|
|
This chapter describes the following topics:
This section describes the popup menus available via the right mouse button:
When you right-click over a Machine icon, you can choose from the following options:
When you right-click over an Application icon, you can choose from the following options:
When you right-click over an Alarm icon, you can choose from the following options:
The OpenView functions are listed in their NetRanger menu order:
This section describes the following submenus:
Clicking Show>Alarm Submaps on the Security menu displays all submaps that contain unresolved alarms.
You can view unresolved alarms on specific machines by clicking a Machine icon on the Director interface prior to clicking this menu option. If the selected Machine icon is green, then no alarm submap displays.
Clicking a string match Alarm icon and clicking Show>Context on the Security menu displays context information for that Alarm.
Clicking one or more Machine icons and clicking Show>Connection Status on the Security menu displays the connection status for the selected Machine.
Click Close to return to the Director interface.
Clicking an Application or Machine icon and clicking Show>Current Events on the Securty menu displays a list of current events.
The list of current events is parsed from the log files found in the /usr/nr/var directory. The Director searches for all events on the entity selected, even those that fall below the alarm generation threshold. The result is an ASCII-formatted list of events generated by an application or machine.
This process runs continuously (and is therefore similar to the Unix tail -f command), and while it runs, the cursor displays as an hourglass. Click Stop to end the process at any time.
You can enter new IDs and start a new search by clicking Restart.
Click Stop and then Close to return to the Director interface.
Clicking one or more Machine or Application icons and clicking Show>Daemons>Attributes on the Security menu displays information for each application, in the following format:
User_ID, Group_ID, Process_ID, Parent_Process_ID, Effective_User_ID, Effective_Group_ID, Full_Path_Name
Click Close to return to the Director interface.
Clicking one or more Machine icons or Application icons and clicking Show>Daemons>Status on the Security menu displays the status of applications running.
Click Close to return to the Director interface.
Clicking one or more Machine or Application icons and clicking Show>Daemons>Version on the Security menu displays the versions of applications running.
Click Close to return to the Director interface.
Clicking a sapd Application icon and clicking Show>Database Info on the Security menu displays database information.
Click Close to return to the Director interface.
Clicking an Alarm or Alarm Set icon and clicking Show>Hostnames on the Security menu resolves the DNS host name of the IP address associated with the Alarm/Alarm Set.
Clicking one or more Alarm/Alarm Set icons and clicking Show>IP Logging on the Security menu displays IP logging information for the selected icons.
The Director searches for IP logging data on the Director first. If the Director does not find this information, it searches for IP logging data on the Sensors, using the fileXferd service. For fileXferd to succeed, however, it must be loaded on each end of the transmission---in other words, on the Director and Sensors.
Clicking one or more Machine icons and clicking Show>Network Device Info on the Security menu displays the following information about the network device associated with the selected machine(s):
Click Close to return to the Director interface.
Clicking an Alarm or Alarm Set and clicking Show>NSDB on the Security menu accesses information about the selected alarm in the Network Security Database.
Clicking one or more Sensor icons and clicking Show>Shun List on the Security menu displays a list of all hosts and networks being shunned by that Sensor.
Each line of the shun list has the following format:
IP_Address Minutes
where IP_Address is the IP address of the shunned host or network, and Minutes is the amount of time in minutes left before the host or network is removed from the shun list.
Clicking Configure on the Security menu starts nrConfigure, the Java-based centralized Sensor configuration management tool.
This section describes the following submenus:
Clicking one or more Alarm/Alarm Set icons and clicking Create>SNMP Trap on the Security menu creates an SNMP Trap for the chosen icon(s).
Clicking one or more Alarm/Alarm Set icons and clicking Create>Trouble Ticket on the Security menu generates a Remedy ARS trouble ticket for each selected icon.
Only one ticket is created for a selected Alarm Set, even though the Alarm Set represents multiple Alarm notifications. In addition, the date timestamp within the ticket will be the timestamp of the most recent event in the Alarm Set.
This section describes the following submenus:
Clicking one or more Machine icons and clicking Daemons>Restart on the Security menu manually restarts all applications on the selected machine.
Click Close to return to the Director interface.
Clicking one or more Application icons and clicking Daemons>Start on the Security menu starts those applications, if they were stopped.
Click Close to return to the Director interface.
Clicking one or more Application icons and clicking Daemons>Stop on the Security menu manually stops those applications from running.
Click Close to return to the Director interface.
Clicking an Alarm icon and clicking Exclude Alarms on the Security menu commands a Sensor to stop generating alarms that have that alarm's specific signature ID, sub-signature ID, and source IP address.
