Provides an overview of the asset.
+Shows the effective conditions for this asset.
+This overview shows all conditions configured for this asset.
+A condtion can have three states:
+A detailed view off all collected data per collector.
+The InfraSonar appliance configuration requires you to edit files using SSH access. The appliance includes the main text editors of vi and nano.
Since Nano is easier to use, we outline its essential functions here.
The easiest way to use Nano, is to open the file you want to edit or create directly using Nano, like this:
-nano /etc/infrasonar/data/config/infrasonar.yaml
+sudo nano /etc/infrasonar/data/config/infrasonar.yaml
Note
diff --git a/collectors/probes/appliance/appliance_manual_installation/index.html b/collectors/probes/appliance/appliance_manual_installation/index.html
index 157e8e79..62eae7a4 100644
--- a/collectors/probes/appliance/appliance_manual_installation/index.html
+++ b/collectors/probes/appliance/appliance_manual_installation/index.html
@@ -12,7 +12,7 @@
-
+
@@ -20,7 +20,7 @@
-
+
@@ -4330,6 +4330,61 @@
Avoid duplicate machine ID's
+
+
+
+
+ First login
+
+
+
+
+
+
+ first boot
+
+
+
+
+
+
+
+
+ Cleanup
+
+
+
+
+
+
+ Shutdown
+
+
+
+
+
+
+ Export the appliance:
+
+
+
+
+
+
+ Create a template
+
+
@@ -4610,35 +4665,25 @@
Avoid duplicate machine ID's
echo -n > /etc/machine-id
rm /var/lib/dbus/machine-id
ln -s /etc/machine-id /var/lib/dbus/machine-id
-``
-
-### First login
-
-
-### first boot
-
-
-#### Change hostname
-!/bin/bash
-hostnamectl set-hostname "blue"
+
First login
+first boot
+Change hostname
+#!/bin/bash
+hostnamectl set-hostname "blue"
echo $?
-hostnamectl set-hostname ""
+hostnamectl set-hostname ""
echo $?
-sudo hostnamectl set-hostname "blue"
-sudo sed -i 's/infrasonar/blue/g' /etc/hosts
-
-
-
-https://www.cyberciti.biz/faq/ubuntu-20-04-lts-change-hostname-permanently/
TODOR
-
-```bash
-# Expire the sysadmin password enforcing the user to change the password at logon
-passwd -e sysadmin
-
sudo hostnamectl set-hostname "blue"
+sudo sed -i 's/infrasonar/blue/g' /etc/hosts
+https://www.cyberciti.biz/faq/ubuntu-20-04-lts-change-hostname-permanently/
+sudo hostnamectl set-hostname ubuntu-2004-nixcraft
+
TODOR
+# Expire the sysadmin password enforcing the user to change the password at logon
+passwd -e sysadmin
+
Cleanup
Remove the history
history -c
diff --git a/collectors/probes/appliance/credentials/index.html b/collectors/probes/appliance/credentials/index.html
index af5bfc77..7515392d 100644
--- a/collectors/probes/appliance/credentials/index.html
+++ b/collectors/probes/appliance/credentials/index.html
@@ -16,7 +16,7 @@
-
+
@@ -24,7 +24,7 @@
-
+
diff --git a/collectors/probes/appliance/deploy_infrasonar/index.html b/collectors/probes/appliance/deploy_infrasonar/index.html
index 2237e7c1..c6a5bad5 100644
--- a/collectors/probes/appliance/deploy_infrasonar/index.html
+++ b/collectors/probes/appliance/deploy_infrasonar/index.html
@@ -16,7 +16,7 @@
-
+
@@ -24,7 +24,7 @@
-
+
@@ -4339,7 +4339,7 @@ Prerequisites
Access to a Linux host running docker compose V2.
Easy deployment
-Our installer script deploys InfraSonar into the directory where you executed this script. We suggest you create a new directory for our configration, for example /etc/infrasonar
+Our installer script deploys InfraSonar into the directory where you executed this script. We suggest you create a new directory for our configration, we strongly advise to use: /etc/infrasonar
/bin/bash -c "$(curl -fsSL https://deploy.infrasonar.com)"
When the Docker environment is up and running, you should see the Agentcore appear in the UI in the Agentcores section
diff --git a/collectors/probes/appliance/docker-compose.yml b/collectors/probes/appliance/docker-compose.yml
index 871d79e0..8fa35904 100644
--- a/collectors/probes/appliance/docker-compose.yml
+++ b/collectors/probes/appliance/docker-compose.yml
@@ -65,6 +65,9 @@ services:
esx-probe:
<< : *infrasonar
image: ghcr.io/infrasonar/esx-probe
+ # eventlog-probe:
+ # << : *infrasonar
+ # image: ghcr.io/infrasonar/eventlog-probe
hpilo-probe:
<< : *infrasonar
image: ghcr.io/infrasonar/hpilo-probe
diff --git a/collectors/probes/appliance/docker_compose/index.html b/collectors/probes/appliance/docker_compose/index.html
index b1bf4b3f..ec549bae 100644
--- a/collectors/probes/appliance/docker_compose/index.html
+++ b/collectors/probes/appliance/docker_compose/index.html
@@ -16,7 +16,7 @@
-
+
@@ -24,7 +24,7 @@
-
+
diff --git a/collectors/probes/appliance/index.html b/collectors/probes/appliance/index.html
index 1aed28b3..63acf06e 100644
--- a/collectors/probes/appliance/index.html
+++ b/collectors/probes/appliance/index.html
@@ -16,7 +16,7 @@
-
+
@@ -24,7 +24,7 @@
-
+
diff --git a/collectors/probes/dns/index.html b/collectors/probes/dns/index.html
index bd9660d0..1a567b89 100644
--- a/collectors/probes/dns/index.html
+++ b/collectors/probes/dns/index.html
@@ -16,7 +16,7 @@
-
+
@@ -24,7 +24,7 @@
-
+
diff --git a/collectors/probes/http/index.html b/collectors/probes/http/index.html
index 1969b2d6..15ad6bf4 100644
--- a/collectors/probes/http/index.html
+++ b/collectors/probes/http/index.html
@@ -16,7 +16,7 @@
-
+
@@ -24,7 +24,7 @@
-
+
diff --git a/collectors/probes/index.html b/collectors/probes/index.html
index d9303937..c8ce5cc8 100644
--- a/collectors/probes/index.html
+++ b/collectors/probes/index.html
@@ -16,7 +16,7 @@
-
+
@@ -24,7 +24,7 @@
-
+
diff --git a/collectors/probes/mssql/index.html b/collectors/probes/mssql/index.html
index c036ec29..3a51334d 100644
--- a/collectors/probes/mssql/index.html
+++ b/collectors/probes/mssql/index.html
@@ -16,7 +16,7 @@
-
+
@@ -24,7 +24,7 @@
-
+
diff --git a/collectors/probes/mysql/index.html b/collectors/probes/mysql/index.html
index 6be2562c..c2fef7e0 100644
--- a/collectors/probes/mysql/index.html
+++ b/collectors/probes/mysql/index.html
@@ -16,7 +16,7 @@
-
+
@@ -24,7 +24,7 @@
-
+
diff --git a/collectors/probes/netapp/index.html b/collectors/probes/netapp/index.html
index dfa0e0e7..48430527 100644
--- a/collectors/probes/netapp/index.html
+++ b/collectors/probes/netapp/index.html
@@ -16,7 +16,7 @@
-
+
@@ -24,7 +24,7 @@
-
+
diff --git a/collectors/probes/paloalto/index.html b/collectors/probes/paloalto/index.html
index b59e0b92..fa1ea14b 100644
--- a/collectors/probes/paloalto/index.html
+++ b/collectors/probes/paloalto/index.html
@@ -16,7 +16,7 @@
-
+
@@ -24,7 +24,7 @@
-
+
diff --git a/collectors/probes/ping/index.html b/collectors/probes/ping/index.html
index 88e68914..3af12eb9 100644
--- a/collectors/probes/ping/index.html
+++ b/collectors/probes/ping/index.html
@@ -16,7 +16,7 @@
-
+
@@ -24,7 +24,7 @@
-
+
diff --git a/collectors/probes/santricity/index.html b/collectors/probes/santricity/index.html
index 0933f23b..3289cf5f 100644
--- a/collectors/probes/santricity/index.html
+++ b/collectors/probes/santricity/index.html
@@ -16,7 +16,7 @@
-
+
@@ -24,7 +24,7 @@
-
+
diff --git a/collectors/probes/snmp/apcups/index.html b/collectors/probes/snmp/apcups/index.html
index 64740a1e..5ea074dc 100644
--- a/collectors/probes/snmp/apcups/index.html
+++ b/collectors/probes/snmp/apcups/index.html
@@ -16,7 +16,7 @@
-
+
@@ -24,7 +24,7 @@
-
+
diff --git a/collectors/probes/snmp/eaton/index.html b/collectors/probes/snmp/eaton/index.html
index fd770b32..4bee22b5 100644
--- a/collectors/probes/snmp/eaton/index.html
+++ b/collectors/probes/snmp/eaton/index.html
@@ -16,7 +16,7 @@
-
+
@@ -24,7 +24,7 @@
-
+
diff --git a/collectors/probes/snmp/hpilo/index.html b/collectors/probes/snmp/hpilo/index.html
index d030dae8..20c3e5f6 100644
--- a/collectors/probes/snmp/hpilo/index.html
+++ b/collectors/probes/snmp/hpilo/index.html
@@ -16,7 +16,7 @@
-
+
@@ -24,7 +24,7 @@
-
+
diff --git a/collectors/probes/snmp/hpprocurve/index.html b/collectors/probes/snmp/hpprocurve/index.html
index 5f31d39d..b6fe47af 100644
--- a/collectors/probes/snmp/hpprocurve/index.html
+++ b/collectors/probes/snmp/hpprocurve/index.html
@@ -16,7 +16,7 @@
-
+
@@ -24,7 +24,7 @@
-
+
diff --git a/collectors/probes/snmp/idrac/index.html b/collectors/probes/snmp/idrac/index.html
index ab7228ed..d9f9e0f9 100644
--- a/collectors/probes/snmp/idrac/index.html
+++ b/collectors/probes/snmp/idrac/index.html
@@ -16,7 +16,7 @@
-
+
@@ -24,7 +24,7 @@
-
+
diff --git a/collectors/probes/snmp/index.html b/collectors/probes/snmp/index.html
index 0ffd4d13..2ffc08bd 100644
--- a/collectors/probes/snmp/index.html
+++ b/collectors/probes/snmp/index.html
@@ -16,7 +16,7 @@
-
+
@@ -24,7 +24,7 @@
-
+
diff --git a/collectors/probes/snmp/synology/index.html b/collectors/probes/snmp/synology/index.html
index 97d7194a..4c25909d 100644
--- a/collectors/probes/snmp/synology/index.html
+++ b/collectors/probes/snmp/synology/index.html
@@ -16,7 +16,7 @@
-
+
@@ -24,7 +24,7 @@
-
+
diff --git a/collectors/probes/snmp/unifi/index.html b/collectors/probes/snmp/unifi/index.html
index 8fae1d45..a47cdfe8 100644
--- a/collectors/probes/snmp/unifi/index.html
+++ b/collectors/probes/snmp/unifi/index.html
@@ -16,7 +16,7 @@
-
+
@@ -24,7 +24,7 @@
-
+
diff --git a/collectors/probes/tcp/index.html b/collectors/probes/tcp/index.html
index 92e6a3e9..32e1813f 100644
--- a/collectors/probes/tcp/index.html
+++ b/collectors/probes/tcp/index.html
@@ -16,7 +16,7 @@
-
+
@@ -24,7 +24,7 @@
-
+
diff --git a/collectors/probes/unificontroller/index.html b/collectors/probes/unificontroller/index.html
index 28cd0489..2536b6f2 100644
--- a/collectors/probes/unificontroller/index.html
+++ b/collectors/probes/unificontroller/index.html
@@ -16,7 +16,7 @@
-
+
@@ -24,7 +24,7 @@
-
+
diff --git a/collectors/probes/vmware/esx/index.html b/collectors/probes/vmware/esx/index.html
index 81e1d5d8..e421970f 100644
--- a/collectors/probes/vmware/esx/index.html
+++ b/collectors/probes/vmware/esx/index.html
@@ -16,7 +16,7 @@
-
+
@@ -24,7 +24,7 @@
-
+
diff --git a/collectors/probes/vmware/index.html b/collectors/probes/vmware/index.html
index 054afc6b..34f92428 100644
--- a/collectors/probes/vmware/index.html
+++ b/collectors/probes/vmware/index.html
@@ -16,7 +16,7 @@
-
+
@@ -24,7 +24,7 @@
-
+
diff --git a/collectors/probes/vmware/vcenter/index.html b/collectors/probes/vmware/vcenter/index.html
index 25c74f30..590501a2 100644
--- a/collectors/probes/vmware/vcenter/index.html
+++ b/collectors/probes/vmware/vcenter/index.html
@@ -16,7 +16,7 @@
-
+
@@ -24,7 +24,7 @@
-
+
diff --git a/collectors/probes/vmware/vmwareguest/index.html b/collectors/probes/vmware/vmwareguest/index.html
index 75149317..68598046 100644
--- a/collectors/probes/vmware/vmwareguest/index.html
+++ b/collectors/probes/vmware/vmwareguest/index.html
@@ -16,7 +16,7 @@
-
+
@@ -24,7 +24,7 @@
-
+
diff --git a/collectors/probes/wmi/eventlog/index.html b/collectors/probes/wmi/eventlog/index.html
index d1833fb6..c916b3bd 100644
--- a/collectors/probes/wmi/eventlog/index.html
+++ b/collectors/probes/wmi/eventlog/index.html
@@ -16,7 +16,7 @@
-
+
@@ -24,7 +24,7 @@
-
+
diff --git a/collectors/probes/wmi/hyperv/index.html b/collectors/probes/wmi/hyperv/index.html
index ca4166ef..d5e3d7ff 100644
--- a/collectors/probes/wmi/hyperv/index.html
+++ b/collectors/probes/wmi/hyperv/index.html
@@ -16,7 +16,7 @@
-
+
@@ -24,7 +24,7 @@
-
+
diff --git a/collectors/probes/wmi/hypervguest/index.html b/collectors/probes/wmi/hypervguest/index.html
index f9c54bba..e1147cd0 100644
--- a/collectors/probes/wmi/hypervguest/index.html
+++ b/collectors/probes/wmi/hypervguest/index.html
@@ -16,7 +16,7 @@
-
+
@@ -24,7 +24,7 @@
-
+
diff --git a/collectors/probes/wmi/index.html b/collectors/probes/wmi/index.html
index de44ed80..8b2c3dc8 100644
--- a/collectors/probes/wmi/index.html
+++ b/collectors/probes/wmi/index.html
@@ -16,7 +16,7 @@
-
+
@@ -24,7 +24,7 @@
-
+
diff --git a/collectors/probes/wmi/wmi-troubleshooting/index.html b/collectors/probes/wmi/wmi-troubleshooting/index.html
index 8d1e2587..64e0f84a 100644
--- a/collectors/probes/wmi/wmi-troubleshooting/index.html
+++ b/collectors/probes/wmi/wmi-troubleshooting/index.html
@@ -12,7 +12,7 @@
-
+
@@ -20,7 +20,7 @@
-
+
diff --git a/collectors/services/index.html b/collectors/services/index.html
index 4c81ef47..157a0151 100644
--- a/collectors/services/index.html
+++ b/collectors/services/index.html
@@ -16,7 +16,7 @@
-
+
@@ -24,7 +24,7 @@
-
+
diff --git a/collectors/services/last_seen/index.html b/collectors/services/last_seen/index.html
index ba049b31..4717b96c 100644
--- a/collectors/services/last_seen/index.html
+++ b/collectors/services/last_seen/index.html
@@ -16,7 +16,7 @@
-
+
@@ -24,7 +24,7 @@
-
+
diff --git a/collectors/services/mailroundtrip/index.html b/collectors/services/mailroundtrip/index.html
index c2150557..930ae1fe 100644
--- a/collectors/services/mailroundtrip/index.html
+++ b/collectors/services/mailroundtrip/index.html
@@ -16,7 +16,7 @@
-
+
@@ -24,7 +24,7 @@
-
+
diff --git a/collectors/services/mailroundtrip_google_workspace/index.html b/collectors/services/mailroundtrip_google_workspace/index.html
index 83eb8b40..bcc31427 100644
--- a/collectors/services/mailroundtrip_google_workspace/index.html
+++ b/collectors/services/mailroundtrip_google_workspace/index.html
@@ -12,7 +12,7 @@
-
+
@@ -20,7 +20,7 @@
-
+
diff --git a/collectors/services/mailrountrip_exchange2003/index.html b/collectors/services/mailrountrip_exchange2003/index.html
index 8c69bae7..839f21e4 100644
--- a/collectors/services/mailrountrip_exchange2003/index.html
+++ b/collectors/services/mailrountrip_exchange2003/index.html
@@ -12,7 +12,7 @@
-
+
@@ -20,7 +20,7 @@
-
+
diff --git a/collectors/services/mailrountrip_exchange2010/index.html b/collectors/services/mailrountrip_exchange2010/index.html
index 90f1937e..152f11c3 100644
--- a/collectors/services/mailrountrip_exchange2010/index.html
+++ b/collectors/services/mailrountrip_exchange2010/index.html
@@ -12,7 +12,7 @@
-
+
@@ -20,7 +20,7 @@
-
+
diff --git a/collectors/services/mailrountrip_microsoft365/index.html b/collectors/services/mailrountrip_microsoft365/index.html
index 3bef77d1..a1893bee 100644
--- a/collectors/services/mailrountrip_microsoft365/index.html
+++ b/collectors/services/mailrountrip_microsoft365/index.html
@@ -12,7 +12,7 @@
-
+
@@ -20,7 +20,7 @@
-
+
diff --git a/collectors/services/microsoft_365/index.html b/collectors/services/microsoft_365/index.html
index 14a34640..1992f62e 100644
--- a/collectors/services/microsoft_365/index.html
+++ b/collectors/services/microsoft_365/index.html
@@ -16,7 +16,7 @@
-
+
@@ -24,7 +24,7 @@
-
+
diff --git a/collectors/services/microsoft_azure/index.html b/collectors/services/microsoft_azure/index.html
index 7e56f300..9f8cf54c 100644
--- a/collectors/services/microsoft_azure/index.html
+++ b/collectors/services/microsoft_azure/index.html
@@ -16,7 +16,7 @@
-
+
@@ -24,7 +24,7 @@
-
+
diff --git a/collectors/services/paloalto/index.html b/collectors/services/paloalto/index.html
index 8f52b755..d9c2aab1 100644
--- a/collectors/services/paloalto/index.html
+++ b/collectors/services/paloalto/index.html
@@ -16,7 +16,7 @@
-
+
@@ -24,7 +24,7 @@
-
+
diff --git a/collectors/services/ping/index.html b/collectors/services/ping/index.html
index df17dd87..268aa050 100644
--- a/collectors/services/ping/index.html
+++ b/collectors/services/ping/index.html
@@ -16,7 +16,7 @@
-
+
@@ -24,7 +24,7 @@
-
+
diff --git a/guides/forecasting/index.html b/guides/forecasting/index.html
index 6b9f1ad6..cffd019c 100644
--- a/guides/forecasting/index.html
+++ b/guides/forecasting/index.html
@@ -12,7 +12,7 @@
-
+
@@ -20,7 +20,7 @@
-
+
diff --git a/guides/infrasonar_appliance_windows/index.html b/guides/infrasonar_appliance_windows/index.html
index 22f40ce8..34e85350 100644
--- a/guides/infrasonar_appliance_windows/index.html
+++ b/guides/infrasonar_appliance_windows/index.html
@@ -16,7 +16,7 @@
-
+
@@ -24,7 +24,7 @@
-
+
diff --git a/guides/migration/index.html b/guides/migration/index.html
index 2c7ce628..8ac11638 100644
--- a/guides/migration/index.html
+++ b/guides/migration/index.html
@@ -16,7 +16,7 @@
-
+
@@ -24,7 +24,7 @@
-
+
diff --git a/guides/raspberrypi_dashboard/index.html b/guides/raspberrypi_dashboard/index.html
index 8bf77b6c..2a2f9fe9 100644
--- a/guides/raspberrypi_dashboard/index.html
+++ b/guides/raspberrypi_dashboard/index.html
@@ -16,7 +16,7 @@
-
+
@@ -24,7 +24,7 @@
-
+
diff --git a/guides/remote_support/index.html b/guides/remote_support/index.html
index 86e00373..945b517c 100644
--- a/guides/remote_support/index.html
+++ b/guides/remote_support/index.html
@@ -16,7 +16,7 @@
-
+
@@ -24,7 +24,7 @@
-
+
diff --git a/images/application_edit_asset.png b/images/application_edit_asset.png
new file mode 100644
index 00000000..9c666754
Binary files /dev/null and b/images/application_edit_asset.png differ
diff --git a/images/application_edit_asset_condition.png b/images/application_edit_asset_condition.png
new file mode 100644
index 00000000..49aa0e48
Binary files /dev/null and b/images/application_edit_asset_condition.png differ
diff --git a/index.html b/index.html
index 60594f22..2ece18c1 100644
--- a/index.html
+++ b/index.html
@@ -14,7 +14,7 @@
-
+
@@ -22,7 +22,7 @@
-
+
diff --git a/integrations/connectwise_manage/index.html b/integrations/connectwise_manage/index.html
index b48ebd9c..daa42329 100644
--- a/integrations/connectwise_manage/index.html
+++ b/integrations/connectwise_manage/index.html
@@ -16,7 +16,7 @@
-
+
@@ -24,7 +24,7 @@
-
+
diff --git a/integrations/dutycalls/dutycalls-best-practices/index.html b/integrations/dutycalls/dutycalls-best-practices/index.html
index e88c9cfa..3402ec65 100644
--- a/integrations/dutycalls/dutycalls-best-practices/index.html
+++ b/integrations/dutycalls/dutycalls-best-practices/index.html
@@ -16,7 +16,7 @@
-
+
@@ -24,7 +24,7 @@
-
+
diff --git a/integrations/dutycalls/dutycalls-getting-started/index.html b/integrations/dutycalls/dutycalls-getting-started/index.html
index 9bf49905..e3b9af62 100644
--- a/integrations/dutycalls/dutycalls-getting-started/index.html
+++ b/integrations/dutycalls/dutycalls-getting-started/index.html
@@ -16,7 +16,7 @@
-
+
@@ -24,7 +24,7 @@
-
+
diff --git a/integrations/index.html b/integrations/index.html
index 14b6ae06..ffbcecdd 100644
--- a/integrations/index.html
+++ b/integrations/index.html
@@ -16,7 +16,7 @@
-
+
@@ -24,7 +24,7 @@
-
+
diff --git a/introduction/getting_started/index.html b/introduction/getting_started/index.html
index 6f042f37..9a09a7a1 100644
--- a/introduction/getting_started/index.html
+++ b/introduction/getting_started/index.html
@@ -16,7 +16,7 @@
-
+
@@ -24,7 +24,7 @@
-
+
diff --git a/introduction/platform/index.html b/introduction/platform/index.html
index cd5265f3..86f8a06c 100644
--- a/introduction/platform/index.html
+++ b/introduction/platform/index.html
@@ -16,7 +16,7 @@
-
+
@@ -24,7 +24,7 @@
-
+
diff --git a/introduction/support/index.html b/introduction/support/index.html
index 1b8d607b..91585f5f 100644
--- a/introduction/support/index.html
+++ b/introduction/support/index.html
@@ -16,7 +16,7 @@
-
+
@@ -24,7 +24,7 @@
-
+
diff --git a/introduction/terminology/index.html b/introduction/terminology/index.html
index 42fbb031..fe8f6b3f 100644
--- a/introduction/terminology/index.html
+++ b/introduction/terminology/index.html
@@ -16,7 +16,7 @@
-
+
@@ -24,7 +24,7 @@
-
+
diff --git a/introduction/what_is_Infra_Sonar/index.html b/introduction/what_is_Infra_Sonar/index.html
index a7420642..14ed1e46 100644
--- a/introduction/what_is_Infra_Sonar/index.html
+++ b/introduction/what_is_Infra_Sonar/index.html
@@ -16,7 +16,7 @@
-
+
@@ -24,7 +24,7 @@
-
+
diff --git a/privacy-security/privacy/index.html b/privacy-security/privacy/index.html
index ae9287f5..492e7ee2 100644
--- a/privacy-security/privacy/index.html
+++ b/privacy-security/privacy/index.html
@@ -16,7 +16,7 @@
-
+
@@ -24,7 +24,7 @@
-
+
diff --git a/privacy-security/security_considerations/index.html b/privacy-security/security_considerations/index.html
index f6fe04ed..babda212 100644
--- a/privacy-security/security_considerations/index.html
+++ b/privacy-security/security_considerations/index.html
@@ -16,7 +16,7 @@
-
+
@@ -24,7 +24,7 @@
-
+
diff --git a/search/search_index.json b/search/search_index.json
index 93337998..dd630df7 100644
--- a/search/search_index.json
+++ b/search/search_index.json
@@ -1 +1 @@
-{"config":{"lang":["en"],"separator":"[\\s\\-]+","pipeline":["stopWordFilter"]},"docs":[{"location":"","title":"Welcome to InfraSonar","text":"InfraSonar a powerful infrastructure monitoring platform as a service.
Features
- Agentless data collection where possible, minimizing our footprint in a monitored infrastructure;
- We excel in detailed state and performance monitoring;
- Effortless realtime anomaly detection;
- Crystal clear conditions.
"},{"location":"changelog/","title":"Changelog","text":""},{"location":"changelog/#0212","title":"0.2.12","text":"_ Wednesday 03 Aug 2022 @ 22:00 CET
"},{"location":"changelog/#0211","title":"0.2.11","text":"_ Monday 01 Aug 2022 @ 21:00 CET
- Added Enodo.
- No more Guest probes.
"},{"location":"changelog/#0210","title":"0.2.10","text":"_ Friday 15 Jul 2022 @ 13:00 CET
- Improved DNS probe dialog.
- Removed Lift, SQL SSH, VmwareGuest, WinRm and XenGuest probes.
- Added feedback for failed reports.
- Fixed adding a user with same email address but different auth provider.
- Fixed a few spelling mistakes.
- Added TcpProbe.
- Added WMI Check for files option using the
cimDatafiles class. - Added services-name to the windows services widget.
"},{"location":"changelog/#029","title":"0.2.9","text":"_ Tuesday 17 May 2022 @ 17:00 CET
- Fix saving the order of metrics in a grid.
- Changed caption column to description in application widget.
"},{"location":"changelog/#028","title":"0.2.8","text":"_ Monday 16 May 2022 @ 21:00 CET
- Added
allowRedirects option to the http probe configuration. - Added
docker icon. - Removed
text widget. - Added Azure probe.
- Allow
agents to be added in InfraSonar. - Fix display
probe address. - Fix filter for assigned alerts.
- Fix displaying the correct metrics in a widget.
- Fix application widget by using description field instead of caption.
- Fix closing a legend when moving mouse focus out the widget.
- No longer close a widget edit dialog when clicking outside the editor.
"},{"location":"changelog/#027","title":"0.2.7","text":"_ Tuesday 11 Apr 2022 @ 21:00 CET
- Upgraded packages.
- Fixed broken widget when switching between hosts.
- Enable search on host-name in alerts and closed-alerts page.
- Added pingProbe and removed psProbe.
- Added httpProbe.
- Added nmapProbe (v2.x.x).
- Fixed broken check interval select box.
- Fixed broken boolean probe switch.
- Added probe configuration checks on asset edit.
- Fixed broken filter component for
True values in data table. - Re-direct to the requested link after sign-in.
- Fixed typo in subscriptions.
- Fixed overlay bug on drop-down-arrows in \"edit widget\" dialog.
- Fixed bug with \"Add widget\" button when a asset has no label.
- Changed the no-environment page for new users and added copyright text.
- Changed the link to \"Contact support\".
- Fixed bug with resetting the check interval.
- No longer allow to change dialog tabs while providing a reason for change.
- Remove missing network probe warning message as this is no longer a best practice.
"},{"location":"changelog/#026","title":"0.2.6","text":"_ Thursday 17 Feb 2022 @ 21:00 CET
- Fixed CSV download for InfraSonar Accounts (sysadmin).
- Add \"show more\" when more text-lines are available in logging message.
- Fixed missing email address at the no-environments page.
- Changed menu behavior at probe page (solves highlight last item).
- Added icon for Pure Storage.
- Prevent view changes of probe page on refresh.
"},{"location":"changelog/#025","title":"0.2.5","text":"_ Tuesday 01 Feb 2022 @ 21:30 CET
- Fixed bug with incognito browsing.
"},{"location":"changelog/#024","title":"0.2.4","text":"_ Tuesday 01 Feb 2022 @ 20:00 CET
- Fixed bug in filter host specific closed alerts.
- Changed ordering on first click in a grid.
- Fixed bug in host filter on alerts page (not showing the name of the host).
- Switched to FireBase authentication.
- Added support for Microsoft Azure (work) accounts.
- Switched to NPM 8.x for website building.
"},{"location":"changelog/#023","title":"0.2.3","text":"_ Wednesday 12 Jan 2022 @ 22:00 CET
- Fixed bug with filter selection (not visible) in grid.
- Fixed bug with user container view when having no users.
- Fixed minor widget editor bugs.
- Changed filter and sort icon appearance to make active filter or order visible.
"},{"location":"changelog/#022","title":"0.2.2","text":"_ Friday 24 Dec 2021 @ 20:00 CET
- Fixed column sorting on container view.
- Fixed filter outline with little space to render the filter selection.
- Fixed missing condition options in expression builder.
- Added Last seen column to host overview as alternative to the Active column.
"},{"location":"changelog/#021","title":"0.2.1","text":"_ Wednesday 22 Dec 2021 @ 20:00 CET
- Added environment to Breadcrumbs bar when the name equals the parent container.
- Fixed access check for modifying Views and return with an appropriate message if not.
- Fixed spacing between name and body in an alert message.
- Removed incorrect icon in front of Agent-core in host overview.
"},{"location":"changelog/#020","title":"0.2.0","text":"_ Tuesday 21 Dec 2021 @ 20:00 CET
- Updated UI using the Material design language.
- Added Light/Dark mode.
- Added a dashboard which shows useful information and shortcuts.
- Added the Tasks overview. In this overview, Admins can see all tasks related to the current environment.
- The Closed alerts and the Search closed alerts pages are merged into a single page.
- Added the option to \"star\" Views and Environments as favorite.
- Added a \"Share\" button to Views.
- Added \"click-on-tag\" for \"copy-to-clipboard\".
- Merged the container and environment logging into one page.
- Added a \"Task\" column and a \"Parent\" column to log entries.
- Replaced the counter with tags in the Conditions page.
- Authentication provider is now implied when adding a user to a container.
- Improved feedback when submitting invalid forms.
- Added specific icons to all Hosts.
- Added \"No environments found\" screen, for users without container access.
- Added time selection to the statistics page.
- Added the \"Windows Services\" widget to the Insight page.
"},{"location":"changelog/#01109","title":"0.1.109","text":"_ Tuesday 07 Dec 2021 @ 20:00 CET
"},{"location":"changelog/#01108","title":"0.1.108","text":"_ Monday 29 Nov 2021 @ 20:00 CET
- Enable
changed option for boolean and timestamp type. - Removed CRM from InfraSonar.
"},{"location":"changelog/#01107","title":"0.1.107","text":"_ Saturday 13 Nov 2021 @ 14:00 CET
"},{"location":"changelog/#01106","title":"0.1.106","text":"_ Friday 12 Nov 2021 @ 20:00 CET
- Collapsible raster on double mouse click.
- Added audit logging to re-discover changes on a host.
- Fixed bug with selecting a time range within a modal.
- Fixed socket message on re-connect.
- Added search in my alerts view.
- Prevent inserting invalid metric info.
"},{"location":"changelog/#01105","title":"0.1.105","text":"_ Tuesday 12 Oct 2021 @ 20:00 CET
- Log tasks using the user who initiated the task.
- Return the taskId when creating a task using the API.
- Send an email to the user when a schedules task has failed.
"},{"location":"changelog/#01104","title":"0.1.104","text":"_ Monday 13 Sep 2021 @ 20:00 CET
- Added Id column to environment overview page.
- Added /api/environments API call.
- Added support for custom time zone per environment.
- Fixed bug with assigned alerts for users without key string.
"},{"location":"changelog/#01103","title":"0.1.103","text":"_ Tuesday 27 Jul 2021 @ 11:00 CET
- Loosely name validation for check and type in data query API call.
"},{"location":"changelog/#01102","title":"0.1.102","text":"_ Wednesday 21 Jul 2021 @ 22:00 CET
- Added
environment and lastSeen columns to api/hosts API call. - Added
api/labels API call to query for labels in an environment. - Fixed bug in widget editor when no hosts are configured.
- Fixed minor widget bugs (no panel data, handle escape key correctly).
"},{"location":"changelog/#01101","title":"0.1.101","text":"_ Thursday 15 Jul 2021 @ 20:00 CET
- Added check for valid labels in API call
api/host/label/add. - Added filter for empty hosts in view.
- Added filter item option in widgets.
- Added the option to exclude host with specified labels from a view.
- Auto convert
int to float for the insert API call. - Fixed bug in auto refresh on a view.
- Fixed bug in validate API metric names.
- Fixed bug when moving a root widget on a host overview page.
- Fixed minor bug in side menu on probe pages.
- Required metrics no longer accept a
null value.
"},{"location":"changelog/#01100","title":"0.1.100","text":"_ Tuesday 22 Jun 2021 @ 20:00 CET
- Added link to new InfraSonar documentation.
- Added query data API call and added
/api/data to replace api/data/insert. - Added support for
withLabel and withProbe keys to hosts query API. - Replaced
accept/reject lists with item (not) in list. - Check for int64 when using the API to insert data.
- Improved error messages when using incorrect API calls.
- Fixed double boolean naming when choosing a display function.
"},{"location":"changelog/#0199","title":"0.1.99","text":"_ Tuesday 18 Apr 2021 @ 9:00 CET
"},{"location":"changelog/#0198","title":"0.1.98","text":"_ Monday 17 May 2021 @ 20:00 CET
- Added tool for generating encryption keys.
- Fix ConnectWise member API call.
- Fix My-Alert view (too many alerts).
- Fix time range selection on aggregation grid.
- Sort series on environment in time-series chart.
- Update: ThingsDB client (fix re-connect Emitter bug).
- Update: Python packages.
- Update: Npm packages.
"},{"location":"changelog/#0197","title":"0.1.97","text":"_ Tuesday 20 Apr 2021 @ 12:00 CET
"},{"location":"changelog/#0196","title":"0.1.96","text":"_ Monday 19 Apr 2021 @ 19:45 CET
"},{"location":"changelog/#0195","title":"0.1.95","text":"_ Monday 19 Apr 2021 @ 19:00 CET
- Improved item-list in expression editor.
- Fixed number of rows in grid after using a filter (search).
- Update browser title when opening a view.
- Fixed CTRL-F when viewing a data-table with search disabled.
- Added column suppressed label count on conditions page.
- Fixed bug with auto-refresh.
- Update: Python packages.
- Update: Npm packages.
"},{"location":"changelog/#0194","title":"0.1.94","text":"_ Wednesday 7 Apr 2021 @ 15:30 CET
- Fixed ConnectWise manage bug, maximum summary length.
"},{"location":"changelog/#0193","title":"0.1.93","text":"_ Tuesday 6 Apr 2021 @ 20:00 CET
- Added API route for posting InfraSonar (host) data.
- Added API routes for controlling metadata.
- Added derived metric option.
"},{"location":"changelog/#0192","title":"0.1.92","text":"_ Monday 15 Mar 2021 @ 20:00 CET
- Fixed check for valid hostUuids in API handler.
- Select current user as default owner for an alert.
"},{"location":"changelog/#0191","title":"0.1.91","text":"_ Wednesday 24 Feb 2021 @ 20:00 CET
- Allow ticket in CWM without owner.
- Update API documentation.
"},{"location":"changelog/#0190","title":"0.1.90","text":"_ Tuesday 23 Feb 2021 @ 20:00 CET
- Added ConnectWise Manage support.
- Added environment widget for installed software on Windows.
- Added option to select a time range for the aggregation grid widget.
- Fixed bug in top menu after window resize.
"},{"location":"changelog/#0189","title":"0.1.89","text":"_ Thursday 14 Jan 2021 @ 20:00 CET
- Added channels column on labels overview page.
- Added item (not) in list expression to replace black/white list.
- Added option to accept or reject specific conditions for DutyCalls.
- Added option to show/hide self signed certificates.
- Added option to sort on environemt in a gid widget.
- Added search box to certificate widget.
- Auto-complete default probe address unless changed by the user.
- Changed export to CSV for time and age values.
- Prevent saving conditions with empty expressions.
"},{"location":"api/authentication/","title":"Authentication","text":""},{"location":"api/authentication/#authentication","title":"Authentication","text":"The authentication scheme that the InfraSonar API makes use of is \"Bearer authentication\".
"},{"location":"api/authentication/#bearer-authentication","title":"Bearer Authentication","text":"Bearer authentication (also called token authentication) is an HTTP authentication scheme that involves security tokens called bearer tokens. The name \u201cBearer authentication\u201d can be understood as \u201cgive access to the bearer of this token.\u201d The client must send this token in the Authorization header when making requests to the InfraSonar API:
Authorization: Bearer <token>\n
"},{"location":"api/authentication/#creating-a-token","title":"Creating a token","text":"Infrasonar supports two types of tokens:
User tokens User tokens are bound to an user and can be used to automated actions as the user issuing the token.
Warning
This token has the same privileges as the user!
User can be valuable for scripts or integrations that require access to multiple containers.
Container tokens Container tokens can be used to give granular access to a specific container.
"},{"location":"api/authentication/#user-tokens","title":"User tokens","text":"Follow these steps below to create and add a token to your user account.
- Open the \"My access\" dialog by clicking on the My access button in the account menu.
- Navigate to the tokens tab and click on the + button.
- Enter a useful description and click on the Create button to add the token to your account.
"},{"location":"api/authentication/#container-tokens","title":"Container tokens","text":"Tip
We strongly suggest setting up separate tokens when possible.
Container tokens are also required for agentcore and agent authentication.
- Navigate to the container you want to create a token for.
- Click the tokens icon in the left hand menu.
- Click the Add token button.
- Give the token a identifiable name and provide just enough accessobserve we added some shorcuts to create access tokens for agentcores and probes
- Click Save, enter a reason and click confirm
- Reopen the just created token and copy the ID.
Rules
- User who have the de
container Access flag set can create container tokens. - A user can not grant more access permissions to a token then he or she already has.
"},{"location":"api/ids/","title":"ID's","text":""},{"location":"api/ids/#ids","title":"ID's","text":"InfraSonar uses ID's to identify:
- Assets
- Conditions
- Containers
- Labels
"},{"location":"api/ids/#figuring-out-ids","title":"Figuring out ID's","text":""},{"location":"api/ids/#asset-id","title":"Asset ID","text":" - Navigate to the container to which the asset belongs.
- Open the asset overview page.
- Use the column picker in the top right corner and ensure ID is selected.
- The asset ID is now visible in the most left hand column.
Query asset ID using our API
Asset ID's can be retrieved using our API
"},{"location":"api/ids/#condition-id","title":"Condition ID","text":" - Navigate to the container to which the condition belongs.
- Open the condtions overview page.
- Use the column picker in the top right corner and ensure ID is selected.
- The condition ID is now visible in the most left hand column.
"},{"location":"api/ids/#container-id","title":"Container ID","text":" - Open the containers view.
- Use the column picker in the top right corner and ensure ID is selected.
- The container ID is now visible in the most left hand column.
Query container ID using our API
Container ID's can be retrieved using our API
"},{"location":"api/ids/#label-id","title":"Label ID","text":" - Navigate to the container to which the label belongs.
- Open the label overview page.
- Use the column picker in the top right corner and ensure ID is selected.
- The label ID is now visible in the most left hand column.
"},{"location":"api/overview/","title":"Overview","text":"The InfraSonar API is used for accessing and manipulating data within InfraSonar.
InfraSonar agents use the API to bring data into the platform while automation solutions such as Ansible and Salt can be used to query data but also change modes to avoid getting notified while automation tasks are performing maintenance.
The API is also used by InfraSonar ready to run integrations
"},{"location":"api/alert/assign/","title":"Assign alert","text":"PUT/alert/<alertKs>/assign
"},{"location":"api/alert/assign/#description","title":"Description","text":"Assign an open alert to a user. The user (userId) must be marked as a member of the container. Success (204) is also returned when the alert does not exist.
"},{"location":"api/alert/assign/#path-parameters","title":"Path parameters","text":"Param Description alertKs Alert key string (ks)."},{"location":"api/alert/assign/#body","title":"Body","text":"Param Type Required Description userId int Yes User Id of a user message string No Optional message (max 240 characters, default empty)."},{"location":"api/alert/assign/#return-codes","title":"Return codes","text":"Error code Reason 204 Success. 400 Invalid body or alert key string. 401 Invalid or missing token. 403 Insufficient permissions (required: API+ALERT_ASSIGN). 404 User (userId) not found or the user is not a member."},{"location":"api/alert/assign/#example","title":"Example","text":"Curl request:
curl \\\n -X PUT 'https://api.infrasonar.com/alert/xxx/assign' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' \\\n -H 'Content-Type: application/json' \\\n --data-raw '{\n \"userId\": 123\n}'\n
"},{"location":"api/alert/close/","title":"Close alert","text":"PUT/alert/<alertKs>/close
"},{"location":"api/alert/close/#description","title":"Description","text":"Close an alert. An optional message can be provided. Success (204) is also returned when the alert is already closed .
"},{"location":"api/alert/close/#path-parameters","title":"Path parameters","text":"Param Description alertKs Alert key string (ks)."},{"location":"api/alert/close/#body","title":"Body","text":"Param Type Required Description message string No Optional message (max 240 characters, default empty)."},{"location":"api/alert/close/#return-codes","title":"Return codes","text":"Error code Reason 204 Success. 400 Invalid body or alert key string. 401 Invalid or missing token. 403 Insufficient permissions (required: API+ALERT_CHANGE)."},{"location":"api/alert/close/#example","title":"Example","text":"Curl request:
curl \\\n -X PUT 'https://api.infrasonar.com/alert/xxx/close' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' \\\n -H 'Content-Type: application/json' \\\n --data-raw '{\n \"message\": \"Closed using the API\"\n}'\n
"},{"location":"api/alert/message/","title":"Add message to alert","text":"PUT/alert/<alertKs>/message
"},{"location":"api/alert/message/#description","title":"Description","text":"Add a message to an open alert. Success (204) is also returned when the alert does not exist.
"},{"location":"api/alert/message/#path-parameters","title":"Path parameters","text":"Param Description alertKs Alert key string (ks)."},{"location":"api/alert/message/#body","title":"Body","text":"Param Type Required Description message string Yes Message to add (max 240 characters, default empty)."},{"location":"api/alert/message/#return-codes","title":"Return codes","text":"Error code Reason 204 Success. 400 Invalid body or alert key string. 401 Invalid or missing token. 403 Insufficient permissions (required: API+ALERT_CHANGE)."},{"location":"api/alert/message/#example","title":"Example","text":"Curl request:
curl \\\n -X PUT 'https://api.infrasonar.com/alert/xxx/message' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' \\\n -H 'Content-Type: application/json' \\\n --data-raw '{\n \"message\": \"This is an example message.\"\n}'\n
"},{"location":"api/alert/query/","title":"Query alert","text":"GET/alert/<alertKs>?fields=...&actions=...
"},{"location":"api/alert/query/#description","title":"Description","text":"Query alert details. This API call will work for both an open and closed alert.
"},{"location":"api/alert/query/#path-parameters","title":"Path parameters","text":"Param Description alertKs Alert key string (ks)."},{"location":"api/alert/query/#query-parameters","title":"Query parameters","text":"Param Default Description fields all fields Fields to return (see fields below for all available fields). actions none Action fields. If at least one field is given, the result will include \"actions\" with an array of action objects (see Actions below for all available action fields)."},{"location":"api/alert/query/#fields","title":"Fields","text":"Field Return type Description ks string Key string of the alert. message string Initial message when the alert was opened. severity integer Initial severity when the alert was opened (value between 0=highest and 7=lowest severity). timestamp integer Unix timestamp in seconds when the alert was opened. lastMessage string Message of the last hit (equal to \"message\" with only a single hit). lastSeverity integer Severity of the last hit (equal to \"severity\" with only a single hit). lastTimestamp integer Unix timestamp in seconds of the last hit (equal to \"timestamp\" with only a single hit). ownerId integer/null User Id of the owner or null when the alert is not assigned to an owner. closedTimestamp integer/null Unix timestamp in seconds when the alert was closed or null if not closed."},{"location":"api/alert/query/#actions","title":"Actions","text":"Action field Return type Description kind string One of: Assign, Comment, IntegrationCall, Close, AutoClose, IndirectClose timestamp integer Unix timestamp in seconds. data object/null Additional data object."},{"location":"api/alert/query/#return-codes","title":"Return codes","text":"Error code Reason 200 Success. 400 Unknown field or action or invalid alert key string. 401 Invalid or missing token. 403 Insufficient permissions (required: API+READ). 404 Alert not found."},{"location":"api/alert/query/#example","title":"Example","text":"Curl request:
curl \\\n -X GET 'https://api.infrasonar.com/alert/xxx?actions=kind,timestamp,data' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'\n
Response:
{\n \"ks\": \"<a-unique-key-string>\",\n \"message\": \"Initial message of the alert\",\n \"severity\": 3,\n \"timestamp\": 1667511262,\n \"lastMessage\": \"Last message of the alert\",\n \"lastSeverity\": 3,\n \"listTimestamp\": 1667511523,\n \"ownerId\": 123,\n \"closedTimestamp\": null,\n \"actions\": [\n {\n \"kind\": \"Assign\",\n \"timestamp\": 1667511469,\n \"data\": {\n \"userId\": 123,\n \"ownerId\": 123,\n \"message\": \"Alert assigned to me!\"\n }\n }\n ]\n}\n
"},{"location":"api/asset/add-label/","title":"Add label to asset","text":"PUT /asset/<assetId>/label/<labelId>
"},{"location":"api/asset/add-label/#description","title":"Description","text":"Add a label to an asset. Success (204) is also returned when the label was already assigned to the asset.
Note: method POST is obsolete but still supported.
"},{"location":"api/asset/add-label/#path-parameters","title":"Path parameters","text":"Param Description assetId Asset Id. labelId Label Id."},{"location":"api/asset/add-label/#query-parameters","title":"Query parameters","text":"none
"},{"location":"api/asset/add-label/#body","title":"Body","text":"none
"},{"location":"api/asset/add-label/#return-codes","title":"Return codes","text":"Error code Reason 204 Success. 401 Invalid or missing token. 403 Insufficient permissions (required: API+ASSET_MANAGEMENT). 404 Asset or label not found."},{"location":"api/asset/add-label/#example","title":"Example","text":"Curl request:
curl \\\n -X PUT 'https://api.infrasonar.com/asset/123/label/123' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'\n
"},{"location":"api/asset/disable-check/","title":"Disable check on asset","text":"DELETE /asset/<assetId>/collector/<collectorKey>/check/<checkKey>
"},{"location":"api/asset/disable-check/#description","title":"Description","text":"Disable a check on an asset. Success (204) is also returned when the check was already disabled on the asset.
"},{"location":"api/asset/disable-check/#path-parameters","title":"Path parameters","text":"Param Description assetId Asset Id. collectorKey Collector key. checkKey Check key."},{"location":"api/asset/disable-check/#query-parameters","title":"Query parameters","text":"none
"},{"location":"api/asset/disable-check/#body","title":"Body","text":"none
"},{"location":"api/asset/disable-check/#return-codes","title":"Return codes","text":"Error code Reason 204 Success. 401 Invalid or missing token. 403 Insufficient permissions (required: API+CHECK_MANAGEMENT). 404 Asset, collector or check not found. 409 Both the asset and check exist, but the check does not exist on the asset."},{"location":"api/asset/disable-check/#example","title":"Example","text":"Curl request:
curl \\\n -X DELETE 'https://api.infrasonar.com/asset/123/collector/wmi/check/updates' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'\n
"},{"location":"api/asset/enable-check/","title":"Enable check on asset","text":"PUT /asset/<assetId>/collector/<collectorKey>/check/<checkKey>
"},{"location":"api/asset/enable-check/#description","title":"Description","text":"Enable a check on an asset. Success (204) is also returned when the check was already enabled on the asset.
"},{"location":"api/asset/enable-check/#path-parameters","title":"Path parameters","text":"Param Description assetId Asset Id. collectorKey Collector key. checkKey Check key."},{"location":"api/asset/enable-check/#query-parameters","title":"Query parameters","text":"none
"},{"location":"api/asset/enable-check/#body","title":"Body","text":"none
"},{"location":"api/asset/enable-check/#return-codes","title":"Return codes","text":"Error code Reason 204 Success. 401 Invalid or missing token. 403 Insufficient permissions (required: API+CHECK_MANAGEMENT). 404 Asset, collector or check not found. 409 Both the asset and check exist, but the check does not exist on the asset."},{"location":"api/asset/enable-check/#example","title":"Example","text":"Curl request:
curl \\\n -X PUT 'https://api.infrasonar.com/asset/123/collector/wmi/check/updates' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'\n
"},{"location":"api/asset/insert-check-data/","title":"Insert check data","text":"POST /asset/<assetId>/collector/<collectorKey>/check/<checkKey>
"},{"location":"api/asset/insert-check-data/#description","title":"Description","text":"Insert check data.
"},{"location":"api/asset/insert-check-data/#path-parameters","title":"Path parameters","text":"Param Description assetId Asset Id. collectorKey Collector key. checkKey Check key."},{"location":"api/asset/insert-check-data/#query-parameters","title":"Query parameters","text":"none
"},{"location":"api/asset/insert-check-data/#body","title":"Body","text":"Param Type Required Description data object Yes Object with check data. version string Yes Version of the collector. runtime float No Time it took for the check to run in seconds. timestamp integer No Unix timestamp in seconds. If omitted, InfraSonar will set the timestamp for the check data."},{"location":"api/asset/insert-check-data/#return-codes","title":"Return codes","text":"Error code Reason 204 Success. 400 Invalid body. 401 Invalid or missing token. 403 Insufficient permissions (required: API+INSERT_CHECK_DATA). 404 Asset or collector or check not found. 409 Collector is not assigned to the asset. 413 Body size too large (maximum 500 KB)."},{"location":"api/asset/insert-check-data/#example","title":"Example","text":"Curl request:
curl \\\n -X POST 'https://api.infrasonar.com/asset/123/collector/docker/check/network' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' \\\n -H 'Content-Type: application/json' \\\n --data-raw '{\n \"data\": {\n \"networks\": [\n {\n \"name\": \"myNetwork\",\n \"ipAddress\": \"1.2.3.4\"\n }\n ]\n },\n \"version\": \"0.1.0\"\n}'\n
In this example, \"docker\" is the collector, \"network\" the check, \"networks\" a type, \"name\" is a required metric and \"ipAddress\" is a metric."},{"location":"api/asset/purge-notifications/","title":"Purge notifications","text":"POST /asset/<assetId>/purge-notifications
"},{"location":"api/asset/purge-notifications/#description","title":"Description","text":"Purge notifications by notification kind for a specific asset.
"},{"location":"api/asset/purge-notifications/#path-parameters","title":"Path parameters","text":"Param Description assetId Asset Id."},{"location":"api/asset/purge-notifications/#query-parameters","title":"Query parameters","text":"none
"},{"location":"api/asset/purge-notifications/#body","title":"Body","text":"Param Type Required Description kind string Yes One of CheckMissing, CheckError, CheckAged, CheckInvalidResult, CheckInvalidTimestamp or CheckInvalidData."},{"location":"api/asset/purge-notifications/#return-codes","title":"Return codes","text":"Error code Reason 204 Success. 400 Invalid body. 401 Invalid or missing token. 403 Insufficient permissions (required: API+ASSET_MANAGEMENT). 404 Asset not found."},{"location":"api/asset/purge-notifications/#example","title":"Example","text":"Curl request:
curl \\\n -X POST 'https://api.infrasonar.com/asset/123/purge-notifications' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' \\\n -H 'Content-Type: application/json' \\\n --data-raw '{\n \"kind\": \"CheckError\"\n}'\n
"},{"location":"api/asset/query-alerts/","title":"Query asset alerts","text":"GET /asset/<assetId>/alerts?fields=...
"},{"location":"api/asset/query-alerts/#description","title":"Description","text":"Query all open alerts for a given asset.
With the current API it is not possible to query for closed alerts, except when you have an explicit alert key string.
"},{"location":"api/asset/query-alerts/#path-parameters","title":"Path parameters","text":"Param Description assetId Asset Id."},{"location":"api/asset/query-alerts/#query-parameters","title":"Query parameters","text":"Param Default Description fields ks Fields to return (see fields below for all available fields)."},{"location":"api/asset/query-alerts/#fields","title":"Fields","text":"Field Return type Description ks string Key string of the alert. message string Initial message when the alert was opened. severity integer Initial severity when the alert was opened (value between 0=highest and 7=lowest severity). timestamp integer Unix timestamp in seconds when the alert was opened. lastMessage string Message of the last hit (equal to \"message\" with only a single hit). lastSeverity integer Severity of the last hit (equal to \"severity\" with only a single hit). lastTimestamp integer Unix timestamp in seconds of the last hit (equal to \"timestamp\" with only a single hit). ownerId integer/null User Id of the owner or null when the alert is not assigned to an owner."},{"location":"api/asset/query-alerts/#return-codes","title":"Return codes","text":"Error code Reason 200 Success. 400 Unknown field. 401 Invalid or missing token. 403 Insufficient permissions (required: API+READ). 404 Asset not found."},{"location":"api/asset/query-alerts/#example","title":"Example","text":"Curl request:
curl \\\n -X GET 'https://api.infrasonar.com/asset/123/alerts?fields=ks,message,severity,ownerId' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'\n
Response:
[\n {\n \"ks\": \"<a-unique-key-string>\",\n \"message\": \"Initial message of the alert\",\n \"severity\": 3,\n \"ownerId\": null\n }\n]\n
"},{"location":"api/asset/query-check-data/","title":"Query check data","text":"GET /asset/<assetId>/collector/<collectorKey>/check/<checkKey>?fmt=false
"},{"location":"api/asset/query-check-data/#description","title":"Description","text":"Query check data. The result might be null when both the collector and check exist, but no data for the given asset exists. If only the framework is null, then the check is enabled for the asset but no data is received (yet).
"},{"location":"api/asset/query-check-data/#path-parameters","title":"Path parameters","text":"Param Description assetId Asset Id. collectorKey Collector key. checkKey Check key."},{"location":"api/asset/query-check-data/#query-parameters","title":"Query parameters","text":"Param Default Description fmt false Either true or false. When true the display function is used to format the values and if false, the raw values are returned."},{"location":"api/asset/query-check-data/#return-codes","title":"Return codes","text":"Error code Reason 200 Success. 400 Invalid value for fmt query param. 401 Invalid or missing token. 403 Insufficient permissions (required: API+READ). 404 Asset, collector or check not found."},{"location":"api/asset/query-check-data/#example","title":"Example","text":"Curl request:
curl \\\n -X GET 'https://api.infrasonar.com/asset/123/collector/ping/check/ping?fmt=true' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'\n
Response:
{\n \"data\": {\n \"icmp\": [\n {\n \"address\": \"192.168.1.2\",\n \"maxTime\": \"1 ms\",\n \"name\": \"ping\",\n \"count\": \"5\",\n \"dropped\": \"0\",\n \"minTime\": \"165 \u03bcs\"\n }\n ]\n },\n \"framework\": {\n \"duration\": \"4.015 seconds\",\n \"timestamp\": \"2023-01-12 15:29:37+01:00\",\n \"prev\": {\n \"timestamp\": \"2023-01-12 15:24:37+01:00\"\n }\n }\n}\n
In this example, \"ping\" is a collector, \"ping\" a check, \"icmp\" a type and \"name\", address, maxTime etc, are the metrics.
"},{"location":"api/asset/query-forecast-data/","title":"Query forecast data","text":"GET /asset/<assetId>/collector/<collectorKey>/check/<checkKey>/type/<typeKey>/metric/<metricKey>/forecasts?aggregation=none
"},{"location":"api/asset/query-forecast-data/#description","title":"Description","text":"Query forecast data. A list will be returned containing all items with forecasts. The forecast for each item is an array with arrays containing a UNIX-timestamp, the upper and lower prediction values. The forecast for an item might also be null when the forecast could not be created (for example when the metric hasn't enough data points). In the latter case, the item has a retryAfter property with a UNIX-timestamp which tells when a new attempt will be made to create a forecast for that item.
"},{"location":"api/asset/query-forecast-data/#path-parameters","title":"Path parameters","text":"Param Description assetId Asset Id. collectorKey Collector key. checkKey Check key. typeKey Type key. metricKey Metric key."},{"location":"api/asset/query-forecast-data/#query-parameters","title":"Query parameters","text":"Param Default Description aggregation none One of none, diff, diffps, first, last, count, mode, min, max, sum, mean, median, medianlow, medianhigh. If you are not sure, just use the default none."},{"location":"api/asset/query-forecast-data/#return-codes","title":"Return codes","text":"Error code Reason 200 Success. 400 Invalid value for aggregation query param. 401 Invalid or missing token. 403 Insufficient permissions (required: API+READ). 404 Asset, collector, check, type or metric not found."},{"location":"api/asset/query-forecast-data/#example","title":"Example","text":"Curl request:
curl \\\n -X GET 'https://api.infrasonar.com/asset/123/collector/wmi/check/system/type/processorTotal/metric/PercentProcessorTime/forecasts' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'\n
Response:
[\n {\n \"name\": \"foo.local\",\n \"forecast\": null,\n \"retryAfter\": 1684891252.3467717\n },\n {\n \"name\": \"bar.local\",\n \"forecast\": [\n [\n 1684823400,\n 5.443413461856282,\n 0.3348468724474909\n ],\n [\n 1684825200,\n 5.339250050203838,\n 0.46790794525554347\n ]\n ]\n }\n]\n
"},{"location":"api/asset/query-id/","title":"Query asset Id","text":"GET /asset/<assetName>/id
"},{"location":"api/asset/query-id/#description","title":"Description","text":"Query an asset Id by name. This route only works with a container token.
Removed assets (assets in trash) are ignored and will not be found using this API call.
"},{"location":"api/asset/query-id/#path-parameters","title":"Path parameters","text":"Param Description assetName Asset name."},{"location":"api/asset/query-id/#query-parameters","title":"Query parameters","text":"none
"},{"location":"api/asset/query-id/#return-codes","title":"Return codes","text":"Error code Reason 200 Success. 401 Invalid or missing token. 403 Insufficient permissions (required: API). 404 No asset with the given name is found in the container. 409 Multiple assets with the same name are found within the container."},{"location":"api/asset/query-id/#example","title":"Example","text":"Curl request:
curl \\\n -X GET 'https://api.infrasonar.com/asset/my-asset.local/id' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'\n
Response:
{\n \"assetId\": 123\n}\n
"},{"location":"api/asset/query-time-series/","title":"Query time series","text":"POST /asset/<assetId>/query-time-series
"},{"location":"api/asset/query-time-series/#description","title":"Description","text":"Query time series.
"},{"location":"api/asset/query-time-series/#path-parameters","title":"Path parameters","text":"Param Description assetId Asset Id."},{"location":"api/asset/query-time-series/#body","title":"Body","text":"Param Type Required Description collector string Yes Collector key. check string Yes Check key. type string Yes Type key. metric string Yes Metric key. items array(string) No Item names. If not given, all items are returned. timeSpan integer No Time span in seconds. Defaults to 28800 (8 hours). The maximum time span is 2419200 (28 days). start integer/string No Unix timestamp or ISO time string. The start + time-span is the end of the time window. When not given, the start is calculated as now minus the time span which results in the latest data points. aggregation object No See aggregation section. If not given, no aggregation is used. merge object No See merge section. If not given, items are not merged."},{"location":"api/asset/query-time-series/#merge","title":"Merge","text":"Param Type Required Description as string Yes Name as the time-series will be returned in the result. Only alpha-numeric characters and underscores are allowed and the name must not be empty. aggregation object Yes See aggregation section. This aggregation is used for merging the time series."},{"location":"api/asset/query-time-series/#aggregation","title":"Aggregation","text":"Param Type Required Description type string Yes One of mean, min, max, sum, median, median_high, median_low or count. timeSpan integer No Time span in seconds used for aggregation blocks. For example 3600 will create per-hour blocks. If not given, the result will contain a single value with the current timestamp."},{"location":"api/asset/query-time-series/#return-codes","title":"Return codes","text":"Error code Reason 200 Success. 400 Invalid body. 401 Invalid or missing token. 403 Insufficient permissions (required: API+READ). 404 Asset not found."},{"location":"api/asset/query-time-series/#example","title":"Example","text":"Curl request (Average bytes received p/s for the last 4 hours):
curl \\\n -X POST 'https://api.infrasonar.com/asset/123/query-time-series' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' \\\n -H 'Content-Type: application/json' \\```\n --data-raw '{\n \"collector\": \"wmi\",\n \"check\": \"network\",\n \"type\": \"interface\",\n \"metric\": \"BytesReceivedPersec\",\n \"timeSpan\": 14400,\n \"aggregation\": {\n \"type\": \"mean\"\n }\n}'\n
Response (Each key in the response represents an item name, unless \"merge\" is used. The value is an array with with arrays containing a timestamp and value):
{\n \"Intel[R] 82574L Gigabit Network Connection\": [\n [\n 1677142522,\n 9488.9375\n ]\n ]\n}\n
"},{"location":"api/asset/query/","title":"Query asset","text":"GET/asset/<assetId>?fields=...
"},{"location":"api/asset/query/#description","title":"Description","text":"Query asset details.
