here - indeni
Contents
1. View Add Device Search Q X View 4 Resolve g Freeze Export aN Q v 1525 Fa GAIA_R7720 10 3 3 148 RESOLVED DNS servers configured but responding too slowly 296ms t Dec 25 2014 07 52 42 PM Dec 25 2014 01 13 00 PM v 1524 Fa R7710 CXL2 10 3 3 158 RESOLVED DNS servers configured but responding too slowly 140ms t Dec 25 2014 07 54 52 PM Dec 25 2014 01 11 15 PM gt p Check luster Gateway iv v 1523 ga VSX 10 3 3 157 RESOLVED DNS servers configured but responding too slowly 99ms to Dec 25 2014 07 49 45 PM Dec 25 2014 01 06 13 PM o Y IPSO 10 3 3 56 rv g sponding too slowly 59ms to gt ol Check ev aw Y Bi 11_di JOLVED Two cluster members differ in their routing tables SA 66322 Dec 26 2014 02 56 11 AM 25 2 24 Y 24 21 gt ye Check Point Standalone Gateway o v 94 r a ney jut not operational SA 16763 Dec 24 2014 10 51 59 PM Dec 24 2014 10 51 59 PM sE e it doe be operating ers D Cisc o inutes If indeni determines th RTR jom ly be flagged gt Cisco 10S o A b BArssicir o rca Dd p Fortinet FortiOS based Device o BAL ele E ST ay T TO Manual Rem n Steps Review the NTP configuration firewall routing tables and other elements D z Juniper J Sec Gatev o of the network to determine the cause gt Juniper ScreenOS Me o Notes and History aw Dec 24 22 51 59 2014 IST Alert created Dec 24 22 51 59 2014 IST Associated item added url hover com Append note gt g Unknown o e v2. am Once INDENI USER GuIDE 41 When hovering over a device or a group with a single device in it the system displays device parameters such as its name CPU memory the number of connections and active alerts Below each gauge is a summary of alerts and the uptime of the device Nokia_Box_IP530 2 s 0 7 3 0 Uptime 100 00 CPU cpu 35 Memory 85 Sessions Connections 3 25000 Number of Error Alerts 7 Clicking on any gauge changes the displayed data in the right hand panel of the Network Health tab The panel shows the top alerts associated with the selected gauge Double click the gauge or the status line below it to drill down into the groups devices which are included in that group For example the following screen shows the individual devices within the R60SMC s firewall group Home gt R60SMC s Firewalls R60SMC s Firewalls Gauges values Health X Nokia_Box_IP530 1 Failed t scat Apr 9 2013 ailed to communicate 11 43 02 PM High memory usage hasbeen Apr 9 2013 measure d 11 40 29 PM Use of NTP servers configured Apr 9 2013 but not operational SA 16763 01 46 58 AM IP530Cluster R60SMC e 1 6 9 1 0 6 1 1 R60SMC Uptime 99 90 Uptime 99 92 Apr 9 2013 SIC issues identified 11 37 15 PM Device clock appears tobe set Apr 9 2013 incorrec tly 11 36 40 PM Clicking on a specific device R60SMC displays its detailed status information on the right Clicking Home
3. Excluded Groups Included Groups All Objects A v A v By Type Check Point GAIA Check Point R75 HFA 40 Firewall Check Point R76 no HFA Firewall Check Point R76 no HFA Security Management Check Point R77 HFA 10 Firewall Schedule and Receivers _ and Receivers Periodicity Monthly TimeofDay 10 00 Dayofmonth 1 ee v Create Immediately Z admin admin localdomain IZ johndoe johndoe mydomain com shoukyd shoukyd mydomain com test test mydomain com Save Camel Delete Inventory Report This report exports as an Excel spreadsheet with multiple tabs presenting details regarding your analyzed devices To access the report from the Reporting tab 1 Click on the Inventory Report sub tab 2 Choose from the list of Excluded Devices which analyzed devices you do not wish to include in the report 3 Choose from the list of Included Devices to include which analyzed devices you want to report on Operate Help O indent Operations Management Compliance Management Tools Reporting Settings Device Configuration Alert Summary Procurement Inventory Report An inventory report will include the main configuration details and device specifications indeni has retrieved from the selected devices The report is produced in an Excel format for easy reading and analysis Please select the devices and groups of devices you are intereste
4. Check Point Cluster Monitoring V Check Point Firewall Monitoring Check Point VSX Monitoring Check Point IPS Blade or Smart V Check Point Operating System M Check Point GAiA specific M Check Point IPSO specific M Check Point Linux On Crossb Check Point SecurePlatform Check Point Performance Monito Check Point VoIP Support Monito Check Point VPN Monitoring Cluster Monitoring Check Point Cluster Monitoring Fortinet FortiOS Cluster Monitoring Juniper Junos Cluster Monitoring Juniper ScreenOS Cluster Monit Compliance Management Tools Alerts Analysis Network Health Knowledge Management Alert Archive Reporting Settings Cy inden Alerts Within Category Search Q Name A Complex Programmable Logic Device register read may intermittently fail 50114645 A VLAN failsafe action may not trigger for individual VLANs in a VLAN group 50113210 A configuration may fail to load when the default network route name is an IP address 50114795 A virtual server IP address may fail to bind to TMM Sol14747 A virtual server associated with a web acceleration profile or request logging profile may cause TMM to leak memory 50114591 A virtual server using a web acceleration profile may cause TMM to leak memory 50114239 A virtual server with a multi pool iRule may be erroneously marked offline 50115410 AAA Authentication Authorization Accounting should be Enabled ARP Issues Identifi
5. vw 1426 E IPSO 10 3 3 56 Hosts file is missing the localhost entry Dec 25 2014 04 16 22 PM IPSO 10 3 3 56 i jam yY 1419 ma IPSO 10 3 3 56 Device is not using NTP SA 16763 Dec 24 2014 04 01 56 PM aw 1 error alerts 4 warning alerts Ty eee eee ee gt Device Configuration IPSO 10 3 3 56 Licenses do not match cp macro Dec 24 2014 04 01 38 PM D p creas Point Standalone Gateway Filter Current Alerts Stop or Suspend Monitoring D Cisco IOS Router IRTR D To IOS Switch A D Q F5 BIG IP gt pe Fortinet FortiOS based Device Ww D pE re Junos Security Gateway D p series ScreenOS NSRP Cluster Me D ga Unknown Device 4 1606 gt gt 99090900 9 Use the checkbox to the left of the ID field to check or uncheck all filtered alerts at once To adjust the width of individual columns on the screen select the Columns option on the View flyout W Severity W ID W Device 130 px W Last Update I Created E Revalidated Apply Reset Use the checkboxes to select which columns to display Alternatively right click on any column header to access this menu Severity This column displays a colored flag for each alert Colors range from red to blue to distinguish critical warnings from less severe alerts This allows users to find and resolve alerts most likely to cause imminent downtime and to visually assess the type of alert and remedial action required The Monitored Devices lis
6. Resolve Freeze Export Dec 24 2014 Device Headline Last Update Se dena ac 04 06 11 PM pe GAIA_R7720 10 3 3 148 RESOLVED DNS servers configu Dec 25 2014 01 51 28 PM Two cluster members differ in Dec 24 2014 Pree ke alei ex their routing tables SA 66322 04 02 29 PM re emptive alerts pe R7710 CXL2 10 3 3 158 RESOLVED DNS servers configu Dec 25 2014 01 55 30 PM FEREN ELPA EART eee JuniperSRX2 EN None Pre emptive alerts p VSX 10 3 3 157 RESOLVED DNS servers configu Dec 25 2014 01 55 30 PM P 22 gt IPSO 10 3 3 56 RESOLVED DNS servers configu Dec 25 2014 01 51 28 PM Software has reached end of Dec 24 2014 m support SA 24900 04 06 09 PM Monitored or Permanent VPN Dec 24 2014 pt GAIA 10 3 3 34 Use of NTP servers configured b Dec 24 2014 10 51 59 PM tunnel s down 04 02 36 PM High storage usage has been Dec 24 2014 Total BigIP_11_devA 10 3 1 84 RESOLVED Two cluster member Dec 25 2014 01 26 27 PM hiie Tie Tia Tie Tie Tie l i 25 2 54 fel GAIA 10 3 3 34 RESOLVED DNS servers configu Dec 25 2014 01 54 30 PM measured 04 02 36 PM E Check Point R77 HFA 20 Security JuniperSSG2 A E Check Point SecurePlatform 2 6 4 4 gt E Common device_trust_group Software has reached end of Dec 24 2014 By Type groups all devices of a particular type Check Point firewalls or Cisco Routers for instance Individual devices or device groups created by the user are labeled by name
7. indeniAlertEntrylndex The ID of the specific alert that was generated indeniAlertSeverity The alert s severity indeniAlertHeadLine The alert s headline indeniAlertDescription The alert s description indeniDeviceName The name of the device the alert pertains to indeniDevicelp The IP of the device indeniAlertCategory The category the alert belongs to on O indeni INDENI USER GuiDE 73 indeniAlertBaseldentifier The type of alert indeniAlertStatus The alert status UNRESOLVED Normally the status when an alert is first generated RESOLVED Normally issued as part of trap type 2 below indeniAlertStatusUpdateTrap This is issued when an alert s resolved status changes When an alert has been remediated indeni automatically changes the status to Resolved however if indeni later re verifies and identifies it as unresolved it will remove the Resolved designation Whenever the status changes either from Unresolved to Resolved or vice versa this trap will be issued with the ID of the original alert in the indeniAlertEntrylndex field New values will appear in the indeniAlertSeverity and indeniAlertStatus fields indeni provides the means to add an SMTP server to the list of managed devices to facilitate alert emailing Once configured Critical and Error alerts are sent through this server by default To add a new SMTP server oh UU N Go to the Settings tab and select the Integration sub tab Click the Add Devi
8. Remove Maintenance window set to 2 days 2 hours 15 minutes from now 2 Enter the preferred time frames To remove a schedule that has already been set up e Click on the Remove button Integration This tab manages a variety of objects used to notify users of alerts indeni can be configured to send alerts via SNMP trapping SMTP email or by using the UDP syslog protocol Users must add the type of server desired to indeni and configure the system to forward alerts to the desired users Operate Help O indent Operations Management Compliance Management Tools Reporting Settings es indeni Backup indeni Insight Audit Log Defined Objects D Selected Object s Details Add Device Search Q AM Test 10 3 3 154 SNMP Processing Adding an SNMP Master SNMP trapping captures alerts which can then be forwarded to a user s mobile phone or pager for further action indeni supports any SNMP master indeni has been verified to be compatible with IBM Tivoli and has achieved the EE m IBM Ready for Tivoli status To request the files required to use IBM Tivoli Tivoli please contact support at http indeni com support AUE ais y indeni QA the network knowledge c INDENI USER GuIDE 71 indeni is also a Technology Alliance Partner of CA Technologies providing security assurance solutions through their Technology Partner Program Our solution helps ensure continuity of services and provides deep insi
9. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND either express or implied See the License for the specific language governing permissions and limitations under the License Spring Copyright 2010 SpringSource Licensed under the Apache License Version 2 0 the License you may not use this file except in compliance with the License You may obtain a copy of the License at http www apache org licenses LICENSE 2 0 Unless required by applicable law or agreed to in writing software distributed under the License is distributed on an AS IS BASIS WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND either express or implied See the License for the specific language governing permissions and limitations under the License Ehcache Copyright 2003 2010 Terracotta Inc Licensed under the Apache License Version 2 0 the License you may not use this file except in compliance with the License You may obtain a copy of the License at http www apache org licenses LICENSE 2 0 Unless required by applicable law or agreed to in writing software distributed under the License is distributed on an AS IS BASIS WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND either express or implied See the License for the specific language governing permissions and limitations under the License Joda Time Copyright 2002 2010 Joda org Licensed under the Apache License Version 2 0 the License you may not use this file except in compliance with the License You may obtain a copy
10. Gy indent Search Live Configuration Troubleshooting Monitored Devices O Search Q View gt p Check Point Cluster Gateway D E Check Point Gateway ow i p Check Point Standalone Gateway P GAIA 10 3 3 34 al GAIA_R7720 10 3 3 148 D A coos Router RTR gt gcco os Switch D a5 FS BIG IP te gt Fortinet FortiOS based Device gt al Juniper Junos Security Gateway D a Juniper ScreenOS NSRP Cluster Member b Unknown Device Is a Virtual Machine Device Model Device Component Products Installed OS Memory Usage Firewall Memory Usage Swap Memory Usage Average CPU Usage CPUs Cores Total Number of Concurrent Sessions or Connections Maximum Number of Supported Connections or Sessions Filesystems Device License Info Live Configuration Device GAIA 10 3 3 34 Yes Prodi ime VMware Virtual Plat oergiene ict Name 440BX Des aap a oma pair pli mga pi PSB COMP U in cp macro Lice ion mig ring cp m Licen might be not compat atible mode I name Intel R Xe OR CPU ENA E fe u MHZ 25 823 Check Point Gaia Product Installed Check Point GAIA Check Point Smart Cen Product In stale A heck Point R76 no HFA Security Management Check Point Securi Product In stalled ne Bente no HFA Firewall 68 00 3 00 89 12 49 00 cpu CPU Core Usage 94 00 22 25000 iboot usage MB 18 85 136 85 13 06 idew m p n 0 471 9 0 License 10 255 2 1 1
11. Make the desired changes 3 Click Save Operate Help O indent Settings Monitored Devices Groups Integration Users icenses indeni Insight Audit Log Defined Groups D Edit Group Details D Add Group ee Juniper ScreenOS System ae Microsoft Windows System PEE E R Davie Devices not yet Included Devices to Include BigIP_11 6_A AIA System h BigIP_11 6_B BigIP_11_devA Check Point R75 HFA 40 Firewall BigIP_11_devB System 960g Cisco_2811 lt lt C 2901 Check Point R76 no HFA Firewall System Groups not yet Included Groups to Include bii at R76 ino A Sec ta All Objects I Check Point R76 no HFA Security Ma System By Type gt Check Point Crossbeam Check Point Firewall Check Point R77 HFA 10 Firewall Check Point GAIA lt lt System Check Point IPSO iJ Customized notes for group eck Point R77 HFA 20 Firewall D O x D oint R77 HFA 20 Security Ma wo H jeck Point SecurePlatform 2 6 D j O a5 n e a ah ae a a ae a h gg g ge g H O o i5 Customized Notes A user may choose to add custom notes that will be displayed along with other information on the alerts on specific groups and subgroups a k Ned indent INDENI USER GuipE 70 Scheduled Maintenance Windows To set up a maintenance schedule for a group 1 Click on the Add Window button Y Scheduled Maintenance Windows Add window On Sunday From o 3 For hour s
12. Missing or Misconfigured Servers 10 3 3 75 with minimal severity of All Ignore this Manual Remediation Steps Modify the device s configuration as required by the device profile y indent Q the network knowledge c INDENI USER GuiDE 51 RADIUS Servers In Use indeni will check that a specific RADIUS server is being used by the devices in the profile RADIUS Servers In Use Severity Critical w Alert Type SNMP Email Log Y Basic Settings Automation Policy Item Autoremediate Ask Me ka Y Misc iJ RADIUS Server Hostname or IP required 1 2 3 4 Oo Timeout 0 eo Secret Remove E Y 100275 p cpg02 Some RADIUS servers which should be defined are not 10 3 3 223 Description As part of the verification of the device profile Profile 1 indeni checks that the RADIUS servers configured on the device match the requirement indeni has found that some RADIUS servers are missing or misconfigured These are listed below indeni will re check this alert every 5 minutes If indeni will determine the issue has been resolved it will automatically be flagged as such Missing or Miscon red Servers 1 2 3 4 with timeout of 0 with secret Manual Remediation Steps Modify the device s configuration as required by the device profile Ensure a Minimal Number of Connections or Sessions are Open The profile can flag a device that suddenly reports less than a set number of connections or sessions which
13. Y nfiguration using indent A A the network knowledge c INDENI USER GuIDE 61 indeni s reporting function provides users with emailed reports on a user set schedule The Reporting tab lists the type of reports available in sub tabs at the top of the screen Currently indeni allows scheduling for four reports Click on the appropriate sub tab to choose the desired report to schedule Cy inden Reporting Scheduled Report Configuration This consolidated report provides a separate report for each device included in the report parameters Device Configuration reports are sent on a set schedule and contain a set of archives Each archive represents the current configuration of a analyzed device 1 Click on Reporting and then the Device Configuration sub tab om O indeni INDENI USER GuIDE 62 Operate Help O indeni Reporting Add Schedule Ea Device Configuration reports are sent at a set schedule and contain a set of archives Each archive represents the current configuration of a monitored device These reports should be stored and used in the case of a monitored device s complete failure Report Configuration Configuration Excluded Devices Included Devices Report Name Device Config Weekly BigIP_1 1 6_A Excluded Groups Included Groups All Objects Check Point GAiA Check Point R75 HFA 40 Firewall Check Point R76 no HFA Firewall Check Point R76 no HFA Security Managem
14. ee Select a hoot from the let below uest Operating System Create a Disk Host Name Ready to Complete 4 Select a Datastore from the list provided and click Next Datastore Virtual Machine Version 7 Select a datastore in which to store the virtual machine files Configuration Name and Location Datastore Guest Operating System Create a Disk Ready to Complete Select a datastore in which to store the virtual machine files Capacity Provisioned Free Type Thin Provisioning Acces d P k gt indeni We the network knowledge c INDENI USER GuiDE 88 5 Specify which Virtual Machine Version to use if the host or cluster supports multiple versions Virtual Machine Version Configuration Name and Location Datastore Virtual Machine Version Guest Operating System CPUs Memory Network SCSI Controller Select a Disk Ready to Complete Virtual Machine Version This host or duster supports more than one VMware virtual machine version Specify the virtual machine version to use C Virtual Machine Version 4 This version will run on VMware ESX Server version 3 0 and later and VMware Server 1 0 and later This version is recommended when sharing storage or virtual machines with ESX Server versions up to 3 5 Virtual Machine Version 7 This version will run on VMware ESX Server version 4 0 and later and VMware Server 2 0 Choose this version if you need the latest virtual ma
15. rd 166 error alerts 1 warning ai f3 1P530Cluster gt ae The sub tabs in the Operations Management tab provide full access to all information and configuration settings related to alerts generated by indeni Alerts This tab displays all current alerts as well as the complete list of all analyzed devices and their associated alerts Users can add devices filter and search for alerts and export alert data in several formats pdf csv and xml Network Health The Network Health tab presents a dashboard that provides an at a glance view of network health in real time Analysis The Analysis tab provides the ability to visually track critical metrics over time These metrics are correlated with the alerts that were issued at the relevant time Knowledge Management Users have full control over how indeni handles alerts for each device ndeni Pe i Alert Archive INDENI USER GuIDE 16 This screen provides a full list of alert categories and access to configuration settings by alert and by device Acknowledging alerts moves them from the Alerts list to the Alert Archive list This screen allows quick access and filtering tools to search for specific archived alerts by date device or alert type Complete functionality for the Operations Management tab is described in Chapter 5 Operations Management om O indeni INDENI USER GuIDE 17 The Compliance Management tab allows users to schedule daily backups fo
16. this may be either on the indeni machine or on a remote location Choose the devices or groups you wish to back up from the Excluded Devices Groups list Use the double arrow buttons to add or remove devices in the Included Devices Groups List In the Schedules and Receivers portion of the screen set the time of day you want the backups to run By default the backups will be saved daily Choose the users who will receive notification of backups and their success or failure If desired use the Backup Details field to add further instructions for use of this backup file It will be saved as a README text file in the backup archive Additional Files or Directories can be backed up by providing their paths one path in each line Backup Details rrr Backup Readme Content a Additional Files or Directories to Include Click Save to save the new backup schedule or Delete to remove it from the list Click the Add button in the left panel A New Schedule will appear in the Backup Schedules list on the left Click on the New Schedule icon Follow steps 2 8 as shown in the previous section om O indeni INDENI USER GuiDE 55 In the Compliance Management tab select the Configuration Journal sub tab This functionality aggregates and displays all of the changes users have made to analyzed devices time stamped and listed by the most recent to enable a single at a glance listing The columns include the
17. 1485 GAIA 10 3 3 34 RESOLVED DNS servers configured but responding too slowly 92ms to Dec 28 2014 11 44 04 AM Dec 24 2014 08 41 21 PM v Contract s have expired v 1478 r GAIA 10 3 3 34 License s have expired Dec 25 2014 07 53 45 PM Dec 24 2014 04 06 14 PM v g C2960g 192 168 7 i i i z 28 21 2 24 2 06 12 v 6 pa GAIA 10 3 3 34 RESOLVED High memory usage 86 0 Dec 28 2014 03 44 56 PM Dec 24 2014 04 06 12 PM w 1475 a Fortinet 19 33 703 FGT40C3912005872 Service datahase not undated 1 indeni constantly updates unresolved alerts You can freeze the display to stop the system from updating content for the current alerts by toggling the Freeze button Click the button again to resume updates ar Q inden INDENI USER GuiDE 35 Resolving Alerts indeni can flag certain errors and offer suggestions on how to resolve issues manually Each Headline message when expanded tells the user if an error can be resolved or not and what the recommended manual action should be Click on the alert to expand it and read the details provided by indeni for resolution If hyperlinks are included clicking on those will provide more information on the alert and the process for remediating the issue Operate Help nden Operations Management Compliance Management Tools Reporting Settings Alerts Analysis Monitored Devices D View Add Device Network Health Knowledge Management Alert
