Table of Contents

Popup Menu Functions

Machine Popup Menu
Application Popup Menu
Alarm Popup Menu

OpenView Menu Functions

Security>Show

Security>Show>Alarm Submaps
Security>Show>Context
Security>Show>Connection Status
Security>Show>Current Events
Security>Show>Daemons>Attributes
Security>Show>Daemons>Status
Security>Show>Daemons>Version
Security>Show>Database Info
Security>Show>Hostnames
Security>Show>IP Logging
Security>Show>Network Device Info
Security>Show>NSDB
Security>Show>Shun List

Security>Configure
Security>Create

Security>Create>SNMP Trap
Security>Create>Trouble Ticket

Security>Daemons

Security>Daemons>Restart
Security>Daemons>Start
Security>Daemons>Stop

Security>Exclude Alarms
Security>File Transfer
Security>Network Device
Security>Save to File
Security>Shun

Security>Shun>Host
Security>Shun>Network

Security>Unshun

Security>Unshun>Host
Security>Unshun>Network
Security>Unshun>All

Security>Advanced

Security>Advanced>ACL Syslogs>Disable
Security>Advanced>ACL Syslogs>Enable
Security>Advanced>Logging>Show Log Filename
Security>Advanced>Logging>Switch Log File
Security>Advanced>nrConfigure DB>Backup
Security>Advanced>nrConfigure DB>Create
Security>Advanced>nrConfigure DB>Delete
Security>Advanced>nrConfigure DB>Restore
Security>Advanced>Reset Rel DB Status
Security>Advanced>Shunning>Disable
Security>Advanced>Shunning>Enable
Security>Advanced>Statistics>Show
Security>Advanced>Statistics>Reset

Security>About the Director
Security>Help

Operating the Director

This chapter describes the following topics:

• Popup Menu Functions

• OpenView Menu Functions

Popup Menu Functions

This section describes the popup menus available via the right mouse button:

• Machine Popup Menu

• Application Popup Menu

• Alarm Popup Menu

Machine Popup Menu

When you right-click over a Machine icon, you can choose from the following options:

• Show>Alarm Submap(s)---View all alarm submaps for the selected machine. If the selected machine icon is green, then no alarm submap displays.

• Show>Connection Status---View the machine's connection status.

• Show>Daemon Status---View the status of services on the selected machine.

• Show>Daemon Versions---View the versions of services on the selected machine.

• Show>Event List---View the contents of the selected machine's current log file.

• Configure---Launch nrConfigure.

Application Popup Menu

When you right-click over an Application icon, you can choose from the following options:

• Show>Status---Show the status of the selected application.

• Show>Versions---Show the version of the selected application.

• Control>Start---Start the selected application.

• Control>Stop---Stop the selected application.

Alarm Popup Menu

When you right-click over an Alarm icon, you can choose from the following options:

• Show>Context---Show the context information for the selected Alarm. Up to 256 bytes in both incoming and outgoing directions is displayed.

• Show>Hostnames---Resolve the name of the host involved in the selected Alarm.

• Show>NSDB---Access Network Security Database information on the selected Alarm.

• Exclude Alarm---Exclude activity associated with the selected Alarm.

• Shun>Host---Shun the host associated with the selected Alarm.

• Shun>Network---Shun the network involved in the selected Alarm.

• Unshun>Host---Unshun the host associated with the selected Alarm, if the host was previously shunned.

• Unshun>Network---Unshun the network associate with the selected Alarm, if the network was previously shunned.

OpenView Menu Functions

The OpenView functions are listed in their NetRanger menu order:

• Security>Show

• Security>Configure

• Security>Create

• Security>Daemons

• Security>Exclude Alarms

• Security>File Transfer

• Security>Network Device

• Security>Save to File

• Security>Shun

• Security>Unshun

• Security>Advanced

• Security>About the Director

• Security>Help

Security>Show

This section describes the following submenus:

• Security>Show>Alarm Submaps

• Security>Show>Context

• Security>Show>Connection Status

• Security>Show>Current Events

• Security>Show>Daemons>Attributes

• Security>Show>Daemons>Status

• Security>Show>Daemons>Version

• Security>Show>Database Info

• Security>Show>Hostnames

• Security>Show>IP Logging

• Security>Show>Network Device Info

• Security>Show>NSDB

• Security>Show>Shun List

Security>Show>Alarm Submaps

Clicking Show>Alarm Submaps on the Security menu displays all submaps that contain unresolved alarms.

