for each rule, AKIPS

sends ping requests to IP addresses at random.

Excluding devices from switch port mapper data collection

Collecting data from switches with large bridge forwarding tables can cause CPU spikes on the switch (typically core switches).

Assign devices to the spm_exclude group to exclude them from switch port mapper data collection.

To exclude a device from switch port mapper data collection:


Create a rule to assign the device to the spm_exclude group.


assign device {NameOfCoreSwitch} = spm_exclude


Excluding devices from ARP data collection

Switches often have broken SNMP implementations, which causes CPU spikes when collecting ARP table data from multiple contexts.

Assign devices to the spm_exclude group to exclude them from ARP table data collection.

All other data will be collected.

97

13.1.9

13.1.10

To exclude a device from ARP table data collection:


Add a group to contain only broken devices.

Create a rule to assign broken devices to the spm_exclude_arp_context group.


assign device {regex} = spm_exclude_arp_context


98

Admin user toolsAdmin users have extra tools available on the menu bar which are unavailable to other users.

These include:

• profile selector

• muting alerts

• hiding unused reports.

Move the mouse over User: admin to access these tools.

AKIPS will display a menu with selectable options.

Profile selectorAdmin users can review reports and dashboards for any profile by selecting it from the drop-down list on the right-hand side of the menu bar.

To review reports and dashboards:

Move the mouse over User: admin.


Select a profile.

AKIPS will display the access rights of the profile.

99

14

14.1

100

Muting alerts Admin users can mute alerts from displaying.

To mute alerts:



Select Mute Alerts.

Select the time duration (one hour up to forever). The page will refresh to show that muting is active, and the time left.

You can cancel muting at any time.

Hiding unused reports

You can tailor the reports menu to display only those reports which are applicable to your organisation.

To hide unused reports:



Click Hide Unused Reports. The AKIPS homepage will refresh.

The reports menu will display only those reports used by your organisation for the current session.

14.2

14.2.1

101

Additional tools

Settings HistoryAKIPS keeps daily snapshots of all important settings. You can use Settings History to display changes or recover a config from a previous date.

View & compare

To view & compare history snapshots:

Go to Admin > General > Settings History.

Click on the setting you wish to view. A list of snapshots will populate.

Click the View button next to any snapshot to view its details.

To compare the current snapshot with an earlier revision, select Diffbeside the revision which you would like to compare.

The current and earlier revisions will display side by side with the differences highlighted.

Last change

To show the last change made to a setting:

Go to Admin > General > Settings History.

Click on the setting you wish to view. A list of snapshots will populate.

Click Show Last Change.


15

15.1

15.1.1

15.1.2

102

Download

To download Settings History data:

Click the Download button next to any snapshot.

When prompted, either open the file by selecting the program you wouldlike to use, or save by clicking Save File.

Click OK.

AKIPS will display or download the data as requested.

Recover a config

You can recover a previous revision of a config by copying and pasting an earlier revision.

To recover a previous revision of a config:

Click the View button next to the applicable snapshot.

Copy the config content which you wish to recover.

Go to the setting in AKIPS which you wish to change. E.g. to recover aconfig for ping scan ranges, go to Admin > Discover > Discover / Rewalk.

Paste the required config content into the appropriate field. E.g. 2. Ping Scan Ranges.

Click Save Changes.

15.1.3

15.1.4

Ping/SNMP walk features The following features are available within the ping/SNMP tool:

Feature Description

Ping AKIPS transmits 10 packets to a device and records the time taken for each transmission. The min/avg/max/stddev are shown for the 10 packets. Only an IP address is required for this feature

SNMP walk AKIPS performs an SNMP walk of an MIB. You will need to specify an IP address, MIB object and the SNMP credentials

SNMP OIDs The same as the SNMP walk, with the addition of the OID number of each MIB object to the output

Traceroute This traces the route from the AKIPS server to the device (end point). It lists each hop and the time taken. Only an IP address is required

Packet capture For this feature, you will need to specify the IP address and the duration of the capture

Ping/SNMP fields The following fields will display when Ping / SNMP Walk is selected. Not all fields must be completed:

Field Notes

Group Can be single- or multi-select

Device Filter Regex filter applied to the device list

(continued)

103

15.2

15.2.1

104

Field Notes

Device A list of devices matching the selection criteria. When you select a device, the credentials will populate

IPv4 Address Populates with the address of a selected device. Alternatively, you can type the IP address of the device

IPv6 Address Populates with the address of a selected device. Alternatively, you can type the IP address of the device

MIB Selector Selects the required MIB object

MIB Object Populates automatically based on the MIB selection. Alternatively, you can type the MIB object

Version Populates automatically based on the device selection

MaxRep The maximum number of MIB objects returned in the packet response

SNMP Based on the version, the credential fields Credentials automatically display:

• versions 1 and 2: community (default)

• version 3: username, context, authentication and key, privacy and key

SNMP Errors Set to ignore when walking broken MIB tables

Clear Clears the fields populated by the selected device

Interface Only displays when there are multiple network interfaces in the AKIPS server

105

Pings

To check that a device can be reached using pings:


Specify the device to ping by either:

• typing an IP address

• selecting a device.

