Trouble Shooting, Logs, Alarms and Triggers Configuration Example

Trouble Shooting, Logs, Alarms and Triggers Configuration Example Lucent Security Products Configuration Example Series

Trouble Shooting, Logs, Alarms and Triggers • This Configuration example will show you many tools that can be used in the ALSMS system for reporting and troubleshooting. • Many of the pre-configured reporting screens built into the ALSMS. • It will also show you how to set up triggers so that administrators and others can be notified when a given situation occurs. • There are many other tools that can be used that are beyond the scope of this example but can be found in others including: • The Command Line from the ALSMS or the Brick • The Log Viewer Application which comes with the ALSMS • Third party sniffer tools like Wireshark from www.Wireshark.org (formerly known as Ethereal) • Hopefully this example will leave you comfortable with setting up Triggers and Alarms as well as Actions for those triggers.

Logs, Alarms and Triggers • The ALSMS can gather just about any information that you can think of from the Bricks that it is managing. • The actual Log information is stored on the drive of the ALSMS machine. For NT installations the default path is users\isms\lmf\log. • The reporting tools found in ALSMS allow you to filter and format the information from the log files into more easily understood output.

Logs, Alarms and Triggers • Within the ALSMS you can use the custom report generator to produce custom reports. These reports are all generated in HTML format and can easily be exported to MS Excel just by right clicking on the report. • Within Excel the data can be displayed in pie chart, bar chart and many other formats. • There are also many third party reporting tools that work well with ALSMS. You may already have some of these reporting tools or may be interested in purchasing them in order to produce more colorful, graphics for reporting.

Logs, Alarms and Triggers • Three third party reporting tools that work well with the ALSMS are: • Webtrends http://www.webtrends.com/ • Sawmill www.sawmill.net • Telemate http://www.verso.com • Any of these packages may be purchased separately.

Logs, Alarms and Triggers • This module is designed to give you a solid overview of the logging capabilities including what to do with the information that is gathered in the form of “Triggering” an action based on an event. • There are pre-defined reports accessed from the menus, you can also customize reports by filtering the log information.

One simple way to view information is to use the Status Overview. Monitor>Status overview This gives a good overview of what is happening in that Brick. Logs, Alarms and TriggersStatus Overview

Logs, Alarms and TriggersBrick Snapshot • Another great source of information is the “Brick Snapshot” • Double Click on your Brick then click Brick Utilities>View Brick Snapshot. • If you open a rule set and click on Policy Utilities you can view a policy snapshot. • Brick Snapshots and rule set snapshots are a great tool when seeking assistance from another person or collaborating with another person. If you send them snapshots you will save both them and you plenty of time.

Logs, Alarms and TriggersBrick Snapshot

Logs, Alarms and TriggersBrick Snapshot • The previous slide shows only the top section of the output from a Brick Snapshot. • It goes on to show a great deal of information with regard to the Brick’s current configuration. • This tool is especially handy when working with others on troubleshooting configurations. Just save the snapshot and email it to them. A picture tells a thousand words.

There are plenty of other handy tools like these to check administrators and ALSMS. Monitor>Administrators Or Monitor>ALSMS/LSCS Logs, Alarms and TriggersAdministrators and ALSMS

Logs, Alarms and TriggersALSMS Service Status report • Another good report that shows primarily utilization information is the ALSMS Service Status Report. • Click Utilities>ALSMS Service Status

Logs, Alarms and TriggersGenerating reports • The report structures within the ALSMS are incredibility diverse. • You can create, run and save all kinds of custom reports from a single screen. • The reports can be customized and saved. • The reports can also be set to show history by dates and times. • So for instance if you want to see a report detailing sessions and their activity over the past hour you would fill out your form as shown on the following slide. • Pay attention to all of the various options that you have along the way, then go ahead and create your own reports.

Logs, Alarms and TriggersGenerating reports • Click on ALSMS/Reports/Sessions Logged. • Right click on Sessions Logged and select New Sessions Logged. • Click on the tabs to see what other information you can look at. • Fill out the form any way you choose to see the information that you need, then click the “Run” button.

Logs, Alarms and TriggersGenerating reports

Logs, Alarms and TriggersGenerating reports • You can run reports on any of the following: • Closed Sessions • Sessions logged • Administrative events • VPN Events • Alarms • Authentication

Logs, Alarms and TriggersGenerating reports • Notice that you can turn the “Is” buttons into “Is not” buttons for even more variables. • Create some reports. • Use as many variables as you can. • Press the “Run” button to view reports. • See if you can export a report to MS Excel.