"},{"location":"api/asset/query/#path-parameters","title":"Path parameters","text":"Param Description assetId Asset Id."},{"location":"api/asset/query/#query-parameters","title":"Query parameters","text":"Param Default Description fields all fields Fields to return (see fields below for all available fields). collectors none Collector fields. If at least one field is given, the result will include \"collectors\" with an array of collector objects (see Collectors below for all available collector fields)."},{"location":"api/asset/query/#fields","title":"Fields","text":"Field Return type Description id integer Asset Id. container integer Asset container Id. name string Asset name. kind string One of the kinds (see set-kind api) description string Asset description. mode string One of normal, maintenance or disabled. labels array(integer) List with label Ids. disabledChecks array(object) List with check objects. Each check object contains a collector and check property, both with the key as value."},{"location":"api/asset/query/#collectors","title":"Collectors","text":"Collector field Return type Description key string Collector key. name string Collector name. kind string One of agent, probe or service. config object/null Configuration for the collector if config exists."},{"location":"api/asset/query/#return-codes","title":"Return codes","text":"Error code Reason 200 Success. 400 Unknown field. 401 Invalid or missing token. 403 Insufficient permissions (required: API+READ). 404 Asset not found."},{"location":"api/asset/query/#example","title":"Example","text":"Curl request:
curl \\\n -X GET 'https://api.infrasonar.com/asset/123' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'\n
Response:
{\n \"id\": 123,\n \"name\": \"my-host.local\",\n \"kind\": \"Asset\",\n \"description\": \"My host\",\n \"mode\": \"normal\",\n \"labels\": [456, 789]\n}\n
"},{"location":"api/asset/remove-collector/","title":"Remove collector from asset","text":"DELETE /asset/<assetId>/collector/<collectorKey>
"},{"location":"api/asset/remove-collector/#description","title":"Description","text":"Remove a collector from an asset. Success (204) is also returned when the collector was not attached to the asset.
"},{"location":"api/asset/remove-collector/#path-parameters","title":"Path parameters","text":"Param Description assetId Asset Id. collectorKey Collector key."},{"location":"api/asset/remove-collector/#query-parameters","title":"Query parameters","text":"none
"},{"location":"api/asset/remove-collector/#body","title":"Body","text":"none
"},{"location":"api/asset/remove-collector/#return-codes","title":"Return codes","text":"Error code Reason 204 Success. 401 Invalid or missing token. 403 Insufficient permissions (required: API+ASSET_MANAGEMENT). 404 Asset or collector not found."},{"location":"api/asset/remove-collector/#example","title":"Example","text":"Curl request:
curl \\\n -X DELETE 'https://api.infrasonar.com/asset/123/collector/docker' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'\n
"},{"location":"api/asset/remove-label/","title":"Remove label from asset","text":"DELETE /asset/<assetId>/label/<labelId>
"},{"location":"api/asset/remove-label/#description","title":"Description","text":"Remove a label from an asset. Success (204) is also returned when the label was not assigned to the asset.
"},{"location":"api/asset/remove-label/#path-parameters","title":"Path parameters","text":"Param Description assetId Asset Id. labelId Label Id."},{"location":"api/asset/remove-label/#query-parameters","title":"Query parameters","text":"none
"},{"location":"api/asset/remove-label/#body","title":"Body","text":"none
"},{"location":"api/asset/remove-label/#return-codes","title":"Return codes","text":"Error code Reason 204 Success. 401 Invalid or missing token. 403 Insufficient permissions (required: API+ASSET_MANAGEMENT). 404 Asset or label not found."},{"location":"api/asset/remove-label/#example","title":"Example","text":"Curl request:
curl \\\n -X DELETE 'https://api.infrasonar.com/asset/123/label/123' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'\n
"},{"location":"api/asset/set-description/","title":"Set asset description","text":"PATCH /asset/<assetId>/description
"},{"location":"api/asset/set-description/#description","title":"Description","text":"Set the asset description. Success (204) is also returned when the asset description has not changed.
"},{"location":"api/asset/set-description/#path-parameters","title":"Path parameters","text":"Param Description assetId Asset Id."},{"location":"api/asset/set-description/#query-parameters","title":"Query parameters","text":"none
"},{"location":"api/asset/set-description/#body","title":"Body","text":"Param Type Required Description description string Yes Asset description."},{"location":"api/asset/set-description/#return-codes","title":"Return codes","text":"Error code Reason 204 Success. 400 Invalid body. 401 Invalid or missing token. 403 Insufficient permissions (required: API+ASSET_MANAGEMENT). 404 Asset not found."},{"location":"api/asset/set-description/#example","title":"Example","text":"Curl request:
curl \\\n -X PATCH 'https://api.infrasonar.com/asset/123/description' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' \\\n -H 'Content-Type: application/json' \\\n --data-raw '{\n \"description\": \"This is cool asset!\"\n}'\n
"},{"location":"api/asset/set-kind/","title":"Set asset kind","text":"PATCH /asset/<assetId>/kind
"},{"location":"api/asset/set-kind/#description","title":"Description","text":"Set the asset kind. Success (204) is also returned when the asset kind remains unchanged.
"},{"location":"api/asset/set-kind/#path-parameters","title":"Path parameters","text":"Param Description assetId Asset Id."},{"location":"api/asset/set-kind/#query-parameters","title":"Query parameters","text":"none
"},{"location":"api/asset/set-kind/#body","title":"Body","text":"Param Type Required Description kind string Yes Asset kind. See table below for all available kinds."},{"location":"api/asset/set-kind/#kind","title":"Kind","text":"Logo Name Asset (default) APC Apple Azure Citrix Database Dell DNS Docker Eaton Email Firewall FreeBSD HP Kubernetes Linux NetApp PaloAlto PureStorage Speed Supermicro Switch Synology UniFi VMware Website Windows"},{"location":"api/asset/set-kind/#return-codes","title":"Return codes","text":"Error code Reason 204 Success. 400 Invalid body. 401 Invalid or missing token. 403 Insufficient permissions (required: API+ASSET_MANAGEMENT). 404 Asset not found."},{"location":"api/asset/set-kind/#example","title":"Example","text":"Curl request:
curl \\\n -X PATCH 'https://api.infrasonar.com/asset/123/kind' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' \\\n -H 'Content-Type: application/json' \\\n --data-raw '{\n \"kind\": \"Linux\"\n}'\n
"},{"location":"api/asset/set-mode/","title":"Set asset mode","text":"PATCH /asset/<assetId>/mode
"},{"location":"api/asset/set-mode/#description","title":"Description","text":"Set the asset mode. Success (204) is also returned when the asset was already in the desired mode.
"},{"location":"api/asset/set-mode/#path-parameters","title":"Path parameters","text":"Param Description assetId Asset Id."},{"location":"api/asset/set-mode/#query-parameters","title":"Query parameters","text":"none
"},{"location":"api/asset/set-mode/#body","title":"Body","text":"Param Type Required Description mode string Yes One of normal, maintenance or disabled."},{"location":"api/asset/set-mode/#return-codes","title":"Return codes","text":"Error code Reason 204 Success. 400 Invalid body. 401 Invalid or missing token. 403 Insufficient permissions (required: API+ASSET_MANAGEMENT). 404 Asset not found."},{"location":"api/asset/set-mode/#example","title":"Example","text":"Curl request:
curl \\\n -X PATCH 'https://api.infrasonar.com/asset/123/mode' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' \\\n -H 'Content-Type: application/json' \\\n --data-raw '{\n \"mode\": \"maintenance\"\n}'\n
"},{"location":"api/asset/set-name/","title":"Set asset name","text":"PATCH /asset/<assetId>/name
"},{"location":"api/asset/set-name/#description","title":"Description","text":"Set the asset name. Success (204) is also returned when the asset name has not been changed.
"},{"location":"api/asset/set-name/#path-parameters","title":"Path parameters","text":"Param Description assetId Asset Id."},{"location":"api/asset/set-name/#query-parameters","title":"Query parameters","text":"none
"},{"location":"api/asset/set-name/#body","title":"Body","text":"Param Type Required Description name string Yes Asset name."},{"location":"api/asset/set-name/#return-codes","title":"Return codes","text":"Error code Reason 204 Success. 400 Invalid body. 401 Invalid or missing token. 403 Insufficient permissions (required: API+ASSET_MANAGEMENT). 404 Asset not found."},{"location":"api/asset/set-name/#example","title":"Example","text":"Curl request:
curl \\\n -X PATCH 'https://api.infrasonar.com/asset/123/name' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' \\\n -H 'Content-Type: application/json' \\\n --data-raw '{\n \"name\": \"This is cool asset!\"\n}'\n
"},{"location":"api/asset/upsert-collector/","title":"Upsert collector to asset","text":"POST /asset/<assetId>/collector/<collectorKey>
"},{"location":"api/asset/upsert-collector/#description","title":"Description","text":"Add or configure a collector on an asset. If the collector is already attached to the asset, the configuration will be updated unless no configuration is provided in the body.
"},{"location":"api/asset/upsert-collector/#path-parameters","title":"Path parameters","text":"Param Description assetId Asset Id. collectorKey Collector key."},{"location":"api/asset/upsert-collector/#query-parameters","title":"Query parameters","text":"none
"},{"location":"api/asset/upsert-collector/#body","title":"Body","text":"Param Type Required Description config Object Depends Configuration of the collector. A body might be required for some collectors. For most collectors the config field is optional.
"},{"location":"api/asset/upsert-collector/#return-codes","title":"Return codes","text":"Error code Reason 204 Success. 400 Invalid body. 401 Invalid or missing token. 403 Insufficient permissions (required: API+ASSET_MANAGEMENT). 404 Asset or collector not found."},{"location":"api/asset/upsert-collector/#example","title":"Example","text":"Curl request: (no config required for docker agent)
curl \\\n -X POST 'https://api.infrasonar.com/asset/123/collector/docker' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'\n
"},{"location":"api/container/create-asset/","title":"Create asset","text":"POST /container/<containerId>/asset
"},{"location":"api/container/create-asset/#description","title":"Description","text":"Create a new asset.
Duplicated asset names are allowed although not recommended.
"},{"location":"api/container/create-asset/#path-parameters","title":"Path parameters","text":"Param Description containerId Container Id."},{"location":"api/container/create-asset/#query-parameters","title":"Query parameters","text":"none
"},{"location":"api/container/create-asset/#body","title":"Body","text":"Param Type Required Description name string Yes Name of the asset."},{"location":"api/container/create-asset/#return-codes","title":"Return codes","text":"Error code Reason 201 Success. 400 Invalid body. 401 Invalid or missing token. 403 Insufficient permissions (required: API+ASSET_MANAGEMENT). 404 Container not found."},{"location":"api/container/create-asset/#example","title":"Example","text":"Curl request:
curl \\\n -X POST 'https://api.infrasonar.com/container/123/asset' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' \\\n -H 'Content-Type: application/json' \\\n --data-raw '{\n \"name\": \"my-host.local\"\n}'\n
Response:
{\n \"assetId\": 123\n}\n
"},{"location":"api/container/purge-notifications/","title":"Purge notifications","text":"POST /container/<containerId>/purge-notifications
"},{"location":"api/container/purge-notifications/#description","title":"Description","text":"Purge notifications by notification kind.
"},{"location":"api/container/purge-notifications/#path-parameters","title":"Path parameters","text":"Param Description containerId Container Id."},{"location":"api/container/purge-notifications/#query-parameters","title":"Query parameters","text":"none
"},{"location":"api/container/purge-notifications/#body","title":"Body","text":"Param Type Required Description kind string Yes One of ConnectionStatus, ConnectionTimeDelta, ProbeVersion, ProbeMissing, ProbeTimeDelta, ProbeNoHeartbeat, CheckMissing, CheckError, CheckAged, CheckInvalidResult, CheckInvalidTimestamp, CheckInvalidData, ContainerMaintenance, AgentcoreMissing or ConditionError."},{"location":"api/container/purge-notifications/#return-codes","title":"Return codes","text":"Error code Reason 204 Success. 400 Invalid body. 401 Invalid or missing token. 403 Insufficient permissions (required: API+CONTAINER_MANAGEMENT). 404 Container not found."},{"location":"api/container/purge-notifications/#example","title":"Example","text":"Curl request:
curl \\\n -X POST 'https://api.infrasonar.com/container/123/purge-notifications' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' \\\n -H 'Content-Type: application/json' \\\n --data-raw '{\n \"kind\": \"ConnectionStatus\"\n}'\n
"},{"location":"api/container/purge-time-series/","title":"Purge time-series","text":"POST /container/<containerId>/purge-time-series
"},{"location":"api/container/purge-time-series/#description","title":"Description","text":"Purge dead time-series. Time series are considered dead if they didn't got any new data for a period of time. This period must be given in weeks.
"},{"location":"api/container/purge-time-series/#path-parameters","title":"Path parameters","text":"Param Description containerId Container Id."},{"location":"api/container/purge-time-series/#query-parameters","title":"Query parameters","text":"none
"},{"location":"api/container/purge-time-series/#body","title":"Body","text":"Param Type Required Description weeks integer Yes Integer value between 1 and 999 (recommended: 5 weeks or more)."},{"location":"api/container/purge-time-series/#return-codes","title":"Return codes","text":"Error code Reason 200 Success. 400 Invalid body. 401 Invalid or missing token. 403 Insufficient permissions (required: API+PURGE_TIME_SERIES). 404 Container not found."},{"location":"api/container/purge-time-series/#example","title":"Example","text":"Curl request:
curl \\\n -X POST 'https://api.infrasonar.com/container/123/purge-time-series' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' \\\n -H 'Content-Type: application/json' \\\n --data-raw '{\n \"weeks\": 5\n}'\n
Response:
{\n \"purgedTimeSeries\": 12345\n}\n
"},{"location":"api/container/query-alerts/","title":"Query container alerts","text":"GET /container/<containerId>/alerts?fields=...
"},{"location":"api/container/query-alerts/#description","title":"Description","text":"Query all open alerts for a given container.
With the current API it is not possible to query for closed alerts, except when you have an explicit alert key string.
"},{"location":"api/container/query-alerts/#path-parameters","title":"Path parameters","text":"Param Description containerId Container Id."},{"location":"api/container/query-alerts/#query-parameters","title":"Query parameters","text":"Param Default Description fields ks Fields to return (see fields below for all available fields)."},{"location":"api/container/query-alerts/#fields","title":"Fields","text":"Field Return type Description ks string Key string of the alert. message string Initial message when the alert was opened. severity integer Initial severity when the alert was opened (value between 0=highest and 7=lowest severity). timestamp integer Unix timestamp in seconds when the alert was opened. lastMessage string Message of the last hit (equal to \"message\" with only a single hit). lastSeverity integer Severity of the last hit (equal to \"severity\" with only a single hit). lastTimestamp integer Unix timestamp in seconds of the last hit (equal to \"timestamp\" with only a single hit). ownerId integer/null User Id of the owner or null when the alert is not assigned to an owner."},{"location":"api/container/query-alerts/#return-codes","title":"Return codes","text":"Error code Reason 200 Success. 400 Unknown field. 401 Invalid or missing token. 403 Insufficient permissions (required: API+READ). 404 Container not found."},{"location":"api/container/query-alerts/#example","title":"Example","text":"Curl request:
curl \\\n -X GET 'https://api.infrasonar.com/container/123/alerts?fields=ks,message,severity,ownerId' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'\n
Response:
[\n {\n \"ks\": \"<a-unique-key-string>\",\n \"message\": \"Initial message of the alert\",\n \"severity\": 3,\n \"ownerId\": null\n }\n]\n
"},{"location":"api/container/query-assets/","title":"Query container assets","text":"GET /container/<containerId>/assets?fields=...
"},{"location":"api/container/query-assets/#description","title":"Description","text":"Query all assets for a given container. (removed assets are not included).
"},{"location":"api/container/query-assets/#path-parameters","title":"Path parameters","text":"Param Description containerId Container Id."},{"location":"api/container/query-assets/#query-parameters","title":"Query parameters","text":"Param Default Description fields id Fields to return (see fields below for all available fields). collectors none Collector fields. If at least one field is given, the result will include \"collectors\" with an array of collector objects (see Collectors below for all available collector fields). kind none Only assets with the given kind (e.g kind=Windows). not-kind none Only assets with another kind than the given kind (e.g not-kind=Asset). mode none Only assets with the given mode (e.g mode=normal). not-mode none Only assets with another mode than the given mode (e.g not-mode=disabled). collector none Only assets with the given collector (e.g collector=tcp). not-collector none Only assets without the given collector (e.g not-collector=wmi). label none Only assets with the given label Id (e.g label=123). not-label none Only assets without the given label Id (e.g not-label=456)."},{"location":"api/container/query-assets/#fields","title":"Fields","text":"Field Return type Description id integer Asset Id. container integer Asset container Id (Equal to containerId). name string Asset name. kind string One of the kinds (see set-kind api) description string Asset description. mode string One of normal, maintenance or disabled. labels array(integer) List with label Ids. disabledChecks array(object) List with check objects. Each check object contains a collector and check property, both with the key as value."},{"location":"api/container/query-assets/#collectors","title":"Collectors","text":"Collector field Return type Description key string Collector key. name string Collector name. kind string One of agent, probe or service. config object/null Configuration for the collector if config exists."},{"location":"api/container/query-assets/#return-codes","title":"Return codes","text":"Error code Reason 200 Success. 400 Unknown field. 401 Invalid or missing token. 403 Insufficient permissions (required: API+READ). 404 Container not found."},{"location":"api/container/query-assets/#example","title":"Example","text":"Curl request:
curl \\\n -X GET 'https://api.infrasonar.com/container/123/assets?fields=id,name,mode' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'\n
Response:
[\n {\n \"id\": 123,\n \"name\": \"my-host.local\",\n \"mode\": \"normal\"\n }\n]\n
"},{"location":"api/container/query-collectors/","title":"Query container collectors","text":"GET /container/<containerId>/collectors?fields=...
"},{"location":"api/container/query-collectors/#description","title":"Description","text":"Query all collectors for a given container. (only enabled collectors are included).
"},{"location":"api/container/query-collectors/#path-parameters","title":"Path parameters","text":"Param Description containerId Container Id."},{"location":"api/container/query-collectors/#query-parameters","title":"Query parameters","text":"Param Default Description fields key Fields to return (see fields below for all available fields). options none Option fields. If at least one field is given, the result will include \"options\" with an array of option objects (see Options below for all available option fields)."},{"location":"api/container/query-collectors/#fields","title":"Fields","text":"Field Return type Description key string Collector Id. name string Collector name. kind string One of agent, probe or service. info string Collector info. min-version string Minimal required version for the collector."},{"location":"api/container/query-collectors/#options","title":"Options","text":"Option field Return type Description key string Option key. name string Option name. info string Option info. type string One of Bool, Int, Float, String, ListBool, ListInt, ListFloat or ListString. default any Default value (The default value is not guaranteed to pass the validation function)."},{"location":"api/container/query-collectors/#return-codes","title":"Return codes","text":"Error code Reason 200 Success. 400 Unknown field. 401 Invalid or missing token. 403 Insufficient permissions (required: API+READ). 404 Container not found."},{"location":"api/container/query-collectors/#example","title":"Example","text":"Curl request:
curl \\\n -X GET 'https://api.infrasonar.com/container/123/collectors?fields=key,kind&options=key,type,default' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'\n
Response:
[\n {\n \"key\": \"wmi\",\n \"kind\": \"probe\",\n \"options\": [\n {\n \"key\": \"address\",\n \"type\": \"String\",\n \"default\": \"\",\n }\n ]\n }\n]\n
"},{"location":"api/container/query-id/","title":"Query container Id","text":"GET /container/id
"},{"location":"api/container/query-id/#description","title":"Description","text":"Query a container Id by token. This route only works with a container token.
"},{"location":"api/container/query-id/#path-parameters","title":"Path parameters","text":"none
"},{"location":"api/container/query-id/#query-parameters","title":"Query parameters","text":"none
"},{"location":"api/container/query-id/#return-codes","title":"Return codes","text":"Error code Reason 200 Success. 401 Invalid or missing token. 403 Insufficient permissions (required: API)."},{"location":"api/container/query-id/#example","title":"Example","text":"Curl request:
curl \\\n -X GET 'https://api.infrasonar.com/container/id' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'\n
Response:
{\n \"containerId\": 123\n}\n
"},{"location":"api/container/query/","title":"Query container","text":"GET/container/<containerId>?fields=...
"},{"location":"api/container/query/#description","title":"Description","text":"Query container details.
"},{"location":"api/container/query/#path-parameters","title":"Path parameters","text":"Param Description containerId Container Id."},{"location":"api/container/query/#query-parameters","title":"Query parameters","text":"Param Default Description fields all fields Fields to return (see fields below for all available fields)."},{"location":"api/container/query/#fields","title":"Fields","text":"Field Return type Description id integer Container Id. name string Container name. timezone string Container time-zone. mode string One of normal, maintenance or disabled."},{"location":"api/container/query/#return-codes","title":"Return codes","text":"Error code Reason 200 Success. 400 Unknown field. 401 Invalid or missing token. 403 Insufficient permissions (required: API+READ). 404 Container not found."},{"location":"api/container/query/#example","title":"Example","text":"Curl request:
curl \\\n -X GET 'https://api.infrasonar.com/container/123' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'\n
Response:
{\n \"id\": 123,\n \"mode\": \"normal\",\n \"name\": \"My Container\",\n \"timezone\": \"Europe/Amsterdam\"\n}\n
"},{"location":"api/container/set-mode/","title":"Set container mode","text":"PATCH /container/<containerId>/mode
"},{"location":"api/container/set-mode/#description","title":"Description","text":"Set the container mode. Success (204) is also returned when the container was already in the desired mode.
"},{"location":"api/container/set-mode/#path-parameters","title":"Path parameters","text":"Param Description containerId Container Id."},{"location":"api/container/set-mode/#query-parameters","title":"Query parameters","text":"none
"},{"location":"api/container/set-mode/#body","title":"Body","text":"Param Type Required Description mode string Yes One of normal, maintenance or disabled."},{"location":"api/container/set-mode/#return-codes","title":"Return codes","text":"Error code Reason 204 Success. 400 Invalid body. 401 Invalid or missing token. 403 Insufficient permissions (required: API+ASSET_MANAGEMENT). 404 Container not found. 409 Too many open alerts. (mode \"normal\" is only allowed with less than 500 open alerts)"},{"location":"api/container/set-mode/#example","title":"Example","text":"Curl request:
curl \\\n -X PATCH 'https://api.infrasonar.com/container/123/mode' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' \\\n -H 'Content-Type: application/json' \\\n --data-raw '{\n \"mode\": \"maintenance\"\n}'\n
"},{"location":"api/label/query/","title":"Query label","text":"GET/label/<labelId>?fields=...
"},{"location":"api/label/query/#description","title":"Description","text":"Query label details.
"},{"location":"api/label/query/#path-parameters","title":"Path parameters","text":"Param Description labelId Label Id."},{"location":"api/label/query/#query-parameters","title":"Query parameters","text":"Param Default Description fields all fields Fields to return (see fields below for all available fields)."},{"location":"api/label/query/#fields","title":"Fields","text":"Field Return type Description id int Label Id. name string Label name. color string One of Steel, Olive, Mauve, Emerald, Orange, Magenta or InfraSonarBlue. description string Label description."},{"location":"api/label/query/#return-codes","title":"Return codes","text":"Error code Reason 200 Success. 400 Unknown field. 401 Invalid or missing token. 403 Insufficient permissions (required: API+READ). 404 Label not found."},{"location":"api/label/query/#example","title":"Example","text":"Curl request:
curl \\\n -X GET 'https://api.infrasonar.com/label/123?fields=name,color' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'\n
Response:
{\n \"name\": \"windows\",\n \"color\": \"InfraSonarBlue\"\n}\n
"},{"location":"api/reporting/get-report/","title":"Download report","text":"GET/reporting/<reportingId>/report/"},{"location":"api/reporting/get-report/#description","title":"Description","text":"
Download a report.
"},{"location":"api/reporting/get-report/#path-parameters","title":"Path parameters","text":"Param Description reportingId Reporting Id. reportId Report Id. (can be found using the reporting API)."},{"location":"api/reporting/get-report/#return-codes","title":"Return codes","text":"Error code Reason 200 Success. 401 Invalid or missing token. 403 Insufficient permissions (required: API+REPORTING_VIEW). 404 Reporting not found. XXX Other errors may occur when the report is not available for download."},{"location":"api/reporting/get-report/#example","title":"Example","text":"Curl request:
curl \\\n -X GET 'https://api.infrasonar.com/reporting/123/report/123' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'\n
The result contains either a PDF, XLSX or JSON file, depending on the report type.
"},{"location":"api/reporting/query/","title":"Query reporting","text":"GET/reporting/<reportingId>?fields=...
"},{"location":"api/reporting/query/#description","title":"Description","text":"Query reporting details.
"},{"location":"api/reporting/query/#path-parameters","title":"Path parameters","text":"Param Description reportingId Reporting Id."},{"location":"api/reporting/query/#query-parameters","title":"Query parameters","text":"Param Default Description fields all fields Fields to return (see fields below for all available fields). reports none Report fields. If at least one field is given, the result will include \"reports\" with an array of report objects (see Reports below for all available report fields)."},{"location":"api/reporting/query/#fields","title":"Fields","text":"Field Return type Description id int Reporting Id. name string Reporting name. kind string One of AlertsNotificationsReport, StateDataReport, ChartDataReport, ConditionReport. content string One of PDF, JSON, XLSX. repeat string/null One of Daily, Weekly, Monthly or null when this is a one-time reporting."},{"location":"api/reporting/query/#reports","title":"Reports","text":"Field Return type Description id int Report Id. size int Report size in bytes. start string Start time of the report. For example, a monthly report for March 2023 will return 2023-03-01T00:00:00+0100. success bool This is true if the report was successful, else false."},{"location":"api/reporting/query/#return-codes","title":"Return codes","text":"Error code Reason 200 Success. 400 Unknown field. 401 Invalid or missing token. 403 Insufficient permissions (required: API+REPORTING_VIEW). 404 Reporting not found."},{"location":"api/reporting/query/#example","title":"Example","text":"Curl request:
curl \\\n -X GET 'https://api.infrasonar.com/reporting/123?fields=name,kind&reports=id,start' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'\n
Response:
{\n \"name\": \"My report\",\n \"kind\": \"StateDataReport\",\n \"reports\": [\n {\n \"id\": 123,\n \"start\": \"2023-03-01T00:00:00+0100\"\n }\n ]\n}\n
"},{"location":"application/","title":"Index","text":""},{"location":"application/#infrasonar-web-application","title":"InfraSonar web application","text":"The InfraSonar web application allows user to access the monitoring data and maintain their InfraSonar platform given their account has sufficient permissions.
The menu on the left reflects the InfraSonar application menu for easy reference.
If you can't find the information you are looking for feel free to contact support
"},{"location":"application/agentcores/","title":"Agentcores","text":""},{"location":"application/agentcores/#agentcores","title":"Agentcores","text":"It this panel you can see the status of the Agentcores deployed for a container.
"},{"location":"application/agentcores/#removing-a-agentcore","title":"Removing a Agentcore","text":"With the proper autorotation it is possible to remove an Agentcore here.
Proceed with caution
Removing an Agentcore without having a secondary agentcore in the same zone can seriously impact the availability of your monitoring solution.
"},{"location":"application/alerts/","title":"Alerts","text":""},{"location":"application/alerts/#alerts","title":"Alerts","text":"Alerts are raised by conditions using the return statement in our condition edition.
Using rules it is possible to route the alert to email or DutyCalls.
"},{"location":"application/alerts/#viewing-alerts","title":"Viewing alerts","text":"When you are in a container view (1) you can view the alerts and notifications in the Alerts & Notifications page (2)
This view shows:
- Open alerts (3)
- Closed alerts (4)
- Notifications (5)
"},{"location":"application/alerts/#open-alerts","title":"Open alerts","text":"The open alerts (3) pane shows a list (6) of all open alerts and its status.
When you click the show details button the details pane opens.
- Add message, allows you to add a message to the alert; this might be useful to inform coworkers.
- Assign alert, allows you to assign the alert to yourself or another member of this container.
- Close alert, closes the alert; when the issue is not resolved, the issue is reopened and automatically assigned to the user who closed the alert.
- Refresh, refreshes the alert pane.
"},{"location":"application/alerts/#closed-alerts","title":"Closed alerts","text":"The closed alerts pane (4) shows a list of closed alerts.
"},{"location":"application/alerts/#notifications","title":"Notifications","text":"The closed alerts pane (5) shows a list of all open notifications (6).
Notification are used to notify InfraSonar users of issues with the monitoring platform they offer a clear distinction between actual \"Alerts\" and when monitoring is failing.
Notifications disappear when the issue is resolved, users can't close a notification only the system can once the issue is resolved. As such all notifications should be handled as an indication that something is wrong with monitoring.
Good to known
Notifications are not the result of a\u00a0condition. The only notifications which are raised by incoming data, are the check errors. These are not\u00a0conditions\u00a0but errors which directly result in a notification.
"},{"location":"application/alerts/#managing-alerts","title":"Managing alerts","text":""},{"location":"application/alerts/#closing-alerts","title":"Closing alerts","text":"There are three ways an alert gets closed:
- User close, an end users closed the alert;
- auto close, the condition is configured to close the alert if the issue is resolved;
- indirect close, the relation between the condition and asset is removed:
- When the asset is removed from the condition (e.g. removing the label applying the condition);
- When the check triggering the condition is disabled;
- When the asset is removed.
Auto close caveat
it is possible that an auto close fails when the item triggering the alert no longer exists upon a new check result. This can happen for example when you create a condition on cpu usage in a list of processes, if you then kill the process InfraSonar will never see this item again. When this happens you need to close the alert manually.
"},{"location":"application/assets/","title":"Assets","text":""},{"location":"application/assets/#assets","title":"Assets","text":"Assets are in essence the monitored objects in an InfraSonar implementation. Assets can be IT components such as routers, switches, servers etc but can easily also consists of any other device which can be monitored such as elevators , IOT devices , etc.
"},{"location":"application/assets/#add-asset","title":"Add asset","text":"When you are in the assets view you can add a new asset using the Add asset button.
InfraSonar add asset"},{"location":"application/assets/#asset-configuration","title":"Asset configuration","text":"InfraSonar add asset details Configuring an asset involves the following steps:
- Enter an asset name. We strongly suggest entering the correct hostname in FQDN format here, but do not enforce this.
- Enter an optional description.
- Select the mode. This is usually normal, see our mode documentation for more details
- Select the zone. This is usually 0, see our zone documentation for more details
- Select the collectors you want to use.
- Enter the correct labels for this asset.
Advanced asset configuration and credentials
Some collectors require a more advanced configuration or credentials to be setup on the appliance running the collector. See our credentials section if this applies to your setup.
"},{"location":"application/assets/#adding-multiple-assets","title":"Adding multiple assets","text":"When there is a need to add multiple assets at once we suggest using our api
"},{"location":"application/assets/#asset-usage","title":"Asset usage","text":"InfraSonar add asset Overview Todo Effective Todo Open (0) Todo Closed Todo Notifications (0) Todo Collectors Todo More Todo"},{"location":"application/assets/#manage-forecasts","title":"Manage forecasts","text":""},{"location":"application/assets/#manage-time-series","title":"Manage Time series","text":""},{"location":"application/child_containers/","title":"Child containers","text":""},{"location":"application/child_containers/#child-containers","title":"Child containers","text":"InfraSonar containers are a hierarchial setup of you monitored infrastructure.
A container can contain monitored assets and/or sub-containers.
Depending on your access level the following can be configured at container level:
- Authorization
- Labels
- Conditions.
- Collectors
- Billing
- Modes
- Timezone
"},{"location":"application/child_containers/#hierarchy","title":"Hierarchy","text":""},{"location":"application/child_containers/#principles","title":"Principles","text":"Authorization is inherited to \"lower\" containers. Inheritance can be \"broken\" down the chain.
"},{"location":"application/child_containers/#infrasonar-hierarchical-setup","title":"InfraSonar hierarchical setup","text":"graph LR\n A[InfraSonar] --> B[container];\n B -->C((assets));\n A -->D[container];\n D -->E[container];\n D -->F[container];\n E -->G((assets));\n F -->H((assets));\n A -->I[container];\n I -->J((assets));\n I -->K[container];\n K -->L[container];\n L -->N[container];\n L -->O((assets));\n N -->S((assets));
Hierarchy implementation for a service provider graph LR\n A[InfraSonar] --> B[service provider];\n B --> C[internal infrastructure]\n B --> D[monitoring only]\n B --> E[managed service]\n C --> F((assets))\n D --> customer1[customer 1]\n D --> customer2[customer 2]\n customer1 --> I((assets))\n customer2 --> J((assets))\n E --> customer3[customer 3]\n customer3 --> K((assets))\n E --> customer4[customer 4]\n customer4 --> L((assets))\n E --> customer5[customer 5]\n customer5 --> M[development]\n customer5 --> N[acceptance]\n customer5 --> O[production]\n M --> Q((assets))\n N --> R((assets))\n O --> S((assets))
"},{"location":"application/child_containers/#setup-a-new-container","title":"Setup a new container","text":"Note
When you are new to InfraSonar and sign in for the first time, you will see the message:
Welcome to InfraSonar! It appears that you are not yet a member of an InfraSonar container. If you are a member of an organization that uses InfraSonar, ask for permission from an authorized person to add you to the relevant container. Otherwise, request a free demo via the website!
From the container view, you can add a new child container.
InfraSonar add container - When you are in asset view you can use the child containers button to switch to child container view;
- Click the add container button;
- Enter a name for your container;
- Select the mode, this is usual normal;
- Select the timezone for this container;
- CLick save.
"},{"location":"application/collectors/","title":"Collectors","text":""},{"location":"application/collectors/#collectors","title":"Collectors","text":"Collectors can be turned of on container level here.
"},{"location":"application/collectors/#propagation","title":"Propagation","text":" - When turning a collector on or off existing children are not affected.
- Newly created children will inherit the configuration from it's parent.
"},{"location":"application/collectors/#usage","title":"Usage","text":"This feature can be used to control which collectors are available on a container.
Disabling unused collectors avoids mistakes and also unclutters the UI.
"},{"location":"application/conditions/","title":"Conditions","text":""},{"location":"application/conditions/#conditions","title":"Conditions","text":"Check results sent to the InfraSonar cloud platform are immediately evaluated using the conditions configured for the specific asset.
InfraSonar comes with many predefined conditions based on years of experience and best practices.
"},{"location":"application/conditions/#managing-conditions","title":"Managing conditions","text":"Conditions are assigned to an asset using labels.
In order to manage conditions you need to have the ContainerAdmin role on the container you want to manage conditions for.
"},{"location":"application/conditions/#operational","title":"Operational","text":"A hit condition returns a message and a severity.
The following severity can be returned:
Severity 1 Description EMERGENCY System is unusable. ALERT Action must be taken immediately. CRITICAL Critical conditions. ERROR Error conditions. WARNING Warning conditions. NOTICE Normal but significant conditions. INFORMATIONAL Informational. DEBUG Messages that contain information normally of use only when debugging. OK This is an explicit OK which results in an alert auto closing when hit."},{"location":"application/conditions/#turn-off-conditions","title":"Turn off conditions","text":"Conditions can be turned of per asset of on a container.
-
Our severity levels are derived from the Syslog levels, see this Syslog wikipedia article for additional information.\u00a0\u21a9
"},{"location":"application/conditions_editor/","title":"Conditions editor","text":""},{"location":"application/conditions_editor/#conditions","title":"Conditions","text":" Under construction
Check results sent to the InfraSonar cloud platform are immediately evaluated using the conditions configured for the specific asset.
InfraSonar comes with many predefined conditions based on years of experience and best practices.
In order to manage conditions you need to have the ContainerAdmin role on the container you want to manage conditions for.
"},{"location":"application/conditions_editor/#managing-conditions","title":"Managing conditions","text":"While our condition editor might feel intimidating at first glance, it is potent. We urge you to look at our predefined conditions for inspiration and a deeper understanding.
"},{"location":"application/conditions_editor/#general-tab","title":"General tab","text":"Name
The name you want to use for your condition, we suggest a short descriptive name.
Description
use the description to provide a short description of the purpose and usage of the condition.
Collector
Select the path to the data you want this condition.
For probes this is: Collector, Check, Type
Condition kind
We identify three kind of Conditions:
Kind Description EXPRESSION Detailed expression used to evaluate the check result. ITEMS MUST EXIST Used to detect items which must exist. ITEMS_MISSING Used to detect items missing compared to the previous check result. Ticks
The number of times this condition must be hit in a row before an actual alert will be raised.
Note
Ticks can not be set for the condition kind ITEMS_MISSING as this compares with a previous check result.
Single alert
Gathers up all alerts into a single alert per asset. When disabled, each item will be tested and may raise an alert.
"},{"location":"application/conditions_editor/#labels-tab","title":"Labels tab","text":"In this tab you configure for which labels the condition is active.
"},{"location":"application/conditions_editor/#items-tab","title":"Items tab","text":"This tab allows you to set the severity and specify for which items this conditions is a active in case of ITEMS MUST EXIST or which items this condition should exclude in the case of ITEMS_MISSING
"},{"location":"application/conditions_editor/#items-must-exist","title":"Items must exist","text":"All items will be checked for existence by the given list or regular expression.
- Condition will be executed when added to an asset or when the condition has been changed.
- Auto-close is always enabled.
- The item list or regular expression work as \"include\" by the item.name property.
- When a list is used, all items in the list must exist otherwise the condition is hit.
- When a regular expression is used, at least one item must match with the given regular expression otherwise the condition is hit.
"},{"location":"application/conditions_editor/#items-missing","title":"Items missing","text":"All items will be compared towards the previous items. If one (or more) items is missing which is not excluded by either the item list or regular expression, the condition is hit.
- Will re-run when added to an asset or when the condition has changed.
- Open alerts will never auto-close. Note that they can be closed indirectly, for example when the condition or check is removed from an asset.
- The item list or regular expression work as \"exclude\" by the item.name property.
- When a list is used, the items in the list will be ignored when missing.
- When a regular expression is used, an item match will ignore the item when missing.
enodo.metric.upper lower value (+aggregation mix)
"},{"location":"application/conditions_editor/#expression-tab","title":"Expression tab","text":"InfraSonar uses a powerful expression language that allows for precise and tailored conditions.
Each item is processed by the given expression. If new is used in the expression, it is best practice not to use return OK in the expression as auto close does not make sense. This is because an item will only be new once. - Condition will be executed when added to an asset or when the condition has been changed, unless prev (previous item) is used in the expression. When prev is used, only when new data is received the condition will evaluate again. - return OK -> Success, Auto-close open alert if there is one. - return -> Success, Do not auto-close an open alert if there was one. - return ERROR, \"...\" -> return with severity and optional message. (ERROR might be INFO, CRITICAL etc.)
Example expression
// alert message template\nvar.template = \"\nCertificate almost expires!\nname: @item.name\nexpires in: @item.expiresIn seconds\n\"\n\ncase item.expiresIn < 604_800: \n // Certificate will expire in less than 7 days\n return WARNING, var.template\n\ncase item.expiresIn < 1_209_600: \n // Certificate will expire in less than 14 days\n return NOTICE, var.template\n\ncase \"organisationName=Let's Encrypt\" in item.issuer:\n // Skip less than 28 days for Let's Encrypt certificates\n return OK \n\ncase item.expiresIn < 2_419_200: \n // Certificate will expire in less than 28 days\n return INFORMATIONAL, var.template\n\n// this add's autoclose\nreturn OK\n
"},{"location":"application/conditions_editor/#case-statement","title":"case statement","text":"The case statement is
case new
"},{"location":"application/conditions_editor/#return-statement","title":"return statement","text":"return <severity>, <message>
The return statement is used to return the severity and a message.
return without any parameters is also possible.
severity
Severity 1 Description EMERGENCY System is unusable. ALERT Action must be taken immediately. CRITICAL Critical conditions. ERROR Error conditions. WARNING Warning conditions. NOTICE Normal but significant conditions. INFORMATIONAL Informational. DEBUG Messages that contain information normally of use only when debugging. OK This is an explicit OK which results in an alert auto closing when hit. Severity usage
InfraSonar pre-defined conditions only the severity levels CRITICAL, ERROR, WARNING & NOTICE.
We advice to use ALERT & EMERGENCY for your specific use cases; EMERGENCY could for example be used to send notifications to a 24x7 DutyCalls channel where ALERT is send to a DutyCalls channel used for non weekends and holidays.
message
The message can be a string message including variable substitution. E.g. My @item.name
-
Our severity levels are derived from the Syslog levels, see this Syslog wikipedia article for additional information.\u00a0\u21a9
"},{"location":"application/containers/","title":"Containers","text":""},{"location":"application/containers/#containers","title":"Containers","text":"The containers view shows the hierarchy of containers and allows you to configure the container mode and timezone.
You also move containers within the hierarchy within this view and renew containers.
In this view you can also add/remove columns to show you:
- Container Id
- Container name
- Number of Assets
- Number of Unassigned alerts
- Number of Assigned alerts
- Number of Notifications
- Mode
- Timezone
A container can contain a maximum of 2.000 assets.
If you have the need to add more assets please reach out to support so we can discuss potential solutions.
"},{"location":"application/credits/","title":"Credits","text":""},{"location":"application/credits/#credits","title":"Credits","text":"On the credits page you can find the \"in use\" credits and \"available\" credits for a container and it's children.
You can drill-down per container to retrieve detailed usage:
"},{"location":"application/dashboard/","title":"Dashboard","text":""},{"location":"application/dashboard/#dashboard","title":"Dashboard","text":"The dashboard gives an overview of all unassigned alerts and notifications per configured container and can be used to display on a central display.
When you open the dashboard for the first time or in a new browser session you are created by a setup wizard. See our Dashboard setup paragraph how to setup you dashboard but first have a look on at our dashboard concept as this helps you decide on how to setup your dashboard.
Raspberry Pi dashboard server
See our Raspberry Pi guide on how we have setup our autonomous dashboards using a couple of Raspberry Pi's.
"},{"location":"application/dashboard/#dashboard-overview","title":"Dashboard overview","text":"Our dashboard consists of two main sections:
- Graphical container overview
- Unassigned alerts
"},{"location":"application/dashboard/#graphical-container-section","title":"Graphical container section","text":" - The outer circle show all alerts
- Assigned alerts are colored in a blue tint
- The inner circle shows all notifications
"},{"location":"application/dashboard/#unassigned-alerts-section","title":"Unassigned alerts section","text":"The section shows all unassigned alerts sorted by time of creation.
"},{"location":"application/dashboard/#dashboard-setup","title":"Dashboard setup","text":"You can edit the dashboard using the icon.
- Select which section you want to show.
- Select an optional screen division if you have chosen to use multiple sections
- Select the containers you want to display on this dashboard
Configuration
The dashboard configuration is stored in the users profile. This allows you to change a wall mounted dashboard easily by looging in as the user used to display the dashboard.
"},{"location":"application/home/","title":"Home","text":""},{"location":"application/home/#home","title":"Home","text":"The home screen gives you a personalized overview of alerts assigned to you, containers, access and favorites.
Future improvements ahead
In the future we will make it possible to adapt the home screen to your needs.
"},{"location":"application/labels/","title":"Labels","text":""},{"location":"application/labels/#labels","title":"Labels","text":""},{"location":"application/labels/#purpose","title":"Purpose","text":"Grouping, labels can be added to hosts to group and identify them quickly.
Apply conditions, Labels are also used to control which conditions are active.
Glue
Labels \"glue\" conditions onto hosts.
graph LR\n condition1[Condition] --- label; \n condition2[Condition] --- label; \n condition3[Condition] --- label; \n label{{Label}} --- host1[Host];\n label --- host2[Host];\n label --- host3[Host];
"},{"location":"application/labels/#how-to-use","title":"How to use","text":"Labels can be assigned to hosts either by editing a host or by selecting one or more hosts and using the action menu.
Action menu in action"},{"location":"application/labels/#custom-labels","title":"Custom labels","text":"InfraSonar container admins can create custom labels for a container.
InfraSonar add label Pro Tip
As must browsers support emoji it is possible to use these in your labels. Examples:
- The round pushpin \ud83d\udccd to indicate labels used for locations.
\ud83d\udccd InfraSonar HQ - Bust in Silhouette \ud83d\udc64 to indicate labels used for to indicate who is responsible for an asset.
\ud83d\udc64 C.E. Shannon
- Navigate to the labels page () in the left navigation drawer;
- Click the Add label button;
- Enter a name (1);
- Pick a color (2): Steel Olive Mauve Emerald Orange Magenta InfraSonar-blue, (reserved for InfraSonar labels)
- Enter a description(3).
"},{"location":"application/labels/#predefined-labels","title":"Predefined labels","text":"InfraSonar has created labels that, when applied to an asset with the appropriate collector, monitor the asset using best practices.
"},{"location":"application/log/","title":"Log","text":""},{"location":"application/log/#log","title":"Log","text":"In It this panel you can see the logging of all user actions in the ui.
"},{"location":"application/modes/","title":"Modes","text":""},{"location":"application/modes/#modes","title":"Modes","text":"Modes can be used to temporary change the monitoring operation on a container or an asset or group of assets.
We identify the following modes within the InfraSonar application:
mode description normal normal operations, all conditions are evaluated. maintenance All asset notifications and alert messages suppressed disabled All data send by an agent for this asset is ignored. Any probes / checks configured for this asset are stopped. Modes in day to day operations
Modes are a powerful instrument when performing maintenance on assets as it allows on easy way to temporary stop the monitoring avoiding being flood with messages.
"},{"location":"application/modes/#mode-operations","title":"Mode operations","text":""},{"location":"application/modes/#container","title":"Container","text":"Modes can be set on container level. Effectively changing the mode for all assets in the container.
Changing the mode on a container can be done using our a schedular or in the container view.
"},{"location":"application/modes/#asset","title":"Asset","text":"Changing the mode on an asset can be done while editing an asset or scheduled
"},{"location":"application/modes/#api","title":"API","text":"It is also possible to change the mode using our API:
- Change mode on a asset
- Change mode on a container
"},{"location":"application/profile/","title":"Profile","text":""},{"location":"application/profile/#profile-menu","title":"Profile menu","text":"In the top right corner you can find individual settings to configure your profile.
"},{"location":"application/profile/#access","title":"Access","text":"The access menu option shows you which containers your account has access to. Your personal access tokens are also managed here.
InfraSonar profile - access Permissions Here you can lookup your InfraSonar permissions per container :
- The Container column shows the container;
- The Permissions column shows the configured permissions for this container;
- The From column shows in the permissions were configured on the container or where inherited from a parent container.
Tokens You will also configure your personal access tokens here.
Keep tokes personal
Tokens configured here are personal and represent you.
"},{"location":"application/profile/#alerts","title":"Alerts","text":"Any alerts assigned to you can be found here.
"},{"location":"application/profile/#messages","title":"Messages","text":"InfraSonar system-wide announcements and messages can be found here.
These provide a valuable insight into new releases, planned maintenance windows etc.
"},{"location":"application/profile/#status","title":"Status","text":"You can set your status to mute avoiding InfraSonar from sending any notification to you.
Mute stops also rules
Any rules sending you direct messages (SMS, email, WhatsApp and voice) are alo muted.
You can create a schedule to set your status automatically.
"},{"location":"application/profile/#profile","title":"Profile","text":"Your profile details
InfraSonar profile - profile Name Your display name as provided by your authentication provider. Email Your email address as provided by your authentication provider. Note, we will send messages and email notifications configured in rules to this address. Phone If you want to use WhatsApp, SMS and/or voice notifications in rules you need to configure your mobile phone number here. Dark theme Choice the dark side here. Display my email address to other users in my containers Makes your email address visible to other container users. Receive messages in your email When disabled InfraSonar messages will no longer be send via email"},{"location":"application/profile/#dashboard","title":"Dashboard","text":"Your personal dashboard can be configured here.
Any settings made to the dashboard are stored in you user profile and will be reflected in all logged on sessions. This can be useful for managing wall-boards.
"},{"location":"application/profile/#sign-out","title":"Sign out","text":"Sign out of InfraSonar.
"},{"location":"application/reporting/","title":"Reporting","text":""},{"location":"application/reporting/#reporting","title":"Reporting","text":""},{"location":"application/reporting/#overview","title":"Overview","text":""},{"location":"application/reporting/#kinds","title":"Kinds","text":"We identify these three reporting kinds:
- Alerts and notifications
- State data
- Condition
"},{"location":"application/reporting/#time-schedule","title":"Time schedule","text":"here you can pick the unit of time you want to use as data-window for your report:
And pick for which period you want the report.
Optionally you can choose to repeat the report daily, weekly or monthly.
Tips
Editing Editing is only possible for repeating reports. One-off reports can be cloned to be run again using other parameters.
Planning ahead It is possible to schedule reports in the future, we advise to enable notifications when doing so.
State data Quering state data is due to its nature not possible over a period of time.
"},{"location":"application/reporting/#data","title":"Data","text":"here you can use three filter levels to fine grain which assets are returned in your report.
- Asset kind filterYou can opt to limit your report to a specific asset kind.
- Container filterAllows you to select for which containers you want the report
- Label filterAllows you to filter for which labels you want the report
"},{"location":"application/reporting/#alerts-and-notifications","title":"Alerts and notifications","text":"Creates a pdf report containing an overview of the alerts and notifications for the selected assets in the selected time frame.
"},{"location":"application/reporting/#state-data","title":"State data","text":"You can query state data by entering the \"path\" towards the data: Collector \u2192 Check \u2192 Type
State data reports can be useful to periodically retrieve data for keeping your CMDB up to date.
"},{"location":"application/reporting/#example","title":"Example","text":"Say you want weekly report containing all relevant certificate information from our tcp-probe
- collector:
tcp - Check:
certificates - Type:
sslCert
Next you can select which metrics should be in your report, default we add all metrics.
Last step is to specify how you want to receive the data, we support json and xlsx and allow you format the values for better readability or keep them for better processing.
"},{"location":"application/reporting/#condition","title":"Condition","text":"A condition report can be used to report when an alerts is opened on a specific condition.
This report shows the following information:
- Container Id
- Container Name
- Asset Id
- Asset Name
- Message
- Severity
- Created on
- Last message
- Last severity
- Last hit
- Owner
- Last action
- Last action datetime
- Last action username
- Last action message
- Closed
Tip
When you subtract last hit from the created on date you get the duration.
"},{"location":"application/rules/","title":"Rules","text":""},{"location":"application/rules/#rules","title":"Rules","text":"Rules are a great way to configure external notifications for end-users.
Rules can be setup for a group of conditions and assets and route messages to either SMS, WhatsApp, Email, a webhook or even a voice call.
Setup you phone number
Before we can send a message using SMS or WhatsApp to your phone we need to know your phone number. Your can manage your phone number in your profile.
"},{"location":"application/rules/#prerequisites","title":"Prerequisites","text":"If you want to use SMS, WhatsApp or voice calls it is important to note that every time the rule is triggered this will cost one credit which will count against your monthly billed credits.
Users with the privilege RuleManagement can setup any rules, even for other users.
The privilege RuleEmail allows users to manage there own email rules while RulePhone allows users to manage their own SMS, WhatsApp or voice calls.
It is important though that for each user who wants to use SMS, WhatsApp or voice calls their number must be setup in their profile.
"},{"location":"application/rules/#configuring-alert-rules","title":"Configuring alert rules","text":"Ask your users to setup their phone number
If toBefore we can send a message using SMS or WhatsApp to your phone we need to know your phone number. Your can manage your phone number in your profile.
The next paragraphs outline each of the tabs when configuring rules.
"},{"location":"application/rules/#general","title":"General","text":"To start, select how you'd like this rule to notify you by selecting a rule kind :
- Email
- webhook
- SMS
- VoiceCall
- WhatsApp
For webhooks some additional options can be configures, see our webhook documentation for the specific details.
When configuring SMS, VoiceCall or WhatsApp we urge you to test the communication using the test button to ensure your desired way of communication is working.
Next step is to configure a user for whom this rule is applicable.
Set a description for this rule, your future self and colleagues will thank you later.
Last choose in this section is for which severity level you want to be notified.
Choose your severity level wisely
Choosing a lower level notifies you also about the more urgent levels. So if you choose Critical you will also be notified when an Alert or Emergency level is hit. To avoid unexpected costs and messages flooding you choosing the correct severity levels requires some careful consideration, if in doubt don't hesitate to contact support
"},{"location":"application/rules/#condition","title":"Condition","text":"In this section you choose for which conditions you want this rule to be active or not.
You can choose to exclude or include specific conditions this rule to applies to.
"},{"location":"application/rules/#asset","title":"Asset","text":"Select the label you want to use to specify for which assets this rule applies, if you don't select a label this rule will apply to all assets in the container.
When a label a selected we will show a list of assets for which this rule applies.
"},{"location":"application/rules/#schedule","title":"Schedule","text":"Adding a schedule is only possible once the rule has been saved.
Click Add schedule to add a schedule.
"},{"location":"application/rules/#configuring-notification-rules","title":"Configuring notification rules","text":"Configuring notification rules is similar to configuring alert rules.
The main difference between notification rules and alert rules is that notification rules specify on specific notifications you want the rule to be applied for, while alert rules specify which conditions and assets will trigger an alert.
Configuring which notification are handled by this rule is done in the kind tab. Here you can select if you want to exclude or include one or more notification kinds
"},{"location":"application/schedule/","title":"Schedule","text":""},{"location":"application/schedule/#schedule","title":"Schedule","text":"Our schedular allows you to schedule a mode change on a specific time or at specific intervals for a container.
The schedule option is also available for a single asset and can be found below the \"More\" menu in the asset view.
"},{"location":"application/timeseries/","title":"Time series","text":""},{"location":"application/timeseries/#time-series","title":"Time Series","text":"In this panel it is possible to turn time-series off or on on a container level.
Another feature in this panel is to purge dead time-series
"},{"location":"application/timeseries/#turning-time-series-off","title":"Turning time-series off","text":"Turning time-series off can be useful in curtain use-cases to reduce costs.
Note
When a time-serie is turned any configured graphs will show the last measured state in a flat-line.
Also important to note is than any Enodo conditions will no longer work as these require historical data to perform the analysis on.
"},{"location":"application/timeseries/#turning-time-series-on","title":"Turning time-series on","text":"In some scenario's where you would like more in-depth analysis in might be beneficial to enable time-series.
A good example where this might be of using is monitoring per process information using the wmi probe. This is turned off by default as it can quickly result in massive time-series usage.
"},{"location":"application/timeseries/#purge-dead-time-series","title":"Purge dead time-series","text":"Dead time-series occur when an asset is removed or when an asset is modified.
An easy example of an asset modification that leads to dead time-series is a removed volume.
Purging dead time-series removes all time-series which not received data for the provided amount of weeks.
"},{"location":"application/tokens/","title":"Tokens","text":""},{"location":"application/tokens/#tokens","title":"Tokens","text":"In this section container-tokens can be generated and maintained.
Container tokens can be used to authorize external automation to manage InfraSonar data using our API.
Container tokens are also required for agentcore and agent authentication.
Tip
We strongly suggest setting up separate tokens where possible.
"},{"location":"application/tokens/#create-container-tokens","title":"Create container tokens","text":" - Navigate to the container you want to create a token for.
- Click the tokens icon in the left hand menu.
- Click the Add token button.
- Give the token a identifiable name and provide just enough accessobserve we added some shortcuts to create access tokens for Agentcores and probes
- Click Save, enter a reason and click confirm
- Reopen the just created token and copy the ID.
"},{"location":"application/tokens/#pre-defined-roles","title":"Pre-defined roles","text":"We predefined three roles to quickly set the correct permissions:
- Agentcore
- Agent
- Agent (no auto asset creation)
"},{"location":"application/tokens/#container-token-rules","title":"Container token rules","text":" - User who have the de
container Access flag set can create container tokens. - A user can not grant more access permissions to a token then he or she already has.
"},{"location":"application/trash/","title":"Trash","text":""},{"location":"application/trash/#trash","title":"Trash","text":"Asset's are soft-deleted.
When an asset is deleted we remove the collectors from the asset and move the asset to the trash-bin.
"},{"location":"application/trash/#recovering-an-asset","title":"Recovering an asset","text":"When you recover an asset you will need to add the collectors and labels back to this asset.
Kind and description are recovered from the \"bin\".
When you did not purge the time-series data this will be available again also.
"},{"location":"application/users/","title":"Users","text":""},{"location":"application/users/#users","title":"Users","text":"A user with ContainerAccess rights can manage users.
Tip
As with any platform we advise to adhere to the Principle of least privilege
"},{"location":"application/users/#authentication","title":"Authentication","text":"We support user authentication using using one of these cloud identities:
- Microsoft account (this can be a work or personal account)
- Google account (this can be a personal or Google workspace account)
Note
Users can only be added to our platform if they are \"known\" to us. As such a user should fist authenticate once on our platform and from there on the user can be added to a container.
"},{"location":"application/users/#authorization","title":"Authorization","text":"A user's identity can be authorized on a container using a specific permissions.
Note
Also note a user with ContainerAccess rights can never assign more permissiong the assigned to this user.
"},{"location":"application/users/#how-to","title":"How-to","text":""},{"location":"application/users/#add-user","title":"Add user","text":"You can only add a user to a container if the user is \"known\" in InfraSonar, so a new user needs to logon using a Microsoft or Google account prior granting the user access.
Users can be added using the email address they used to authenticate with.
"},{"location":"application/users/#access-permissions-for-regular-users","title":"Access permissions for regular users","text":"We suggest the following set of access permissions for regular users:
- Is member
- View
- AlertChange
Option we suggest adding:
- AlertAssign as this allows the user to assign alerts to users.
- ReportingView, access to reports can help users to get a better understanding.
- RuleEmail, allowing users to setup email rules for themselves can be beneficial.
"},{"location":"application/users/#permissions","title":"Permissions","text":"We have listed each of the specific InfraSonar permission flags below:
"},{"location":"application/users/#is-member","title":"Is member","text":"Allows alerts to be assigned to this user, makes the user \"visible\" for alert assignment.
"},{"location":"application/users/#view","title":"View","text":"Required for viewing this container.
"},{"location":"application/users/#billing","title":"Billing","text":"Required for viewing the credits tab on this container (only when credits are available on the on the container).
"},{"location":"application/users/#insertcheckdata","title":"InsertCheckData","text":"Required for inserting data using the API (used by agents).
"},{"location":"application/users/#agentcoreconnect","title":"AgentcoreConnect","text":"Required for AgentCores to connect to the hub.
"},{"location":"application/users/#assetmanagement","title":"AssetManagement","text":" - Required for changing the container mode (and/or schedule container mode);
- Required for changing the asset mode (and/or schedule asset mode);
- Required for creating new assets;
- Required for removing assets (including delete from trash);
- Required for changing asset configuration (including labels and collector related configuration).
"},{"location":"application/users/#alertassign","title":"AlertAssign","text":"Required for assigning alerts."},{"location":"application/users/#alertchange","title":"AlertChange","text":"Required for closing alerts; Required for adding comments to alerts."},{"location":"application/users/#api","title":"API","text":"Required for any API request.
"},{"location":"application/users/#containermanagement","title":"ContainerManagement","text":" - Required for adding child containers to this container;
- Required for removing this container;
- Required for renaming this container.
"},{"location":"application/users/#containeradmin","title":"ContainerAdmin","text":" - Required for creating/changing/removing labels within this container;
- Required for creating/changing/removing conditions within this container;
- Required to create/change/remove a DutyCalls service to this container.
"},{"location":"application/users/#containeraccess","title":"ContainerAccess","text":" - Required for managing user access to this container;
- Required for managing tokens on this container.
"},{"location":"application/users/#checkmanagement","title":"CheckManagement","text":"Required for enable/disable/configure checks per collector on assets.
"},{"location":"application/users/#timeseriesmanagement","title":"TimeSeriesManagement","text":"Required for enable/disable time-series for this container.
"},{"location":"application/users/#rulemanagement","title":"RuleManagement","text":"Required for managing all rules on this container. (including rules for webhooks and rules for other users)
"},{"location":"application/users/#ruleemail","title":"RuleEmail","text":"Required for creating a personal email rule on this container.
"},{"location":"application/users/#purgetimeseries","title":"PurgeTimeSeries","text":"Required for purging dead-time-series within this container.
"},{"location":"application/users/#viewlog","title":"ViewLog","text":"Required for viewing logging.
"},{"location":"application/users/#reportingview","title":"ReportingView","text":"Required for viewing reports.
"},{"location":"application/users/#reportingadmin","title":"ReportingAdmin","text":"Required for managing reports.
"},{"location":"application/users/#containertokens","title":"ContainerTokens","text":"Required for managing container tokes.
"},{"location":"application/users/#rulephone","title":"RulePhone","text":"Required for creating a personal phone rule like SMS, PhoneCall or WhatsApp on this container.
"},{"location":"application/users/#webhooks","title":"Webhooks","text":"Required for managing and viewing Webhooks. Be careful with this privilege as webhooks might contain sensitive information like API keys. (This auth flag is not required for creating rules using webhooks)
"},{"location":"application/views/","title":"Views","text":""},{"location":"application/views/#views","title":"Views","text":"Views can be used create an overview over multiple assets grouped by kind and/or label.
"},{"location":"application/webhooks/","title":"Webhooks","text":""},{"location":"application/webhooks/#webhooks","title":"Webhooks","text":"Webhooks can be used to inform third party services about open en closed alerts and notifications. A webhook must be used by a rule before the webhook will be executed. This enables more control for when a webhook must be called.
"},{"location":"application/webhooks/#variable-in-a-webhook","title":"Variable in a webhook","text":"It is possible to use variable using the syntax {{ variable }} when creating a webhook. The following variable are available:
Variable Scope Example value alert_link Alert https://app.infrasonar.com/container/123/asset/456/alert?condition=789&item=myitem&alert=1689146219 alert_message Alert A message with optional MarDown syntax. alert_severity Alert WARNING (One of EMERGENCY, ALERT, CRITICAL, ERROR, WARNING, NOTICE, INFORMATIONAL or DEBUG) alert_timestamp Alert 1689146219 asset_id Alert 456 asset_name Alert My asset condition_id Alert 789 condition_name Alert My condition container_id All 123 container_link All https://app.infrasonar.com/container/123 container_name All My container item_name Alert My item ks All (Unique key string to identify the alert of notification) notification_identifier Notification (For example an asset name but can be nil) notification_index Notification (For example a check name but can be nil) notification_kind Notification ConnectionStatus (One of ConnectionStatus, ConnectionTimeDelta, ProbeVersion, ProbeMissing, ProbeTimeDelta, ProbeNoHeartbeat, CheckMissing, CheckError, CheckAged, CheckInvalidResult, CheckInvalidTimestamp, CheckInvalidData, ContainerMaintenance, AgentcoreMissing or ConditionError) notification_message Notification A message with optional MarkDown syntax. notification_severity Notification MEDIUM (One of LOW, MEDIUM or HIGH) notification_timestamp Notification 1689146219 webhook_id All 0 (Webhook identifier) webhook_name All My webhook scope All AlertOpen (One of AlertOpen, AlertClose, NotificationOpen or NotificationClose)"},{"location":"application/zones/","title":"Zones","text":""},{"location":"application/zones/#zones","title":"zones","text":"Zones can be useful when assets are located in a dmz or remote networks as it allows to direct assets to a specific Agentcore by configuring the asset to be a member of the specific zone.
"},{"location":"application/zones/#good-to-know","title":"Good to know","text":" - When one or more Agentcores are configured in the specified zone an asset is bound to one of the Agentcores in this zone.
- If no agentcores are configured in the specified zone we fall back to any other agent core.
- For assets being monitored using an agent the zone configuration is purely cosmetic.
In the future we might add a link between zones and locations.