18. 24 2014 04 06 11 PM Dec 24 2014 04 06 11 PM Dec 24 2014 04 06 11 PM Dec 24 2014 04 06 11 PM Dec 24 2014 04 06 11 PM Dec 24 2014 04 06 14 PM Dec 24 2014 04 06 12 PM Dec 24 2014 04 06 12 PM Dec 24 2014 04 06 11 PM Dec 24 2014 04 06 11 PM Dec 24 2014 04 06 11 PM Dec 24 2014 04 06 11 PM Dec 24 2014 04 06 11 PM Dec 24 2014 04 06 11 PM 1470 ga 29609 192 168 7 10 1469 Cisco_2811 192 168 7 1 Proxy ARP is enabled Dec 24 2014 04 06 11 PM Dec 24 2014 04 06 11 PM ae Tie Tie Tin Tie Tie Tie Tie Tie Tie Vie 1468 Cisco_2811 192 168 7 1 AAA is disabled Dec 24 2014 04 06 11 PM Dec 24 2014 04 06 11 PM 4 4 1 220f83 gt H Resolving Multiple Alerts Use the checkboxes in the far left column of the Monitoring tab to archive multiple Resolved alerts at once 1 Check the box for each alert you want to archive 2 Click the Resolve button and select Acknowledge Selected Alerts to archive these alerts Annotating Alerts Each individual alert issued by indeni can be manually annotated by users allowing them to communicate among themselves regarding specific alerts as well as noting down observations and actions to be taken indeni automatically populates the notes with major status changes of the alert such as when it was created when it was deemed resolved and when it was acknowledged Appended notes pertain solely to the alert they were added to and not to future or other instances of the same issue in
19. 24 2014 04 06 11 PM Dec 24 2014 04 06 11 PM Dec 25 2014 01 06 13 PM Dec 24 2014 04 06 12 PM Dec 25 2014 01 11 15 PM Dec 24 2014 08 41 21 PM Dec 25 2014 11 03 08 PM Dec 25 2014 01 13 00 PM Dec 24 2014 04 06 11 PM Dec 24 2014 04 06 14 PM Dec 24 2014 04 06 11 PM Dec 26 2014 10 00 44 AM Dec 25 2014 01 06 13 PM Dec 24 2014 04 06 14 PM Dec 26 2014 08 31 02 AM Dec 24 2014 04 06 11 PM Dec 24 2014 04 06 11 PM Dec 24 2014 04 06 11 PM Dec 28 2014 06 19 45 PM Dec 28 2014 06 11 36 PM Dec 28 2014 06 05 37 PM INDENI USER GuiDE 47 indeni allows users to create baseline settings Configurations are validated through the use of device profiles Use this feature to define a profile that states what configurations should be set on a device and then on which devices to apply the profile The system will constantly verify that each device in the profile complies with the profile or profiles assigned to it Individual devices can have multiple profiles assigned to them If indeni finds that a device is not in compliance with a profile the system will issue an alert for each violation This alert will appear in the Current Alerts list on the Alerts tab and also in the Configuration Check Report in the Compliance Management tab To access the Device Profiles settings 1 Click on the Compliance Management tab 2 Select the Configuration Checks sub tab 1 Add profiles using the Add Profile button on the left You can add as
20. All p GAIA 10 3 3 34 High swap usage has been measured 69 45 Dec 31 2014 07 35 22 PM Dec 28 2014 07 46 14 PM v D AP cre Point Cluster Gateway v Current Page ga C2960g 192 168 7 10 Device clock appears to be set incorrectly Apr 16 03 52 1993 IDT Dec 31 2014 07 32 56 PM Dec 28 2014 07 46 02 PM one Cisco_2901 192 168 3 2 License s about to expire Dec 31 2014 07 32 50 PM Dec 24 2014 04 06 10 PM D ie Check Point Gateway o Ow z gt E VSX 10 3 3 157 Two cluster members differ in their routing tables SA 66322 Dec 31 2014 07 16 48 PM Dec 24 2014 04 02 29 PM 2 S ile is missi J 2 7 02 02 PI 24 2 02 17 gt p recs Point Standalone Gateway v v 1426 fed IPSO 10 3 3 56 Hosts file is missing the localhost entry Dec 31 2014 07 02 02 PM Dec 24 2014 04 02 17 PM i v 1679 ol GAIA 10 3 3 34 RESOLVED DNS servers configured but responding too slowly 2861ms Dec 31 2014 05 40 53 PM Dec 29 2014 05 44 11 AM gt Q IOS Router o Y 1446 IPSO 10 3 3 56 Management server is unknown Dec 31 2014 05 37 27 PM Dec 24 2014 04 04 09 PM ARTA vw 1448 P R7710 CXL2 10 3 3 158 Management server is unknown Dec 31 2014 05 37 27 PM Dec 24 2014 04 04 09 PM gt Cisco IOS Switch o v 1447 E VSX 10 3 3 157 Management server is unknown Dec 31 2014 05 37 27 PM Dec 24 2014 04 04 09 PM gt 22 F5 BIG IP v vw 1417 GAIA 10 3 3 34 Known devices are not being monitored Dec 31 2014 04 58 46 PM Dec 24 2014 04 01 56 PM cH v 1418 Fortinet 10 3 3
21. Devices Report Name Daily Alert Report BigIP_11 6_A BigIP_11 6_B BigIP_11_devA gt gt BigIP_11_devB C2960g Cisco_2811 lt lt Cisco_2901 Excluded Groups Included Groups All Objects B Check Point GAIA gt gt Check Point R75 HFA 40 Firewall Check Point R76 no HFA Firewall Check Point R76 no HFA Security Management lt lt Check Point R77 HFA 10 Firewall Schedule and Receivers Periodicity Daily Y TimeofDay 08 gt 00 admin admin localdomain shoukyd shoukyd mydomain com Save Cancel Delete Device Configuration Device Configuration reports are sent at a set schedule and contain a set of archives using this sub tab Each archive represents the current configuration of a analyzed device Alert Summary Alert Summary reports are sent at a set schedule and contain information on the new alerts that were issued since the previous report updates that have occurred to the existing alerts and more Procurement The Procurement sub tab reports list all the analyzed devices that may require changes or upgrades They also display information such as expired licenses and EOL devices Inventory Report This exportable Excel spreadsheet report provides both an overview of your entire network inventory and insight at a granular level including model names and numbers interface vendors firmware versions licenses disk manufacturers routes VPNs and much more om O indeni IND
22. Nov 25 19 21 56 a d T FS BIG IP CH100027 2 BigIP_11_devA 1 _ Configuration Parameters changed 2014 Nov 25 19 21 56 CH100025 BigiIP_11 6_A 10 Configuration Parameters changed 2014 Nov 24 11 12 17 b p Fortinet FortiOS based Device ow CH100024 p VSX 10 3 3 157 DNS Servers in Use changed 2014 Nov 18 19 03 48 gt p Juniper Junos Security Gateway CH100023 VSX 10 3 3 157 DNS Servers in Use changed 2014 Nov 18 18 52 57 sow CH100022 PSO 10 3 3 56 SecureXL is enabled changed indeni 172 16 1 10 2014 Nov 16 05 14 30 D p Juniper ScreenOS NSRP Cluster Member CH100021 ge IPSO 10 3 3 56 Device Model changed indeni 172 16 1 10 2014 Nov 16 05 13 34 CH100020 p IPSO 10 3 3 56 Installed Firewall Policy changed indeni 172 16 1 10 2014 Nov 16 05 09 30 D maa Unknown Device CH100019 a PSO 10 3 3 56 Installed Firewall Policy changed indeni 172 16 1 10 2014 Nov 16 05 06 03 CH100018 2 IPSO 10 3 3 56 Installed Firewall Policy changed indeni 172 16 1 18 2014 Nov 16 04 46 47 CH100017 IPSO 10 3 3 56 DNS Servers in Use changed indeni 172 16 1 18 2014 Nov 16 04 45 28 CH100016 ve PSO 10 3 3 56 DNS Servers in Use changed indeni 172 16 1 18 2014 Nov 16 04 44 26 CH100015 2 IPSO 10 3 3 56 Is Forwarding Traffic changed 2014 Nov 16 01 58 04 CH100014 IPSO 10 3 3 56 System Configuration Identified as net ipv4 ip_forward changed 2014 Nov 16 01 58 04 CH100013 al PSO 10 3 3 56 Installed Firewall Policy changed 2014 Nov 16 01 58 03 CH100012 2 IPSO 10 3 3 56 Is
23. Objects O Selected Object s Details D Add Device Search Q a D BigIP_11 6_A 10 3 3 134 iB te BigIP_11 6_B 10 3 3 135 a 2 BigIP_11_devA 10 3 1 84 iB a BigIP_11_devB 10 3 1 85 tB gaos 192 168 7 10 sw GA Cisco_2811 192 168 7 1 RTR EA cisco 192 168 3 2 RTR Please choose an object to the left to edit its details a Fortinet 10 3 3 203 ow p GAIA 10 3 3 34 sA p GAIA_R7720 10 3 3 148 a IPSO 10 3 3 56 ow p gt pa JuniperSRX2 10 3 3 173 pa JuniperSSG1 10 3 3 161 5 7 p JuniperSSG2 10 3 3 162 This tab provides the same functionality for adding deleting and configuring devices as described in Chapter 4 Getting Started Here users can change the parameters which define how indeni analyzes a device This option allows users to set and troubleshoot connection issues change the device password view the security key and adjust other connection settings that may be causing network issues Connectivity parameters need to be set for each device Hover over the icon for more details about each parameter which vary by vendor model and device SSH Connection Timeout The maximum wait time when connecting via SSH before deciding the device is not responding Choose a value days hours minutes seconds SSH Username Provide the SSH name to be used to log in to the device SSH Password Provide the SSH password to be used to log in to the de
24. SSH access to the indeni device s operating system e TCP 8181 Used for accessing the indeni application from users workstations Traffic from indeni to the analyzed devices e All Supported Devices Advanced Analysis O SSH TCP 22 Used for collecting information from the analyzed devices With some devices it is also used to instruct the SSH server component on the device to listen to port 8181 as well Ping ICMP Echo Devices are pinged regularly by indeni to ensure they are responding This feature can be deactivated in the individual device s configuration at the Monitored Devices sub tab under Settings e Check Point Devices Only TCP 8181 used as an alternate SSH port for Check Point devices indeni will instruct the SSH server component of the device known as sshd to listen to port 8181 as well This is designed to separate the regular SSH traffic from indeni traffic where possible e Devices interrogated with API Palo Alto F5 O HTTPS TCP 443 om O indeni INDENI USER GUIDE 9 As stated in the previous chapter users can set up indeni on either a virtual server or on a physical server In either case users will need to download the latest version of indeni from www indeni com The indeni ISO is used for deploying the system in virtualization environments or on a physical server 1 Access the download page at try indeni com to download the indeni ISO 2 Copy the downloaded ISO to a CD an
25. and not vmxnet Open the VMware ESX configuration wizard Choose the Custom radio button to create the virtual machine and click Next Configuration Select the configuration for the virtual machine Configuration Configuration Name and Location r c Datastore Typical Virtual Machine Version Create a new virtual machine with the most common devices and configuration options Guest Operating System CPUs Custom TNF Create a virtual machine with additional devices or specific configuration options Network SCSI Controller Select a Disk Ready to Complete m e Enter a Name for the server and click Next Name and Location Specify a name and location for this virtual machine Configuration Name O Name and Location nderi seve Specific Host Nikwkew Virtual machine VM names may contain up to 80 characters and they must be unique within each eee yCenter Server VM folder Guest Operating System Create a Nick indent Qe the network knowledge c INDENI USER GuiDE 87 3 Select a specific host for your virtual machine from the list under Host Name Specify a Specific Host On which host within the duster should the virtual machine run Configuration Choose a specific host within the duster E Name and Location On dusters that are configured with VMware HA or Manual mode VMware DRS each virtual machine must Specific Host be assigned to a specific host even when powered off
26. but responding too slowly 59ms to Dd PE rve Junos Security Gateway v O Y 1521 2 BigIP_11_devA 10 3 1 84 RESOLVED Two cluster members differ in their routing tables SA 66322 T ig 1494 GAIA 10 3 3 34 Use of NTP servers configured but not operational SA 16763 url hover gt PP roe ScreenOS NSRP Cluster Me SN WJ Y 1485 GAIA 10 3 3 34 RESOLVED DNS servers configured but responding too slowly 92ms to gt Pa Unknown Device y Y 1479 GAIA 10 3 3 34 Contract s have expired ex Y 1478 lad GAIA 10 3 3 34 License s have expired J Y 1477 fz C2960g 192 168 7 10 Device clock appears to be set incorrectly Apr 13 03 50 1993 IDT amp Y 1476 GAIA 10 3 3 34 RESOLVED High memory usage 86 0 tes Y 1475 Fortinet 10 3 3 203 FGT40C3912005822 Service database not updated 2 Y 1474 ga C2960g 192 168 7 10 Proxy ARP is enabled M 4 1 220833 gt If alerting is to be suspended for a period of time on a particular device its configuration can be set so that indeni will not analyze it 1 At the Monitoring tab choose the device from the list of Monitored Devices on the left 2 Click the symbol to access the Edit Device Configuration menu 3 Choose Stop or Suspend Monitoring Device from the flyout menu The dialog box will appear as shown When analysis is suspended for a particular device its status icon will change to Q Cy inden wo e the network knowledge c INDENI USER GuIDE 3
27. from the server when the operation is complete Set the Location for Temporary Paths on Device Y Paths a Location for Temporary Files on Device var tmp Users can set a variety of parameters for troubleshooting the individual device Hover over the icon for more information as parameters change by vendor model and device YV Troubleshooting Resource Test Critical CPU Usage Threshold QP Alternate SSH Port 8181 70 Pia Resource Test Critical Memory Usage 90 Threshold Q Override cp macro Test ar Override Resource Test Resource Test Critical CPU Usage Threshold Defines the critical resource usage value that triggers a slowdown in analysis operations Enter a value Alternate SSH Port When communicating with a Linux or FreeBSD based device indeni may use an alternate SSH communications port in order to separate between indeni s actions and user driven activities on O indeni INDENI USER GuIDE 68 Resource Test Critical Memory Usage Threshold Defines the critical resource usage value that triggers a slowdown in analysis operations Enter a value In the example if memory usage is above 90 indeni will stop analyzing the device Override Resource Test indeni monitors resource usage for each device under normal analysis conditions and slows down analysis if critical levels are reached Check the box to override this mechanism indeni will no longer monitor resource usage as a safety mechanism for this
28. indeni s use e The user should have the same permissions as the default admin user and specifically uid should be set to O zero The user should be in csh shell The user should be part of the wheel operating system level group GAIA Adding a User to GAIA via the Portal 1 Log in to the GAiA Portal 2 Add anew user to be designated for indeni s use e Use the bash shell e Have adminRole in Assigned Roles Available Roles Assigned Roles Login Name indeni monitorRiole adminRole Password Confirm Password tosses Real Name Indeni Home Directory fhomevindeni Shell bin bash Access Mechanisms Web Command Line Cy inden E the network knowledge ci e INDENI USER GuIDE 23 Adding a User to GAiA Through CLI To add a new user to indeni via CLI use the following commands clish add user indeni uid 0 homedir home indeni set user indeni gid 100 shell bin bash add rba user indeni roles adminRole set user indeni password save config exit 1 Add the user as described above for the relevant OS 2 In the indeni UI add the MDS first 3 After the MDS is successfully added add the CMAs domains you would like to analyze Ideally these would be the CMAs domains that manage the firewalls you have set indeni to analyze 1 Add a user with the Unix su privileges 2 Please provide the Unix root password in the Add Device dialog Vendor Specific Specific lel Privileged Mode Passwo
29. indeni was designed to simplify management of networks and to free an administrators time for business initiatives rather than endlessly chasing network issues Using the power of indeni to analyze devices and resolve alerts lies at the heart of the system s usefulness The Alerts tab displays all alerts noted by the system under the Current Alerts pane Even when the issue has been successfully resolved the alert will remain on the display until the user acknowledges and archives the resolved alert or chooses to show only unresolved alerts Resolved alerts are marked as RESOLVED indeni displays all devices by name under Monitored Devices The View button in the left panel allows users to display objects by group device type cluster or management hierarchy Operate Help O indeni Operations Management l Alerts Analysis Network Health Knowledge Management Alert Archive Monitored Devices D Current Alerts O View By Group Search Q x View Resolve Freeze Export y Group x ID Device Headline Last Update Search By Cluster vw 1525 GAIA_R7720 10 3 3 148 RESOLVED DNS servers configured but responding too slowly 61ms to resolve www in Dec 25 2014 01 51 28 PM Y By Type D y sype ty v 1524 E R7710 CXL2 10 3 3 158 RESOLVED DNS servers configured but responding too slowly 102ms to resolve www i Dec 25 2014 01 55 30 PM By Management Hierarchy o w 1523 p VSX 10 3 3 157 RESOLVED DNS s
30. of the License at http www apache org licenses LICENSE 2 0 Unless required by applicable law or agreed to in writing software distributed under the License is distributed on an AS IS BASIS WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND either express or implied See the License for the specific language governing permissions and limitations under the License NOTICE file corresponding to the section 4 d of the Apache License Version 2 0 in this case for the SNMP4J distribution This product includes software developed by SNMP4J org http www snmp4j org Please read the different LICENSE files present in the root directory of this distribution The names SNMP4J SNMP4J Agent and Apache Software Foundation must not be used to endorse or promote products derived from this software without prior written permission For written permission please contact info snmp4j org SNMP4J or apache apache org XPP3 Indiana University Extreme Lab Software License Version 1 1 1 Copyright c 2002 Extreme Lab Indiana University All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met 1 Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following
31. other devices If you would like to add notes to all future alerts issued for a certain issue add Custom Notes to the configuration of the alert Cy inden e the network knowledge c To append a note to an alert 1 Click on the alert to expand it 2 Scroll to the bottom of the expanded details to Notes and History 3 Click Append note indeni will display a dialog box INDENI USER GuiDE 38 4 Type your note text in the box and click Append to save it permanently to the alert s details Notes pertain to the alert for an individual device they do not appear in an identical alert for a different device Temporarily Disabling Analysis H ndeni Dec 25 2014 11 04 14 PM Dec 25 2014 07 52 42 PM Dec 25 2014 07 54 52 PM Dec 25 2014 07 49 45 PM Dec 25 2014 07 52 44 PM Dec 26 2014 02 56 11 AM Dec 24 2014 10 51 59 PM Dec 28 2014 11 44 04 AM Dec 24 2014 04 06 14 PM Dec 25 2014 07 53 45 PM Dec 28 2014 07 31 01 PM Dec 28 2014 03 44 56 PM Dec 24 2014 04 06 11 PM Dec 24 2014 04 06 11 PM Export Dec 25 2014 11 03 08 PM Dec 25 2014 01 13 00 PM Dec 25 2014 01 11 15 PM Dec 25 2014 01 06 13 PM Dec 25 2014 01 06 13 PM Dec 25 2014 01 01 16 PM Dec 24 2014 10 51 59 PM Dec 24 2014 08 41 21 PM Dec 24 2014 04 06 14 PM Dec 24 2014 04 06 14 PM Dec 24 201404 06 12PM Dec 24 2014 04 06 12 PM Dec 24 2014 04 06 11 PM Dec 24 2014 04 06 11 PM Opera
32. s 21 12 2014 08 25 AU100339 Login Successful admin User login successful Affects 0 object s 20 12 2014 11 18 AU 100338 Login Failure admin User login failed Affects 0 object s 19 12 2014 22 28 AU100337 Login Successful admin User login successful Affects 0 object s 18 12 2014 23 52 AU 100336 Login Successful admin User login successful Affects 0 object s 18 12 2014 14 54 AU100335 Informational admin indeni stop monitoring started by user Affects 0 object s 18 12 2014 14 50 AU 100334 Configuration Change admin Device removed JuniperSRX2 10 3 3 172 Affects 0 object s 18 12 2014 14 02 AU100333 Configuration Change admin Monitored device added Affects 1 object s 18 12 2014 14 01 KH 4 26 500f253 Pb PW ID indeni assigns a unique number to each entry as it is added to the log By default items in the Audit Log display in descending order of occurrence Type This column displays the type of action that took place You can set these by M tosinsuccesstu clicking on the filter icon which brings up the available choices All of the action 5 cuauipncnanes types can be selected for viewing in the report informational Clear Apply User This column displays the name of the user who performed the action You can set W admin ms i one or more users by clicking on the filter icon and making your Seas Ane selections Summary This column displays the actual outcome of the action such as User s permissions updated Affec
33. t find please email support indeni com Device Name Name BigIP_11 6_A IP 10 3 3 134 Name BigIP_11_devA IP 10 3 1 84 Name BigIP_11_devB IP 10 3 1 85 Name GAIA IP 10 3 3 34 Name JuniperSSG1 IP 10 3 3 161 Name IPSO Static Routes 127 1 1 0 24 via tmm0 127 3 0 0 24 via mgmt_bp 192 168 3 0 24 via external 10 3 1 0 24 via internal 10 3 3 0 24 via eth0 10 0 221 0 24 via HA 127 7 0 0 16 via tmm0 127 1 1 254 0 0 0 0 0 via external 192 168 3 1 0 0 0 0 0 via ethO 10 3 3 1 Static Routes 19 20 21 0 27 via internal 127 1 1 0 24 via tmm0 127 3 0 0 24 via mgmt_bp 192 168 3 0 24 via external 10 0 133 0 24 via HA 10 3 1 0 24 via eth0 10 3 3 0 24 via internal 0 0 0 0 0 via external 192 168 3 1 0 0 0 0 0 via eth0 10 3 11 Static Routes 127 1 1 0 24 via tmm0 127 3 0 0 24 via mgmt_bp 192 168 3 0 24 via external 10 0 133 0 24 via HA 10 3 1 0 24 via ethO 10 3 3 0 24 via internal 0 0 0 0 0 via external 192 168 3 1 0 0 0 0 0 via ethO 10 3 1 1 Working ARP Entries 10 3 3 1 at 00 50 56 80 07 7B ether on eth0 10 3 3 109 at 00 50 56 80 56 F6 ether on eth0 10 3 3 123 at 00 50 56 80 27 DC ether on eth0 10 3 3 154 at 00 50 56 80 25 22 ether on eth0 10 3 3 39 a t 00 50 56 80 55 82 ether on eth0 10 3 3 40 at 00 50 56 80 2E DD ether on eth0 10 3 3 69 at 00 50 56 80 01 25 ether on eth0 Static Routes 0 0 0 0 0 via ethO 10 3 3 1 10 3 3 0 24 via ethO 10 168 10 0 24 via eth3 10 255 2
34. the Report Name field 4 Choose the devices to be included in the report from the Excluded Devices list and click the double arrow to add them to the Included Devices list 5 Set the time indeni will generate and deliver the report in Schedule and Receivers All alerts generated since the previous report will be included as well as any updates to previously reported alerts 6 Select the users to receive the report indeni provides a list of all system users These users will receive reports only for those devices they are allowed to see even if the original report was set to include all devices being analyzed 7 Save your changes om O indeni INDENI USER GuIDE 64 Operate Help o indeni a e the network knowledge lt Operations Management Compliance Management Tools Reporting Settings j Device Configuration Alert Summary Procurement Inventory Report Defined Schedules Scheduled Report Configuration Add Schedule New Report Device Performance ind End of Life reports t at a set schedule and contain all the information which is needed to assess the need to upgrade or replace a device The ranking is comprised of several al of Life ri are sent ai parameters such as CPU amp memory utilization end of support and more Report Configuration Configuration Excluded Devices Included Devices Report Name Procurement Monthly BigIP_11 6_A fa 220 A v A v
