|Administrator Handbook||Table of contents|
The Bulk TCP Poller allows you to monitor network application (TCP ports) availaibility. Network applications are mainly reachable by means of TCP port. From an IP client point of view, an application is available if the application TCP port is available for opening a new session. This Plugin perform this test for you at regular intervals and sends an alarm if a wrong status is detected.
The power of this Plugin allows you to monitor hundreds of Hosts and for each of them hundreds of TCP ports (application) with various alarm severity.
This Plugin could also be useful to check the permissiveness or laxisme of a Firewall and to warns you if an security breach is opened.
This Plugin could also be use to detect Troyan horse viruses on hosts. The detection could run either permanently or on-demand.
Hereunder, the main windows of the Bulk TCP Poller.
The installation of the Bulk TCP Poller Plugin is performed in the directory workspace.
Select one host in your Directory and then from the contextual Menu select Insert Task (Plugin) .
First, we need to know at least the following information:
The TCP ports of a server application can be discovered from the snmp table of the TCP connections.
Select the server in the LoriotPro directory then from the LoriotPro MIB tree, search the object tcpConnTable below:
iso (1). org (3). dod (6). internet (1). mgmt (2). mib-2 (1). tcp (6). tcpConnTable (13)
A double click on the object displays the table.
The application servers are listening on their reserved TCP port.
If the server does not have an agent snmp, use the command netstat directly on the its console discover the listening TCP ports.
We must specify which port we want to monitor. Either we type the Port number (only TCP port number) or choose it in the list.
We should now set the other parameters.
The goal of our Plugin is to generate alarms when status change. To set this we have to set the following fields:
The Alarm number is set to something higher than 10000 and not already assigned. This number will appears in the event manager and allows you to do filtering.
The level helps you to define the importance of the event. Highest level of gravity is 10, lowest level is 0 (red in the event manager).
The “If Port TCP is” field allows you to select the condition that will generate the alarm.
If you test the availability of the application you will set the condition
If you are checking security permisiveness you will want to be notified if aTCP port is reachable. In this case you set the condition to up. If alarm is sent, it will allows you to detect that an intermediate Firewall allows the application to go through or a that a Troyan horse is installed on a remote machine.
Next step is to set the polling interval to which hosts will be polled. In Global parameter, Polling Interval, select a value.
You could also click on the button that opens the WIZARD and select your polling interval from there.
We could now select the hosts to which we want to apply the previous defined parameters
You could add hosts to the list either manually by setting one by one
the host IP address or you could pick them up in the Directory. The second
way is far most faster an support the shift and Ctrl selection in the
Vous pouvez aussi sélectionner les hosts avec l'assistant WIZARD en cliquant sur le bouton .
Une fois les hosts sélectionnés, ils apparaissent dans la liste
Le polling peut être lancer en cliquant sur le bouton Start. Les statuts des ports TCP sont affichés au fur et à mesure des réponseesreçus.
From there, you could change a host or a group of host parameters. Select it/them by double click on the list, the current parameters would appear in the corresponding field, change what you want and apply the changes by clicking the Modify Host(s) From List button.
A template allows you to applied an already define setting, some lines in the threshold list, to a host.
If you have define a setting that send an alarm like in the preceeding
example we could create a template from it.
We first select a line or a group of lines (CTRL button) in the list and click on the Save as template button.
The open dialog box asks you to enter a name for your template. Choose one, the suffixe is btf is automatically appended.
To use the template, select a host and then click on the Import Template button. Choose the template file and select OK. A new line or set of line are added to the list.
The Bulk TCP Poller updates the Value field after each polling. If the value field becomes red it means that the Port is not reachable. (Not that an alarm is sent).
Alarm sent by this Plugin should appears in your event manager:
The above information could also be check remotely if you have started the LoriotPro WEB server (refer to LoriotPro documentation for setting this service).
You could access from a navigator your current TCP table. Click on the Bulk TCP poller task (hammer)