"},{"location":"collectors/","title":"Index","text":""},{"location":"collectors/#collectors","title":"Collectors","text":"InfraSonar collectors collect monitoring data to be parsed by the InfraSonar cloud platform.
All our general purpose collectors are available as open-source on our GitHub page.
Using the provided libraries third parties can easily add additional collectors to our platform.
"},{"location":"collectors/#collection-concepts","title":"Collection concepts","text":"InfraSonar identities three collection concepts to gather data from monitored assets.
- Agents run autonomously on a monitored asset and send data directly the to InfraSonar platform
- Probes are most often deployed on an appliance and are orchestrated by an agentcoreProbes are typically used for agentless monitoring scenario's.
- Services collect data \"as a service\".
"},{"location":"collectors/agents/","title":"Index","text":""},{"location":"collectors/agents/#agents","title":"Agents","text":"An InfraSonar agents is an installable software component that autonomously and send the retrieved monitoring data to the InfraSonar platform using the InfraSonar API
"},{"location":"collectors/agents/#available-agents","title":"Available agents","text":" Docker agent
Kubernetes agent
Speedtest agent
Microsoft Windows Agent
"},{"location":"collectors/agents/docker/","title":"Docker","text":""},{"location":"collectors/agents/docker/#docker","title":"Docker","text":"The Docker-agent is a Docker container that can be used to monitor other Docker containers. The Docker-agent itself runs as a Docker container on the host, which hosts the containers and uses the Unix socket docker.sock to retrieve relevant monitoring data which, is send to the InfraSonar API.
"},{"location":"collectors/agents/docker/#prerequisites","title":"Prerequisites","text":" - The Docker-agent must be able to connect to the InfraSonar API
- The Docker-agent must be allowed access to the Unix socket
docker.sock. - The Docker-agent requires a valid token.
"},{"location":"collectors/agents/docker/#deployment","title":"Deployment","text":"There are multiple scenario's that can be used to deploy the docker agent and it depends on your use case which one would suites best for you.
Host network vs bridge network
When using a bridge network it is highly recommended to set the container host name using the --hostname / -h flag as this is the name used by the agent to present itself.
Upon first run the Docker agents registers itself as an asset in InfraSonar, to ensure reconnection to the same asset an asset-id is stored in /data/.asset.json hence the reason we mount the the /data folder.
"},{"location":"collectors/agents/docker/#docker-command","title":"Docker command","text":"Deploys the docker agent using a bridged network and names the hostname to the system hostname:
docker run \\\n --name dockeragent \\\n -h $HOSTNAME \\\n -v infraSonarData:/data \\\n -e TOKEN=\"<<agent token>>\" \\\n -v /var/run/docker.sock:/var/run/docker.sock \\\n -d \\\n ghcr.io/infrasonar/docker-agent\n
Deploys the docker agent using the host network and thus automatically uses the system hostname:
docker run \\\n --name dockeragent \\\n --network host \\\n -v infraSonarData:/data \\\n -e TOKEN=\"<<agent token>>\" \\\n -v /var/run/docker.sock:/var/run/docker.sock \\\n -d \\\n ghcr.io/infrasonar/docker-agent\n
"},{"location":"collectors/agents/docker/#docker-compose","title":"docker-compose","text":"You can also add the Docker-agent to your docker-compose.yml file:
volumes:\n infraSonarData:\n\nservices:\n dockeragent:\n network_mode: host\n container_name: dockeragent\n hostname: dockeragent\n restart: always\n logging:\n options:\n max-size: 5m\n image: ghcr.io/infrasonar/docker-agent\n environment:\n TOKEN: \"<<agent token>>\"\n volumes:\n - /var/run/docker.sock:/var/run/docker.sock\n - infraSonarData:/data\n
See also our InfraSonar docker compose on how we deploy the docker agent on our monitoring appliances.
"},{"location":"collectors/agents/kubernetes/","title":"Kubernetes","text":""},{"location":"collectors/agents/kubernetes/#kubernetes","title":"Kubernetes","text":""},{"location":"collectors/agents/kubernetes/#introduction","title":"Introduction","text":"The Kubernetes agent monitors your Kubernetes cluster. Deploy it as a pod in your cluster.
"},{"location":"collectors/agents/kubernetes/#prerequisites","title":"Prerequisites","text":" - A valid Kubernetes token.
- An InfraSonar asset ID if you want to use a Deployment instead of a StatefulSet.
"},{"location":"collectors/agents/kubernetes/#installation","title":"Installation","text":"Create a namespace for the agent:
namespace.yamlapiVersion: v1\nkind: Namespace\nmetadata:\n name: monitoring\n
Create a cluster role for the agent:
cluster_role.yamlkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: infrasonar\nrules:\n- apiGroups: [\"metrics.k8s.io\", \"apiregistration.k8s.io\", \"\"]\n resources: [\"pods\", \"namespaces\", \"nodes\", \"nodes/proxy\", \"apiservices\", \"persistentvolumeclaims\", \"services\"]\n verbs: [\"list\", \"get\"]\n
Create a cluster role binding for the agent:
cluster_role_binding.yamlkind: ClusterRoleBinding\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: infrasonar\nsubjects:\n- kind: ServiceAccount\n name: default\n namespace: monitoring\nroleRef:\n kind: ClusterRole\n name: infrasonar\n apiGroup: rbac.authorization.k8s.io\n
Apply the above files:
kubectl apply -f namespace.yaml\nkubectl apply -f cluster_role.yaml\nkubectl apply -f cluster_role_binding.yaml\n
"},{"location":"collectors/agents/kubernetes/#deployment","title":"Deployment","text":"If you already have an asset or want to create one manually in InfraSonar, you only need the asset ID and can use a Deployment. Otherwise, skip this part and read the StatefulSet section.
Create a deployment for the agent:
deployment.yamlapiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: infrasonar\n namespace: monitoring\n labels:\n app: infrasonar\nspec:\n selector:\n matchLabels:\n app: infrasonar\n template:\n metadata:\n labels:\n app: infrasonar\n spec:\n containers:\n - name: infrasonar\n image: ghcr.io/infrasonar/kubernetes-agent:latest\n imagePullPolicy: Always\n env:\n - name: ASSET_ID\n value: \"<REPLACE_WITH_YOUR_ASSET_ID>\"\n - name: TOKEN\n value: \"<REPLACE_WITH_YOUR_AGENT_TOKEN>\"\n
Apply the deployment:
kubectl apply -f deployment.yaml\n
"},{"location":"collectors/agents/kubernetes/#statefulset","title":"StatefulSet","text":"Use a StatefulSet only if you want the agent to create the asset for you, otherwise use a Deployment.
Create a StatefulSet for the agent:
stateful_set.yamlapiVersion: apps/v1\nkind: StatefulSet\nmetadata:\n name: infrasonar\n namespace: monitoring\n labels:\n app: infrasonar\nspec:\n selector:\n matchLabels:\n app: infrasonar\n serviceName: infrasonar\n replicas: 1\n template:\n metadata:\n labels:\n app: infrasonar\n spec:\n containers:\n - name: infrasonar\n image: ghcr.io/infrasonar/kubernetes-agent:latest\n imagePullPolicy: Always\n env:\n - name: ASSET_ID\n value: \"/mnt/data/asset.json\"\n - name: TOKEN\n value: \"<REPLACE_WITH_YOUR_AGENT_TOKEN>\"\n volumeMounts:\n - name: data\n mountPath: /mnt/data\n volumeClaimTemplates:\n - metadata:\n name: data\n spec:\n accessModes: [\"ReadWriteOnce\"]\n resources:\n requests:\n storage: 1Mi\n
Apply the StatefulSet:
kubectl apply -f stateful_set.yaml\n
"},{"location":"collectors/agents/kubernetes/#cleanup","title":"Cleanup","text":"When you no longer want to use the Kubernetes agent, you can remove it with the following steps:
If a Deployment was used:
kubectl delete deployment infrasonar --namespace=monitoring\n
If a StatefulSet was used:
kubectl delete sts infrasonar --namespace=monitoring\nkubectl delete pvc -l app.kubernetes.io/name=infrasonar --namespace=monitoring\n
Cleanup the namespace, service account and associated role and binding:
kubectl delete ClusterRoleBinding infrasonar\nkubectl delete ClusterRole infrasonar\nkubectl delete ns monitoring\n
"},{"location":"collectors/agents/kubernetes/#my-cpu-and-memory-metrics-are-missing","title":"My CPU and Memory metrics are missing","text":"If the pod and node CPU and Memory metrics are missing, please check the agent logging. Most likely the metric server is not running. This can be checked using the following command:
kubectl get apiservices v1beta1.metrics.k8s.io\n
The above should return with something like:
NAME SERVICE AVAILABLE AGE\nv1beta1.metrics.k8s.io kube-system/metrics-server True 123d\n
Click here for information on how to install the metrics server.
"},{"location":"collectors/agents/kubernetes/#additional-information","title":"Additional information","text":" Kubernetes agent source code
"},{"location":"collectors/agents/speedtest/","title":"Speedtest","text":""},{"location":"collectors/agents/speedtest/#speedtest","title":"Speedtest","text":""},{"location":"collectors/agents/speedtest/#introduction","title":"Introduction","text":"The speedtest-agent measures upload and download speeds using Ookla's speedtest service.
Third party data collection
Ookla collects certain data through Speedtest that may be considered personally identifiable, such as your IP address, unique device identifiers or location. Ookla believes it has a legitimate interest to share this data with internet providers, hardware manufacturers and industry regulators to help them understand and create a better and faster internet. For further information including how the data may be shared, where the data may be transferred and Ookla\u2019s contact details, please see Ookla's Privacy Policy.
The ping-probe utilizes the icmp protocol to monitor the network roundtrip between the monitoring appliance and the monitored host.
"},{"location":"collectors/agents/speedtest/#features","title":"Features","text":" - Monitors upload and download speeds as observed from the agent's perspective
"},{"location":"collectors/agents/speedtest/#deployment","title":"Deployment","text":"The speedtest agent is easiest deployed as a docker container.
docker run \\\n --name speedtestagent \\\n -e TOKEN=\"<<agent token>>\" \\\n -e ASSET_ID=\"<<asset_ID>>\" \\\n -d \\\n ghcr.io/infrasonar/speedtest-agent\n
Ensure you add the agent onto the asset prior to deploying the agent.
"},{"location":"collectors/agents/speedtest/#additional-information","title":"Additional information","text":" Speedtest agent source code
"},{"location":"collectors/agents/windows/","title":"Windows","text":""},{"location":"collectors/agents/windows/#microsoft-windows-agent","title":"Microsoft Windows agent","text":""},{"location":"collectors/agents/windows/#installation","title":"Installation","text":""},{"location":"collectors/agents/windows/#easy-deployment","title":"Easy deployment","text":"You can use our easy deployment script, note this scripts requires elevated privileges as it runs an MSI installer.
curl -fsSL https://deploywindowsagent.infrasonar.com ^\n -o %temp%\\infrasonar.cmd && %temp%\\infrasonar.cmd\n
"},{"location":"collectors/agents/windows/#manual-installation","title":"Manual installation","text":"Install the msi:
You can download the latest msi of our latest Microsoft Windows agent from our GitHub releases page here.
Configure the Microsoft Windows agent:
Open the registry and add your agent Token:
You can also use the command below in an elevated command prompt to set your agent token:
set token=YOURTOKENHRE\nreg add \"HKLM\\SOFTWARE\\Wow6432Node\\Cesbit\\InfraSonarAgent\" /v Token /d %token% /t REG_SZ /f\n
Configure your asset Id
If you already have an Asset Id, you can configure set in the registry. When the AssetId registry key is 0, the agent will create a new asset once the service starts.
(Re)start the Microsoft Windows agent:
To apply any changed made in the registry the agent needs to be stopped and started.
You can use the services console (services.msc) or use the following commands in an elevated command prompt:
net stop InfraSonarAgent\nnet start InfraSonarAgent\n
More debug information
If you want more debug information in the Event Viewer, you can also add a Debug registry key of type RED_DWORD and set the value to 1.
"},{"location":"collectors/agents/windows/#additional-information","title":"Additional information","text":" Windows agent source code
"},{"location":"collectors/probes/","title":"Probes","text":""},{"location":"collectors/probes/#introduction","title":"Introduction","text":"Probe mission
We use open standards and vendor-provided technologies to query controlled systems.
Probes are collectors that use open standards or vendor provided methods to retrieve monitoring data from a remote asset.
All InfraSonar provided probes are available as open source on our GitHub repository as we believe in transparency with regards to data collection and systems access.
When a new asset (host) is added and the InfraSonar admin enables a specific probe for this asset, a discovery routine will be started to identify the asset and determine which checks InfraSonar can perform.
"},{"location":"collectors/probes/#deployment","title":"Deployment","text":"Probes are typically deployed using a Docker image running as a Docker container one or more InfraSonar appliances.
Upon startup a probe registers itself to the for this probe configured agentcore
Because probes usually run in the same Docker network as the agentcore, they can easily connect to it.
"},{"location":"collectors/probes/#configuration","title":"Configuration","text":"As probes are typically deployed using Docker compose, probe behavior, such as setting the log level, can easily be accomplished by environment variables in the coresponding docker-compose.yml file. The usage of this file is outlined here
"},{"location":"collectors/probes/agentcore/","title":"Agentcore","text":""},{"location":"collectors/probes/agentcore/#agentcore","title":"Agentcore","text":"The Agentcore orchestrates our probes and is responsible for scheduling checks. During the startup sequence of a probe, it will \u201c announce\u201d itself to the Agentcore.
The Agentcore also acts as a communication gateway. Data retrieved by the probes is sent to the InfraSonar cloud platform via the Agentcore.
graph LR\n probe[Probe] --> | TCP 8750 | Agentcore[Agentcore] --> | TCP 8730 TLS/SSL | infrasonarcloud[InfraSonar Cloud Platform];
As probes usually run in the same Docker network as the Agentcore, they can easily connect to it.
it is possible to use TCP port 443 instead of 8730 we don't recommended this but some environment refuse inter traffic to ports other then 80 and 443
"},{"location":"collectors/probes/agentcore/#features","title":"Features","text":""},{"location":"collectors/probes/agentcore/#resumable-operation","title":"Resumable operation","text":"If an Agentcore is shutdown properly a list of assets and a check result queue are saved on disk. Given the Agentcore starts and it can't connect to the InfraSonar cloud platform the list of saved assets will be used to resume operations. Check results up to a maximum of 100.000 packages will be stored in a queue.
"},{"location":"collectors/probes/agentcore/#multiple-agentcores","title":"Multiple Agentcores","text":"InfraSonar supports multiple Agentcores within a monitored environment. Deploying multiple Agentcores can be useful in spreading the network load, accommodate for network segmentation, and supporting large-scale implementations.
To support network segmentation, assets can be assigned to a zone. When this zone also has an Agentcore assigned its assets will automatically be monitored using the Agentcores in this zone.
When you deploy multiple Agentcores in a zone, assets will be evenly distributed between all Agentcores in this zone..
No automagic failover
If an Agentcore fails it's role will not automatically be taken over by another Agentcore. To accomplish this, the failing Agentcore needs to be removed by an InfraSonar admin.
"},{"location":"collectors/probes/agentcore/#operational","title":"Operational","text":""},{"location":"collectors/probes/agentcore/#removing-an-agentcore","title":"Removing an Agentcore","text":"When an Agentcore is decommissioned, all hosts monitored by are automatically transferred to other Agentcores in the configured zone.
You can remove an Agentcore in our Agentcore panel.
"},{"location":"collectors/probes/dns/","title":"DNS","text":""},{"location":"collectors/probes/dns/#dns","title":"DNS","text":""},{"location":"collectors/probes/dns/#introduction","title":"Introduction","text":"The DNS probe is a synthetic monitor and can even monitor changes to specific DNS records.
"},{"location":"collectors/probes/dns/#features","title":"Features","text":"THe DNS probe can perform forward and reverse DNS queries for an FQDN
"},{"location":"collectors/probes/dns/#deployment","title":"Deployment","text":"The DNS probe is deployed as a docker container using docker compose.
"},{"location":"collectors/probes/dns/#probe-configuration","title":"Probe configuration","text":"Property Description DNS Servers DNS servers to query, note all configured DNS servers are queried FQDN FQDN of the DNS record you want to monitor Reverse DNS lookups
Using the special .arpa. domain it is possible to perform a reverse DNS lookup. See our PTR section for a detailed explanation and examples.
"},{"location":"collectors/probes/dns/#example-configuration","title":"Example configuration","text":" - DNS servers:
8.8.8.8, 8.8.4.4 - FQDN:
dns.google.com
"},{"location":"collectors/probes/dns/#checks","title":"Checks","text":"We support the DNS record types described in the next paragraphs.
Most of the information in this chapter is an extract from this Wikipedia article.
"},{"location":"collectors/probes/dns/#a","title":"A","text":"Address record, List of IPv4 addresses, most commonly used to map hostnames to an IP address of the host
Example:
FQDN Result infrasonar.com 185.199.111.153, 185.199.108.153, 185.199.109.153, 185.199.110.153"},{"location":"collectors/probes/dns/#aaaa","title":"AAAA","text":"IPv6 address record, list of IPv6 addresses, most commonly used to map hostnames to an IP address of the host
Example:
FQDN Result infrasonar.com 2606:50c0:8003::153, 2606:50c0:8002::153, 2606:50c0:8001::153, 2606:50c0:8000::153"},{"location":"collectors/probes/dns/#caa","title":"CAA","text":"Certification Authority Authorization. DNS Certification Authority Authorization, constraining acceptable CAs for a host/domain.
CAA record structure: flag tag value
flag A flags byte which implements an extensible signaling system for future use. As of 2018, only the issuer critical flag has been defined, which instructs certificate authorities that they must understand the corresponding property tag before issuing a certificate. This flag allows the protocol to be extended in the future with mandatory extensions, similar to critical extensions in X.509 certificates. tag One of the following property:
issue This property authorizes the holder of the domain specified in associated property value to issue certificates for the domain for which the property is published. issuewild This property acts like issue but only authorizes the issuance of wildcard certificates, and takes precedence over the issue property for wildcard certificate requests. iodef This property specifies a method for certificate authorities to report invalid certificate requests to the domain name holder using the Incident Object Description Exchange Format. As of 2018, not all certificate authorities support this tag, so there is no guarantee that all certificate issuances will be reported. contactemail Increasingly, contact information is not available in WHOIS due to concerns about potential GDPR violations. This property allows domain holders to publish contact information in DNS. contactphone As above, for phone numbers. value The value associated with the chosen property tag. Example:
FQDN Result infrasonar.com 0 issue \"pki.goog\""},{"location":"collectors/probes/dns/#cname","title":"CNAME","text":"Canonical name record, alias of one name to another.
A CNAME lookup returns only one canonical name.
Example:
FQDN Result docs.cesbit.com cesbit.github.io."},{"location":"collectors/probes/dns/#ds","title":"DS","text":"Delegation signer. The record used to identify the DNSSEC signing key of a delegated zone.
DS record structure: Key Tag Algorithm Digest Type Digest
Example:
FQDN Result infrasonar.com 9907 8 2 33D13AB164664236CF3EF302E8057AF46FC226AAE2B6A2759E4E80BA AF448970"},{"location":"collectors/probes/dns/#mx","title":"MX","text":"Mail exchange record, list of mail exchange servers that accept email for a domain.
Example output: 1 aspmx.l.google.com.,10 alt3.aspmx.l.google.com.,10 alt4.aspmx.l.google.com.,5 alt1.aspmx.l.google.com.,5 alt2.aspmx.l.google.com.
MX Record
An MX record is returned as follows: preference address
Example:
FQDN Result infrasonar.com 1 aspmx.l.google.com., 5 alt1.aspmx.l.google.com., 5 alt2.aspmx.l.google.com., 10 alt3.aspmx.l.google.com., 10 alt4.aspmx.l.google.com."},{"location":"collectors/probes/dns/#ns","title":"NS","text":"Name server record, Delegates a DNS zone to use the given authoritative name servers.
Example:
FQDN Result infrasonar.com ns-cloud-a1.googledomains.com, ns-cloud-a2.googledomains.com, ns-cloud-a3.googledomains.com, ns-cloud-a4.googledomains.com"},{"location":"collectors/probes/dns/#ptr","title":"PTR","text":"PTR Resource Record, possible for IP addresses in the format:
in-addr.arpa is the namespace within .arpa for reverse DNS lookups in IPv4.
IPv6
IPv6 addresses are constructed differently from IPv4 addresses, and IPv6 PTR records exist in a different namespace within .arpa. IPv6 PTR records are stored under the IPv6 address, reversed and converted into four-bit sections (as opposed to 8-bit sections, as in IPv4), plus \".ip6.arpa\".
So 2001:4860:4860::8844 becomes: 4.4.8.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.6.8.4.0.6.8.4.1.0.0.2.ip6.arpa
Example:
FQDN Result 8.8.8.8.in-addr.arpa. dns.google. .4.8.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.6.8.4.0.6.8.4.1.0.0.2.ip6.arpa dns.google."},{"location":"collectors/probes/dns/#srv","title":"SRV","text":"Service locator, generalized service location record, used for newer protocols instead of creating protocol-specific records such as MX.
SRV record structure: Priority Weight Port Target
priority the priority of the target host, lower value means more preferred. weight A relative weight for records with the same priority, higher value means higher chance of getting picked. port the TCP or UDP port on which the service is to be found. target the canonical hostname of the machine providing the service, ending in a dot. Example:
FQDN Result _srv._test.test-technology.nl. 0 5 5060 srvrecordtest.test-technology.nl."},{"location":"collectors/probes/dns/#soa","title":"SOA","text":"Start of [a zone of] authority record. Specifies authoritative information about a DNS zone, including the primary name server, the email of the domain administrator, the domain serial number, and several timers relating to refreshing the zone.
SOA record structure: Primary NS Responsible name Serial Refresh Retry Expire Miniumum
Primary NS Primary master name server for this zone. Responsible name Email address of the administrator responsible for this zone. (As usual, the email address is encoded as a name. The part of the email address before the @ becomes the first label of the name; the domain name after the @ becomes the rest of the name. In zone-file format, dots in labels are escaped with backslashes; thus the email address john.doe@example.com would be represented in a zone file as john.doe.example.com.) Serial Serial number for this zone. If a secondary name server slaved to this one observes an increase in this number, the slave will assume that the zone has been updated and initiate a zone transfer. Refresh Number of seconds after which secondary name servers should query the master for the SOA record, to detect zone changes. Recommendation for small and stable zones: 86400 seconds (24 hours). Retry Number of seconds after which secondary name servers should retry to request the serial number from the master if the master does not respond. It must be less than Refresh. Recommendation for small and stable zones: 7200 seconds (2 hours). Expire Number of seconds after which secondary name servers should stop answering request for this zone if the master does not respond. This value must be bigger than the sum of Refresh and Retry. Recommendation for small and stable zones: 3600000 seconds (1000 hours). Miniumum Used in calculating the time to live for purposes of negative caching. Authoritative name servers take the smaller of the SOA TTL and the SOA MINIMUM to send as the SOA TTL in negative responses. Resolvers use the resulting SOA TTL to understand for how long they are allowed to cache a negative response. Recommendation for small and stable zones: 172800 seconds (2 days). Originally this field had the meaning of a minimum TTL value for resource records in this zone; it was changed to its current meaning by RFC 2308. Example:
FQDN Result infrasonar.com ns-cloud-e1.googledomains.com. cloud-dns-hostmaster.google.com. 15 21600 3600 259200 300"},{"location":"collectors/probes/dns/#best-practices","title":"Best practices","text":""},{"location":"collectors/probes/dns/#internal-vs-external-response","title":"Internal vs External response","text":"Setup an asset to monitor your internal and external DNS response.
This can easily be done by monitoring for example google.com on your internal DNS servers and Google DNS servers, for IPv4: 8.8.8.8 and/or 8.8.4.4 and for IPv6: 2001:4860:4860::8888 and/or 2001:4860:4860::8844.
The average DNS lookup time should be between 20 and 120 milliseconds. Anything between that and under is generally considered very good.
"},{"location":"collectors/probes/dns/#microsoft-active-directory","title":"Microsoft Active Directory","text":"source
Setup a DNS probe to monitor for Microsoft Active Directory specific DNS entries for each DNS server in your forest / domain.
Legend
- Domain_Name is the name of your domain.
- SiteName, name of your Active Directory Site
- DnsForestName, name of your DNS Forest.
The following SRV records are registered by Net Logon:
_ldap._tcp.<Domain_Name>.Allows a client to locate servers running the LDAP service in the domain of Domain_Name._ldap._tcp.<SiteName>._sites.<Domain_Name>.Allows a client to locate servers running the LDAP service in a domain in a site SiteName Domain_Name. SiteName relative file name, which is stored in the Configuration container in Active Directory._ldap._tcp.dc._msdcs.<Domain_Name>.Allows a client to find a domain controller in the domain Domain_Name. All DC register this SRV record._ldap._tcp. <SiteName>._sites.dc._msdcs.<Domain_Name>.Allows a client to find a domain controller in the domain in site SiteName Domain_Name.All DC register this SRV record._ldap._tcp.pdc._msdcs.<Domain_Name>.Allows a client to find a domain PDC Domain_Name.Only PDC server registers this SRV record._ldap._tcp.gc._msdcs.<DnsForestName>.Allows a client to find a DC in the forest DnsForestName.Only GC servers register this SRV record._ldap._tcp. <SiteName>._sites.gc._msdcs.<DnsForestName>.Allows a client to find a GC in the forest.Only GC server DnsForestName owned by this forest register this SRV record_gc._tcp.<DnsForestName>.Allows a client to find a GC in the domain. Only GC servers owned by this forest DnsForestName register this SRV record._gc._tcp.<SiteName>._sites.<DnsForestName>.Allows a client to find a GC in this forest site SiteName DnsForestName.Only GC servers owned by this forest DnsForestName register this SRV record._ldap._tcp.DomainGuid.domains._msdcs.<DnsForestName>.Allows customers to find the DC GUID.A GUID is a 128-bit unique index. Admits when Domain_Name DnsForestName and changed._kerberos._tcp.<Domain_Name>.Allows clients to find a Kerberos KDC in that domain: Domain_Name.All DC register this SRV record._kerberos._udp.<Domain_Name>.Same as _kerberos ._tcp.<Domain_Name> only over UDP_kerberos._tcp.<SiteName>._sites.<Domain_Name>.Allows clients to find a Kerberos KDC in that domain: Domain_Name site SiteName.All DC register this SRV record._kerberos._tcp.dc._msdcs.<Domain_Name>.Allows clients to find a DC running a Kerberos KDC's role in that domain: Domain_Name.All DC with the KDC log this SRV record._kerberos.tcp.<SiteName>._sites.dc._msdcs.<Domain_Name>.Allows clients to find a DC running a Kerberos KDC's role in that domain: Domain_Name site SiteName.All DC with the KDC log this SRV record._kpasswd._tcp.<Domain_Name>.Kerberos Password Change allows you to search for current domain.All kerberos KDC DC (c) role of the register this SRV record_kpasswd._udp.<Domain_Name>.Same as _kpassword._tcp.<Domain_Name> only over UDP
"},{"location":"collectors/probes/dns/#known-issues","title":"Known issues","text":""},{"location":"collectors/probes/dns/#resolution-lifetime-expired-after-5xxx-seconds","title":"Resolution lifetime expired after 5.xxx seconds","text":"The DNS probe returns following the notification:
The resolution lifetime expired after 5.402 seconds:\n Server xx.xx.xx.xx UDP port 53 answered The DNS operation timed out after 2.000 seconds;\n Server xx.xx.xx.xx UDP port 53 answered The DNS operation timed out after 2.000 seconds;\n Server xx.xx.xx.xx UDP port 53 answered The DNS operation timed out after 0.696 seconds\n
The potential rootcause is a DNS server responding with connection refused
This can be validated using the dig command on Linux:
dig @xx.xx.xx.xx google.com\n;; communications error to xx.xx.xx.xx#53: connection refused\n
"},{"location":"collectors/probes/dns/#additional-information","title":"Additional information","text":" DNS probe source code
"},{"location":"collectors/probes/http/","title":"HTTP","text":""},{"location":"collectors/probes/http/#http-probe","title":"HTTP Probe","text":""},{"location":"collectors/probes/http/#introduction","title":"Introduction","text":"The HTTP probe allows to monitor a specific URI over the http or https protocol
"},{"location":"collectors/probes/http/#features","title":"Features","text":" - Roundtrip time, the roundtriptime for the http(s) request is measured and returned.
- HTTP status code monitoring
"},{"location":"collectors/probes/http/#deployment","title":"Deployment","text":"The HTTP probe is deployed as a docker container using docker compose.
"},{"location":"collectors/probes/http/#probe-configuration","title":"Probe configuration","text":"Property Description URI URI of the website you want to monitor Timeout Timeout in seconds should be a value between 0 and 240. The default timeout is 10.0 Verify SSL If turned off, the check ignores invalid certificates; when on, the URI must have a valid certificate. Nots, this is only applicable for HTTPS URI. The default is off. With payload Retrieves the payload, bare in mind the payload is limited to 500 Kb Allow redirects When turned on, redirects are followed. Tip
When monitoring cloud services, enable Allow redirects as these services heavily rely on http redirects.
"},{"location":"collectors/probes/http/#check-specifics","title":"Check specifics","text":""},{"location":"collectors/probes/http/#http-status-codes","title":"HTTP Status codes","text":"See RFC9110 or the List of HTTP status codes on Wikipedia for more detailed information.
code class code Meaning 100 Informational Continue 101 Informational Switching protocols 102 Informational Processing 103 Informational Early Hints 200 Successful OK 201 Successful Created 202 Successful Accepted 203 Successful Non-Authoritative Information 204 Successful No Content 205 Successful Reset Content 206 Successful Partial Content 207 Successful Multi-Status 208 Successful Already Reported 226 Successful IM Used 300 Redirection Multiple Choices 301 Redirection Moved Permanently 302 Redirection Found (Previously \"Moved Temporarily\") 303 Redirection See Other 304 Redirection Not Modified 305 Redirection Use Proxy 306 Redirection Switch Proxy 307 Redirection Temporary Redirect 308 Redirection Permanent Redirect 400 Client Error Bad Request 401 Client Error Unauthorized 402 Client Error Payment Required 403 Client Error Forbidden 404 Client Error Not Found 405 Client Error Method Not Allowed 406 Client Error Not Acceptable 407 Client Error Proxy Authentication Required 408 Client Error Request Timeout 409 Client Error Conflict 410 Client Error Gone 411 Client Error Length Required 412 Client Error Precondition Failed 413 Client Error Payload Too Large 414 Client Error URI Too Long 415 Client Error Unsupported Media Type 416 Client Error Range Not Satisfiable 417 Client Error Expectation Failed 418 Client Error I'm a Teapot 421 Client Error Misdirected Request 422 Client Error Unprocessable Entity 423 Client Error Locked 424 Client Error Failed Dependency 425 Client Error Too Early 426 Client Error Upgrade Required 428 Client Error Precondition Required 429 Client Error Too Many Requests 431 Client Error Request Header Fields Too Large 451 Client Error Unavailable For Legal Reasons 500 Server Error Internal Server Error 501 Server Error Not Implemented 502 Server Error Bad Gateway 503 Server Error Service Unavailable 504 Server Error Gateway Timeout 505 Server Error HTTP Version Not Supported 506 Server Error Variant Also Negotiates 507 Server Error Insufficient Storage 508 Server Error Loop Detected 510 Server Error Not Extended 511 Server Error Network Authentication Required"},{"location":"collectors/probes/http/#additional-information","title":"Additional information","text":" HTTP probe source code
"},{"location":"collectors/probes/mssql/","title":"Microsoft SQL Server","text":""},{"location":"collectors/probes/mssql/#microsoft-sql-server","title":"Microsoft SQL Server","text":""},{"location":"collectors/probes/mssql/#introduction","title":"Introduction","text":"The Microsoft SQL probe uses SQL statements to monitor and analyze the health of a Microsoft SQL Server database.
Goal
The MSSQL probe offers a unified view that provides common ground for infrastructure engineers, DBA, and application managers to analyze and troubleshoot Microsoft SQL server performance issues.
"},{"location":"collectors/probes/mssql/#features","title":"Features","text":"The Microsoft SQL probe allows for in-depth analyses of a SQL server.
Some of the included measurements:
- Memory Page life Expectancy.
- Parallelism configuration.
- CPU, memory and disk IO per database.
- SQL Table information.
- Wait statistics.
- Top 25 query information (all queries would put too much strain on the SQL server).
- Top worker time; which queries consume a lot of time and thus cpu usage.
- Top logical reads; which queries cost the most IO.
- Top execution count; shows the most active queries.
- Index information.
- Frequently used indexes (top used).
- Missing indexes, where would an index make sense.
- Unused indexes, only written but never queried.
- Fragmentation.
- IO, per file and per volume.
- Backup status.
- Agent jobs.
- SQL Config.
- Session and application information.
- Plan cache.
- Blocked count.
Tip
Our implementation consultants can assist in creating a detailed analysis of a Microsoft SQL server.
"},{"location":"collectors/probes/mssql/#deployment","title":"Deployment","text":"The Microsoft SQL probe is deployed as a docker container using docker compose.
"},{"location":"collectors/probes/mssql/#probe-configuration","title":"Probe configuration","text":"The MSSQL probe requires the host's IP address running the monitored SQL server and requires access to curtain SQL tables as defined in our grant scripts.
"},{"location":"collectors/probes/mssql/#credentials","title":"Credentials","text":"The Microsoft SQL probe supports SQL authentication and domain authentication.
For both scenarios it is advisable to setup a separate account for this probe and grant this account access via the supplied grant scripts.
The corresponding infrasonar.yaml 1 section when using for example infrasonar@windows.domainl as user id looks as follows:
mssql:\n config:\n password: \"some_secure_passw0rd\"\n username: infrasonar@windows.domain\n
"},{"location":"collectors/probes/mssql/#authorization","title":"Authorization","text":"The previously created user needs to be granted access onto various tables and resources.
Let your DBA analyses our scripts and contact us if there are any questions.
We created grant scripts for SQL authentication and domain authentication; pick the correct script for your use case.
"},{"location":"collectors/probes/mssql/#grants-for-domain-user","title":"Grants for domain user","text":"Replace domainnamehere\\usernamehere in this script with the correct domain/username and execute it in SQL Server Management Studio to grant the user sufficient permissions.
It is good practice to create a dedicated account for SQL monitoring.
"},{"location":"collectors/probes/mssql/#grants-for-sql-user","title":"Grants for SQL User","text":"This script uses the default username svc_infrasonar and the password someSuperSecurePasswordHereOfCourse, which you should change before running the script.
"},{"location":"collectors/probes/mssql/#best-practices","title":"Best practices","text":""},{"location":"collectors/probes/mssql/#sql-server-maximum-server-memory-is-set-to-default","title":"SQL Server maximum server memory is set to default","text":"Setting max server memory value too high can cause a single instance of SQL Server to compete for memory with other SQL Server instances hosted on the same host. However, setting this value too low could cause significant memory pressure and performance problems. Setting max server memory to the minimum value can even prevent SQL Server from starting. If you cannot start SQL Server after changing this option, start it using the -f startup option and reset max server memory to its previous value. For more information, see Database Engine Service Startup Options.
A rule of thumb is to leave 4GB or 10% of total memory free, whichever is larger on your instance to start with, and adjust this as needed.
See also:
- Microsoft.com - Server memory configuration options
- Brent Ozar - Memory Dangerously Low or Max Memory Too High
"},{"location":"collectors/probes/mssql/#sql-server-cost-threshold-for-parallelism","title":"SQL Server Cost threshold for parallelism","text":"SQL Server Cost threshold for parallelism is a value you might want to review.
While the default value of 5 is adequate for most systems, a different value may be appropriate. Perform application testing with higher and lower values if needed to optimize application performance.
A Microsoft SQL DBA can change this by changing the threshold for parallelism to for example 50, using this SQL statement:
EXEC sp_configure 'show advanced options', 1;\nGO\nRECONFIGURE\nexec sp_configure 'cost threshold for parallelism', 50;\nGO\nRECONFIGURE\nGO\n
"},{"location":"collectors/probes/mssql/#max-degree-of-parallelism","title":"Max Degree of parallelism","text":"A typical SQL server misconfiguration is the Max Degree of parallelism.
Rules of thumb:
- MDOP (Max Degree of parallelism) equal the number of CPU cores.
- MDOP should not be set greater then 8, so a 16 core system should have MDOP configured as 8.
Set ChangeMe to the desired MDOP and execute it using SQL Server Management Studio.
EXEC sp_configure 'show advanced options', 1;\nGO\nRECONFIGURE\nexec sp_configure 'Max Degree of parallelism', ChangeMe;\nGO\nRECONFIGURE\nGO\n
"},{"location":"collectors/probes/mssql/#operational","title":"Operational","text":""},{"location":"collectors/probes/mssql/#new-databases","title":"New databases","text":"The monitoring account does not automatically gain access to databases created after the initial setup. This scenario results in the following InfraSonar alert:
The server principal \"account\" is not able to access the database \"databasename\" under the current security context.
Either grant script contains a marked section that a SQL Admin must run to grant access to these newly created databases.
"},{"location":"collectors/probes/mssql/#additional-information","title":"Additional information","text":" Microsoft SQL probe source code
-
Passwords are encrypted on the appliance the moment the file is saved, see our credentials documentation.\u00a0\u21a9
"},{"location":"collectors/probes/mysql/","title":"MySQL Server","text":""},{"location":"collectors/probes/mysql/#mysql","title":"MySQL","text":""},{"location":"collectors/probes/mysql/#introduction","title":"Introduction","text":"The MySQL probe collects information about a MySQL server.
"},{"location":"collectors/probes/mysql/#deployment","title":"Deployment","text":"The MySQL probe is deployed as a docker container using docker compose.
"},{"location":"collectors/probes/mysql/#probe-configuration","title":"Probe configuration","text":"Make sure your MySQL server is accessible
You can edit the files in /etc/mysql/ to configure the basic settings \u2013 log file, port number, etc. For example, to configure MySQL to listen for connections from network hosts, in the file /etc/mysql/mysql.conf.d/mysqld.cnf, change the bind-address directive to the server\u2019s IP address:
bind-address = 0.0.0.0\n
Create an infrasonar user and provide the required privileges:
CREATE USER 'infrasonar' IDENTIFIED BY '<MY_SECRET_PASSWORD>';\nGRANT SELECT, PROCESS, REFERENCES on *.* TO 'infrasonar';\n
Add the username and password to your configuration file (INFRASONAR_CONF yaml):
mysql:\n config:\n username: infrasonar\n password: <MY_SECRET_PASSWORD>\n
"},{"location":"collectors/probes/mysql/#additional-information","title":"Additional information","text":" MySQL probe source code
"},{"location":"collectors/probes/netapp/","title":"NetApp","text":""},{"location":"collectors/probes/netapp/#netapp","title":"NetApp","text":""},{"location":"collectors/probes/netapp/#introduction","title":"Introduction","text":"InfraSonar monitors NetApp systems running Data ONTAP using the ONTAP rest API.
SNMP-probe for 7mode
It is possible to monitor 7mode NetApp systems using SNMP. The monitoring is not as elaborate as the API Probe.
"},{"location":"collectors/probes/netapp/#features","title":"Features","text":"Some of the features of the InfraSonar NetApp probe:
- NetApp Health Status
- Aggregate and volume and utilization
- Cluster information
- Disk status
- Interface status (Ethernet and FCP)
- CIFS status
- Autosupport configuration
- IOPS
- Snapmirror
"},{"location":"collectors/probes/netapp/#version-specific","title":"Version specific","text":"Some checks are only available from a specific ONTAP version onward:
- cluster node controller info requires ONTAP v9.9 or higher
- cluster node statistics requires ONTAP v9.8 or higher
- interface and interface ports statistics requires ONTAP v9.8 or higher
- SnapMirror transfer data requires ONTAP v9.11 or higher
"},{"location":"collectors/probes/netapp/#deployment","title":"Deployment","text":"The NetApp probe is deployed as a docker container using docker compose.
"},{"location":"collectors/probes/netapp/#probe-configuration","title":"Probe configuration","text":""},{"location":"collectors/probes/netapp/#credentials","title":"Credentials","text":"Don't use admin
We strongly advise setting up a separate user for monitoring to have a clear separation of responsibilities but also to avoid lock-out issues.
First step is to figure out which vserver to use:
vserver show\n
Create a role for InfraSonar with limited access, ensure to use the correct vserver. vserver show is your friend
Create NetApp rolesecurity login rest-role create -role infrasonar -vserver netapp01 -api /api -access readonly\nsecurity login rest-role create -role infrasonar -vserver netapp01 -api /api/security -access none\nsecurity login rest-role create -role infrasonar -vserver netapp01 -api /api/security/audit/destinations -access readonly\nsecurity login rest-role create -role infrasonar -vserver netapp01 -api /api/security/authentication/password -access all\nsecurity login rest-role create -role infrasonar -vserver netapp01 -api /api/security/certificates -access readonly\n
You can verify this role using:
Verify NetApp rolesecurity login rest-role show infrasonar\n
Next step is to create a user (infrasonar) and assign the previously created role (infrasonar) to this user:
Create NetApp usersecurity login create infrasonar -role infrasonar -comment \"system-monitoring user, readonly\" -application ontapi -authentication-method password \nsecurity login create infrasonar -role infrasonar -application http -authentication-method password \n
Verify the user creation:
Verify NetApp usersecurity login show infrasonar\n
See the credentials section on how to configure credentials.
The probe retrieves monitoring data using the ONTAP REST API on TCP port 443.
"},{"location":"collectors/probes/netapp/#operational","title":"Operational","text":""},{"location":"collectors/probes/netapp/#danglingsnapshots","title":"danglingSnapshots","text":"When the time difference between 2 snapshots is greater than 21 (also known as monthly backup), an InfraSonar alert is triggered. There is also a label (dangling snapshots (vmfs) 7d) which generates an alert if the snapshot contains the word vmfs and the time difference is greater then 7 days.
Possible causes:
- Manual snapshots that have not been cleaned up.
- A reconfigured snapmanager.
- A server that is powered off while the mirror is still running.
"},{"location":"collectors/probes/netapp/#additional-information","title":"Additional information","text":" netapp probe source code
"},{"location":"collectors/probes/paloalto/","title":"Palo Alto","text":""},{"location":"collectors/probes/paloalto/#palo-alto","title":"Palo Alto","text":""},{"location":"collectors/probes/paloalto/#introduction","title":"Introduction","text":"InfraSonar monitors Palo Alto firewalls using the rest API.
Also available as service
We also offer a service to monitor Palo Alto firewalls, this is useful if you want to monitor firewalls without deploying your own InfraSonar appliance.
"},{"location":"collectors/probes/paloalto/#features","title":"Features","text":""},{"location":"collectors/probes/paloalto/#deployment","title":"Deployment","text":"When the GlobalProtect Portal or Gateway is enabled the probe needs to use a different TCP port number 4443 instead of 443. You can toggle this behavior when configuring the probe.
"},{"location":"collectors/probes/paloalto/#credentials","title":"Credentials","text":"The Palo Alto rest API uses a key which can be generated for a user.
Don't use an admin account
We strongly recommend creating a read only account specific for monitoring.
"},{"location":"collectors/probes/paloalto/#get-your-api-key","title":"Get your API key","text":"source
To generate an API key, make a GET or POST request to the firewall\u2019s hostname or IP addresses using the administrative credentials and type=keygen:
curl -k -X GET 'https://<firewall>/api/?type=keygen&user=<username>&password=<password>'\n
Ensure to change
<firewall> with your firewall IP or FQDN<username> with the username of your readl-only monitoring user<password> with the password of your readl-only monitoring user
A successful API call returns status=\"success\" along with the API key within the key element:
<response status=\"success\">\n <result>\n <key>Your_secret_key_is_here</key>\n </result>\n</response>\n
You can test your API key using the following command:
curl -k 'https://<firewall>//api/?type=op&cmd=<show><system><info></info></system></show>&key=<apikey>'\n
Ensure to change:
<firewall> with your firewall IP or FQDN<apikey with the previously generated API key
"},{"location":"collectors/probes/paloalto/#revoke-api-keys","title":"Revoke API keys","text":"You can revoke all currently valid API keys, in the event one or more keys are compromised. To change an API key associated with an administrator account change the password associated with the administrator account. API keys that were generated before you expired all keys, or a key that was created using the previous credentials will no longer be valid.
"},{"location":"collectors/probes/paloalto/#configure-api-key-lifetime","title":"Configure API Key Lifetime","text":"Source
An optional step is to configure the API Key Lifetime.
Be aware though that monitoring fails when the API key is expired!
"},{"location":"collectors/probes/paloalto/#known-issues","title":"Known issues","text":""},{"location":"collectors/probes/paloalto/#xml-api-issue-with-passwords-containing-special-characters","title":"XML API Issue With Passwords Containing Special Characters","text":"Passwords containing special characters can cause problems retrieving the API key.
source
"},{"location":"collectors/probes/ping/","title":"Ping","text":""},{"location":"collectors/probes/ping/#ping","title":"Ping","text":""},{"location":"collectors/probes/ping/#introduction","title":"Introduction","text":"The ping-probe utilizes the icmp protocol to monitor the network roundtrip between the monitoring appliance and the monitored host.
"},{"location":"collectors/probes/ping/#features","title":"Features","text":" - Ping roundtrip monitoring, min and max timing
- Number of successfully and/or dropped packages
"},{"location":"collectors/probes/ping/#deployment","title":"Deployment","text":"The ping probe is deployed as a docker container using docker compose.
"},{"location":"collectors/probes/ping/#probe-configuration","title":"Probe configuration","text":"Property Description Address The address that the probe should ping. Interval Interval should be a value between 1 and 9, The default interval is 1. Count Count should be a value between 1 and 9, the default count is 5 Timeout Timeout in seconds should be a value between 0 and 240, the default timeout is 10 seconds."},{"location":"collectors/probes/ping/#check-specifics","title":"Check specifics","text":"Ping returns the minimum time and maximum time as this provides a better insight than just an average ping response.
The number of successful and dropped ping packages are also monitored.
"},{"location":"collectors/probes/ping/#additional-information","title":"Additional information","text":" Ping probe source code
"},{"location":"collectors/probes/santricity/","title":"SANtricity / NetApp E-Series","text":""},{"location":"collectors/probes/santricity/#santricity-netapp-e-series","title":"SANtricity / NetApp E-Series","text":""},{"location":"collectors/probes/santricity/#introduction","title":"Introduction","text":"InfraSonar monitors SANtricity / NetApp E-Series systems running rest API.
"},{"location":"collectors/probes/santricity/#background-information","title":"background information","text":"In SANtricity / NetApp E-Series, volumes, disks, and storage pools are related in a hierarchical manner.
At the lowest level, disks are physical storage devices that are installed in a storage system. These disks can be combined into disk pools, which are logical groups of disks that can be used to create volumes.
Volumes are logical storage units that are created from disk pools. Volumes can be divided into smaller units called LUNs (Logical Unit Numbers), which are presented to hosts as individual disks.
When creating a volume, users can choose from different RAID (Redundant Array of Independent Disks) levels, which determine the level of data protection and performance of the volume. SANtricity supports RAID levels 0, 1, 3, 5, 6, and 10.
Users can also configure different settings for their volumes, such as the size of the volume, the block size, and the access control settings.
Overall, the relationship between volumes, disks, and storage pools in SANtricity is designed to provide users with a flexible and scalable storage infrastructure. By combining disks into storage pools and creating volumes from those pools, users can optimize storage usage and achieve better storage performance.
"},{"location":"collectors/probes/santricity/#features","title":"Features","text":"Some of the features of the InfraSonar NetApp probe:
- System Health status
- Storage pool status
- Volume status
- Controller status
- Disk status status
"},{"location":"collectors/probes/santricity/#deployment","title":"Deployment","text":"The SANtricity / NetApp E-Series probe is deployed as a docker container using docker compose.
"},{"location":"collectors/probes/santricity/#probe-configuration","title":"Probe configuration","text":" - Address: IP address of FQDN of them anagement interface
- Port: The probe retrieves monitoring data using the ONTAP REST API on TCP port 8443, note we encountered deployments using TCP port 443.
- Storage system ID: Storage system id to retrieve stats from. Can also be the WWN of the storage system. When not given we collect stats from \"1\"
"},{"location":"collectors/probes/santricity/#credentials","title":"Credentials","text":""},{"location":"collectors/probes/santricity/#santricity-netapp-e-series_1","title":"SANtricity / NetApp E-Series","text":"The SANtricity / NetApp E-Series probe is configured in the santricity section:
santricity:\n config:\n password: \"some_secure_passw0rd\"\n username: monitor\n
The SANtricity / NetApp E-Series probe used the standard username/password configuration as described in ourcredentials section.
Don't use admin
We strongly advise using the monitor user as this is a user with read-only access to the system. This user profile includes only the Monitor role.
"},{"location":"collectors/probes/santricity/#how-to-configure-snmp-monitoring-on-e-series","title":"How to configure SNMP monitoring on E-Series","text":"\u200b
"},{"location":"collectors/probes/santricity/#applies-to","title":"Applies to","text":" - Flash Array
- E-Series Controller Firmware 7.xx
- E-Series Controller Firmware 6.xx
"},{"location":"collectors/probes/santricity/#description","title":"Description","text":"Simple Network Management Protocol (SNMP) is used for remote status monitoring of servers, network appliances, and software processes. SNMP is designed for an IT administrator to monitor the active technology assets, which are required to perform the business' day to day activities. SANtricity provides a portal for IT administrators to remote monitor their storage array. This article describes the procedure to configure SNMP.
"},{"location":"collectors/probes/santricity/#procedure","title":"Procedure","text":"Perform the following steps to configure SNMP in SANtricity:
- Open the Enterprise Management window of SANtricity and select the array that you would like to configure for SNMP.
- Right-click on the Array and select Configure Alerts. A new window opens. Click the SNMP tab at the top: An IT Administrator can configure SNMP for this storage array. Since SANtricity is software based and it relays the active status' of the storage array, there is only one option for configuring SNMP and it is by sending traps. SNMP requires two data points for sending traps, a Community Name and the Trap destination. The Community Name, also known as the community string should match the SNMP configured Community Name (string). The Trap Destination will be the IP address or host name of the SNMP server or relay.
- To obtain the MIB (Management Information Base) file for use in a third party SNMP server, perform the following steps:
- Go to the NetApp Support Software download page.
- Locate E-Series/EF-Series SANtricity Storage Manager and click Go!
- Click View & Download on the latest version of SANtricity software.
- Click Continue at the bottom of the page.
- Read the EULA and click Accept.
- Scroll down to the MIB File section.
- Click the download link for the .MIB file labeled MIB file for SNMP traps.
Note: For further info please see the Alert Notification Using Email to SNMP Traps section located in the Initial Configuration and Software Installation for SANtricity\u00ae Storage Manager document.
If you have any issues or concerns with configuring SNMP within SANtricity, contact NetApp Support.
"},{"location":"collectors/probes/santricity/#additional-information","title":"Additional information","text":" SANtricity / NetApp E-Series probe source code
"},{"location":"collectors/probes/tcp/","title":"TCP","text":""},{"location":"collectors/probes/tcp/#tcp","title":"TCP","text":""},{"location":"collectors/probes/tcp/#introduction","title":"Introduction","text":"The TCP probe uses TCP to try and make a TCP connection.
"},{"location":"collectors/probes/tcp/#features","title":"Features","text":" - Check TCP ports
- Check certificates
"},{"location":"collectors/probes/tcp/#deployment","title":"Deployment","text":"The TCP probe is deployed as a docker container using docker compose.
"},{"location":"collectors/probes/tcp/#probe-configuration","title":"Probe configuration","text":"Property Description Address The address that the probe should check. Certificate Ports List of ports to perform certificates check on. TCP Ports List of ports to perform a port check on.Each port must be a numeric value between 1 and 65535, where ports are separated by a comma."},{"location":"collectors/probes/tcp/#checks","title":"Checks","text":""},{"location":"collectors/probes/tcp/#tcp-ports","title":"TCP ports","text":"Check TCP ports allows for monitoring specific TCP port statuses.
As the TCP probe uses NMAP at its core it can identify the same six ports states as nmap.
Port state Description open An application is actively accepting TCP connections, UDP datagrams or SCTP associations on this port. closed A closed port is accessible (it receives and responds to Nmap probe packets), but there is no application listening on it. filtered Nmap cannot determine whether the port is open because packet filtering prevents its probes from reaching the port. The filtering could be from a dedicated firewall device, router rules, or host-based firewall software. unfiltered The unfiltered state means that a port is accessible, but Nmap is unable to determine whether it is open or closed. open|filtered Nmap places ports in this state when it is unable to determine whether a port is open or filtered. closed|filtered This state is used when Nmap is unable to determine whether a port is closed or filtered."},{"location":"collectors/probes/tcp/#certificates","title":"Certificates","text":"Gathers certificates and ciphers present on the specified TCP port.
"},{"location":"collectors/probes/tcp/#additional-information","title":"Additional information","text":" TCP probe source code
"},{"location":"collectors/probes/unificontroller/","title":"UniFi","text":""},{"location":"collectors/probes/unificontroller/#unifi","title":"UniFi","text":""},{"location":"collectors/probes/unificontroller/#introduction","title":"Introduction","text":"The UniFi controller probe uses the UniFi API to collect data from the UniFi controller.
See also our UniFi SNMP probe
When you have no controller you can also use our UniFi SNMP probe to access UniFi devices directly.
"},{"location":"collectors/probes/unificontroller/#features","title":"Features","text":""},{"location":"collectors/probes/unificontroller/#deployment","title":"Deployment","text":"Ensure the following section is added to your docker-compose template to enable the UniFi controller probe and UniFi device probe:
unificontroller-probe:\n << : *infrasonar\n image: ghcr.io/infrasonar/unificontroller-probe\n unifidevice-probe:\n << : *infrasonar\n image: ghcr.io/infrasonar/unifidevice-probe\n
"},{"location":"collectors/probes/unificontroller/#probe-configuration","title":"Probe configuration","text":""},{"location":"collectors/probes/unificontroller/#credentials","title":"Credentials","text":"The UniFi controller and UniFi device probe use the same read-only credentials to access the UniFi API.
Use the following sections in our credentials file:
unificontroller:\n config:\n password: \"username\"\n username: \"pasword goes here\"\nunifidevice:\n use: unificontroller\n
See our credentials documentation for more detailed information.
"},{"location":"collectors/probes/unificontroller/#asset-configuration","title":"Asset configuration","text":"Ensure the UniFi Controller probe is setup and returning data before adding UniFi devices as you need information retrieved by the UniFi controller to setup the UniFi devices.
"},{"location":"collectors/probes/unificontroller/#controller","title":"Controller","text":" - Start by adding an asset for the controller
- Next set kind to UniFi in the General section
- Add the unificontroller collector
- Open the unificontroller collector configuration tab
- Enter the address (IP or FQDN) of the UniFi controller
- Ensure the correct port is set
- Set the site name.
"},{"location":"collectors/probes/unificontroller/#unifi-devices","title":"UniFi devices","text":" - Start by adding an asset for the UniFi device
- Next set kind to UniFi in the General section
- Add the unifidevice collector
- Open the unifidevice collector configuration tab
- Enter the address (IP or FQDN) of the UniFi controller
- Ensure the correct port is set
- Set the site name.
- Enter the MAC address of the UniFi
You can automate this step using our toolkit and UniFi devices report.
Please reach out to support for additional information.
"},{"location":"collectors/probes/unificontroller/#additional-information","title":"Additional information","text":" UniFi Controller probe UniFi Device probe
"},{"location":"collectors/probes/appliance/","title":"InfraSonar probes","text":""},{"location":"collectors/probes/appliance/#getting-started","title":"Getting started","text":"While it is very possible to deploy InfraSonar on a shared system we advise to use up a dedicated (virtual) Linux appliance. We have a ready ro run appliance, which can we found here
If you have any docker experience you might want to jump to our ease deployment script
"},{"location":"collectors/probes/appliance/appliance_installation/","title":"Appliance","text":"You can download our ready-to-run OVA (Open Virtual Appliance) here.
After you deployed the appliance there are thre
- Change the sysadmin password;
- Configure a static IP address if required;
- Deploy InfraSonar.
Internet access is required
InfraSonar appliances require internet access in order to retrieve up to date docker containers, operating system updates and connect to the InfraSonar cloud.
"},{"location":"collectors/probes/appliance/appliance_installation/#default-login","title":"Default login","text":"You can logon to the appliance using:
- User:
sysadmin - Password:
Infr@S0n@r
"},{"location":"collectors/probes/appliance/appliance_installation/#change-password","title":"Change password","text":"Enter the passwd command when you are logged on as sysadmin and follow the steps when prompted.
$ passwd\nChanging password for sysadmin.\nCurrent password:\nNew password:\nRetype new password:\npasswd: password updated successfully\n
Ensure to keep this password stored somewhere safe.
"},{"location":"collectors/probes/appliance/appliance_installation/#nano-basics","title":"Nano basics","text":"The InfraSonar appliance configuration requires you to edit files using SSH access. The appliance includes the main text editors of vi and nano.
Since Nano is easier to use, we outline its essential functions here.
The easiest way to use Nano, is to open the file you want to edit or create directly using Nano, like this:
nano /etc/infrasonar/data/config/infrasonar.yaml\n
Note
We assume you are logged on to the appliance using SSH.
This command will launch the Nano editor, where you can immediately make changes to the file:
Nano screenshot When your edits are done, exit using Ctrl+X. Nano now prompts if you want to Save modified buffers.
If you want to save your edits press Y, followed by an Enter to confirm the filename.
Press N if you want to discard your edits or Ctrl+C if you want to continue editing.
"},{"location":"collectors/probes/appliance/appliance_installation/#network-configuration","title":"Network configuration","text":"The InfraSonar appliance ova uses DHCP by default. You can change this to a static IP by editing the file /etc/netplan/00-installer-config.yaml.
Indentation is meaningful in YAML
Make sure that you use spaces, rather than tab characters, to indent sections. In the default configuration files 2 spaces per indentation level are used, We recommend you do the same.
DHCP configuration Example DHCP configuration (default):
/etc/netplan/00-installer-config.yamlnetwork:\n ethernets:\n ens160:\n dhcp4: true\n version: 2\n
Static IP config Example static IP configuration:
/etc/netplan/00-installer-config.yamlnetwork:\n version: 2\n ethernets:\n ens160:\n dhcp4: false\n addresses:\n - 192.168.10.10/24\n routes:\n - to: default\n via: 192.168.10.1\n nameservers:\n addresses: [192.168.10.2, 192.168.10.3]\n
After you modified your IP configuration you need to apply the new netplan configuration using the following command:
sudo netplan generate\nsudo netplan --debug apply\n
"},{"location":"collectors/probes/appliance/appliance_installation/#deploy-infrasonar","title":"Deploy InfraSonar","text":"Run our easy deployment script to deploy InfraSonar on the appliance.
"},{"location":"collectors/probes/appliance/appliance_installation/#build-your-own-appliance","title":"Build your own appliance","text":"When you prefer to perform your own Linux installation or can't use the OVA file format we outlined our installation steps here.
"},{"location":"collectors/probes/appliance/appliance_manual_installation/","title":"Appliance","text":"This section outlines how to install the Linux appliance from scratch.
"},{"location":"collectors/probes/appliance/appliance_manual_installation/#installation","title":"Installation","text":" Ubuntu Server 22.04 LTS is used as the basis for the InfraSonar appliance.
Create a new virtual machine using these specifications:
- Compatibility: Compatible with: ESXi 6.5 and later VM version 13
- Guest OS Family: Linux
- Guest OS Version: Ubuntu Linux (64-bit)
- CPU: 2 CPU
- Memory: 2 GB memory
- Disk: 40 GB HDD
- Name: infrasonar-appliance
"},{"location":"collectors/probes/appliance/appliance_manual_installation/#installation-steps","title":"Installation steps","text":"Boot from the Ubuntu Server 22.04.1 ISO and then follow these steps:
- Select your language: English.
- Keyboard configuration:
- Layout: English (US).
- Variant: English (US).
- Choose the type of install: Ubuntu server (minimized)
- Network configuration: DHCP. (Note it can take some time for an IP address to get assigned)
- Proxy address: enter a proxy address if your environment uses a proxy, otherwise leave empty.
- Mirror address: keep as it is, unless you know what you are doing.
- Guided storage configuration:
- Select: Use an entire disk.
- Deselect: Set up this disk as an LVM group.
- Storage configuration:
- Review the file system summary and select: Done.
- Confirm destructive action, by clicking: Continue.
- Profile setup:
- Your name: sysadmin.
- Your server's name: infrasonar-appliance.
- Pick a username: sysdmin.
- Choose a password: Infr@S0n@r
- Confirm your password: Infr@S0n@r
- SSH Setup:
- Select: Install OpenSSH Server.
- Import SSH identity: No.
- Featured Server Snaps: do not select any server snaps.
- If the installation is ready, select: Reboot now.
Note
Do not forget to unmount the ISO.
"},{"location":"collectors/probes/appliance/appliance_manual_installation/#post-installation-steps","title":"Post installation steps","text":"Login to the appliance using SSH to perform the post installation steps.
ssh sysadmin@<server-ip>\n
"},{"location":"collectors/probes/appliance/appliance_manual_installation/#upgrade","title":"Upgrade","text":"```bash update and upgrade sudo apt update sudo apt upgrade sudo reboot
### VMware tools\n\nIt is recommended to install [open-vm-tools](https://github.com/vmware/open-vm-tools), when the appliance is installed on a VMware hypervisor platform.\n\n```bash \n# Update the APT package index.\nsudo apt update\n# Install open VMware tools.\nsudo apt install -y open-vm-tools\n
"},{"location":"collectors/probes/appliance/appliance_manual_installation/#miscellaneous-tools","title":"Miscellaneous tools","text":"sudo apt install -y vim nano cron dnsutils snmp iputils-ping\n
"},{"location":"collectors/probes/appliance/appliance_manual_installation/#docker-installation","title":"Docker installation","text":"All InfraSonar components run as Docker containers and are orchestrated using docker-compose.
The official Docker engine installation instructions can be found here.
sudo apt update\nsudo apt install -y \\\n ca-certificates \\\n curl \\\n gnupg \\\n lsb-release\nsudo mkdir -p /etc/apt/keyrings\ncurl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg\necho \\\n \"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \\\n $(lsb_release -cs) stable\" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null\nsudo apt update\nsudo apt install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin\nsudo groupadd docker\nsudo usermod -aG docker $USER\nsudo systemctl enable docker.service\nsudo systemctl enable containerd.service\n
"},{"location":"collectors/probes/appliance/appliance_manual_installation/#unattended-updates","title":"Unattended updates","text":"As we want the InfraSonar appliance to be zero maintenance, we configure unattended updates and allow the appliance to reboot when necessary at 2:00 CET.