Select Ping.

AKIPS will transmit 10 packets.

SNMP walk

To perform an SNMP walk:


Specify the device to walk by either:

• typing an IP address and completing the SNMP credentials


Select a MIB table from the MIB Selector drop-down list or type the MIB.Object name.

Select SNMP Walk.

If waiting for a response, a progress message will display.

When completed, AKIPS will display a list of all enabled SNMP objects, and the number of packets transmitted.

If the SNMP walk times out, a failure message will display.

15.2.2

15.2.3

106

SNMP walk download

When providing assistance, the AKIPS support team may request a copy of the SNMP walk.

To download the SNMP walk:

Select Download Walk from the results pane.

When prompted, click Save.

TracerouteTraceroute maps the route from the AKIPS server to the device, listing each hop

and the time taken.

To download Traceroute:

Navigate to Tools > Ping / SNMP Walk.

Specify the SNMP device by either:



Select Traceroute.

The traces will display the number of hops taken to reach the specified IP address.

15.2.4

15.3

107

Packet capture When providing assistance, the AKIPS support team may request a packet capture.

To complete a packet capture:


Specify the SNMP device by either:



Select the duration of the packet capture by using the drop-down list. The default is 10 minutes.

The Interface field will display only if there are multiple network interfaces in the AKIPS server. Select the appropriate interface from the drop-down list.

Select Packet Capture.

A timer will count down the time left until the capture completes.

Results

The packet capture results can be reviewed through an application such as Wireshark.

Download

To download the packet capture results:

Select Download Packet Capture from the results pane.

This will download a gzipped pcap file.

15.4

15.4.1

15.4.2

108

Device editor You can modify the following details through the device editor:

• device name

• IPv4/IPv6 address • SNMP IP

• SNMP credentials

• max repetitions

• maintenance mode.

To use the device editor:

Go to Tools > Device Editor.

Specify the device by either:



When you select the device, the right-hand pane will populate.

Fields shaded in grey cannot be modified as these are MIB objects specified on the device itself.

Update the appropriate fields:

Field Description

Device The name of the device

IPv4/IPv6 The IPv4 or IPv6 address

SNMP IP An IP address to receive SNMP requests. Usually the same as the IPv4/IPv6 field

(continued)

15.5

15.6

Field Description

SNMP Version 1, 2 or 3

SNMP Credentials Versions 1 and 2:

• community.

Version 3:

• username

• auth type and passphrase

• priv type and passphrase

Max Repetitions The maximum number of MIB objects to send

in a walk response

Maintenance For network maintenance, suppress alerts by Mode selecting ON

For a list of devices, go to Reports > Device > Summary and select maintenance_mode

Click Save.

After changing the configuration, rewalk the device.

Mapping device to IP address

To obtain a list of all IP addresses mapped to a device:

Go to Tools > Device to IP Mapping.

AKIPS will display all devices it has discovered, with their relevant mappings.

109

16

16.1

16.1.1

Access controlAccess control in AKIPS includes:

• authentication settings: how users gain access to AKIPS

• profile settings: the tools and reports which users can access

• user settings: who can access tools and reports.

AuthenticationYou can configure and maintain the settings for the following authentication schemes:

• Local (Unix). This is the default

• LDAP

• RADIUS

• TACACS+.

Local (Unix)

To configure authentication settings for Local (Unix):

Go to Admin > Users / Profiles > Authentication.

Select Local / Unix from the list.

Click Save.

110

LDAP

To configure authentication settings for LDAP:


Select LDAP from the list.

Complete the following settings:

Field Details

Server Type the name or IP address of the LDAP server. You can also include the port number (optional).


{IP address}[ {port number}]

E.g.

10.2.78.20

SSL/TLS Select the appropriate communication protocol from the list:

• none

• SSL

• STARTTLS.

Base DN Type the DN for the section of the directory where AKIPS should start searching for users and groups.

E.g.

dc=mydomain,dc=com

(continued)

111

16.1.2

Field Details

Bind DN (Optional) Type the full DN for the credential used to authenticate to the directory server. If left blank, AKIPS will use an anonymous bind.

