Preventing Specific Subnets from Being Discovered by Nectus

In this chapter, you’ll learn how to prevent specific subnets from being discovered by Nectus.

The specific topics we will cover in this chapter are:

  1. Why Prevent Specific Subnets from Being Discovered?
  2. How Does Nectus Prevent Subnets from Being Discovered?
  3. Working with the Excluded Subnet List

1. Why Prevent Specific Subnets from Being Discovered?

Preventing specific IP subnets from being discovered can provide improved security. For example, if your client is a city government, they might want to hide the Subnet of the police force or other crucial services. A bank might want to hide the Subnet that their ATMs run on.

2. How Does Nectus Prevent Specific Subnets from Being Discovered?

Before Nectus scans the network, it consults the Excluded Subnets List. It doesn’t scan any Subnets it finds in this list and deletes any information about those Subnets from the Management Information Base (MIB).

3. Working with the Excluded Subnet List

To work with the Excluded Subnet List go to the Nectus Home Screen and select Settings -> Network Discovery Settings.

This opens the “WMI Monitoring Settings” dialog box. Select the Excluded Subnets tab.

Click Add to open the “Add Excluded Subnet” dialog box.

Enter the IPv4 Subnet and the number of Mask bits to identify the Subnet you want excluded.

Note: If you remove a Subnet from the Excluded Subnet List, it, and all the Devices on it, will appear the next time Nectus runs Discovery.

 

Preventing Specific Devices from Being Discovered by Nectus

In this chapter, you’ll learn how to prevent specific Device types from being discovered by Nectus.

The specific topics we will cover in this chapter are:

  1. Why Prevent Specific Devices from Being Discovered?
  2. How Does Nectus Prevent Specific Devices from Being Discovered?
  3. Adding Devices to the Ignore OID List
  4. Editing the Ignore OID List

1. Why Prevent Specific Devices from Being Discovered?

Preventing certain Device types from being discovered and displayed in the SNMP Devices list makes it easier to manage your network device inventory.

For example, you could have hundreds of printers connected to your network. But under normal circumstances, you probably don’t need to monitor them.

Preventing Nectus from discovering specific devices saves Nectus Server resources for the devices you really want to monitor.

 

2. How Does Nectus Prevent Specific Devices from Being Discovered?

During discovery Nectus collects information about every network device it finds. This information include SNMP Platform OID.

Nectus maintain “SNMP Platform OID Ignore-List” which contains a list of SNMP Platform IDs that should be ignored during discovery.

By adding specific SNMP Platform OID to “Ignore-List” you can prevent devices with that Platform ID from being added by Nectus to its database.

3. Adding Devices to the Ignore OID List

To add a Device type to the Ignore OID List, go to the “SNMP Devices” Panel on the Nectus Home screen and open the All Devices list. Navigate to the Product Specific Level containing the type of Device you want to hide and right-click on it. In the shortcut menu that appears, select Add to Ignore List and Delete.

Confirm the operation in the “Add to Ignore List and Delete” dialog box that appears.

Nectus adds the Device type to the Ignore OID List and removes this Sub-Category and all its Devices from the SNMP Devices list.

4. Editing the Ignore OID List

You can manually edit the Ignore OID List to hide Device types, make them discoverable again, or change the OID Prefix associated with them.

To edit the Ignore OID List go to the Nectus Home Screen and select Settings -> Network Discovery Settings.

This opens the “WMI Monitoring Settings” dialog box. Select the Ignore OID List tab.

Use the controls here to add Device types to the Ignore OID List or remove them from it. Any previously hidden Devices will appear the next time Discovery runs.

You can also manually change the OID Prefix by clicking the Edit icon to the right of the Sub-category to open the “Update OID” dialog box.

 

Monitoring Windows Event Log with WMI

In this chapter, you’ll learn how to use WMI to monitor the Windows Event Log. Nectus lets you create profiles that use WMI to monitor specific Events and to send Alerts related to them.

The specific topics we will cover in this chapter are:

  1. What is WMI?
  2. Why Monitor the Windows Event Log?
  3. Creating a WMI Monitoring Profile
  4. Configuring Event Log Monitoring
  5. Assigning a Profile to a WMI Server Group

1. What is WMI?

WMI (Windows Management Instrumentation) is a set of specifications and interfaces that provides information about the status of local and remote computers running Microsoft Windows. In this chapter we look at how Nectus uses WMI to monitor the status of Windows Processes and send Alerts based on that status.