Ubuntu unattended upgrades installation
# Install the unattended-upgrades package.\nsudo apt install -y unattended-upgrades\n# Verify using the following systemctl command.\nsudo systemctl status unattended-upgrades\n# To set automatic updates, we are going to install the update-notifier-common package.\nsudo apt install -y update-notifier-common\n
Ubuntu unattended upgrades configuration
Change the file /etc/apt/apt.conf.d/50unattended-upgrades, so it reflects these changes:
....\nUnattended-Upgrade::Allowed-Origins {\n \"${distro_id}:${distro_codename}\";\n \"${distro_id}:${distro_codename}-security\";\n // Extended Security Maintenance; doesn't necessarily exist for\n // every release and this system may not have it installed, but if\n // available, the policy for updates is such that unattended-upgrades\n // should also install from here by default.\n \"${distro_id}ESMApps:${distro_codename}-apps-security\";\n \"${distro_id}ESM:${distro_codename}-infra-security\";\n \"${distro_id}:${distro_codename}-updates\";\n// \"${distro_id}:${distro_codename}-proposed\";\n// \"${distro_id}:${distro_codename}-backports\";\n \"Docker:${distro_codename}\";\n};\n\n....\n\n// Automatically reboot *WITHOUT CONFIRMATION* if\n// the file /var/run/reboot-required is found after the upgrade.\nUnattended-Upgrade::Automatic-Reboot \"true\";\n\n// Automatically reboot even if there are users currently logged in\n// when Unattended-Upgrade::Automatic-Reboot is set to true.\nUnattended-Upgrade::Automatic-Reboot-WithUsers \"true\";\n\n// If automatic reboot is enabled and needed, reboot at the specific\n// time instead of immediately.\n// Default: \"now\".\nUnattended-Upgrade::Automatic-Reboot-Time \"02:00\";\n....\n
Enable daily unattended upgrades
echo unattended-upgrades unattended-upgrades/enable_auto_updates boolean true | sudo tee -a debconf-set-selections\nsudo dpkg-reconfigure -f noninteractive unattended-upgrades\n
You can verify that automatic updates are turned on, with this command:
sudo debconf-get-selections | grep -i enable_auto_updates\n
Note
debconf-get-selections requires debconf-utils to be installed (sudo apt-get install debconf-utils). We opt not to install this on production appliances, as we want to keep them as clean as possible.
Logging
Unattended Upgrades Log.
The unattended-upgrades.log is a log file where you can view all actions done by the unattended upgrade system. You can view the file with, for example, the tail command:
tail -n 100 /var/log/unattended-upgrades/unattended-upgrades.log\n
"},{"location":"collectors/probes/appliance/appliance_manual_installation/#ssh-configuration","title":"SSH configuration","text":"Edit the file /etc/ssh/sshd_config to harden SSH access:
/etc/ssh/sshd_config...\n# Logging\nSyslogFacility AUTHPRIV\n# LogLevel INFO\n\n...\n\n# Authentication:\nLoginGraceTime 10m\nPermitRootLogin no\n#StrictModes yes\nMaxAuthTries 3\nMaxSessions 1\n\n...\n\nAllowAgentForwarding no\nAllowTcpForwarding no\n#GatewayPorts no\nX11Forwarding no\n
Restart the SSH service to load the changes made.
sudo service ssh restart\n
SSH hardening options
The above change implements these hardening options:
- Block clients for 10 minutes after 3 failed login attempts.
- Disallow root from logging in.
- Disable connection multiplexing, which can be used to bypass authentication.
- Disable user environment forwarding.
"},{"location":"collectors/probes/appliance/appliance_manual_installation/#snmpd","title":"SNMPD","text":"To monitor the Linux operating system, install the snmpd daemon:
sudo apt install -y snmpd\n
As we use the default community string public and only require the snmpd daemon to listen on localhost, no further configuration is required.
# Read-only access to everyone to the systemonly view\nrocommunity public default\nrocommunity6 public default -V systemonly\n
"},{"location":"collectors/probes/appliance/appliance_manual_installation/#tmate","title":"tmate","text":"tmate is installed to offer remote support on request.
sudo apt install -y tmate\n
"},{"location":"collectors/probes/appliance/appliance_manual_installation/#sudo-configuration","title":"sudo configuration","text":"We opt to allow command to be executed using sudo without asking for a password.
Edit the sudo config by starting the editor
sudo visudo\n
Make the following modification:
# Allow members of group sudo to execute any command\n%sudo ALL=(ALL:ALL) NOPASSWD:ALL\n
"},{"location":"collectors/probes/appliance/appliance_manual_installation/#infrasonar","title":"InfraSonar","text":"InfraSonar is deployed on the appliance using Docker.
We opt to use /etc/infrasonar as the main directory.
sudo mkdir /etc/infrasonar\n
Next step is to setup the Docker compose file in /etc/infrasonar/docker-compose.yml. This file is outlined here
On the downloadable appliance we provide the docker-compose.yml file at the following location /etc/infrasonar/docker-compose.yml.example.
"},{"location":"collectors/probes/appliance/appliance_manual_installation/#appliance-init","title":"Appliance init","text":"Prior to creating a template the following steps need to be performed:
- Run the first boot script.
- Avoid duplicate SSH host keys.
- Avoid duplicate machine ID's.
"},{"location":"collectors/probes/appliance/appliance_manual_installation/#first-boot-script","title":"First boot script","text":"The following script is used to run at first boot and sets a random schedule for a daily InfraSonor update.
/home/sysadmin/init#!/usr/bin/env bash\n# Fix removed SSH host keys\n# Note: this requires the use of sudo without password\nsudo dpkg-reconfigure openssh-server\nsudo service ssh restart\n\n# Remove this init script.\nrm /home/sysadmin/init\n
Add the script to the crontab to run as first boot:
chmod +x /home/sysadmin/init\n(crontab -l ; echo \"@reboot /home/sysadmin/init\") | crontab -\n
"},{"location":"collectors/probes/appliance/appliance_manual_installation/#avoid-duplicate-ssh-host-keys","title":"Avoid duplicate SSH host keys","text":"To avoid lingering duplicate SSH host keys, we remove them before converting the appliance into a template.
sudo rm /etc/ssh/ssh_host_* \n
"},{"location":"collectors/probes/appliance/appliance_manual_installation/#avoid-duplicate-machine-ids","title":"Avoid duplicate machine ID's","text":"See also this VMware knowledge base article.
Before cloning, run these commands inside the Linux Guest OS:
sudo -s\necho -n > /etc/machine-id\nrm /var/lib/dbus/machine-id\nln -s /etc/machine-id /var/lib/dbus/machine-id\n``\n\n### First login\n\n\n### first boot\n\n\n#### Change hostname\n
"},{"location":"collectors/probes/appliance/appliance_manual_installation/#binbash","title":"!/bin/bash","text":"hostnamectl set-hostname \"blue\" echo $? hostnamectl set-hostname \"\" echo $?
sudo hostnamectl set-hostname \"blue\"\nsudo sed -i 's/infrasonar/blue/g' /etc/hosts\n\n\n\nhttps://www.cyberciti.biz/faq/ubuntu-20-04-lts-change-hostname-permanently/\n
sudo hostnamectl set-hostname ubuntu-2004-nixcraft TODOR\n\n```bash\n# Expire the sysadmin password enforcing the user to change the password at logon\npasswd -e sysadmin\n
"},{"location":"collectors/probes/appliance/appliance_manual_installation/#cleanup","title":"Cleanup","text":"Remove the history
history -c\n
"},{"location":"collectors/probes/appliance/appliance_manual_installation/#shutdown","title":"Shutdown","text":"sudo shutdown -h now\n
"},{"location":"collectors/probes/appliance/appliance_manual_installation/#export-the-appliance","title":"Export the appliance:","text":"Using the ovftool on Windows and virtual center:
cd C:\\Program Files\\VMware\\VMware OVF Tool\novftool \"vi://administrator@vsphere.local@vcenter.lab.test-technology.nl:443 \\\n /Datacenter/vm/infrasonar-appliance\" \\\n \"c:\\Documents and Settings\\sysadmin\\infrasonar-appliance.ova\"\nEnter login information for source vi://vcenter.lab.test-technology.nl/\nUsername: administrator%40vsphere.local\nPassword: ********\n
or when using VMware workstation on Linux:
ovftool /home/sysadmin/vmware/infrasonar-appliance/infrasonar-appliance.vmx ~/infrasonar-appliance.ova\n
"},{"location":"collectors/probes/appliance/appliance_manual_installation/#create-a-template","title":"Create a template","text":"Note
The step below describe our lab configuration, adapt to your own needs.
- Open virtual center (https://vcenter.lab.test-technology.nl)
- Browse to the vm:
infrasonar-appliance - Right click the host and select Clone -> Clone to Template
- Name the template:
infrasonar-appliance-template - Select a location:
vcenter.lab.test-technology \\ Datacenter - Select a compute resource:
Datacenter \\ esxi01.test-technology.nl - Select storage:
truenas
"},{"location":"collectors/probes/appliance/credentials/","title":"Credentials","text":"Some InfraSonar probes require configuration and/or credentials to execute / authenticate its queries. A good example is the WMI-probe that requires Windows domain credentials to perform WMI queries.
"},{"location":"collectors/probes/appliance/credentials/#location","title":"Location","text":"Credentials are stored in the data/config subdirectory. This directory is relative from the directory from which you deployed InfraSonar. As we suggest using /etc/infrasonar the credentials file would be located here: /etc/infrasonar/data/config
"},{"location":"collectors/probes/appliance/credentials/#format","title":"Format","text":"The credentials file is named: infrasonar.yaml As suggested by the .yaml file extension the file format used is the yaml format.
It is worth noting that Indentation is meaningful in YAML. As such make sure that you use spaces, rather than tab characters, to indent sections. In the default configuration files 2 spaces per indentation level are used, We recommend you do the same.
See also our nano documentation section on how to edit files on the appliance.
"},{"location":"collectors/probes/appliance/credentials/#basic","title":"Basic","text":"This is the most basic credentials infrasonar.yaml configuration file.
infrasonar.yamlexampleProbe:\n config:\n password: \"a secret\"\n username: alice\n
- The first line identifies the probe section, in this example
exampleProbe - The second line starts the configuration section using the keyword
config - The third and fourth line in this example set the configuration parameters
username and password - Note the
\" \" quotes used for the password, this ensures any special characters are parsed correctly.
When the file is saved InfraSonar removes the password value and adds a encrypted section containing the encrypted password as shown in the example below:
infrasonar.yamlexampleProbe:\n config:\n password: \n encrypted: !!binary |\n Z0FBQUFBQmptMEhGq0FhTGJZNFNTckZKdXzWaVpKT2RzMzBARlJGUW1MVGVCVHNmTE15eVlOMTVD\n dGZWU1VEYUtPN2V4cWdOeGdoYlB1M29ua2JTZzNuQVlqU09eM0Z2c2c9PQ==\n username: alice\n
How to add a new password
Adding a new password is easy, remove the encrypted value (lines 4-6) and add the new password as a string.
"},{"location":"collectors/probes/appliance/credentials/#security-considerations","title":"Security considerations","text":"InfraSonar will make password and secret values unreadable but this must not be regarded as true encryption as the encryption key is publicly available.
"},{"location":"collectors/probes/appliance/credentials/#assets-section","title":"assets section","text":"The infrasonar.yaml allows for specific credentials per asset to achieve this you can add the asset ID's to the configuration.
infrasonar.yamlexampleProbe:\n assets:\n - config:\n password: \"my secret\"\n username: bob\n id: 123\n - config:\n password: \"other secret\"\n username: charlie\n id:\n - 456\n - 789\n config:\n password: \"a secret\"\n username: alice\n
Asset specific configuration can be added by adding a assets section and assigning assets to this section by providing the asset-id using the id property, this can either be one asset (line 6) or a list of assets (line 10-12).
"},{"location":"collectors/probes/appliance/credentials/#use-property","title":"use property","text":"use is a special property to indicate a probe should inhered the config from another probe.
otherProbe:\n use: exampleProbe\n
The use property can be partially useful for SNMP based probes as it is allows to point these to the snmp configuration section
some-snmp-based-probe:\n use: snmp\n
"},{"location":"collectors/probes/appliance/credentials/#specific-configuration","title":"Specific configuration","text":"Most probes have a default section they use to lookup local configuration. For the SNMP probe this is snmp while the Microsoft WMI probes uses wmi
It is however possible to create your own section, in the example below you see how we created myCustomSection.
myCustomSection:\n config:\n password: \"esther's secret\"\n username: esther\n
Using a custom section can be useful when credentials are used by multiple probes, for example:
myCustomSection:\n config:\n password: \"esther's secret\"\n username: esther\nwmi:\n use: myCustomSection\nvcenter: \n use: myCustomSection\n
In this scenario the wmi probe and vcenter probe both use the credentials provided by the myCustomSection section.
"},{"location":"collectors/probes/appliance/credentials/#local-configuration","title":"Local configuration","text":"You can also specific which section a probe should use using the InfraSonar user interface.
Each probe () which supports this has a Local configuration input box () where you can enter the name of the section you want this asset / probe to use.
How to add a new password
Adding a new password is easy, remove the encrypted value (lines 4-6) and add the new password as a string.
"},{"location":"collectors/probes/appliance/credentials/#probe-specifics","title":"Probe specifics","text":"For most probes it is sufficient to provide a username and password; we outlined probes with a more distinct configuration here:
"},{"location":"collectors/probes/appliance/credentials/#snmp","title":"SNMP","text":"The SNNP probe supports: SNMPv1, SNMPv2c, and SNMPv3 each of these are outlined in the upcoming paragraphs.
When no credentials are provided we use the following defaults:
- SNMP version: 2c
- Community string:
public
"},{"location":"collectors/probes/appliance/credentials/#snmpv1","title":"SNMPv1","text":"infrasonar.yamlsnmp:\n config:\n community: SomeCommunityString\n version: 1\n
Note how we specify the version using the version property.
"},{"location":"collectors/probes/appliance/credentials/#snmpv2c","title":"SNMPv2c","text":"infrasonar.yamlsnmp:\n config:\n community: SomeCommunityString\n version: \"2c\"\n
Note how we specify the version using the version property using quotes
"},{"location":"collectors/probes/appliance/credentials/#snmpv3","title":"SNMPv3","text":"infrasonar.yamlsnmp:\n config:\n version: 3\n username: alice\n auth:\n type: USM_AUTH_HMAC96_SHA\n password: \"my secret password\"\n priv:\n type: USM_PRIV_CFB128_AES\n password: \"my secret password\"\n
auth (5) Supported values for type:
USM_AUTH_HMAC96_MD5 USM_AUTH_HMAC96_SHAUSM_AUTH_NONE
When omitted USM_AUTH_NONE is used.
priv (8) Supported values for type:
- USM_PRIV_CBC56_DES
- USM_PRIV_CFB128_AES
- USM_PRIV_NONE
When omitted USM_PRIV_NONE is used.
"},{"location":"collectors/probes/appliance/credentials/#encrypted-community-string","title":"Encrypted community string","text":"It is possible to encrypt the community string on the appliance by indicating the string is secret as such:
infrasonar.yamlsnmp:\n config:\n community:\n secret: SomeCommunityString\n version: \"2c\"\n
This results upon save in community string being encrypted:
infrasonar.yamlsnmp:\n\n community:\n secret:\n encrypted: !!binary |\n Z0FBQUFBQmptMEhGq0FhTGJZNFNTckZKdXzWaVpKT2RzMzBARlJGUW1MVGVCVHNmTE15eVlOMTVD\n dGZWU1VEYUtPN2V4cWdOeGdoYlB1M29ua2JTZzNuQVlqU09eM0Z2c2c9PQ==\n version \"2c\"\n
"},{"location":"collectors/probes/appliance/credentials/#wmi","title":"WMI","text":"The WMI probe uses a straightforward configuration as shown below.
When Microsoft Active directory accounts are used the username can be either in domain format: domain\\infrasonar_service_account or use the UPN format: infrasonar_service_account@domain.something
An asset specific configuration can be useful for non-domain joined servers.
infrasonar.yamlwmi:\n config:\n username: \"charlie@domain.org\"\n password: \"a secret\"\n assets:\n - config:\n username: \"bob\"\n password: \"my secret\"\n id: 123\n
"},{"location":"collectors/probes/appliance/credentials/#faq","title":"FAQ","text":"Is it possible to copy credentials?
Yes credential files can be exchanged between appliances belonging to the same InfraSonar container.
I note my credentials are not being encoded?
Check if you per accident configured a duplicate section, see this simplified example where we configured two wmi sections:
wmi:\n config:\n username: alice\n password: \"a secret\"\nwmi:\n use: something\n
"},{"location":"collectors/probes/appliance/deploy_infrasonar/","title":"Deploy infraSonar","text":"InfraSonar probes can easily be deployed and maintained using our easy deployment script. If you want to review/audit our script you can find the latest version in our GitHub repository
"},{"location":"collectors/probes/appliance/deploy_infrasonar/#prerequisites","title":"Prerequisites","text":" - Before deploying InfraSonar ensure you have an AgentCore and an agent token.See our token documentation on how to create tokens;
- Access to a Linux host running docker compose V2.
"},{"location":"collectors/probes/appliance/deploy_infrasonar/#easy-deployment","title":"Easy deployment","text":"Our installer script deploys InfraSonar into the directory where you executed this script. We suggest you create a new directory for our configration, for example /etc/infrasonar
/bin/bash -c \"$(curl -fsSL https://deploy.infrasonar.com)\"\n
When the Docker environment is up and running, you should see the Agentcore appear in the UI in the Agentcores section
You will also note several files in your directory which we outline in the next paragraph.
"},{"location":"collectors/probes/appliance/deploy_infrasonar/#directory-breakdown","title":"Directory breakdown","text":"file / directory Remark .env This file contains the InfraSonar tokens and is used by the docker-compose.yml file docker-compose.yml Contains alle InfraSonar probes as services next to the agentcore and watchtover service /data data volume, mounted to all InfraSonar services to store their config /data/.agentcore.json Agentcore configuration /data/.asset.json Docker agent configuration /data/config Contains probe specific configuration files /data/config/infrasonar.yaml Contains probe specific configuration such as credentials."},{"location":"collectors/probes/appliance/deploy_infrasonar/#rerun","title":"Rerun","text":"If you want to retrieve our latest docker-compose.yml file you can do so by renaming your existing docker-compose.yml file as backup and rerunning our deployment script.
mv docker-compose.yml docker-compose.yml.bak\n/bin/bash -c \"$(curl -fsSL https://deploy.infrasonar.com)\"\n
"},{"location":"collectors/probes/appliance/docker_compose/","title":"Docker deployment","text":"InfraSonar probes and the InfraSonar Agentcore are distributed using Docker containers via docker compose.
"},{"location":"collectors/probes/appliance/docker_compose/#docker-compose-file","title":"Docker compose file","text":"The latest production version of our complete docker-compose.yml file can be downloaded here
Some noteworthily sections of our docker-compose.yml file:
Volumes We opt to store the InfraSonar related data and configuration in the same sub-directory data in the directory where the docker compose file lives.
Networking We use the host network for all our containers and thus probes to avoid any networking issues.
x-infrasonar-template section The x-infrasonar-template section ensures the default settings are the same for all InfraSonar containers.
Watchtower service We use Watchtower to periodicity check for updates.
Within the Watchtower service we mount the localtime file to ensure the container is running in the same timezone as the appliance.
"},{"location":"collectors/probes/appliance/docker_compose/#manual-update-your-docker-containers","title":"Manual update your docker containers","text":"Login using SSH and use the cd command to navigate to the directory containing the InfraSonar configuration. (usually this is /etc/infrasonar/)
The first step is to check for newer images and pull these using this command:
docker compose pull\n
If all new images are downloded you can apply the changes using:
docker compose up -d\n
"},{"location":"collectors/probes/appliance/docker_compose/#restart","title":"Restart","text":"If you want to restart all InfraSonar containers you can do so using the following command:
docker compose restart\n
This implies you are executing this command in the directory containing the InfraSonar docker-compose.yml file.
"},{"location":"collectors/probes/appliance/docker_compose/#logging","title":"Logging","text":"For troubleshooting purposes you can change the log-level in the docker-compose.yml file
Supported log levels:
- debug
- info
- warning
- error
- critical
docker-compose.yml## InfraSonar docker-compose.yml file\n##\n## Set the correct TOKEN variables before starting.\n\nx-infrasonar-template: &infrasonar\n network_mode: host\n restart: always\n logging:\n options:\n max-size: 5m\n volumes:\n - ./data:/data/\n labels:\n com.centurylinklabs.watchtower.enable: TRUE\n environment:\n LOG_LEVEL: \"debug\"\n LOG_COLORIZED: \"1\"\n\nservices:\n agentcore:\n << : *infrasonar\n image: ghcr.io/infrasonar/agentcore\n environment:\n TOKEN: \"Agentcore-token\u00bb\"\n LOG_LEVEL: \"debug\"\n LOG_COLORIZED: \"1\"\n docker-agent:\n << : *infrasonar\n image: ghcr.io/infrasonar/docker-agent\n environment:\n TOKEN: \"\u00abAgent-token\u00bb\"\n LOG_LEVEL: \"debug\"\n LOG_COLORIZED: \"1\"\n volumes:\n - /var/run/docker.sock:/var/run/docker.sock\n - ./data:/data/\n .....\n
Note
You need to restart you containers for changed log setting to become active.
Contact InfraSonar support if you require any assistance.
"},{"location":"collectors/probes/snmp/","title":"Index","text":""},{"location":"collectors/probes/snmp/#snmp","title":"SNMP","text":"\"Simple Network Management Protocol is an Internet Standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior.\" - wikipedia
"},{"location":"collectors/probes/snmp/#features","title":"Features","text":"InfraSonar supports retrieving data from remote assets using the SNMPv1, SNMPv2c, and SNMPv3 protocol.
Next to the base SNMP probe we have various vendor specific probes:
- APC UPS
- Eaton
- HP ILO
- HP ProCurve
- Synology
- UniFi
"},{"location":"collectors/probes/snmp/#deployment","title":"Deployment","text":"Ensure the following section is added to your docker-compose template to enable the base-snmp probe:
snmp-probe:\n << : *infrasonar\n image: ghcr.io/infrasonar/snmp-probe\n
"},{"location":"collectors/probes/snmp/#prerequisites","title":"Prerequisites","text":"To monitor an asset using SNMP there ar two things two setup on the monitored asset:
Access Most SNMP implementation require you to add the monitoring IP as an authorized host. In our appliance based setup this is usually the IP address used by the monitoring appliance.
When you deploy multiple appliances be aware to configure all IP addresses on the SNMP monitored assets.
Also note Adding a host requires access to SNMP (udp/161) from the InfraSonar appliance running the SNMP probe.
Authentication SNMPv1 and SNMPv2c versions \"plain\" community string for authentication; SNMPv3 is more secure but not supported on all devices.
The community string or credentials should be stored on the appliance as described here.
default configuration
When no configuration file is specified the probe falls back SNMPv2c and used the community string public.
"},{"location":"collectors/probes/snmp/#how-to-configure-snmp","title":"How to configure SNMP","text":"The SNMP probe requires SNMP to be configured on devices you wish to monitor. The next chapter describes how to configure SNMP on some standard devices.
"},{"location":"collectors/probes/snmp/#ubuntu","title":"Ubuntu","text":"First step is to install the SNMP Daemon:
sudo apt-get update\nsudo apt-get install snmpd\n
Next is to edit the snmpd.conf file, this requires a few setting in this file to change:
/etc/snmp/snmpd.confsysLocation Sitting on the Dock of the Bay\nsysContact Me <me@example.org>\n\nagentAddress udp:161,udp6:[::1]:161\n\nrocommunity public default\nrocommunity6 public default\n
Set sysLocation to the correct location for this device and set sysContact to the system administrator contact.
agentAddress configures which IPv4 and IPv6 the SNMP daemon should listen on.
Setting this to: agentAddress udp:161,udp6:[::1]:161 will set the server to listen on all IPv4 and IPv6 addresses.
Alternatively you can bind to a specific IP address as such:
agentAddress udp:192.168.1.5:161\n
This binds the SNMPD daemon to the IP address 192.168.1.5 on port 161. Set the desired community name, in this example we use public
rocommunity: rocommunity public\n
Last step is to restart the SNMPD service: sudo service snmpd restart
YOu can verify the SNMPD is started using: sudo service snmpd status
"},{"location":"collectors/probes/snmp/#freebsd","title":"FreeBSD","text":"Edit (as root) the file /etc/snmpd.config, find the following lines in the file:
location := \"Room 200\"\ncontact := \"sysmeister@example.com\"\n\nread := \"public\"\n\nwrite := \"geheim\"\ntrap := \"mytrap\"\n
Set location to the correct location for this device and set contact to the system administrator contact.
Set the desired community name, in this example we use public
read := \"public\"\n
Enable bsnmpd in /etc/rc.conf
Add this at the end of the file:
bsnmpd_enable=\"YES\"\n
Start snmpd:
service bsnmpd start\n
We recommend to unstall the bsnmp-ucd package for more complete monitoring.
Installing this package involves the following steps:
pkg_add -r bsnmp-ucd\n
Locate and uncomment the line in /etc/snmpd.config
begemotSnmpdModulePath.\"hostres\" = \"/usr/lib/snmp_hostres.so\"\n
Add the next line below the just uncommented line: begemotSnmpdModulePath.\"ucd\" = \"/usr/local/lib/snmp_ucd.so\"\n
When done restart the bsnmp daemon:
/etc/rc.d/bsnmpd restart\n
"},{"location":"collectors/probes/snmp/#debian-based-systems","title":"Debian based systems","text":"The first step is to install snmpd usingapt:
sudo apt install snmpd\n
The next step is configuring snmpd. For this we need to edit /etc/snmp/snmpd.conf. Prior to editing this file we suggest making a backup of the existing configuration. This can be done by using the following command:
sudo cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.bak\n
Example snmpd.conf file:
############# InfraSonar SNMP Config ##################\ncom2sec readonly default infrasonar\ngroup InfraSonarGroup v2c readonly\nview all included .1\naccess InfraSonarGroup \"\" any noauth exact all none none\nsyslocation planetearth\nsyscontact support@infrasonar.com\n
Note
The community string in the above example is set to infrasonar. Also note the settings for syslocation and syscontact.
Restart the SNMP daemon to make the configuration effective:
sudo service snmpd restart\n
Verify that the service is running correctly:
sudo service snmpd status\n
This should result in a similar output like this:
\u25cf snmpd.service - Simple Network Management Protocol (SNMP) Daemon.\n Loaded: loaded (/lib/systemd/system/snmpd.service; enabled; vendor preset: enabled)\n Active: active (running) since Thu 2021-07-29 10:37:24 CEST; 1s ago\n Process: 14393 ExecStartPre=/bin/mkdir -p /var/run/agentx (code=exited, status=0/SUCCESS)\n Main PID: 14394 (snmpd)\n Tasks: 1 (limit: 2358)\n Memory: 5.0M\n CGroup: /system.slice/snmpd.service\n \u2514\u250014394 /usr/sbin/snmpd -Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -f -p /run/snmpd.pid\n\nJul 29 10:37:24 donkey-kong systemd[1]: Starting Simple Network Management Protocol (SNMP) Daemon....\nJul 29 10:37:24 donkey-kong systemd[1]: Started Simple Network Management Protocol (SNMP) Daemon..\nJul 29 10:37:24 donkey-kong snmpd[14394]: NET-SNMP version 5.7.3\n
"},{"location":"collectors/probes/snmp/#centos","title":"CentOS","text":"You can find a guide on how to install SNMP on CentOS here.
"},{"location":"collectors/probes/snmp/#hp-proliant-hosts","title":"HP Proliant hosts","text":"The HP agents can be installed and queried on HP Proliant hosts using SNMP. This section describes the setup.
Add the following section to the repository file: /etc/yum.repos.d/hp.repo:
[HP-Proliant]\nname=HP Proliant Red Hat Enterprise Linux $releasever - $basearch\n#baseurl=ftp://ftp.redhat.com/pub/redhat/linux/enterprise/$releasever/en/os/$basearch/Debuginfo/\nbaseurl=http://downloads.linux.hp.com/SDR/downloads/ServicePackforProLiant/RedHat/$releasever/$basearch/current/\n#http://downloads.linux.hp.com/SDR/downloads/ServicePackforProLiant/RedHat/5/x86_64/current/\nenabled=1\ngpgcheck=0\ngpgkey=http://downloads.linux.hp.com/SDR/downloads/ServicePackforProLiant/GPG-KEY-ProLiantSupportPack\n
Install the HP agents:
yum install hp-snmp-agents hp-health\n
You will get additional questions about the desired configuration. This will update the snmpd.conf file.
Start the agents:
/sbin/hpsnmpconfig\n/etc/init.d/hp-snmp-agents start\n/etc/init.d/snmpd restart\n
"},{"location":"collectors/probes/snmp/#vwware","title":"VWware","text":""},{"location":"collectors/probes/snmp/#virtual-center-appliance","title":"Virtual center appliance","text":"The VMware virtual center appliance can be configured to be monitored using SNMP.
- Log in to the webinterface (https://ip:5480) using a root account.
- Enable shell access: access --> shell / ssh.
- Log in using SSH and execute the following commands:
snmp.set --port 161\nsnmp.set --communities public\nsnmp.enable\n
- Verify if the snmpd service is started:
shell.set --enabled.true\nshell\nservice snmpd status\n
- Add the SNMP-probe in InfraSonar.
"},{"location":"collectors/probes/snmp/#esxi","title":"ESXi","text":"For the monitoring appliance to query the ESXi host, the following modifications must be made to the /etc/snmp/snmpd.conf file. This can be achieved by logging on to the ESXi hosts using SSH.
rocommunity <RO_Community_String>\ntrapcommunity <TRAPS_Community_String>\ntrapsink <IP_ADDRESS_Monitoring_Appliance>\npublic syscontact <sysadmin_contact_email_address>\nsyslocation <system_location>\n
Where:
Variable Description <RO_Community_String> Read only community string. This string should be added to the host config. <TRAPS_Community_String> Enter a trap community string. InfraSonar does not use this. <IP_ADDRESS_Monitoring_Appliance> IP address of the monitoring appliance. <sysadmin_contact_email_address> optional Email address of the sysadmin. <system_location> optional Note describing the physical location of the device. For the modifications to take effect, the SNMPD must be restarted using the following command:
/etc/init.d/snmpd restart\n
"},{"location":"collectors/probes/snmp/#known-issues","title":"Known issues","text":""},{"location":"collectors/probes/snmp/#unable-to-derive-address-info","title":"Unable to derive address info","text":"InfraSonar derives the address info from the ifdescr oid 1.3.6.1.2.1.2.2.1.2
We have seen devices return data in a hexadecimal format which cannot be decoded.
The solution for now is to disable the ipAddress check on the asset.
"},{"location":"collectors/probes/snmp/apcups/","title":"APC UPS","text":""},{"location":"collectors/probes/snmp/apcups/#apc-ups","title":"APC UPS","text":""},{"location":"collectors/probes/snmp/apcups/#introduction","title":"Introduction","text":"The APC UPS probe uses the snmp protocol to perform its queries.
"},{"location":"collectors/probes/snmp/apcups/#features","title":"Features","text":"The APC UPS probe consist of a number of UPS specific checks:
Battery status Input/output frequency Input/output voltage UPS Load Temperature
"},{"location":"collectors/probes/snmp/apcups/#deployment","title":"Deployment","text":"Ensure the following section is added to your docker-compose template to enable the APC UPS probe:
apcups-probe:\n << : *infrasonar\n image: ghcr.io/infrasonar/apcups-probe\n
"},{"location":"collectors/probes/snmp/apcups/#credentials","title":"Credentials","text":"As the APC UPS probe uses SNMP the SNMP section in our credentials documentation is applicable for this probe. The probe configuration uses the apcups section as default in the InfraSonar credentials file.
"},{"location":"collectors/probes/snmp/apcups/#conditions","title":"Conditions","text":"The label APC UPS can be used to configure our default condition set.
"},{"location":"collectors/probes/snmp/apcups/#additional-information","title":"Additional information","text":" APC UPS probe source code
"},{"location":"collectors/probes/snmp/eaton/","title":"EATON","text":""},{"location":"collectors/probes/snmp/eaton/#eaton","title":"Eaton","text":""},{"location":"collectors/probes/snmp/eaton/#introduction","title":"Introduction","text":"The Eaton probe uses the snmp protocol to perform its queries.
"},{"location":"collectors/probes/snmp/eaton/#features","title":"Features","text":"The Eaton probe consist of a number of UPS specific checks:
Battery status Alarms Input, Bypass & Output measurement Environmental monitoring, temperature and humidity
"},{"location":"collectors/probes/snmp/eaton/#deployment","title":"Deployment","text":"Ensure the following section is added to your docker-compose template to enable the Eaton probe:
eaton-probe:\n << : *infrasonar\n image: ghcr.io/infrasonar/eaton-probe\n
"},{"location":"collectors/probes/snmp/eaton/#credentials","title":"Credentials","text":"As the Eaton probe uses SNMP the SNMP section in our credentials documentation is applicable for this probe. The probe configuration uses the eaton section as default in the InfraSonar credentials file.
"},{"location":"collectors/probes/snmp/eaton/#conditions","title":"Conditions","text":"The label Eaton UPS can be used to configure our default condition set.
"},{"location":"collectors/probes/snmp/eaton/#eaton-ups-input-source","title":"Eaton UPS input source","text":"A noteworthy condition is the Eaton UPS input source condition as this condition is triggered when the UPS lost it's main power.
An interesting use case for this condition is to setup a DutyCalls rule to notify on-call personal when main power is lost.
Good to known
As the UPS occasionally switches to battery power for a couple of seconds as part of its maintenance routine this condition potential get's triggered while all is well. To avoid sending incorrect notification we wait one cycle before sending out an alert.
As the check interval for this check is 1 minute sending out a notification for this event can potentially take a maximum off 2 minutes.
"},{"location":"collectors/probes/snmp/eaton/#operational","title":"Operational","text":""},{"location":"collectors/probes/snmp/eaton/#snmp-version","title":"SNMP version","text":"We noted we had to use SNMP version 1 in most scenario's we deployed this probe.
"},{"location":"collectors/probes/snmp/eaton/#additional-information","title":"Additional information","text":" - Vendor SNMP MIB information
- InfraSonar Eaton probe source code
"},{"location":"collectors/probes/snmp/hpilo/","title":"HP ILO","text":""},{"location":"collectors/probes/snmp/hpilo/#hp-ilo","title":"HP ILO","text":""},{"location":"collectors/probes/snmp/hpilo/#introduction","title":"Introduction","text":"The HP ILO probe uses the snmp protocol to perform its queries.
"},{"location":"collectors/probes/snmp/hpilo/#features","title":"Features","text":"The HP ILO probe consist of a number of specific checks:
System status (fan, power supply, memory, teperature cpu) HP Eventlog Array controller Storage (logical, phycial)
"},{"location":"collectors/probes/snmp/hpilo/#deployment","title":"Deployment","text":"Ensure the following section is added to your docker-compose template to enable the HP ILO probe:
hpilo-probe:\n << : *infrasonar\n image: ghcr.io/infrasonar/hpilo-probe\n
"},{"location":"collectors/probes/snmp/hpilo/#credentials","title":"Credentials","text":"As the HP ILO probe uses SNMP the SNMP section in our credentials documentation is applicable for this probe. The probe configuration uses the hpilo section as default in the InfraSonar credentials file.
"},{"location":"collectors/probes/snmp/hpilo/#conditions","title":"Conditions","text":"The label HP ILO can be used to configure our default condition set.
"},{"location":"collectors/probes/snmp/hpilo/#additional-information","title":"Additional information","text":" HP ILO probe source code
"},{"location":"collectors/probes/snmp/hpprocurve/","title":"HP ProCurve","text":""},{"location":"collectors/probes/snmp/hpprocurve/#hp-procurve","title":"HP ProCurve","text":""},{"location":"collectors/probes/snmp/hpprocurve/#introduction","title":"Introduction","text":"The HP ProCurve probe uses the snmp protocol to perform its queries.
"},{"location":"collectors/probes/snmp/hpprocurve/#features","title":"Features","text":"The HP ProCurve probe consist of a number of UPS specific checks:
CPU Memory Sensors
"},{"location":"collectors/probes/snmp/hpprocurve/#deployment","title":"Deployment","text":"Ensure the following section is added to your docker-compose template to enable the HP ProCurve probe:
hpprocurve-probe:\n << : *infrasonar\n image: ghcr.io/infrasonar/hpprocurve-probe\n
"},{"location":"collectors/probes/snmp/hpprocurve/#credentials","title":"Credentials","text":"As the HP ProCurve probe uses SNMP the SNMP section in our credentials documentation is applicable for this probe. The probe configuration uses the hpprocurve section as default in the InfraSonar credentials file.
"},{"location":"collectors/probes/snmp/hpprocurve/#conditions","title":"Conditions","text":"The label HP ProCurve can be used to configure our default condition set.
"},{"location":"collectors/probes/snmp/hpprocurve/#additional-information","title":"Additional information","text":" HP ProCurve probe source code
"},{"location":"collectors/probes/snmp/idrac/","title":"Dell iDRAC","text":""},{"location":"collectors/probes/snmp/idrac/#dell-idrac","title":"Dell iDRAC","text":""},{"location":"collectors/probes/snmp/idrac/#introduction","title":"Introduction","text":"The Dell iDRAC probe uses the snmp protocol to perform its queries.
"},{"location":"collectors/probes/snmp/idrac/#features","title":"Features","text":"The Dell iDRAC consist of a number of specific checks:
System status (fan, power supply, memory, teperature cpu) Eventlog Firmware
"},{"location":"collectors/probes/snmp/idrac/#deployment","title":"Deployment","text":"Ensure the following section is added to your docker-compose template to enable the HP ILO probe:
idrac-probe:\n << : *infrasonar\n image: ghcr.io/infrasonar/idrac-probe\n
"},{"location":"collectors/probes/snmp/idrac/#credentials","title":"Credentials","text":"As the Dell iDRAC probe uses SNMP the SNMP section in our credentials documentation is applicable for this probe. The probe configuration uses the idrac section as default in the InfraSonar credentials file.
"},{"location":"collectors/probes/snmp/idrac/#conditions","title":"Conditions","text":"The label HP ILO can be used to configure our default condition set.
"},{"location":"collectors/probes/snmp/idrac/#additional-information","title":"Additional information","text":" Dell iDRAC probe source code
"},{"location":"collectors/probes/snmp/synology/","title":"Synology","text":""},{"location":"collectors/probes/snmp/synology/#synology","title":"Synology","text":""},{"location":"collectors/probes/snmp/synology/#introduction","title":"Introduction","text":"The Synology probe uses the snmp protocol to perform its queries.
"},{"location":"collectors/probes/snmp/synology/#features","title":"Features","text":" System information Disk status RAID status Services IO
Docker supported Synology
Some Synology models support docker! You can utilize our docker agent to monitoring the containers running in the NAS.
You can also use the NAS to deploy our probes and utilize the NAS also a monitoring appliance. This works flawlessly as the InfraSonar resource usage is minimal.
"},{"location":"collectors/probes/snmp/synology/#deployment","title":"Deployment","text":"Ensure the following section is added to your docker-compose template to enable the Synology probe:
synology-probe:\n << : *infrasonar\n image: ghcr.io/infrasonar/synology-probe\n
"},{"location":"collectors/probes/snmp/synology/#credentials","title":"Credentials","text":"As the Synology probe uses SNMP the SNMP section in our credentials documentation is applicable for this probe. The probe configuration uses the synology section as default in the InfraSonar credentials file.
"},{"location":"collectors/probes/snmp/synology/#additional-information","title":"Additional information","text":" Synology probe source code
"},{"location":"collectors/probes/snmp/unifi/","title":"UniFi","text":""},{"location":"collectors/probes/snmp/unifi/#unifi","title":"UniFi","text":""},{"location":"collectors/probes/snmp/unifi/#introduction","title":"Introduction","text":"The UniFi probe uses the snmp protocol to perform its queries.
See also our API probe
You can also use our Unifi Controller and UniFi device collector.
"},{"location":"collectors/probes/snmp/unifi/#features","title":"Features","text":"The UniFi probe consist of a number of UPS specific checks:
System information Radio status VAP status
"},{"location":"collectors/probes/snmp/unifi/#deployment","title":"Deployment","text":"Ensure the following section is added to your docker-compose template to enable the UniFi probe:
unifi-probe:\n << : *infrasonar\n image: ghcr.io/infrasonar/unifi-probe\n
"},{"location":"collectors/probes/snmp/unifi/#credentials","title":"Credentials","text":"As the UniFi probe uses SNMP the SNMP section in our credentials documentation is applicable for this probe. The probe configuration uses the unifi section as default in the InfraSonar credentials file.
"},{"location":"collectors/probes/snmp/unifi/#additional-information","title":"Additional information","text":" UniFi probe source code
"},{"location":"collectors/probes/vmware/","title":"Index","text":""},{"location":"collectors/probes/vmware/#vmware","title":"VMware","text":""},{"location":"collectors/probes/vmware/#introduction","title":"Introduction","text":"InfraSonar has two probe to monitor VMware hypervisors:
Both probes use the VMware API to collect data.
We advise to always install bot the vCenter and the ESXi probes. For standalone ESXi host we created a specific label ensuring optimal monitoring for this scenario.
"},{"location":"collectors/probes/vmware/#features","title":"Features","text":"Two notable metrics we added to our guest monitoring:
Our default label for standalone ESXi hosts contains specific conditions for these metrics
"},{"location":"collectors/probes/vmware/#disk-bus-reset","title":"disk bus reset","text":"If a storage device is overwhelmed with too many read and write commands from an ESXi host, or if it encounters a hardware issue and fails to abort commands, it will clear out all commands waiting in its queue. This is called a disk bus reset. Disk bus resets are a sign of a disk storage bottleneck and can cause slower VM performance, as VMs will need to resend those requests. Disk bus resets typically do not occur in healthy vSphere environments, so you should investigate any VM with a positive value for the disk.bus.reset metric
"},{"location":"collectors/probes/vmware/#cpu-readiness","title":"CPU readiness","text":"The CPU readiness metric tracks the percentage of time a virtual machine is ready to run a workload but has to wait on the ESXi host to schedule it due to there not being enough physical CPU available. Monitoring CPU readiness time can give you a good idea of whether or not your VMs are running efficiently or spending too much time waiting and unable to run their workloads. While some CPU readiness time can be normal, VMware recommends setting an alert to let you know if this metric surpasses 5 percent. VMs that spend a significant percentage of their time in a ready state will be unable to execute tasks, which can lead to poor application performance and possibly timeout errors and downtime.
"},{"location":"collectors/probes/vmware/esx/","title":"ESXi","text":""},{"location":"collectors/probes/vmware/esx/#vmware-esxi","title":"VMware ESXi","text":""},{"location":"collectors/probes/vmware/esx/#introduction","title":"Introduction","text":"The VMware esx-probe uses the VMware API to monitor VMware ESXi hosts.
"},{"location":"collectors/probes/vmware/esx/#features","title":"Features","text":"THe ESXi probe can be used to monitor standalone VMware ESXi hosts as hosts part of a VMware V-center deployment.
We have a default label that contains specific conditions for monitoring stand alone ESXi hosts.
See our overall VMwware documentation for additional information.
- Configuration issues
- Hypervisor status
- Datastores
- Virtual datastore provisioning
- Actual capacity on the datastore
- Virtual capacity space actual virtually provisioned when using thin provisioning.
VMware guest monitoring
We offer a specific probe for VMware guest monitoring to retrieve even more in-depth metrics per virtual machine. See our VMware guest documentation for more information.
"},{"location":"collectors/probes/vmware/esx/#deployment","title":"Deployment","text":"The Vmware ESXi probe can best be deployed as a docker container using docker compose
"},{"location":"collectors/probes/vmware/esx/#configuration","title":"Configuration","text":""},{"location":"collectors/probes/vmware/esx/#credentials","title":"Credentials","text":"The VMware API requires a user account which is assigned the Read-only rol on each monitored ESXi host.
See the VMware documentation on how to setup a local account and assign this accountto the Read-only role.
The corresponding infrasonar.yaml 1 section when using for example infrasonar as user id looks as follows:
esx:\n config:\n username: infrasonar\n password: \"some_secure_passw0rd\"\n
Don't use root
We strongly advise setting up a separate user for monitoring to have a clear separation of responsibilities but also to avoid lock-out issues.
"},{"location":"collectors/probes/vmware/esx/#operational","title":"Operational","text":""},{"location":"collectors/probes/vmware/esx/#known-issues","title":"Known issues","text":""},{"location":"collectors/probes/vmware/esx/#cached-api-response","title":"Cached API response","text":"Sometimes InfraSonar reports different values than VMware consoles.
The cause for this is that the VMware API sends cached data as a response to queries.
The solution to mitigate this situation is to clean the VMware cache using the following commands on the affected ESXi host:
localcli hardware ipmi sel clear\netc/init.d/sfcbd-watchdog restart\netc/init.d/hostd restart\netc/init.d/vpxa restart\n
"},{"location":"collectors/probes/vmware/esx/#additional-information","title":"Additional information","text":" esx probe source code
-
Passwords are encrypted on the appliance the moment the file is saved, see our credentials documentation \u21a9
"},{"location":"collectors/probes/vmware/vcenter/","title":"vCenter","text":""},{"location":"collectors/probes/vmware/vcenter/#vmware-vcenter","title":"VMware vCenter","text":""},{"location":"collectors/probes/vmware/vcenter/#introduction","title":"Introduction","text":"The vcenter-probe uses the VMware API to monitor VMware Virtual center hosts.
"},{"location":"collectors/probes/vmware/vcenter/#features","title":"Features","text":" - vCenter alarms
- Cluster status
- Hypervisor hosts
- Datastores
VMware guest monitoring
We offer a specific probe for VMware guest monitoring to retrieve even more in-depth metrics per virtual machine. See our VMware guest documentation for more information.
"},{"location":"collectors/probes/vmware/vcenter/#deployment","title":"Deployment","text":"The vCenter probe can best be deployed as a docker container using docker compose
"},{"location":"collectors/probes/vmware/vcenter/#probe-configuration","title":"Probe configuration","text":""},{"location":"collectors/probes/vmware/vcenter/#credentials","title":"Credentials","text":"The VMware API requires a user account which is assigned the Read-only rol to access monitoring data on VMware vCenter appliance.
"},{"location":"collectors/probes/vmware/vcenter/#vcenter-integrated-with-ad","title":"vCenter integrated with AD","text":"When vCenter is integrated with Active Directory (AD), you will find a group in vCenter that has a corresponding group in AD.
Simply create a user with read-only permissions for your vCenter environment in AD and add it to the corresponding AD group. Your credentials for vCenter will be in the format of username@windows.domain.
The corresponding infrasonar.yaml 1 section when using for example infrasonar@vsphere.local as user id looks as follows:
vcenter:\n config:\n username: infrasonar@windows.domain\n password: \"some_secure_passw0rd\"\n
"},{"location":"collectors/probes/vmware/vcenter/#vcenter-standalone","title":"vCenter standalone","text":"When vCenter is not integrated with AD, you will create a new read-only user in your vSphere client and grant this account read-only access.
See the VMware documentation on how to setup a local @windows.domain account and how to grant this account read-only access.
The corresponding infrasonar.yaml 1 section in this scenario:
vcenter:\n config:\n username: infrasonar@vsphere.local\n password: \"some_secure_passw0rd\"\n
"},{"location":"collectors/probes/vmware/vcenter/#additional-information","title":"Additional information","text":" vcenter probe source code
-
Passwords are encrypted on the appliance the moment the file is saved, see our credentials documentation \u21a9\u21a9
"},{"location":"collectors/probes/vmware/vmwareguest/","title":"VMware guest","text":""},{"location":"collectors/probes/vmware/vmwareguest/#vmware-guest","title":"VMware guest","text":""},{"location":"collectors/probes/vmware/vmwareguest/#introduction","title":"Introduction","text":"The VMware guest uses the VMware API to monitor VMware guests on either ESXi or VMware vCenter.
Note
The VMware guest probes requires the VMware vcenter or VMware ESXi probe to be installed first as these act as a \"proxy\" for the guest queries.
"},{"location":"collectors/probes/vmware/vmwareguest/#features","title":"Features","text":"The VMware guest probe offers a deep inside into individual virtual machines running on VMware:
- Overview
- CPU Readiness
- Disk bus resets
- Virtual disks
- Snapshots
- VMware tools version
"},{"location":"collectors/probes/vmware/vmwareguest/#deployment","title":"Deployment","text":"The VMware guest probe can best be deployed as a docker container using docker compose.
"},{"location":"collectors/probes/vmware/vmwareguest/#probe-configuration","title":"Probe configuration","text":"Hypervisor Address of the hypervisor you want to query, usually you would use the IP or FQDN of the Vcenter asset used to managed the VMware cluster. When using an ESXi without Vcenter you can also enter the IP or FQDN of the ESXi host here.
Instance UUID You can lookup the instance UUID on the details page of the asset you want specified as hypervisor
Credentials As the VMware guest connects to a VMware vCenter host or ESXi host we urge you to use the same credentials for the VMware guest queries.
When monitoring guests running on a standalone ESXi environment you can use esx and when monitoring guest on Vcenter managed environment use vcenter
You can automate this step using our toolkit and VMware guests report.
Please reach out to support for additional information.
"},{"location":"collectors/probes/vmware/vmwareguest/#additional-information","title":"Additional information","text":" vcenter probe source code
"},{"location":"collectors/probes/wmi/","title":"Index","text":""},{"location":"collectors/probes/wmi/#wmi","title":"WMI","text":""},{"location":"collectors/probes/wmi/#introduction","title":"Introduction","text":"InfraSonar can use the WMI protocol to monitor Microsoft Windows hosts without installing an agent on them. Monitoring in this scenario is performed by periodically querying the Windows host using WQL queries.
InfraSonar uses the open source aiowmi library released in 2021 by Cesbit.
"},{"location":"collectors/probes/wmi/#features","title":"Features","text":" - CPU, memory and disk utilization
- Network utilization
- Windows services
- Domain information for domain joined hosts
- Time drift
- Process information
- User information
- Local sessions
- Remote sessions (RDP)
- Configured shares
- Installed software (as reported by add/remove programs)
- Installed Windows updates
- VSS usage
"},{"location":"collectors/probes/wmi/#deployment","title":"Deployment","text":"The WMI probe is deployed as a docker container using docker compose.
"},{"location":"collectors/probes/wmi/#probe-configuration","title":"Probe configuration","text":""},{"location":"collectors/probes/wmi/#credentials","title":"Credentials","text":"The WMI-probe requires a service account with domain admin rights or a local administrative to perform the WMI queries.
While it is possible to configure a regular user with additional DCOM permissions we feel this provides a false sense of security as the DCOM privileges required are quite broad.
"},{"location":"collectors/probes/wmi/#checks","title":"Checks","text":""},{"location":"collectors/probes/wmi/#best-practices","title":"Best practices","text":""},{"location":"collectors/probes/wmi/#operational","title":"Operational","text":""},{"location":"collectors/probes/wmi/#firewall-requirements","title":"Firewall requirements","text":"The WMI-probe requires no configuration on the monitored asset, other then access via the WMI protocol.
"},{"location":"collectors/probes/wmi/#local-firewall","title":"Local firewall","text":"If the Microsoft Windows local firewall is enabled, you will need to allow \"Windows Management Instrumentation\" traffic.
To enable or disable WMI traffic using the firewall UI
- In the Control Panel, click on Security and then click on Windows Firewall.
- Click on Change Settings and then click on the Exceptions tab.
- In the Exceptions window, select the check box for Windows Management Instrumentation (WMI) to enable WMI traffic through the firewall. To disable WMI traffic, clear the check box.
Tip
Windows 11 has a special firewall that only allows access from hosts inside the same local subnet.
To enable WMI traffic at command prompt using WMI rule group
We can easily allow remote WMI using the following set of netsh commands:
netsh advfirewall firewall set rule group=\"Windows Management Instrumentation (WMI-In)\" new enable=yes\nnetsh advfirewall firewall set rule group=\"Windows Management Instrumentation (DCOM-In)\" new enable=yes\nnetsh advfirewall firewall set rule group=\"Windows Management Instrumentation (ASync-In)\" new enable=yes\n
"},{"location":"collectors/probes/wmi/#corporate-firewall","title":"Corporate firewall","text":"When monitoring hosts which are located behind a firewall, for example hosts in a DMZ, the firewall must be configured to allow WMI.
To comply with Internet Assigned Numbers Authority (IANA) recommendations, Microsoft has increased the dynamic client port range for outgoing connections in Windows Vista and Windows Server 2008. The new default start port is 49152, and the new default end port is 65535. This is a change from the configuration of earlier versions of Windows that used a default port range of 1025 through 5000.
- Windows server below 2008, access for the RPC Endpoint Mapper (135) as well as WMI (variable port range, by default 1024-5000) should be granted.
- Windows server 2008 and higher versions. access for the RPC Endpoint Mapper (135) as well as WMI (variable port range, by default 49152-65535) should be granted.
You can lookup the dynamic port range actually used by the Windows host using these commands:
netsh int ipv4 show dynamicport tcp\nnetsh int ipv4 show dynamicport udp\nnetsh int ipv6 show dynamicport tcp\nnetsh int ipv6 show dynamicport udp\n
Note
The range is set separately for each transport (TCP or UDP).
The port range is now truly a range that has a starting point and an ending point.
Microsoft customers who deploy servers that are running Windows Server 2008 may have problems that affect RPC communication between servers if firewalls are used on the internal network.
In these situations, we recommend that you reconfigure the firewalls to allow traffic between servers in the dynamic port range of 49152 through 65535.
This range is in addition to well-known ports that are used by services and applications. Or, the port range that is used by the servers can be modified on each server.
You adjust this range by using the netsh command, as follows: netsh int set dynamic start= number num= range. This command sets the dynamic port range for TCP. The start port is number, and the total number of ports is range."},{"location":"collectors/probes/wmi/#none-domain-credentials","title":"None domain credentials","text":"
None domain members
This is only required for hosts that are not a member of your Windows domain or when using a local account is required due to other circumstances.
By default only the true local administrator account can be used for remote WMI queries. You can use the following steps to create a local account:
- Create a local account and ensure the account is member of the group Remote Management Users.
- Authorize CIMV2 access:
- Open the WMI management console
wmimgmt.msc. - Right click WMI Control (Local) and select properties from the menu.
- Select the security tab.
- Browse to Root\\CIMV2.
- Click the button labeled security.
- Authorize COM access:
- Start the component Services console.
- Browse in the left pane to: Component Services \\ Computers.
- Right click My Computer and select **properties from the menu.
- Open the tab COM Security.
- Click Edit Limits in the Access Permissions pane.
- Add the account used for monitoring using the Add button.
- Ensure the account has Remote Access permissions.
- Close the access permission screen by clicking OK.
- Click on Edit Limits in the Launch and Activation Permissions pane.
- Add the account used for monitoring using the Add button.
- Ensure to allow: Local Launch, Remote Launch, Local Activation and Remote Activation.
- Close the windows by clicking OK twice and exit the Component Services console.
See also our WMI trouble shooting section about remote-UAC as you might need to disable this.
"},{"location":"collectors/probes/wmi/#microsoft-windows-server-2003","title":"Microsoft Windows server 2003","text":"You should ensure Management and Monitoring Tools are installed using Add/remove windows components
The software and updates check might not work as expected, we advise you to turn off these checks.
"},{"location":"collectors/probes/wmi/#microsoft-isa-server","title":"Microsoft ISA Server?","text":"Monitoring a Microsoft ISA server requires the following rules on the ISA server:
- Allow traffic from the monitoring appliance to localhost for all protocols.
- Within this rule, filtering \"Enforce strict RPC compliance\" must be disabled.
"},{"location":"collectors/probes/wmi/#known-issues","title":"Known issues","text":"See our troubleshooting section for known issues and ways to troubleshot WMI queries.
"},{"location":"collectors/probes/wmi/#additional-information","title":"Additional information","text":" Microsoft WMI probe source code
"},{"location":"collectors/probes/wmi/eventlog/","title":"EventLog","text":""},{"location":"collectors/probes/wmi/eventlog/#eventlog","title":"Eventlog","text":""},{"location":"collectors/probes/wmi/eventlog/#introduction","title":"Introduction","text":"The Hyper-V guest probes uses WMI to to monitor Microsoft Windows eventlog's.
"},{"location":"collectors/probes/wmi/eventlog/#features","title":"Features","text":" - Specific eventID's
- Predefined security IDS's
"},{"location":"collectors/probes/wmi/eventlog/#deployment","title":"Deployment","text":"The eventlog probe is deployed as a docker container using docker compose.
"},{"location":"collectors/probes/wmi/eventlog/#probe-configuration","title":"Probe configuration","text":"Deployment of the eventlog probe is the simulair to deploying the WMI probe as it is in essence an extension of the WMI probe.
Address Address of the eventlog host you want to query, in most cases this is the same address as used for the WMI probe.
Local conguration In most scenarios setting this to wmi is fine as this is the default section for WMI credentials. See our credentials documentation for more advanced implementation scenarios.
"},{"location":"collectors/probes/wmi/eventlog/#additional-information","title":"Additional information","text":""},{"location":"collectors/probes/wmi/eventlog/#security-eventlog-ids-monitored","title":"Security eventlog ID's monitored","text":"ID Description 4624 Successful account log on 4625 Failed account log on 4634 An account logged off 4648 A logon attempt was made with explicit credentials 4719 System audit policy was changed. 4964 A special group has been assigned to a new log on 1102 Audit log was cleared. This can relate to a potential attack 4720 A user account was created 4722 A user account was enabled 4723 An attempt was made to change the password of an account 4725 A user account was disabled 4728 A user was added to a privileged global group 4732 A user was added to a privileged local group 4756 A user was added to a privileged universal group 4738 A user account was changed 4740 A user account was locked out 4767 A user account was unlocked 4735 A privileged local group was modified 4737 A privileged global group was modified 4755 A privileged universal group was modified 4772 A Kerberos authentication ticket request failed 4777 The domain controller failed to validate the credentials of an account. 4782 Password hash an account was accessed 4616 System time was changed 4657 A registry value was changed 4697 An attempt was made to install a service 4698 A scheduled task was created 4699 A scheduled task was deleted 4700 A scheduled task was enabled 4701 A scheduled task was disabled 4702 A scheduled task was updated 4946 A rule was added to the Windows Firewall exception list 4947 A rule was modified in the Windows Firewall exception list 4950 A setting was changed in Windows Firewall 4954 Group Policy settings for Windows Firewall has changed 5025 The Windows Firewall service has been stopped 5031 Windows Firewall blocked an application from accepting incoming traffic 5152 A network packet was blocked by Windows Filtering Platform 5153 A network packet was blocked by Windows Filtering Platform 5155 Windows Filtering Platform blocked an application or service from listening on a port 5157 Windows Filtering Platform blocked a connection 5447 A Windows Filtering Platform filter was changed 4663 Attempt made to access object 4688 A new process has been created 4670 Permissions on an object were changed 4672 Special privileges assigned to new logon Windows Event Log probe source code
"},{"location":"collectors/probes/wmi/hyperv/","title":"Hyper-V","text":""},{"location":"collectors/probes/wmi/hyperv/#hyperv","title":"HyperV","text":""},{"location":"collectors/probes/wmi/hyperv/#introduction","title":"Introduction","text":"The Hyper-V guest probes uses WMI to to monitor Microsoft Windows Hyper-V hosts.
"},{"location":"collectors/probes/wmi/hyperv/#features","title":"Features","text":""},{"location":"collectors/probes/wmi/hyperv/#deployment","title":"Deployment","text":"The HyperV probe is deployed as a docker container using docker compose.
"},{"location":"collectors/probes/wmi/hyperv/#probe-configuration","title":"Probe configuration","text":"Deployment of the Hyper-V probe is the simulair to deploying the WMI probe as it is in essence an extension of the WMI probe.
Address Address of the Hyper-V host you want to query, in most cases this is the same address as used for the WMI probe.
Local conguration In most scenarios setting this to wmi is fine as this is the default section for WMI credentials. See our credentials documentation for more advanced implementation scenarios.
"},{"location":"collectors/probes/wmi/hyperv/#additional-information","title":"Additional information","text":" Microsoft Hyper-V guest probe source code
"},{"location":"collectors/probes/wmi/hyperv/#additional-information_1","title":"Additional information","text":" Microsoft Hyper-V probe source code
"},{"location":"collectors/probes/wmi/hypervguest/","title":"Hyper-V guest","text":""},{"location":"collectors/probes/wmi/hypervguest/#hyper-v-guest","title":"Hyper-V guest","text":""},{"location":"collectors/probes/wmi/hypervguest/#introduction","title":"Introduction","text":"The Hyper-V guest probes uses WMI to to monitor Microsoft Windows Hyper-V guests.
Note
The Microsoft Hyper-V guest probes requires the Hyper-V probe to be installed first as these act as a \"proxy\" for the guest queries.
"},{"location":"collectors/probes/wmi/hypervguest/#features","title":"Features","text":" - Guest status as provided by the
Msvm_ComputerSystem class
"},{"location":"collectors/probes/wmi/hypervguest/#deployment","title":"Deployment","text":"The HyperV- guest probe is deployed as a docker container using docker compose.
"},{"location":"collectors/probes/wmi/hypervguest/#probe-configuration","title":"Probe configuration","text":"Hypervisor Address of the hypervisor you want to query, usually you would use the IP or FQDN of the Hyper-V host.
GUID You can lookup the GUUID on the details page of the asset you want specified as Hyper-V host
Local conguration As the Hyper-V guest connects to the Hyper-V host we urge you to use the same credentials for the Hyper-V guest queries. When Hyper-V is deployed in a windows domain you can set local configuration to wmi as this section is the default section for domain credentials.
See also our credentials documentation.
You can automate this step using our toolkit and the Hyper-V guests report.
Please reach out to support for additional information.
"},{"location":"collectors/probes/wmi/hypervguest/#additional-information","title":"Additional information","text":" Microsoft Hyper-V guest probe source code
"},{"location":"collectors/probes/wmi/wmi-troubleshooting/","title":"WMI troubleshooting","text":""},{"location":"collectors/probes/wmi/wmi-troubleshooting/#manual-query","title":"Manual query","text":"You can test WMI access from a Windows host or the Linux appliance.
"},{"location":"collectors/probes/wmi/wmi-troubleshooting/#linux-appliance","title":"Linux appliance","text":"WMI command line query for the Linux appliance or any host running Docker.
docker run --rm -it \\\n --network host \\\n ghcr.io/infrasonar/wmi-probe \\\n pywmitool \\\n -a <computername or IP> \\\n -u userid> \\\n -d <domain> \\\n -q \"SELECT Name FROM Win32_OperatingSystem\"\n
"},{"location":"collectors/probes/wmi/wmi-troubleshooting/#windows-host","title":"Windows host","text":"You can test if WMI is working correctly on a Windows host by using the wbemtest command:
wbemtest\nnamespace \\\\<computername or IP>\\root\\cimv2\nquery\nselect name from win32_computersystem\n
Note
Make sure to replace <domain>, <userid>, and <computername or IP> with the correct values.