You can view unresolved alarms on specific machines by clicking a Machine icon on the Director interface prior to clicking this menu option. If the selected Machine icon is green, then no alarm submap displays.

Security>Show>Context

Clicking a string match Alarm icon and clicking Show>Context on the Security menu displays context information for that Alarm.

Security>Show>Connection Status

Clicking one or more Machine icons and clicking Show>Connection Status on the Security menu displays the connection status for the selected Machine.

Click Close to return to the Director interface.

Security>Show>Current Events

Clicking an Application or Machine icon and clicking Show>Current Events on the Securty menu displays a list of current events.

The list of current events is parsed from the log files found in the /usr/nr/var directory. The Director searches for all events on the entity selected, even those that fall below the alarm generation threshold. The result is an ASCII-formatted list of events generated by an application or machine.

This process runs continuously (and is therefore similar to the Unix tail -f command), and while it runs, the cursor displays as an hourglass. Click Stop to end the process at any time.

You can enter new IDs and start a new search by clicking Restart.

Click Stop and then Close to return to the Director interface.

Security>Show>Daemons>Attributes

Clicking one or more Machine or Application icons and clicking Show>Daemons>Attributes on the Security menu displays information for each application, in the following format:

User_ID, Group_ID, Process_ID, Parent_Process_ID, Effective_User_ID, Effective_Group_ID, Full_Path_Name
 

Click Close to return to the Director interface.

Security>Show>Daemons>Status

Clicking one or more Machine icons or Application icons and clicking Show>Daemons>Status on the Security menu displays the status of applications running.

Click Close to return to the Director interface.

Security>Show>Daemons>Version

Clicking one or more Machine or Application icons and clicking Show>Daemons>Version on the Security menu displays the versions of applications running.

Click Close to return to the Director interface.

Security>Show>Database Info

Clicking a sapd Application icon and clicking Show>Database Info on the Security menu displays database information.

Click Close to return to the Director interface.

Security>Show>Hostnames

Clicking an Alarm or Alarm Set icon and clicking Show>Hostnames on the Security menu resolves the DNS host name of the IP address associated with the Alarm/Alarm Set.

Security>Show>IP Logging

Clicking one or more Alarm/Alarm Set icons and clicking Show>IP Logging on the Security menu displays IP logging information for the selected icons.

The Director searches for IP logging data on the Director first. If the Director does not find this information, it searches for IP logging data on the Sensors, using the fileXferd service. For fileXferd to succeed, however, it must be loaded on each end of the transmission---in other words, on the Director and Sensors.

Security>Show>Network Device Info

Clicking one or more Machine icons and clicking Show>Network Device Info on the Security menu displays the following information about the network device associated with the selected machine(s):

• Current time

• Status

• Type

• Version

Click Close to return to the Director interface.

Security>Show>NSDB

Clicking an Alarm or Alarm Set and clicking Show>NSDB on the Security menu accesses information about the selected alarm in the Network Security Database.

Security>Show>Shun List

Clicking one or more Sensor icons and clicking Show>Shun List on the Security menu displays a list of all hosts and networks being shunned by that Sensor.

Each line of the shun list has the following format:

IP_Address Minutes
 

where IP_Address is the IP address of the shunned host or network, and Minutes is the amount of time in minutes left before the host or network is removed from the shun list.

Security>Configure

Clicking Configure on the Security menu starts nrConfigure, the Java-based centralized Sensor configuration management tool.

Security>Create

This section describes the following submenus:

• Security>Create>SNMP Trap

• Security>Create>Trouble Ticket

Security>Create>SNMP Trap

Clicking one or more Alarm/Alarm Set icons and clicking Create>SNMP Trap on the Security menu creates an SNMP Trap for the chosen icon(s).

Security>Create>Trouble Ticket

Clicking one or more Alarm/Alarm Set icons and clicking Create>Trouble Ticket on the Security menu generates a Remedy ARS trouble ticket for each selected icon.