35. the case may be see Appendix A Terminology and be familiar with how to use the command line interface CLI for the chosen software indeni supports both physical and virtual servers The following hardware requirement rely on a parameter N which represents the number of network devices you plan to analyze with indeni CPU 64 bit capable CPU quad core CPU recommended One core per every 20 devices in N Hard drive 40GB 2GB N For example for 10 devices a total of 60GB is required RAM The formula is 50MB times N 2GB with the minimum being 2GB For example for 30 devices a total of 3 5GB is required For a production setup indeni recommends using at least AGB The installation disc includes CentOS 6 5 with the required packages so there is no need to pre install anything on the designated physical or virtual server om O indeni INDENI USER GuiDE 8 The indeni application Internet browser Microsoft Internet Explorer 8 or later Mozilla Firefox 3 or later Google Chrome indeni can analyze both local and remote network devices over VPN or directly providing you with a complete and comprehensive view of your network deployment at a global level If communications between the user workstations and indeni and or the communications between indeni and the analyzed devices pass through a firewall please allow the following Traffic from the user workstations to indeni on the following ports e SSH TCP 22 Allows
36. using the passwd command Open a browser window 2 Access indenis web dashboard at https lt indeni_ip gt 8181 3 Substitute your server s IP address for lt indeni_ip gt example https 10 3 1 87 8181 Note that the web browser may display a warning when connecting to the indeni server for the first time Accept the connection it is secure 4 Log in to the indeni web dashboard Username admin Password admin123 im Cy indent Thank you for choosing indeni Network Optimism The system has been set up successfully and is ready to begin Login its work In order to log in please use the form to the right Password Also you may want to know that the server application supports SNMP versions 2 and 3 The MIB file can be downloaded here More information is available on indenis website am INDENI USER GuIDE 13 indeni users have full control over which devices to add to the system and analyze This process is described in Chapter 4 Getting Started The system offers two modes compliant and non compliant Upon installation indeni will ask whether the user wishes to operate in compliant or non compliant mode If non compliant is chosen devices can be deleted at will Any or all devices may be removed from analysis if the user so desires and thus will not show up on the overview screen that is shown in the next chapter In some organizations auditing and compliance require
37. 0 24 via eth2 Network Interfaces eth0 Network Interface eth0 eth0 Bandwidth 1000M full MAC Address 00 50 56 80 25 E6 IP Address 10 3 3 34 24 Network Interface eth0 2 eth0 2 MAC Address 0010 dbff 8060 Working ARP Entries 10 3 3 1 00505680077b trust vr eth0 0 VLD 813 0 0 62 10 3 3 32 005056803742 trust vr eth0 0 VLD 14 0 0 0 10 3 3 33 005056803048 trust vr eth0 0 VLD 12 0 0 0 10 3 3 36 005056803742 trust vr eth0 0 VLD 1193 0 0 10 3 3 69 005056800125 trust vr eth0 0 VLD 1185 1 0 1 10 3 3 109 0050568056f6 trust vr eth0 0 VLD 1137 0 0 0 10 3 3 123 0050568027dc trust vr eth0 0 VLD 347 0 0 1 10 3 3 154 005056802522 trust vr eth0 0 VLD 959 0 0 1 10 3 3 159 0050568046a8 trust vr eth0 0 VLD 1151 0 0 0 10 3 3 222 0050568062e4 trust vr eth0 0 VLD 44 0 0 0 10 3 3 223 005056806707 trust vr eth0 0 VLD 44 0 0 0 10 3 3 224 0050568062e4 trust vr eth0 0 VLD 1164000 Network Interface eth0 5 eth0 S Bandwidth 100M full MAC Address 28c0 dad3 6189 Network Interface eth0 4 eth0 4 Bandwidth 100M full MAC Address 0010 dbff 8080 Static Routes 0 0 0 0 0 via ethO 10 3 3 1 1 1 1 0 24 via ethO 10 3 3 0 24 via ethO 192 168 1 0 24 via bgroup0 Network Interfaces eth0 0 eth0 1 eth0 2 eth0 3 eth0 4 eth0 5 eth0 6 Network Interface eth0 1 eth0 1 MAC Address 0010 dbff 8050 IP Address 1 1 1 1 24 Network Interface eth0 0 eth0 0 Bandwidth 100M full MAC Address 28c0 dad3 6180 IP Address 10 3 3 161 24 Network Interface eth0 6 eth0 6 Bandwid
38. 006 2010 Christian Plattner All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met a Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer b Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution c Neither the name of Christian Plattner nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE This softwa
39. 13 PM ia e ts _ BigIP_11_devA 10 3 1 84 RESOLVED Two cluster members differ in their routing tables Dec 26 2014 02 56 11AM Dec 25 2014 01 01 16 PM A 1494 al GAIA 10 3 3 34 Use of NTP servers configured but not operational SA 16763 url hover com Dec 24 2014 10 51 59 PM Dec 24 2014 10 51 59 PM r Dec 28 2014 11 44 04 AM Dec 24 2014 08 41 21 PM J Dec 24 2014 04 06 14 PM Dec 24 2014 04 06 14 PM Stop Alerting for This Device Dec 26 2014 10 00 44 AM 1568 a Cisco_2901 192 168 3 2 RESOLVED No loopback interface d Dec 26 2014 08 31 02 AM High swap usage has been measured Contract s have expired A D te D pe Fortinet FortiOS based Device 1478 D PE serve Junos Security Gateway D p roe ScreenOS NSRP Cluster Me 1477 1476 1475 1474 000000000 D BB unknown Device 1473 1472 1471 S emaa Y 1479 GAIA 10 3 3 34 GAIA 10 3 3 34 ga C2960g 192 168 7 10 lo GAIA 10 3 3 34 ol Fortinet 10 3 3 203 f C2960g 192 168 7 10 a Cisco_2901 192 168 3 2 Cisco_2901 192 168 3 2 ga 29609 192 168 7 10 License s have expired Device clock appears to be set incorrectly Apr 13 03 50 1993 IDT RESOLVED High memory usage 86 0 FGT40C3912005822 Service database not updated SSH v1 is enabled SSH v1 is enabled AAA is disabled Dec 25 2014 07 53 45 PM Dec 28 2014 07 31 01 PM Dec 28 2014 03 44 56 PM Dec 24 2014 04 06 11 PM Dec
40. 16 22 PM Columns IPSO 10 3 3 56 v vw 1419 lod IPSO 10 3 3 56 Device is not using NTP Dec 24 2014 04 01 56 PM ew 1 error alerts 4 warning alerts w 1407 IPSO 10 3 3 56 Licenses do not match cp macro Dec 24 2014 04 01 38 PM D pe Check Point Standalone Gateway o D Aros IOS Router v RTR gt E amp 9 Fg Cisco IOS Switch sw a b SA rseici v gt PP renin FortiOS based Device v aw D PP 202 Junos Security Gateway v x gt p ricer ScreenOS NSRP Cluster Me amp D ga Unknown Device v 1 6 of 6 indeni also provides a fast and convenient listing of each device s individual alerts under its name in the list of Monitored Devices on the left This provides at a glance status for each device Critical status only appears if the device is truly unresponsive or indeni is having trouble analyzing it otherwise the Okay symbol will be shown even if there are alerts for this device The user can see that the device while still functional has errors and can investigate and correct them as required ID indeni assigns a unique number to each alert as it occurs By default alerts display in descending order of severity and by date modified om O indeni INDENI USER GuiDE 33 Device This column displays the device name assigned to each device for which an alert has been flagged Headline This column displays the actual alert information a brief description of the condition indeni has observed as w
41. 203 FGT40C3912005822 Known devices are not being monitored Dec 31 2014 04 58 46 PM Dec 24 2014 04 01 56 PM D pE Fone FortiOS based Device o Y 1409 P GAIA 10 3 3 34 Licenses do not match cp macro Dec 31 2014 03 39 04 PM Dec 24 2014 04 01 39 PM aA vw 1794 R7710 CXL2 10 3 3 158 RESOLVED DNS servers configured but responding too slowly 55ms to Dec 31 2014 01 37 41 PM Dec 31 2014 12 47 16 PM D Juniper J Security Gatev p ance SS SOC Ry O W 1797 pa VSX 10 3 3 157 RESOLVED DNS servers configured but responding too slowly 383ms t Dec 31 2014 01 33 38 PM Dec 31 2014 12 49 16 PM i id 1798 ol GAIA_R7720 10 3 3 148 RESOLVED DNS servers configured but responding too slowly 51ms to Dec 31 2014 01 18 31 PM Dec 31 2014 12 51 18 PM D BBP Juniper screens NSRP Cluster me Q a Y 1796 gt IPSO 10 3 3 56 RESOLVED DNS servers configured but responding too slowly 118ms t Dec 31 2014 01 12 27 PM Dec 31 2014 12 48 19 PM D g Unknown Device o 1 160f83 gt P The View button and the Search box above the list of alerts can be used to filter the alert list or to search for a particular alert ID The Freeze toggle button halts the automatic update of the list of alerts The Search box in the Current Alerts pane supports searching for alerts associated with certain devices using the device name or IP address searching for an alert ID or searching for text within alert headlines and descriptions Complete search parameters are
42. 3 Cisco_2901 192 168 3 2 License s about to expire Dec 24 2014 03 11 03 PM RTR 1393 a Cisco_2901 192 168 3 2 SSH v1 is enabled Dec 24 2014 02 51 04 PM D Cisco IOS Switch v 669 Cisco_2901 192 168 3 2 Configuration changed but not saved Dec 24 2014 01 22 15 PM gt 92 F5 BIG IP 930 iol JuniperSRX2 10 3 3 173 Hardware temperature sensor reading is too high Dec 24 2014 05 30 34 AM 2 JuniperSRX2 10 3 3 173 Monitored or Permanent VPN tunnel s down Gateway at 100 100 100 100 Dec 24 2014 03 32 49 AM D p Fortinet FortiOS based Device 643 fd GAIA 10 3 3 34 RESOLVED Use of NTP servers configured but not operational SA 16763 Dec 23 2014 10 38 19 PM 628 IPSO 10 3 3 56 Hosts file is missing the localhost entry Dec 23 2014 06 18 21 PM gt PAP ine aa SOCURI SaN 662 p VSX 10 3 3 157 Two cluster members differ in their routing tables SA 66322 Dec 23 2014 04 35 59 PM 649 od VSX 10 3 3 157 Management server is unknown Dec 22 2014 07 41 49 PM gt j rve ScreenOS NSRP Cluster Me Seinen ie aa aaa aa 4 1 160f119 gt PW 9909000900900 9 D Unknown Device The Add Device button shown in the Monitored Devices panel on the left side of the screen is accessible only from this window Use the black arrow beside each device group in the Monitored Devices panel to expand or collapse the display for more alert information related to individual devices T RGOSMC s Firewalls ap R60SMC 10 3 3 152 oO
43. 473 1479 1472 1568 1523 1478 1564 1470 1471 1475 1651 1650 Tie Tie Vie Tie Tie Tie Tie Tie Tin Tie Tie Tie Tie Tie Vie Tie Tie Tie Tin Tie Tie Tin Tie Tie 1649 Analysis Network Health Device ol GAIA 10 3 3 34 lt BigIP_11_devA 10 3 1 84 Cisco_2811 192 168 7 1 P GAIA 10 3 3 34 Cisco_2811 192 168 7 1 ga C2960g 192 168 7 10 od IPSO 10 3 3 56 ga C2960g 192 168 7 10 R7710 CXL2 10 3 3 158 ol GAIA 10 3 3 34 ol R7710 CXL2 10 3 3 158 od GAIA_R7720 10 3 3 148 Cisco_2901 192 168 3 2 od GAIA 10 3 3 34 Cisco_2901 192 168 3 2 Cisco_2901 192 168 3 2 P VSX 10 3 3 157 GAIA 10 3 3 34 P GAIA 10 3 3 34 ga C2960g 192 168 7 10 ga C2960g 192 168 7 10 2 Fortinet 10 3 3 203 Cisco_2811 192 168 7 1 Cisco_2901 192 168 3 2 Cisco_2811 192 168 7 1 4 4 1 250f877 gt WW Knowledge Management Alert Archive Headline RESOLVED High memory usage 86 0 RESOLVED Two cluster members differ in their routing tables SA 66322 Proxy ARP is enabled Use of NTP servers configured but not operational SA 16763 url hover com AAA is disabled Proxy ARP is enabled RESOLVED DNS servers configured but responding too slowly 59ms to resolve www indeni com Device clock appears to be set incorrectly Apr 13 04 00 1993 IDT RESOLVED DNS servers configured but responding too slowly 140ms to resolve www indeni com RESOLVED DNS servers configured but responding too slowly
44. 57 The Tools tab allows quick access to indeni s debugging tools and a debug report generator to pinpoint errors and obtain details for the analyzed devices listed in the left panel under Debuggable Objects Debug the indeni software from the Help menu The Object Debug Panel on the right changes according to the type of device selected for debugging With the Search pane indeni users are now able to search for configurations settings and other parameters on all analyzed devices This tool allows free text search for things like NIC settings patches and hotfixes software versions licenses users etc The outcome of the search provides all the relevant results structured in a table which can be printed Click on the Tools tab Select the Search sub tab Enter the relevant text in the search field and press the Explore button on the right indeni will then automatically search for any parameters that meet the search criteria Once this ends the results will be displayed in a table Click the printer icon to the top right of the table to print results Operate Search Live Configuration Device Explorer D Help Cy ndeni Tools Troubleshooting Device Explorer is indeni s search engine for monitored devices Type your search into the box below and start exploring You can try searching for IP addresses MAC addresses license keys serial numbers and much more If there is something you are looking for and can
45. 9 Users can choose to stop analysis permanently or suspend it for a specified period of time To resume analysis that has been disabled use the Settings tab to adjust the device configuration in the Monitoring Method field You may also use this field to set the device to Do Not Analyze Save your changes indeni will no longer analyze this device or display alerts for it The Analysis tab allows users to graph certain metrics over time view historical values and correlate the data with alerts issued by indeni Operate Help Cy indent Operations Management Alerts Analysis Network Health Knowledge Management Alert Archive Monitored Devices D Graphs O Search Q R7710 CXL2 10 3 5 158 0 3 3 158 x a BigIP_11_devB 10 3 1 85 Gs Zoom Id Iw Im ly E gAs 192 168 7 10 sw I j EA Cisco_z011 192 168 7 1 RTR f j EA cisco_2901 192 168 3 2 i Gee l H i IRTR i i il li pa Fortinet 10 3 3 203 NI WT ANN fow r AV WA TEN Mt 00 50 f ii PW WL Har EV I 50 FAINI e i ri Connections p GAIA 10 3 3 34 BN ee iyi LYE yl sA e UN f A j it pa GAIA_R7720 10 3 3 148 ma I aA 50 25 2 Wednesday Dec 31 02 40 02 44 p IPSO 10 3 3 56 e CPU 47 50 Memory 36 75 Connections 78 67 6366 G6 00 00 03 00 06 00 09 00 12 00 15 00 18 00 21 00 Rei 1 Ab RER CPU i 2 7 pa J
46. 92ms to resolve www indeni com RESOLVED DNS server resolution test failed RESOLVED DNS servers configured but responding too slowly 296ms to resolve www indeni com Proxy ARP is enabled Contract s have expired SSH v1 is enabled RESOLVED No loopback interface defined RESOLVED DNS servers configured but responding too slowly 99ms to resolve www indeni com License s have expired High swap usage has been measured 80 89 AAA is disabled SSH v1 is enabled FGT40C3912005822 Service database not updated RESOLVED Failed to communicate No response on port 22 RESOLVED Failed to communicate Session is closed RESOLVED Failed to communicate No response on port 22 o Last Update aJl Dec 28 2014 07 43 21 PM Dec 28 2014 07 43 21 PM Dec 28 2014 07 43 21 PM Dec 28 2014 07 43 21 PM Dec 28 2014 07 43 21 PM Dec 28 2014 07 43 21 PM Dec 28 2014 07 43 21 PM Dec 28 2014 07 43 21 PM Dec 28 2014 07 43 21 PM Dec 28 2014 07 43 21 PM Dec 28 2014 07 43 21 PM Dec 28 2014 07 43 21 PM Dec 28 2014 07 43 21 PM Dec 28 2014 07 43 21 PM Dec 28 2014 07 43 21 PM Dec 28 2014 07 43 21 PM Dec 28 2014 07 43 21 PM Dec 28 2014 07 43 21 PM Dec 28 2014 07 43 21 PM Dec 28 2014 07 43 21 PM Dec 28 2014 07 43 21 PM Dec 28 2014 07 43 21 PM Dec 28 2014 06 20 42 PM Dec 28 2014 06 11 37 PM Dec 28 2014 06 06 35 PM Cy indent Created Dec 24 2014 04 06 12 PM Dec 25 2014 01 01 16 PM Dec 24 2014 04 06 11 PM Dec 24 2014 10 51 59 PM Dec
47. ADVISED OF THE POSSIBILITY OF SUCH DAMAGE JZlib 0 0 were released under the GNU LGPL license Later we have switched over to a BSD style license am Cy indent INDENI USER GuiDE 95 Copyright c 2000 2001 2002 2003 ymnk JCraft Inc All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met 1 Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution 3 The names of the authors may not be used to endorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED AS IS AND ANY EXPRESSED OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL JCRAFT INC OR ANY CONTRIBUTORS TO THIS SOFTWARE BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT
48. Archive Current Alerts Q X View Resolve g RESOLVED DNS servers configured but responding too slowly 296ms t Export pe GAIA_R7720 10 3 3 148 Dec 25 2014 07 52 42 PM Dec 25 2014 01 13 00 PM Search qa v gt pE cress Point Cluster Gateway ew D pE a Point Gateway ow gt pe Check Point Standalone Gateway D a o IOS Router D Bac 0 IOS Switch 82 a D of Fortinet FortiOS based Device Lew v D el Juniper Junos Security Gateway D pe Juniper ScreenOS NSRP Cluster Me R7710 CXL2 10 3 3 158 RESOLVED DNS servers configured but responding too slowly 140ms t Dec 25 2014 07 54 52 PM Dec 25 2014 01 11 15 PM Pal VSX 10 3 3 157 RESOLVED DNS servers configured but responding too slowly 99ms to Dec 25 2014 07 49 45 PM Dec 25 2014 01 06 13 PM pe IPSO 10 3 3 56 RESOLVED DNS servers configured but responding too slowly 59ms to Dec 25 2014 07 52 44 PM Dec 25 2014 01 06 13 PM RESOLVED Two cluster members differ in their routing tables SA 66322 4 BighIP_11_devA 10 3 1 84 Dec 26 2014 02 56 11 AM Dec 25 2014 01 01 16 PM 4 GAIA Use of ia servers configured but not operational I Dec 24 2014 10 51 59 PM Dec 24 2014 10 51 59 PM 10 3 3 34 pt a ot seem to be operating i e c nicky kai miine the is has been ved Sond an obo Ae aren flagged uch Problematic NTP Servers url hover com eme ion Steps NTP configurati
49. ENI USER GuiDE 20 The Settings tab includes a wide range of functions using the sub tabs Cy indent Settings a BigIP_11 6_A 10 3 3 134 EEE BiglP_11 6_B 10 3 3 135 BigIP_11_devA 10 3 1 84 EvA a T R lt a BigiP_11_devB 10 3 1 85 eV LD T e a gaos 192 168 7 10 sw GA Cisco_2811 192 168 7 1 IRTR EA cisco2001 192 168 3 2 RTR p Fortinet 10 3 3 203 ow pa GAIA 10 3 3 34 A p GAIA_R7720 10 3 3 148 MMB ipso 10 3 3 56 Monitored Devices Groups Integration Users Licenses indeni Backup Audit Log nses indeni Backup indeni Insight Audit Log Defined Objects O Selected Object s Details D Please choose an object to the left to edit its details Add and configure devices from this sub tab which functions identically to the Add Device button under Operations Management Clicking on any device listed provides full access to its settings Setting up device groups as shown above is a quick way to keep track of many different types of devices on the network This sub tab allows users to quickly add or delete devices from existing groups and set up new groups which can include individual devices and other device groups From this sub tab users can add SNMP masters for sending indeni alerts directly to existing systems such as NMSs as well as add Syslog and SMTP servers Add or delete users set passwords designate permissions and allocate specific grou
50. Forwarding Traffic changed 2014 Nov 16 01 37 01 CH100011 IPSO 10 3 3 56 System Configuration Identified as net ipv4 ip_forward changed 2014 Nov 16 01 37 01 H 4 15 841 15 864 of 15 864 P This report provides a detailed report of all devices that do not comply with the device profile set for that device 1 Select the Configuration Check Reports sub tab at the top of the screen 2 Click the Add Schedule button in the Defined Schedules list a k Nad indent INDENI USER GuIDE 56 A New Report icon will appear under Defined Schedules Edit the details under Scheduled Report Configuration on the right Give the report a new name in the Report Name field 5 Choose the devices to be included in the report from the Excluded Devices list and click the double arrow to add them to the Included Devices list You can generate the report right away by clicking on the Create Immediately button otherwise go to step 7 Set the time indeni will generate and deliver the report in Schedule and Receivers All alerts generated since the previous report will be included as well as any updates to previously reported alerts Select the users to receive the report indeni provides a list of all system users These users will receive reports only for those devices they are allowed to see even if the original report was set to include all devices being analyzed Save your changes om O indeni INDENI USER GuiDE
51. From the pop up select Device Configuration Monitoring Parameters Device Configuration Filter Current Alerts Stop or Suspend Monitoring Monitoring Parameters Actual Configuration ii The Edit Device window opens Change the Alternate SSH Port number to 22 Click on Save Note that this may result in log messages showing up in var log messages or on syslog servers Device Name Device IP Device Status Monitoring Method P Connectivity gt Paths VY Troubleshooting oe Override Resource Test ar Override cp macro Test Resource Test Critical Memory Usage Threshold iJ Resource Test Critical CPU Usage Threshold iJ Alternate SSH Port P Scheduled Maintenance Windows 10 3 3 34 CRITICAL r76_standalone Advanced SSH Y 90 70 8181 Save Cancel E o 3 Failed to communicate SSH Credentials amy Orne INDENI USER GuiDE 85 a This is how the alert would appear Monitored Devices Current Alerts Gaia 10 3 3 34 1 critical alerts r76cpg01 10 3 1 70 1 critical alerts 5 error alerts ws r76cpg02 10 3 1 71 4 error alerts 1 warning alerts gt By Type System CMA 10 3 1 72 error alerts 1 warning alerts Sesten Oneenane cew _ x view 4 Resone ae a Device Headline Last Update 7 O W 10004 Gaia Failed to communicate Oct 20 2013 12 19 19 PM 10 3 3 24 iption Description There was an erro
52. H service is the standard sshd application which has a long track record of being safe so long as the passwords selected by the user are strong ones Refer to your organization s password policies for more information on choosing a strong password Underlying Operating System The operating system supplied with the system is CentOS 6 4 64 bit with most packages removed By default the set of services accessible via the network has been reduced to the absolute minimum required further hardening the operating system These services are SSH OpenSSH_4 3p2 HTTP and HTTPS Jetty Device Access Credentials Storage The credentials used to access devices such as the SSH Username and Password are stored within the database described above The username is stored in the confidential store while the password is stored in the highly confidential store and is encrypted By protecting the database files an organization is protecting this information from being compromised Password Security of Users Defined in the System All users defined in the system allowed to access the system itself via the web interface are required to use strong passwords as defined by PCI DSS requirements 8 5 10 8 5 12 8 5 13 and 8 5 14 Passwords are stored as salted hashes within the encrypted database This protects the original passwords from being recovered Protecting Analyzed Devices The commands executed on analyzed devices routers firewalls load balan
53. INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE Lappy Copyright c 2010 Kris A Dover Permission is hereby granted free of charge to any person obtaining a copy of this software and associated documentation files the Software to deal in the Software without restriction including without limitation the rights to use copy modify merge publish distribute sublicense and or sell copies of the Software and to permit persons to whom the Software is furnished to do so subject to the following conditions The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software THE SOFTWARE IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND EXPRESS OR IMPLIED INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM DAMAGES OR OTHER LIABILITY WHETHER IN AN ACTION OF CONTRACT TORT OR OTHERWISE ARISING FROM OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE Apache log4j Copyright 2007 The Apache Software Foundation Commons Beanutils Copyright 2007 The Apache Software Foundation Commons Collections Copyright 2007 The Apache Software Foundation Commons Digester Copyright 2007 The Apache Software Foundation Commons Jelly Copyright 2007 The A
54. ITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE am Cy indent
55. N THE SOFTWARE AspectJ Copyright c 2007 Eclipse Foundation Inc and its licensors All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution Neither the name of the Eclipse Foundation Inc nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF AD
56. ONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE The Java implementations of the AES Blowfish and 3DES ciphers have been taken and slightly modified from the cryptography package released by The Legion Of The Bouncy Castle Their license states the following Copyright c 2000 2004 The Legion Of The Bouncy Castle http www bouncycastle org Permission is hereby granted free of charge to any person obtaining a copy of this software and associated documentation files the Software to deal in the Software without restriction including without limitation the rights to use copy modify merge publish distribute sublicense and or sell copies of the Software and to permit persons to whom the Software is furnished to do so subject to the following conditions The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software THE SOFTWARE IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND EXPRESS OR IMPLIED INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM DAMAGES OR OTHER LIABILITY WHETHER IN AN ACTION OF CONTRACT TORT OR OTHERWISE ARISING FROM OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS I
57. Report Configuration on the right Give the report a new name in the Report Name field 5 Choose the devices to be included in the report from the Excluded Devices list and click the double arrow to add them to the Included Devices list om O indeni INDENI USER GuIDE 63 6 Set the time indeni will generate and deliver the report in Schedule and Receivers All alerts generated since the previous report will be included as well as any updates to previously reported alerts 7 Select the users to receive the report indeni provides a list of all system users These users will receive reports only for those devices they are allowed to see even if the original report was set to include all devices being analyzed 8 Save your changes Note that the reports list in the left panel displays only those reports created for the individual sub tab you have selected Device Configuration or Alerts Summary If multiple reports have been created under either sub tab select the report you want to configure from the list Device Performance and End of Life reports are sent on a set schedule and contain all the information needed to assess whether a device requires upgrade or replacement The ranking is comprised of several parameters such as CPU and memory utilization and end of supports 1 Select the Procurement sub tab at the top of the screen 2 Click the Add Schedule button in the Defined Schedules list 3 Give the report a new name in
58. TY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE XStream BSD Style License Copyright c 2003 2006 Joe Walnes Copyright c 2006 2007 XStream Committers All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution Neither the name of XStream nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABIL
59. Type TME LIMITED Expir 16 2015 fewer Active true comp u Type TIME_LIMITED Expiration Dec 12 2014 Cy inden wo e the network knowledge c INDENI USER GuiDE 59 1 Select the Troubleshooting sub tab to generate debug reports The Debug Report Generation in the Object Debug Panel compiles reports by individual device By default all commands and variables are chosen based on vendor specific requirements and best practices Users may choose to remove some commands from the debug report based on specific requirements 2 Choose the device you want to report on from the list of analyzed devices in the left panel This will display a list of reportable items that indeni will check and report on 3 Click on the Generate button to obtain the report scroll down to access this button Debuggable Objects f Object Debug Panel D Search Q Please select which items to include in the report below If you are unsure of what to include simply include all of the items cisco_asa550 10 3 3 211 CPG_01 10 3 1 70 v Select all E E J ARP List Complete arp a J CPD Scheduler Config Complete cpd_sched_config print CPSTAND 10 3 1 74 Vv CPShared Version Complete TE Fortigate 40C 10 3 3 203 cpshared ver Vv CPU Measurements Over One Minute Complete Fortigate 40C 2 10 3 3 204 vmstat 1 60 Vv Check Point Operating System Details Complete ro G_UNDER_CMAt 10 3 1 78 cpstat os f all co
60. User Guide indeni 5 2 inden Ql the network knowledge co O ndeni INDENI USER GUIDE 2 Table of Contents Chapter 1 Overview Requirements Hardware Requirements Software Requirements Analyzed Device Requirements Chapter 2 Installation Installations on Virtual and Physical Servers Configuring and installing indeni Logging in to the System Console Logging in to the System Web Interface Compliant vs Non Compliant Mode Chapter 3 Overview Operate and Help Menus Operations Management Compliance Management Tools Reporting settings Chapter 4 Getting Started Managing Users Adding a User Adding Devices to the System Check Point SecurePlatform IPSO e the network knowledge c indeni INDENI USER GUIDE 3 GAIA Crossbeam Blue Coat running Check Point Cisco ASAs Routers Switches F5 BIG IPs Fortinet Fortigates Juniper ScreenOS Junos Palo Alto Adding a Device in the Ul Adding Known Devices Upload List of Devices Choosing Credentials SSH Advanced Monitoring SNMP Standard Analysis Vendor Specific Editing Devices Live Configuration Chapter 5 Operations Management The Alerts Sub Tab Monitored Devices Current Alerts Searching Alerts Filtering Alerts Columns and Functionality Expanding an Alert the network knowledge c Cy inden INDENI USER GUIDE 4 Resolving Alerts Using the Resolve Button Resolving Multiple Alerts Annotating Alerts Tempora
61. VISED OF THE POSSIBILITY OF SUCH DAMAGE Jaxen Copyright 2003 2006 The Werken Company All Rights Reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution Neither the name of the Jaxen Project nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED INNO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF
62. abase of at least one of the management servers currently being analyzed by indeni The associated management server considers the device to be one it manages as opposed to an externally managed device or O indeni INDENI USER GuIDE 26 The device has not previously been added to the list of analyzed devices in indeni Add Devices DevicestoAdd to Add Device Name IP Group All Objects Select Known Device CPGAIA_CXL01 Select IP to connect to y Group All Objects Licenses left 20 sfe Add Device Credentials to Use to Use Vendor Specific Specific SSH Advanced Monitoring SSH Username vl Privileged Mode Password SSH Password e Unix root Password SSH Key SSH Passphrase C SNMP Standard Monitoring Read Community Add Cancel Use the Add Known Device button to access the Select Known Device field Choose the appropriate device IP address from the dropdown lists as shown above Using the third option Upload List of Devices allows users to quickly upload a CSV file listing all known user devices to be added indeni will analyze the file and allow the user to review the results and decide whether to proceed or not The format of the CSV file is simple it should only contain lines of the following format DEVICENAME DEVICEIP Please select a CSV file to upload and analyze Once the analysis is complete review its results and decide whether to cont
63. can occur when the device has been circumvented by other network equipment This item will alert when this happens Ensure a Minimal Number of Connections or Sessions are Open Severity Error w Kirecuunssantateransonaatatsitapsanarandaneqnsnssedligpanessanioanionas Y Basic Settings Automation Policy Item Autoremediate Never w V Custom Settings iJ Customized Notes For Alert Y Misc Pig Low Threshold of Number of Connections Sessions required 5 Remove E Y 100291 m Mokia_Box_IP530 2 Number of connections or sessions is lower than the set minimum 00 3 3 144 Description There are 4 concurrent connections or sessions which is less than the set minimum of 5 as defined in the device profile Profile 1 indeni will re check this alert every 1 minute If indeni will determine the issue has been resolved it will automatically be flagged as such Manual Remediation Steps This may be a result of a change in network topology or a limiting firewall policy Please inspect the surrounding network equipment and its configuration to determine the cause of the problem Cy indent We the network knowledge c INDENI USER GuiDE 52 DNS Servers In Use indeni will check that the DNS server is being used by the devices in the profile DNS Servers In Use Severity Error v Y Basic Settings e Automation Policy Item Autoremediate V custom Settings ar Customized Notes For Alert Y Misc iJ DNS Servers Req
64. cation ARP Neighbor Overflow Identification SA 25890 Active connections may experience a long delay following failover Sol14203 Adaptive connection reaping monitoring Adding a self IP address to a VLAN that is a member of a non default route domain may fail Sol14331 An iRule may erroneously pass syntax validation Sol15363 An imported external monitor may erroneously mark resources down 50114271 An invalid stream profile target may cause the TMM processes to restart Sol14896 Attempting to create a duplicate user account may cause the mcpd process to crash Sol12908 Auto sync may fail in the case where there are many synchronizations in rapid succession Sol15536 BIG IP 2000 2200 and 4000 4200 may experience slow hardware compression 50114831 BIG IP 6900 platforms HSB firmware may generate Super I O watchdog timeout error 50114081 BIG IP 8900 8950 8950S platforms HSB firmware may generate Super I O watchdog timeout error messages Sol14082 BIG IP Analytics may cause the TMM process to crash when receiving HTTP responses with large payloads Sol14070 BIG IP GTM sync group members running big3d 11 3 0 may experience iQuery communication issues with systems running previous versions of big3 BIG IP VIPRION blades may be marked down when using Packet Filters Sol14215 M 4 1 240f436 gt WW Default Settings for Alert Alert Only Alert Only Alert Only Alert Only Alert Only Alert Only Al
65. ce button and select SMTP Server Configure the new server Use the Send Test Email button to test that the configuration is correct Save the configuration indeni will add the new SMTP server to the list of Defined Objects Operate Help O indent Settings ices Groups Integration Users Licenses indeni Backup indeni Insight Audit Log Defined Objects Selected Object s Details Add Device Search hh SNMP 10 3 3 154 iD New SMTP Server Host det o To set wi tic ati Send Test Email indeni is also capable of sending alert information to syslog servers using the UDP syslog protocol In order to conform to compliance requirements administrators can also choose to have indeni send a om O indeni INDENI USER GuiDE 74 syslog message whenever a user attempts to access the system via the web dashboard including whether or not such access was granted To add a syslog server 1 2 3 4 5 6 Go to the Settings tab and select the Integration sub tab Click the Add Device button under Defined Objects on the left side of the screen Select Syslog Server Configure the new syslog server Operate Help O indent Settings ices Groups Integration Users Licenses indeni Backup indeni Insight Audit Log oni Defined Objects D Selected Object s Details Add Device Search Host details w Test snua Host Name DM New Ser Syslog Server IP 4 New P Information t
66. cense Download License Detai a This screen displays the current status of the indeni license as well as the exact terms of the license such as the number of devices allowed the expiration date etc The system will notify users via an alert in the Operations Management tab when one of the following conditions is observed If 90 days remain before the license expires If the license has already expired If the user is approaching the limit of allowed analyzed devices indeni will automatically collect backups for indeni s configurations and settings These may be used in future to restore the configuration settings device info alerts and all other content from indeni The backups will be stored in a separate file with a time stamp in the backup storage path shown on the next page A default backup schedule has also been setup by indeni om O indeni INDENI USER GuiDE 76 Operate Help oO indent Settings Users Licenses indeni Backup indeni Insight Audit Log indeni Backup Schedules D Edit indeni Backup Schedule D Add a Default indeni backup schedule indeni will automatically collect backups for inden s configurations and settings These may be used in future to restore the configuration settings device info alerts and all other content from indeni The backups will be stored in a D separate file with a time stamp in the backup storage path listed below A default backup schedule has been setup by indeni as
67. cers management servers etc are defined by the internal logic of the product and cannot be modified by a user This is to limit the commands that can be executed by indeni on analyzed devices to those which have been tested and approved by indeni indeni also monitors the resource usage CPU RAM etc on each analyzed device and reduces the analysis work to an absolute minimum if it notes that the resource usage has crossed certain thresholds This is in order to avoid placing an extra load on an unstable device that may result in its failure Once the resource usage returns to normal levels full analysis operations are resumed on O indeni INDENI USER GuiDE 82 No Change Policy indeni has a very strict no change policy meaning no changes will be made on the devices indeni analyzes The only writing actions indeni executes is to write temporary files to tmp and to initiate an additional instance of SSHD when needed om O indeni INDENI USER GuiDE 83 Below are some basic troubleshooting procedures which may be used to verify and initial setup or any communication errors between indeni and the analyzed devices When accessing the web UI please verify that the URL format is https lt indeni_ip gt 8181 example https 10 3 1 87 8181 and that port 8181 is open and not restricted by any firewall rules The following pages address common scenarios of problems users encounter when adding a device to indeni Note in th
68. chine features and do not need to migrate to ESX 3 6 Choose which Guest Operating System to use with the virtual machine For Version be sure to select Red Hat Enterprise Linux 6 64 bit from the drop down menu Click Next Guest Operating System Specify the guest operating system to use with this virtual machine Configuration Name and Location Host Cluster Datastore Virtual Machine Version Guest Operating System CPUs Memory Network SCSI Controller Select a Disk Ready to Complete Guest Operating System Microsoft Windows cy Li Novell NetWare C Solaris Other Version Red Hat Enterprise Linux 6 64 bit x Identifying the guest operating system here allows the wizard to provide the appropriate defaults for the operating system installation y indent Q the network knowledge c INDENI USER GuiDE 89 7 Select the Number of virtual processors to create for the VM Use the Help button for additional information Click on Next CPUs Virtual Machine Version 7 Select the number of virtual processors in the virtual machine Configuration Name and Location Number of virtual processors bd Host Cluster Datastore l The number of virtual processors that can be Virtual Machine Version created for a VM depends on the number of Guest Operating System licensed CPUs on a host and the number of CPUs processors supported by the guest OS Memory Network Click Help for infor
69. clock appears to be set incorrectly Oct 24 19 58 2011 Apr 15 2013 11 11 17 PM INDENI USER GuIDE 42 G UNDER CMA G_UNDER_CMA1 Firewall is in a critical state High memory usage has been measured SecurePlatform Pro in use without a license A Apr 8 2013 02 59 09 AM Apr 8 2013 02 59 26 AM Apr 8 2013 02 58 51 AM This list of alerts is also found in the Operations Management tab 6 F ey inden Se the network knowledge c Using Signatures in Alerts INDENI USER GuiDE 43 To set how a particular alert should be managed use the Knowledge Management sub tab under Operations Management The screen below lists every type of alert indeni can identify within the Alert Categories listed on the left side of the screen This list is updated and expanded regularly The Alert Categories section groups alerts to make it easier for users to go straight to the type of alert they want to manage VPN firewall cluster etc By default the list is expanded to show all sub categories as well but users can expand or collapse it as they choose Operate Help Operations Management Alert Categories A VY All Categories V Device Monitoring V Load Balancer Monitoring F5 BIG IP Monitoring F5 Log Lines Monitoring Network Device Monitoring Cisco ASA Devices Monitoring Cisco IOS Devices Monitoring V Security Device Monitoring Check Point Devices Monitoring Check Point Advanced Routing
70. co_2901 192 168 3 2 SSH v1 is enabled Dec 24 2014 04 06 11 PM D Juniper Junos Security Gateway v v 1471 gma C2960g 192 168 7 10 SSH v1 is enabled Dec 24 2014 04 06 11 PM D GP vices ScreenOS NSRP Cluster Me v Y 1470 ga C2960g 192 168 7 10 AAA is disabled Dec 24 2014 04 06 11 PM ow D Unknown Device v 1 170f80 P M As noted in Chapter 4 the left panel of the Monitoring tab displays all devices currently being analyzed by indeni Use the View button on the left to toggle between displaying devices by cluster type or management hierarchy Use the orange arrow to edit or filter alerts for individual devices or groups of devices The Search field allows users to search for devices by any portion of a device name ar Q inden INDENI USER GuiDE 30 The checkboxes in the left column of this portion of the screen allow users to manage multiple alerts Use the topmost checkbox in the header row to check or uncheck all boxes at once or to select those for the current page only Use the small black down arrow beside the box to adjust selections as shown below Click None or click the box again to uncheck all selections Operate Help O indeni Operations Management Alerts Analysis Network Health Knowledge Management Alert Archive Monitored Devices D Current Alerts D View Add Device Search Q X View Resolve g Freeze Export Search Q ID Device Headline Last Update aJl Created
71. d which simultaneously adds the defined devices and stores the chosen analysis method and credentials The system will attempt to connect to the new devices using the credentials provided indeni will gather as much information as it can to determine what the new devices are and what analysis should be conducted This includes Operating System IOS BIG IP SecurePlatform IPSO etc Products Routing Switching Load Balancing Firewall VPN IPS Management etc Version Relationships between devices such as relationships between cluster or device gorup members indeni re validates its conclusion every few minutes If there is a change in the device for example products added removed change of version the system will automatically adapt om O indeni INDENI USER GuIDE 28 Standard analysis allows for the SNMP based analysis of any device not listed in the advanced analysis devices Via SNMP indeni will pull information regarding CPU and memory usage NIC Statistics storage information and the defined routing table The information is retrieved based on RFC1213 http www ietf org rfc rfc1213 txt so the analyzed device is required to implement that RFC To add a device under Standard Analysis Go to the Settings tab and select the Monitored Devices sub tab Click the Add Device button Fill in the Read Community string for accessing the device s via SNMP 1 2 3 In the Add Device dialog box choose the Standar
72. d Dec 24 2014 04 06 11 PM Dec 24 2014 04 06 11 PM 1471 g C2960g 192 168 7 10 SSH v1 is enabled Dec 24 2014 04 06 11 PM Dec 24 2014 04 06 11 PM 1470 ga C2960g 192 168 7 10 AAA is disabled Dec 24 2014 04 06 11 PM Dec 24 2014 04 06 11 PM GGGH 1469 a Cisco_2811 192 168 7 1 1468 Cisco_2811 192 168 7 1 Proxy ARP is enabled AAA is disabled Dec 24 2014 04 06 11 PM Dec 24 2014 04 06 11 PM Dec 24 2014 04 06 11 PM Dec 24 2014 04 06 11 PM 4 4 1 220f83 P H NOTE Functions on the Resolve menu vary by the type of alert as well as whether or not multiple alerts were selected or not For instance Stop Alerting for this Device may not be an option for all alerts Acknowledge Selected Alerts Selecting this option archives the alert in the Alert Archive and removes it from the list Resolved alerts which have been reviewed by an administrator should be acknowledged in order to move them to the history To do so click on the Resolve button and then select Acknowledge Selected Alerts Stop Alerting for this Device Selecting this option will prevent indeni from flagging this particular error on this device It does not block flagging of other errors for this device Check Alert Configuration for this Device This option allows users to quickly review and edit alert settings for a particular device Review Device Configuration This option quickly takes the user to the configuration screen for this de
73. d Monitoring radio button 4 5 Click Add to add the new device s to indeni Devices that have been added appear in the list of analyzed devices on the left panel of the Operations Management tab Users should review the alerts for any devices which were not added successfully to understand why and take corrective action NOTE Devices for which advanced monitoring and analysis is supported MUST NOT be added through SNMP monitoring and analysis This mode of operation is not supported ti Vendor Specifi Some vendors that indeni supports require additional credentials or specific settings in order to allow indeni to access certain information This is provided using the Vendor Specific section of the Add Device box unix root Password Privileged Mode Password These include Privileged Mode Password for Cisco devices and or Unix root Password for Crossbeam devices Administrators can also adjust settings for devices which have been added to the system using the Settings tab at the top of the screen and then the Monitored Devices sub tab Configuration settings for all other objects which are not the analyzed devices such as SNMP SMTP and Syslog servers can be accessed from the Integration sub tab under Settings The Live Configuration option under the Tools tab displays the entire actual configuration of the device including resource utilization device model routing etc om O indeni INDENI USER GuIDE 29