"},{"location":"collectors/probes/wmi/wmi-troubleshooting/#wmi-probe-known-issues","title":"WMI-probe - Known issues","text":""},{"location":"collectors/probes/wmi/wmi-troubleshooting/#access-denied","title":"Access denied","text":"There are various possible solutions for an access denied error.
"},{"location":"collectors/probes/wmi/wmi-troubleshooting/#winrm-quickconfig","title":"winrm quickconfig","text":"Run the following command to verify the configuration:
commandwinrm quickconfig\n
This should result in an output similar to the example output below:
outputWinRM service is already running on this machine.\nWinRM is not set up to allow remote access to this machine for management.\nThe following changes must be made:\n\nConfigure LocalAccountTokenFilterPolicy to grant administrative rights remotely\nto local users.\n\nMake these changes [y/n]? y\n\nWinRM has been updated for remote management.\n\nConfigured LocalAccountTokenFilterPolicy to grant administrative rights remotely\n to local users.\n
"},{"location":"collectors/probes/wmi/wmi-troubleshooting/#verify-security-policy-settings","title":"Verify Security Policy settings","text":"In Security Settings --> Local Policies --> Security Options check these settings:
- Network access
- Do not allow storage of passwords and credentials for network authentication, must be DISABLED.
- Sharing and security model for local accounts must be set to CLASSIC.
Typically we see these settings configured via Group Policy for standalone systems. These are part of the Local Security Policy.
"},{"location":"collectors/probes/wmi/wmi-troubleshooting/#lan-manager-authentication-level","title":"LAN Manager authentication level","text":"LAN Manager authentication level can cause the query error: NTSTATUS: NT_STATUS_ACCESS_DENIED:
- Start the group policy editor
gpedit.msc. - Browse to:
- Computer Configuration
- Windows Settings
- Security Settings
- Local Policies
- Security Options
- Verify if Network security: LAN Manager authentication level is set to:
Send LM & NTLM - use NTLMv2 session security if negotiated.
"},{"location":"collectors/probes/wmi/wmi-troubleshooting/#remote-uac","title":"Remote UAC","text":"If you are monitoring a non-domain Windows asset you might see the notification unable to authenticate: ACCESS_DENIED (5)
This might happens if you don't use the local administrator account itself but instead created a separate account, even if this is a member of the local administrators group.
To fix this you need to disable remote User Account Control (UAC). Disabling remote user account control does not disable local UAC functionality.
To disable remote UAC for a workgroup computer:
- Using an administrator account, logon the computer you want to monitor.
- Go to Start \u2192 Accessories \u2192 Command Prompt. Type
regedit - Browse to the key:
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System - Locate or create a DWORD entry named
LocalAccountTokenFilterPolicy and provide a DWORD value of 1. To re-enable remote UAC, change this value to 0.
"},{"location":"collectors/probes/wmi/wmi-troubleshooting/#wmi-error-0x80041010","title":"WMI error 0x80041010","text":"Performance counter based checks such as:
- base.cpu
- base.uptime
- base.volume-io
Might give the following WMI Query error:
WMI Query error occured, error message: NTSTATUS: NT code 0x80041010 - NT code 0x80041010
To resolve this error, use the following command on the troubled host:
%windir%\\system32\\wbem\\wmiadap.exe /f\n
"},{"location":"collectors/probes/wmi/wmi-troubleshooting/#fix-broken-wmi-setup","title":"Fix broken WMI setup","text":""},{"location":"collectors/probes/wmi/wmi-troubleshooting/#rebuild-the-wmi-repository","title":"Rebuild the WMI repository","text":"On Windows XP and above you can use the following command to rebuild the WMI repository:
rundll32 wbemupgd, UpgradeRepository\n
"},{"location":"collectors/probes/wmi/wmi-troubleshooting/#reinstall-wmi-in-the-registry","title":"Reinstall WMI in the registry","text":"The following commands will reinstall WMI in the registry:
winmgmt /clearadap\nwinmgmt /kill\nwinmgmt /unregserver\nwinmgmt /regserver\nwinmgmt /resyncperf\n
"},{"location":"collectors/probes/wmi/wmi-troubleshooting/#broken-performance-counters","title":"Broken performance counters","text":"To rebuild all Performance counters including extensible and third-party counters, enter the following commands in an Administrative command prompt. Press ENTER after each command.
Rebuilding the counters:
cd c:\\windows\\system32\nlodctr /R\ncd c:\\windows\\sysWOW64\nlodctr /R\n
Resyncing the counters with Windows Management Instrumentation (WMI):
WINMGMT.EXE /RESYNCPERF\n
Stop and restart the Performance Logs and Alerts service. Stop and restart the Windows Management Instrumentation service.
"},{"location":"collectors/probes/wmi/wmi-troubleshooting/#disk-performance-data-missing","title":"Disk performance data missing","text":"Enable Disk performance counters using the following command:
DISKPERF -Y\n
You will receive the following message:
Disk performance counters on this system are now set to start at boot. This change will take effect after the system is rebooted.
See also: kb102020.
"},{"location":"collectors/probes/wmi/wmi-troubleshooting/#access-denied-on-select-from-win32_service","title":"Access denied on SELECT * FROM Win32_Service","text":"Run the following command in an administrative prompt:
sc sdset SCMANAGER D:(A;;CCLCRPRC;;;AU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;BA)S:(AU;FA;KA;;;WD)(AU;OIIOFA;GA;;;WD)\n
"},{"location":"collectors/probes/wmi/wmi-troubleshooting/#reverse-dns","title":"Reverse DNS","text":"WMI can fail when querying on an IP address, if reverse DNS is not ok.
"},{"location":"collectors/probes/wmi/wmi-troubleshooting/#netlogon-service","title":"Netlogon service","text":"Verify that the Netlogon service is running and set to start automatically.
"},{"location":"collectors/services/","title":"Services","text":"A service collector is used to monitor a global service such as, for example, the status of Microsoft 365, AWS health, Google Cloud status, etc. The collected service status is reported back to all interested containers.
"},{"location":"collectors/services/#ipv4-addresses","title":"IPv4 addresses","text":"Our services run in our cloud platform and use the following IPv4 addresses:
- 34.90.55.73
- 34.90.105.247
Ensure assets you want to monitor using a service are allowed to be accessed from these IP addresses.
"},{"location":"collectors/services/last_seen/","title":"Last seen","text":""},{"location":"collectors/services/last_seen/#last-seen","title":"Last Seen","text":""},{"location":"collectors/services/last_seen/#introduction","title":"Introduction","text":"The last seen service is a service running in the InfraSonar backend responsible for retrieving the latest timestamp we retrieved a check result for an asset.
"},{"location":"collectors/services/last_seen/#deployment","title":"Deployment","text":"The last seen service requires no configuration and can easily be deployed to an asset by adding the last seen collector to the asset.
"},{"location":"collectors/services/mailroundtrip/","title":"MailRoundTrip service","text":""},{"location":"collectors/services/mailroundtrip/#description","title":"Description","text":"The InfraSonar MailRoundTrip service is a synthetic monitor verifying the complete email flow. The steps below outline the email roundtrip for mailroundtrip@example.org:
- The first step is to lookup all MX records for
example.org. - Our MailRoundTrip service sends an email to all MX records.
- The receiving email server is configured to automatically forward all mail sent to the probe address. In our case
mailroundtrip@example.org is forwarded to mail@mrt.infrasonar.com.
This approach ensures all components such, as DNS, internet connection, email filtering, and email server components involved in receiving and sending email, are part of the measurement.
Note
Sending an email to all MX records ensures the email fallback scenarios work when you need to rely on them.
"},{"location":"collectors/services/mailroundtrip/#deployment","title":"Deployment","text":""},{"location":"collectors/services/mailroundtrip/#service-configuration","title":"Service configuration","text":"The only required configuration property for the MailRoundTrip service is the mail domain. So in our case this would be: mailroundtrip@example.org
"},{"location":"collectors/services/mailroundtrip/#mail-service","title":"Mail service","text":"The email service you want to monitor example.org needs to forward messages send to mailroundtrip@example.org to mail@mrt.infrasonar.com
Note
Ensure you forward these emails without storing them in your email database or use a routine to automatically cleanup the messages to avoid digital waste.
"},{"location":"collectors/services/mailroundtrip/#microsoft-exchange-configuration","title":"Microsoft Exchange Configuration","text":"The email roundtrip flow works as follows on a Microsoft Exchange infrastructure:
- The central monitoring server sends an email to a pre-configured user.
- The Exchange user auto-forwards the message to the email contact, which is the email address used by the central monitoring server.
- The central server receives and parses the message.
"},{"location":"collectors/services/mailroundtrip/#detailed-configuration-guides","title":"Detailed configuration guides","text":" - Google Workspace
- Microsoft 365
- Microsoft Exchange 2003
- Microsoft Exchange 2010
"},{"location":"collectors/services/mailroundtrip_google_workspace/","title":"Google workspace","text":" - Open the Google Admin Console.
- Navigate to: Apps > Google Workspace > Gmail.
- Select Default routing:
- Click on ADD ANOTHER RULE:
- In the section Specify envelope recipients to match, select Single recipient and enter the email address: mailroundtrip@. Where is your email domain.
- In the section If the envelope recipient matches the above, select Change envelope recipient, set Replace recipient* and enter:
mail@mrt.infrasonar.com. - Under Spam, select Bypass spam filter for this message.
- Click Save.
"},{"location":"collectors/services/mailrountrip_exchange2003/","title":"Microsoft Exchange 2003","text":"Start the \"Active Directory Users and Computers\" tool on a server, which also contains the Exchange 2003 management tools. Usually the exchange or SBS server.
"},{"location":"collectors/services/mailrountrip_exchange2003/#create-a-receiving-mailbox-user","title":"Create a receiving mailbox user","text":" - Create a new user in the for your organization correct OU:
- Provide the Full name. We recommend using: Mail Round Trip Monitoring Receive mailbox.
- Provide the User logon name. We recommend: mailroundtrip.
- Click on Next to continue.
- Password options:
- Enter a secure password. This password is not used and can be changed anytime.
- Select \"User cannot change password\" and \"Password never expires\".
- Click on Next to continue.
- Create the actual mailbox:
- Usually you can leave this default. Adjust the Server and mailbox store if required.
- Finish the creation of the user:
- Verify the configuration.
- Click on Finish to finalize the user creation process.
"},{"location":"collectors/services/mailrountrip_exchange2003/#create-a-return-mail-contact","title":"Create a return mail contact","text":"Add a mail contact. This contact is required to forward the mail back to the monitoring host.
- Right click in the organization unit where you want to create the mail contact.
- Select Cew -> Contact.
- Enter the contact details:
- Provide a Full name, we suggest: Mail Round Trip Monitoring Return Address.
- Click on Next to continue.
- Add the SMTP address:
- Click on Modify:
- Select SMTP Address.
- Click on OK.
- Enter the return email address:
- Enter the return mail address in the E-mail address field: mail@mrt.infrasonar.com.
- Click on OK.
- Finish:
- Verify the settings.
- Click on Next to continue.
- Click on Finish.
"},{"location":"collectors/services/mailrountrip_exchange2003/#hide-the-return-mail-contact","title":"Hide the return mail contact","text":"We suggest hiding the contact from the address-book, so details will not be shown to end-users.
- Right-click on the Mail Round Trip Monitoring Return Address contact you just created and select Properties.
- Open the Exchange advanced tab.
- Select Hide from Exchange address lists.
- Click on OK.
"},{"location":"collectors/services/mailrountrip_exchange2003/#modify-the-receive-mailbox-user","title":"Modify the receive mailbox user","text":" - Double click on the previously created Mail Round Trip Monitoring Receive mailbox user.
- Open the Exchange Features tab:
- Disable all features.
- Open the Exchange Advanced tab:
- Enable Hide from Exchange address lists.
- Open the \"Exchange General\" tab:
- Click on Delivery options.
- Click on Modify.
- Enter the Mail Round Trip Monitoring Return Address.
- Click on Ok three times.
"},{"location":"collectors/services/mailrountrip_exchange2010/","title":"Microsoft Exchange 2010","text":"Start the Microsoft \"Exchange Management Console\" on a server which also contains the Exchange 2010 management tools. This console can usually be found on the Microsoft Exchange or SBS server.
"},{"location":"collectors/services/mailrountrip_exchange2010/#create-a-new-mailbox","title":"Create a new mailbox","text":" - Right click on Mailbox under Recipient Configuration:
- Select New Mailbox.
- Select User Mailbox.
- Click on Next.
- Select New User.
- Click on Next.
- Provide User Information:
- Provide the Full name, we recommend using: Mail Round Trip Monitoring Receive mailbox.
- Provide the User logon name, we recommend: mailroundtrip.
- Provide a password. (Note: this password is not used anywhere so any random password will suffice)
- Optionally select the OU were you want this account to be created.
- Click on Next to continue.
- Specify mailbox settings:
- Optionally select the mailbox database, were you want the mailbox to reside.
- Click on Next to continue.
- Set archive settings:
- Select Don't create an archive. This mailbox does not contain any email.
- Click on Next to continue.
- Review settings:
- Click on New to create the new mailbox.
- Click on Finish.
"},{"location":"collectors/services/mailrountrip_exchange2010/#create-a-return-mail-contact","title":"Create a return mail contact","text":"Create a mail contact containing the mail round trip return address.
- Open Recipient configuration.
- Right click on Mail contact.
- Select New Mail Contact.
- Create a new mail contact:
- Select New Contact.
- Click on Next.
- Provide a Full name, we suggest: Mail Round Trip Monitoring Return Address.
- Enter an alias, we suggest: mailroundtripreturn.
- Click on the Edit... button:
- Enter the following return email address in the E-mail address field: mail@mrt.infrasonar.com.
- Click on Next:
- Review settings.
- Click on New to create the mail contact:
- Verify that the mail contact was created successfully:
- Click on Finish.
"},{"location":"collectors/services/mailrountrip_exchange2010/#modify-the-return-contact","title":"Modify the return contact","text":" - Right click on on the previously created mail contact.
- Select Properties from the dropdown menu.
- Open the General tab:
- Enable Hide from exchange address lists.
- Click on OK to close the dialog.
"},{"location":"collectors/services/mailrountrip_exchange2010/#modify-the-receive-mailbox-user","title":"Modify the receive mailbox user","text":"Forward all mail to the \"Mail Round Trip Monitoring Mailbox\" from the previously created \"Mail Round Trip Monitoring Return Address\" contact.
- Right click on the previously created receive mailbox user.
- Select Properties from the drop down menu:
- Open the General tab:
- Enable Hide from exchange address lists.
- Open the Mail Flow Settings tab.
- Double click on Delivery Options:
- Select the Forward to selection box.
- Click on Browse:
- Select the \"Mail Round Trip Monitoring Return Address\" contact.
- Click on OK.
- Click on OK to close the previous screen.
"},{"location":"collectors/services/mailrountrip_microsoft365/","title":"Microsoft 365 mail roundtrip","text":"Using contacts is the easiest way to setup the mail roundtrip in Microsoft 365.
It is also possible to use a mailbox instated of a contact for receiving email and setup a forwarding rule on the mailbox. This requires you however tot turn off allow external forwarding which is not a Microsoft best practice.
"},{"location":"collectors/services/mailrountrip_microsoft365/#create-two-contacts","title":"Create two contacts","text":" - Open the Microsoft 365 admin center
- Open the users menu and then select contacts
- Click add contact to create a mailroundtrip contact for receiving emails
- Set Display name to: mailrountrip-receive
- Set Email to: mailrountrip-receive@365.test-technolgy.nl
- Enable: Hide from my organization's global address list
- Click add contact again to create the mailroundtrip contact forward to account
- Set Display name to: mailrountrip-infrasonar
- Set Email to: mail@mrt.infrasonar.com
- Enable: Hide from my organization's global address list
"},{"location":"collectors/services/mailrountrip_microsoft365/#setup-rules","title":"Setup rules","text":" - Open the Exchange admin center
- Open the Mail flow menu and then select rules
- Click the Add rule button and select Create a new rule
- Name: InfraSonar mailroundtrip
- Apply this rule if: Select The recipient and then is this person
- Select the mailrountrip-receive contact you created before
- Do the following: Redirect the message to these recipients
- Select the mailrountrip-infrasonar contact you created before
- Click Next
- Leave the rule settings
- Review and Finish
- Ensure the rule is enabled!
"},{"location":"collectors/services/microsoft_365/","title":"Microsoft 365","text":""},{"location":"collectors/services/microsoft_365/#microsoft-365","title":"Microsoft 365","text":"Microsoft 365 is an InfraSonar service which can monitor your Microsoft 365 tenant.
"},{"location":"collectors/services/microsoft_365/#features","title":"Features","text":"Add the moment the following Azure resources are supported:
- Subscriptions
- Health status
"},{"location":"collectors/services/microsoft_365/#configuration","title":"Configuration","text":"Our Microsoft 365 service needs the following properties:
- Directory (tenant) Id
- Application (client) Id
- Client secret value
In the next paragraphs we describe how to setup the Azure service and how to retrieve the required properties.
"},{"location":"collectors/services/microsoft_365/#prepare-your-azure-environment","title":"Prepare your Azure environment","text":"Open the Azure portal (https://portal.azure.com/) using an account with sufficient privileges to register an Azure app and set permissions.
"},{"location":"collectors/services/microsoft_365/#create-an-app-registration","title":"Create an app registration","text":" - From the main menu, open Azure Active Directory
- Open App registrations from the Azure Active Directory sub-menu
- Select new registration
- Enter the user-facing display name e.g., InfraSonar Azure Service
- Who can use this application or access this API: Selecting Accounts in this organizational directory only in most cases
- Click Register
- A new Windows opens, note the following ID's down:
- Application (client) ID
- Directory (tenant) ID
- Click Add a certificate or secret next to client credentials
- Click New client secret in the Client secrets tab
- Enter a description: e.g.m InfraSonar azure Service client secret
- Set an expiration date, note this value down and remember to renew before this date!
- Click Add
- Note down the Value, note this can not be retrieved again once you close this window!
Don't close this Windows, next step is setting API permissions.
"},{"location":"collectors/services/microsoft_365/#api-permissions","title":"API permissions","text":" - Select API permissions from the menu
- Click Add a permisssion
- Click Microsoft Graph
- Select Application permissions
- Search ServiceHealth
- Expand the ServiceHealth tab
- Select ServiceHealth.Read.All
- Search Organization
- Expand the Organization tab
- Select Organization.Read.All
- Click the Add permisssions button
- Note the status column shows a
Not granted... status - click
Grant admin consent for <your domain-name> - You will be asked if you are sure to grant consent for the requested permissions for all accounts in your domain, click yes to continue.
"},{"location":"collectors/services/microsoft_365/#deploy-the-infrasonar-service","title":"Deploy the InfraSonar service","text":" - Open the InfraSonar environment you want to add the resource to
- Click add asset or use an existing asset
- Add the microsoft365 collector
- Open the microsoft365 collector tab and enter the required information
- Directory (tenant) Id
- Application (client) Id
- Client value
- Optional, deselect checks you don't want to use.
"},{"location":"collectors/services/microsoft_azure/","title":"Microsoft Azure","text":""},{"location":"collectors/services/microsoft_azure/#microsoft-azure","title":"Microsoft Azure","text":""},{"location":"collectors/services/microsoft_azure/#introduction","title":"Introduction","text":"Preview
The Azure service is a preview release. Contact InfraSonar support if you want to get involved in testing our preview release.
"},{"location":"collectors/services/microsoft_azure/#features","title":"Features","text":"Add the moment the following Azure resources are supported:
- Virtual machine
- Private DNS zone
- DNS zone
- Regular Network Interface
- Public IP address
"},{"location":"collectors/services/microsoft_azure/#configuration","title":"Configuration","text":"Our Azure service needs the following properties:
- Directory (tenant) Id
- Application (client) Id
- Client secret value
- Subscription Id
- Resource group Name
In the next paragraphs we describe how to setup the Azure service and how to retrieve the required properties.
"},{"location":"collectors/services/microsoft_azure/#prepare-your-azure-environment","title":"Prepare your Azure environment","text":"Two steps are required to prepare your Azure environment for the InfraSonar Azure service.
- Register the InfraSonar service as an Azure app
- Authorize the registered app to the resources you want to monitor
Open the Azure portal (https://portal.azure.com/) using an account with sufficient privileges to register an Azure app and set permissions.
"},{"location":"collectors/services/microsoft_azure/#create-an-app-registration","title":"Create an app registration","text":" - From the main menu, open Azure Active Directory
- Open App registrations from the Azure Active Directory sub-menu
- Select new registration
- Enter the user-facing display name e.g., InfraSonar Azure Service
- Who can use this application or access this API: Select Accounts in this organizational directory only
- Click Register
- A new Windows opens, note the following ID's down:
- Application (client) ID
- Directory (tenant) ID
- Click Add a certificate or secret next to client credentials
- Click New client secret in the Client secrets tab
- Enter a description: e.g.m InfraSonar azure Service
- Set an expiration date, note this value down and remember to renew before this date!
- Click Add
- Note down the
Value, note this can not be retrieved again once you close this window!
"},{"location":"collectors/services/microsoft_azure/#app-authorization","title":"app authorization","text":"An app authorization is required per resource group you want to monitor.
- Open the resource group containing the Azure resource you want to monitor
- Note down the Subscription ID
- Open Access control (IAM)
- Select the tab Role assignments
- Click Add and then Add role assignment
- Search the Reader role from the Role tab
- Open the Members tab
- Ensure Assign access to User, group, or service principal is selected
- Click Select members
- Search the name used by the app registration e.g., InfraSonar Azure Service
- Select the app and click the select button
- Give an optional description
- Verify the role assignment and press Review + assign
The registered app can now query the Azure portal's resources via the Azure API
Rinse and repeat
Repeat the above app authorization steps for each resource group containing the resource you want to monitor.
"},{"location":"collectors/services/microsoft_azure/#deploy-the-infrasonar-service","title":"Deploy the InfraSonar service","text":" - Open the InfraSonar environment you want to add the resource to
- Click add asset or use an existing asset
- Add the azure collector
- Open the azure collector tab and enter the required information
- Directory (tenant) Id
- Application (client) Id
- Client secret value
- Subscription Id
- Resource group Name, Resource group name as used in Azure
- Optional, deselect checks you don't want to use.
"},{"location":"collectors/services/paloalto/","title":"Palo Alto","text":""},{"location":"collectors/services/paloalto/#palo-alto","title":"Palo Alto","text":""},{"location":"collectors/services/paloalto/#introduction","title":"Introduction","text":"InfraSonar monitors Palo Alto firewalls using the rest API.
Also available as probe
We also offer a probe to monitor Palo Alto firewalls, this allows you to monitor firewalls using your own InfraSonar appliance.
"},{"location":"collectors/services/paloalto/#features","title":"Features","text":""},{"location":"collectors/services/paloalto/#configuration","title":"Configuration","text":"When the GlobalProtect Portal or Gateway is enabled the probe needs to use a different TCP port number 4443 instead of 443. You can toggle this behavior when configuring the service.
"},{"location":"collectors/services/paloalto/#ipv4-addresses","title":"IPv4 addresses","text":"Ensure you authorize the IPv4 addresses we use for our services.
"},{"location":"collectors/services/paloalto/#credentials","title":"Credentials","text":"The Palo Alto rest API uses a key which can be generated for a user.
Don't use an admin account
We strongly recommend creating a read only account specific for monitoring.
"},{"location":"collectors/services/paloalto/#get-your-api-key","title":"Get your API key","text":"source
To generate an API key, make a GET or POST request to the firewall\u2019s hostname or IP addresses using the administrative credentials and type=keygen:
curl -k -X GET 'https://<firewall>/api/?type=keygen&user=<username>&password=<password>'\n
Ensure to change
<firewall> with your firewall IP or FQDN<username> with the username of your readl-only monitoring user<password> with the password of your readl-only monitoring user
A successful API call returns status=\"success\" along with the API key within the key element:
<response status=\"success\">\n <result>\n <key>Your_secret_key_is_here</key>\n </result>\n</response>\n
You can test your API key using the following command:
curl -k 'https://<firewall>//api/?type=op&cmd=<show><system><info></info></system></show>&key=<apikey>'\n
Ensure to change:
<firewall> with your firewall IP or FQDN<apikey with the previously generated API key
"},{"location":"collectors/services/paloalto/#revoke-api-keys","title":"Revoke API keys","text":"You can revoke all currently valid API keys, in the event one or more keys are compromised. To change an API key associated with an administrator account change the password associated with the administrator account. API keys that were generated before you expired all keys, or a key that was created using the previous credentials will no longer be valid.
"},{"location":"collectors/services/paloalto/#configure-api-key-lifetime","title":"Configure API Key Lifetime","text":"Source
An optional step is to configure the API Key Lifetime.
Be aware though that monitoring fails when the API key is expired!
"},{"location":"collectors/services/paloalto/#service-configuration","title":"Service configuration","text":" - Add the paloaltosvc service on your asset
- Open the paloaltosvc configuration tab
- Enter the address and API key
- The API key is encrypted before it is send to the InfraSonar backend
- Click save
"},{"location":"collectors/services/paloalto/#known-issues","title":"Known issues","text":""},{"location":"collectors/services/paloalto/#xml-api-issue-with-passwords-containing-special-characters","title":"XML API Issue With Passwords Containing Special Characters","text":"Passwords containing special characters can cause problems retrieving the API key.
source
"},{"location":"collectors/services/ping/","title":"Ping","text":""},{"location":"collectors/services/ping/#ping","title":"Ping","text":""},{"location":"collectors/services/ping/#introduction","title":"Introduction","text":"The ping-service is a service variant of our ping-probe.
This service send ping requests from our InfraSonar cloud platform to the monitored asset.
"},{"location":"collectors/services/ping/#features","title":"Features","text":" - Ping roundtrip monitoring, min and max timing
- Number of successfully and/or dropped packages
"},{"location":"collectors/services/ping/#probe-configuration","title":"Probe configuration","text":"Property Description Address The address that the probe should ping. Interval Interval should be a value between 1 and 9, The default interval is 1. Count Count should be a value between 1 and 9, the default count is 5 Timeout Timeout in seconds should be a value between 0 and 240, the default timeout is 10 seconds."},{"location":"collectors/services/ping/#check-specifics","title":"Check specifics","text":"Ping returns the minimum time and maximum time as this provides a better insight than just an average ping response.
The number of successful and dropped ping packages are also monitored.
"},{"location":"guides/forecasting/","title":"Forecasting","text":""},{"location":"guides/forecasting/#forecasting","title":"Forecasting","text":"Forecasting is automatically enabled for metrics when used in conditions.
"},{"location":"guides/forecasting/#view","title":"View","text":""},{"location":"guides/forecasting/#forecast-maintenance","title":"Forecast maintenance","text":"In some scenarios a forecast needs to be reset.
A good example is show below where free space drops and the settles.
You can force generating a new forecast by deleting the previous forecast as shown below:
"},{"location":"guides/infrasonar_appliance_windows/","title":"Running InfraSonar containers on Windows","text":""},{"location":"guides/infrasonar_appliance_windows/#infrasonar-on-windows","title":"InfraSonar on Windows","text":"As InfraSonar uses Docker containers it can be easily deployed on multiple platforms including Microsoft Windows.
Docker is a great concept to deploy and maintain Linux applications and services even on a Microsoft Windows host.
Checkout the Get Started with Docker guide to learn more.
There are two options to accomplish this:
- Docker Desktop for Windows (ideal for home-lab and test-scenarios) The official Docker documentation has a great guide on this
- Use containers with Hyper-V isolation on Windows. We found the Ubuntu documentation to be most useful.
Info
We tested this setup on a Windows 11 host running Docker Desktop version 4.17.0
"},{"location":"guides/infrasonar_appliance_windows/#deploy-the-infrasonar-containers","title":"Deploy the InfraSonar containers","text":"Step by step guide:
- Open notepad
- Copy the docker-compose.yml file from our documentation page using the button
- Paste the file into the just opened notepad
- Ensure to set the correct tokens for the agentcore and docker-probe in the
docker-compose.yml file - Save the file as
docker-compose.yml, in this example we use a folder named InfraSonar in de Documents folder. !!! Be aware notepad has a tendency of adding .txt at the end of the filename. - Open a dos box
cmd.exe cd to the folder containing the infrasonar.yml file cd %userprofile%\\documents\\infrasonar\n
- Pull the InfraSonar containers using this compose pull:
docker compose pull\n
Downloading all layers might take some time, the total size off all layers is 5Gb - Once the containers are downloaded you can start the environment using:
docker compose up -d\n
InfraSonar on Windows"},{"location":"guides/infrasonar_appliance_windows/#tune-vmmem-memory-consumption","title":"Tune Vmmem memory consumption","text":"As shown by this docker stats output resource usage for the InfraSonar probes is very limited. WSL however claims a lot of memory by default.
docker stats outputCONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS\nbbf5f976f370 infrasonar-eaton-probe-1 0.01% 6.105MiB / 1.865GiB 0.32% 0B / 0B 0B / 0B 1\n8c9e76c02422 infrasonar-ping-probe-1 0.04% 8.492MiB / 1.865GiB 0.44% 0B / 0B 0B / 0B 1\n17e811490457 infrasonar-vcenter-probe-1 0.01% 7.301MiB / 1.865GiB 0.38% 0B / 0B 0B / 0B 1\ncd31bd13a236 infrasonar-agentcore-1 0.01% 6.812MiB / 1.865GiB 0.36% 0B / 0B 0B / 0B 2\n69f1e6ccc784 infrasonar-mssql-probe-1 0.01% 6.719MiB / 1.865GiB 0.35% 0B / 0B 0B / 0B 1\ne33dee93aaaa infrasonar-tcp-probe-1 0.01% 5.312MiB / 1.865GiB 0.28% 0B / 0B 0B / 0B 1\n276f90782d43 infrasonar-santricity-probe-1 0.01% 8.035MiB / 1.865GiB 0.42% 0B / 0B 0B / 0B 1\n72b609c9aa8f infrasonar-paloalto-probe-1 0.01% 7MiB / 1.865GiB 0.37% 0B / 0B 0B / 0B 1\nae075f468016 infrasonar-docker-agent-1 0.03% 59.76MiB / 1.865GiB 3.13% 0B / 0B 0B / 0B 2\n886cc62a929e infrasonar-netapp-probe-1 0.01% 6.957MiB / 1.865GiB 0.36% 0B / 0B 0B / 0B 1\nd75b00d7f3ea infrasonar-esx-probe-1 0.01% 6.383MiB / 1.865GiB 0.33% 0B / 0B 0B / 0B 1\nb44ff0ac2e3a infrasonar-wmi-probe-1 0.02% 6.992MiB / 1.865GiB 0.37% 0B / 0B 0B / 0B 1\n3d1e2202050c infrasonar-hpprocurve-probe-1 0.01% 6.938MiB / 1.865GiB 0.36% 0B / 0B 0B / 0B 1\nbe51bb8784ba infrasonar-unifi-probe-1 0.01% 6.695MiB / 1.865GiB 0.35% 0B / 0B 0B / 0B 1\n696339a2d744 infrasonar-snmp-probe-1 0.01% 10.4MiB / 1.865GiB 0.54% 0B / 0B 0B / 0B 1\n1fa404f5d74d infrasonar-dns-probe-1 0.01% 5.66MiB / 1.865GiB 0.30% 0B / 0B 0B / 0B 1\n525d977d3fe0 infrasonar-hpilo-probe-1 0.01% 6.898MiB / 1.865GiB 0.36% 0B / 0B 0B / 0B 1\nc33ffae3eaeb infrasonar-synology-probe-1 0.01% 6.531MiB / 1.865GiB 0.34% 0B / 0B 0B / 0B 1\n8b6b0ceb9038 infrasonar-http-probe-1 0.01% 6.902MiB / 1.865GiB 0.36% 0B / 0B 0B / 0B 1\n
Luckily there is an easy fix.
Shut down WSL
Run this on your command line:
wsl --shutdown\n
Edit your .wslconfig file
As the .wslconfig file is a hidden file it is best to open it directly using notepad:
notepad %UserProfile%/.wslconfig\n
If it doesn\u2019t exist yet, just create it.
Edit your .wslconfig file to limit memory usage You should have something like this in the file:
[wsl2]\nmemory=2GB\n
"},{"location":"guides/migration/","title":"Migration scenarios","text":"There are scenarios where a monitored environment needs to be moved to a container belonging to another organization.
An example of such a scenario is when a monitored environment will be serviced by another managed services partner.
This document outlines our preferred migration approach to ensure uninterrupted monitoring.
"},{"location":"guides/migration/#migration-steps","title":"Migration steps","text":"Migrating a monitored environment consists of two steps, which can be performed independently.
- Monitoring infrastructure transition.
- Hierarchy transition.
However, the actual first step is to contact InfraSonar support to assist with the transition.
InfraSonar support ensures a hassle-free transition by aligning all parties involved.
"},{"location":"guides/migration/#monitoring-infrastructure-transition","title":"Monitoring infrastructure transition","text":"This step involves transiting of the InfraSonar implementation inside the monitored environment; in most cases, this is the monitoring appliance.
As this appliance is potentially used to provide other services within the monitored environment, we advise starting with setting up a new appliance (with the agentcore and probes) and transitioning the monitored host to this new agentcore. This process is similar to decommissioning an agentcore.
We do not recommend a \"rip and replace\" scenario, as this is not beneficial for the monitored environment.
If the leaving and receiving parties are discussing terms and conditions, we recommend the following first:
- Deploy a new agentcore infrastructure.
- Perform a hierarchy transition.
- Move the monitored hosts to the new agentcore infrastructure.
- Remove the \"old\" agentcores from InfraSonar.
- Decommission and remove leaving party appliance(s).
These steps can be performed without any access to the appliance(s) of the leaving party.
Suppose the leaving party demands the appliance to be removed prior to the hierarchy transition. In that case, InfraSonar monitoring will most likely be disturbed when the orphaned hosts are transitioned to the new agentcore(s).
We strongly encourage a gradual and joint approach, as this ensures uninterrupted monitoring services of the monitored environment.
"},{"location":"guides/migration/#hierarchy-transition","title":"Hierarchy transition","text":"A hierarchy transition is the move of a monitored environment from a container of the leaving party to a container of the receiving party. This is an administrative action performed inside the InfraSonar cloud platform.
This step can only be performed by InfraSonar support and requires written and signed consent by the owner or its representative of the monitored environment. This consent should be sent via email to support@infrasonar.com.
InfraSonar support will contact the parties involved to align the timeline for this transition to ensure optimal service for the monitored party.
Warning
Before a hierarchy transition, the leaving party should verify if the notes section does not contain references that should not be transitioned.
During the hierarchy transition, the following irreversible actions will be performed:
- All custom conditions and labels will be removed, as they are the property of the leaving party.
- All alarms will be removed, as they might contain the usernames of the leaving party.
- Historical alerts will be removed, as they contain usernames and references to customizations owned by the leaving party.
- All Channels configuration will be removed.
If you have questions or remarks concerning this section, don't hesitate to contact InfraSonar support.
"},{"location":"guides/raspberrypi_dashboard/","title":"Raspberry Pi dashboard","text":""},{"location":"guides/raspberrypi_dashboard/#raspberry-pi-dashboard","title":"Raspberry PI Dashboard","text":"This guide describes how we have setup some Raspberry Pi 3's at Cesbit HQ for our digital dashboards. 1
"},{"location":"guides/raspberrypi_dashboard/#intall-rspbian-desktop-edition","title":"Intall Rspbian desktop edition","text":"Install Raspbian Download the \u201cdesktop\u201d edition, this more then sufficient for our needs.
Once your Raspberry Pi has started open the Raspberry Pi Configuration. (Menu \u2192 Preferences \u2192 Raspberry Pi Configuration)
"},{"location":"guides/raspberrypi_dashboard/#basic-configuration","title":"Basic configuration","text":" - Set your hostname in the system tab
- Enable VNC in the interfaces tab
- Optional: configure WLAN access
"},{"location":"guides/raspberrypi_dashboard/#software-installation","title":"Software installation","text":"sudo apt update && \\\nsudo apt remove -y apt-listchanges && \\\nsudo apt full-upgrade -y && \\\nsudo apt install -y fonts-noto-color-emoji xdotool && \\\nsudo apt autoremove -y && \\\nsudo apt autoclean\n
"},{"location":"guides/raspberrypi_dashboard/#maintenance-scripts","title":"Maintenance scripts","text":"Three script to ensure carefree maintenance are used. These scripts are stored in the user home-drive, this is default /home/pi
"},{"location":"guides/raspberrypi_dashboard/#morning","title":"Morning","text":"Thi script updates the Pi and performs a reboot to ensure a fresh start in the morning
/home/pi/morning.bash#!/usr/bin/env sh\n\n# A daily upgrade is good hygiene.\nsudo apt update && sudo apt full-upgrade -y && sudo apt autoremove -y && sudo apt autoclean\n\n# A daily restart mitigates browser memory leaks, and forces the screen to turn on\nsudo reboot now\n
"},{"location":"guides/raspberrypi_dashboard/#boot","title":"Boot","text":"This script performs some cleanup actions after a reboot en ensure the dashboard is loaded upon a fresh start.
/home/pi/boot.bash#!/usr/bin/env sh\n\n# Disable screensaver. Varies across Pi models & Raspbian versions; might be outdated.\n# Google \"raspberry disable suspend screensaver\" for help\n\nxset s off\nxset -dpms\nxset s noblank\n\n# Move the mouse cursor out of the way!\nxdotool mousemove 0 0\n\n# Avoid \"Chrome didn't shutdown correctly\" notification on unclean shutdown\nsed -i 's/\"exited_cleanly\":false/\"exited_cleanly\":true/' ~/.config/chromium/'Local State'\nsed -i 's/\"exited_cleanly\":false/\"exited_cleanly\":true/; s/\"exit_type\":\"[^\"]\\+\"/\"exit_type\":\"Normal\"/' ~/.config/chromium/Default/Preferences\n\n# Start Chromium, in fullscreen \"kiosk\" mode, and disabling update notifications\nchromium-browser --kiosk --check-for-update-interval=31536000 'https://app.infrasonar.com/dashboard'\n
"},{"location":"guides/raspberrypi_dashboard/#evening","title":"Evening","text":"This script turns off the display and kills the chrome browser to conserve valuable resources.
/home/pi/evening.bash#!/usr/bin/env sh\n\n# Shutdown screen, to save the planet\nDISPLAY=:0 xset dpms force off\n\n# Don't consume dashboard resources off office hours, to save the planet\npkill chromium\n
"},{"location":"guides/raspberrypi_dashboard/#schedule-the-scripts","title":"Schedule the scripts","text":"Ensure all three scripts are executable:
chmod +x /home/pi/boot.bash \nchmod +x /home/pi/morning.bash \nchmod +x /home/pi/evening.bash \n
Add the following line at the end of the auto start script /etc/xdg/lxsession/LXDE-pi/autostart to ensure the dashboard is loaded upon boot:
@/home/pi/boot.bash\n
and remove the following line from this file:
@xscreensaver -no-splash\n
Use the following command to ensure executing of the morning and evening script using cron:
(crontab -l ; echo \"0 7 * * 1-5 /home/pi/morning.bash\") | crontab -\n(crontab -l ; echo \"0 18 * * 1-5 /home/pi/evening.bash\") | crontab -\n
If you want to edit the crontab you can do so using crontab -e
The website [crontab guru]9https://crontab.guru/) can be very helpfull to understand the crontab notation
"},{"location":"guides/raspberrypi_dashboard/#setup-the-dashboard","title":"Setup the dashboard","text":"last step is to login to infrasonar and configure the dashboard to your liking.
Note
InfraSonar stores its dashboard configuration in local browser storage allowing you to setup multiple different dashboards using one account.
"},{"location":"guides/raspberrypi_dashboard/#enjoy","title":"Enjoy","text":"That's all enjoy your new dashboard!
Don't forget to send us a picture for our wall of dashboards fame!
support+dashboard@infrasonar.com
-
Based upon the excellent work done by unito \u21a9
"},{"location":"guides/remote_support/","title":"Remote support","text":""},{"location":"guides/remote_support/#tmate","title":"tmate","text":"We opt to use tmate to provide remote support as it is easy to use, fully open source, and allows TeamViewer-like access to the terminal.
"},{"location":"guides/remote_support/#installation","title":"Installation","text":"Tmate comes preinstalled on our appliances, but if you have set up your environment manually, you might need to install tmate first.
On Debian / Ubuntu systems the installation is straightforward:
sudo apt-get install tmate\n
For other distributions, follow the guides provided at the tmate website
"},{"location":"guides/remote_support/#usage","title":"Usage","text":"Just type tmate while connected via ssh or in the console of your virtual appliance.
You will be greeted with a screen like this:
Tip: if you wish to use tmate only for remote access, run: tmate -F [0/0]\nTo see the following messages again, run in a tmate session: tmate show-messages\nPress <q> or <ctrl-c> to continue\n---------------------------------------------------------------------\nConnecting to ssh.tmate.io...\nNote: clear your terminal before sharing readonly access\nweb session read only: https://tmate.io/t/ro-generated_ro_id\nssh session read only: ssh ro-generated_ro_id@lon1.tmate.io\nweb session: https://tmate.io/t/generated_id\nssh session: ssh generated_id@lon1.tmate.io\n
Send our support engineer this information via a secure channel and ensure access is only used by our support engineer by observing the screen. If in doubt, exit the session using the exit command or by pressing ctrl-d
"},{"location":"integrations/","title":"Overview","text":"All kinds of applications are or can be integrated with InfraSonar. This way we can offer your organization as much functionality as possible without you having to stop using your favorite applications. Here's how to integrate your favorite application(s) with InfraSonar.
DutyCalls is a notification routing tool made to make events more visible to its audience. Using DutyCalls in conjunction with InfraSonar offers a great solution to route alerts to the on-call staff.
ConnectWise Manage is a PSA solution for MSP business. Our integration offers easy creation of ConnectWise Manage tickets from InfraSonar alerts.
"},{"location":"integrations/connectwise_manage/","title":"ConnectWise","text":"InfraSonar has a specific API endpoint to integrate with ConnectWise Manage.
This integration allows an InfraSonar environment to be \"mapped\" to a ConnectWise Manage company, thus allowing the automatic creation of ConnectWise Manage tickets from InfraSonar alerts.
If you want to use this integration, please get in touch with InfraSonar support for assistance.
"},{"location":"integrations/dutycalls/dutycalls-best-practices/","title":"DutyCalls","text":"We assume you have set up the DutyCalls integration as described here
"},{"location":"integrations/dutycalls/dutycalls-best-practices/#infrasonar-configuration","title":"InfraSonar configuration","text":"Using the InfraSonar channel configuration, you can configure and finetune which alerts are passed on the DutyCalls.
Configuration is possible on these three levels:
- Severity, allows you to specify from which severity level an alert is passed to DutyCalls.
- Conditions, allows you to configure which conditions are allowed or are rejected to pass on to DutyCalls.
- Hosts allows you to configure for which hosts you want to receive DutyCalls notifications.
It is also possible to suppress specific conditions from sending an alert to DutyCalls.
Best practice.
- Only send alerts with the severity level alert or higher.
- Use reject rules but sparsely.
- Use configure specific hosts only when absolutely required.
"},{"location":"integrations/dutycalls/dutycalls-best-practices/#setup-your-team","title":"Setup your team","text":"Lead by example
DutyCalls is especially useful for self-organizing teams.
"},{"location":"integrations/dutycalls/dutycalls-best-practices/#add-team-members","title":"Add team members","text":" - Let your team members log on to DutyCalls to ensure the platform recognizes them.
- Invite your team members to your workspace.
"},{"location":"integrations/dutycalls/dutycalls-best-practices/#manage-exceptions","title":"Manage exceptions","text":"DutyCalls uses manager alerts to manage exceptions if the regular operation does not go as expected.
A DutyCalls manager can set up Manager alerts per workspace or per channel; the best practice is to set these up per workspace and only deviate if necessary.
Alert Default behavior Unacknowledged tickets Notifies if a ticket is not acknowledged in 1 hour Acknowledged tickets Notifies if an acknowledged is not modified in 1 hour Open tickets Notifies when a ticket is open for more then 2 hours. Another critical alert to configure is the minimum number of active subscribers, this must be done per channel.
In most scenarios, you would want at least one subscriber per channel, but for high-profile environments, it might be better to up the number to ensure swift follow-up.
"},{"location":"integrations/dutycalls/dutycalls-best-practices/#subscriber-notifications","title":"Subscriber notifications","text":"DutyCalls can notify via email or in-app notifications.
SMS and phone notifications are available using an optional license.
Best practice.
Using phone notifications ensures the best response from engineers as in-app or SMS notifications tend to get unnoticed.
"},{"location":"integrations/dutycalls/dutycalls-getting-started/","title":"DutyCalls","text":"Do you want to stay informed about the latest InfraSonar alerts directly in DutyCalls? Make use of the ready-made DutyCalls integration.
This guide helps you to to get started with DutyCalls.
"},{"location":"integrations/dutycalls/dutycalls-getting-started/#dutycalls-configuration","title":"DutyCalls configuration","text":"Implementing DutyCalls is a four step approach.
flowchart LR\n A((Create DutyCalls <br> account))-->B\n B((Create DutyCalls <br> workspace))-->C\n C((Create DutyCalls <br> source))-->D((Create DutyCalls <br> Channel))
"},{"location":"integrations/dutycalls/dutycalls-getting-started/#create-a-dutycalls-account","title":"Create a DutyCalls account","text":"Creating a DutyCalls account is the first step. The DutyCalls sign-up documentation provides additional information on account creation.
"},{"location":"integrations/dutycalls/dutycalls-getting-started/#create-a-dutycalls-workspace","title":"Create a DutyCalls workspace","text":"A DutyCalls workspace is usually a representation of a company or department.
Steps for creating a workspace:
- Enter the workspace name
- Set the correct timezone
- Provide an optional icon for your workspace (Only icons of the PNG format are accepted and the maximum dimensions are 128 x 128 pixels. The width and height must also be equal to each other.)
"},{"location":"integrations/dutycalls/dutycalls-getting-started/#create-a-dutycalls-source","title":"Create a DutyCalls source","text":"For InfraSonar we use DutyCalls custom API mapping to format the data toward a compatible DutyCalls data source
InfraSonar specific steps:
- Open the previously created workspace
- Select Services from the right hand menu
- Click the Add service button
- Provide a name for the service e.g. InfraSonar and click next
- Select yes when asked if you want to use a predefined template and select the InfraSonar template
- Click Add to continue
"},{"location":"integrations/dutycalls/dutycalls-getting-started/#create-a-dutycalls-channel","title":"Create a DutyCalls channel","text":"A DutyCalls channel must be linked to the source created in the previous step.
- Browse to the previously created service
- Click the Add channel button
- Provide a name for your channel, we suggest to keep the channel name and environment name the same. Setting up a channel per environment is our best practice.
- Choose the manager for this channel, the manager get's notified if something is amiss within the channel
- Select the previously created InfraSonar service
- Set the minimum number of active subscribed to your organizations needs, when this is your first setup you might want to set this to 1
- Click Add
- Observe the channel and note the No. Active Subscribers is
0/1, click subscribe to retrieve notifications for this channel
DutyCalls has now been setup, next step is to configure InfraSonar to integrate with DutyCalls.
"},{"location":"integrations/dutycalls/dutycalls-getting-started/#infrasonar-configuration","title":"InfraSonar configuration","text":"To complete the setup and receive alerts in DutyCalls, some additional configuration has to be done in InfraSonar.
This step requires the DutyCalls Service credentials.
"},{"location":"integrations/dutycalls/dutycalls-getting-started/#retrieve-dutycalls-service-credentials","title":"Retrieve DutyCalls Service credentials","text":" - Open DutyCalls
- Select Services from the left hand menu
- Click the Setup icon from the service you have setup for InfraSonar
- Click Send security code; this wil send a code to the email address you are logged on with in DutyCalls.
- Enter the received security code
- Make note od the username and password
"},{"location":"integrations/dutycalls/dutycalls-getting-started/#source-configuration","title":"Source configuration","text":"The first step is to add the source you just created to the desired InfraSonar container.
- Select the container for which you would like to configure DutyCalls.
- Click the DutyCalls icon in the left hand menu, this should open the DutyCalls configuration page
- Click on the Configure source button.
- Enter the previously retrieved username as Consumer key and the password as Consumer secret and click on the Save button.
"},{"location":"integrations/dutycalls/dutycalls-getting-started/#rules-configuration","title":"Rules configuration","text":"The second step is to add a rule .....
you created to the container you selected in the previous step.
- Select the Channels option from the left-hand menu in InfraSonar
- Click the Add channel button to add a DutyCalls channel
- Provide the correct Channel name as previously created in DutyCalls
- Enter an optional description
- Select the correct DutyCalls source
-
Optionally set condition and host filters, to filter the alerts that will be forwarded to DutyCalls.
The configuration has now been completed. Alerts related to the configured InfraSonar container will be posted in the configured DutyCalls channel.
"},{"location":"introduction/getting_started/","title":"Getting started","text":""},{"location":"introduction/getting_started/#getting-started-with-infrasonar","title":"Getting started with InfraSonar","text":""},{"location":"introduction/getting_started/#familiarize","title":"Familiarize","text":"We recommend setting up a small-scale testing environment and using this documentation to guide you on your journey to become acquainted with InfraSonar and its terminology.
"},{"location":"introduction/getting_started/#implementation-steps","title":"Implementation steps","text":"We outline the implementation steps for an agent-less implementation as this is a non-intrusive way to get to know InfraSonar.
"},{"location":"introduction/getting_started/#agent-less-implementation","title":"Agent-less implementation","text":"Implementing a basic InfraSonar configuration is easy because InfraSonar can be deployed agent-less and thus leaves no footprint on the monitored infrastructure.
The first step is to deploy an InfraSonar appliance
- Deploy the InfraSonar appliance Deploy an InfraSonar appliance in your infrastructure.
- Add assets Use our webapp to add assets and collectors per asset to your container.
- Add labels Label your assets to apply our pre-defined conditions.
Probe configuration and credentials
Some probes require you to configure credentials, see our probe and credentials specific documentation for more information.
"},{"location":"introduction/getting_started/#implementation-support","title":"Implementation support","text":"Feel free to reach out to us for support when implementing/evaluating InfraSonar.
Our implementation Consultants have years of experience and are keen to show you around and get the best out of our platform.
"},{"location":"introduction/platform/","title":"Platform","text":"This section provides an overview of the InfraSonar monitoring platform.
"},{"location":"introduction/platform/#architectural-overview","title":"Architectural overview","text":"An architectural overview of the InfraSonar platform
InfraSonar can be broken down in three area's:
- Collectors;
- InfraSonar cloud;
- InfraSonar application.
"},{"location":"introduction/platform/#collectors","title":"Collectors","text":"Within InfraSonar, we identify three concepts for collecting data:
- Agents Agents run autonomously on an endpoint and send data straight to the InfraSonar platform.
- Probes Probes query an endpoint using a specific protocol.
- Services Services monitor an endpoint and report the status to multiple containers. E.g. Microsoft 365 Service Health Status
"},{"location":"introduction/platform/#infrasonar-cloud","title":"InfraSonar cloud","text":"The InfraSonar cloud platform is hosted on the Google Cloud Platform.
Data from a monitored environment is received and processed in the InfraSonar cloud platform on what we call the Hubs. These Hubs evaluate the data against configured conditions and store received time series data in SiriDB. Received state data is kept in memory by the Hubs.
"},{"location":"introduction/platform/#infrasonar-application","title":"InfraSonar application","text":"The InfraSonar application is a web based user interface which accessible using any modern web browser.
The application can send messages to end-users using email or Dutycalls.
See our application section in the documentation for more information
"},{"location":"introduction/support/","title":"Support","text":""},{"location":"introduction/support/#support","title":"Support","text":"How can we help you?
"},{"location":"introduction/support/#services","title":"Services","text":""},{"location":"introduction/support/#implementation-services","title":"Implementation services","text":"Implementing a monitoring solution can be a challenging task.
Our implementation consultants have a lot of experience in not only implementing InfraSonar but also on helping your organization into accepting and eventually embracing a new way of working.
"},{"location":"introduction/support/#support_1","title":"Support","text":"Support is only a phone-call, slack message or email away.
"},{"location":"introduction/support/#custom-development","title":"Custom development","text":"A InfraSonar is an open platform adding custom probes, agents and or services to our platform is easily done.
Feel free to contact us to discuss your monitoring needs.
"},{"location":"introduction/support/#analysis-support","title":"Analysis support","text":"Analyzing monitoring data and combining metrics to create custom dashboards to offer an in-depth view of your monitored infrastructure is one off InfraSonors unique features.
If you have any specific requirements we can jointly figure out what would we the best way to setup InfraSonar dashboards.
"},{"location":"introduction/support/#contact-details","title":"Contact details","text":" support@infrasonar.com
+31 85 876 8733
"},{"location":"introduction/support/#availability","title":"Availability","text":"We are a European company based in the Netherlands. Our general availability is from Monday to Friday between 08:00 and 17:00 (CET)1.
-
Different times are possible by appointment.\u00a0\u21a9
"},{"location":"introduction/terminology/","title":"Terminology","text":""},{"location":"introduction/terminology/#terminology","title":"Terminology","text":"Terminology in IT is always a bit of a challenge we try to make it easier by outlining what we mean with curtain terms.
"},{"location":"introduction/terminology/#terminology-overview","title":"Terminology overview","text":"Term Description Agentcore Central component in a monitored infrastructure that acts as a relay between probes and the InfraSonar cloud. Agents A standalone InfraSonar component that can send monitoring data to InfraSonar via the API API The API allows users to perform automated access using a personal access token. Appliance A dedicated (virtual) Linux appliance for InfraSonar. Asset A monitored network component in an environment. Collectors These perform the actual measurement and are tailored per monitored component. InfraSonar knows three types of collectors: probes for agentless monitoring, agents for standalone or event driven monitoring and services for remote monitoring from the cloud. Container Used to organize environments and authorization in those environments. Frontend These are the webservers hosting the UI for end users to access InfraSonar. Hub State is stored here in memory, and logic is performed when new monitoring data arrives. SiriDB The database used for storing timeseries data with a long term retention."},{"location":"introduction/what_is_Infra_Sonar/","title":"What is InfraSonar","text":""},{"location":"introduction/what_is_Infra_Sonar/#what-is-infrasonar","title":"What is InfraSonar","text":"InfraSonar comes out of the box with many predefined conditions based on years of experience and best practices.
This predefined set of conditions and agent-less monitoring capabilities make for an easy and non-intrusive rollout with minimum effort.
Single source of truth
InfraSonar's detailed data collection allows it to serve as your organization's single \"source of truth.\"
"},{"location":"introduction/what_is_Infra_Sonar/#infrasonar-capabilities","title":"InfraSonar capabilities","text":" - State monitoring This allows us to monitor whether the status is still in the desired state, detect state changes and even detect missing items such as volumes, services, and software.
- Performance monitoring Monitors the current state and notifies when a threshold is reached. Performance data is stored in our time series database SiriDB for analysis over time.
- Analysis Performance data and hit alerts (open & closed) are used for analysis over time.
"},{"location":"introduction/what_is_Infra_Sonar/#history","title":"History","text":"InfraSonar started in 2013 as Oversight as the brainchild of an IT architect (Rik) and a senior software developer (Jeroen).
In 2023 we released a completely revised platform under the name InfraSonar.
With InfraSonar we took the lessons learned and made a more versatile and resistent platform not only suitable for IT environments but for any platform were state and performance monitoring are required.
"},{"location":"privacy-security/privacy/","title":"Privacy","text":"Protecting the privacy of the InfraSonar Platform and its customers is a top priority. This page describes what we do and what you as a user can do to guarantee this privacy as well as possible.
"},{"location":"privacy-security/privacy/#data-control","title":"Data control","text":"Customer data is your data, not InfraSonar\u2019s. We only process your data according to your agreement(s). It is, therefore, also possible to manage and delete all user-related information.
"},{"location":"privacy-security/privacy/#data-access-and-restrictions","title":"Data Access and Restrictions","text":"Only a minimum number of InfraSonar employees have access to user data to ensure user privacy.
We recommend following the same policy in your InfraSonar environments. Only give users access to the resources they need.
"},{"location":"privacy-security/privacy/#data-collection-and-use","title":"Data collection and use","text":"We are transparent about data collection and use. We are committed to transparency, compliance with regulations like the GDPR, and privacy best practices. That is why we only collect data necessary for the platform's functioning. It is up to the user to determine which monitoring data needs to be collected.
In addition, we never sell customer data or service data to third parties.
"},{"location":"privacy-security/privacy/#data-retention","title":"Data retention","text":"InfraSonar has the following different retention periods for its data.
"},{"location":"privacy-security/privacy/#configuration-data","title":"Configuration data","text":"Configuration data such as labels, conditions and authorizations are stored while configured.
When a configuration change is made, we don't retain any history in our logging and backups.
"},{"location":"privacy-security/privacy/#time-series-data","title":"Time series data","text":"Time series data is stored in SiriDB, part of the InfraSonar cloud platform.
- For actively monitored assets/hosts we store performance data with a retention period of 66 weeks (15 months).
- Time series that have not received any data for three weeks are purged from the database, as these are stale metrics.
"},{"location":"privacy-security/privacy/#closed-alerts","title":"Closed alerts","text":"Closed alerts have a retention period of 8 weeks.
"},{"location":"privacy-security/privacy/#state-data","title":"State data","text":"State data is kept in memory and is considered volatile.
"},{"location":"privacy-security/privacy/#backup-retention","title":"Backup retention","text":" - SiriDB backups have a four day retention period.
- Configuration data backups have an eight weeks retention period.
"},{"location":"privacy-security/privacy/#data-localization","title":"Data localization","text":"All data collected by InfraSonar is stored in the European Union in accordance with the GDPR.
"},{"location":"privacy-security/security_considerations/","title":"Security considerations","text":"InfraSonar is an infrastructure monitoring platform as a service.
This document outlines some security considerations to take into account when deploying InfraSonar.
Our focus and efforts are aimed at retrieving monitoring data, and sending the collected data securely to the InfraSonar cloud platform for further analysis.
Note
InfraSonar is not an IT automation tool and cannot make changes to a monitored environment. However, some InfraSonar implementations use the InfraSonar API to integrate with an on-premises automation solution such as Ansible, ensuring a single point of truth for configuration management.
"},{"location":"privacy-security/security_considerations/#context","title":"Context","text":"To properly read this security considerations page, it is essential to keep the following context in mind:
- InfraSonar monitoring data is collected through:
- Probes running in a Docker container on the monitoring appliance.
- Agents are sending data via the InfraSonar API.
- Services services run in our cloud platform and retrieve monitoring data autonomously.
- Collected data is sent to the InfraSonar platform for further analysis and user consumption in the InfraSonar frontend.
The platform guide explains this architecture further.
"},{"location":"privacy-security/security_considerations/#infrasonar-design-principles","title":"InfraSonar design principles","text":"Our development team adheres to these principles:
- Use least privilege accounts to access monitoring data when possible.
- Use vendor-documented standards such as API or management protocols to query data.
- When credentials are required, these should be stored encrypted on the monitoring appliance.
- The customer or managed service provider controls access to InfraSonar data.
- Avoid third-party libraries when possible.
- Set up security scanners in our version control system for all projects.
- Security-related issues take precedence over all other matters.
"},{"location":"privacy-security/security_considerations/#the-three-states-of-data","title":"The three states of data","text":"InfraSonar processes massive amounts of monitoring data stored for historical analysis, such as trending. We strive to treat all collected data as if it were sensitive data.
InfraSonar data can be in one of 3 so-called states.
Data at rest Data currently not being accessed, which is stored on a physical or logical medium.
InfraSonar stores data in it\u2019s cloud platform on AES256 encrypted disks. The appliance itself has no disk encryption but uses file-based encryption where possible.
Data in transit Data that \u201ctravels\u201d between devices. The most straightforward example is emails that are in transit.
All data sent between InfraSonar services is SSL encrypted. Data collected by probes is potentially unencrypted, as not all technologies used to collect monitoring data use encryption. SNMP v2c is an example where data is sent without any encryption.
Data in use Data actively in use by one or more applications for analysis or for access/consumption by end-users.
When data is in use, it needs to be in a readable format; this is especially true for data consumed by end-users. Automated data processing takes place in the datacenters, which have several certifications related to security measurements. These include, but are not limited to:
- ISO/IEC 27001
- ISO/IEC 27017
- ISO/IEC 27018
- SOC 2
- SOC 3
The InfraSonar appliance has no special security measures other than those of the environment in which the appliance is used to protect data.
"},{"location":"privacy-security/security_considerations/#data-classification","title":"Data classification","text":"We use the following data classification for InfraSonar and InfraSonar related data:
Restricted - Configuration data stored on the monitoring appliance, as this contains (encrypted) credentials.
- Log data stored on the appliance, as this potentially contains user ids.
- InfraSonar accounts lists.
Sensitive - Time series data and performance metrics collected on monitored assets / hosts.
- State data.
- InfraSonar platform source code.
- CRM data.
- Contracts.
Internal - InfraSonar back office, such as invoices.
- InfraSonar support incidents.
- InfraSonar Slack and email communication.
Public - InfraSonar open source code:
- SiriDB - Time series database used in InfraSonar.
- ThingsDB - NoSQL database used in InfraSonar.
- InfraSonar probes.
- InfraSonar documentation.
"},{"location":"privacy-security/security_considerations/#monitoring-appliance","title":"Monitoring appliance","text":"The monitoring appliance on which the InfraSonar probes and InfraSonar agentcore are deployed requires extra attention, as many vendors do not support a 'least privilege' approach to collecting monitoring data. As such, the probes often require the use of highly privileged accounts and sometimes even root or administrator accounts.
Our recommendations:
- Set up SSH Passwordless Authentication.
- Disable User SSH Passwordless Connection Requests.
- Disable SSH Root Logins.
- Use SSH Protocol 2.
- Set SSH Connection Timeout Idle Value.
- Limit SSH Access to Certain Users.
- Configure a Limit for Password Attempts.
- Update the underlying Linux operating system frequently.
- Perform a daily pull command for new InfraSonar containers.
- Use the
latest tag for InfraSonar containers unless otherwise specified by InfraSonar support. - If your company requires version pinning, please let us know so we can explicitly notify you when we release probe updates.
- Frequently update the password used by InfraSonar probes.
- Use disk encryption when possible.
"}]}
\ No newline at end of file
+{"config":{"lang":["en"],"separator":"[\\s\\-]+","pipeline":["stopWordFilter"]},"docs":[{"location":"","title":"Welcome to InfraSonar","text":"InfraSonar a powerful infrastructure monitoring platform as a service.