Logs, Alarms and TriggersActions This next section will discuss triggers for alarms and their associated actions. • A Trigger scans the ALSMS logs for a set of conditions, when the conditions are matched the action associated with the trigger is taken. • When a trigger detects a set of conditions that are user defined, the action that is associated with this trigger is taken. • The next two slides will show you all of the triggers and all of the possible actions that can be taken based on these triggers, as of ALSMS version 9.1 .

Alarm code Brick Error Brick Failover event Brick ICM Alarm Brick interface lost Brick lost* Brick Proactive monitoring Brick SLA round trip delay alarm ALSMS error ALSMS proactive monitoring LAN to LAN tunnel lost* LAN to LAN tunnel up Local Presence map pool QOS Rule Bandwidth exceeded alarm QOS Rule Bandwidth guarantees alarm QOS Rule Bandwidth Throttling alarm QOS Zone Bandwidth Guarantees alarm QOS Zone Bandwidth throttling alarm Real Secure Unauthorized ALSMS login attempt* User authentication Triggers

Logs, Alarms and Triggers Here are the possible Actions: • Direct Page – Page the administrator. • Set up paging in the Configuration Assistant. • Email – Send email to responsible party. • Set up email address in “action” or Administrator account. • SNMP Trap – to any SNMP Manager • Set up SNMP host in “Action Wizard” and configuration assistant. • SYSLOG – Sends UDP packet to Syslog server. • Set up SYSLOG server in “Action Wizard” and configuration assistant.

Logs, Alarms and Triggersand Actions • The following is an example of an action being taken on a configured trigger. • Example: The LAN Admin wants to be emailed when more than 5 failed user logins happen in a five-minute period. • First, we need to create the email action, as that will be the required response when we define the Trigger.

Logs, Alarms and Triggersand Actions • Creating an Action • Expand the Alarms folder and click on the Actions folder. Right click and select New Action • Set Action Name to “EmailAdmin” • In Action Type pull-down select “Email”. • You can select Use default, if Admin’s account includes an email address; otherwise insert the email of choice. • Click File>Save and Close

Logs, Alarms and Triggersand Actions • Creating a Trigger • Open the Triggers folder and select New Trigger • Set Trigger Name to “Intruder alert” • In Trigger Type pull-down select “User Authentication”. • Fill in a Description • Set Threshold Count to 5, Threshold Period to 5 Minutes, Sleep Period to 15 seconds, and click Next. • Click on Group Tab, select System and click “>” • Click on Action Tab, select Email Admin and click “>” • Click File>Save and Close

Logs, Alarms and Triggersand Actions • If you are on email and there were 5 failed login attempts in less than 5 minutes the administrator would receive an email notifying him or her of a possible intruder to the network. • Select Send a Console Message on this screen so that we can test our trigger without email.

Logs, Alarms and Triggersand Actions • Click on the pre-set trigger called “Unauthorized login attempts”. • Modify as you see to the right. Threshold count 2, Threshold Period 5 Minutes. Note, not seconds but minutes. • Save and Close. • Test this by logging out and back in with the wrong password a few times. Or use the ALSMS Remote Navigator to test with.

Logs, Alarms and Triggers • For more detailed information on configuring this feature click Help>On Line Product Manuals>Reports, Alarms and Logs Guide • See the section on Configuring Alarm Triggers. • The Product Manuals can also be found on your ALSMS CD. Lucent Technologies – ProprietaryUse pursuant to company instruction

Trouble Shooting, Logs, Alarms and Triggers Configuration Example

Trouble Shooting, Logs, Alarms and Triggers Configuration Example

Presentation Transcript

Trouble Shooting

Trouble Shooting and Smart boards

Computer Trouble Shooting

Trouble Shooting

Protocol Trouble Shooting

Basic Trouble Shooting

Trouble Shooting and Performance Testing

Electrical Trouble Shooting

Trouble shooting

Trouble Shooting

Trouble - Shooting

Trouble shooting and Managing system

CPE Trouble shooting

Trouble Shooting

Trouble-shooting.

Trouble Shooting

Trouble Shooting

Trouble Shooting

Electrical Trouble shooting

Trouble - Shooting

Trouble-shooting.