Only one ticket is created for a selected Alarm Set, even though the Alarm Set represents multiple Alarm notifications. In addition, the date timestamp within the ticket will be the timestamp of the most recent event in the Alarm Set.

Security>Daemons

This section describes the following submenus:

• Security>Daemons>Restart

• Security>Daemons>Start

• Security>Daemons>Stop

Security>Daemons>Restart

Clicking one or more Machine icons and clicking Daemons>Restart on the Security menu manually restarts all applications on the selected machine.

Click Close to return to the Director interface.

Security>Daemons>Start

Clicking one or more Application icons and clicking Daemons>Start on the Security menu starts those applications, if they were stopped.

Click Close to return to the Director interface.

Security>Daemons>Stop

Clicking one or more Application icons and clicking Daemons>Stop on the Security menu manually stops those applications from running.

Click Close to return to the Director interface.

Security>Exclude Alarms

Clicking an Alarm icon and clicking Exclude Alarms on the Security menu commands a Sensor to stop generating alarms that have that alarm's specific signature ID, sub-signature ID, and source IP address.

Security>File Transfer

Clicking a single Machine icon and clicking File Transfer on the Security menu opens the NetRanger File Transfer Utility window (see Figure 5-1). You can use this window to facilitate file transfer.

You have the following options on this window:

• Option 1---Show a directory listing.

• Option 2---Show a file's properties.

• Option 3---Copy a file.

• Option 4---Delete a file.

• Option 5---Show the status of file copies.

• Option 6---Cancel a file copy in progress.

• Option 7---Clear completed copies from the status list.

• Option 8---Exit the utility.

Figure 5-1: NetRanger File Transfer Utility

Security>Network Device

Clicking a Sensor icon and clicking Network Device on the Security menu opens the NetRanger Network Device Utility window (see Figure 5-2). You can use this window to execute commands on the network device associated with the selected Sensor.

You have the following options on this window:

• Option 1---Adjust the current time on the network device.

• Option 2---Adjust the current time on a BorderGuard network device.

• Option 3---Adjust the current date on a BorderGuard network device.

• Option 4---Execute a command on a network device.

• Option 5---Enable ACL logging if it has been disabled.

• Option 6---Disable ACL logging if it has been enabled.

• Option 8---Enter the IP address of the Sensor's command and control interface.

• Option 9---Exit the utility.

Figure 5-2: Network Device Utility

Security>Save to File

Clicking one or more icons and clicking Save to File on the Security menu saves each selected icon's attributes to a file in the /usr/nr/tmp directory.

Security>Shun

This section describes the following submenus:

• Security>Shun>Host

• Security>Shun>Network

Security>Shun>Host

Clicking an Alarm or Alarm Set icon and clicking Shun>Host on the Security menu opens the Shun Hosts window.You can use this window to shun the host associated with that Alarm/Alarm set.

On the Shun Hosts window, enter the following information:

1. An IP address to shun

2. The amount of time in minutes to shun (the default is 1440 minutes)

You can exit the Shun Hosts window by pressing Enter instead of entering an IP address.

Security>Shun>Network

Clicking an Alarm or Alarm Set icon and clicking Shun>Network on the Security menu opens the Shun Nets window. You can use this window to shun networks.

On the Shun Nets window, enter the following information:

1. The network's IP address (for example, 10.1.1.0)

2. The network's netmask

3. Amount of time to shun

You can exit the Shun Nets window by pressing Enter instead of entering an IP address.

Security>Unshun

This section describes the following submenus:

• Security>Unshun>Host

• Security>Unshun>Network

• Security>Unshun>All

Security>Unshun>Host

Clicking an Alarm or Alarm Set icon and clicking Unshun>Host on the Security menu opens the Unshun Hosts window. You can use this window to unshun hosts that are on the shun list.

On the Unshun Hosts window, select the number of the host you want to unshun, or press 0 to exit the window.

Security>Unshun>Network

Clicking a Sensor icon and clicking Unshun>Network on the Security menu opens the Unshun Nets window. You can use this window to unshun networks that are on the shun list.