74. d boot the system from the CD Installation will begin immediately more on the installation screens below Upon completion the server will shut down NOTE Before using VMware for a virtual machine installation please see Setting Up indeni on VMware ESX 3 Remove the CD from the drive before restarting the server to avoid re installing the software In either physical or virtual installations the system is now ready to be configured using the same procedures in either installation Use the tab arrow and Enter keys to navigate within the installation screens 1 If you select No from the Driver Disk screen go immediately to Step 4 to continue configuration of the network interface Driver disk Do you have a driver disk Yes I t Dri Dick 2 If you select Yes from the Driver Disk screen e eaves re Figure 2 appears Click OK Insert your driver disk into dev fd and press OK to continue om O indeni INDENI USER GuiDE 10 3 In the Driver Disk Source screen select the device you want to use as the source for the driver disk Click OK 4 Select Enable IPv4 support as shown in the figure to the right Select Manual configuration and click OK 5 Enter the IP address Netmask Prefix Gateway and DNS server IP Click OK network knowledge c am Oy inden 6 The Package Installation will run as shown to the right 7 When the setup is complete the system will
75. d in for inclusion in the report Excluded Devices Included Devices R7710 CXL2 BigIP_11 6_A BigIP_11 6_B BigIP_11_devA BigIP_11_devB C2960g lt lt Cisco_2811 Cisco_2901 Excluded Groups Included Groups All Objects l By Type Check Point GAIA Check Point R75 HFA 40 Firewall Check Point R76 no HFA Firewall Check Point R76 no HFA Security Management Generate 4 Click the Generate button in the lower right corner of the screen This generates a report entitled inventory xls y indent Q the network knowledge c e INDENI USER GuiDE 65 Opening inventors en i You have chosen to open E9 inventory xls which is Microsoft Office Excel 97 2003 Worksheet 84 5 KB from https demo indeni com What should Firefox do with this file Open with Microsoft Office Excel default m Save File Do this automatically for files like this from now on Cnc Choose whether to save or open the file Click OK when the Report Generation Complete dialog box appears This report generates multiple tabs Navigate through them for detailed information on each device included in the report Cy indent We the network knowledge c INDENI USER GUIDE 66 The Settings tab provides access to a variety of functions within indeni through its sub tabs Operate Help O indeni Settings nses indeni Backup indeni Insight Audit Log Defined
76. dation This product includes software developed by The Apache Software Foundation http www apache org src test org apache commons codec language DoubleMetaphoneTest java contains test data from http aspell sourceforge net test batch0 tab Copyright C 2002 Kevin Atkinson kevina gnu org Verbatim copying and distribution of this entire article is permitted in any medium provided this notice is preserved Apache Commons Collections Copyright 2001 2008 The Apache Software Foundation Apache Commons Configuration Copyright 2001 2008 The Apache Software Foundation Apache Commons IO Copyright 2001 2008 The Apache Software Foundation Apache Commons Lang Copyright 2001 2008 The Apache Software Foundation Apache Commons Logging Copyright 2003 2007 The Apache Software Foundation Cglib Copyright 2002 2004 cglib Licensed under the Apache License Version 2 0 the License you may not use this file except in compliance with the License You may obtain a copy of the License at http www apache org licenses LICENSE 2 0 Unless required by applicable law or agreed to in writing software distributed under the License is distributed on an AS IS BASIS WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND either express or implied See the License for the specific language governing permissions and limitations under the License Logback the reliable generic fast and flexible logging framework Copyright C 1999 2009 QOS ch All rights reserved This progra
77. default Backup Settings Settings Schedule Name Default indeni backup schedu Backup Storage Path var indeni backups include confidential data such as SSH passwords Schedule and Receivers _ and Receivers Periodicity Daily Y TimeofDay 00 00 admin admin loc aldomain johndoe johndoe mydomain com shoukyd shoukyd mydomain com test test mydomain com Backup Details Details Backup Readme Content eo The default backup of indeni contains the data required to restore indenis database To restore the database copy the backup files to a folder on the indeni device and login using SSH Then execute the following commands i service indeni4it stop rm rf usr indeni db indeni cp lt directory_where_backup_was_copied_to gt usr indeni db Additional Files or Directories to Include oe To schedule backups for indeni in addition to the default backup 1 From the Settings tab select the indeni Backup sub tab Note that the default indeni backup shows up predefined out of the box Click the Add button New indeni backup will appear in the indeni Backup Schedules list on the left Use the backup settings under Edit indeni Backup Schedule on the right to provide a Schedule Name In the Backup Storage Path field provide the path where these backup files will be stored Check the box if desired to Include confidential data such as SSH passwords In the Schedules and Receivers port
78. device This is not recommended To set up a maintenance schedule for a device 1 Click on the Add Window button Y Scheduled Maintenance Windows Add window Maintenance window set to 2 days 1 hourl minutes from now On Sunday From o 0 S For 4 4 hour s Remove 2 Enter the preferred time frames To remove a schedule that has already been set up Click on the Remove button Settings change by type of device so not all devices will include all of the parameters listed above om O indeni INDENI USER GuIDE 69 indeni allows users to group analyzed devices in order to quickly find objects of a particular type such as all Juniper devices or custom groups based on geographical location or organizational network infrastructure To add a new group 1 Choose the Settings tab and then the Groups sub tab 2 Click the Add Group button on the left panel 3 Provide a Group Name 4 Choose devices to add to the new group from the Devices Not Yet Included list and use the double arrow icon to move them into the Devices to Include box 5 Add an existing group to the new group as desired by choosing it from the Groups Not Yet Included box and adding it to the Groups to Include box 6 Click Save The new group will appear in the list of Defined Groups on the left To edit an existing group 1 Click on its name in the Defined Groups list on the left side of the screen to display its current settings 2
79. dialog box 5 Once you are done configuring the profile click Save j D ndeni c INDENI USER GuiDE 49 Using Item Types By assigning any or all of the item types in Device Profile you give indeni the necessary information to validate check and alert if the status of a device is not according to the profile indeni continuously analyzes the configuration profile on those devices and reports violations as an alert to system administrators Below you will find a few examples of items that can be enforced via a profile For each example we show a Profile Item configuration and then the resulting message that appears in alerts for affected devices under the Alerts tab Note that in each alert a reference is made to the device profile by name Hotfix es Installed Specific issues addressed by hotfixes are available indeni alerts if the required hotfix has not been installed Severity Warn i Alert Type SNMP Email Log v P Basic Settings Y Misc QP Hotfix Required required HOTFIX_R71_10 v Remove Fl 100251 gmt ReosMc Some hotfixes which should be installed are not 10 5 3 152 Description As part of the verification of the device profile Profile 2 indeni checks that the hotfixes installed on the device match the requirement indeni has found that some hotfixes are missing These are listed below indeni will re check this alert every 5 minutes If indeni will determine the issue has been resolved it
80. disclaimer in the documentation and or other materials provided with the distribution 3 The end user documentation included with the redistribution if any must include the following acknowledgment This product includes software developed by the Indiana University Extreme Lab http www extreme indiana edu Alternately this acknowledgment may appear in the software itself if and wherever such third party acknowledgments normally appear 4 The names Indiana Univeristy and Indiana Univeristy Extreme Lab must not be used to endorse or promote products derived from this software without prior written permission For written permission please contact http www extreme indiana edu 5 Products derived from this software may not use Indiana Univeristy name nor may Indiana Univeristy appear in their name without prior written permission of the Indiana University THIS SOFTWARE IS PROVIDED AS IS AND ANY EXPRESSED OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE AUTHORS COPYRIGHT HOLDERS OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILI
81. e Virtual Machine Version Disk Provisioning en ey Allocate and commit space on demand Thin Provisioning Memory Support dustering features such as Fault Tolerance Network SCSI Controller Select a Disk Create a Disk Store with the virtual machine Advanced Options Ready to Complete Location Specify a datastore Browse 12 Advanced Options are available but are not usually required Click Next Advanced Options These advanced options do not usually need to be changed Configuration Specify the advanced options for this virtual disk These options do not normally need Name and Location to be changed Host Cluster Datastore Virtual Device Node Virtual Machine Version ic scsi 0 0 i Guest Operating System CPUs Cc IDE 0 0 v Memory Network m Mode SCSI Controller Independent Select a Disk Independent disks are not affected by snapshots Create a Disk Advanced Options Ready to Complete C Persistent Changes are immediately and permanently written to the disk Nonpersistent Changes to this disk are discarded when you power off or revert to the snapshot 13 Power on the virtual machine using the Power button File Edit View Inven D Ar a ilp amp y indent Q the network knowledge c INDENI USER GuIDE 92 14 Click on CD DVD Drive 1 gt Connect to ISO image on local disk shown highlighted on the sc
82. e heap quotaurl filtering 1238 0 0 Oasp 1857 0 7S get System Product Name SSG5 5 erialO 0 k EIEE serial0 0 number 21 if_info 8568 if_index O link down py tin down status change 0 vsys Root down user force down status change 0 vsys Root zone DMZ vr trust vr vsd O dhcp client disabled PPPoE disabled admin scription ethernetO 3 number 7 if_info 2856 if_index 0 link inactive phy link up full duplex status change 1 last char if_index 0 link up phy link up full AET status change 1 last change 12 09 2012 16 22 13 vsys Root zone HA vr trust mtu 1500 default mtu 1500 ip 192 168 1 1 24 mac 0010 dbff 80b0 manage ip 192 168 1 1 mac 28c0 dad3 618b route deny ical Okbps conv tgares foress gbw rear mbw Okbps configured ingress mbw Okbps current bw Okbps tc S63 26 2 D ACL 545 20 2 1 52 9 1 18 SEF 2Cr B 50 7 20 1 T1 Zed Sy aC Heo 323 52 5 C We ay B35 ea 3 2S WEL A rSi23 21 ae E 1 196 16 0 1 18 ak 0 1 TZ 3 45 3 46 3 47 34 3 49 3 50 3551 3 3 53 0 a Se S97 I 41157 4 11110 11110 6 11116 Ave 41113 8 1 3 hold time defaultRetry time 120Local MED jis OAlways compare MED disabletocal Ee e bgroup1 groupe BgrOUps ethernet0 3 ethernet0 4 0 0 0 0 0 eth0 0 10 3 3 1 SP Root 6 192 1 e After viewing the debug report users can change the device s internal co the vendor specification interface e Run the Device Debug report often to check for continuing errors E J
83. e following examples that there is a further explanation of the problem within each alert shown which can assist you in finding the solution In most cases the content of the alert will provide the user with all the required details Please make sure to expand the alert so that the alert s content becomes available Verify SSH connectivity between indeni and the analyzed device by connecting to indeni over SSH and initiating an SSH session into the analyzed device using indeni s designated username and password In some cases as indicated in the alert s details management servers require their superior management server to be analyzed before they can be analyzed for example MDS needs to be analyzed before a CMA can be in the case of Check Point If indicated please make sure to analyze the superior management servers 1 Failed to communicate No response on port 22 a This is how the alert would appear ad 108415 za R75 40_ VRRP_ _Member1 Failed to communicate Oct 9 2013 02 58 36 PM Oct 9 2013 02 58 36 PM 10 3 3 44 Description There was an error when attempting to communicate with a device Device at 10 3 3 44 No response on port 22 Notes and History Oct 09 14 58 36 2013 BST Alert created Append note b Asa first step to assess where the issue lies try to SSH from the indeni server to the analyzed device If this fails try to understand why this happens and this will lead to solving this issue Make sure
84. earch using free text through their network estate all the analyzed devices The search includes things like NIC configurations SW versions licenses general settings and configurations Once the search is completed the user also has the ability to compare findings between the devices and to print the outcome Users may instantly view the actual configurations on the analyzed devices using the Live Configuration sub tab The information presented by indeni contains both software and hardware data and is clearly presented in a table format The Troubleshooting sub tab displays the list of analyzed devices Choosing a device displays a list of commands and variables commonly used or required by the vendor when creating a debug report This tool automatically generates a report that may be used with the devices vendor for debugging or bug reporting a k Ned indent INDENI USER GuIDE 19 You can quickly add delete or edit indeni reports using the Reporting tab and its sub tabs Operate Help O indent Reporting Device Configuration Alert Summary Procurement Inventory Report Defined Schedules O Scheduled Report Configuration A Add Schedule pen J Daily Al Alert Summary reports are sent at a set schedule and contain information on the new alerts that were issued since the previous report updates that have occurred to the existing alerts and more Report Configuration Excluded Devices Included
85. ell as its status In this column by default each alert in the list displays in the collapsed or at a glance mode showing just the summary headline for the alert Last Update This column allows users to further refine the displayed list of alerts by date range 1 Click the Filter icon in the column header 2 Click inside each blank field box to display a calendar Operate Help O indeni Operations Management gt p Fortinet FortiOS based Device b PE ve Junos Security Gateway b p roer ScreenOS NSRP Cluster Me Alerts Analysis Network Health Knowledge Management Alert Archive Monitored Devices D Current Alerts D View g Add Device Search ObjectName IPSO Q X View Resolve 4 Freeze Export Search Q v ID Device Headline vw 1522 gat IPSO 10 3 3 56 RESOLVED DNS servers configured but responding too slowly 81ms ti From bd pE cress Point Cluster Gateway v v 1449 gat IPSO 10 3 3 56 Latest HFA not in use z 2014 Dec C a a a E a 3 v 1446 IPSO 10 3 3 56 Management server is unknown 24 25 26 27 28 29 30 v PE crt Point Gateway v amp Fak ea eee CES eal ow v 1426 IPSO 10 3 3 56 Hosts file is missing the localhost entry qr SS ae Pei ho IPSO 10 3 3 56 o Y 1419 j IPSO 10 3 3 56 Device is not using NTP SA 16763 8 9 10 11 12 13 14 ew 1 error alerts 4 warning alerts 15 16 17 18 19 20 21 v 1407 Fa IPSO 10 3 3 56 Licenses do not match cp macro 22 23 24 25 26 27 28 b p c P
86. en for the entire group of devices Configure The Default Settings are shown for all new objects However you can also individually configure each device by clicking its Configure button to open the Edit Alert for Specific Device window Linux based operating systems induding SecurePlatform and GAIA use a garbage collector in order to ensure the ARP cache does not overflow This garbage collector enforces a hard limit on the number of ARP entries that can appear in the cache Check interval 0 gt days 00 01 00 Edit Alert for Specific Device Autoremediate Default Settings for new objects Log a AskMe v Cisco_2811 192 168 7 1 Log X AskMe w Cisco_2901 192 168 3 1 Alert Name ARP Neighbor Overflow Identification SA 25890 Log AskMe v Cisco_ASA_5505 192 168 0 1 Specific Object cpg01 10 3 3 222 Log z AskMe v P cpg01 10 3 3 222 Log X AskMe v P cpg02 10 3 3 223 2 ee Log AskMe v i cpsme 10 3 3 225 Automation Policy Item Autoremediate AskMe v Log Ask M eS pe G_UNDER_CMA1 10 3 1 78 iJ Automation Policy Item Alert SNMP Email Log v Log AskMe v Nokia_Box_IP530 1 10 3 3 143 check Interval 0 gt days 00 S 01 S 00 Log AskMe v Nokia_Box_IP530 2 10 3 3 144 ri Ignored Items Log X AskMe w p R60SMC 10 3 3 152 Alert severity E e Log X AskMe v P R75 40_ _VRRP_ _Member2 10 3 3 45 Log X AskMe v srx02 10 3 3 172 V Custom Set
87. ent Schedule and Receivers and Receivers Periodicity Weekly TimeofDay 10 00 Day of week Monday v 4 admin admin localdomain Z johndoe johndoe mydomain com shoukyd shoukyd mydomain com Y test test mydomain com Under Defined Schedules on the left click the Add Schedule button An icon will appear under Defined Schedules Edit the details for the schedule under Scheduled Report Configuration on the right Give the report a new name in the Report Name field 5 Choose the devices to be included in the report from the Excluded Devices list and click the double arrow to add them to Included Devices 6 Set the time that indeni will generate and deliver the report in Schedule and Receivers Currently indeni provides reports daily Schedules are based on indeni server time 7 Select the users to receive the report indeni provides a list of system users These users will receive reports only for those devices they are allowed to see even if the original report was set to include all devices being analyzed 8 Save your changes The Alert Summary report lists all new and updated alerts that were added or modified since the previous report as well as updates to current alerts etc Click on the Alert Summary sub tab option at the top of the screen Click the Add Schedule button in the Defined Schedules list A New Report icon will appear under Defined Schedules Edit the details under Scheduled
88. ert Only Alert Only Alert Only SNMP Email Log Alert Only SNMP Email Log Alert Only Alert Only Alert Only Alert Only Alert Only Alert Only Alert Only Alert Only Alert Only Alert Only Alert Only Alert Only aa ee te ee Se ee he ce ne Fy indent Q the network knowledge c INDENI USER GuIDE 44 The Alerts Within Category section of the Knowledge Management sub tab allows users to quickly adjust settings for each type of alert Name Individual alert descriptions are provided in the first column identifying what indeni can observe This column is informational only Default Settings for Alert This allows users to choose how alerts will be flagged Some alerts you may want to simply log others are important enough to forward immediately to a user s attention By default alerts with a severity of Critical or Error are set to SNMP Log the rest are set to Alert Only Operate Help Operations Management Alerts Analysis Alert Categories D Network Health Knowledge Management Alert Archive Alerts Within Category o Cy indent Search Q VY All Categories Name Default Settings for Alert V Device Monitoring A Complex Programmable Logic Device register read may intermittently fail Sol14645 Alert Only M Configure V Load Balancer Monitoring A VLAN failsafe action may not trigger for individual VLANs in a VLAN grou
89. ert Only No Alert Mert Only AST OT Email On Alert and SNMP Trap Only Alert and Email Only SNMP Trap and Email Only SNMP Email Log An imported external monitor may erroneously mark resources down Sol14271 v V Check Point Operating System M i An invalid stream profile target may cause the TMM processes to restart Sol14896 Alert Only v Configure Check Point GAiA specific M i pon Attempting to create a duplicate user account may cause the mcpd process to crash 50112908 Alert Only v Configure Ghack Fot P50 apace M Auto sync may fail in the case where there are many synchronizations in rapid succession 50115536 Alert Only v Configure et a On ee BIG IP 2000 2200 and 4000 4200 may experience slow hardware compression Sol14831 Alert Only v Configure Check Point SecurePlatform BIG IP 6900 platforms HSB firmware may generate Super I O watchdog timeout error Sol14081 Alert Only v Configure Check Point Performance Monito BIG IP 8900 8950 8950S platforms HSB firmware may generate Super I O watchdog timeout error messages 50114082 Alert Only M Configure Check Point VolP Support Monito BIG IP Analytics may cause the TMM process to crash when receiving HTTP responses with large payloads Sol14070 Alert Only v Configure Check Point VPN Monitoring BIG IP GTM sync group members running big3d 11 3 0 may experience iQuery communication issues with systems running pre
90. ervers configured but responding too slowly 60ms to resolve www in Dec 25 2014 01 55 30 PM v vw 1522 IPSO 10 3 3 56 RESOLVED DNS servers configured but responding too slowly 77ms to resolve www in Dec 25 2014 01 51 28 PM IPSO 10 3 3 56 v v 1521 BigIP_11_devA 10 3 1 84 RESOLVED Two cluster members differ in their routing tables SA 66322 Dec 25 2014 01 26 27 PM aw 1 error alerts 3 warning alerts vw 1494 a GAIA 10 3 3 34 Use of NTP servers configured but not operational SA 16763 url hover com Dec 24 2014 10 51 59 PM D p rect Point Standalone Gateway v v 1485 Pa GAIA 10 3 3 34 RESOLVED DNS servers configured but responding too slowly 829ms to resolve www i Dec 25 2014 01 54 30 PM SA v 1479 GAIA 10 3 3 34 Contract s have expired Dec 24 2014 04 06 14 PM gt Arc a O W 1478 gt GAIA 10 3 3 34 License s have expired Dec 24 2014 04 06 14 PM vw 1477 C2960g 192 168 7 10 Device clock appears to be set incorrectly Apr 10 02 10 1993 IDT Dec 25 2014 05 51 42 PM gt acs IOS Switch v m v 1476 GAIA 10 3 3 34 RESOLVED High memory usage 87 0 Dec 25 2014 05 52 50 PM D e2 F5 BIG IP v id 1475 Fortinet 10 3 3 203 FGT40C3912005822 Service database not updated Dec 24 2014 04 06 11 PM is v 1474 ga C2960g 192 168 7 10 Proxy ARP is enabled Dec 24 2014 04 06 11 PM gt yer Fortinet Forti0S based Device O W 1473 Cisco_2901 192 168 3 2 Proxy ARP is enabled Dec 24 2014 04 06 11 PM Y 1472 Cis
91. file 1 indeni checks that coredumping is enabled On this device coredumping is disabled indeni will re check this alert every 5 minutes If indeni will determine the issue has been resolved it will automatically be flagged as such Custom Notes Back up the media Manual Remediation Steps Follow SK53363 gt indent Q the network knowledge c INDENI USER GuiDE 53 Deleting an Item from the Profile e Click the Remove button at the bottom of the item s configuration section You may have to scroll down to see the button Profile Items Y Basic Settings ri Automation Policy Item Autoremediate Ask Me V Custom Settings oe Customized Notes For Alert Y Misc o DNS Servers Required comma separated required Remove Deleting a Profile To delete the entire device profile e Click the Delete button at the bottom of the Profile Configuration screen Backup Schedules indeni can be set to automatically collect backup data for specified devices or groups of devices Each device s configuration will be backed up in a separate file that includes the files and data that should be included in the backup as recommended by the vendor and according to best practices Operate Help O indent aa Settings Operations Management Compliance Management Tools Reporting Configuration Checks Backup Configuration Journal Configuration Check Reports Backup Schedules A Ed