Features
- Agentless data collection where possible, minimizing our footprint in a monitored infrastructure;
- We excel in detailed state and performance monitoring;
- Effortless realtime anomaly detection;
- Crystal clear conditions.
"},{"location":"changelog/","title":"Changelog","text":""},{"location":"changelog/#0212","title":"0.2.12","text":"_ Wednesday 03 Aug 2022 @ 22:00 CET
"},{"location":"changelog/#0211","title":"0.2.11","text":"_ Monday 01 Aug 2022 @ 21:00 CET
- Added Enodo.
- No more Guest probes.
"},{"location":"changelog/#0210","title":"0.2.10","text":"_ Friday 15 Jul 2022 @ 13:00 CET
- Improved DNS probe dialog.
- Removed Lift, SQL SSH, VmwareGuest, WinRm and XenGuest probes.
- Added feedback for failed reports.
- Fixed adding a user with same email address but different auth provider.
- Fixed a few spelling mistakes.
- Added TcpProbe.
- Added WMI Check for files option using the
cimDatafiles class. - Added services-name to the windows services widget.
"},{"location":"changelog/#029","title":"0.2.9","text":"_ Tuesday 17 May 2022 @ 17:00 CET
- Fix saving the order of metrics in a grid.
- Changed caption column to description in application widget.
"},{"location":"changelog/#028","title":"0.2.8","text":"_ Monday 16 May 2022 @ 21:00 CET
- Added
allowRedirects option to the http probe configuration. - Added
docker icon. - Removed
text widget. - Added Azure probe.
- Allow
agents to be added in InfraSonar. - Fix display
probe address. - Fix filter for assigned alerts.
- Fix displaying the correct metrics in a widget.
- Fix application widget by using description field instead of caption.
- Fix closing a legend when moving mouse focus out the widget.
- No longer close a widget edit dialog when clicking outside the editor.
"},{"location":"changelog/#027","title":"0.2.7","text":"_ Tuesday 11 Apr 2022 @ 21:00 CET
- Upgraded packages.
- Fixed broken widget when switching between hosts.
- Enable search on host-name in alerts and closed-alerts page.
- Added pingProbe and removed psProbe.
- Added httpProbe.
- Added nmapProbe (v2.x.x).
- Fixed broken check interval select box.
- Fixed broken boolean probe switch.
- Added probe configuration checks on asset edit.
- Fixed broken filter component for
True values in data table. - Re-direct to the requested link after sign-in.
- Fixed typo in subscriptions.
- Fixed overlay bug on drop-down-arrows in \"edit widget\" dialog.
- Fixed bug with \"Add widget\" button when a asset has no label.
- Changed the no-environment page for new users and added copyright text.
- Changed the link to \"Contact support\".
- Fixed bug with resetting the check interval.
- No longer allow to change dialog tabs while providing a reason for change.
- Remove missing network probe warning message as this is no longer a best practice.
"},{"location":"changelog/#026","title":"0.2.6","text":"_ Thursday 17 Feb 2022 @ 21:00 CET
- Fixed CSV download for InfraSonar Accounts (sysadmin).
- Add \"show more\" when more text-lines are available in logging message.
- Fixed missing email address at the no-environments page.
- Changed menu behavior at probe page (solves highlight last item).
- Added icon for Pure Storage.
- Prevent view changes of probe page on refresh.
"},{"location":"changelog/#025","title":"0.2.5","text":"_ Tuesday 01 Feb 2022 @ 21:30 CET
- Fixed bug with incognito browsing.
"},{"location":"changelog/#024","title":"0.2.4","text":"_ Tuesday 01 Feb 2022 @ 20:00 CET
- Fixed bug in filter host specific closed alerts.
- Changed ordering on first click in a grid.
- Fixed bug in host filter on alerts page (not showing the name of the host).
- Switched to FireBase authentication.
- Added support for Microsoft Azure (work) accounts.
- Switched to NPM 8.x for website building.
"},{"location":"changelog/#023","title":"0.2.3","text":"_ Wednesday 12 Jan 2022 @ 22:00 CET
- Fixed bug with filter selection (not visible) in grid.
- Fixed bug with user container view when having no users.
- Fixed minor widget editor bugs.
- Changed filter and sort icon appearance to make active filter or order visible.
"},{"location":"changelog/#022","title":"0.2.2","text":"_ Friday 24 Dec 2021 @ 20:00 CET
- Fixed column sorting on container view.
- Fixed filter outline with little space to render the filter selection.
- Fixed missing condition options in expression builder.
- Added Last seen column to host overview as alternative to the Active column.
"},{"location":"changelog/#021","title":"0.2.1","text":"_ Wednesday 22 Dec 2021 @ 20:00 CET
- Added environment to Breadcrumbs bar when the name equals the parent container.
- Fixed access check for modifying Views and return with an appropriate message if not.
- Fixed spacing between name and body in an alert message.
- Removed incorrect icon in front of Agent-core in host overview.
"},{"location":"changelog/#020","title":"0.2.0","text":"_ Tuesday 21 Dec 2021 @ 20:00 CET
- Updated UI using the Material design language.
- Added Light/Dark mode.
- Added a dashboard which shows useful information and shortcuts.
- Added the Tasks overview. In this overview, Admins can see all tasks related to the current environment.
- The Closed alerts and the Search closed alerts pages are merged into a single page.
- Added the option to \"star\" Views and Environments as favorite.
- Added a \"Share\" button to Views.
- Added \"click-on-tag\" for \"copy-to-clipboard\".
- Merged the container and environment logging into one page.
- Added a \"Task\" column and a \"Parent\" column to log entries.
- Replaced the counter with tags in the Conditions page.
- Authentication provider is now implied when adding a user to a container.
- Improved feedback when submitting invalid forms.
- Added specific icons to all Hosts.
- Added \"No environments found\" screen, for users without container access.
- Added time selection to the statistics page.
- Added the \"Windows Services\" widget to the Insight page.
"},{"location":"changelog/#01109","title":"0.1.109","text":"_ Tuesday 07 Dec 2021 @ 20:00 CET
"},{"location":"changelog/#01108","title":"0.1.108","text":"_ Monday 29 Nov 2021 @ 20:00 CET
- Enable
changed option for boolean and timestamp type. - Removed CRM from InfraSonar.
"},{"location":"changelog/#01107","title":"0.1.107","text":"_ Saturday 13 Nov 2021 @ 14:00 CET
"},{"location":"changelog/#01106","title":"0.1.106","text":"_ Friday 12 Nov 2021 @ 20:00 CET
- Collapsible raster on double mouse click.
- Added audit logging to re-discover changes on a host.
- Fixed bug with selecting a time range within a modal.
- Fixed socket message on re-connect.
- Added search in my alerts view.
- Prevent inserting invalid metric info.
"},{"location":"changelog/#01105","title":"0.1.105","text":"_ Tuesday 12 Oct 2021 @ 20:00 CET
- Log tasks using the user who initiated the task.
- Return the taskId when creating a task using the API.
- Send an email to the user when a schedules task has failed.
"},{"location":"changelog/#01104","title":"0.1.104","text":"_ Monday 13 Sep 2021 @ 20:00 CET
- Added Id column to environment overview page.
- Added /api/environments API call.
- Added support for custom time zone per environment.
- Fixed bug with assigned alerts for users without key string.
"},{"location":"changelog/#01103","title":"0.1.103","text":"_ Tuesday 27 Jul 2021 @ 11:00 CET
- Loosely name validation for check and type in data query API call.
"},{"location":"changelog/#01102","title":"0.1.102","text":"_ Wednesday 21 Jul 2021 @ 22:00 CET
- Added
environment and lastSeen columns to api/hosts API call. - Added
api/labels API call to query for labels in an environment. - Fixed bug in widget editor when no hosts are configured.
- Fixed minor widget bugs (no panel data, handle escape key correctly).
"},{"location":"changelog/#01101","title":"0.1.101","text":"_ Thursday 15 Jul 2021 @ 20:00 CET
- Added check for valid labels in API call
api/host/label/add. - Added filter for empty hosts in view.
- Added filter item option in widgets.
- Added the option to exclude host with specified labels from a view.
- Auto convert
int to float for the insert API call. - Fixed bug in auto refresh on a view.
- Fixed bug in validate API metric names.
- Fixed bug when moving a root widget on a host overview page.
- Fixed minor bug in side menu on probe pages.
- Required metrics no longer accept a
null value.
"},{"location":"changelog/#01100","title":"0.1.100","text":"_ Tuesday 22 Jun 2021 @ 20:00 CET
- Added link to new InfraSonar documentation.
- Added query data API call and added
/api/data to replace api/data/insert. - Added support for
withLabel and withProbe keys to hosts query API. - Replaced
accept/reject lists with item (not) in list. - Check for int64 when using the API to insert data.
- Improved error messages when using incorrect API calls.
- Fixed double boolean naming when choosing a display function.
"},{"location":"changelog/#0199","title":"0.1.99","text":"_ Tuesday 18 Apr 2021 @ 9:00 CET
"},{"location":"changelog/#0198","title":"0.1.98","text":"_ Monday 17 May 2021 @ 20:00 CET
- Added tool for generating encryption keys.
- Fix ConnectWise member API call.
- Fix My-Alert view (too many alerts).
- Fix time range selection on aggregation grid.
- Sort series on environment in time-series chart.
- Update: ThingsDB client (fix re-connect Emitter bug).
- Update: Python packages.
- Update: Npm packages.
"},{"location":"changelog/#0197","title":"0.1.97","text":"_ Tuesday 20 Apr 2021 @ 12:00 CET
"},{"location":"changelog/#0196","title":"0.1.96","text":"_ Monday 19 Apr 2021 @ 19:45 CET
"},{"location":"changelog/#0195","title":"0.1.95","text":"_ Monday 19 Apr 2021 @ 19:00 CET
- Improved item-list in expression editor.
- Fixed number of rows in grid after using a filter (search).
- Update browser title when opening a view.
- Fixed CTRL-F when viewing a data-table with search disabled.
- Added column suppressed label count on conditions page.
- Fixed bug with auto-refresh.
- Update: Python packages.
- Update: Npm packages.
"},{"location":"changelog/#0194","title":"0.1.94","text":"_ Wednesday 7 Apr 2021 @ 15:30 CET
- Fixed ConnectWise manage bug, maximum summary length.
"},{"location":"changelog/#0193","title":"0.1.93","text":"_ Tuesday 6 Apr 2021 @ 20:00 CET
- Added API route for posting InfraSonar (host) data.
- Added API routes for controlling metadata.
- Added derived metric option.
"},{"location":"changelog/#0192","title":"0.1.92","text":"_ Monday 15 Mar 2021 @ 20:00 CET
- Fixed check for valid hostUuids in API handler.
- Select current user as default owner for an alert.
"},{"location":"changelog/#0191","title":"0.1.91","text":"_ Wednesday 24 Feb 2021 @ 20:00 CET
- Allow ticket in CWM without owner.
- Update API documentation.
"},{"location":"changelog/#0190","title":"0.1.90","text":"_ Tuesday 23 Feb 2021 @ 20:00 CET
- Added ConnectWise Manage support.
- Added environment widget for installed software on Windows.
- Added option to select a time range for the aggregation grid widget.
- Fixed bug in top menu after window resize.
"},{"location":"changelog/#0189","title":"0.1.89","text":"_ Thursday 14 Jan 2021 @ 20:00 CET
- Added channels column on labels overview page.
- Added item (not) in list expression to replace black/white list.
- Added option to accept or reject specific conditions for DutyCalls.
- Added option to show/hide self signed certificates.
- Added option to sort on environemt in a gid widget.
- Added search box to certificate widget.
- Auto-complete default probe address unless changed by the user.
- Changed export to CSV for time and age values.
- Prevent saving conditions with empty expressions.
"},{"location":"api/authentication/","title":"Authentication","text":""},{"location":"api/authentication/#authentication","title":"Authentication","text":"The authentication scheme that the InfraSonar API makes use of is \"Bearer authentication\".
"},{"location":"api/authentication/#bearer-authentication","title":"Bearer Authentication","text":"Bearer authentication (also called token authentication) is an HTTP authentication scheme that involves security tokens called bearer tokens. The name \u201cBearer authentication\u201d can be understood as \u201cgive access to the bearer of this token.\u201d The client must send this token in the Authorization header when making requests to the InfraSonar API:
Authorization: Bearer <token>\n
"},{"location":"api/authentication/#creating-a-token","title":"Creating a token","text":"Infrasonar supports two types of tokens:
User tokens User tokens are bound to an user and can be used to automated actions as the user issuing the token.
Warning
This token has the same privileges as the user!
User can be valuable for scripts or integrations that require access to multiple containers.
Container tokens Container tokens can be used to give granular access to a specific container.
"},{"location":"api/authentication/#user-tokens","title":"User tokens","text":"Follow these steps below to create and add a token to your user account.
- Open the \"My access\" dialog by clicking on the My access button in the account menu.
- Navigate to the tokens tab and click on the + button.
- Enter a useful description and click on the Create button to add the token to your account.
"},{"location":"api/authentication/#container-tokens","title":"Container tokens","text":"Tip
We strongly suggest setting up separate tokens when possible.
Container tokens are also required for agentcore and agent authentication.
- Navigate to the container you want to create a token for.
- Click the tokens icon in the left hand menu.
- Click the Add token button.
- Give the token a identifiable name and provide just enough accessobserve we added some shorcuts to create access tokens for agentcores and probes
- Click Save, enter a reason and click confirm
- Reopen the just created token and copy the ID.
Rules
- User who have the de
container Access flag set can create container tokens. - A user can not grant more access permissions to a token then he or she already has.
"},{"location":"api/ids/","title":"ID's","text":""},{"location":"api/ids/#ids","title":"ID's","text":"InfraSonar uses ID's to identify:
- Assets
- Conditions
- Containers
- Labels
"},{"location":"api/ids/#figuring-out-ids","title":"Figuring out ID's","text":""},{"location":"api/ids/#asset-id","title":"Asset ID","text":" - Navigate to the container to which the asset belongs.
- Open the asset overview page.
- Use the column picker in the top right corner and ensure ID is selected.
- The asset ID is now visible in the most left hand column.
Query asset ID using our API
Asset ID's can be retrieved using our API
"},{"location":"api/ids/#condition-id","title":"Condition ID","text":" - Navigate to the container to which the condition belongs.
- Open the condtions overview page.
- Use the column picker in the top right corner and ensure ID is selected.
- The condition ID is now visible in the most left hand column.
"},{"location":"api/ids/#container-id","title":"Container ID","text":" - Open the containers view.
- Use the column picker in the top right corner and ensure ID is selected.
- The container ID is now visible in the most left hand column.
Query container ID using our API
Container ID's can be retrieved using our API
"},{"location":"api/ids/#label-id","title":"Label ID","text":" - Navigate to the container to which the label belongs.
- Open the label overview page.
- Use the column picker in the top right corner and ensure ID is selected.
- The label ID is now visible in the most left hand column.
"},{"location":"api/overview/","title":"Overview","text":"The InfraSonar API is used for accessing and manipulating data within InfraSonar.
InfraSonar agents use the API to bring data into the platform while automation solutions such as Ansible and Salt can be used to query data but also change modes to avoid getting notified while automation tasks are performing maintenance.
The API is also used by InfraSonar ready to run integrations
"},{"location":"api/alert/assign/","title":"Assign alert","text":"PUT/alert/<alertKs>/assign
"},{"location":"api/alert/assign/#description","title":"Description","text":"Assign an open alert to a user. The user (userId) must be marked as a member of the container. Success (204) is also returned when the alert does not exist.
"},{"location":"api/alert/assign/#path-parameters","title":"Path parameters","text":"Param Description alertKs Alert key string (ks)."},{"location":"api/alert/assign/#body","title":"Body","text":"Param Type Required Description userId int Yes User Id of a user message string No Optional message (max 240 characters, default empty)."},{"location":"api/alert/assign/#return-codes","title":"Return codes","text":"Error code Reason 204 Success. 400 Invalid body or alert key string. 401 Invalid or missing token. 403 Insufficient permissions (required: API+ALERT_ASSIGN). 404 User (userId) not found or the user is not a member."},{"location":"api/alert/assign/#example","title":"Example","text":"Curl request:
curl \\\n -X PUT 'https://api.infrasonar.com/alert/xxx/assign' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' \\\n -H 'Content-Type: application/json' \\\n --data-raw '{\n \"userId\": 123\n}'\n
"},{"location":"api/alert/close/","title":"Close alert","text":"PUT/alert/<alertKs>/close
"},{"location":"api/alert/close/#description","title":"Description","text":"Close an alert. An optional message can be provided. Success (204) is also returned when the alert is already closed .
"},{"location":"api/alert/close/#path-parameters","title":"Path parameters","text":"Param Description alertKs Alert key string (ks)."},{"location":"api/alert/close/#body","title":"Body","text":"Param Type Required Description message string No Optional message (max 240 characters, default empty)."},{"location":"api/alert/close/#return-codes","title":"Return codes","text":"Error code Reason 204 Success. 400 Invalid body or alert key string. 401 Invalid or missing token. 403 Insufficient permissions (required: API+ALERT_CHANGE)."},{"location":"api/alert/close/#example","title":"Example","text":"Curl request:
curl \\\n -X PUT 'https://api.infrasonar.com/alert/xxx/close' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' \\\n -H 'Content-Type: application/json' \\\n --data-raw '{\n \"message\": \"Closed using the API\"\n}'\n
"},{"location":"api/alert/message/","title":"Add message to alert","text":"PUT/alert/<alertKs>/message
"},{"location":"api/alert/message/#description","title":"Description","text":"Add a message to an open alert. Success (204) is also returned when the alert does not exist.
"},{"location":"api/alert/message/#path-parameters","title":"Path parameters","text":"Param Description alertKs Alert key string (ks)."},{"location":"api/alert/message/#body","title":"Body","text":"Param Type Required Description message string Yes Message to add (max 240 characters, default empty)."},{"location":"api/alert/message/#return-codes","title":"Return codes","text":"Error code Reason 204 Success. 400 Invalid body or alert key string. 401 Invalid or missing token. 403 Insufficient permissions (required: API+ALERT_CHANGE)."},{"location":"api/alert/message/#example","title":"Example","text":"Curl request:
curl \\\n -X PUT 'https://api.infrasonar.com/alert/xxx/message' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' \\\n -H 'Content-Type: application/json' \\\n --data-raw '{\n \"message\": \"This is an example message.\"\n}'\n
"},{"location":"api/alert/query/","title":"Query alert","text":"GET/alert/<alertKs>?fields=...&actions=...
"},{"location":"api/alert/query/#description","title":"Description","text":"Query alert details. This API call will work for both an open and closed alert.
"},{"location":"api/alert/query/#path-parameters","title":"Path parameters","text":"Param Description alertKs Alert key string (ks)."},{"location":"api/alert/query/#query-parameters","title":"Query parameters","text":"Param Default Description fields all fields Fields to return (see fields below for all available fields). actions none Action fields. If at least one field is given, the result will include \"actions\" with an array of action objects (see Actions below for all available action fields)."},{"location":"api/alert/query/#fields","title":"Fields","text":"Field Return type Description ks string Key string of the alert. message string Initial message when the alert was opened. severity integer Initial severity when the alert was opened (value between 0=highest and 7=lowest severity). timestamp integer Unix timestamp in seconds when the alert was opened. lastMessage string Message of the last hit (equal to \"message\" with only a single hit). lastSeverity integer Severity of the last hit (equal to \"severity\" with only a single hit). lastTimestamp integer Unix timestamp in seconds of the last hit (equal to \"timestamp\" with only a single hit). ownerId integer/null User Id of the owner or null when the alert is not assigned to an owner. closedTimestamp integer/null Unix timestamp in seconds when the alert was closed or null if not closed."},{"location":"api/alert/query/#actions","title":"Actions","text":"Action field Return type Description kind string One of: Assign, Comment, IntegrationCall, Close, AutoClose, IndirectClose timestamp integer Unix timestamp in seconds. data object/null Additional data object."},{"location":"api/alert/query/#return-codes","title":"Return codes","text":"Error code Reason 200 Success. 400 Unknown field or action or invalid alert key string. 401 Invalid or missing token. 403 Insufficient permissions (required: API+READ). 404 Alert not found."},{"location":"api/alert/query/#example","title":"Example","text":"Curl request:
curl \\\n -X GET 'https://api.infrasonar.com/alert/xxx?actions=kind,timestamp,data' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'\n
Response:
{\n \"ks\": \"<a-unique-key-string>\",\n \"message\": \"Initial message of the alert\",\n \"severity\": 3,\n \"timestamp\": 1667511262,\n \"lastMessage\": \"Last message of the alert\",\n \"lastSeverity\": 3,\n \"listTimestamp\": 1667511523,\n \"ownerId\": 123,\n \"closedTimestamp\": null,\n \"actions\": [\n {\n \"kind\": \"Assign\",\n \"timestamp\": 1667511469,\n \"data\": {\n \"userId\": 123,\n \"ownerId\": 123,\n \"message\": \"Alert assigned to me!\"\n }\n }\n ]\n}\n
"},{"location":"api/asset/add-label/","title":"Add label to asset","text":"PUT /asset/<assetId>/label/<labelId>
"},{"location":"api/asset/add-label/#description","title":"Description","text":"Add a label to an asset. Success (204) is also returned when the label was already assigned to the asset.
Note: method POST is obsolete but still supported.
"},{"location":"api/asset/add-label/#path-parameters","title":"Path parameters","text":"Param Description assetId Asset Id. labelId Label Id."},{"location":"api/asset/add-label/#query-parameters","title":"Query parameters","text":"none
"},{"location":"api/asset/add-label/#body","title":"Body","text":"none
"},{"location":"api/asset/add-label/#return-codes","title":"Return codes","text":"Error code Reason 204 Success. 401 Invalid or missing token. 403 Insufficient permissions (required: API+ASSET_MANAGEMENT). 404 Asset or label not found."},{"location":"api/asset/add-label/#example","title":"Example","text":"Curl request:
curl \\\n -X PUT 'https://api.infrasonar.com/asset/123/label/123' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'\n
"},{"location":"api/asset/disable-check/","title":"Disable check on asset","text":"DELETE /asset/<assetId>/collector/<collectorKey>/check/<checkKey>
"},{"location":"api/asset/disable-check/#description","title":"Description","text":"Disable a check on an asset. Success (204) is also returned when the check was already disabled on the asset.
"},{"location":"api/asset/disable-check/#path-parameters","title":"Path parameters","text":"Param Description assetId Asset Id. collectorKey Collector key. checkKey Check key."},{"location":"api/asset/disable-check/#query-parameters","title":"Query parameters","text":"none
"},{"location":"api/asset/disable-check/#body","title":"Body","text":"none
"},{"location":"api/asset/disable-check/#return-codes","title":"Return codes","text":"Error code Reason 204 Success. 401 Invalid or missing token. 403 Insufficient permissions (required: API+CHECK_MANAGEMENT). 404 Asset, collector or check not found. 409 Both the asset and check exist, but the check does not exist on the asset."},{"location":"api/asset/disable-check/#example","title":"Example","text":"Curl request:
curl \\\n -X DELETE 'https://api.infrasonar.com/asset/123/collector/wmi/check/updates' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'\n
"},{"location":"api/asset/enable-check/","title":"Enable check on asset","text":"PUT /asset/<assetId>/collector/<collectorKey>/check/<checkKey>
"},{"location":"api/asset/enable-check/#description","title":"Description","text":"Enable a check on an asset. Success (204) is also returned when the check was already enabled on the asset.
"},{"location":"api/asset/enable-check/#path-parameters","title":"Path parameters","text":"Param Description assetId Asset Id. collectorKey Collector key. checkKey Check key."},{"location":"api/asset/enable-check/#query-parameters","title":"Query parameters","text":"none
"},{"location":"api/asset/enable-check/#body","title":"Body","text":"none
"},{"location":"api/asset/enable-check/#return-codes","title":"Return codes","text":"Error code Reason 204 Success. 401 Invalid or missing token. 403 Insufficient permissions (required: API+CHECK_MANAGEMENT). 404 Asset, collector or check not found. 409 Both the asset and check exist, but the check does not exist on the asset."},{"location":"api/asset/enable-check/#example","title":"Example","text":"Curl request:
curl \\\n -X PUT 'https://api.infrasonar.com/asset/123/collector/wmi/check/updates' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'\n
"},{"location":"api/asset/insert-check-data/","title":"Insert check data","text":"POST /asset/<assetId>/collector/<collectorKey>/check/<checkKey>
"},{"location":"api/asset/insert-check-data/#description","title":"Description","text":"Insert check data.
"},{"location":"api/asset/insert-check-data/#path-parameters","title":"Path parameters","text":"Param Description assetId Asset Id. collectorKey Collector key. checkKey Check key."},{"location":"api/asset/insert-check-data/#query-parameters","title":"Query parameters","text":"none
"},{"location":"api/asset/insert-check-data/#body","title":"Body","text":"Param Type Required Description data object Yes Object with check data. version string Yes Version of the collector. runtime float No Time it took for the check to run in seconds. timestamp integer No Unix timestamp in seconds. If omitted, InfraSonar will set the timestamp for the check data."},{"location":"api/asset/insert-check-data/#return-codes","title":"Return codes","text":"Error code Reason 204 Success. 400 Invalid body. 401 Invalid or missing token. 403 Insufficient permissions (required: API+INSERT_CHECK_DATA). 404 Asset or collector or check not found. 409 Collector is not assigned to the asset. 413 Body size too large (maximum 500 KB)."},{"location":"api/asset/insert-check-data/#example","title":"Example","text":"Curl request:
curl \\\n -X POST 'https://api.infrasonar.com/asset/123/collector/docker/check/network' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' \\\n -H 'Content-Type: application/json' \\\n --data-raw '{\n \"data\": {\n \"networks\": [\n {\n \"name\": \"myNetwork\",\n \"ipAddress\": \"1.2.3.4\"\n }\n ]\n },\n \"version\": \"0.1.0\"\n}'\n
In this example, \"docker\" is the collector, \"network\" the check, \"networks\" a type, \"name\" is a required metric and \"ipAddress\" is a metric."},{"location":"api/asset/purge-notifications/","title":"Purge notifications","text":"POST /asset/<assetId>/purge-notifications
"},{"location":"api/asset/purge-notifications/#description","title":"Description","text":"Purge notifications by notification kind for a specific asset.
"},{"location":"api/asset/purge-notifications/#path-parameters","title":"Path parameters","text":"Param Description assetId Asset Id."},{"location":"api/asset/purge-notifications/#query-parameters","title":"Query parameters","text":"none
"},{"location":"api/asset/purge-notifications/#body","title":"Body","text":"Param Type Required Description kind string Yes One of CheckMissing, CheckError, CheckAged, CheckInvalidResult, CheckInvalidTimestamp or CheckInvalidData."},{"location":"api/asset/purge-notifications/#return-codes","title":"Return codes","text":"Error code Reason 204 Success. 400 Invalid body. 401 Invalid or missing token. 403 Insufficient permissions (required: API+ASSET_MANAGEMENT). 404 Asset not found."},{"location":"api/asset/purge-notifications/#example","title":"Example","text":"Curl request:
curl \\\n -X POST 'https://api.infrasonar.com/asset/123/purge-notifications' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' \\\n -H 'Content-Type: application/json' \\\n --data-raw '{\n \"kind\": \"CheckError\"\n}'\n
"},{"location":"api/asset/query-alerts/","title":"Query asset alerts","text":"GET /asset/<assetId>/alerts?fields=...
"},{"location":"api/asset/query-alerts/#description","title":"Description","text":"Query all open alerts for a given asset.
With the current API it is not possible to query for closed alerts, except when you have an explicit alert key string.
"},{"location":"api/asset/query-alerts/#path-parameters","title":"Path parameters","text":"Param Description assetId Asset Id."},{"location":"api/asset/query-alerts/#query-parameters","title":"Query parameters","text":"Param Default Description fields ks Fields to return (see fields below for all available fields)."},{"location":"api/asset/query-alerts/#fields","title":"Fields","text":"Field Return type Description ks string Key string of the alert. message string Initial message when the alert was opened. severity integer Initial severity when the alert was opened (value between 0=highest and 7=lowest severity). timestamp integer Unix timestamp in seconds when the alert was opened. lastMessage string Message of the last hit (equal to \"message\" with only a single hit). lastSeverity integer Severity of the last hit (equal to \"severity\" with only a single hit). lastTimestamp integer Unix timestamp in seconds of the last hit (equal to \"timestamp\" with only a single hit). ownerId integer/null User Id of the owner or null when the alert is not assigned to an owner."},{"location":"api/asset/query-alerts/#return-codes","title":"Return codes","text":"Error code Reason 200 Success. 400 Unknown field. 401 Invalid or missing token. 403 Insufficient permissions (required: API+READ). 404 Asset not found."},{"location":"api/asset/query-alerts/#example","title":"Example","text":"Curl request:
curl \\\n -X GET 'https://api.infrasonar.com/asset/123/alerts?fields=ks,message,severity,ownerId' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'\n
Response:
[\n {\n \"ks\": \"<a-unique-key-string>\",\n \"message\": \"Initial message of the alert\",\n \"severity\": 3,\n \"ownerId\": null\n }\n]\n
"},{"location":"api/asset/query-check-data/","title":"Query check data","text":"GET /asset/<assetId>/collector/<collectorKey>/check/<checkKey>?fmt=false
"},{"location":"api/asset/query-check-data/#description","title":"Description","text":"Query check data. The result might be null when both the collector and check exist, but no data for the given asset exists. If only the framework is null, then the check is enabled for the asset but no data is received (yet).
"},{"location":"api/asset/query-check-data/#path-parameters","title":"Path parameters","text":"Param Description assetId Asset Id. collectorKey Collector key. checkKey Check key."},{"location":"api/asset/query-check-data/#query-parameters","title":"Query parameters","text":"Param Default Description fmt false Either true or false. When true the display function is used to format the values and if false, the raw values are returned."},{"location":"api/asset/query-check-data/#return-codes","title":"Return codes","text":"Error code Reason 200 Success. 400 Invalid value for fmt query param. 401 Invalid or missing token. 403 Insufficient permissions (required: API+READ). 404 Asset, collector or check not found."},{"location":"api/asset/query-check-data/#example","title":"Example","text":"Curl request:
curl \\\n -X GET 'https://api.infrasonar.com/asset/123/collector/ping/check/ping?fmt=true' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'\n
Response:
{\n \"data\": {\n \"icmp\": [\n {\n \"address\": \"192.168.1.2\",\n \"maxTime\": \"1 ms\",\n \"name\": \"ping\",\n \"count\": \"5\",\n \"dropped\": \"0\",\n \"minTime\": \"165 \u03bcs\"\n }\n ]\n },\n \"framework\": {\n \"duration\": \"4.015 seconds\",\n \"timestamp\": \"2023-01-12 15:29:37+01:00\",\n \"prev\": {\n \"timestamp\": \"2023-01-12 15:24:37+01:00\"\n }\n }\n}\n
In this example, \"ping\" is a collector, \"ping\" a check, \"icmp\" a type and \"name\", address, maxTime etc, are the metrics.
"},{"location":"api/asset/query-forecast-data/","title":"Query forecast data","text":"GET /asset/<assetId>/collector/<collectorKey>/check/<checkKey>/type/<typeKey>/metric/<metricKey>/forecasts?aggregation=none
"},{"location":"api/asset/query-forecast-data/#description","title":"Description","text":"Query forecast data. A list will be returned containing all items with forecasts. The forecast for each item is an array with arrays containing a UNIX-timestamp, the upper and lower prediction values. The forecast for an item might also be null when the forecast could not be created (for example when the metric hasn't enough data points). In the latter case, the item has a retryAfter property with a UNIX-timestamp which tells when a new attempt will be made to create a forecast for that item.
"},{"location":"api/asset/query-forecast-data/#path-parameters","title":"Path parameters","text":"Param Description assetId Asset Id. collectorKey Collector key. checkKey Check key. typeKey Type key. metricKey Metric key."},{"location":"api/asset/query-forecast-data/#query-parameters","title":"Query parameters","text":"Param Default Description aggregation none One of none, diff, diffps, first, last, count, mode, min, max, sum, mean, median, medianlow, medianhigh. If you are not sure, just use the default none."},{"location":"api/asset/query-forecast-data/#return-codes","title":"Return codes","text":"Error code Reason 200 Success. 400 Invalid value for aggregation query param. 401 Invalid or missing token. 403 Insufficient permissions (required: API+READ). 404 Asset, collector, check, type or metric not found."},{"location":"api/asset/query-forecast-data/#example","title":"Example","text":"Curl request:
curl \\\n -X GET 'https://api.infrasonar.com/asset/123/collector/wmi/check/system/type/processorTotal/metric/PercentProcessorTime/forecasts' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'\n
Response:
[\n {\n \"name\": \"foo.local\",\n \"forecast\": null,\n \"retryAfter\": 1684891252.3467717\n },\n {\n \"name\": \"bar.local\",\n \"forecast\": [\n [\n 1684823400,\n 5.443413461856282,\n 0.3348468724474909\n ],\n [\n 1684825200,\n 5.339250050203838,\n 0.46790794525554347\n ]\n ]\n }\n]\n
"},{"location":"api/asset/query-id/","title":"Query asset Id","text":"GET /asset/<assetName>/id
"},{"location":"api/asset/query-id/#description","title":"Description","text":"Query an asset Id by name. This route only works with a container token.
Removed assets (assets in trash) are ignored and will not be found using this API call.
"},{"location":"api/asset/query-id/#path-parameters","title":"Path parameters","text":"Param Description assetName Asset name."},{"location":"api/asset/query-id/#query-parameters","title":"Query parameters","text":"none
"},{"location":"api/asset/query-id/#return-codes","title":"Return codes","text":"Error code Reason 200 Success. 401 Invalid or missing token. 403 Insufficient permissions (required: API). 404 No asset with the given name is found in the container. 409 Multiple assets with the same name are found within the container."},{"location":"api/asset/query-id/#example","title":"Example","text":"Curl request:
curl \\\n -X GET 'https://api.infrasonar.com/asset/my-asset.local/id' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'\n
Response:
{\n \"assetId\": 123\n}\n
"},{"location":"api/asset/query-time-series/","title":"Query time series","text":"POST /asset/<assetId>/query-time-series
"},{"location":"api/asset/query-time-series/#description","title":"Description","text":"Query time series.
"},{"location":"api/asset/query-time-series/#path-parameters","title":"Path parameters","text":"Param Description assetId Asset Id."},{"location":"api/asset/query-time-series/#body","title":"Body","text":"Param Type Required Description collector string Yes Collector key. check string Yes Check key. type string Yes Type key. metric string Yes Metric key. items array(string) No Item names. If not given, all items are returned. timeSpan integer No Time span in seconds. Defaults to 28800 (8 hours). The maximum time span is 2419200 (28 days). start integer/string No Unix timestamp or ISO time string. The start + time-span is the end of the time window. When not given, the start is calculated as now minus the time span which results in the latest data points. aggregation object No See aggregation section. If not given, no aggregation is used. merge object No See merge section. If not given, items are not merged."},{"location":"api/asset/query-time-series/#merge","title":"Merge","text":"Param Type Required Description as string Yes Name as the time-series will be returned in the result. Only alpha-numeric characters and underscores are allowed and the name must not be empty. aggregation object Yes See aggregation section. This aggregation is used for merging the time series."},{"location":"api/asset/query-time-series/#aggregation","title":"Aggregation","text":"Param Type Required Description type string Yes One of mean, min, max, sum, median, median_high, median_low or count. timeSpan integer No Time span in seconds used for aggregation blocks. For example 3600 will create per-hour blocks. If not given, the result will contain a single value with the current timestamp."},{"location":"api/asset/query-time-series/#return-codes","title":"Return codes","text":"Error code Reason 200 Success. 400 Invalid body. 401 Invalid or missing token. 403 Insufficient permissions (required: API+READ). 404 Asset not found."},{"location":"api/asset/query-time-series/#example","title":"Example","text":"Curl request (Average bytes received p/s for the last 4 hours):
curl \\\n -X POST 'https://api.infrasonar.com/asset/123/query-time-series' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' \\\n -H 'Content-Type: application/json' \\```\n --data-raw '{\n \"collector\": \"wmi\",\n \"check\": \"network\",\n \"type\": \"interface\",\n \"metric\": \"BytesReceivedPersec\",\n \"timeSpan\": 14400,\n \"aggregation\": {\n \"type\": \"mean\"\n }\n}'\n
Response (Each key in the response represents an item name, unless \"merge\" is used. The value is an array with with arrays containing a timestamp and value):
{\n \"Intel[R] 82574L Gigabit Network Connection\": [\n [\n 1677142522,\n 9488.9375\n ]\n ]\n}\n
"},{"location":"api/asset/query/","title":"Query asset","text":"GET/asset/<assetId>?fields=...
"},{"location":"api/asset/query/#description","title":"Description","text":"Query asset details.
"},{"location":"api/asset/query/#path-parameters","title":"Path parameters","text":"Param Description assetId Asset Id."},{"location":"api/asset/query/#query-parameters","title":"Query parameters","text":"Param Default Description fields all fields Fields to return (see fields below for all available fields). collectors none Collector fields. If at least one field is given, the result will include \"collectors\" with an array of collector objects (see Collectors below for all available collector fields)."},{"location":"api/asset/query/#fields","title":"Fields","text":"Field Return type Description id integer Asset Id. container integer Asset container Id. name string Asset name. kind string One of the kinds (see set-kind api) description string Asset description. mode string One of normal, maintenance or disabled. labels array(integer) List with label Ids. disabledChecks array(object) List with check objects. Each check object contains a collector and check property, both with the key as value."},{"location":"api/asset/query/#collectors","title":"Collectors","text":"Collector field Return type Description key string Collector key. name string Collector name. kind string One of agent, probe or service. config object/null Configuration for the collector if config exists."},{"location":"api/asset/query/#return-codes","title":"Return codes","text":"Error code Reason 200 Success. 400 Unknown field. 401 Invalid or missing token. 403 Insufficient permissions (required: API+READ). 404 Asset not found."},{"location":"api/asset/query/#example","title":"Example","text":"Curl request:
curl \\\n -X GET 'https://api.infrasonar.com/asset/123' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'\n
Response:
{\n \"id\": 123,\n \"name\": \"my-host.local\",\n \"kind\": \"Asset\",\n \"description\": \"My host\",\n \"mode\": \"normal\",\n \"labels\": [456, 789]\n}\n
"},{"location":"api/asset/remove-collector/","title":"Remove collector from asset","text":"DELETE /asset/<assetId>/collector/<collectorKey>
"},{"location":"api/asset/remove-collector/#description","title":"Description","text":"Remove a collector from an asset. Success (204) is also returned when the collector was not attached to the asset.
"},{"location":"api/asset/remove-collector/#path-parameters","title":"Path parameters","text":"Param Description assetId Asset Id. collectorKey Collector key."},{"location":"api/asset/remove-collector/#query-parameters","title":"Query parameters","text":"none
"},{"location":"api/asset/remove-collector/#body","title":"Body","text":"none
"},{"location":"api/asset/remove-collector/#return-codes","title":"Return codes","text":"Error code Reason 204 Success. 401 Invalid or missing token. 403 Insufficient permissions (required: API+ASSET_MANAGEMENT). 404 Asset or collector not found."},{"location":"api/asset/remove-collector/#example","title":"Example","text":"Curl request:
curl \\\n -X DELETE 'https://api.infrasonar.com/asset/123/collector/docker' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'\n
"},{"location":"api/asset/remove-label/","title":"Remove label from asset","text":"DELETE /asset/<assetId>/label/<labelId>
"},{"location":"api/asset/remove-label/#description","title":"Description","text":"Remove a label from an asset. Success (204) is also returned when the label was not assigned to the asset.
"},{"location":"api/asset/remove-label/#path-parameters","title":"Path parameters","text":"Param Description assetId Asset Id. labelId Label Id."},{"location":"api/asset/remove-label/#query-parameters","title":"Query parameters","text":"none
"},{"location":"api/asset/remove-label/#body","title":"Body","text":"none
"},{"location":"api/asset/remove-label/#return-codes","title":"Return codes","text":"Error code Reason 204 Success. 401 Invalid or missing token. 403 Insufficient permissions (required: API+ASSET_MANAGEMENT). 404 Asset or label not found."},{"location":"api/asset/remove-label/#example","title":"Example","text":"Curl request:
curl \\\n -X DELETE 'https://api.infrasonar.com/asset/123/label/123' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'\n
"},{"location":"api/asset/set-description/","title":"Set asset description","text":"PATCH /asset/<assetId>/description
"},{"location":"api/asset/set-description/#description","title":"Description","text":"Set the asset description. Success (204) is also returned when the asset description has not changed.
"},{"location":"api/asset/set-description/#path-parameters","title":"Path parameters","text":"Param Description assetId Asset Id."},{"location":"api/asset/set-description/#query-parameters","title":"Query parameters","text":"none
"},{"location":"api/asset/set-description/#body","title":"Body","text":"Param Type Required Description description string Yes Asset description."},{"location":"api/asset/set-description/#return-codes","title":"Return codes","text":"Error code Reason 204 Success. 400 Invalid body. 401 Invalid or missing token. 403 Insufficient permissions (required: API+ASSET_MANAGEMENT). 404 Asset not found."},{"location":"api/asset/set-description/#example","title":"Example","text":"Curl request:
curl \\\n -X PATCH 'https://api.infrasonar.com/asset/123/description' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' \\\n -H 'Content-Type: application/json' \\\n --data-raw '{\n \"description\": \"This is cool asset!\"\n}'\n
"},{"location":"api/asset/set-kind/","title":"Set asset kind","text":"PATCH /asset/<assetId>/kind
"},{"location":"api/asset/set-kind/#description","title":"Description","text":"Set the asset kind. Success (204) is also returned when the asset kind remains unchanged.
"},{"location":"api/asset/set-kind/#path-parameters","title":"Path parameters","text":"Param Description assetId Asset Id."},{"location":"api/asset/set-kind/#query-parameters","title":"Query parameters","text":"none
"},{"location":"api/asset/set-kind/#body","title":"Body","text":"Param Type Required Description kind string Yes Asset kind. See table below for all available kinds."},{"location":"api/asset/set-kind/#kind","title":"Kind","text":"Logo Name Asset (default) APC Apple Azure Citrix Database Dell DNS Docker Eaton Email Firewall FreeBSD HP Kubernetes Linux NetApp PaloAlto PureStorage Speed Supermicro Switch Synology UniFi VMware Website Windows"},{"location":"api/asset/set-kind/#return-codes","title":"Return codes","text":"Error code Reason 204 Success. 400 Invalid body. 401 Invalid or missing token. 403 Insufficient permissions (required: API+ASSET_MANAGEMENT). 404 Asset not found."},{"location":"api/asset/set-kind/#example","title":"Example","text":"Curl request:
curl \\\n -X PATCH 'https://api.infrasonar.com/asset/123/kind' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' \\\n -H 'Content-Type: application/json' \\\n --data-raw '{\n \"kind\": \"Linux\"\n}'\n
"},{"location":"api/asset/set-mode/","title":"Set asset mode","text":"PATCH /asset/<assetId>/mode
"},{"location":"api/asset/set-mode/#description","title":"Description","text":"Set the asset mode. Success (204) is also returned when the asset was already in the desired mode.
"},{"location":"api/asset/set-mode/#path-parameters","title":"Path parameters","text":"Param Description assetId Asset Id."},{"location":"api/asset/set-mode/#query-parameters","title":"Query parameters","text":"none
"},{"location":"api/asset/set-mode/#body","title":"Body","text":"Param Type Required Description mode string Yes One of normal, maintenance or disabled."},{"location":"api/asset/set-mode/#return-codes","title":"Return codes","text":"Error code Reason 204 Success. 400 Invalid body. 401 Invalid or missing token. 403 Insufficient permissions (required: API+ASSET_MANAGEMENT). 404 Asset not found."},{"location":"api/asset/set-mode/#example","title":"Example","text":"Curl request:
curl \\\n -X PATCH 'https://api.infrasonar.com/asset/123/mode' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' \\\n -H 'Content-Type: application/json' \\\n --data-raw '{\n \"mode\": \"maintenance\"\n}'\n
"},{"location":"api/asset/set-name/","title":"Set asset name","text":"PATCH /asset/<assetId>/name
"},{"location":"api/asset/set-name/#description","title":"Description","text":"Set the asset name. Success (204) is also returned when the asset name has not been changed.
"},{"location":"api/asset/set-name/#path-parameters","title":"Path parameters","text":"Param Description assetId Asset Id."},{"location":"api/asset/set-name/#query-parameters","title":"Query parameters","text":"none
"},{"location":"api/asset/set-name/#body","title":"Body","text":"Param Type Required Description name string Yes Asset name."},{"location":"api/asset/set-name/#return-codes","title":"Return codes","text":"Error code Reason 204 Success. 400 Invalid body. 401 Invalid or missing token. 403 Insufficient permissions (required: API+ASSET_MANAGEMENT). 404 Asset not found."},{"location":"api/asset/set-name/#example","title":"Example","text":"Curl request:
curl \\\n -X PATCH 'https://api.infrasonar.com/asset/123/name' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' \\\n -H 'Content-Type: application/json' \\\n --data-raw '{\n \"name\": \"This is cool asset!\"\n}'\n
"},{"location":"api/asset/upsert-collector/","title":"Upsert collector to asset","text":"POST /asset/<assetId>/collector/<collectorKey>
"},{"location":"api/asset/upsert-collector/#description","title":"Description","text":"Add or configure a collector on an asset. If the collector is already attached to the asset, the configuration will be updated unless no configuration is provided in the body.
"},{"location":"api/asset/upsert-collector/#path-parameters","title":"Path parameters","text":"Param Description assetId Asset Id. collectorKey Collector key."},{"location":"api/asset/upsert-collector/#query-parameters","title":"Query parameters","text":"none
"},{"location":"api/asset/upsert-collector/#body","title":"Body","text":"Param Type Required Description config Object Depends Configuration of the collector. A body might be required for some collectors. For most collectors the config field is optional.
"},{"location":"api/asset/upsert-collector/#return-codes","title":"Return codes","text":"Error code Reason 204 Success. 400 Invalid body. 401 Invalid or missing token. 403 Insufficient permissions (required: API+ASSET_MANAGEMENT). 404 Asset or collector not found."},{"location":"api/asset/upsert-collector/#example","title":"Example","text":"Curl request: (no config required for docker agent)
curl \\\n -X POST 'https://api.infrasonar.com/asset/123/collector/docker' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'\n
"},{"location":"api/container/create-asset/","title":"Create asset","text":"POST /container/<containerId>/asset
"},{"location":"api/container/create-asset/#description","title":"Description","text":"Create a new asset.
Duplicated asset names are allowed although not recommended.
"},{"location":"api/container/create-asset/#path-parameters","title":"Path parameters","text":"Param Description containerId Container Id."},{"location":"api/container/create-asset/#query-parameters","title":"Query parameters","text":"none
"},{"location":"api/container/create-asset/#body","title":"Body","text":"Param Type Required Description name string Yes Name of the asset."},{"location":"api/container/create-asset/#return-codes","title":"Return codes","text":"Error code Reason 201 Success. 400 Invalid body. 401 Invalid or missing token. 403 Insufficient permissions (required: API+ASSET_MANAGEMENT). 404 Container not found."},{"location":"api/container/create-asset/#example","title":"Example","text":"Curl request:
curl \\\n -X POST 'https://api.infrasonar.com/container/123/asset' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' \\\n -H 'Content-Type: application/json' \\\n --data-raw '{\n \"name\": \"my-host.local\"\n}'\n
Response:
{\n \"assetId\": 123\n}\n
"},{"location":"api/container/purge-notifications/","title":"Purge notifications","text":"POST /container/<containerId>/purge-notifications
"},{"location":"api/container/purge-notifications/#description","title":"Description","text":"Purge notifications by notification kind.
"},{"location":"api/container/purge-notifications/#path-parameters","title":"Path parameters","text":"Param Description containerId Container Id."},{"location":"api/container/purge-notifications/#query-parameters","title":"Query parameters","text":"none
"},{"location":"api/container/purge-notifications/#body","title":"Body","text":"Param Type Required Description kind string Yes One of ConnectionStatus, ConnectionTimeDelta, ProbeVersion, ProbeMissing, ProbeTimeDelta, ProbeNoHeartbeat, CheckMissing, CheckError, CheckAged, CheckInvalidResult, CheckInvalidTimestamp, CheckInvalidData, ContainerMaintenance, AgentcoreMissing or ConditionError."},{"location":"api/container/purge-notifications/#return-codes","title":"Return codes","text":"Error code Reason 204 Success. 400 Invalid body. 401 Invalid or missing token. 403 Insufficient permissions (required: API+CONTAINER_MANAGEMENT). 404 Container not found."},{"location":"api/container/purge-notifications/#example","title":"Example","text":"Curl request:
curl \\\n -X POST 'https://api.infrasonar.com/container/123/purge-notifications' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' \\\n -H 'Content-Type: application/json' \\\n --data-raw '{\n \"kind\": \"ConnectionStatus\"\n}'\n
"},{"location":"api/container/purge-time-series/","title":"Purge time-series","text":"POST /container/<containerId>/purge-time-series
"},{"location":"api/container/purge-time-series/#description","title":"Description","text":"Purge dead time-series. Time series are considered dead if they didn't got any new data for a period of time. This period must be given in weeks.
"},{"location":"api/container/purge-time-series/#path-parameters","title":"Path parameters","text":"Param Description containerId Container Id."},{"location":"api/container/purge-time-series/#query-parameters","title":"Query parameters","text":"none
"},{"location":"api/container/purge-time-series/#body","title":"Body","text":"Param Type Required Description weeks integer Yes Integer value between 1 and 999 (recommended: 5 weeks or more)."},{"location":"api/container/purge-time-series/#return-codes","title":"Return codes","text":"Error code Reason 200 Success. 400 Invalid body. 401 Invalid or missing token. 403 Insufficient permissions (required: API+PURGE_TIME_SERIES). 404 Container not found."},{"location":"api/container/purge-time-series/#example","title":"Example","text":"Curl request:
curl \\\n -X POST 'https://api.infrasonar.com/container/123/purge-time-series' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' \\\n -H 'Content-Type: application/json' \\\n --data-raw '{\n \"weeks\": 5\n}'\n
Response:
{\n \"purgedTimeSeries\": 12345\n}\n
"},{"location":"api/container/query-alerts/","title":"Query container alerts","text":"GET /container/<containerId>/alerts?fields=...
"},{"location":"api/container/query-alerts/#description","title":"Description","text":"Query all open alerts for a given container.
With the current API it is not possible to query for closed alerts, except when you have an explicit alert key string.
"},{"location":"api/container/query-alerts/#path-parameters","title":"Path parameters","text":"Param Description containerId Container Id."},{"location":"api/container/query-alerts/#query-parameters","title":"Query parameters","text":"Param Default Description fields ks Fields to return (see fields below for all available fields)."},{"location":"api/container/query-alerts/#fields","title":"Fields","text":"Field Return type Description ks string Key string of the alert. message string Initial message when the alert was opened. severity integer Initial severity when the alert was opened (value between 0=highest and 7=lowest severity). timestamp integer Unix timestamp in seconds when the alert was opened. lastMessage string Message of the last hit (equal to \"message\" with only a single hit). lastSeverity integer Severity of the last hit (equal to \"severity\" with only a single hit). lastTimestamp integer Unix timestamp in seconds of the last hit (equal to \"timestamp\" with only a single hit). ownerId integer/null User Id of the owner or null when the alert is not assigned to an owner."},{"location":"api/container/query-alerts/#return-codes","title":"Return codes","text":"Error code Reason 200 Success. 400 Unknown field. 401 Invalid or missing token. 403 Insufficient permissions (required: API+READ). 404 Container not found."},{"location":"api/container/query-alerts/#example","title":"Example","text":"Curl request:
curl \\\n -X GET 'https://api.infrasonar.com/container/123/alerts?fields=ks,message,severity,ownerId' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'\n
Response:
[\n {\n \"ks\": \"<a-unique-key-string>\",\n \"message\": \"Initial message of the alert\",\n \"severity\": 3,\n \"ownerId\": null\n }\n]\n
"},{"location":"api/container/query-assets/","title":"Query container assets","text":"GET /container/<containerId>/assets?fields=...
"},{"location":"api/container/query-assets/#description","title":"Description","text":"Query all assets for a given container. (removed assets are not included).
"},{"location":"api/container/query-assets/#path-parameters","title":"Path parameters","text":"Param Description containerId Container Id."},{"location":"api/container/query-assets/#query-parameters","title":"Query parameters","text":"Param Default Description fields id Fields to return (see fields below for all available fields). collectors none Collector fields. If at least one field is given, the result will include \"collectors\" with an array of collector objects (see Collectors below for all available collector fields). kind none Only assets with the given kind (e.g kind=Windows). not-kind none Only assets with another kind than the given kind (e.g not-kind=Asset). mode none Only assets with the given mode (e.g mode=normal). not-mode none Only assets with another mode than the given mode (e.g not-mode=disabled). collector none Only assets with the given collector (e.g collector=tcp). not-collector none Only assets without the given collector (e.g not-collector=wmi). label none Only assets with the given label Id (e.g label=123). not-label none Only assets without the given label Id (e.g not-label=456)."},{"location":"api/container/query-assets/#fields","title":"Fields","text":"Field Return type Description id integer Asset Id. container integer Asset container Id (Equal to containerId). name string Asset name. kind string One of the kinds (see set-kind api) description string Asset description. mode string One of normal, maintenance or disabled. labels array(integer) List with label Ids. disabledChecks array(object) List with check objects. Each check object contains a collector and check property, both with the key as value."},{"location":"api/container/query-assets/#collectors","title":"Collectors","text":"Collector field Return type Description key string Collector key. name string Collector name. kind string One of agent, probe or service. config object/null Configuration for the collector if config exists."},{"location":"api/container/query-assets/#return-codes","title":"Return codes","text":"Error code Reason 200 Success. 400 Unknown field. 401 Invalid or missing token. 403 Insufficient permissions (required: API+READ). 404 Container not found."},{"location":"api/container/query-assets/#example","title":"Example","text":"Curl request:
curl \\\n -X GET 'https://api.infrasonar.com/container/123/assets?fields=id,name,mode' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'\n
Response:
[\n {\n \"id\": 123,\n \"name\": \"my-host.local\",\n \"mode\": \"normal\"\n }\n]\n
"},{"location":"api/container/query-collectors/","title":"Query container collectors","text":"GET /container/<containerId>/collectors?fields=...
"},{"location":"api/container/query-collectors/#description","title":"Description","text":"Query all collectors for a given container. (only enabled collectors are included).
"},{"location":"api/container/query-collectors/#path-parameters","title":"Path parameters","text":"Param Description containerId Container Id."},{"location":"api/container/query-collectors/#query-parameters","title":"Query parameters","text":"Param Default Description fields key Fields to return (see fields below for all available fields). options none Option fields. If at least one field is given, the result will include \"options\" with an array of option objects (see Options below for all available option fields)."},{"location":"api/container/query-collectors/#fields","title":"Fields","text":"Field Return type Description key string Collector Id. name string Collector name. kind string One of agent, probe or service. info string Collector info. min-version string Minimal required version for the collector."},{"location":"api/container/query-collectors/#options","title":"Options","text":"Option field Return type Description key string Option key. name string Option name. info string Option info. type string One of Bool, Int, Float, String, ListBool, ListInt, ListFloat or ListString. default any Default value (The default value is not guaranteed to pass the validation function)."},{"location":"api/container/query-collectors/#return-codes","title":"Return codes","text":"Error code Reason 200 Success. 400 Unknown field. 401 Invalid or missing token. 403 Insufficient permissions (required: API+READ). 404 Container not found."},{"location":"api/container/query-collectors/#example","title":"Example","text":"Curl request:
curl \\\n -X GET 'https://api.infrasonar.com/container/123/collectors?fields=key,kind&options=key,type,default' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'\n
Response:
[\n {\n \"key\": \"wmi\",\n \"kind\": \"probe\",\n \"options\": [\n {\n \"key\": \"address\",\n \"type\": \"String\",\n \"default\": \"\",\n }\n ]\n }\n]\n
"},{"location":"api/container/query-id/","title":"Query container Id","text":"GET /container/id
"},{"location":"api/container/query-id/#description","title":"Description","text":"Query a container Id by token. This route only works with a container token.
"},{"location":"api/container/query-id/#path-parameters","title":"Path parameters","text":"none
"},{"location":"api/container/query-id/#query-parameters","title":"Query parameters","text":"none
"},{"location":"api/container/query-id/#return-codes","title":"Return codes","text":"Error code Reason 200 Success. 401 Invalid or missing token. 403 Insufficient permissions (required: API)."},{"location":"api/container/query-id/#example","title":"Example","text":"Curl request:
curl \\\n -X GET 'https://api.infrasonar.com/container/id' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'\n
Response:
{\n \"containerId\": 123\n}\n
"},{"location":"api/container/query/","title":"Query container","text":"GET/container/<containerId>?fields=...
"},{"location":"api/container/query/#description","title":"Description","text":"Query container details.
"},{"location":"api/container/query/#path-parameters","title":"Path parameters","text":"Param Description containerId Container Id."},{"location":"api/container/query/#query-parameters","title":"Query parameters","text":"Param Default Description fields all fields Fields to return (see fields below for all available fields)."},{"location":"api/container/query/#fields","title":"Fields","text":"Field Return type Description id integer Container Id. name string Container name. timezone string Container time-zone. mode string One of normal, maintenance or disabled."},{"location":"api/container/query/#return-codes","title":"Return codes","text":"Error code Reason 200 Success. 400 Unknown field. 401 Invalid or missing token. 403 Insufficient permissions (required: API+READ). 404 Container not found."},{"location":"api/container/query/#example","title":"Example","text":"Curl request:
curl \\\n -X GET 'https://api.infrasonar.com/container/123' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'\n
Response:
{\n \"id\": 123,\n \"mode\": \"normal\",\n \"name\": \"My Container\",\n \"timezone\": \"Europe/Amsterdam\"\n}\n
"},{"location":"api/container/set-mode/","title":"Set container mode","text":"PATCH /container/<containerId>/mode
"},{"location":"api/container/set-mode/#description","title":"Description","text":"Set the container mode. Success (204) is also returned when the container was already in the desired mode.
"},{"location":"api/container/set-mode/#path-parameters","title":"Path parameters","text":"Param Description containerId Container Id."},{"location":"api/container/set-mode/#query-parameters","title":"Query parameters","text":"none
"},{"location":"api/container/set-mode/#body","title":"Body","text":"Param Type Required Description mode string Yes One of normal, maintenance or disabled."},{"location":"api/container/set-mode/#return-codes","title":"Return codes","text":"Error code Reason 204 Success. 400 Invalid body. 401 Invalid or missing token. 403 Insufficient permissions (required: API+ASSET_MANAGEMENT). 404 Container not found. 409 Too many open alerts. (mode \"normal\" is only allowed with less than 500 open alerts)"},{"location":"api/container/set-mode/#example","title":"Example","text":"Curl request:
curl \\\n -X PATCH 'https://api.infrasonar.com/container/123/mode' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' \\\n -H 'Content-Type: application/json' \\\n --data-raw '{\n \"mode\": \"maintenance\"\n}'\n
"},{"location":"api/label/query/","title":"Query label","text":"GET/label/<labelId>?fields=...
"},{"location":"api/label/query/#description","title":"Description","text":"Query label details.
"},{"location":"api/label/query/#path-parameters","title":"Path parameters","text":"Param Description labelId Label Id."},{"location":"api/label/query/#query-parameters","title":"Query parameters","text":"Param Default Description fields all fields Fields to return (see fields below for all available fields)."},{"location":"api/label/query/#fields","title":"Fields","text":"Field Return type Description id int Label Id. name string Label name. color string One of Steel, Olive, Mauve, Emerald, Orange, Magenta or InfraSonarBlue. description string Label description."},{"location":"api/label/query/#return-codes","title":"Return codes","text":"Error code Reason 200 Success. 400 Unknown field. 401 Invalid or missing token. 403 Insufficient permissions (required: API+READ). 404 Label not found."},{"location":"api/label/query/#example","title":"Example","text":"Curl request:
curl \\\n -X GET 'https://api.infrasonar.com/label/123?fields=name,color' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'\n
Response:
{\n \"name\": \"windows\",\n \"color\": \"InfraSonarBlue\"\n}\n
"},{"location":"api/reporting/get-report/","title":"Download report","text":"GET/reporting/<reportingId>/report/"},{"location":"api/reporting/get-report/#description","title":"Description","text":"
Download a report.
"},{"location":"api/reporting/get-report/#path-parameters","title":"Path parameters","text":"Param Description reportingId Reporting Id. reportId Report Id. (can be found using the reporting API)."},{"location":"api/reporting/get-report/#return-codes","title":"Return codes","text":"Error code Reason 200 Success. 401 Invalid or missing token. 403 Insufficient permissions (required: API+REPORTING_VIEW). 404 Reporting not found. XXX Other errors may occur when the report is not available for download."},{"location":"api/reporting/get-report/#example","title":"Example","text":"Curl request:
curl \\\n -X GET 'https://api.infrasonar.com/reporting/123/report/123' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'\n
The result contains either a PDF, XLSX or JSON file, depending on the report type.
"},{"location":"api/reporting/query/","title":"Query reporting","text":"GET/reporting/<reportingId>?fields=...
"},{"location":"api/reporting/query/#description","title":"Description","text":"Query reporting details.
"},{"location":"api/reporting/query/#path-parameters","title":"Path parameters","text":"Param Description reportingId Reporting Id."},{"location":"api/reporting/query/#query-parameters","title":"Query parameters","text":"Param Default Description fields all fields Fields to return (see fields below for all available fields). reports none Report fields. If at least one field is given, the result will include \"reports\" with an array of report objects (see Reports below for all available report fields)."},{"location":"api/reporting/query/#fields","title":"Fields","text":"Field Return type Description id int Reporting Id. name string Reporting name. kind string One of AlertsNotificationsReport, StateDataReport, ChartDataReport, ConditionReport. content string One of PDF, JSON, XLSX. repeat string/null One of Daily, Weekly, Monthly or null when this is a one-time reporting."},{"location":"api/reporting/query/#reports","title":"Reports","text":"Field Return type Description id int Report Id. size int Report size in bytes. start string Start time of the report. For example, a monthly report for March 2023 will return 2023-03-01T00:00:00+0100. success bool This is true if the report was successful, else false."},{"location":"api/reporting/query/#return-codes","title":"Return codes","text":"Error code Reason 200 Success. 400 Unknown field. 401 Invalid or missing token. 403 Insufficient permissions (required: API+REPORTING_VIEW). 404 Reporting not found."},{"location":"api/reporting/query/#example","title":"Example","text":"Curl request:
curl \\\n -X GET 'https://api.infrasonar.com/reporting/123?fields=name,kind&reports=id,start' \\\n -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'\n
Response:
{\n \"name\": \"My report\",\n \"kind\": \"StateDataReport\",\n \"reports\": [\n {\n \"id\": 123,\n \"start\": \"2023-03-01T00:00:00+0100\"\n }\n ]\n}\n
"},{"location":"application/","title":"Index","text":""},{"location":"application/#infrasonar-web-application","title":"InfraSonar web application","text":"The InfraSonar web application allows user to access the monitoring data and maintain their InfraSonar platform given their account has sufficient permissions.