Clicking a single Machine icon and clicking File Transfer on the Security menu opens the NetRanger File Transfer Utility window (see Figure 5-1). You can use this window to facilitate file transfer.
You have the following options on this window:
Clicking a Sensor icon and clicking Network Device on the Security menu opens the NetRanger Network Device Utility window (see Figure 5-2). You can use this window to execute commands on the network device associated with the selected Sensor.
You have the following options on this window:
Clicking one or more icons and clicking Save to File on the Security menu saves each selected icon's attributes to a file in the /usr/nr/tmp directory.
This section describes the following submenus:
Clicking an Alarm or Alarm Set icon and clicking Shun>Host on the Security menu opens the Shun Hosts window.You can use this window to shun the host associated with that Alarm/Alarm set.
On the Shun Hosts window, enter the following information:
1. An IP address to shun
2. The amount of time in minutes to shun (the default is 1440 minutes)
You can exit the Shun Hosts window by pressing Enter instead of entering an IP address.
Clicking an Alarm or Alarm Set icon and clicking Shun>Network on the Security menu opens the Shun Nets window. You can use this window to shun networks.
On the Shun Nets window, enter the following information:
1. The network's IP address (for example, 10.1.1.0)
2. The network's netmask
3. Amount of time to shun
You can exit the Shun Nets window by pressing Enter instead of entering an IP address.
This section describes the following submenus:
Clicking an Alarm or Alarm Set icon and clicking Unshun>Host on the Security menu opens the Unshun Hosts window. You can use this window to unshun hosts that are on the shun list.
On the Unshun Hosts window, select the number of the host you want to unshun, or press 0 to exit the window.
Clicking a Sensor icon and clicking Unshun>Network on the Security menu opens the Unshun Nets window. You can use this window to unshun networks that are on the shun list.
On the Unshun Nets window, select the number of the network you want to unshun, or press 0 to exit the window.
Clicking a Sensor icon and clicking Unshun>All on the Security menu removes all entries from that Sensor's shun list.
The Director displays a confirmation message that all shunned hosts and networks have been removed from the shun list.
Click Close to return to the Director interface.
This section describes the following submenus:
Clicking a Sensor icon and clicking Advanced>ACL Syslogs>Disable on the Security menu temporarily disables receipt of ACL logging information from the Sensor's associated network device.
Clicking a Sensor icon and clicking Advanced>ACL Syslogs>Enable on the Security menu temporarily enables receipt of ACL logging information from the Sensor's associated network device.
Clicking one or more Machine icons and clicking Advanced>Logging>Show Log File on the Security menu displays the name of the current log filename.
Click Close to return to the Director interface.
Clicking one Machine icon and clicking Advanced>Logging>Switch Log File on the Security menu halts the writing of log data to one log file and starts the writing of log data to the next log file.
Click Close to return to the Director interface.
Clicking Advanced>nrConfigure DB>Backup on the Security menu backs up nrConfigure's configuration data.
In the event that nrConfigure data becomes corrupted or is deleted, you can create a database from scratch by clicking Advanced>nrConfigure DB>Create on the Security menu.
This function copies files from remote hosts in your NetRanger organization to the Director platform.
Clicking Advanced>nrConfigure DB>Delete on the Security menu deletes an existing nrConfigure database.
After clicking this menu function, you can delete an nrConfigure database by typing yes and pressing enter. Entering any other text, or pressing enter by itself, aborts this procedure.
 | Caution Deleting an nrConfigure database removes all configuration information from the Director platform. |
Clicking Advanced>nrConfigure DB>Restore on the Security menu restores a previously deleted nrConfigure database.
After clicking this menu function, a numbered list of all nrConfigure backup files appears in a window. To restore a backup file, you can type the number of the file, or you can press enter and then type in the full path and name of the backup file.
Clicking a Machine icon and clicking Advanced>Reset Rel DB Status on the Security menu resets the status of the relational database. Use this function in case the relational database displays an ERROR status as a result of a problem.
Click Close to return to the Director interface.
Clicking Advanced>Shunning>Disable on the Security menu disables shunning.
Clicking Advanced>Shunning>Enable on the Security menu enables shunning.
Clicking a Sensor icon and clicking Advanced>Statistics>Show on the Security menu displays information on network packets polled by the Sensor, including the number of IP, ICMP, TCP, UDP, bad, and dropped packets.
Clicking a Sensor icon and clicking Advanced>Statistics>Reset on the Security menu resets the packet counters and resumes the collection of packet statistics.
Clicking About the Director on the Security menu displays copyright and other information about the Director.
Choose Close on the File menu to return to the Director interface.
Clicking Help on the Security menu opens an HTML help file containing information about the Director menu functions and the context-sensitive popup menus.
|
|