On the Unshun Nets window, select the number of the network you want to unshun, or press 0 to exit the window.

Security>Unshun>All

Clicking a Sensor icon and clicking Unshun>All on the Security menu removes all entries from that Sensor's shun list.

The Director displays a confirmation message that all shunned hosts and networks have been removed from the shun list.

Click Close to return to the Director interface.

Security>Advanced

This section describes the following submenus:

• Security>Advanced>ACL Syslogs>Disable

• Security>Advanced>ACL Syslogs>Enable

• Security>Advanced>Logging>Show Log Filename

• Security>Advanced>Logging>Switch Log File

• Security>Advanced>nrConfigure DB>Backup

• Security>Advanced>nrConfigure DB>Create

• Security>Advanced>nrConfigure DB>Delete

• Security>Advanced>nrConfigure DB>Restore

• Security>Advanced>Reset Rel DB Status

• Security>Advanced>Shunning>Disable

• Security>Advanced>Shunning>Enable

• Security>Advanced>Statistics>Show

• Security>Advanced>Statistics>Reset

Security>Advanced>ACL Syslogs>Disable

Clicking a Sensor icon and clicking Advanced>ACL Syslogs>Disable on the Security menu temporarily disables receipt of ACL logging information from the Sensor's associated network device.

Security>Advanced>ACL Syslogs>Enable

Clicking a Sensor icon and clicking Advanced>ACL Syslogs>Enable on the Security menu temporarily enables receipt of ACL logging information from the Sensor's associated network device.

Security>Advanced>Logging>Show Log Filename

Clicking one or more Machine icons and clicking Advanced>Logging>Show Log File on the Security menu displays the name of the current log filename.

Click Close to return to the Director interface.

Security>Advanced>Logging>Switch Log File

Clicking one Machine icon and clicking Advanced>Logging>Switch Log File on the Security menu halts the writing of log data to one log file and starts the writing of log data to the next log file.

Click Close to return to the Director interface.

Security>Advanced>nrConfigure DB>Backup

Clicking Advanced>nrConfigure DB>Backup on the Security menu backs up nrConfigure's configuration data.

Security>Advanced>nrConfigure DB>Create

Security>Advanced>nrConfigure DB>Delete

Clicking Advanced>nrConfigure DB>Delete on the Security menu deletes an existing nrConfigure database.

After clicking this menu function, you can delete an nrConfigure database by typing yes and pressing enter. Entering any other text, or pressing enter by itself, aborts this procedure.

Caution Deleting an nrConfigure database removes all configuration information from the Director platform.

Security>Advanced>nrConfigure DB>Restore

Clicking Advanced>nrConfigure DB>Restore on the Security menu restores a previously deleted nrConfigure database.

After clicking this menu function, a numbered list of all nrConfigure backup files appears in a window. To restore a backup file, you can type the number of the file, or you can press enter and then type in the full path and name of the backup file.

Security>Advanced>Reset Rel DB Status

Clicking a Machine icon and clicking Advanced>Reset Rel DB Status on the Security menu resets the status of the relational database. Use this function in case the relational database displays an ERROR status as a result of a problem.

Click Close to return to the Director interface.

Security>Advanced>Shunning>Disable

Clicking Advanced>Shunning>Disable on the Security menu disables shunning.

Security>Advanced>Shunning>Enable

Clicking Advanced>Shunning>Enable on the Security menu enables shunning.

Security>Advanced>Statistics>Show

Clicking a Sensor icon and clicking Advanced>Statistics>Show on the Security menu displays information on network packets polled by the Sensor, including the number of IP, ICMP, TCP, UDP, bad, and dropped packets.

Security>Advanced>Statistics>Reset

Clicking a Sensor icon and clicking Advanced>Statistics>Reset on the Security menu resets the packet counters and resumes the collection of packet statistics.

Security>About the Director

Clicking About the Director on the Security menu displays copyright and other information about the Director.

Choose Close on the File menu to return to the Director interface.

Security>Help

Clicking Help on the Security menu opens an HTML help file containing information about the Director menu functions and the context-sensitive popup menus.

Posted: Fri Jul 28 08:33:42 PDT 2000
Copyright 1989-2000©Cisco Systems Inc.