92. following data ID Device ID Device Device name and IP number Change Summary All changes made to analyzed devices are displayed here To access details for each change click on each individual line to expand it Click again to collapse it The summary includes the exact details of the changes that were made User Displays the user who made the change From Displays the IP of the user who made the change Timestamp The most recent changes are displayed first Operate Help oO indent Compliance Management Configuration Checks Backup Configuration Journal Configuration Check Reports Monitored Devices D Changes Tracked D Search Q View ID Device Change Summary User From Timestamp of D p Check Point Cluster Gateway a ow CH100034 BigIP_11_devA 1 BIG IP Devices changed 2014 Nov 25 19 52 00 gt a Check Point Gateway CH100033 2 BigIP_11_devB 1 BIG IP Devices changed 2014 Nov 25 19 51 58 ow CH100032 BigIP_11_devA 1 Config Sync status changed 2014 Nov 25 19 51 58 gt p Check Point Standalone Gateway CH100031 2 BigIP_11_devB 1 Config Sync status changed 2014 Nov 25 19 51 56 CH100030 BigIP_11_devB 1 BIG IP Devices changed 2014 Nov 25 19 42 01 b Cisco IOS Router ecn CH100029 BigIP_11_devA 1 BIG IP Devices changed 2014 Nov 25 19 42 00 D gao 10S Switch CH100028 2 BigIP_11_devA 1 Config Sync status changed 2014 Nov 25 19 22 00 sw CH100026 2 BigIP_11_devB 1 Config Sync status changed 2014
93. ght into real time performance as technologies well as impending issues that could impact service delivery For more information on how to configure the integration between indeni and CA Spectrum Infrastructure Manager please download Integrating indeni with CA Spectrum Infrastructure Manager at http indeni com support indeni participates in HP s Enterprise Management Alliance Program The software has been validated to integrate easily with HP Operations Manager HP OM HP OM contains a tool to convert the indeni Management Information Base MIB file to a HP OM policy The tool is not an integral part of HP OM but rather a contributed addition The MIB file and more information on configuring indeni with HP OM can be downloaded from http www indeni com support To set up SNMP trapping for indeni you must set up a server capable of receiving SNMP traps and configure it to accept traps from indeni An SNMPv2 community or SNMPv3 USM setting is required for SNMP to operate correctly Once the SNMP Master is set up on the ops e Help server at the Settings tab Settings Monitored Devices Groups Integration Users Licenses indeni Backup indeni Insight Audit Log 1 Select the Integration sub tab _ 2 Click the Add Device button under Defined Objects 3 Select SNMP Master Use the setup screen shown on the next page to configure SNMP trapping for this master Assign appropriate names and password
94. ing the Gauges values dropdown box users can choose whether to display the Health status CPU type or Memory status of the individual devices or groups The user may also choose to customize the groups and devices shown by default on the central section This is done by clicking on the gy to add an additional group or device or by clicking on the g and then the symbol beside each gauge to remove it from the list The Others group is a system group automatically created which appears only when indeni finds analyzed devices which are not included in other groups on the dashboard This group disappears if the user displays devices by All Objects or By Type or if all groups and devices are accessible from other groups in the dashboard Operate Help O indeni Operations Management Alerts Analysis Network Health Knowledge Management Alert Archive Dec 24 2014 04 06 09 PM v Ppa PEE Software has reached end of Dec 24 2014 Queries Minute 575 support SA 24900 04 06 09 PM Ipso A Hosts file is missing the Dec 25 2014 localhost entry 04 16 22 PM serene eos All Objects By Type Latest HFA not in use earl Last week 0 10 6 0 3 31 34 0 1 8 3 0 sisi Last month Uptime 100 00 Uptime 99 99 Uptime 99 98 Device is not using NTP Dec 24 2014 SA 16763 04 01 56 PM Monitored devices 16 Gauges values Health Add D License s have expired Last yea From day 1 100 0000 Custom VSX AY Q View
95. inue or not The CSV file should contain lines with exactly two values each One value should be the device name and the second should be the device IP address Browse Analyze File Once all devices have been added use the appropriate radio button to supply the proper credentials for these devices indeni supports two methods of doing so under Credentials to Use SSH Advanced Monitoring and SNMP Standard Monitoring am dae c je c INDENI USER GuIDE 27 Add Devices Devices toAdd to Add Device Name 2 IP Group All Objects v T Add Device Credentials to Use to Use Vendor Specific Specific SSH Advanced Monitoring SSH Username cel Privileged Mode Password SSH Password Unix root Password SSH Key SNMP Standard Monitoring Add Cancel Supply the SSH login details for the user added previously For example SSH Username indeni SSH Password indeni1 1 You may use an SSH Key which replaces the need for a password Clicking on this activates a text box that you can paste the SSH key into If the key file is encrypted an SSH Passphrase is also required The password requirement depends upon the type of key file used NOTE When using SSH RSA keys for authentication you must make sure that on the device indeni is connecting to the authorized_keys file is only writeable by the user mode 755 for ssh and mode 600 for ssh authorized_keys Click Ad
96. ion of the screen set the time of day you want the backups to run and how often By default the backups will be saved daily Choose the users who will receive notification of backups and their success or failure Under the heading Backup Details you can include instructions on how to utilize a backup that has been created by this backup schedule These instructions will be saved as a README file in the resulting backup archive Backup Details rr Backup Readme Content ar The default backup of indeni contains the data required to restore indeni s database To restore the database copy the backup files to a folder on the indeni device and login using SSH Then execute the following commands service indeni4it stop rm rf usr glassfish domains indeni config indeni cp lt directory where backup was _ copied ta gt usr glassfish domains indeni config Additional Files or Directories to Include ar In the field for Additional Files or Directories to Include you can add directories and files to include in the backup file Each path should be on a separate line and its format should be compliant with the operating system installed on the devices you ve chosen to back up 10 Save your changes om O indeni INDENI USER GuiDE 77 indeni Insight is designed to help ClOs and network architects gain more control and visibility over their networks It works by supplying valuable insights and hard to access data about your
97. it Backup Schedule D Add N F5 Weeki indeni will automatically collect backups for the devices chosen below Each device s configuration will be backed up in a separate file with a time stamp and will include the files and data m i recommended by the vendor and users for backing up the specific device Backup Settings Excluded Devices Included Devices Schedule Name F5 Weekly mes 7 BaP 1 eA isco IgiP_11 6_ Cisco_2901 BigIP_11_devA Backup Storage Path var indeni backups Fortinet BigIP_11_devB ee GAIA GAIA_R7720 IPSO Excluded Groups Included Groups All Objects By Type Check Point GAIA Check Point R75 HFA 40 Firewall Check Point R76 no HFA Firewall Check Point R76 no HFA Security Management Schedule and Receivers and Receivers v a Periodicity Weekly Time of Day 04 00 Day of week Sunday k e LJ admin admin localdomain LJ shoukvd shoukvd mvdomain com Save Cancel Delete Scheduling Backups Backups can be scheduled for individual devices You can also add a Group to the backup schedule 1 From the Compliance Management tab select the Backups sub tab 2 Click on the New Backup icon in the left panel Use the backup settings under Edit Backup Schedules on the right to provide a Schedule Name Cy indent e the network knowledge c INDENI USER GuIDE 54 In the Backup Storage Path field provide the path where these backup files will be stored
98. listed in Appendix C e To display alerts for a particular device type the device name in the Search field You can also click on the orange circle to the right of the device name in the Monitored Devices section to display alerts for that device only To display a particular kind of alert type the desired parameter in the Search field To search for text type a text string For example typing R60SMC in the Search field will display alerts for all R6OSMC members Clearing the field restores the entire list To filter alerts use the orange arrow next to its name in the Monitored Devices display and choose Filter Current Alerts from the pop up menu Note that the screen view on the next page displays alerts only for IPSO IP address 10 3 3 56 Cy inden P INDENI USER GuIDE 31 Operate Help O indeni Operations Management l Alerts Analysis Network Health Knowledge Management Alert Archive Monitored Devices O Current Alerts D View Add Device Search Objectname tPso Q X View Resolve Freeze Export eee Q v ID Device Headline Last Update v 1522 P IPSO 10 3 3 56 RESOLVED DNS servers configured but responding too slowly 81ms to resolve www in Dec 25 2014 07 17 23 PM gt pE cress Point Cluster Gateway v Y 1449 IPSO 10 3 3 56 Latest HFA not in use Dec 24 2014 04 06 09 PM Y 1446 fd IPSO 10 3 3 56 Management server is unknown Dec 25 2014 05 56 34 PM k pE oeo Point Gateway v
99. ll be used by the virtual machine Configuration Name and Location Host Cluster Datastore Virtual Machine Version Guest Operating System CPUs Memory Network SCSI Controller Select a Disk Ready to Complete m Create Network Connections How many NICs do you want to connect f Connect at Network Adapter Power On NIC 1 vM Network 7 Adapter choice can affect both networking performance and migration compatibility Consult the VMware KnowledgeBase for more information on choosing among the network adapters supported forvarious guest operating systems and hosts 10 Choose VMware Paravirtual as the SCSI controller Click Next SCSI Controller Virtual Machine Version 7 Which SCSI controller type would you like to use Configuration Name and Location Host Cluster Datastore Virtual Machine Version Guest Operating System CPUs Memory Network SCSI Controller Select a Disk Ready to Complete m SCSI controller BusLogic Parallel not recommended for this guest OS LSI Logic Parallel LSI Logic SAS VMware Paravirtual y inden Q the network knowledge c INDENI USER GuIDE 91 11 Create a disk by setting Capacity Disk Provisioning and Location Click Next Create a Disk Specify the virtual disk size and provisioning policy Configuration C ity Name and Location Host Cluster Disk Size 20 c Datastor
100. m Settings Y Misc aw Users Required comma separated required User 1 User 2 Remove El Y 100280 E cpgol Users defined do not match expected list 00 3 3 223 Description As part of the verification of the device profile Profile 1 indeni checks that the users defined on the device match the requirement 1 users are defined and shouldnt be These are listed below indeni will re check this alert every 5 minutes If indeni will determine the issue has been resolved it will automatically be flagged as such Missing of Un needed Users hacker Ignore this Manual Remediation Steps Modify the device s configuration as required by the device profile Syslog Servers In Use indeni will check that a specific Syslog server is being used by the devices in the profile Syslog Servers In Use Severity Critical v Alert Type SNMP Email Log P Basic Settings Y Misc oe Syslog Server Hostname or IP required 10 3 3 75 Minimal Severity All Remove E Y 100352 cpsmc Some syslog servers which should be defined are not 10 3 3 225 iption As part of the verification of the device profile Profile 4 indeni checks that the syslog servers configured on the device match the requirement indeni has found that some syslog servers are missing or misconfigured These are listed below indeni will re check this alert every 5 minutes If indeni will determine the issue has been resolved it will automatically be flagged as such
101. m and the accompanying materials are dual licensed under either the terms of the Eclipse Public License v1 0 as published by the Eclipse Foundation or per the licensee s choosing under the terms of the GNU Lesser General Public License version 2 1 as published by the Free Software Foundation SLF4J Copyright c 2004 2008 QOS ch All rights reserved Permission is hereby granted free of charge to any person obtaining a copy of this software and associated documentation files the Software to deal in the Software without restriction including without limitation the rights to use copy modify merge publish distribute sublicense and or sell copies of the Software and to permit persons to whom the Software is furnished to do so subject to the following conditions The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software THE SOFTWARE IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND EXPRESS OR IMPLIED INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM DAMAGES OR OTHER LIABILITY WHETHER IN AN ACTION OF CONTRACT TORT OR OTHERWISE ARISING FROM OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE Apache Commons Pool Copyright 1999 2009 The Apache Software Foundation Ganymed SSH2 Copyright c 2
102. many profiles as you wish 2 For each profile choose the devices you want to manage from the Devices Not Yet Included list on the right side of the screen under Profile Configuration 3 Click the double right arrow to include the chosen device s for this profile 4 Give the device profile an appropriate name in the Profile Name field om O indeni INDENI USER GuiDE 48 Operate Help d r indeni e the network knowledge co Operations Management Compliance Management Reporting Settings Configuration Checks Backup Configuration Journal Configuration Check Reports Defined Profiles Profile Configuration Devices not yet Included C2960g NTP Servers In Use Severity Info v Alert Type Alet Ony vy Y Misc eo NTP Servers Required comma separated required 10 15 3 12 Dec 24 2014 5 1 0 build 91 20141221 ef83b11 To add an item to the devices to be included in the profile 1 Click the Add Item button in the bottom right corner of the Device Profiles sub tab screen indeni will display the Profile Items dialog box that allows users to choose which configurations to have validated checked and alerted in this profile Add Item Please choose an item type to add 2 Choose the item type See the next section Using Item Types for specific information on each selection 3 Click OK 4 You may add as many items as you want For each item configure the settings in the Profile Items
103. mation on the number of SCSI Controller processors supported for various guest operating systems Select a Disk Ready to Complete 8 Memory Size must be 2 GB or greater to ensure there is enough memory to run indeni Memory Virtual Machine Version 7 Configure the virtual machine s memory size Configuration m Memory Configuration Name and Location ae eee 255 GB Memor x gt Host Cluster ees 2 x Datast 128 GB eS l l 64 GB Maximum recommended for this Virtual Machine Version guest OS 255 GB Guest Operating System 32 GB Maximum recommended for best performance 73712 MB lt j es 16 GB Memory Minimum recommended for this aa 8 GB J guest OS 1 GB SCSI Controller 4 GB Select a Disk GB Ready to Complete 1GB 512 MB 256 MB 128 MB 64 MB 32 MB 16 MB 8 MB 4 MB Linux values can vary Consult your Linux release notes for accurate information See also indeni Hardware Requirements in Chapter 1 of this user guide for a description of how to calculate the needed memory for your indeni implementation y indeni QA the network knowledge c INDENI USER GuiDE 90 9 To Create Network Connections select how many NICs you want to connect from the drop down menu Select the VM Network for NIC 1 From the Adapter drop down list select the adapter type E1000 Check the box for Connect at Power On Click Next Network Virtual Machine Version 7 Which network connections wi
104. ments state that data must not be allowed to be deleted in a monitoring and auditing system indeni is such a system While working with indeni you will be required to define specific devices such as firewalls to monitor This will incdude their name IP address and other details If your organization requires this data not to be deletable please choose DISALLOW DEVICE DELETION below Otherwise please choose ALLOW DEVICE DELETION NOTE This decision CANNOT be changed at a later point See Chapter 5 Analysis and Alert Management for full instructions on analyzing devices Fy indent Q the network knowle dge c INDENI USER GuIDE 14 All major functions within indeni are accessed from the tabs at the top of the dashboard They include Operations Management Compliance Management Tools Reporting Settings These tabs are available from all main screens within indeni The functionality of each one is described in this chapter These two menus are shown at the top left of the web dashboard Use the Operate menu to log out of indeni This menu also allows you to update the system Use the Help menu to link directly to this user guide online The Help menu also provides indeni support tools that allow you to create a debug report or to run a live debug of the indeni application The Operations Management tab allows users to quickly add and configure new devices as well as view all current and archived alerts O
105. nce devices have been added to the system the screen for this tab provides at a glance information regarding alerts relating to each device with rollover access to detailed information for each alert Use the sub tabs within this window Alerts Analysis Network Health Knowledge Management and Alert Archive to access further functionality as described on the next page om O indeni INDENI USER GuiDE 15 Operate Help O 7 indeni Operations Management Alerts Analysis Network Health Knowledge Management Alert Archive Monitored Devices A Current Alerts O View Add Device Search Q X View Resolve Freeze Export i i o Search Q v ID Device Headline Last Update adl 653 GAIA 10 3 3 34 High memory usage 87 0 Dec 24 2014 03 56 48 PM Dd ma Check Point Cluster Gateway 1400 a Cisco_2901 192 168 3 2 Failed to communicate Session is closed Dec 24 2014 03 56 33 PM 684 amp C2960g 192 168 7 10 Device clock appears to be set incorrectly Apr 09 00 15 1993 IDT Dec 24 2014 03 56 11 PM D Check Point Gateway mR 630 GAIA 10 3 3 34 DNS servers configured but responding too slowly 1364ms to resolve www indeni com Dec 24 2014 03 55 17 PM 1406 Cisco_2811 192 168 7 1 Failed to communicate No response on port 22 Dec 24 2014 03 47 36 PM D Check Point Standalone Gateway 699 Cisco_2901 192 168 3 2 No loopback interface defined Dec 24 2014 03 16 04 PM D Cisco IOS Router PE 67
106. network and other organizations networks from around the globe enabling you to make smarter decisions For more information on what indeni Insight includes and how it works visit our website Operate Help O indent Settings Monitored Devices Groups Integration Users Licenses indeni Backup indeni Insight Audit Log indeni Insight Turn on indeni Insight Turning on indeni Insight indeni Insight is designed to help CIOs and network architects gain more control and visibility over their networks It works by supplying valuable insights and hard to access data about your network and othe organizations networks from around the globe enabling you to make smarter decisions For more information on what indeni Insight includes and how it works go to our website Enable indeni Insight Email address for the report The Audit Log sub tab shows a list of changes and activities that took place in the indeni application Its information does not apply to analyzed devices a k Ned indent INDENI USER GuiDE 78 Operate Help oO indent Settings s Integration Users Licenses indeni Backup indeni Insight Audit Log ID Type User Summary Affected Objects Timestamp 5 AU100357 Configuration Change admin Report removed F5 Weekly Affects 0 object s 24 12 2014 16 15 AU 100356 Configuration Change admin Scheduled backup created Affects 0 object s 24 12 2014 16 15 AU 100355 Configuration Change admin Re
107. ng on the Resolve button produces a flyout menu with the options shown on the next page y inden AS e the network IW ra Operations Management Operate Help Compliance Management Tools Alerts Analysis Network Health Knowledge Management Alert Archive Current Alerts D Monitored Devices D View Add Device Search Q D pE a Point Cluster Gateway v D Check Point Gateway ew ajm Y Y 1568 a Cisco_2901 192 168 3 2 1564 gt GAIA 10 3 3 34 Reporting Settings RESOLVED No loopback interface defin Stop Alerting for This Device High swap usage has been measured 8 R7710 CXL2 10 3 3 158 RESOLVED DNS server resolution tesi 4 02 17 59 PM 4 07 30 43 PM 4 11 04 14 PM 4 07 52 42 PM O ndeni _ INDENI USER GuIDE 36 Export Created Dec 26 2014 10 00 44 AM Dec 26 2014 08 31 02 AM Dec 25 2014 11 03 08 PM m 1525 GAIAR7720 1033 148 RESOLVED DNS servers con ee Rmocx21033158 RESOLVED DNS servers configu Ba v al VSX 10 3 3 157 RESOLVED DNS servers configured but responding too slowly 99ms to r Dec 25 2014 07 49 45 PM Dec 25 2014 01 06 13 PM a RESOLVED DNS servers configured but responding too slowly 59ms to r ea 1521 BoP 11_deva 10 31 84 RESOLVED Two cluster members differ in their routing tables Dec 26 2014 02 56 11 AM w 1494 GAIA 10 3 3 34 Use of NTP servers configured but not operati
108. notify you and ask for a reboot Click on the Reboot button INDENI USER GuIDE 11 Package Installation B Packages completed 9 of 281 Installing glibc common 2 12 1 1807 e16 x86_64 167 MB Common binaries and locale data for glibc Package Installation a Packages completed 281 of 281 Installing indeni 4 3 1 noarch 64 MB package Complete Congratulations your CentOS installation is complete Please reboot to use the installed system Note that updates may be available to ensure the proper functioning of your system and installation of these updates is recommended after the reboot Figure SEQ Figure ARABIC 6 Once the system reboots the next two screens shown below automatically appear 8 Specify the host and domain name Click OK Host and domain name Hostname localhost localdomain__ Domain localdomain 9 After completing the configuration click the Reboot button to reboot the system for the second time NOTE You can always return to the set up screens by running sudo isetup via the console or an SSH connection ee changes that were made require a reboot of the system Would you like to reboot om Oy inden INDENI USER GuIDE 12 You can log in to the system only after you have rebooted twice as shown in the previous section Username indeni Password indeni4it In production environments it is highly recommended that users change the default password