Note: WMI is the Microsoft implementation of the Web-Based Enterprise Management (WBEM) standard and the Common Information Model (CIM) standard from the Distributed Management Task Force (DMTF).

2. Why Monitor the Windows Event Log?

There are many reasons to monitor the Windows Event Log. One of the most important is preventing security breaches. Events that show a configuration change, a failure, or an unexpected login attempt could be triggered by an attack on the server.

3. Creating a WMI Monitoring Profile

To create a WMI Monitoring Profile go to the Nectus Home Screen and select Monitoring -> WMI Monitoring Settings.

This opens the “WMI Monitoring Settings” dialog box.

Click Add Profile -> System.

Create a new Profile by entering the Monitoring Profile Name and checking the Event log monitoring Enabled box. In addition, check the types of Alerts you want to send. See Section 4, “Editing a WMI Monitoring Profile” for details on how to specify which Events you want to monitor and how you want to be alerted.

Check the Default Profile box if you want to make this the new default WMI Monitoring profile.

4. Configuring Event Log Monitoring

To configure Event Log monitoring, open the “WMI Monitoring Settings” dialog box and select the Edit Profile icon for the Profile you want to edit. In “Edit WMI Monitoring Profile” dialog box that appears select the System tab.

4.1 Editing Options

Select the Event log monitoring Options icon to open the “WMI Event Log Filters” dialog box.

Click Add Filter to open the “Add Event Log Filter” dialog box.

Enter the Filter Name and optionally select a specific Event Log File to monitor. Fill out the rest of the fields as necessary to specify the Event you want to monitor. The new filter will appear in the “WMI Event Log Filters” dialog box.

4.2 Editing Alerts and Templates

In the System tab of the “Edit WMI Monitoring Profile” dialog box, check or clear the types of Alerts to send for the Events. To edit the format of the Alerts, open the “Edit Alert Handler” dialog box by clicking the Edit Alert Templates icon.

5. Assigning a Profile to a WMI Server Group

In the WMI Servers Panel on the Nectus Home screen, open the WMI Servers list. Right-click a WMI Server Group and select Properties.

This opens the “Edit WMI Server Group” dialog box.

Check the Enable Monitoring box, then select the WMI Monitoring Profile to use from the Monitoring Profile drop-down list, and specify which groups will receive the Alerts.

The icons to the right of the Monitoring Profile list allow you to edit a Profile or add a new Profile directly from here.

Monitoring Windows Processes with WMI

In this chapter, you’ll learn how to use WMI to monitor Windows Processes. Nectus lets you create profiles that specify which Processes to monitor with WMI and to send Alerts related to them.

The specific topics we will cover in this chapter are:

  1. What is WMI?
  2. Why Monitor Windows Processes?
  3. Creating a WMI Monitoring Profile
  4. Editing a WMI Monitoring Profile
  5. Assigning a Profile to a WMI Server Group

1. What is WMI?

WMI (Windows Management Instrumentation) is a set of specifications and interfaces that provides information about the status of local and remote computers running Microsoft Windows. In this chapter we look at how Nectus uses WMI to monitor the status of Windows Processes and send Alerts based on that status.

Note: WMI is the Microsoft implementation of the Web-Based Enterprise Management (WBEM) standard and the Common Information Model (CIM) standard from the Distributed Management Task Force (DMTF).

2. Why Monitor Windows Processes?

You will normally want a particular set of Windows Processes running on your servers. Nectus can notify you when these Processes run, ensuring you that everything starts properly. You can also watch for specific Processes you don’t want on your servers.

For example, viruses run as Processes. If you know the names of the Processes associated with a specific virus, Nectus can notify you if any of those Processes starts running on one of your servers.

Monitoring for stopped Windows Processes lets you respond quickly to the failure of an important business Process.

3. Creating a WMI Monitoring Profile

To create a WMI Monitoring Profile go to the Nectus Home Screen and select Monitoring -> WMI Monitoring Settings.

This opens the “WMI Monitoring Settings” dialog box.

Click Add Profile -> Processes.

Create a new Profile by entering the Monitoring Profile Name and checking the Enabled boxes next to the metrics you want to monitor. In addition, check the types of Alerts you want to send for each Monitored Metric. See Section 4, “Editing a WMI Monitoring Profile” for details on how to specify which Processes you want to monitor and how you want to be alerted.