E.g.

cn=admin1,cn=users,

dc=mydomain,dc=com

Bind (Optional) Type the password for the bind DN. Password

Scope Select the appropriate search scope:

• subtree

• one-level.

Login Select the appropriate attribute to authenticate Attribute the user.

E.g.

uid

SSL/TLS Copy and paste your CA certificate for SSL/TLSCertificate authentication into the text box. It must be encrypted

and in PEM format.

Click Save.

After saving your LDAP settings, you can enter known credentials to test your configuration.

112

16.1.3 RADIUS

To configure authentication settings for RADIUS:


Select RADIUS from the list.


Field Details

Server Type the name or IP address of the RADIUS server. You can also include the port number (optional).



E.g.

10.2.78.20

Shared Add the shared secret text string, which serves as a secret password between hosts.

Click Save.

113

16.1.4

16.2

114

TACACS+

To configure authentication settings for TACACS+:


Select TACACS+ from the list.


Field Details

Server Type the name or IP address of the TACACS+ server. You can also include the port number (optional).



E.g.

10.2.78.20

Shared Add the shared secret text string, which serves as a secret password between hosts.

Click Save.

Profile groupsA profile group is a group of users who all have the same access to AKIPS tools and reports.

Create a profile group and assign the access rules. Create a user account for each user, and then assign each user account to a profile.

The user account will inherit the access rights of the profile group.

16.2.1

16.2.2

115

Creating a profile group

To create a profile group:

Go to Admin > Users / Profiles > Profile Settings.

In the text field, type the name of the profile group and then click Add.

Continue to add profile groups as required.

Settings

When a new profile group is created:

• the timezone defaults to the timezone set for the AKIPS server (see 3.1.9 Timezone)

• no access is assigned (i.e. All groups and All reports are set to OFF).

To change the settings for a profile group:


Select the required profile group from the list.

If required, change the timezone to suit the profile group.

If the profile group is to have access to data from all groups, set the All Groups switch to ON.

Alternatively, click Edit Groups to select the required groups.

To include access to a group, select it from the list and then click Include.

To remove access to a group, select it from the list and then click Exclude.

Click Edit Reports.

To include access to a report, select it from the list and then click Include.

16.2.3

16.3

16.3.1

To remove access to a report, select it from the list and then click Exclude.

The details will update immediately.

Select the profile group from the list on the left-hand side to review its access rights.

Deleting a profile group

To delete a profile group:


Select the required profile group from the list.

Click Delete.

When prompted, click OK.

AKIPS will update the profile group list.

User accounts

Adding an account

To add a new account:

Go to Admin > Users / Profiles > User Settings.

In the left-hand field, type a unique Username (no spaces or capital letters).

Type the Full Name of the user (with spaces and capital letters).

Complete the Password field. The default is to allow password changes.

116

16.3.2

16.3.3

Type the user’s Email. AKIPS will validate the format of the address.

Select an appropriate Profile from the drop-down list.

Click Add.

AKIPS will update the list if there are no validation errors.

Settings

To edit an account:


Select Edit beside the account in the right-hand pane.

The left-hand pane will populate with the settings. You can change all fields except Username.

Make your changes and then click Save.

AKIPS will update the user account list.

Deleting an account

To delete an account:


Select Delete beside the account in the right-hand pane.

Click OK.

AKIPS will update the user account list.

117

16.3.4

16.3.5

Changing a password

To change a password:


Select Edit beside the account in the right-hand pane.

In the Password field, type a unique password.

Click Save.

Muting alerts

You can mute network alerts for user accounts for:

• one hour

• eight hours

• one day

• seven days

• forever.

To mute alerts for an account:


Select Mute Time beside the account.

The mute column will populate to indicate that it is active.

118

17 Requesting a MIB object

To request a MIB object:

Perform an SNMP walk of the required device:


Select the device. Its configuration details will display, including IP address, SNMP version, community or SNMPv3 credentials.

In the MIB Selector drop-down list, select All Objects.

Click SNMP Walk.

If the walk is still progressing after more than 30 minutes, contact the AKIPS support team.

After the walk has completed, click Download.

Save the file without changing the default name.

Upload your SNMP walk to https://www.akips.com/upload

Provide detailed notes regarding the MIB object you wish to monitor. AKIPS's developers will contact you if we require further information.

The AKIPS team will schedule your requested MIB object for afuture release. After you have upgraded to this release, rewalk all of the devices to add them to your network.

119

administrator guide - akips · 8.2 pagerduty 79 8.3 slack 79 9 availability 81 9.1 settings 81 10...

Documents