109. o Include SYSL Send Test Syslog Message Send a test message to determine if the configuration is working Save the configuration indeni will add the new syslog server to the list of Defined Objects Use this sub tab to add delete and edit users passwords email settings permissions for setting up and remediating individual devices and permissions for group objects as described in Chapter 4 Getting Started indenis license expiration date and limitations depend on what was purchased To determine the status of your current indeni licenses or to upload a new license Select the Settings tab and then the Licenses sub tab Licenses are obtained from an indeni reseller as a file with a lic extension Users must download the lic file to their own hard drive and then upload to indeni The file can then be removed from the local hard drive om O indeni INDENI USER GuiDE 75 Operate Help Le indent Settings Monitored Devices Groups Integration Users Licenses indeni Backup indeni Insight Audit Log Status The license is valid and covers the current number of devices the system is set to monitor Current Coverage License expiration date Apr 18 2020 Maximum number of network and network security devices 1000 Number of devices set to be monitored 13 Number of devices set to be monitored but cannot be identified 4 Signature d41d8cd98f00b204e9800998ecf8427e Upload License File Browse Upload New Li
110. oint Standalone Gateway v 29 30 31 1 4 D EAr oos Router v ARTR gt Pace 10S Switch v Sw A b B2 rsBciP v is D g Unknown Device 1 606 3 Choose the date range for the alerts you want to display and then click Apply From Ta Clear Apply 4 To filter within a particular day change the hour settings after the date in both the From and To fields to display alerts within a specified time range 5 Click Clear to clear the previous criteria This will restore the entire list of alerts 6 To quickly sort alerts in ascending or descending order by date click on the column name A yellow arrow will appear Click on it to sort the alerts a k Ned indent INDENI USER GuiDE 34 To expand an alert to show its details click on any headline In the expanded detail information is categorized in several ways Description A general overview and explanation of the problem Custom Notes Gives users the option to add their own notes to a specific signature or to a specific group Manual Remediation Steps indenis recommendation for how to manually correct the problem Notes and History A summary of when the alert has been created resolved or remains unresolved along with any notes which were added to the alert by using the blue Append note link Operate Help O indent Alerts Analysis Network Health Knowledge Management Alert Archive Monitored Devices O Current Alerts O
111. omegroup m 3 di 5 items Double click on any of the files to review the individual report 20130407 1615 ssg 01 Technical Support Report File Edit Format View Help get envar 045 0 000 8 resource BLOCK Mail 8bffff5c 02fc0 30 0 af 0 000 0 000 9 Fim 03 65 607 0 000 18 tcp send IDLE Suspend 8bfffdb8 02fc0 30 O 42477347 6812 447 C 20547273 1309 835 0 000 28 dialertask IDLE Sleep 8bffff44 04fc0 30 0 51358077 3810 395 30 O 10273637 694 312 0 000 38 dns_refresh IDLE Suspend 8bffff7c 10fc0 30 0 171229 2fc0 30 0 1 0 000 0 000 48 traffic shaping BLOCK Semaphore 8bffff68 02fc0 30 0 205 8bfffd84 04fc0 30 1 195726881 47461 853 0 000 58 http fx BLOCK Mail 8bffff54 07fc0 30 8bfffdf0 04fco 30 0 1 0 000 0 000 69 eap task IDLE Suspend 8bffff7c 04fco socket 8bfffdd0 08fc0 30 0 560 0 294 0 000 79 ntp IDLE suspend 8bffff7c ng policy High priority ratio 8Normal Er Torty ratio 1024system up misconds 1683736518Flow packet processing cost misconds ldefrag pool 0 0 0 0 900000net 0 1sip a a rm hash s 0 0 0 0 1sip alg tsx 236 ae 0 0 0 128 xlate ctx 40 0 0 0 0 288c iNew ae Timer 12 8228 228 19 493 ivlsm 20 e heap pool NET PAK alloced 0 freed O0 amp tcp_input_queue length O amp arp_req_ingress_queue Tenens O amp ar p_req_egr 0 0 O SELF_APP_SVR_PIMin 7 0 256 0 0 0 O SELF_APP_SVF F_APP_ PE RADIUS SELF_APP_CLT_URLBLKin 17 1 256 0 0 0 0 0 0 O SELF_APP_SVR_DHCP6in 27 2 256 0 0 0 0 0O SELF_ e mm
112. on a ules routing tables and other elements of the network to determine the 5 Notes and History Dec ST 3 51 59 2014 IST Alert c Dec 24 22 51 59 2014 IST Ass Aeir item added url hover com D g Unknown Device 000000000 00g GAIA 10 3 3 34 GAIA 10 3 3 34 y GAIA 10 3 3 34 RESOLVED DNS servers configured but responding too slowly 92ms to Contract s have expired License s have expired Dec 28 2014 11 44 04 AM Dec 24 2014 04 06 14 PM Dec 25 2014 07 53 45 PM Dec 24 2014 08 41 21 PM Dec 24 2014 04 06 14 PM Dec 24 2014 04 06 14 PM 1477 f C2960g 192 168 7 10 Device clock appears to be set incorrectly Apr 13 03 45 1993 IDT Dec 28 2014 07 26 00 PM Dec 24 2014 04 06 12 PM Dec 28 2014 03 44 56 PM Dec 24 2014 04 06 12 PM 1476 pe GAIA 10 3 3 34 RESOLVED High memory usage 86 0 1475 a Fortinet 19 3 3 23 M 4 1 220f83 gt H FGT40C3912005822 Service datahase not undated Der 24 20144 0611 PM Der 24 2014N4 16 11 PM Using the Resolve Button indeni provides a Resolve button above the Headline column to assist users in resolving alerts It is enabled when at least one visible alert is checked Clicking on the Resolve button gives the user several options from acknowledging and archiving an alert to manually changing configuration settings for the device in question Note that the Resolve button will not activate unless an alert is checked not just highlighted Clicki
113. onal SA 16763 url hover com Dec 24 2014 10 51 59 PM B mes __ GAIA 10 33 34 RESOLVED DNS servers configured but responding too slowly 92ms to r l Y 1479 r GAIA 10 3 3 34 e 7 Dec 25 2014 01 13 00 PM 14 07 54 52 PM Dec 25 2014 01 11 15 PM D pe Check Point Standalone Gateway D Cisco IOS Switch Dec 24 2014 10 51 59 PM Dec 28 2014 11 44 04 AM Dec 24 2014 08 41 21 PM Contract s have expired Dec 24 2014 04 06 14 PM Dec 24 2014 04 06 14 PM xp Fortinet FortiOS based Device L Y 1478 p GAIA 10 3 3 34 License s have expired Dec 25 2014 07 53 45 PM Dec 24 2014 04 06 14 PM v T E a A wn a o o a Y 1477 f C2960g 192 168 7 10 Device clock appears to be set incorrectly Apr 13 03 50 1993 IDT i 1476 GAIA 10 3 3 34 RESOLVED High memory usage 86 0 l Y 1475 p Fortinet 10 3 3 203 FGT40C3912005822 Service database not updated Dec 28 2014 07 31 01 PM Dec 24 2014 04 06 12 PM Dec 24 2014 04 06 12 PM Dec 24 2014 04 06 11 PM Juniper Junos Security Gateway Dec 28 2014 03 44 56 PM Dec 24 2014 04 06 11 PM D pE ve ScreenOS NSRP Cluster Me 9909090000090 90 90 1474 ga C2960g 192 168 7 10 Proxy ARP is enabled Dec 24 2014 04 06 11 PM Dec 24 2014 04 06 11 PM D g Unknown Device 1473 Cisco_2901 192 168 3 2 Proxy ARP is enal bled Dec 24 2014 04 06 11 PM Dec 24 2014 04 06 11 PM 1472 Cisco_2901 192 168 3 2 SSH v1 is enable
114. oting Accessing the Web Ul Adding Devices to indeni Appendix D Setting Up indeni on VMware ESX Creating a New Virtual Machine the network knowledge c Cy inden INDENI USER GUIDE 7 indeni offers the first proactive root cause analysis solution for network devices designed to cut setup and administration time lower costs and ensure a stable secure network It is the first truly proactive system that Automatically identifies known devices Correctly identifies proper settings for known devices cutting deployment time to five minutes or less Understands and analyzes thousands of parameters and compares settings in relation to each other Measures traffic throughput and flags approaching maximums Determines whether devices are partly or wholly functional or dead and if non functioning identifies the cause and suggests remedial actions Flags the administrator when an error is seen via alerts which can be forwarded by SNMP email or pager Allows priority analysis of chosen critical parameters so that potentially severe problems can be flagged and dealt with first This user guide provides detailed instructions for installing and using indeni Additional support is available at www indeni com support This guide is for technical users with a strong working knowledge of networking and network security administration Users should be able to set up network devices on their own Cisco routers Check Point firewalls etc as
115. p Sol13210 Alert Only v Configure F5 BIG IP Monitoring A configuration may fail to load when the default network route name is an IP address 50114795 Alert Only T Configure F5 Log Lines Monitoring A virtual server IP address may fail to bind to TMM 50114747 Alert Only v Configure 7 Network Device Monitoring A virtual server associated with a web acceleration profile or request logging profile may cause TMM to leak memory 50114591 Alert Only v _ Configure Cisco ASA Devices Monitoring A virtual server using a web acceleration profile may cause TMM to leak memory Sol14239 Alert Only v Configure Cisco IOS Devices Monitoring A virtual server with a multi pool iRule may be erroneously marked offline Sol15410 Alert Only Y Configure Security Device Monitoring AAA Authentication Authorization Accounting should be Enabled Alert Only v Configure ARP Issues Identification Alert Only v V Check Point Devices Monitoring Check Point Advanced Routing Check Point Cluster Monitoring V Check Point Firewall Monitoring Check Point VSX Monitoring Check Point IPS Blade or Smart ARP Neighbor Overflow Identification SA 25890 Active connections may experience a long delay following failover 50114203 Adaptive connection reaping monitoring Adding a self IP address to a VLAN that is a member of a non default route domain may fail Sol14331 An iRule may erroneously pass syntax validation Sol15363 Al
116. pache Software Foundation Commons Launcher Copyright 2007 The Apache Software Foundation Commons Logging Copyright 2007 The Apache Software Foundation Commons Modeler Copyright 2007 The Apache Software Foundation Ant Copyright 2007 The Apache Software Foundation JavaDB Copyright 2007 The Apache Software Foundation Fastinfoset Copyright 2007 The Apache Software Foundation JXTA Copyright 2007 The Apache Software Foundation Commons Lang Copyright 2007 The Apache Software Foundation GWT Mosaic Copyright 2010 AppFuse Copyright 2003 2010 AppFuse Team Members Licensed under the Apache License Version 2 0 the License you may not use this file except in compliance with the License You may obtain a copy of the License at http www apache org licenses LICENSE 2 0 Unless required by applicable law or agreed to in writing software distributed under the License is distributed on an AS IS BASIS WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND either express or implied See the License for the specific language governing permissions and limitations under the License Google Web Toolkit GIN Juice Copyright 2010 Google Licensed under the Apache License Version 2 0 the License you may not use this file except in compliance with the License You may obtain a copy of the License at http www apache org licenses LICENSE 2 0 Unless required by applicable law or agreed to in writing software distributed under the License is distributed on an AS IS BASIS
117. port removed Monthly Configuration Check Affects 0 object s 24 12 2014 16 14 AU 100354 Configuration Change admin Report created Affects 0 object s 24 12 2014 16 13 AU100353 Configuration Change admin Report removed Monthly Procurement Affects 0 object s 24 12 2014 16 10 AU100352 Configuration Change admin Report created Affects 0 object s 24 12 2014 16 10 AU100351 Configuration Change admin Report removed Daily Report Affects 0 object s 24 12 2014 16 09 AU100350 Configuration Change admin Report created Affects 0 object s 24 12 2014 16 09 AU100349 Configuration Change admin Report removed Cisco Affects 0 object s 24 12 2014 16 08 AU 100348 Configuration Change admin Report created Affects 0 object s 24 12 2014 16 08 AU100347 Configuration Change admin Scheduled backup created Affects 0 object s 24 12 2014 16 08 AU 100346 Configuration Change admin Report removed F5 Affects 0 object s 24 12 2014 16 05 AU100345 Configuration Change admin Report created Affects 0 object s 24 12 2014 16 05 AU100344 Configuration Change admin Report removed Check Point Affects 0 object s 24 12 2014 16 04 AU100343 Configuration Change admin Scheduled backup created Affects 0 object s 24 12 2014 16 03 AU100342 Login Successful admin User login successful Affects 0 object s 24 12 2014 15 54 AU100341 Login Successful admin User login successful Affects 0 object s 23 12 2014 11 58 AU100340 Login Successful admin User login successful Affects 0 object
118. ports adding multiple devices at once If two or more devices are to be added at once add E i Device Name IP Group All Objects additional device lines as needed by clicking the P Aspe button in the dialog box Delete unneeded blank boxes by clicking on the annann sym bo l e SSH Advanced Monitoring SSH Username aye Privileged Mode Password p SSH Password Unix root Password Supply the device name and IP address for each oo device to be added For example hee IA Device Name Cluster_Member1 IP 10 3 1 88 sce pram You can choose from three options Add New Device Add Known Add New Device Device and Upload List of Devices Users should add all devices that are not known first and then known devices see next section to build a complete list before setting credentials Add Known Device When indeni is first installed it will ask whether the user wishes to operate in compliant or non compliant mode If non compliant is chosen devices can be deleted at will Any or all devices may be removed from analysis if the user so desires and thus will not show up on the overview screen See Disable Monitoring When adding devices indeni allows users to choose from a list of devices known to indeni based on indeni s analysis of management servers databases where applicable Known devices are those which meet the following conditions They appear in the dat
119. ps of devices to specific users from this sub tab On this sub tab indeni displays the current state of user licenses whether valid or expired Users can also use this sub tab to upload new licenses or download license details This functionality backs up the indeni system The Audit Log sub tab provides a list of changes and activities that have occurred on the indeni application om O indeni INDENI USER GUIDE 21 To begin using indeni users must first add at least one device for the system to analyze By default at installation the system has one user with a default login and password indeni assigns administrator privileges by default to all users logged into the system To add new users set passwords assign email contact information and modify permissions for each person to be allowed access to the system select the Settings tab and then the sub tab Users 1 Click the Add User button under Defined Users on the left side of the screen 2 In the dialog box type a user name and select OK indeni displays the Selected User s Details screen with additional fields as shown indeni does not allow renaming the individual user If a mistake was made when entering the username the administrator must use the Delete User button at the top of the screen to delete the user Re add the user with the correct name Usernames are case sensitive 3 Set the user s password indeni requires the use of strong passwords Pas
120. r specified devices and directories set up and edit configuration checks conduct searches of analyzed devices and track changes made to devices configuration journal Operate Help DO 5 indeni Configuration Checks Backup Configuration Journal Configuration Check Reports Defined Profiles D Profile Configuration Add Profile NTP Please choose a device profile to the left to edit its details Configuration Checks Use this feature to define a profile that states what the baseline settings configurations should be for a device or a group of devices and then which devices should have that profile applied For instance users can set up a company wide base profile designating the severity level for generating alerts or create a profile for a specific type of device e g Cisco Routers Backup indeni automatically collects backups for the chosen devices and backs up the device s configuration in a separate file with a time stamp The backup includes the files and data recommended by the vendor and system users for backing up a specific device Configuration Journal This feature aggregates and tracks all changes made by any user to any device and time stamps them by the most recent change for a convenient at a glance listing Configuration Check Reports This sub tab allows for the scheduling of a report that displays a summary of all the devices groups that have not maintained compliance with the configuration checks that
121. r when attempting to communicate with a device Authentication failed check SSH credentials Notes and History Oct 20 12 19 19 2013 UTC Alert created d note gt CMA s Firewalls System H 4 4 10f1 gt Oct 20 2013 12 20 54 PM 4 0 3 build env BUILD_NUMBER 20131007 768e493 b Authentication failed Please update the SSH credentials as follows i il Find the device ID in the list on the left panel of the Monitoring Current Alerts screen Click on the orange circle beside the device to change its settings From the pop up select Device Configuration Monitoring Parameters Device Configuration Monitoring Parameters Filter Current Alerts Actual Configuration Stop or Suspend Monitoring The Edit Device window opens Scroll down the Edit Device screen and update SSH Password or SSH username field Click on Save Edit Device GAIA_R7720 10 3 3 148 Lo Ji days 00 S 01 JS oo S y inden QA the network knowledge c Creating a New Virtual Machine INDENI USER GuiDE 86 APPENDIX D SeTTING UP INDENI ON VMware ESX indeni can run on a number of virtual environments This appendix takes you through the Create New Virtual Machine wizard providing the steps necessary to set up an indeni server on VMware ESX IMPORTANT NOTE When defining the network interfaces of a VM in a VMware environment please choose E1000 as the adapter type
122. rd g Unix root Password Add a user who can enter Privileged Mode level 15 If the user is not set to level 15 you will be required to enter the Privileged Mode Password in the Add Devices dialog Vendor Specific Specific wiol Privileged Mode Password Unix root Password Add a user with the Administrator role or equivalent permissions Make sure all partitions are accessible Add a user with the super_admin profile or equivalent permissions or O indeni INDENI USER GuIDE 24 Juniper ScreenOS 1 Log in to the device to be added using SSH 2 Add anew user to be designated for indeni s use Junos 1 Follow Juniper Networks relevant user guides for adding a user 2 Make sure the user s login class is Super user Palo Alto Add a user with Role Superuser can be read only Name indeni Authentication Profile None Use only client certificate authentication Web __ Use Public Key Authentication SSH Role Dynamic Role Based Superuser read only Password Profile None y inden Se the network knowledge c INDENI USER GuiDE 25 Operate Help oO indeni Monitored Devices Groups Integration Once a user has been designated click on Add Device at one of these locations Users Licenses indeni Backup indeni Insight Audit Log He Selected Object s Details a Operations Management tab Monitored Devices sub tab in the Settings tab indeni sup
123. re includes work that was released under the following license Copyright c 2005 2006 Swiss Federal Institute of Technology ETH Zurich Department of Computer Science http www inf ethz ch Christian Plattner All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met a Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer b Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution c Neither the name of ETH Zurich nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN C
124. reen below Locate the ISO file downloaded from indeni website File Edit View Inventory Administration Plug ins Help EY A Home p gt a Inventory pb p Hosts and Clusters e N gt 48 amp PP k amp E indeni CD DVD Drivel _ gt Connect to ISO image on local disk EE indeni Server EEA Connect to host device Ss Connect to ISO image on a datastore 15 The indeni setup for VMware ESX is complete See Chapter 2 in this user guide for the installation and configuration of indeni Cy inden P the network knowledge ci e INDENI USER GuIDE 93 About indeni Founded in 2009 by a team of network security experts indeni is revolutionizing networking with the world s first future proof network management tool Built on a game changing platform that combines crowd sourced knowledge with device agnostic automated error checking indeni gives enterprises the high resolution visibility to preempt costly downtime and service disruption in their networks while freeing up vital IT resource indeni is entrusted by Global and Fortune 100 companies government agencies and SMBs to keep their networks running smoothly 24 7 365 For more information about indeni visit www indeni com or email us at sales indeni com om Oy inden INDENI USER GuIDE 94 This product includes software developed by The Apache Software Foundation http www apache org Apache Commons Codec Copyright 2002 2009 The Apache Software Foun
125. returns the user to the main screen The gauges for all selected device groups will reappear Note that there is a bread crumbs type navigation bar highlighted which is found above the gauges to facilitate navigation between the group levels Below the gauges is a real time list of alerts flagged by indeni By default the system displays the most critical red first There are two layers for sorting the first alerts are sorted by severity and then within the severity groups they are sorted by date am O ocn Home gt All Objects T Gauges values Health v A Fortigate 40C Fortigate 40C 2 G_UNDER_CMA1 IP 390 1 0 0 1 0 9 0 1 3 6 1 1 0 0 Uptime 99 57 Uptime 99 57 Uptime 99 15 Uptime 99 40 Search G_UNDER_CMAL Q view Resolve Freeze Export Md ID Device Headline Last Update G_UNDER_CMA1 10 Firewall is in a critical state No firewall policy loaded due to Apr 8 2013 02 59 09 AM JF G_UNDER_CMA1 10 License s have expired Apr 8 2013 02 58 59 AM J G_UNDER_CMAt 10 SecurePlatform Pro in use without a license Apr 8 2013 02 53 51 AM G_UNDER_CMA1 10 Firewall vulnerable to Sockstress TCP Denial of Service CVE 2 Apr 8 2013 03 20 37 AM PF G_UNDER_CMA1 10 Device is not using DNS Apr 8 2013 03 19 51 AM Apr 8 2013 02 58 58 AM Glo Gl el al ele 4 lt 4 lt lt lt K 4 i7of11 amp Wi EA F G_UNDER_CMA1 10 Device
126. rily Disabling Analysis The Analysis Tab The Network Health Tab Using Signatures in Alerts Managing the Signatures Configure Alert Archive Chapter 6 Compliance Management Configuration Checks Adding a Profile Using Item Types Hotfix es Installed NTP Servers In Use Users Defined Syslog Servers In Use RADIUS Servers In Use Ensure a Minimal Number of Connections or Sessions are Open DNS Servers In Use Core dumping Enabled Disabled Deleting an Item from the Profile Deleting a Profile Backup Schedules Scheduling Backups the network knowledge c Cy inden INDENI USER GuIDE 5 Adding Additional Backup Schedules Configuration Journal change tracking Configuration Check Reports Chapter 7 Tools search Live Configuration Troubleshooting Chapter 8 Reporting Device Configuration Report Alert Summary Report Procurement Report Inventory Report Chapter 9 Settings Tab Monitored Devices Connectivity Paths Troubleshooting parameters Scheduled Maintenance Window Groups Scheduled Maintenance Windows Integration Adding an SNMP Master Configuring indeni as an SNMP Device in the SNMP Master Adding an SMTP Server Adding a Syslog Server Users Licenses the network knowledge c Cy inden INDENI USER GUIDE 6 indeni Backup indeni Insight Audit Log Chapter 10 Upgrades and Support Upgrades support Appendix A Terminology Appendix B System Security and Safeguards Appendix C Basic Troublesho