Check the Default Profile box if you want to make this the new default WMI Monitoring profile.

4. Editing a WMI Monitoring Profile

To edit a WMI Monitoring Profile, open the “WMI Monitoring Settings” dialog box and select the Edit Profile icon for the Profile you want to edit. In “Edit WMI Monitoring Profile” dialog box that appears select the Processes tab.

4.1 Editing Options

Select the Options icon for the Metric you want to edit to open the “WMI Options” dialog box.

Set the number of Consecutive Readings needed to trigger an alert then click the Add Name button to add the Processes you want to monitor.

4.2 Editing Alerts and Templates

In the Processes tab of the “Edit WMI Monitoring Profile” dialog box, check or clear the types of Alerts to send for each Monitored Metric. To edit the format of the Alerts, open the “Edit Alert Handler” dialog box by clicking the Edit Alert Templates icon.

5. Assigning a Profile to a WMI Server Group

In the WMI Servers Panel on the Nectus Home screen, open the WMI Servers list. Right-click a WMI Server Group and select Properties.

This opens the “Edit WMI Server Group” dialog box.

Check the Enable Monitoring box, then select the WMI Monitoring Profile to use from the Monitoring Profile drop-down list, and specify which groups will receive the Alerts.

The icons to the right of the Monitoring Profile list allow you to edit a Profile or add a new Profile directly from here.

Monitoring of Windows Services with WMI in Nectus

In this chapter, you’ll learn how to use WMI to monitor Windows Services. Nectus lets you create profiles that specify which services to monitor with WMI and how to send alerts related to them.

The specific topics we will cover in this chapter are:

  1. What is WMI?
  2. Why Monitor Windows Services?
  3. Creating a WMI Monitoring Profile
  4. Editing a WMI Monitoring Profile
  5. Assigning a Profile to a WMI Server Group

1. What is WMI?

WMI (Windows Management Instrumentation) is a set of specifications and interfaces that provides information about the status of local and remote computers running Microsoft Windows. In this chapter we look at how Nectus uses WMI to monitor the status of Windows Services and send Alerts based on that status.

Note: WMI is the Microsoft implementation of the Web-Based Enterprise Management (WBEM) standard and the Common Information Model (CIM) standard from the Distributed Management Task Force (DMTF).

2. Why Monitor Windows Services?

Knowing which Windows Services are running lets you spot misconfigured servers easily. You can ensure that all required services such as anti-virus software are running. You can also see if any unwanted services such as a web server are running.

Monitoring for stopped Windows Services lets you respond to the failure of an important service quickly.

3. Creating a WMI Monitoring Profile

To create a WMI Monitoring Profile go to the Nectus Home Screen and select Monitoring -> WMI Monitoring Settings.

This opens the “WMI Monitoring Settings” dialog box.

Click Add Profile -> Services.

Create a new Profile by entering the Monitoring Profile Name and checking the Enabled boxes next to the metrics you want to monitor. In addition, check the types of Alerts you want to receive for each Monitored Metric. See Section 4, “Editing a WMI Monitoring Profile” for details on how to specify which Services you want to monitor and how you want to be alerted.

Check the Default Profile box if you want to make this the new default WMI Monitoring profile.

4. Editing a WMI Monitoring Profile

To edit a WMI Monitoring Profile, open the “WMI Monitoring Settings” dialog box and select the Edit Profile icon for the Profile you want to edit. In “Edit WMI Profile” dialog box that appears select the Services tab.

4.1 Editing Options

Select the Options icon for the Metric you want to edit to open the “WMI Options” dialog box.

Set the number of Consecutive Readings needed to trigger an alert then click the Add Name button to add the Services you want to monitor.

4.2 Editing Alerts and Templates

In the Services tab of the “Edit WMI Monitoring Profile” dialog box, check or clear the types of Alerts to receive for each Monitored Metric. To edit the format of the Alerts, open the “Edit Alert Handler” dialog box by clicking the Edit Alert Templates icon.

5. Assigning a Profile to a WMI Server Group

In the WMI Servers Panel on the Nectus Home screen, open the WMI Servers list. Right-click a WMI Server Group and select Properties.

This opens the “Edit WMI Server Group” dialog box.

Check the Enable Monitoring box, then select the WMI Monitoring Profile to use from the Monitoring Profile drop-down list, and specify which groups will receive the Alerts.

The icons to the right of the Monitoring Profile list allow you to edit a Profile or add a new Profile directly from here.