The menu on the left reflects the InfraSonar application menu for easy reference.
If you can't find the information you are looking for feel free to contact support
"},{"location":"application/agentcores/","title":"Agentcores","text":""},{"location":"application/agentcores/#agentcores","title":"Agentcores","text":"It this panel you can see the status of the Agentcores deployed for a container.
"},{"location":"application/agentcores/#removing-a-agentcore","title":"Removing a Agentcore","text":"With the proper autorotation it is possible to remove an Agentcore here.
Proceed with caution
Removing an Agentcore without having a secondary agentcore in the same zone can seriously impact the availability of your monitoring solution.
"},{"location":"application/alerts/","title":"Alerts","text":""},{"location":"application/alerts/#alerts","title":"Alerts","text":"Alerts are raised by conditions using the return statement in our condition edition.
Using rules it is possible to route the alert to email or DutyCalls.
"},{"location":"application/alerts/#viewing-alerts","title":"Viewing alerts","text":"When you are in a container view (1) you can view the alerts and notifications in the Alerts & Notifications page (2)
This view shows:
- Open alerts (3)
- Closed alerts (4)
- Notifications (5)
"},{"location":"application/alerts/#open-alerts","title":"Open alerts","text":"The open alerts (3) pane shows a list (6) of all open alerts and its status.
When you click the show details button the details pane opens.
- Add message, allows you to add a message to the alert; this might be useful to inform coworkers.
- Assign alert, allows you to assign the alert to yourself or another member of this container.
- Close alert, closes the alert; when the issue is not resolved, the issue is reopened and automatically assigned to the user who closed the alert.
- Refresh, refreshes the alert pane.
"},{"location":"application/alerts/#closed-alerts","title":"Closed alerts","text":"The closed alerts pane (4) shows a list of closed alerts.
"},{"location":"application/alerts/#notifications","title":"Notifications","text":"The closed alerts pane (5) shows a list of all open notifications (6).
Notification are used to notify InfraSonar users of issues with the monitoring platform they offer a clear distinction between actual \"Alerts\" and when monitoring is failing.
Notifications disappear when the issue is resolved, users can't close a notification only the system can once the issue is resolved. As such all notifications should be handled as an indication that something is wrong with monitoring.
Good to known
Notifications are not the result of a\u00a0condition. The only notifications which are raised by incoming data, are the check errors. These are not\u00a0conditions\u00a0but errors which directly result in a notification.
"},{"location":"application/alerts/#managing-alerts","title":"Managing alerts","text":""},{"location":"application/alerts/#closing-alerts","title":"Closing alerts","text":"There are three ways an alert gets closed:
- User close, an end users closed the alert;
- auto close, the condition is configured to close the alert if the issue is resolved;
- indirect close, the relation between the condition and asset is removed:
- When the asset is removed from the condition (e.g. removing the label applying the condition);
- When the check triggering the condition is disabled;
- When the asset is removed.
Auto close caveat
it is possible that an auto close fails when the item triggering the alert no longer exists upon a new check result. This can happen for example when you create a condition on cpu usage in a list of processes, if you then kill the process InfraSonar will never see this item again. When this happens you need to close the alert manually.
"},{"location":"application/assets/","title":"Assets","text":""},{"location":"application/assets/#assets","title":"Assets","text":"Assets are in essence the monitored objects in an InfraSonar implementation. Assets can be IT components such as routers, switches, servers etc but can easily also consists of any other device which can be monitored such as elevators , IOT devices , etc.
"},{"location":"application/assets/#add-asset","title":"Add asset","text":"When you are in the assets view you can add a new asset using the Add asset button.
"},{"location":"application/assets/#asset-configuration","title":"Asset configuration","text":"Configuring an asset involves the following steps:
- Enter an asset name. We strongly suggest entering the correct hostname in FQDN format here, but do not enforce this.
- Enter an optional description.
- Select the mode. This is usually normal, see our mode documentation for more details
- Select the zone. This is usually 0, see our zone documentation for more details
- Select the collectors you want to use.
- Enter the correct labels for this asset.
Advanced asset configuration and credentials
Some collectors require a more advanced configuration or credentials to be setup on the appliance running the collector. See our credentials section if this applies to your setup.
"},{"location":"application/assets/#adding-multiple-assets","title":"Adding multiple assets","text":"When there is a need to add multiple assets at once we suggest using our api
"},{"location":"application/assets/#asset-usage","title":"Asset usage","text":""},{"location":"application/assets/#overview","title":"Overview","text":"Provides an overview of the asset.
Using the pencil icon you can edit this asset.
"},{"location":"application/assets/#effective","title":"Effective","text":"Shows the effective conditions for this asset.
This overview shows all conditions configured for this asset. A condtion can have three states:
- Active, this condition is actively being evaluated.
- Disabled, the condition is disabled on this asset. You can disable a condition by clicking the condition name and toggle the condition in the lower left corner of the modal:
- Dormant, there is no data for which this condition is applicable.
"},{"location":"application/assets/#open","title":"Open","text":"All open alerts for this asset.
"},{"location":"application/assets/#closed","title":"Closed","text":"All closed alerts for this asset.
"},{"location":"application/assets/#notifications","title":"Notifications","text":"All notifications for this asset.
"},{"location":"application/assets/#collectors","title":"Collectors","text":"A detailed view off all collected data per collector.
"},{"location":"application/assets/#more","title":"More","text":"Here you can jump to:
- Forecasts, manage forecasts for this asset. You van view the generated forecasts here and drop forecasts when it is needed to regenerate a forecast.
- History, show all logged actions for this asset.
- Schedule, manage the mode schedule for this asset.
- Statistics, alert statistics for this asset
- Time series, manage time series for this asset.
"},{"location":"application/child_containers/","title":"Child containers","text":""},{"location":"application/child_containers/#child-containers","title":"Child containers","text":"InfraSonar containers are a hierarchial setup of you monitored infrastructure.
A container can contain monitored assets and/or sub-containers.
Depending on your access level the following can be configured at container level:
- Authorization
- Labels
- Conditions.
- Collectors
- Billing
- Modes
- Timezone
"},{"location":"application/child_containers/#hierarchy","title":"Hierarchy","text":""},{"location":"application/child_containers/#principles","title":"Principles","text":"Authorization is inherited to \"lower\" containers. Inheritance can be \"broken\" down the chain.
"},{"location":"application/child_containers/#infrasonar-hierarchical-setup","title":"InfraSonar hierarchical setup","text":"graph LR\n A[InfraSonar] --> B[container];\n B -->C((assets));\n A -->D[container];\n D -->E[container];\n D -->F[container];\n E -->G((assets));\n F -->H((assets));\n A -->I[container];\n I -->J((assets));\n I -->K[container];\n K -->L[container];\n L -->N[container];\n L -->O((assets));\n N -->S((assets));
Hierarchy implementation for a service provider graph LR\n A[InfraSonar] --> B[service provider];\n B --> C[internal infrastructure]\n B --> D[monitoring only]\n B --> E[managed service]\n C --> F((assets))\n D --> customer1[customer 1]\n D --> customer2[customer 2]\n customer1 --> I((assets))\n customer2 --> J((assets))\n E --> customer3[customer 3]\n customer3 --> K((assets))\n E --> customer4[customer 4]\n customer4 --> L((assets))\n E --> customer5[customer 5]\n customer5 --> M[development]\n customer5 --> N[acceptance]\n customer5 --> O[production]\n M --> Q((assets))\n N --> R((assets))\n O --> S((assets))
"},{"location":"application/child_containers/#setup-a-new-container","title":"Setup a new container","text":"Note
When you are new to InfraSonar and sign in for the first time, you will see the message:
Welcome to InfraSonar! It appears that you are not yet a member of an InfraSonar container. If you are a member of an organization that uses InfraSonar, ask for permission from an authorized person to add you to the relevant container. Otherwise, request a free demo via the website!
From the container view, you can add a new child container.
InfraSonar add container - When you are in asset view you can use the child containers button to switch to child container view;
- Click the add container button;
- Enter a name for your container;
- Select the mode, this is usual normal;
- Select the timezone for this container;
- CLick save.
"},{"location":"application/collectors/","title":"Collectors","text":""},{"location":"application/collectors/#collectors","title":"Collectors","text":"Collectors can be turned of on container level here.
"},{"location":"application/collectors/#propagation","title":"Propagation","text":" - When turning a collector on or off existing children are not affected.
- Newly created children will inherit the configuration from it's parent.
"},{"location":"application/collectors/#usage","title":"Usage","text":"This feature can be used to control which collectors are available on a container.
Disabling unused collectors avoids mistakes and also unclutters the UI.
"},{"location":"application/conditions/","title":"Conditions","text":""},{"location":"application/conditions/#conditions","title":"Conditions","text":"Check results sent to the InfraSonar cloud platform are immediately evaluated using the conditions configured for the specific asset.
InfraSonar comes with many predefined conditions based on years of experience and best practices.
"},{"location":"application/conditions/#managing-conditions","title":"Managing conditions","text":"Conditions are assigned to an asset using labels.
In order to manage conditions you need to have the ContainerAdmin role on the container you want to manage conditions for.
"},{"location":"application/conditions/#operational","title":"Operational","text":"A hit condition returns a message and a severity.
The following severity can be returned:
Severity 1 Description EMERGENCY System is unusable. ALERT Action must be taken immediately. CRITICAL Critical conditions. ERROR Error conditions. WARNING Warning conditions. NOTICE Normal but significant conditions. INFORMATIONAL Informational. DEBUG Messages that contain information normally of use only when debugging. OK This is an explicit OK which results in an alert auto closing when hit."},{"location":"application/conditions/#turn-off-conditions","title":"Turn off conditions","text":"Conditions can be turned of per asset of on a container.
-
Our severity levels are derived from the Syslog levels, see this Syslog wikipedia article for additional information.\u00a0\u21a9
"},{"location":"application/conditions_editor/","title":"Conditions editor","text":""},{"location":"application/conditions_editor/#conditions","title":"Conditions","text":" Under construction
Check results sent to the InfraSonar cloud platform are immediately evaluated using the conditions configured for the specific asset.
InfraSonar comes with many predefined conditions based on years of experience and best practices.
In order to manage conditions you need to have the ContainerAdmin role on the container you want to manage conditions for.
"},{"location":"application/conditions_editor/#managing-conditions","title":"Managing conditions","text":"While our condition editor might feel intimidating at first glance, it is potent. We urge you to look at our predefined conditions for inspiration and a deeper understanding.
"},{"location":"application/conditions_editor/#general-tab","title":"General tab","text":"Name
The name you want to use for your condition, we suggest a short descriptive name.
Description
use the description to provide a short description of the purpose and usage of the condition.
Collector
Select the path to the data you want this condition.
For probes this is: Collector, Check, Type
Condition kind
We identify three kind of Conditions:
Kind Description EXPRESSION Detailed expression used to evaluate the check result. ITEMS MUST EXIST Used to detect items which must exist. ITEMS_MISSING Used to detect items missing compared to the previous check result. Ticks
The number of times this condition must be hit in a row before an actual alert will be raised.
Note
Ticks can not be set for the condition kind ITEMS_MISSING as this compares with a previous check result.
Single alert
Gathers up all alerts into a single alert per asset. When disabled, each item will be tested and may raise an alert.
"},{"location":"application/conditions_editor/#labels-tab","title":"Labels tab","text":"In this tab you configure for which labels the condition is active.
"},{"location":"application/conditions_editor/#items-tab","title":"Items tab","text":"This tab allows you to set the severity and specify for which items this conditions is a active in case of ITEMS MUST EXIST or which items this condition should exclude in the case of ITEMS_MISSING
"},{"location":"application/conditions_editor/#items-must-exist","title":"Items must exist","text":"All items will be checked for existence by the given list or regular expression.
- Condition will be executed when added to an asset or when the condition has been changed.
- Auto-close is always enabled.
- The item list or regular expression work as \"include\" by the item.name property.
- When a list is used, all items in the list must exist otherwise the condition is hit.
- When a regular expression is used, at least one item must match with the given regular expression otherwise the condition is hit.
"},{"location":"application/conditions_editor/#items-missing","title":"Items missing","text":"All items will be compared towards the previous items. If one (or more) items is missing which is not excluded by either the item list or regular expression, the condition is hit.
- Will re-run when added to an asset or when the condition has changed.
- Open alerts will never auto-close. Note that they can be closed indirectly, for example when the condition or check is removed from an asset.
- The item list or regular expression work as \"exclude\" by the item.name property.
- When a list is used, the items in the list will be ignored when missing.
- When a regular expression is used, an item match will ignore the item when missing.
enodo.metric.upper lower value (+aggregation mix)
"},{"location":"application/conditions_editor/#expression-tab","title":"Expression tab","text":"InfraSonar uses a powerful expression language that allows for precise and tailored conditions.
Each item is processed by the given expression. If new is used in the expression, it is best practice not to use return OK in the expression as auto close does not make sense. This is because an item will only be new once. - Condition will be executed when added to an asset or when the condition has been changed, unless prev (previous item) is used in the expression. When prev is used, only when new data is received the condition will evaluate again. - return OK -> Success, Auto-close open alert if there is one. - return -> Success, Do not auto-close an open alert if there was one. - return ERROR, \"...\" -> return with severity and optional message. (ERROR might be INFO, CRITICAL etc.)
Example expression
// alert message template\nvar.template = \"\nCertificate almost expires!\nname: @item.name\nexpires in: @item.expiresIn seconds\n\"\n\ncase item.expiresIn < 604_800: \n // Certificate will expire in less than 7 days\n return WARNING, var.template\n\ncase item.expiresIn < 1_209_600: \n // Certificate will expire in less than 14 days\n return NOTICE, var.template\n\ncase \"organisationName=Let's Encrypt\" in item.issuer:\n // Skip less than 28 days for Let's Encrypt certificates\n return OK \n\ncase item.expiresIn < 2_419_200: \n // Certificate will expire in less than 28 days\n return INFORMATIONAL, var.template\n\n// this add's autoclose\nreturn OK\n
"},{"location":"application/conditions_editor/#case-statement","title":"case statement","text":"The case statement is
case new
"},{"location":"application/conditions_editor/#return-statement","title":"return statement","text":"return <severity>, <message>
The return statement is used to return the severity and a message.
return without any parameters is also possible.
severity
Severity 1 Description EMERGENCY System is unusable. ALERT Action must be taken immediately. CRITICAL Critical conditions. ERROR Error conditions. WARNING Warning conditions. NOTICE Normal but significant conditions. INFORMATIONAL Informational. DEBUG Messages that contain information normally of use only when debugging. OK This is an explicit OK which results in an alert auto closing when hit. Severity usage
InfraSonar pre-defined conditions only the severity levels CRITICAL, ERROR, WARNING & NOTICE.
We advice to use ALERT & EMERGENCY for your specific use cases; EMERGENCY could for example be used to send notifications to a 24x7 DutyCalls channel where ALERT is send to a DutyCalls channel used for non weekends and holidays.
message
The message can be a string message including variable substitution. E.g. My @item.name
-
Our severity levels are derived from the Syslog levels, see this Syslog wikipedia article for additional information.\u00a0\u21a9
"},{"location":"application/containers/","title":"Containers","text":""},{"location":"application/containers/#containers","title":"Containers","text":"The containers view shows the hierarchy of containers and allows you to configure the container mode and timezone.
You also move containers within the hierarchy within this view and renew containers.
In this view you can also add/remove columns to show you:
- Container Id
- Container name
- Number of Assets
- Number of Unassigned alerts
- Number of Assigned alerts
- Number of Notifications
- Mode
- Timezone
A container can contain a maximum of 2.000 assets.
If you have the need to add more assets please reach out to support so we can discuss potential solutions.
"},{"location":"application/credits/","title":"Credits","text":""},{"location":"application/credits/#credits","title":"Credits","text":"On the credits page you can find the \"in use\" credits and \"available\" credits for a container and it's children.
You can drill-down per container to retrieve detailed usage:
"},{"location":"application/dashboard/","title":"Dashboard","text":""},{"location":"application/dashboard/#dashboard","title":"Dashboard","text":"The dashboard gives an overview of all unassigned alerts and notifications per configured container and can be used to display on a central display.
When you open the dashboard for the first time or in a new browser session you are created by a setup wizard. See our Dashboard setup paragraph how to setup you dashboard but first have a look on at our dashboard concept as this helps you decide on how to setup your dashboard.
Raspberry Pi dashboard server
See our Raspberry Pi guide on how we have setup our autonomous dashboards using a couple of Raspberry Pi's.
"},{"location":"application/dashboard/#dashboard-overview","title":"Dashboard overview","text":"Our dashboard consists of two main sections:
- Graphical container overview
- Unassigned alerts
"},{"location":"application/dashboard/#graphical-container-section","title":"Graphical container section","text":" - The outer circle show all alerts
- Assigned alerts are colored in a blue tint
- The inner circle shows all notifications
"},{"location":"application/dashboard/#unassigned-alerts-section","title":"Unassigned alerts section","text":"The section shows all unassigned alerts sorted by time of creation.
"},{"location":"application/dashboard/#dashboard-setup","title":"Dashboard setup","text":"You can edit the dashboard using the icon.
- Select which section you want to show.
- Select an optional screen division if you have chosen to use multiple sections
- Select the containers you want to display on this dashboard
Configuration
The dashboard configuration is stored in the users profile. This allows you to change a wall mounted dashboard easily by looging in as the user used to display the dashboard.
"},{"location":"application/home/","title":"Home","text":""},{"location":"application/home/#home","title":"Home","text":"The home screen gives you a personalized overview of alerts assigned to you, containers, access and favorites.
Future improvements ahead
In the future we will make it possible to adapt the home screen to your needs.
"},{"location":"application/labels/","title":"Labels","text":""},{"location":"application/labels/#labels","title":"Labels","text":""},{"location":"application/labels/#purpose","title":"Purpose","text":"Grouping, labels can be added to hosts to group and identify them quickly.
Apply conditions, Labels are also used to control which conditions are active.
Glue
Labels \"glue\" conditions onto hosts.
graph LR\n condition1[Condition] --- label; \n condition2[Condition] --- label; \n condition3[Condition] --- label; \n label{{Label}} --- host1[Host];\n label --- host2[Host];\n label --- host3[Host];
"},{"location":"application/labels/#how-to-use","title":"How to use","text":"Labels can be assigned to hosts either by editing a host or by selecting one or more hosts and using the action menu.
Action menu in action"},{"location":"application/labels/#custom-labels","title":"Custom labels","text":"InfraSonar container admins can create custom labels for a container.
InfraSonar add label Pro Tip
As must browsers support emoji it is possible to use these in your labels. Examples:
- The round pushpin \ud83d\udccd to indicate labels used for locations.
\ud83d\udccd InfraSonar HQ - Bust in Silhouette \ud83d\udc64 to indicate labels used for to indicate who is responsible for an asset.
\ud83d\udc64 C.E. Shannon
- Navigate to the labels page () in the left navigation drawer;
- Click the Add label button;
- Enter a name (1);
- Pick a color (2): Steel Olive Mauve Emerald Orange Magenta InfraSonar-blue, (reserved for InfraSonar labels)
- Enter a description(3).
"},{"location":"application/labels/#predefined-labels","title":"Predefined labels","text":"InfraSonar has created labels that, when applied to an asset with the appropriate collector, monitor the asset using best practices.
"},{"location":"application/log/","title":"Log","text":""},{"location":"application/log/#log","title":"Log","text":"In It this panel you can see the logging of all user actions in the ui.
"},{"location":"application/modes/","title":"Modes","text":""},{"location":"application/modes/#modes","title":"Modes","text":"Modes can be used to temporary change the monitoring operation on a container or an asset or group of assets.
We identify the following modes within the InfraSonar application:
mode description normal normal operations, all conditions are evaluated. maintenance All asset notifications and alert messages suppressed disabled All data send by an agent for this asset is ignored. Any probes / checks configured for this asset are stopped. Modes in day to day operations
Modes are a powerful instrument when performing maintenance on assets as it allows on easy way to temporary stop the monitoring avoiding being flood with messages.
"},{"location":"application/modes/#mode-operations","title":"Mode operations","text":""},{"location":"application/modes/#container","title":"Container","text":"Modes can be set on container level. Effectively changing the mode for all assets in the container.
Changing the mode on a container can be done using our a schedular or in the container view.
"},{"location":"application/modes/#asset","title":"Asset","text":"Changing the mode on an asset can be done while editing an asset or scheduled
"},{"location":"application/modes/#api","title":"API","text":"It is also possible to change the mode using our API:
- Change mode on a asset
- Change mode on a container
"},{"location":"application/profile/","title":"Profile","text":""},{"location":"application/profile/#profile-menu","title":"Profile menu","text":"In the top right corner you can find individual settings to configure your profile.
"},{"location":"application/profile/#access","title":"Access","text":"The access menu option shows you which containers your account has access to. Your personal access tokens are also managed here.
InfraSonar profile - access Permissions Here you can lookup your InfraSonar permissions per container :
- The Container column shows the container;
- The Permissions column shows the configured permissions for this container;
- The From column shows in the permissions were configured on the container or where inherited from a parent container.
Tokens You will also configure your personal access tokens here.
Keep tokes personal
Tokens configured here are personal and represent you.
"},{"location":"application/profile/#alerts","title":"Alerts","text":"Any alerts assigned to you can be found here.
"},{"location":"application/profile/#messages","title":"Messages","text":"InfraSonar system-wide announcements and messages can be found here.
These provide a valuable insight into new releases, planned maintenance windows etc.
"},{"location":"application/profile/#status","title":"Status","text":"You can set your status to mute avoiding InfraSonar from sending any notification to you.
Mute stops also rules
Any rules sending you direct messages (SMS, email, WhatsApp and voice) are alo muted.
You can create a schedule to set your status automatically.
"},{"location":"application/profile/#profile","title":"Profile","text":"Your profile details
InfraSonar profile - profile Name Your display name as provided by your authentication provider. Email Your email address as provided by your authentication provider. Note, we will send messages and email notifications configured in rules to this address. Phone If you want to use WhatsApp, SMS and/or voice notifications in rules you need to configure your mobile phone number here. Dark theme Choice the dark side here. Display my email address to other users in my containers Makes your email address visible to other container users. Receive messages in your email When disabled InfraSonar messages will no longer be send via email"},{"location":"application/profile/#dashboard","title":"Dashboard","text":"Your personal dashboard can be configured here.
Any settings made to the dashboard are stored in you user profile and will be reflected in all logged on sessions. This can be useful for managing wall-boards.
"},{"location":"application/profile/#sign-out","title":"Sign out","text":"Sign out of InfraSonar.
"},{"location":"application/reporting/","title":"Reporting","text":""},{"location":"application/reporting/#reporting","title":"Reporting","text":""},{"location":"application/reporting/#overview","title":"Overview","text":""},{"location":"application/reporting/#kinds","title":"Kinds","text":"We identify these three reporting kinds:
- Alerts and notifications
- State data
- Condition
"},{"location":"application/reporting/#time-schedule","title":"Time schedule","text":"here you can pick the unit of time you want to use as data-window for your report:
And pick for which period you want the report.
Optionally you can choose to repeat the report daily, weekly or monthly.
Tips
Editing Editing is only possible for repeating reports. One-off reports can be cloned to be run again using other parameters.
Planning ahead It is possible to schedule reports in the future, we advise to enable notifications when doing so.
State data Quering state data is due to its nature not possible over a period of time.
"},{"location":"application/reporting/#data","title":"Data","text":"here you can use three filter levels to fine grain which assets are returned in your report.
- Asset kind filterYou can opt to limit your report to a specific asset kind.
- Container filterAllows you to select for which containers you want the report
- Label filterAllows you to filter for which labels you want the report
"},{"location":"application/reporting/#alerts-and-notifications","title":"Alerts and notifications","text":"Creates a pdf report containing an overview of the alerts and notifications for the selected assets in the selected time frame.
"},{"location":"application/reporting/#state-data","title":"State data","text":"You can query state data by entering the \"path\" towards the data: Collector \u2192 Check \u2192 Type
State data reports can be useful to periodically retrieve data for keeping your CMDB up to date.
"},{"location":"application/reporting/#example","title":"Example","text":"Say you want weekly report containing all relevant certificate information from our tcp-probe
- collector:
tcp - Check:
certificates - Type:
sslCert
Next you can select which metrics should be in your report, default we add all metrics.
Last step is to specify how you want to receive the data, we support json and xlsx and allow you format the values for better readability or keep them for better processing.
"},{"location":"application/reporting/#condition","title":"Condition","text":"A condition report can be used to report when an alerts is opened on a specific condition.
This report shows the following information:
- Container Id
- Container Name
- Asset Id
- Asset Name
- Message
- Severity
- Created on
- Last message
- Last severity
- Last hit
- Owner
- Last action
- Last action datetime
- Last action username
- Last action message
- Closed
Tip
When you subtract last hit from the created on date you get the duration.
"},{"location":"application/rules/","title":"Rules","text":""},{"location":"application/rules/#rules","title":"Rules","text":"Rules are a great way to configure external notifications for end-users.
Rules can be setup for a group of conditions and assets and route messages to either SMS, WhatsApp, Email, a webhook or even a voice call.
Setup you phone number
Before we can send a message using SMS or WhatsApp to your phone we need to know your phone number. Your can manage your phone number in your profile.
"},{"location":"application/rules/#prerequisites","title":"Prerequisites","text":"If you want to use SMS, WhatsApp or voice calls it is important to note that every time the rule is triggered this will cost one credit which will count against your monthly billed credits.
Users with the privilege RuleManagement can setup any rules, even for other users.
The privilege RuleEmail allows users to manage there own email rules while RulePhone allows users to manage their own SMS, WhatsApp or voice calls.
It is important though that for each user who wants to use SMS, WhatsApp or voice calls their number must be setup in their profile.
"},{"location":"application/rules/#configuring-alert-rules","title":"Configuring alert rules","text":"Ask your users to setup their phone number
If toBefore we can send a message using SMS or WhatsApp to your phone we need to know your phone number. Your can manage your phone number in your profile.
The next paragraphs outline each of the tabs when configuring rules.
"},{"location":"application/rules/#general","title":"General","text":"To start, select how you'd like this rule to notify you by selecting a rule kind :
- Email
- webhook
- SMS
- VoiceCall
- WhatsApp
For webhooks some additional options can be configures, see our webhook documentation for the specific details.
When configuring SMS, VoiceCall or WhatsApp we urge you to test the communication using the test button to ensure your desired way of communication is working.
Next step is to configure a user for whom this rule is applicable.
Set a description for this rule, your future self and colleagues will thank you later.
Last choose in this section is for which severity level you want to be notified.
Choose your severity level wisely
Choosing a lower level notifies you also about the more urgent levels. So if you choose Critical you will also be notified when an Alert or Emergency level is hit. To avoid unexpected costs and messages flooding you choosing the correct severity levels requires some careful consideration, if in doubt don't hesitate to contact support
"},{"location":"application/rules/#condition","title":"Condition","text":"In this section you choose for which conditions you want this rule to be active or not.
You can choose to exclude or include specific conditions this rule to applies to.
"},{"location":"application/rules/#asset","title":"Asset","text":"Select the label you want to use to specify for which assets this rule applies, if you don't select a label this rule will apply to all assets in the container.
When a label a selected we will show a list of assets for which this rule applies.
"},{"location":"application/rules/#schedule","title":"Schedule","text":"Adding a schedule is only possible once the rule has been saved.
Click Add schedule to add a schedule.
"},{"location":"application/rules/#configuring-notification-rules","title":"Configuring notification rules","text":"Configuring notification rules is similar to configuring alert rules.
The main difference between notification rules and alert rules is that notification rules specify on specific notifications you want the rule to be applied for, while alert rules specify which conditions and assets will trigger an alert.
Configuring which notification are handled by this rule is done in the kind tab. Here you can select if you want to exclude or include one or more notification kinds
"},{"location":"application/schedule/","title":"Schedule","text":""},{"location":"application/schedule/#schedule","title":"Schedule","text":"Our schedular allows you to schedule a mode change on a specific time or at specific intervals for a container.
The schedule option is also available for a single asset and can be found below the \"More\" menu in the asset view.
"},{"location":"application/timeseries/","title":"Time series","text":""},{"location":"application/timeseries/#time-series","title":"Time Series","text":"In this panel it is possible to turn time-series off or on on a container level.
Another feature in this panel is to purge dead time-series
"},{"location":"application/timeseries/#turning-time-series-off","title":"Turning time-series off","text":"Turning time-series off can be useful in curtain use-cases to reduce costs.
Note
When a time-serie is turned any configured graphs will show the last measured state in a flat-line.
Also important to note is than any Enodo conditions will no longer work as these require historical data to perform the analysis on.
"},{"location":"application/timeseries/#turning-time-series-on","title":"Turning time-series on","text":"In some scenario's where you would like more in-depth analysis in might be beneficial to enable time-series.
A good example where this might be of using is monitoring per process information using the wmi probe. This is turned off by default as it can quickly result in massive time-series usage.
"},{"location":"application/timeseries/#purge-dead-time-series","title":"Purge dead time-series","text":"Dead time-series occur when an asset is removed or when an asset is modified.
An easy example of an asset modification that leads to dead time-series is a removed volume.
Purging dead time-series removes all time-series which not received data for the provided amount of weeks.
"},{"location":"application/tokens/","title":"Tokens","text":""},{"location":"application/tokens/#tokens","title":"Tokens","text":"In this section container-tokens can be generated and maintained.
Container tokens can be used to authorize external automation to manage InfraSonar data using our API.
Container tokens are also required for agentcore and agent authentication.
Tip
We strongly suggest setting up separate tokens where possible.
"},{"location":"application/tokens/#create-container-tokens","title":"Create container tokens","text":" - Navigate to the container you want to create a token for.
- Click the tokens icon in the left hand menu.
- Click the Add token button.
- Give the token a identifiable name and provide just enough accessobserve we added some shortcuts to create access tokens for Agentcores and probes
- Click Save, enter a reason and click confirm
- Reopen the just created token and copy the ID.
"},{"location":"application/tokens/#pre-defined-roles","title":"Pre-defined roles","text":"We predefined three roles to quickly set the correct permissions:
- Agentcore
- Agent
- Agent (no auto asset creation)
"},{"location":"application/tokens/#container-token-rules","title":"Container token rules","text":" - User who have the de
container Access flag set can create container tokens. - A user can not grant more access permissions to a token then he or she already has.
"},{"location":"application/trash/","title":"Trash","text":""},{"location":"application/trash/#trash","title":"Trash","text":"Asset's are soft-deleted.
When an asset is deleted we remove the collectors from the asset and move the asset to the trash-bin.
"},{"location":"application/trash/#recovering-an-asset","title":"Recovering an asset","text":"When you recover an asset you will need to add the collectors and labels back to this asset.
Kind and description are recovered from the \"bin\".
When you did not purge the time-series data this will be available again also.
"},{"location":"application/users/","title":"Users","text":""},{"location":"application/users/#users","title":"Users","text":"A user with ContainerAccess rights can manage users.
Tip
As with any platform we advise to adhere to the Principle of least privilege
"},{"location":"application/users/#authentication","title":"Authentication","text":"We support user authentication using using one of these cloud identities:
- Microsoft account (this can be a work or personal account)
- Google account (this can be a personal or Google workspace account)
Note
Users can only be added to our platform if they are \"known\" to us. As such a user should fist authenticate once on our platform and from there on the user can be added to a container.
"},{"location":"application/users/#authorization","title":"Authorization","text":"A user's identity can be authorized on a container using a specific permissions.
Note
Also note a user with ContainerAccess rights can never assign more permissiong the assigned to this user.
"},{"location":"application/users/#how-to","title":"How-to","text":""},{"location":"application/users/#add-user","title":"Add user","text":"You can only add a user to a container if the user is \"known\" in InfraSonar, so a new user needs to logon using a Microsoft or Google account prior granting the user access.
Users can be added using the email address they used to authenticate with.
"},{"location":"application/users/#access-permissions-for-regular-users","title":"Access permissions for regular users","text":"We suggest the following set of access permissions for regular users:
- Is member
- View
- AlertChange
Option we suggest adding:
- AlertAssign as this allows the user to assign alerts to users.
- ReportingView, access to reports can help users to get a better understanding.
- RuleEmail, allowing users to setup email rules for themselves can be beneficial.
"},{"location":"application/users/#permissions","title":"Permissions","text":"We have listed each of the specific InfraSonar permission flags below:
"},{"location":"application/users/#is-member","title":"Is member","text":"Allows alerts to be assigned to this user, makes the user \"visible\" for alert assignment.
"},{"location":"application/users/#view","title":"View","text":"Required for viewing this container.
"},{"location":"application/users/#billing","title":"Billing","text":"Required for viewing the credits tab on this container (only when credits are available on the on the container).
"},{"location":"application/users/#insertcheckdata","title":"InsertCheckData","text":"Required for inserting data using the API (used by agents).
"},{"location":"application/users/#agentcoreconnect","title":"AgentcoreConnect","text":"Required for AgentCores to connect to the hub.
"},{"location":"application/users/#assetmanagement","title":"AssetManagement","text":" - Required for changing the container mode (and/or schedule container mode);
- Required for changing the asset mode (and/or schedule asset mode);
- Required for creating new assets;
- Required for removing assets (including delete from trash);
- Required for changing asset configuration (including labels and collector related configuration).
"},{"location":"application/users/#alertassign","title":"AlertAssign","text":"Required for assigning alerts."},{"location":"application/users/#alertchange","title":"AlertChange","text":"Required for closing alerts; Required for adding comments to alerts."},{"location":"application/users/#api","title":"API","text":"Required for any API request.
"},{"location":"application/users/#containermanagement","title":"ContainerManagement","text":" - Required for adding child containers to this container;
- Required for removing this container;
- Required for renaming this container.
"},{"location":"application/users/#containeradmin","title":"ContainerAdmin","text":" - Required for creating/changing/removing labels within this container;
- Required for creating/changing/removing conditions within this container;
- Required to create/change/remove a DutyCalls service to this container.
"},{"location":"application/users/#containeraccess","title":"ContainerAccess","text":" - Required for managing user access to this container;
- Required for managing tokens on this container.
"},{"location":"application/users/#checkmanagement","title":"CheckManagement","text":"Required for enable/disable/configure checks per collector on assets.
"},{"location":"application/users/#timeseriesmanagement","title":"TimeSeriesManagement","text":"Required for enable/disable time-series for this container.
"},{"location":"application/users/#rulemanagement","title":"RuleManagement","text":"Required for managing all rules on this container. (including rules for webhooks and rules for other users)
"},{"location":"application/users/#ruleemail","title":"RuleEmail","text":"Required for creating a personal email rule on this container.
"},{"location":"application/users/#purgetimeseries","title":"PurgeTimeSeries","text":"Required for purging dead-time-series within this container.
"},{"location":"application/users/#viewlog","title":"ViewLog","text":"Required for viewing logging.
"},{"location":"application/users/#reportingview","title":"ReportingView","text":"Required for viewing reports.
"},{"location":"application/users/#reportingadmin","title":"ReportingAdmin","text":"Required for managing reports.
"},{"location":"application/users/#containertokens","title":"ContainerTokens","text":"Required for managing container tokes.
"},{"location":"application/users/#rulephone","title":"RulePhone","text":"Required for creating a personal phone rule like SMS, PhoneCall or WhatsApp on this container.
"},{"location":"application/users/#webhooks","title":"Webhooks","text":"Required for managing and viewing Webhooks. Be careful with this privilege as webhooks might contain sensitive information like API keys. (This auth flag is not required for creating rules using webhooks)
"},{"location":"application/views/","title":"Views","text":""},{"location":"application/views/#views","title":"Views","text":"Views can be used create an overview over multiple assets grouped by kind and/or label.
"},{"location":"application/webhooks/","title":"Webhooks","text":""},{"location":"application/webhooks/#webhooks","title":"Webhooks","text":"Webhooks can be used to inform third party services about open en closed alerts and notifications. A webhook must be used by a rule before the webhook will be executed. This enables more control for when a webhook must be called.
"},{"location":"application/webhooks/#variable-in-a-webhook","title":"Variable in a webhook","text":"It is possible to use variable using the syntax {{ variable }} when creating a webhook. The following variable are available:
Variable Scope Example value alert_link Alert https://app.infrasonar.com/container/123/asset/456/alert?condition=789&item=myitem&alert=1689146219 alert_message Alert A message with optional MarDown syntax. alert_severity Alert WARNING (One of EMERGENCY, ALERT, CRITICAL, ERROR, WARNING, NOTICE, INFORMATIONAL or DEBUG) alert_timestamp Alert 1689146219 asset_id Alert 456 asset_name Alert My asset condition_id Alert 789 condition_name Alert My condition container_id All 123 container_link All https://app.infrasonar.com/container/123 container_name All My container item_name Alert My item ks All (Unique key string to identify the alert of notification) notification_identifier Notification (For example an asset name but can be nil) notification_index Notification (For example a check name but can be nil) notification_kind Notification ConnectionStatus (One of ConnectionStatus, ConnectionTimeDelta, ProbeVersion, ProbeMissing, ProbeTimeDelta, ProbeNoHeartbeat, CheckMissing, CheckError, CheckAged, CheckInvalidResult, CheckInvalidTimestamp, CheckInvalidData, ContainerMaintenance, AgentcoreMissing or ConditionError) notification_message Notification A message with optional MarkDown syntax. notification_severity Notification MEDIUM (One of LOW, MEDIUM or HIGH) notification_timestamp Notification 1689146219 webhook_id All 0 (Webhook identifier) webhook_name All My webhook scope All AlertOpen (One of AlertOpen, AlertClose, NotificationOpen or NotificationClose)"},{"location":"application/zones/","title":"Zones","text":""},{"location":"application/zones/#zones","title":"zones","text":"Zones can be useful when assets are located in a dmz or remote networks as it allows to direct assets to a specific Agentcore by configuring the asset to be a member of the specific zone.
"},{"location":"application/zones/#good-to-know","title":"Good to know","text":" - When one or more Agentcores are configured in the specified zone an asset is bound to one of the Agentcores in this zone.
- If no agentcores are configured in the specified zone we fall back to any other agent core.
- For assets being monitored using an agent the zone configuration is purely cosmetic.
In the future we might add a link between zones and locations.
"},{"location":"collectors/","title":"Index","text":""},{"location":"collectors/#collectors","title":"Collectors","text":"InfraSonar collectors collect monitoring data to be parsed by the InfraSonar cloud platform.
All our general purpose collectors are available as open-source on our GitHub page.
Using the provided libraries third parties can easily add additional collectors to our platform.
"},{"location":"collectors/#collection-concepts","title":"Collection concepts","text":"InfraSonar identities three collection concepts to gather data from monitored assets.
- Agents run autonomously on a monitored asset and send data directly the to InfraSonar platform
- Probes are most often deployed on an appliance and are orchestrated by an agentcoreProbes are typically used for agentless monitoring scenario's.
- Services collect data \"as a service\".
"},{"location":"collectors/agents/","title":"Index","text":""},{"location":"collectors/agents/#agents","title":"Agents","text":"An InfraSonar agents is an installable software component that autonomously and send the retrieved monitoring data to the InfraSonar platform using the InfraSonar API
"},{"location":"collectors/agents/#available-agents","title":"Available agents","text":" Docker agent
Kubernetes agent
Speedtest agent
Microsoft Windows Agent
"},{"location":"collectors/agents/docker/","title":"Docker","text":""},{"location":"collectors/agents/docker/#docker","title":"Docker","text":"The Docker-agent is a Docker container that can be used to monitor other Docker containers. The Docker-agent itself runs as a Docker container on the host, which hosts the containers and uses the Unix socket docker.sock to retrieve relevant monitoring data which, is send to the InfraSonar API.
"},{"location":"collectors/agents/docker/#prerequisites","title":"Prerequisites","text":" - The Docker-agent must be able to connect to the InfraSonar API
- The Docker-agent must be allowed access to the Unix socket
docker.sock. - The Docker-agent requires a valid token.
"},{"location":"collectors/agents/docker/#deployment","title":"Deployment","text":"There are multiple scenario's that can be used to deploy the docker agent and it depends on your use case which one would suites best for you.
Host network vs bridge network
When using a bridge network it is highly recommended to set the container host name using the --hostname / -h flag as this is the name used by the agent to present itself.
Upon first run the Docker agents registers itself as an asset in InfraSonar, to ensure reconnection to the same asset an asset-id is stored in /data/.asset.json hence the reason we mount the the /data folder.
"},{"location":"collectors/agents/docker/#docker-command","title":"Docker command","text":"Deploys the docker agent using a bridged network and names the hostname to the system hostname:
docker run \\\n --name dockeragent \\\n -h $HOSTNAME \\\n -v infraSonarData:/data \\\n -e TOKEN=\"<<agent token>>\" \\\n -v /var/run/docker.sock:/var/run/docker.sock \\\n -d \\\n ghcr.io/infrasonar/docker-agent\n
Deploys the docker agent using the host network and thus automatically uses the system hostname:
docker run \\\n --name dockeragent \\\n --network host \\\n -v infraSonarData:/data \\\n -e TOKEN=\"<<agent token>>\" \\\n -v /var/run/docker.sock:/var/run/docker.sock \\\n -d \\\n ghcr.io/infrasonar/docker-agent\n
"},{"location":"collectors/agents/docker/#docker-compose","title":"docker-compose","text":"You can also add the Docker-agent to your docker-compose.yml file:
volumes:\n infraSonarData:\n\nservices:\n dockeragent:\n network_mode: host\n container_name: dockeragent\n hostname: dockeragent\n restart: always\n logging:\n options:\n max-size: 5m\n image: ghcr.io/infrasonar/docker-agent\n environment:\n TOKEN: \"<<agent token>>\"\n volumes:\n - /var/run/docker.sock:/var/run/docker.sock\n - infraSonarData:/data\n
See also our InfraSonar docker compose on how we deploy the docker agent on our monitoring appliances.
"},{"location":"collectors/agents/kubernetes/","title":"Kubernetes","text":""},{"location":"collectors/agents/kubernetes/#kubernetes","title":"Kubernetes","text":""},{"location":"collectors/agents/kubernetes/#introduction","title":"Introduction","text":"The Kubernetes agent monitors your Kubernetes cluster. Deploy it as a pod in your cluster.
"},{"location":"collectors/agents/kubernetes/#prerequisites","title":"Prerequisites","text":" - A valid Kubernetes token.
- An InfraSonar asset ID if you want to use a Deployment instead of a StatefulSet.
"},{"location":"collectors/agents/kubernetes/#installation","title":"Installation","text":"Create a namespace for the agent:
namespace.yamlapiVersion: v1\nkind: Namespace\nmetadata:\n name: monitoring\n
Create a cluster role for the agent:
cluster_role.yamlkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: infrasonar\nrules:\n- apiGroups: [\"metrics.k8s.io\", \"apiregistration.k8s.io\", \"\"]\n resources: [\"pods\", \"namespaces\", \"nodes\", \"nodes/proxy\", \"apiservices\", \"persistentvolumeclaims\", \"services\"]\n verbs: [\"list\", \"get\"]\n
Create a cluster role binding for the agent:
cluster_role_binding.yamlkind: ClusterRoleBinding\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: infrasonar\nsubjects:\n- kind: ServiceAccount\n name: default\n namespace: monitoring\nroleRef:\n kind: ClusterRole\n name: infrasonar\n apiGroup: rbac.authorization.k8s.io\n
Apply the above files:
kubectl apply -f namespace.yaml\nkubectl apply -f cluster_role.yaml\nkubectl apply -f cluster_role_binding.yaml\n
"},{"location":"collectors/agents/kubernetes/#deployment","title":"Deployment","text":"If you already have an asset or want to create one manually in InfraSonar, you only need the asset ID and can use a Deployment. Otherwise, skip this part and read the StatefulSet section.
Create a deployment for the agent:
deployment.yamlapiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: infrasonar\n namespace: monitoring\n labels:\n app: infrasonar\nspec:\n selector:\n matchLabels:\n app: infrasonar\n template:\n metadata:\n labels:\n app: infrasonar\n spec:\n containers:\n - name: infrasonar\n image: ghcr.io/infrasonar/kubernetes-agent:latest\n imagePullPolicy: Always\n env:\n - name: ASSET_ID\n value: \"<REPLACE_WITH_YOUR_ASSET_ID>\"\n - name: TOKEN\n value: \"<REPLACE_WITH_YOUR_AGENT_TOKEN>\"\n
Apply the deployment:
kubectl apply -f deployment.yaml\n
"},{"location":"collectors/agents/kubernetes/#statefulset","title":"StatefulSet","text":"Use a StatefulSet only if you want the agent to create the asset for you, otherwise use a Deployment.
Create a StatefulSet for the agent:
stateful_set.yamlapiVersion: apps/v1\nkind: StatefulSet\nmetadata:\n name: infrasonar\n namespace: monitoring\n labels:\n app: infrasonar\nspec:\n selector:\n matchLabels:\n app: infrasonar\n serviceName: infrasonar\n replicas: 1\n template:\n metadata:\n labels:\n app: infrasonar\n spec:\n containers:\n - name: infrasonar\n image: ghcr.io/infrasonar/kubernetes-agent:latest\n imagePullPolicy: Always\n env:\n - name: ASSET_ID\n value: \"/mnt/data/asset.json\"\n - name: TOKEN\n value: \"<REPLACE_WITH_YOUR_AGENT_TOKEN>\"\n volumeMounts:\n - name: data\n mountPath: /mnt/data\n volumeClaimTemplates:\n - metadata:\n name: data\n spec:\n accessModes: [\"ReadWriteOnce\"]\n resources:\n requests:\n storage: 1Mi\n
Apply the StatefulSet:
kubectl apply -f stateful_set.yaml\n
"},{"location":"collectors/agents/kubernetes/#cleanup","title":"Cleanup","text":"When you no longer want to use the Kubernetes agent, you can remove it with the following steps:
If a Deployment was used:
kubectl delete deployment infrasonar --namespace=monitoring\n
If a StatefulSet was used:
kubectl delete sts infrasonar --namespace=monitoring\nkubectl delete pvc -l app.kubernetes.io/name=infrasonar --namespace=monitoring\n
Cleanup the namespace, service account and associated role and binding:
kubectl delete ClusterRoleBinding infrasonar\nkubectl delete ClusterRole infrasonar\nkubectl delete ns monitoring\n
"},{"location":"collectors/agents/kubernetes/#my-cpu-and-memory-metrics-are-missing","title":"My CPU and Memory metrics are missing","text":"If the pod and node CPU and Memory metrics are missing, please check the agent logging. Most likely the metric server is not running. This can be checked using the following command:
kubectl get apiservices v1beta1.metrics.k8s.io\n
The above should return with something like:
NAME SERVICE AVAILABLE AGE\nv1beta1.metrics.k8s.io kube-system/metrics-server True 123d\n
Click here for information on how to install the metrics server.
"},{"location":"collectors/agents/kubernetes/#additional-information","title":"Additional information","text":" Kubernetes agent source code
"},{"location":"collectors/agents/speedtest/","title":"Speedtest","text":""},{"location":"collectors/agents/speedtest/#speedtest","title":"Speedtest","text":""},{"location":"collectors/agents/speedtest/#introduction","title":"Introduction","text":"The speedtest-agent measures upload and download speeds using Ookla's speedtest service.
Third party data collection
Ookla collects certain data through Speedtest that may be considered personally identifiable, such as your IP address, unique device identifiers or location. Ookla believes it has a legitimate interest to share this data with internet providers, hardware manufacturers and industry regulators to help them understand and create a better and faster internet. For further information including how the data may be shared, where the data may be transferred and Ookla\u2019s contact details, please see Ookla's Privacy Policy.
The ping-probe utilizes the icmp protocol to monitor the network roundtrip between the monitoring appliance and the monitored host.
"},{"location":"collectors/agents/speedtest/#features","title":"Features","text":" - Monitors upload and download speeds as observed from the agent's perspective
"},{"location":"collectors/agents/speedtest/#deployment","title":"Deployment","text":"The speedtest agent is easiest deployed as a docker container.
docker run \\\n --name speedtestagent \\\n -e TOKEN=\"<<agent token>>\" \\\n -e ASSET_ID=\"<<asset_ID>>\" \\\n -d \\\n ghcr.io/infrasonar/speedtest-agent\n
Ensure you add the agent onto the asset prior to deploying the agent.
"},{"location":"collectors/agents/speedtest/#additional-information","title":"Additional information","text":" Speedtest agent source code
"},{"location":"collectors/agents/windows/","title":"Windows","text":""},{"location":"collectors/agents/windows/#microsoft-windows-agent","title":"Microsoft Windows agent","text":""},{"location":"collectors/agents/windows/#installation","title":"Installation","text":""},{"location":"collectors/agents/windows/#easy-deployment","title":"Easy deployment","text":"You can use our easy deployment script, note this scripts requires elevated privileges as it runs an MSI installer.
curl -fsSL https://deploywindowsagent.infrasonar.com ^\n -o %temp%\\infrasonar.cmd && %temp%\\infrasonar.cmd\n
"},{"location":"collectors/agents/windows/#manual-installation","title":"Manual installation","text":"Install the msi:
You can download the latest msi of our latest Microsoft Windows agent from our GitHub releases page here.
Configure the Microsoft Windows agent:
Open the registry and add your agent Token:
You can also use the command below in an elevated command prompt to set your agent token:
set token=YOURTOKENHRE\nreg add \"HKLM\\SOFTWARE\\Wow6432Node\\Cesbit\\InfraSonarAgent\" /v Token /d %token% /t REG_SZ /f\n
Configure your asset Id
If you already have an Asset Id, you can configure set in the registry. When the AssetId registry key is 0, the agent will create a new asset once the service starts.
(Re)start the Microsoft Windows agent:
To apply any changed made in the registry the agent needs to be stopped and started.
You can use the services console (services.msc) or use the following commands in an elevated command prompt:
net stop InfraSonarAgent\nnet start InfraSonarAgent\n
More debug information
If you want more debug information in the Event Viewer, you can also add a Debug registry key of type RED_DWORD and set the value to 1.
"},{"location":"collectors/agents/windows/#additional-information","title":"Additional information","text":" Windows agent source code
"},{"location":"collectors/probes/","title":"Probes","text":""},{"location":"collectors/probes/#introduction","title":"Introduction","text":"Probe mission
We use open standards and vendor-provided technologies to query controlled systems.
Probes are collectors that use open standards or vendor provided methods to retrieve monitoring data from a remote asset.
All InfraSonar provided probes are available as open source on our GitHub repository as we believe in transparency with regards to data collection and systems access.
When a new asset (host) is added and the InfraSonar admin enables a specific probe for this asset, a discovery routine will be started to identify the asset and determine which checks InfraSonar can perform.
"},{"location":"collectors/probes/#deployment","title":"Deployment","text":"Probes are typically deployed using a Docker image running as a Docker container one or more InfraSonar appliances.
Upon startup a probe registers itself to the for this probe configured agentcore
Because probes usually run in the same Docker network as the agentcore, they can easily connect to it.
"},{"location":"collectors/probes/#configuration","title":"Configuration","text":"As probes are typically deployed using Docker compose, probe behavior, such as setting the log level, can easily be accomplished by environment variables in the coresponding docker-compose.yml file. The usage of this file is outlined here
"},{"location":"collectors/probes/agentcore/","title":"Agentcore","text":""},{"location":"collectors/probes/agentcore/#agentcore","title":"Agentcore","text":"The Agentcore orchestrates our probes and is responsible for scheduling checks. During the startup sequence of a probe, it will \u201c announce\u201d itself to the Agentcore.
The Agentcore also acts as a communication gateway. Data retrieved by the probes is sent to the InfraSonar cloud platform via the Agentcore.
graph LR\n probe[Probe] --> | TCP 8750 | Agentcore[Agentcore] --> | TCP 8730 TLS/SSL | infrasonarcloud[InfraSonar Cloud Platform];
As probes usually run in the same Docker network as the Agentcore, they can easily connect to it.
it is possible to use TCP port 443 instead of 8730 we don't recommended this but some environment refuse inter traffic to ports other then 80 and 443
"},{"location":"collectors/probes/agentcore/#features","title":"Features","text":""},{"location":"collectors/probes/agentcore/#resumable-operation","title":"Resumable operation","text":"If an Agentcore is shutdown properly a list of assets and a check result queue are saved on disk. Given the Agentcore starts and it can't connect to the InfraSonar cloud platform the list of saved assets will be used to resume operations. Check results up to a maximum of 100.000 packages will be stored in a queue.
"},{"location":"collectors/probes/agentcore/#multiple-agentcores","title":"Multiple Agentcores","text":"InfraSonar supports multiple Agentcores within a monitored environment. Deploying multiple Agentcores can be useful in spreading the network load, accommodate for network segmentation, and supporting large-scale implementations.
To support network segmentation, assets can be assigned to a zone. When this zone also has an Agentcore assigned its assets will automatically be monitored using the Agentcores in this zone.
When you deploy multiple Agentcores in a zone, assets will be evenly distributed between all Agentcores in this zone..
No automagic failover
If an Agentcore fails it's role will not automatically be taken over by another Agentcore. To accomplish this, the failing Agentcore needs to be removed by an InfraSonar admin.
"},{"location":"collectors/probes/agentcore/#operational","title":"Operational","text":""},{"location":"collectors/probes/agentcore/#removing-an-agentcore","title":"Removing an Agentcore","text":"When an Agentcore is decommissioned, all hosts monitored by are automatically transferred to other Agentcores in the configured zone.
You can remove an Agentcore in our Agentcore panel.
"},{"location":"collectors/probes/dns/","title":"DNS","text":""},{"location":"collectors/probes/dns/#dns","title":"DNS","text":""},{"location":"collectors/probes/dns/#introduction","title":"Introduction","text":"The DNS probe is a synthetic monitor and can even monitor changes to specific DNS records.
"},{"location":"collectors/probes/dns/#features","title":"Features","text":"THe DNS probe can perform forward and reverse DNS queries for an FQDN
"},{"location":"collectors/probes/dns/#deployment","title":"Deployment","text":"The DNS probe is deployed as a docker container using docker compose.
"},{"location":"collectors/probes/dns/#probe-configuration","title":"Probe configuration","text":"Property Description DNS Servers DNS servers to query, note all configured DNS servers are queried FQDN FQDN of the DNS record you want to monitor Reverse DNS lookups
Using the special .arpa. domain it is possible to perform a reverse DNS lookup. See our PTR section for a detailed explanation and examples.
"},{"location":"collectors/probes/dns/#example-configuration","title":"Example configuration","text":" - DNS servers:
8.8.8.8, 8.8.4.4 - FQDN:
dns.google.com
"},{"location":"collectors/probes/dns/#checks","title":"Checks","text":"We support the DNS record types described in the next paragraphs.
Most of the information in this chapter is an extract from this Wikipedia article.
"},{"location":"collectors/probes/dns/#a","title":"A","text":"Address record, List of IPv4 addresses, most commonly used to map hostnames to an IP address of the host
Example:
FQDN Result infrasonar.com 185.199.111.153, 185.199.108.153, 185.199.109.153, 185.199.110.153"},{"location":"collectors/probes/dns/#aaaa","title":"AAAA","text":"IPv6 address record, list of IPv6 addresses, most commonly used to map hostnames to an IP address of the host
Example:
FQDN Result infrasonar.com 2606:50c0:8003::153, 2606:50c0:8002::153, 2606:50c0:8001::153, 2606:50c0:8000::153"},{"location":"collectors/probes/dns/#caa","title":"CAA","text":"Certification Authority Authorization. DNS Certification Authority Authorization, constraining acceptable CAs for a host/domain.
CAA record structure: flag tag value
flag A flags byte which implements an extensible signaling system for future use. As of 2018, only the issuer critical flag has been defined, which instructs certificate authorities that they must understand the corresponding property tag before issuing a certificate. This flag allows the protocol to be extended in the future with mandatory extensions, similar to critical extensions in X.509 certificates. tag One of the following property:
issue This property authorizes the holder of the domain specified in associated property value to issue certificates for the domain for which the property is published. issuewild This property acts like issue but only authorizes the issuance of wildcard certificates, and takes precedence over the issue property for wildcard certificate requests. iodef This property specifies a method for certificate authorities to report invalid certificate requests to the domain name holder using the Incident Object Description Exchange Format. As of 2018, not all certificate authorities support this tag, so there is no guarantee that all certificate issuances will be reported. contactemail Increasingly, contact information is not available in WHOIS due to concerns about potential GDPR violations. This property allows domain holders to publish contact information in DNS. contactphone As above, for phone numbers. value The value associated with the chosen property tag. Example:
FQDN Result infrasonar.com 0 issue \"pki.goog\""},{"location":"collectors/probes/dns/#cname","title":"CNAME","text":"Canonical name record, alias of one name to another.
A CNAME lookup returns only one canonical name.
Example:
FQDN Result docs.cesbit.com cesbit.github.io."},{"location":"collectors/probes/dns/#ds","title":"DS","text":"Delegation signer. The record used to identify the DNSSEC signing key of a delegated zone.
DS record structure: Key Tag Algorithm Digest Type Digest
Example:
FQDN Result infrasonar.com 9907 8 2 33D13AB164664236CF3EF302E8057AF46FC226AAE2B6A2759E4E80BA AF448970"},{"location":"collectors/probes/dns/#mx","title":"MX","text":"Mail exchange record, list of mail exchange servers that accept email for a domain.
Example output: 1 aspmx.l.google.com.,10 alt3.aspmx.l.google.com.,10 alt4.aspmx.l.google.com.,5 alt1.aspmx.l.google.com.,5 alt2.aspmx.l.google.com.
MX Record
An MX record is returned as follows: preference address
Example:
FQDN Result infrasonar.com 1 aspmx.l.google.com., 5 alt1.aspmx.l.google.com., 5 alt2.aspmx.l.google.com., 10 alt3.aspmx.l.google.com., 10 alt4.aspmx.l.google.com."},{"location":"collectors/probes/dns/#ns","title":"NS","text":"Name server record, Delegates a DNS zone to use the given authoritative name servers.
Example:
FQDN Result infrasonar.com ns-cloud-a1.googledomains.com, ns-cloud-a2.googledomains.com, ns-cloud-a3.googledomains.com, ns-cloud-a4.googledomains.com"},{"location":"collectors/probes/dns/#ptr","title":"PTR","text":"PTR Resource Record, possible for IP addresses in the format:
in-addr.arpa is the namespace within .arpa for reverse DNS lookups in IPv4.
IPv6
IPv6 addresses are constructed differently from IPv4 addresses, and IPv6 PTR records exist in a different namespace within .arpa. IPv6 PTR records are stored under the IPv6 address, reversed and converted into four-bit sections (as opposed to 8-bit sections, as in IPv4), plus \".ip6.arpa\".
So 2001:4860:4860::8844 becomes: 4.4.8.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.6.8.4.0.6.8.4.1.0.0.2.ip6.arpa
Example:
FQDN Result 8.8.8.8.in-addr.arpa. dns.google. .4.8.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.6.8.4.0.6.8.4.1.0.0.2.ip6.arpa dns.google."},{"location":"collectors/probes/dns/#srv","title":"SRV","text":"Service locator, generalized service location record, used for newer protocols instead of creating protocol-specific records such as MX.
SRV record structure: Priority Weight Port Target
priority the priority of the target host, lower value means more preferred. weight A relative weight for records with the same priority, higher value means higher chance of getting picked. port the TCP or UDP port on which the service is to be found. target the canonical hostname of the machine providing the service, ending in a dot. Example:
FQDN Result _srv._test.test-technology.nl. 0 5 5060 srvrecordtest.test-technology.nl."},{"location":"collectors/probes/dns/#soa","title":"SOA","text":"Start of [a zone of] authority record. Specifies authoritative information about a DNS zone, including the primary name server, the email of the domain administrator, the domain serial number, and several timers relating to refreshing the zone.
SOA record structure: Primary NS Responsible name Serial Refresh Retry Expire Miniumum
Primary NS Primary master name server for this zone. Responsible name Email address of the administrator responsible for this zone. (As usual, the email address is encoded as a name. The part of the email address before the @ becomes the first label of the name; the domain name after the @ becomes the rest of the name. In zone-file format, dots in labels are escaped with backslashes; thus the email address john.doe@example.com would be represented in a zone file as john.doe.example.com.) Serial Serial number for this zone. If a secondary name server slaved to this one observes an increase in this number, the slave will assume that the zone has been updated and initiate a zone transfer. Refresh Number of seconds after which secondary name servers should query the master for the SOA record, to detect zone changes. Recommendation for small and stable zones: 86400 seconds (24 hours). Retry Number of seconds after which secondary name servers should retry to request the serial number from the master if the master does not respond. It must be less than Refresh. Recommendation for small and stable zones: 7200 seconds (2 hours). Expire Number of seconds after which secondary name servers should stop answering request for this zone if the master does not respond. This value must be bigger than the sum of Refresh and Retry. Recommendation for small and stable zones: 3600000 seconds (1000 hours). Miniumum Used in calculating the time to live for purposes of negative caching. Authoritative name servers take the smaller of the SOA TTL and the SOA MINIMUM to send as the SOA TTL in negative responses. Resolvers use the resulting SOA TTL to understand for how long they are allowed to cache a negative response. Recommendation for small and stable zones: 172800 seconds (2 days). Originally this field had the meaning of a minimum TTL value for resource records in this zone; it was changed to its current meaning by RFC 2308. Example:
FQDN Result infrasonar.com ns-cloud-e1.googledomains.com. cloud-dns-hostmaster.google.com. 15 21600 3600 259200 300"},{"location":"collectors/probes/dns/#best-practices","title":"Best practices","text":""},{"location":"collectors/probes/dns/#internal-vs-external-response","title":"Internal vs External response","text":"Setup an asset to monitor your internal and external DNS response.
This can easily be done by monitoring for example google.com on your internal DNS servers and Google DNS servers, for IPv4: 8.8.8.8 and/or 8.8.4.4 and for IPv6: 2001:4860:4860::8888 and/or 2001:4860:4860::8844.
The average DNS lookup time should be between 20 and 120 milliseconds. Anything between that and under is generally considered very good.
"},{"location":"collectors/probes/dns/#microsoft-active-directory","title":"Microsoft Active Directory","text":"source
Setup a DNS probe to monitor for Microsoft Active Directory specific DNS entries for each DNS server in your forest / domain.
Legend
- Domain_Name is the name of your domain.
- SiteName, name of your Active Directory Site
- DnsForestName, name of your DNS Forest.