127. s to individual masters and choose the security algorithm in use on your system from the dropdown lists provided The user can do any of the following and then Save the changes Assign only a host address IP host name and community that is no SNMPV3 settings Set all fields EXCEPT for community no SNMPv2 settings Set all fields Note Hover over the icon for more details about each parameter om O indeni INDENI USER GuIDE 72 Operate Help O indent Settings ices Groups Integration Users Licenses indeni Backup indeni Insight Audit Log oni Defined Objects O Selected Object s Details Add Device Search A Test SNMP 10 3 3 154 SNMP When finished by default all alerts having an Error or Critical severity will be sent via SNMP traps to this master Users can change what alerts are trapped logged or sent via the Signatures sub tab on the Monitoring tab Use the Send Test SNMP Trap button to test the new configuration When configuring the SNMP Master users should Download the MIB file Accessible at http www indeni com support Configure the SNMP Master to use the MIB to fetch data from indeni as well as receive the SNMP traps indeni currently supports two trap formats indeniNewAlertTrap This is issued when an alert is created The trap contains all of the information pertaining to the alert including its ID in a trap field called indeniAlertEntrylndex The trap fields are
128. stem select Operate Logout lt name gt The Support section of www indeni com is available 24 7 Documentation including updated editions of this user manual is available via pdf download Additional support is also available via Toll free 1 877 778 8991 Online support http www indeni com support Email support indeni com om O indeni INDENI USER GuibE 80 Cluster Member A network device which takes part in a cluster using one of the known clustering protocols VRRP ClusterXL NSRP JSRP HSRP etc Analyzed Device A device the indeni application connects to and analyzes indeni may possibly use its data to assist with the analysis of other devices Check Point Security Gateway Cisco Router Juniper Firewall and F5 LTM are examples of such devices om O indeni INDENI USER GuiDE 81 Database Structure indeni stores its information locally on the hard drive on which it is installed The database contains different types of information with two general classifications highly confidential and confidential The highly confidential information is stored within an encrypted file using two types of encryption employing industry standards and best practices The confidential information is sorted in non encrypted files The database files are not accessible via the web interface and can only be retrieved by logging into the system via SSH and downloading them using standard protocols SCP SFTP etc The SS
129. swords must be at least eight characters long and use both alphabetic and numeric characters Passwords are case sensitive Operate Help Oy indent Compliance Management Tools Defined Use E aaen adman ioc akoma a shoukyd shoukyd mydomain com Bm testgr seman com indent Emai scoi V Pe TISE Roe Read Aertng Information rte Alerting Informat e Alerting Information P Read Device Config Change Information 4 Enter the individual s email settings and the SMTP server 5 Assign permissions appropriate to this user 6 Choose the Groups this user will be allowed to view manage 7 Scroll down to the bottom of the screen and select Save The Defined Users list on the left now displays the new users added to the system a Q ndeni INDENI USER GuIDE 22 Adding Devices to the System To begin using indeni to manage and analyze network devices recognized users must add devices to the system This is a fast and easy process Check Point SecurePlatform 1 Log in to the device to be added using SSH or the console 2 Add anew user to be designated for indeni s use Use the bash shell instead of the default cpshell shell also known as expert mode First run adduser lt username gt Provide a strong password for the new user Run chsh s bin bash lt username gt IPSO 1 Log in to the device to be added using Voyager 2 Add anew user to be designated for
130. t also displays the current state of the device itself using the icons shown here If a device has other alerts it will indicate the number and type using text colors corresponding to the flags blue for Info etc gin Ounden INDENI USER GuIDE 32 Device State Severity O ee e am inte e Of okay By default indeni displays alerts as they occur 1 To quickly sort by severity click the View button above the Device column 2 Click on or off any of the alert categories in the flyout box shown on the next page only one option can be selected at a time and indeni will display only that information For example if you do not wish to see resolved alerts click Unresolved Only indeni will only display alerts the system has not yet resolved or could not automatically resolve Operate Help O indeni Operations Management Alerts Analysis Network Health Knowledge Management Alert Archive Monitored Devices O Current Alerts O View Add Device Search ObjectName IPSO Q X Export ot Q v ID Device Last Update v 1522 IPSO 10 3 3 56 RESOLVED DNS servers eny to resolve www in Dec 25 2014 07 17 23 PM Dd pE creas Point Cluster Gateway v v 1449 gat IPSO 10 3 3 56 Latest HFA not in use Dec 24 2014 04 06 09 PM vw 1446 lo IPSO 10 3 3 56 Management server is u Dec 25 2014 05 56 34 PM pE creas Point Gateway v oa vw 1426 lol IPSO 10 3 3 56 Hosts file is missing the Dec 25 2014 04
131. te Help Operations Management Compliance Management Tools Reporting Settings Alerts Analysis Network Health Knowledge Management Alert Archive Monitored Devices O Current Alerts O View Add Device Search Q x View g Resolve g Freeze Search Q LJ Y 1546 gat R7710 CXL2 10 3 3 158 RESOLVED DNS server resolution test failed U Y 1525 GAIA_R7720 10 3 3 148 RESOLVED DNS servers configured but responding too slowly 296ms t pE cress diua Ol 5 W 1524 gt R7710 CXL2 10 3 3 158 RESOLVED DNS servers configured but responding too slowly 140ms t U Y 1523 P VSX RESOLVED DNS servers configured but responding too slowly D Check Point Gateway v 10 3 3 157 Description DNS is con onfgured on n this device but it is responding to queries more slowly than requir gt p cress Point Standalone Gateway The moseure esponse time for a query for www indeni com is 99 2A millis i ers the threshold for alerting is 50 porto indeni will re check this alert every 1 minute If indeni determines the issue has been resolved it will sented be flagged as such gt roses 10S Router o y ats Possibly Problematic DNS Servers 8 8 8 8 Ignore this gt ace 0 10S Switch o Manual Remediation Steps Review the DNS c CORREN ration ables and other e2 nts of the network to determine the c gt SSesesicip v gt Fortinet FortiOS based Device v note 5 E Y 1522 fed IPSO 10 3 3 56 RESOLVED DNS servers configured
132. ted Objects This column displays the number of objects that have been affected by the action Timestamp This column allows users to display individual items in the Audit Log by date range See Last Update under Columns and Functionality in Chapter 5 for more detail gin Ounden INDENI USER GuiDE 79 Products offered by indeni like networking itself are constantly evolving New capabilities and functionality including indeni s ability to recognize and configure new devices and identify and resolve additional errors are being added on a regular basis When you update your version of indeni by downloading the current release available by contacting support at http www indeni com support you will automatically receive the upgraded functions indeni is constantly adding to the list of devices the product can recognize and manage Upon receipt of notification from indeni that an update is available download the update from indeni com to your workstation 1 Select Operate at the top of the indeni Web Dashboard 2 Select Update System Update System Please select an update package file to use _upd Browse No file selected 3 On the Update System screen use the Browse button to find the downloaded file Use the Upload button to launch the upgrade indeni will update the system files and restart automatically The process takes several minutes A progress bar is provided 5 To log off the sy
133. th 100M full MAC Address 28c0 dad3 618a Network Interface eth0 3 eth0 3 Bandwidth 100M full MAC Address 0010 dbff 8070 Working ARP Entries 10 3 3 1 at 00 50 56 80 07 7B ether on eth0 10 3 3 1 at 00 50 56 80 07 7B ether on eth1 10 3 3 109 at 00 50 56 80 56 F6 ether on eth0 10 3 3 123 at 00 50 56 80 27 DC ether on ethO 10 3 3 130 at 00 1C 7F 22 25 22 ether on eth0 10 3 3 143 at 00 00 5E 00 01 05 ether on eth0 10 3 3 148 at 00 50 56 80 58 03 ether on eth0 10 3 3 154 at 00 50 56 80 25 22 ether on eth0 10 3 3 159 at 00 50 56 80 46 A8 ether on eth0 10 3 3 222 at 00 50 56 80 62 E4 ether on eth0 10 3 3 224 at 00 50 56 80 62 E4 ether on eth0 10 3 3 31 at 00 50 56 80 66 3A ether on eth0 10 3 3 36 at 00 50 56 80 37 42 ether on eth0 git Live Configuration INDENI USER GuiDE 58 Live Configuration allows indeni users to quickly and simply access all the configurations and settings on their analyzed devices Click on the Tools tab Select the Live Configuration sub tab Choose a specific device from the list on the left side of the screen indeni will display in a table format all the configuration details of the particular device once this device has been chosen from the list You can use the search field in the left panel to find specific devices either by IP or by device name Operate Help Operations Management Compliance Management Tools Reporting
134. that port 22 is opened in your firewall Please check the rule base of any firewalls involved in the path between indeni and this device to ensure this port is allowed om O indeni INDENI USER GuiDE 84 2 Failed to communicate Failed to setup SSH connectivity on port 8181 a This is how the alert would appear X View Resolve amp Freeze 109465 a 76_standalone 10 3 3 34 Search ObjectName r76_stand Q Failed to communicate Description Oct 20 2013 01 43 29 PM Oct 20 2013 01 43 29 PM There was an error when attempting to communicate with a device Error during the identification of products installed on device Device at 10 3 3 34 Failed to setup SSH connectivity on port 8181 Please check the rule bases of any firewalls involved in the path between indeni and this device to ensure this port is allowed Consult with the User Guide for more information Notes and History Oct 20 13 43 29 2013 BST Alert created Append note b Make sure that port 8181 is opened in your firewall Please check the rule base of any firewalls involved in the path between indeni and this device to ensure port 8181 TCP is allowed c If there is no option to open this port change the port settings in the Edit Device wizard as follows i Find the device ID in the list on the left panel of the Alerts Current Alerts screen Click on the orange circle beside the device to change its settings
135. tings Log X AskMe v iJ Customized Notes For Alert V Misc iJ High Threshold of ARP Cache Use W 4 13w gt G Ami All devices have the same configuration options per alert however the various alerts have different parameters to be configured for this window Note that indeni allows users to add customized notes here for all alerts These can include additional information which system architects and administrators would like to present as part of indeni s alerting Select OK or Apply to save your changes or Cancel to return to the Configuration screen am dae c je c INDENI USER GuIDE 46 indeni stores all resolved alerts These are placed under Current Alerts until they are acknowledged To review alerts acknowledged in the Alerts sub tab use the Alert Archive sub tab under Operations Management Sort or filter alerts by using the arrow or filter icons in the Last Update column header 1 Click the Filter icon in the column header 2 Click inside each blank field box to display a calendar 3 Choose the date range for the alerts you want to display and then click on Apply To filter within a particular day change the hour settings after the date in both the From and Till fields to display alerts within a specified time range See Last Update under Columns and Functionality in this chapter for more detail Operate Help Operations Management Alerts 1477 1524 1485 1525 1
136. uired comma separated required Remove W 100308 p cpg01 10 3 3 222 Alert Type Alert and SNMP Trap Only w AskMe 23 21 4 56 1 2 3 4 Some DNS servers which should be defined are not TERORS As part of the verification of the device profile Profile 4 indeni checks that the DNS servers configured on the device match the requirement indeni has found that some DNS servers are missing These are listed below indeni will re check this alert every 5 minutes If indeni will determine the issue has been resolved it will automatically be flagged as such Missing Servers 23 21 4 56 Ignore this 123 4 Ignore this Manual Remediation Steps Modify the device s configuration as required by the device profile Core dumping Enabled Disabled When core dump files are created on the device it may hint that certain processes have failed recently If this item type is enabled indeni will validate that core dumping is actually enabled on the analyzed device in the profile Coredumping Enabled Disabled Severity Critical w V Basic Settings rid Automation Policy Item Autoremediate V custom Settings Customized Notes For Alert V Misc ar Should Core Dumping Be Enabled Remove El Wo 100292 gl cpg 10 3 3 223 Alert Type Alert and SNMP Trap Only w AskMe w Back up the media Coredumping setting not as desired Description As part of the verification of the device profile Pro
137. uniperSRX2 10 3 3 173 pa JuniperSSG1 10 3 3 161 Choose Parameters Maximum Five Previous Reports Z Show Alert Flags E E 7 19 44 31 12 2014 CPU Memory Connections on R7710 CXL2 10 3 3 158 v gt pa JuniperSSG2 10 3 3 162 p 10 CXL2 10 3 3 158 p VSX 10 3 3 157 ow The analysis tab allows for easy control of the data that is presented At the top left you can select the timeframe the data should be presented for At the bottom left under Choose Parameters you can choose one or more parameters to display on the graph e At the bottom right you may choose whether or not to show alert flags on the graph These appear as lollypops at the bottom of the graph To export the data use the buttons at the top right of the view am indent INDENI USER GuibDE 40 The Network Health tab presents a dashboard that provides an at a glance view of network health in real time All data is updated continuously The left hand panel of the screen for the Network Health tab displays information related to the entire system being analyzed number of devices number and type of alerts system uptime etc Users can add new devices to analyze directly from this panel using the blue Add Device link shown See Chapter 4 for detailed information on adding devices The top central section of this screen displays a series of gauges which show the general health of an individual device or a group of devices Us
138. vice SSH Private Key Provide a private key to be used if any SSH Private Key Passphrase This field is required only if the private key is encrypted om O indeni INDENI USER GuIDE 67 Max Aggregated Connection Bandwidth in bytes Maximum number of bytes per second that can be sent in each direction to avoid overload Enter the maximum bandwidth value you want the connection to allow SSH Port The port on which the SSH server is running Set a port number Approved Host Key Allows the client to determine if the SSH server being connected to is the correct one Only one host key is approved for use at a time Enter the approved key SSH Connection Reestablishment Timeout The time to wait before attempting to reconnect This value gives administrators time to resolve issues and ensures the device will not be overloaded with reconnection attempts Choose a value days hours minutes seconds Require Ping Response for Alive Checks Forces the device to respond to ICMP ECHO and TCP Port 7 to be considered alive Toggle On or Off Max SSH Session Count The maximum number of SSH alerts allowed for this device The lower the number the longer it will take for a particular issue to be identified and alerted upon Choose a maximum number from the dropdown box During certain processes such as creating backups indeni stores information locally on the device and then fetches it to the indeni server Temporary files are deleted
139. vice to check and or change settings that might be causing the error Cy inden P the network knowledge c INDENI USER GuiDE 37 Advanced This option provides several choices from configuring default parameters to halting alerts on selected devices It allows the user to either stop alerting for a particular error on one device only or to prevent indeni from flagging this error on all analyzed objects Operate Help Cy indent Operations Management Compliance Management Tools Reporting Settings Alerts Analysis Network Health Knowledge Management Alert Archive Current Alerts D Monitored Devices D View Add Device Search Q X View g F Export Acknowledge Selected Alerts ID Device Hea Update i Created Search Q D pE cect Point Cluster Gateway v gt pE cress Point Gateway ew D pe Check Point Standalone Gateway D Ace IOS Router IRTR ya es Y l E W 1564 p GAIA 10 3 3 34 R7710 CXL2 10 3 3 158 RESOLVED DNS server reso Dec 25 2014 11 03 08 PM Ea 1525 GAIA R7720 10 3 3 148 RESOLVED DNS servers configured advanced 01 13 00 PM ea 1524 R7710 CXL2 10 3 3 158 RESOLVED DNS servers con onding 100 siowly 140ms 40 Dec 25 i 01 11 15 PM Stop Alerting for All Devices Baje _ VSX 10 3 3 157 RESOLVED DNS servers con s s tor 01 06 13 PM S s JEA IPSO 10 3 3 56 RESOLVED DNS servers con 01 06
140. vious versions of big3 __ Alert Only M Configure V Cluster Monitoring BIG IP VIPRION blades may be marked down when using Packet Filters 50114215 Alert Only M Configure Check Point Cluster Monitoring Fortinet FortiOS Cluster Monitoring 4 1 240f436 gt M Juniper Junos Cluster Monitoring Juniper ScreenOS Cluster Monit O Sae Cancel indeni will log or flag specific alerts in accordance with user preferences Clicking this button on the far right column opens a window where the user can individually configure alert settings for every currently analyzed device on the network This includes setting a default configuration for this particular alert that will apply to every new object added to the network ARP Issues Identification Some operating systems will report how many any failures of ARP requests they are encountering indeni will alert if a device whose ARP entry was known is now unknown possibly indicating an issue with ARP traffic A Ja A A Check interval 0 days 00 01 00 v Y h A Yy Name Alert Autoremediate Default Settings for new objects Alert Only AskMe v Configure F SRX 02 10 3 3 172 Alert Only AskMe v Configure P ssg 01 10 3 3 161 Alert Only X AskMe v Configure P ssg 02 10 3 3 162 Alert Only v AskMe v Configure S 140f4 P P INDENI USER GuiDE 45 Check Interval Each check that indeni runs has a different interval set by default These may be adjusted in this scre
141. w v Current Date Complete IP 390 10 3 3 141 Vv Current Processes Complete ps auxw v Host Name Complete pa Nokia_Box_IP530 1 10 3 3 143 hostname p Nokia_Box_IP530 2 10 3 3 144 7 Installed Licenses Complete th i i cplic print x J Mount Point Usage Complete df k 45 70 45 70 45 71 93 O O O O lt lt lt lt lt lt lt ma R60SMC 10 3 3 152 Green checkmarks indicate the debug was successful Red icons indicate errors am O ocn To view details of the report INDENI USER GuiDE 60 1 Click the Download Last Generated Report button indeni will compile a zip file of text documents which users can download The report includes text files of the output of all the commands which indeni ran in the debug report File Edit View Tools Help Organize Extract all files j v z Name Type Compressed size Password Size Ratio Date modified E Desktop a A o GI Librari E 20130407 1615 ssg 01 Latest Events Text Document 1KB No 2KB 67 4 7 2013 4 26 PM ibraries D a E 20130407 1615 ssg 01 NSRP Repot Tet Document 1KB No 2KB 54 4 7 2013 4 26 PM Documen d Masi E 20130407 1615 ssg 01 TechnicalS Text Document 17KB No 122KB 87 4 7 2013 4 26 PM usic aie E 20130407 1615 ssg 01 VPNIKE Co Text Document 1KB No 1KB 43 4 7 2013 4 26 PM Pictures f 20130407 1615 ssg 01 VPN List of Text Document 1KB No 1KB 16 4 7 2013 4 26 PM E Videos a H
142. were set for those devices in the system om O indeni INDENI USER GuiDE 18 The Tools tab allows users to Search for information in indeni s internal database explore the device s Live Configuration and export data from devices for further Troubleshooting Operate Help Search Live Configuration Troubleshooting Cy indent Debuggable Objects D Object Debug Panel O Search A BigIP_11 6_A 10 3 3 134 EE BigIP_11 6_B 10 3 3 135 a gt BiglP_11_devA 10 3 1 84 a A l BigIP_11_devB 10 3 1 85 C2960g 192 168 7 10 Cisco_2811 192 168 7 1 RTR EA cisco 2001 192 168 3 2 RTR p Fortinet 10 3 3 203 Gw p GAIA 10 3 3 34 SA p GAIA_R7720 10 3 3 148 IPSO 10 3 3 56 ow Q O Search Live Configuration Troubleshooting Oo O O O O O O O O O 9 Debug Report Generation Please select which items to include in the report below If you are unsure of what to include simply include all of the items Select all vy ARP List arp a r Appliance Sensors State ISOrs 7 CPD Scheduler Config cpd_sched_config print vy CPShared Version cpshared_ver CPU Measurements Over One Minute vmstat 1 60 7 Check Point Operating System Details cpstat os f all 4 Current Date date 4 Current Processes ps auxw 7 Host Name hostname Installed Licenses cplic print x S Mount Point Usage df kP This sub tab allows users to s
143. will automatically be flagged as such Missing Hotfixes HOTFIX_RY1_10 Ignore this Manual Remediation Steps Install the missing hotfixes as required by the device profile NTP Servers In Use The Device Profile will check that the specific NTP servers which are listed are the ones being used by the devices in the profile NTP Servers In Use Severity Error v Alert Type Alert Only v P Basic Settings gt Custom Settings Y Misc t NTP Servers Required comma separated required 192 168 7 1 Remove y indeni Qe the network knowledge c e INDENI USER GuiDE 50 E Y 100360 gm Cisco_2811 Some NTP servers which should be defined are not 192 168 7 1 Description As part of the verification of the device profile Profile 4 indeni checks that the NTP servers configured on the device match the requirement indeni has found that some NTP servers are missing These are listed below indeni will re check this alert every 5 minutes If indeni will determine the issue has been resolved it will automatically be flagged as such Missing Servers 192 168 7 1 Ignore this Manual Remediation Steps Modify the device s configuration as required by the device profile Users Defined If you want to ensure there are no unexpected users defined on your devices this item type will enable that Severity Eror v Alert Type Alert Only X Y Basic Settings e Automation Policy Item Autoremediate AskMe v P Custo
Download Pdf Manuals
Related Search