The following SRV records are registered by Net Logon:
_ldap._tcp.<Domain_Name>.Allows a client to locate servers running the LDAP service in the domain of Domain_Name._ldap._tcp.<SiteName>._sites.<Domain_Name>.Allows a client to locate servers running the LDAP service in a domain in a site SiteName Domain_Name. SiteName relative file name, which is stored in the Configuration container in Active Directory._ldap._tcp.dc._msdcs.<Domain_Name>.Allows a client to find a domain controller in the domain Domain_Name. All DC register this SRV record._ldap._tcp. <SiteName>._sites.dc._msdcs.<Domain_Name>.Allows a client to find a domain controller in the domain in site SiteName Domain_Name.All DC register this SRV record._ldap._tcp.pdc._msdcs.<Domain_Name>.Allows a client to find a domain PDC Domain_Name.Only PDC server registers this SRV record._ldap._tcp.gc._msdcs.<DnsForestName>.Allows a client to find a DC in the forest DnsForestName.Only GC servers register this SRV record._ldap._tcp. <SiteName>._sites.gc._msdcs.<DnsForestName>.Allows a client to find a GC in the forest.Only GC server DnsForestName owned by this forest register this SRV record_gc._tcp.<DnsForestName>.Allows a client to find a GC in the domain. Only GC servers owned by this forest DnsForestName register this SRV record._gc._tcp.<SiteName>._sites.<DnsForestName>.Allows a client to find a GC in this forest site SiteName DnsForestName.Only GC servers owned by this forest DnsForestName register this SRV record._ldap._tcp.DomainGuid.domains._msdcs.<DnsForestName>.Allows customers to find the DC GUID.A GUID is a 128-bit unique index. Admits when Domain_Name DnsForestName and changed._kerberos._tcp.<Domain_Name>.Allows clients to find a Kerberos KDC in that domain: Domain_Name.All DC register this SRV record._kerberos._udp.<Domain_Name>.Same as _kerberos ._tcp.<Domain_Name> only over UDP_kerberos._tcp.<SiteName>._sites.<Domain_Name>.Allows clients to find a Kerberos KDC in that domain: Domain_Name site SiteName.All DC register this SRV record._kerberos._tcp.dc._msdcs.<Domain_Name>.Allows clients to find a DC running a Kerberos KDC's role in that domain: Domain_Name.All DC with the KDC log this SRV record._kerberos.tcp.<SiteName>._sites.dc._msdcs.<Domain_Name>.Allows clients to find a DC running a Kerberos KDC's role in that domain: Domain_Name site SiteName.All DC with the KDC log this SRV record._kpasswd._tcp.<Domain_Name>.Kerberos Password Change allows you to search for current domain.All kerberos KDC DC (c) role of the register this SRV record_kpasswd._udp.<Domain_Name>.Same as _kpassword._tcp.<Domain_Name> only over UDP
"},{"location":"collectors/probes/dns/#known-issues","title":"Known issues","text":""},{"location":"collectors/probes/dns/#resolution-lifetime-expired-after-5xxx-seconds","title":"Resolution lifetime expired after 5.xxx seconds","text":"The DNS probe returns following the notification:
The resolution lifetime expired after 5.402 seconds:\n Server xx.xx.xx.xx UDP port 53 answered The DNS operation timed out after 2.000 seconds;\n Server xx.xx.xx.xx UDP port 53 answered The DNS operation timed out after 2.000 seconds;\n Server xx.xx.xx.xx UDP port 53 answered The DNS operation timed out after 0.696 seconds\n
The potential rootcause is a DNS server responding with connection refused
This can be validated using the dig command on Linux:
dig @xx.xx.xx.xx google.com\n;; communications error to xx.xx.xx.xx#53: connection refused\n
"},{"location":"collectors/probes/dns/#additional-information","title":"Additional information","text":" DNS probe source code
"},{"location":"collectors/probes/http/","title":"HTTP","text":""},{"location":"collectors/probes/http/#http-probe","title":"HTTP Probe","text":""},{"location":"collectors/probes/http/#introduction","title":"Introduction","text":"The HTTP probe allows to monitor a specific URI over the http or https protocol
"},{"location":"collectors/probes/http/#features","title":"Features","text":" - Roundtrip time, the roundtriptime for the http(s) request is measured and returned.
- HTTP status code monitoring
"},{"location":"collectors/probes/http/#deployment","title":"Deployment","text":"The HTTP probe is deployed as a docker container using docker compose.
"},{"location":"collectors/probes/http/#probe-configuration","title":"Probe configuration","text":"Property Description URI URI of the website you want to monitor Timeout Timeout in seconds should be a value between 0 and 240. The default timeout is 10.0 Verify SSL If turned off, the check ignores invalid certificates; when on, the URI must have a valid certificate. Nots, this is only applicable for HTTPS URI. The default is off. With payload Retrieves the payload, bare in mind the payload is limited to 500 Kb Allow redirects When turned on, redirects are followed. Tip
When monitoring cloud services, enable Allow redirects as these services heavily rely on http redirects.
"},{"location":"collectors/probes/http/#check-specifics","title":"Check specifics","text":""},{"location":"collectors/probes/http/#http-status-codes","title":"HTTP Status codes","text":"See RFC9110 or the List of HTTP status codes on Wikipedia for more detailed information.
code class code Meaning 100 Informational Continue 101 Informational Switching protocols 102 Informational Processing 103 Informational Early Hints 200 Successful OK 201 Successful Created 202 Successful Accepted 203 Successful Non-Authoritative Information 204 Successful No Content 205 Successful Reset Content 206 Successful Partial Content 207 Successful Multi-Status 208 Successful Already Reported 226 Successful IM Used 300 Redirection Multiple Choices 301 Redirection Moved Permanently 302 Redirection Found (Previously \"Moved Temporarily\") 303 Redirection See Other 304 Redirection Not Modified 305 Redirection Use Proxy 306 Redirection Switch Proxy 307 Redirection Temporary Redirect 308 Redirection Permanent Redirect 400 Client Error Bad Request 401 Client Error Unauthorized 402 Client Error Payment Required 403 Client Error Forbidden 404 Client Error Not Found 405 Client Error Method Not Allowed 406 Client Error Not Acceptable 407 Client Error Proxy Authentication Required 408 Client Error Request Timeout 409 Client Error Conflict 410 Client Error Gone 411 Client Error Length Required 412 Client Error Precondition Failed 413 Client Error Payload Too Large 414 Client Error URI Too Long 415 Client Error Unsupported Media Type 416 Client Error Range Not Satisfiable 417 Client Error Expectation Failed 418 Client Error I'm a Teapot 421 Client Error Misdirected Request 422 Client Error Unprocessable Entity 423 Client Error Locked 424 Client Error Failed Dependency 425 Client Error Too Early 426 Client Error Upgrade Required 428 Client Error Precondition Required 429 Client Error Too Many Requests 431 Client Error Request Header Fields Too Large 451 Client Error Unavailable For Legal Reasons 500 Server Error Internal Server Error 501 Server Error Not Implemented 502 Server Error Bad Gateway 503 Server Error Service Unavailable 504 Server Error Gateway Timeout 505 Server Error HTTP Version Not Supported 506 Server Error Variant Also Negotiates 507 Server Error Insufficient Storage 508 Server Error Loop Detected 510 Server Error Not Extended 511 Server Error Network Authentication Required"},{"location":"collectors/probes/http/#additional-information","title":"Additional information","text":" HTTP probe source code
"},{"location":"collectors/probes/mssql/","title":"Microsoft SQL Server","text":""},{"location":"collectors/probes/mssql/#microsoft-sql-server","title":"Microsoft SQL Server","text":""},{"location":"collectors/probes/mssql/#introduction","title":"Introduction","text":"The Microsoft SQL probe uses SQL statements to monitor and analyze the health of a Microsoft SQL Server database.
Goal
The MSSQL probe offers a unified view that provides common ground for infrastructure engineers, DBA, and application managers to analyze and troubleshoot Microsoft SQL server performance issues.
"},{"location":"collectors/probes/mssql/#features","title":"Features","text":"The Microsoft SQL probe allows for in-depth analyses of a SQL server.
Some of the included measurements:
- Memory Page life Expectancy.
- Parallelism configuration.
- CPU, memory and disk IO per database.
- SQL Table information.
- Wait statistics.
- Top 25 query information (all queries would put too much strain on the SQL server).
- Top worker time; which queries consume a lot of time and thus cpu usage.
- Top logical reads; which queries cost the most IO.
- Top execution count; shows the most active queries.
- Index information.
- Frequently used indexes (top used).
- Missing indexes, where would an index make sense.
- Unused indexes, only written but never queried.
- Fragmentation.
- IO, per file and per volume.
- Backup status.
- Agent jobs.
- SQL Config.
- Session and application information.
- Plan cache.
- Blocked count.
Tip
Our implementation consultants can assist in creating a detailed analysis of a Microsoft SQL server.
"},{"location":"collectors/probes/mssql/#deployment","title":"Deployment","text":"The Microsoft SQL probe is deployed as a docker container using docker compose.
"},{"location":"collectors/probes/mssql/#probe-configuration","title":"Probe configuration","text":"The MSSQL probe requires the host's IP address running the monitored SQL server and requires access to curtain SQL tables as defined in our grant scripts.
"},{"location":"collectors/probes/mssql/#credentials","title":"Credentials","text":"The Microsoft SQL probe supports SQL authentication and domain authentication.
For both scenarios it is advisable to setup a separate account for this probe and grant this account access via the supplied grant scripts.
The corresponding infrasonar.yaml 1 section when using for example infrasonar@windows.domainl as user id looks as follows:
mssql:\n config:\n password: \"some_secure_passw0rd\"\n username: infrasonar@windows.domain\n
"},{"location":"collectors/probes/mssql/#authorization","title":"Authorization","text":"The previously created user needs to be granted access onto various tables and resources.
Let your DBA analyses our scripts and contact us if there are any questions.
We created grant scripts for SQL authentication and domain authentication; pick the correct script for your use case.
"},{"location":"collectors/probes/mssql/#grants-for-domain-user","title":"Grants for domain user","text":"Replace domainnamehere\\usernamehere in this script with the correct domain/username and execute it in SQL Server Management Studio to grant the user sufficient permissions.
It is good practice to create a dedicated account for SQL monitoring.
"},{"location":"collectors/probes/mssql/#grants-for-sql-user","title":"Grants for SQL User","text":"This script uses the default username svc_infrasonar and the password someSuperSecurePasswordHereOfCourse, which you should change before running the script.
"},{"location":"collectors/probes/mssql/#best-practices","title":"Best practices","text":""},{"location":"collectors/probes/mssql/#sql-server-maximum-server-memory-is-set-to-default","title":"SQL Server maximum server memory is set to default","text":"Setting max server memory value too high can cause a single instance of SQL Server to compete for memory with other SQL Server instances hosted on the same host. However, setting this value too low could cause significant memory pressure and performance problems. Setting max server memory to the minimum value can even prevent SQL Server from starting. If you cannot start SQL Server after changing this option, start it using the -f startup option and reset max server memory to its previous value. For more information, see Database Engine Service Startup Options.
A rule of thumb is to leave 4GB or 10% of total memory free, whichever is larger on your instance to start with, and adjust this as needed.
See also:
- Microsoft.com - Server memory configuration options
- Brent Ozar - Memory Dangerously Low or Max Memory Too High
"},{"location":"collectors/probes/mssql/#sql-server-cost-threshold-for-parallelism","title":"SQL Server Cost threshold for parallelism","text":"SQL Server Cost threshold for parallelism is a value you might want to review.
While the default value of 5 is adequate for most systems, a different value may be appropriate. Perform application testing with higher and lower values if needed to optimize application performance.
A Microsoft SQL DBA can change this by changing the threshold for parallelism to for example 50, using this SQL statement:
EXEC sp_configure 'show advanced options', 1;\nGO\nRECONFIGURE\nexec sp_configure 'cost threshold for parallelism', 50;\nGO\nRECONFIGURE\nGO\n
"},{"location":"collectors/probes/mssql/#max-degree-of-parallelism","title":"Max Degree of parallelism","text":"A typical SQL server misconfiguration is the Max Degree of parallelism.
Rules of thumb:
- MDOP (Max Degree of parallelism) equal the number of CPU cores.
- MDOP should not be set greater then 8, so a 16 core system should have MDOP configured as 8.
Set ChangeMe to the desired MDOP and execute it using SQL Server Management Studio.
EXEC sp_configure 'show advanced options', 1;\nGO\nRECONFIGURE\nexec sp_configure 'Max Degree of parallelism', ChangeMe;\nGO\nRECONFIGURE\nGO\n
"},{"location":"collectors/probes/mssql/#operational","title":"Operational","text":""},{"location":"collectors/probes/mssql/#new-databases","title":"New databases","text":"The monitoring account does not automatically gain access to databases created after the initial setup. This scenario results in the following InfraSonar alert:
The server principal \"account\" is not able to access the database \"databasename\" under the current security context.
Either grant script contains a marked section that a SQL Admin must run to grant access to these newly created databases.
"},{"location":"collectors/probes/mssql/#additional-information","title":"Additional information","text":" Microsoft SQL probe source code
-
Passwords are encrypted on the appliance the moment the file is saved, see our credentials documentation.\u00a0\u21a9
"},{"location":"collectors/probes/mysql/","title":"MySQL Server","text":""},{"location":"collectors/probes/mysql/#mysql","title":"MySQL","text":""},{"location":"collectors/probes/mysql/#introduction","title":"Introduction","text":"The MySQL probe collects information about a MySQL server.
"},{"location":"collectors/probes/mysql/#deployment","title":"Deployment","text":"The MySQL probe is deployed as a docker container using docker compose.
"},{"location":"collectors/probes/mysql/#probe-configuration","title":"Probe configuration","text":"Make sure your MySQL server is accessible
You can edit the files in /etc/mysql/ to configure the basic settings \u2013 log file, port number, etc. For example, to configure MySQL to listen for connections from network hosts, in the file /etc/mysql/mysql.conf.d/mysqld.cnf, change the bind-address directive to the server\u2019s IP address:
bind-address = 0.0.0.0\n
Create an infrasonar user and provide the required privileges:
CREATE USER 'infrasonar' IDENTIFIED BY '<MY_SECRET_PASSWORD>';\nGRANT SELECT, PROCESS, REFERENCES on *.* TO 'infrasonar';\n
Add the username and password to your configuration file (INFRASONAR_CONF yaml):
mysql:\n config:\n username: infrasonar\n password: <MY_SECRET_PASSWORD>\n
"},{"location":"collectors/probes/mysql/#additional-information","title":"Additional information","text":" MySQL probe source code
"},{"location":"collectors/probes/netapp/","title":"NetApp","text":""},{"location":"collectors/probes/netapp/#netapp","title":"NetApp","text":""},{"location":"collectors/probes/netapp/#introduction","title":"Introduction","text":"InfraSonar monitors NetApp systems running Data ONTAP using the ONTAP rest API.
SNMP-probe for 7mode
It is possible to monitor 7mode NetApp systems using SNMP. The monitoring is not as elaborate as the API Probe.
"},{"location":"collectors/probes/netapp/#features","title":"Features","text":"Some of the features of the InfraSonar NetApp probe:
- NetApp Health Status
- Aggregate and volume and utilization
- Cluster information
- Disk status
- Interface status (Ethernet and FCP)
- CIFS status
- Autosupport configuration
- IOPS
- Snapmirror
"},{"location":"collectors/probes/netapp/#version-specific","title":"Version specific","text":"Some checks are only available from a specific ONTAP version onward:
- cluster node controller info requires ONTAP v9.9 or higher
- cluster node statistics requires ONTAP v9.8 or higher
- interface and interface ports statistics requires ONTAP v9.8 or higher
- SnapMirror transfer data requires ONTAP v9.11 or higher
"},{"location":"collectors/probes/netapp/#deployment","title":"Deployment","text":"The NetApp probe is deployed as a docker container using docker compose.
"},{"location":"collectors/probes/netapp/#probe-configuration","title":"Probe configuration","text":""},{"location":"collectors/probes/netapp/#credentials","title":"Credentials","text":"Don't use admin
We strongly advise setting up a separate user for monitoring to have a clear separation of responsibilities but also to avoid lock-out issues.
First step is to figure out which vserver to use:
vserver show\n
Create a role for InfraSonar with limited access, ensure to use the correct vserver. vserver show is your friend
Create NetApp rolesecurity login rest-role create -role infrasonar -vserver netapp01 -api /api -access readonly\nsecurity login rest-role create -role infrasonar -vserver netapp01 -api /api/security -access none\nsecurity login rest-role create -role infrasonar -vserver netapp01 -api /api/security/audit/destinations -access readonly\nsecurity login rest-role create -role infrasonar -vserver netapp01 -api /api/security/authentication/password -access all\nsecurity login rest-role create -role infrasonar -vserver netapp01 -api /api/security/certificates -access readonly\n
You can verify this role using:
Verify NetApp rolesecurity login rest-role show infrasonar\n
Next step is to create a user (infrasonar) and assign the previously created role (infrasonar) to this user:
Create NetApp usersecurity login create infrasonar -role infrasonar -comment \"system-monitoring user, readonly\" -application ontapi -authentication-method password \nsecurity login create infrasonar -role infrasonar -application http -authentication-method password \n
Verify the user creation:
Verify NetApp usersecurity login show infrasonar\n
See the credentials section on how to configure credentials.
The probe retrieves monitoring data using the ONTAP REST API on TCP port 443.
"},{"location":"collectors/probes/netapp/#operational","title":"Operational","text":""},{"location":"collectors/probes/netapp/#danglingsnapshots","title":"danglingSnapshots","text":"When the time difference between 2 snapshots is greater than 21 (also known as monthly backup), an InfraSonar alert is triggered. There is also a label (dangling snapshots (vmfs) 7d) which generates an alert if the snapshot contains the word vmfs and the time difference is greater then 7 days.
Possible causes:
- Manual snapshots that have not been cleaned up.
- A reconfigured snapmanager.
- A server that is powered off while the mirror is still running.
"},{"location":"collectors/probes/netapp/#additional-information","title":"Additional information","text":" netapp probe source code
"},{"location":"collectors/probes/paloalto/","title":"Palo Alto","text":""},{"location":"collectors/probes/paloalto/#palo-alto","title":"Palo Alto","text":""},{"location":"collectors/probes/paloalto/#introduction","title":"Introduction","text":"InfraSonar monitors Palo Alto firewalls using the rest API.
Also available as service
We also offer a service to monitor Palo Alto firewalls, this is useful if you want to monitor firewalls without deploying your own InfraSonar appliance.
"},{"location":"collectors/probes/paloalto/#features","title":"Features","text":""},{"location":"collectors/probes/paloalto/#deployment","title":"Deployment","text":"When the GlobalProtect Portal or Gateway is enabled the probe needs to use a different TCP port number 4443 instead of 443. You can toggle this behavior when configuring the probe.
"},{"location":"collectors/probes/paloalto/#credentials","title":"Credentials","text":"The Palo Alto rest API uses a key which can be generated for a user.
Don't use an admin account
We strongly recommend creating a read only account specific for monitoring.
"},{"location":"collectors/probes/paloalto/#get-your-api-key","title":"Get your API key","text":"source
To generate an API key, make a GET or POST request to the firewall\u2019s hostname or IP addresses using the administrative credentials and type=keygen:
curl -k -X GET 'https://<firewall>/api/?type=keygen&user=<username>&password=<password>'\n
Ensure to change
<firewall> with your firewall IP or FQDN<username> with the username of your readl-only monitoring user<password> with the password of your readl-only monitoring user
A successful API call returns status=\"success\" along with the API key within the key element:
<response status=\"success\">\n <result>\n <key>Your_secret_key_is_here</key>\n </result>\n</response>\n
You can test your API key using the following command:
curl -k 'https://<firewall>//api/?type=op&cmd=<show><system><info></info></system></show>&key=<apikey>'\n
Ensure to change:
<firewall> with your firewall IP or FQDN<apikey with the previously generated API key
"},{"location":"collectors/probes/paloalto/#revoke-api-keys","title":"Revoke API keys","text":"You can revoke all currently valid API keys, in the event one or more keys are compromised. To change an API key associated with an administrator account change the password associated with the administrator account. API keys that were generated before you expired all keys, or a key that was created using the previous credentials will no longer be valid.
"},{"location":"collectors/probes/paloalto/#configure-api-key-lifetime","title":"Configure API Key Lifetime","text":"Source
An optional step is to configure the API Key Lifetime.
Be aware though that monitoring fails when the API key is expired!
"},{"location":"collectors/probes/paloalto/#known-issues","title":"Known issues","text":""},{"location":"collectors/probes/paloalto/#xml-api-issue-with-passwords-containing-special-characters","title":"XML API Issue With Passwords Containing Special Characters","text":"Passwords containing special characters can cause problems retrieving the API key.
source
"},{"location":"collectors/probes/ping/","title":"Ping","text":""},{"location":"collectors/probes/ping/#ping","title":"Ping","text":""},{"location":"collectors/probes/ping/#introduction","title":"Introduction","text":"The ping-probe utilizes the icmp protocol to monitor the network roundtrip between the monitoring appliance and the monitored host.
"},{"location":"collectors/probes/ping/#features","title":"Features","text":" - Ping roundtrip monitoring, min and max timing
- Number of successfully and/or dropped packages
"},{"location":"collectors/probes/ping/#deployment","title":"Deployment","text":"The ping probe is deployed as a docker container using docker compose.
"},{"location":"collectors/probes/ping/#probe-configuration","title":"Probe configuration","text":"Property Description Address The address that the probe should ping. Interval Interval should be a value between 1 and 9, The default interval is 1. Count Count should be a value between 1 and 9, the default count is 5 Timeout Timeout in seconds should be a value between 0 and 240, the default timeout is 10 seconds."},{"location":"collectors/probes/ping/#check-specifics","title":"Check specifics","text":"Ping returns the minimum time and maximum time as this provides a better insight than just an average ping response.
The number of successful and dropped ping packages are also monitored.
"},{"location":"collectors/probes/ping/#additional-information","title":"Additional information","text":" Ping probe source code
"},{"location":"collectors/probes/santricity/","title":"SANtricity / NetApp E-Series","text":""},{"location":"collectors/probes/santricity/#santricity-netapp-e-series","title":"SANtricity / NetApp E-Series","text":""},{"location":"collectors/probes/santricity/#introduction","title":"Introduction","text":"InfraSonar monitors SANtricity / NetApp E-Series systems running rest API.
"},{"location":"collectors/probes/santricity/#background-information","title":"background information","text":"In SANtricity / NetApp E-Series, volumes, disks, and storage pools are related in a hierarchical manner.
At the lowest level, disks are physical storage devices that are installed in a storage system. These disks can be combined into disk pools, which are logical groups of disks that can be used to create volumes.
Volumes are logical storage units that are created from disk pools. Volumes can be divided into smaller units called LUNs (Logical Unit Numbers), which are presented to hosts as individual disks.
When creating a volume, users can choose from different RAID (Redundant Array of Independent Disks) levels, which determine the level of data protection and performance of the volume. SANtricity supports RAID levels 0, 1, 3, 5, 6, and 10.
Users can also configure different settings for their volumes, such as the size of the volume, the block size, and the access control settings.
Overall, the relationship between volumes, disks, and storage pools in SANtricity is designed to provide users with a flexible and scalable storage infrastructure. By combining disks into storage pools and creating volumes from those pools, users can optimize storage usage and achieve better storage performance.
"},{"location":"collectors/probes/santricity/#features","title":"Features","text":"Some of the features of the InfraSonar NetApp probe:
- System Health status
- Storage pool status
- Volume status
- Controller status
- Disk status status
"},{"location":"collectors/probes/santricity/#deployment","title":"Deployment","text":"The SANtricity / NetApp E-Series probe is deployed as a docker container using docker compose.
"},{"location":"collectors/probes/santricity/#probe-configuration","title":"Probe configuration","text":" - Address: IP address of FQDN of them anagement interface
- Port: The probe retrieves monitoring data using the ONTAP REST API on TCP port 8443, note we encountered deployments using TCP port 443.
- Storage system ID: Storage system id to retrieve stats from. Can also be the WWN of the storage system. When not given we collect stats from \"1\"
"},{"location":"collectors/probes/santricity/#credentials","title":"Credentials","text":""},{"location":"collectors/probes/santricity/#santricity-netapp-e-series_1","title":"SANtricity / NetApp E-Series","text":"The SANtricity / NetApp E-Series probe is configured in the santricity section:
santricity:\n config:\n password: \"some_secure_passw0rd\"\n username: monitor\n
The SANtricity / NetApp E-Series probe used the standard username/password configuration as described in ourcredentials section.
Don't use admin
We strongly advise using the monitor user as this is a user with read-only access to the system. This user profile includes only the Monitor role.
"},{"location":"collectors/probes/santricity/#how-to-configure-snmp-monitoring-on-e-series","title":"How to configure SNMP monitoring on E-Series","text":"\u200b
"},{"location":"collectors/probes/santricity/#applies-to","title":"Applies to","text":" - Flash Array
- E-Series Controller Firmware 7.xx
- E-Series Controller Firmware 6.xx
"},{"location":"collectors/probes/santricity/#description","title":"Description","text":"Simple Network Management Protocol (SNMP) is used for remote status monitoring of servers, network appliances, and software processes. SNMP is designed for an IT administrator to monitor the active technology assets, which are required to perform the business' day to day activities. SANtricity provides a portal for IT administrators to remote monitor their storage array. This article describes the procedure to configure SNMP.
"},{"location":"collectors/probes/santricity/#procedure","title":"Procedure","text":"Perform the following steps to configure SNMP in SANtricity:
- Open the Enterprise Management window of SANtricity and select the array that you would like to configure for SNMP.
- Right-click on the Array and select Configure Alerts. A new window opens. Click the SNMP tab at the top: An IT Administrator can configure SNMP for this storage array. Since SANtricity is software based and it relays the active status' of the storage array, there is only one option for configuring SNMP and it is by sending traps. SNMP requires two data points for sending traps, a Community Name and the Trap destination. The Community Name, also known as the community string should match the SNMP configured Community Name (string). The Trap Destination will be the IP address or host name of the SNMP server or relay.
- To obtain the MIB (Management Information Base) file for use in a third party SNMP server, perform the following steps:
- Go to the NetApp Support Software download page.
- Locate E-Series/EF-Series SANtricity Storage Manager and click Go!
- Click View & Download on the latest version of SANtricity software.
- Click Continue at the bottom of the page.
- Read the EULA and click Accept.
- Scroll down to the MIB File section.
- Click the download link for the .MIB file labeled MIB file for SNMP traps.
Note: For further info please see the Alert Notification Using Email to SNMP Traps section located in the Initial Configuration and Software Installation for SANtricity\u00ae Storage Manager document.
If you have any issues or concerns with configuring SNMP within SANtricity, contact NetApp Support.
"},{"location":"collectors/probes/santricity/#additional-information","title":"Additional information","text":" SANtricity / NetApp E-Series probe source code
"},{"location":"collectors/probes/tcp/","title":"TCP","text":""},{"location":"collectors/probes/tcp/#tcp","title":"TCP","text":""},{"location":"collectors/probes/tcp/#introduction","title":"Introduction","text":"The TCP probe uses TCP to try and make a TCP connection.
"},{"location":"collectors/probes/tcp/#features","title":"Features","text":" - Check TCP ports
- Check certificates
"},{"location":"collectors/probes/tcp/#deployment","title":"Deployment","text":"The TCP probe is deployed as a docker container using docker compose.
"},{"location":"collectors/probes/tcp/#probe-configuration","title":"Probe configuration","text":"Property Description Address The address that the probe should check. Certificate Ports List of ports to perform certificates check on. TCP Ports List of ports to perform a port check on.Each port must be a numeric value between 1 and 65535, where ports are separated by a comma."},{"location":"collectors/probes/tcp/#checks","title":"Checks","text":""},{"location":"collectors/probes/tcp/#tcp-ports","title":"TCP ports","text":"Check TCP ports allows for monitoring specific TCP port statuses.
As the TCP probe uses NMAP at its core it can identify the same six ports states as nmap.
Port state Description open An application is actively accepting TCP connections, UDP datagrams or SCTP associations on this port. closed A closed port is accessible (it receives and responds to Nmap probe packets), but there is no application listening on it. filtered Nmap cannot determine whether the port is open because packet filtering prevents its probes from reaching the port. The filtering could be from a dedicated firewall device, router rules, or host-based firewall software. unfiltered The unfiltered state means that a port is accessible, but Nmap is unable to determine whether it is open or closed. open|filtered Nmap places ports in this state when it is unable to determine whether a port is open or filtered. closed|filtered This state is used when Nmap is unable to determine whether a port is closed or filtered."},{"location":"collectors/probes/tcp/#certificates","title":"Certificates","text":"Gathers certificates and ciphers present on the specified TCP port.
"},{"location":"collectors/probes/tcp/#additional-information","title":"Additional information","text":" TCP probe source code
"},{"location":"collectors/probes/unificontroller/","title":"UniFi","text":""},{"location":"collectors/probes/unificontroller/#unifi","title":"UniFi","text":""},{"location":"collectors/probes/unificontroller/#introduction","title":"Introduction","text":"The UniFi controller probe uses the UniFi API to collect data from the UniFi controller.
See also our UniFi SNMP probe
When you have no controller you can also use our UniFi SNMP probe to access UniFi devices directly.
"},{"location":"collectors/probes/unificontroller/#features","title":"Features","text":""},{"location":"collectors/probes/unificontroller/#deployment","title":"Deployment","text":"Ensure the following section is added to your docker-compose template to enable the UniFi controller probe and UniFi device probe:
unificontroller-probe:\n << : *infrasonar\n image: ghcr.io/infrasonar/unificontroller-probe\n unifidevice-probe:\n << : *infrasonar\n image: ghcr.io/infrasonar/unifidevice-probe\n
"},{"location":"collectors/probes/unificontroller/#probe-configuration","title":"Probe configuration","text":""},{"location":"collectors/probes/unificontroller/#credentials","title":"Credentials","text":"The UniFi controller and UniFi device probe use the same read-only credentials to access the UniFi API.
Use the following sections in our credentials file:
unificontroller:\n config:\n password: \"username\"\n username: \"pasword goes here\"\nunifidevice:\n use: unificontroller\n
See our credentials documentation for more detailed information.
"},{"location":"collectors/probes/unificontroller/#asset-configuration","title":"Asset configuration","text":"Ensure the UniFi Controller probe is setup and returning data before adding UniFi devices as you need information retrieved by the UniFi controller to setup the UniFi devices.
"},{"location":"collectors/probes/unificontroller/#controller","title":"Controller","text":" - Start by adding an asset for the controller
- Next set kind to UniFi in the General section
- Add the unificontroller collector
- Open the unificontroller collector configuration tab
- Enter the address (IP or FQDN) of the UniFi controller
- Ensure the correct port is set
- Set the site name.
"},{"location":"collectors/probes/unificontroller/#unifi-devices","title":"UniFi devices","text":" - Start by adding an asset for the UniFi device
- Next set kind to UniFi in the General section
- Add the unifidevice collector
- Open the unifidevice collector configuration tab
- Enter the address (IP or FQDN) of the UniFi controller
- Ensure the correct port is set
- Set the site name.
- Enter the MAC address of the UniFi
You can automate this step using our toolkit and UniFi devices report.
Please reach out to support for additional information.
"},{"location":"collectors/probes/unificontroller/#additional-information","title":"Additional information","text":" UniFi Controller probe UniFi Device probe
"},{"location":"collectors/probes/appliance/","title":"InfraSonar probes","text":""},{"location":"collectors/probes/appliance/#getting-started","title":"Getting started","text":"While it is very possible to deploy InfraSonar on a shared system we advise to use up a dedicated (virtual) Linux appliance. We have a ready ro run appliance, which can we found here
If you have any docker experience you might want to jump to our ease deployment script
"},{"location":"collectors/probes/appliance/appliance_installation/","title":"Appliance","text":"You can download our ready-to-run OVA (Open Virtual Appliance) here.
After you deployed the appliance there are thre
- Change the sysadmin password;
- Configure a static IP address if required;
- Deploy InfraSonar.
Internet access is required
InfraSonar appliances require internet access in order to retrieve up to date docker containers, operating system updates and connect to the InfraSonar cloud.
"},{"location":"collectors/probes/appliance/appliance_installation/#default-login","title":"Default login","text":"You can logon to the appliance using:
- User:
sysadmin - Password:
Infr@S0n@r
"},{"location":"collectors/probes/appliance/appliance_installation/#change-password","title":"Change password","text":"Enter the passwd command when you are logged on as sysadmin and follow the steps when prompted.
$ passwd\nChanging password for sysadmin.\nCurrent password:\nNew password:\nRetype new password:\npasswd: password updated successfully\n
Ensure to keep this password stored somewhere safe.
"},{"location":"collectors/probes/appliance/appliance_installation/#nano-basics","title":"Nano basics","text":"The InfraSonar appliance configuration requires you to edit files using SSH access. The appliance includes the main text editors of vi and nano.
Since Nano is easier to use, we outline its essential functions here.
The easiest way to use Nano, is to open the file you want to edit or create directly using Nano, like this:
sudo nano /etc/infrasonar/data/config/infrasonar.yaml\n
Note
We assume you are logged on to the appliance using SSH.
This command will launch the Nano editor, where you can immediately make changes to the file:
Nano screenshot When your edits are done, exit using Ctrl+X. Nano now prompts if you want to Save modified buffers.
If you want to save your edits press Y, followed by an Enter to confirm the filename.
Press N if you want to discard your edits or Ctrl+C if you want to continue editing.
"},{"location":"collectors/probes/appliance/appliance_installation/#network-configuration","title":"Network configuration","text":"The InfraSonar appliance ova uses DHCP by default. You can change this to a static IP by editing the file /etc/netplan/00-installer-config.yaml.
Indentation is meaningful in YAML
Make sure that you use spaces, rather than tab characters, to indent sections. In the default configuration files 2 spaces per indentation level are used, We recommend you do the same.
DHCP configuration Example DHCP configuration (default):
/etc/netplan/00-installer-config.yamlnetwork:\n ethernets:\n ens160:\n dhcp4: true\n version: 2\n
Static IP config Example static IP configuration:
/etc/netplan/00-installer-config.yamlnetwork:\n version: 2\n ethernets:\n ens160:\n dhcp4: false\n addresses:\n - 192.168.10.10/24\n routes:\n - to: default\n via: 192.168.10.1\n nameservers:\n addresses: [192.168.10.2, 192.168.10.3]\n
After you modified your IP configuration you need to apply the new netplan configuration using the following command:
sudo netplan generate\nsudo netplan --debug apply\n
"},{"location":"collectors/probes/appliance/appliance_installation/#deploy-infrasonar","title":"Deploy InfraSonar","text":"Run our easy deployment script to deploy InfraSonar on the appliance.
"},{"location":"collectors/probes/appliance/appliance_installation/#build-your-own-appliance","title":"Build your own appliance","text":"When you prefer to perform your own Linux installation or can't use the OVA file format we outlined our installation steps here.
"},{"location":"collectors/probes/appliance/appliance_manual_installation/","title":"Appliance","text":"This section outlines how to install the Linux appliance from scratch.
"},{"location":"collectors/probes/appliance/appliance_manual_installation/#installation","title":"Installation","text":" Ubuntu Server 22.04 LTS is used as the basis for the InfraSonar appliance.
Create a new virtual machine using these specifications:
- Compatibility: Compatible with: ESXi 6.5 and later VM version 13
- Guest OS Family: Linux
- Guest OS Version: Ubuntu Linux (64-bit)
- CPU: 2 CPU
- Memory: 2 GB memory
- Disk: 40 GB HDD
- Name: infrasonar-appliance
"},{"location":"collectors/probes/appliance/appliance_manual_installation/#installation-steps","title":"Installation steps","text":"Boot from the Ubuntu Server 22.04.1 ISO and then follow these steps:
- Select your language: English.
- Keyboard configuration:
- Layout: English (US).
- Variant: English (US).
- Choose the type of install: Ubuntu server (minimized)
- Network configuration: DHCP. (Note it can take some time for an IP address to get assigned)
- Proxy address: enter a proxy address if your environment uses a proxy, otherwise leave empty.
- Mirror address: keep as it is, unless you know what you are doing.
- Guided storage configuration:
- Select: Use an entire disk.
- Deselect: Set up this disk as an LVM group.
- Storage configuration:
- Review the file system summary and select: Done.
- Confirm destructive action, by clicking: Continue.
- Profile setup:
- Your name: sysadmin.
- Your server's name: infrasonar-appliance.
- Pick a username: sysdmin.
- Choose a password: Infr@S0n@r
- Confirm your password: Infr@S0n@r
- SSH Setup:
- Select: Install OpenSSH Server.
- Import SSH identity: No.
- Featured Server Snaps: do not select any server snaps.
- If the installation is ready, select: Reboot now.
Note
Do not forget to unmount the ISO.
"},{"location":"collectors/probes/appliance/appliance_manual_installation/#post-installation-steps","title":"Post installation steps","text":"Login to the appliance using SSH to perform the post installation steps.
ssh sysadmin@<server-ip>\n
"},{"location":"collectors/probes/appliance/appliance_manual_installation/#upgrade","title":"Upgrade","text":"```bash update and upgrade sudo apt update sudo apt upgrade sudo reboot
### VMware tools\n\nIt is recommended to install [open-vm-tools](https://github.com/vmware/open-vm-tools), when the appliance is installed on a VMware hypervisor platform.\n\n```bash \n# Update the APT package index.\nsudo apt update\n# Install open VMware tools.\nsudo apt install -y open-vm-tools\n
"},{"location":"collectors/probes/appliance/appliance_manual_installation/#miscellaneous-tools","title":"Miscellaneous tools","text":"sudo apt install -y vim nano cron dnsutils snmp iputils-ping\n
"},{"location":"collectors/probes/appliance/appliance_manual_installation/#docker-installation","title":"Docker installation","text":"All InfraSonar components run as Docker containers and are orchestrated using docker-compose.
The official Docker engine installation instructions can be found here.
sudo apt update\nsudo apt install -y \\\n ca-certificates \\\n curl \\\n gnupg \\\n lsb-release\nsudo mkdir -p /etc/apt/keyrings\ncurl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg\necho \\\n \"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \\\n $(lsb_release -cs) stable\" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null\nsudo apt update\nsudo apt install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin\nsudo groupadd docker\nsudo usermod -aG docker $USER\nsudo systemctl enable docker.service\nsudo systemctl enable containerd.service\n
"},{"location":"collectors/probes/appliance/appliance_manual_installation/#unattended-updates","title":"Unattended updates","text":"As we want the InfraSonar appliance to be zero maintenance, we configure unattended updates and allow the appliance to reboot when necessary at 2:00 CET.
Ubuntu unattended upgrades installation
# Install the unattended-upgrades package.\nsudo apt install -y unattended-upgrades\n# Verify using the following systemctl command.\nsudo systemctl status unattended-upgrades\n# To set automatic updates, we are going to install the update-notifier-common package.\nsudo apt install -y update-notifier-common\n
Ubuntu unattended upgrades configuration
Change the file /etc/apt/apt.conf.d/50unattended-upgrades, so it reflects these changes:
....\nUnattended-Upgrade::Allowed-Origins {\n \"${distro_id}:${distro_codename}\";\n \"${distro_id}:${distro_codename}-security\";\n // Extended Security Maintenance; doesn't necessarily exist for\n // every release and this system may not have it installed, but if\n // available, the policy for updates is such that unattended-upgrades\n // should also install from here by default.\n \"${distro_id}ESMApps:${distro_codename}-apps-security\";\n \"${distro_id}ESM:${distro_codename}-infra-security\";\n \"${distro_id}:${distro_codename}-updates\";\n// \"${distro_id}:${distro_codename}-proposed\";\n// \"${distro_id}:${distro_codename}-backports\";\n \"Docker:${distro_codename}\";\n};\n\n....\n\n// Automatically reboot *WITHOUT CONFIRMATION* if\n// the file /var/run/reboot-required is found after the upgrade.\nUnattended-Upgrade::Automatic-Reboot \"true\";\n\n// Automatically reboot even if there are users currently logged in\n// when Unattended-Upgrade::Automatic-Reboot is set to true.\nUnattended-Upgrade::Automatic-Reboot-WithUsers \"true\";\n\n// If automatic reboot is enabled and needed, reboot at the specific\n// time instead of immediately.\n// Default: \"now\".\nUnattended-Upgrade::Automatic-Reboot-Time \"02:00\";\n....\n
Enable daily unattended upgrades
echo unattended-upgrades unattended-upgrades/enable_auto_updates boolean true | sudo tee -a debconf-set-selections\nsudo dpkg-reconfigure -f noninteractive unattended-upgrades\n
You can verify that automatic updates are turned on, with this command:
sudo debconf-get-selections | grep -i enable_auto_updates\n
Note
debconf-get-selections requires debconf-utils to be installed (sudo apt-get install debconf-utils). We opt not to install this on production appliances, as we want to keep them as clean as possible.
Logging
Unattended Upgrades Log.
The unattended-upgrades.log is a log file where you can view all actions done by the unattended upgrade system. You can view the file with, for example, the tail command:
tail -n 100 /var/log/unattended-upgrades/unattended-upgrades.log\n
"},{"location":"collectors/probes/appliance/appliance_manual_installation/#ssh-configuration","title":"SSH configuration","text":"Edit the file /etc/ssh/sshd_config to harden SSH access:
/etc/ssh/sshd_config...\n# Logging\nSyslogFacility AUTHPRIV\n# LogLevel INFO\n\n...\n\n# Authentication:\nLoginGraceTime 10m\nPermitRootLogin no\n#StrictModes yes\nMaxAuthTries 3\nMaxSessions 1\n\n...\n\nAllowAgentForwarding no\nAllowTcpForwarding no\n#GatewayPorts no\nX11Forwarding no\n
Restart the SSH service to load the changes made.
sudo service ssh restart\n
SSH hardening options
The above change implements these hardening options:
- Block clients for 10 minutes after 3 failed login attempts.
- Disallow root from logging in.
- Disable connection multiplexing, which can be used to bypass authentication.
- Disable user environment forwarding.
"},{"location":"collectors/probes/appliance/appliance_manual_installation/#snmpd","title":"SNMPD","text":"To monitor the Linux operating system, install the snmpd daemon:
sudo apt install -y snmpd\n
As we use the default community string public and only require the snmpd daemon to listen on localhost, no further configuration is required.
# Read-only access to everyone to the systemonly view\nrocommunity public default\nrocommunity6 public default -V systemonly\n
"},{"location":"collectors/probes/appliance/appliance_manual_installation/#tmate","title":"tmate","text":"tmate is installed to offer remote support on request.
sudo apt install -y tmate\n
"},{"location":"collectors/probes/appliance/appliance_manual_installation/#sudo-configuration","title":"sudo configuration","text":"We opt to allow command to be executed using sudo without asking for a password.
Edit the sudo config by starting the editor
sudo visudo\n
Make the following modification:
# Allow members of group sudo to execute any command\n%sudo ALL=(ALL:ALL) NOPASSWD:ALL\n
"},{"location":"collectors/probes/appliance/appliance_manual_installation/#infrasonar","title":"InfraSonar","text":"InfraSonar is deployed on the appliance using Docker.
We opt to use /etc/infrasonar as the main directory.
sudo mkdir /etc/infrasonar\n
Next step is to setup the Docker compose file in /etc/infrasonar/docker-compose.yml. This file is outlined here
On the downloadable appliance we provide the docker-compose.yml file at the following location /etc/infrasonar/docker-compose.yml.example.
"},{"location":"collectors/probes/appliance/appliance_manual_installation/#appliance-init","title":"Appliance init","text":"Prior to creating a template the following steps need to be performed:
- Run the first boot script.
- Avoid duplicate SSH host keys.
- Avoid duplicate machine ID's.
"},{"location":"collectors/probes/appliance/appliance_manual_installation/#first-boot-script","title":"First boot script","text":"The following script is used to run at first boot and sets a random schedule for a daily InfraSonor update.
/home/sysadmin/init#!/usr/bin/env bash\n# Fix removed SSH host keys\n# Note: this requires the use of sudo without password\nsudo dpkg-reconfigure openssh-server\nsudo service ssh restart\n\n# Remove this init script.\nrm /home/sysadmin/init\n
Add the script to the crontab to run as first boot:
chmod +x /home/sysadmin/init\n(crontab -l ; echo \"@reboot /home/sysadmin/init\") | crontab -\n
"},{"location":"collectors/probes/appliance/appliance_manual_installation/#avoid-duplicate-ssh-host-keys","title":"Avoid duplicate SSH host keys","text":"To avoid lingering duplicate SSH host keys, we remove them before converting the appliance into a template.
sudo rm /etc/ssh/ssh_host_* \n
"},{"location":"collectors/probes/appliance/appliance_manual_installation/#avoid-duplicate-machine-ids","title":"Avoid duplicate machine ID's","text":"See also this VMware knowledge base article.
Before cloning, run these commands inside the Linux Guest OS:
sudo -s\necho -n > /etc/machine-id\nrm /var/lib/dbus/machine-id\nln -s /etc/machine-id /var/lib/dbus/machine-id\n
"},{"location":"collectors/probes/appliance/appliance_manual_installation/#first-login","title":"First login","text":""},{"location":"collectors/probes/appliance/appliance_manual_installation/#first-boot","title":"first boot","text":""},{"location":"collectors/probes/appliance/appliance_manual_installation/#change-hostname","title":"Change hostname","text":"#!/bin/bash\nhostnamectl set-hostname \"blue\"\necho $?\nhostnamectl set-hostname \"\"\necho $?\n
sudo hostnamectl set-hostname \"blue\" sudo sed -i 's/infrasonar/blue/g' /etc/hosts
https://www.cyberciti.biz/faq/ubuntu-20-04-lts-change-hostname-permanently/
sudo hostnamectl set-hostname ubuntu-2004-nixcraft\n
TODOR
# Expire the sysadmin password enforcing the user to change the password at logon\npasswd -e sysadmin\n
"},{"location":"collectors/probes/appliance/appliance_manual_installation/#cleanup","title":"Cleanup","text":"Remove the history
history -c\n
"},{"location":"collectors/probes/appliance/appliance_manual_installation/#shutdown","title":"Shutdown","text":"sudo shutdown -h now\n
"},{"location":"collectors/probes/appliance/appliance_manual_installation/#export-the-appliance","title":"Export the appliance:","text":"Using the ovftool on Windows and virtual center:
cd C:\\Program Files\\VMware\\VMware OVF Tool\novftool \"vi://administrator@vsphere.local@vcenter.lab.test-technology.nl:443 \\\n /Datacenter/vm/infrasonar-appliance\" \\\n \"c:\\Documents and Settings\\sysadmin\\infrasonar-appliance.ova\"\nEnter login information for source vi://vcenter.lab.test-technology.nl/\nUsername: administrator%40vsphere.local\nPassword: ********\n
or when using VMware workstation on Linux:
ovftool /home/sysadmin/vmware/infrasonar-appliance/infrasonar-appliance.vmx ~/infrasonar-appliance.ova\n
"},{"location":"collectors/probes/appliance/appliance_manual_installation/#create-a-template","title":"Create a template","text":"Note
The step below describe our lab configuration, adapt to your own needs.
- Open virtual center (https://vcenter.lab.test-technology.nl)
- Browse to the vm:
infrasonar-appliance - Right click the host and select Clone -> Clone to Template
- Name the template:
infrasonar-appliance-template - Select a location:
vcenter.lab.test-technology \\ Datacenter - Select a compute resource:
Datacenter \\ esxi01.test-technology.nl - Select storage:
truenas
"},{"location":"collectors/probes/appliance/credentials/","title":"Credentials","text":"Some InfraSonar probes require configuration and/or credentials to execute / authenticate its queries. A good example is the WMI-probe that requires Windows domain credentials to perform WMI queries.
"},{"location":"collectors/probes/appliance/credentials/#location","title":"Location","text":"Credentials are stored in the data/config subdirectory. This directory is relative from the directory from which you deployed InfraSonar. As we suggest using /etc/infrasonar the credentials file would be located here: /etc/infrasonar/data/config
"},{"location":"collectors/probes/appliance/credentials/#format","title":"Format","text":"The credentials file is named: infrasonar.yaml As suggested by the .yaml file extension the file format used is the yaml format.
It is worth noting that Indentation is meaningful in YAML. As such make sure that you use spaces, rather than tab characters, to indent sections. In the default configuration files 2 spaces per indentation level are used, We recommend you do the same.
See also our nano documentation section on how to edit files on the appliance.
"},{"location":"collectors/probes/appliance/credentials/#basic","title":"Basic","text":"This is the most basic credentials infrasonar.yaml configuration file.
infrasonar.yamlexampleProbe:\n config:\n password: \"a secret\"\n username: alice\n
- The first line identifies the probe section, in this example
exampleProbe - The second line starts the configuration section using the keyword
config - The third and fourth line in this example set the configuration parameters
username and password - Note the
\" \" quotes used for the password, this ensures any special characters are parsed correctly.
When the file is saved InfraSonar removes the password value and adds a encrypted section containing the encrypted password as shown in the example below:
infrasonar.yamlexampleProbe:\n config:\n password: \n encrypted: !!binary |\n Z0FBQUFBQmptMEhGq0FhTGJZNFNTckZKdXzWaVpKT2RzMzBARlJGUW1MVGVCVHNmTE15eVlOMTVD\n dGZWU1VEYUtPN2V4cWdOeGdoYlB1M29ua2JTZzNuQVlqU09eM0Z2c2c9PQ==\n username: alice\n
How to add a new password
Adding a new password is easy, remove the encrypted value (lines 4-6) and add the new password as a string.
"},{"location":"collectors/probes/appliance/credentials/#security-considerations","title":"Security considerations","text":"InfraSonar will make password and secret values unreadable but this must not be regarded as true encryption as the encryption key is publicly available.
"},{"location":"collectors/probes/appliance/credentials/#assets-section","title":"assets section","text":"The infrasonar.yaml allows for specific credentials per asset to achieve this you can add the asset ID's to the configuration.
infrasonar.yamlexampleProbe:\n assets:\n - config:\n password: \"my secret\"\n username: bob\n id: 123\n - config:\n password: \"other secret\"\n username: charlie\n id:\n - 456\n - 789\n config:\n password: \"a secret\"\n username: alice\n
Asset specific configuration can be added by adding a assets section and assigning assets to this section by providing the asset-id using the id property, this can either be one asset (line 6) or a list of assets (line 10-12).
"},{"location":"collectors/probes/appliance/credentials/#use-property","title":"use property","text":"use is a special property to indicate a probe should inhered the config from another probe.
otherProbe:\n use: exampleProbe\n
The use property can be partially useful for SNMP based probes as it is allows to point these to the snmp configuration section
some-snmp-based-probe:\n use: snmp\n
"},{"location":"collectors/probes/appliance/credentials/#specific-configuration","title":"Specific configuration","text":"Most probes have a default section they use to lookup local configuration. For the SNMP probe this is snmp while the Microsoft WMI probes uses wmi
It is however possible to create your own section, in the example below you see how we created myCustomSection.
myCustomSection:\n config:\n password: \"esther's secret\"\n username: esther\n
Using a custom section can be useful when credentials are used by multiple probes, for example:
myCustomSection:\n config:\n password: \"esther's secret\"\n username: esther\nwmi:\n use: myCustomSection\nvcenter: \n use: myCustomSection\n
In this scenario the wmi probe and vcenter probe both use the credentials provided by the myCustomSection section.
"},{"location":"collectors/probes/appliance/credentials/#local-configuration","title":"Local configuration","text":"You can also specific which section a probe should use using the InfraSonar user interface.
Each probe () which supports this has a Local configuration input box () where you can enter the name of the section you want this asset / probe to use.
How to add a new password
Adding a new password is easy, remove the encrypted value (lines 4-6) and add the new password as a string.
"},{"location":"collectors/probes/appliance/credentials/#probe-specifics","title":"Probe specifics","text":"For most probes it is sufficient to provide a username and password; we outlined probes with a more distinct configuration here:
"},{"location":"collectors/probes/appliance/credentials/#snmp","title":"SNMP","text":"The SNNP probe supports: SNMPv1, SNMPv2c, and SNMPv3 each of these are outlined in the upcoming paragraphs.
When no credentials are provided we use the following defaults:
- SNMP version: 2c
- Community string:
public
"},{"location":"collectors/probes/appliance/credentials/#snmpv1","title":"SNMPv1","text":"infrasonar.yamlsnmp:\n config:\n community: SomeCommunityString\n version: 1\n
Note how we specify the version using the version property.
"},{"location":"collectors/probes/appliance/credentials/#snmpv2c","title":"SNMPv2c","text":"infrasonar.yamlsnmp:\n config:\n community: SomeCommunityString\n version: \"2c\"\n
Note how we specify the version using the version property using quotes
"},{"location":"collectors/probes/appliance/credentials/#snmpv3","title":"SNMPv3","text":"infrasonar.yamlsnmp:\n config:\n version: 3\n username: alice\n auth:\n type: USM_AUTH_HMAC96_SHA\n password: \"my secret password\"\n priv:\n type: USM_PRIV_CFB128_AES\n password: \"my secret password\"\n
auth (5) Supported values for type:
USM_AUTH_HMAC96_MD5 USM_AUTH_HMAC96_SHAUSM_AUTH_NONE
When omitted USM_AUTH_NONE is used.
priv (8) Supported values for type:
- USM_PRIV_CBC56_DES
- USM_PRIV_CFB128_AES
- USM_PRIV_NONE
When omitted USM_PRIV_NONE is used.
"},{"location":"collectors/probes/appliance/credentials/#encrypted-community-string","title":"Encrypted community string","text":"It is possible to encrypt the community string on the appliance by indicating the string is secret as such:
infrasonar.yamlsnmp:\n config:\n community:\n secret: SomeCommunityString\n version: \"2c\"\n
This results upon save in community string being encrypted:
infrasonar.yamlsnmp:\n\n community:\n secret:\n encrypted: !!binary |\n Z0FBQUFBQmptMEhGq0FhTGJZNFNTckZKdXzWaVpKT2RzMzBARlJGUW1MVGVCVHNmTE15eVlOMTVD\n dGZWU1VEYUtPN2V4cWdOeGdoYlB1M29ua2JTZzNuQVlqU09eM0Z2c2c9PQ==\n version \"2c\"\n
"},{"location":"collectors/probes/appliance/credentials/#wmi","title":"WMI","text":"The WMI probe uses a straightforward configuration as shown below.
When Microsoft Active directory accounts are used the username can be either in domain format: domain\\infrasonar_service_account or use the UPN format: infrasonar_service_account@domain.something
An asset specific configuration can be useful for non-domain joined servers.
infrasonar.yamlwmi:\n config:\n username: \"charlie@domain.org\"\n password: \"a secret\"\n assets:\n - config:\n username: \"bob\"\n password: \"my secret\"\n id: 123\n
"},{"location":"collectors/probes/appliance/credentials/#faq","title":"FAQ","text":"Is it possible to copy credentials?
Yes credential files can be exchanged between appliances belonging to the same InfraSonar container.
I note my credentials are not being encoded?
Check if you per accident configured a duplicate section, see this simplified example where we configured two wmi sections:
wmi:\n config:\n username: alice\n password: \"a secret\"\nwmi:\n use: something\n
"},{"location":"collectors/probes/appliance/deploy_infrasonar/","title":"Deploy infraSonar","text":"InfraSonar probes can easily be deployed and maintained using our easy deployment script. If you want to review/audit our script you can find the latest version in our GitHub repository
"},{"location":"collectors/probes/appliance/deploy_infrasonar/#prerequisites","title":"Prerequisites","text":" - Before deploying InfraSonar ensure you have an AgentCore and an agent token.See our token documentation on how to create tokens;
- Access to a Linux host running docker compose V2.
"},{"location":"collectors/probes/appliance/deploy_infrasonar/#easy-deployment","title":"Easy deployment","text":"Our installer script deploys InfraSonar into the directory where you executed this script. We suggest you create a new directory for our configration, we strongly advise to use: /etc/infrasonar
/bin/bash -c \"$(curl -fsSL https://deploy.infrasonar.com)\"\n
When the Docker environment is up and running, you should see the Agentcore appear in the UI in the Agentcores section
You will also note several files in your directory which we outline in the next paragraph.
"},{"location":"collectors/probes/appliance/deploy_infrasonar/#directory-breakdown","title":"Directory breakdown","text":"file / directory Remark .env This file contains the InfraSonar tokens and is used by the docker-compose.yml file docker-compose.yml Contains alle InfraSonar probes as services next to the agentcore and watchtover service /data data volume, mounted to all InfraSonar services to store their config /data/.agentcore.json Agentcore configuration /data/.asset.json Docker agent configuration /data/config Contains probe specific configuration files /data/config/infrasonar.yaml Contains probe specific configuration such as credentials."},{"location":"collectors/probes/appliance/deploy_infrasonar/#rerun","title":"Rerun","text":"If you want to retrieve our latest docker-compose.yml file you can do so by renaming your existing docker-compose.yml file as backup and rerunning our deployment script.
mv docker-compose.yml docker-compose.yml.bak\n/bin/bash -c \"$(curl -fsSL https://deploy.infrasonar.com)\"\n
"},{"location":"collectors/probes/appliance/docker_compose/","title":"Docker deployment","text":"InfraSonar probes and the InfraSonar Agentcore are distributed using Docker containers via docker compose.
"},{"location":"collectors/probes/appliance/docker_compose/#docker-compose-file","title":"Docker compose file","text":"The latest production version of our complete docker-compose.yml file can be downloaded here
Some noteworthily sections of our docker-compose.yml file:
Volumes We opt to store the InfraSonar related data and configuration in the same sub-directory data in the directory where the docker compose file lives.
Networking We use the host network for all our containers and thus probes to avoid any networking issues.
x-infrasonar-template section The x-infrasonar-template section ensures the default settings are the same for all InfraSonar containers.
Watchtower service We use Watchtower to periodicity check for updates.
Within the Watchtower service we mount the localtime file to ensure the container is running in the same timezone as the appliance.
"},{"location":"collectors/probes/appliance/docker_compose/#manual-update-your-docker-containers","title":"Manual update your docker containers","text":"Login using SSH and use the cd command to navigate to the directory containing the InfraSonar configuration. (usually this is /etc/infrasonar/)
The first step is to check for newer images and pull these using this command:
docker compose pull\n
If all new images are downloded you can apply the changes using:
docker compose up -d\n
"},{"location":"collectors/probes/appliance/docker_compose/#restart","title":"Restart","text":"If you want to restart all InfraSonar containers you can do so using the following command:
docker compose restart\n
This implies you are executing this command in the directory containing the InfraSonar docker-compose.yml file.
"},{"location":"collectors/probes/appliance/docker_compose/#logging","title":"Logging","text":"For troubleshooting purposes you can change the log-level in the docker-compose.yml file
Supported log levels:
- debug
- info
- warning
- error
- critical
docker-compose.yml## InfraSonar docker-compose.yml file\n##\n## Set the correct TOKEN variables before starting.\n\nx-infrasonar-template: &infrasonar\n network_mode: host\n restart: always\n logging:\n options:\n max-size: 5m\n volumes:\n - ./data:/data/\n labels:\n com.centurylinklabs.watchtower.enable: TRUE\n environment:\n LOG_LEVEL: \"debug\"\n LOG_COLORIZED: \"1\"\n\nservices:\n agentcore:\n << : *infrasonar\n image: ghcr.io/infrasonar/agentcore\n environment:\n TOKEN: \"Agentcore-token\u00bb\"\n LOG_LEVEL: \"debug\"\n LOG_COLORIZED: \"1\"\n docker-agent:\n << : *infrasonar\n image: ghcr.io/infrasonar/docker-agent\n environment:\n TOKEN: \"\u00abAgent-token\u00bb\"\n LOG_LEVEL: \"debug\"\n LOG_COLORIZED: \"1\"\n volumes:\n - /var/run/docker.sock:/var/run/docker.sock\n - ./data:/data/\n .....\n
Note
You need to restart you containers for changed log setting to become active.
Contact InfraSonar support if you require any assistance.
"},{"location":"collectors/probes/snmp/","title":"Index","text":""},{"location":"collectors/probes/snmp/#snmp","title":"SNMP","text":"\"Simple Network Management Protocol is an Internet Standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior.\" - wikipedia
"},{"location":"collectors/probes/snmp/#features","title":"Features","text":"InfraSonar supports retrieving data from remote assets using the SNMPv1, SNMPv2c, and SNMPv3 protocol.
Next to the base SNMP probe we have various vendor specific probes:
- APC UPS
- Eaton
- HP ILO
- HP ProCurve
- Synology
- UniFi
"},{"location":"collectors/probes/snmp/#deployment","title":"Deployment","text":"Ensure the following section is added to your docker-compose template to enable the base-snmp probe:
snmp-probe:\n << : *infrasonar\n image: ghcr.io/infrasonar/snmp-probe\n
"},{"location":"collectors/probes/snmp/#prerequisites","title":"Prerequisites","text":"To monitor an asset using SNMP there ar two things two setup on the monitored asset:
Access Most SNMP implementation require you to add the monitoring IP as an authorized host. In our appliance based setup this is usually the IP address used by the monitoring appliance.
When you deploy multiple appliances be aware to configure all IP addresses on the SNMP monitored assets.
Also note Adding a host requires access to SNMP (udp/161) from the InfraSonar appliance running the SNMP probe.
Authentication SNMPv1 and SNMPv2c versions \"plain\" community string for authentication; SNMPv3 is more secure but not supported on all devices.
The community string or credentials should be stored on the appliance as described here.
default configuration
When no configuration file is specified the probe falls back SNMPv2c and used the community string public.
"},{"location":"collectors/probes/snmp/#how-to-configure-snmp","title":"How to configure SNMP","text":"The SNMP probe requires SNMP to be configured on devices you wish to monitor. The next chapter describes how to configure SNMP on some standard devices.
"},{"location":"collectors/probes/snmp/#ubuntu","title":"Ubuntu","text":"First step is to install the SNMP Daemon:
sudo apt-get update\nsudo apt-get install snmpd\n
Next is to edit the snmpd.conf file, this requires a few setting in this file to change:
/etc/snmp/snmpd.confsysLocation Sitting on the Dock of the Bay\nsysContact Me <me@example.org>\n\nagentAddress udp:161,udp6:[::1]:161\n\nrocommunity public default\nrocommunity6 public default\n
Set sysLocation to the correct location for this device and set sysContact to the system administrator contact.
agentAddress configures which IPv4 and IPv6 the SNMP daemon should listen on.
Setting this to: agentAddress udp:161,udp6:[::1]:161 will set the server to listen on all IPv4 and IPv6 addresses.
Alternatively you can bind to a specific IP address as such:
agentAddress udp:192.168.1.5:161\n
This binds the SNMPD daemon to the IP address 192.168.1.5 on port 161. Set the desired community name, in this example we use public
rocommunity: rocommunity public\n
Last step is to restart the SNMPD service: sudo service snmpd restart
YOu can verify the SNMPD is started using: sudo service snmpd status
"},{"location":"collectors/probes/snmp/#freebsd","title":"FreeBSD","text":"Edit (as root) the file /etc/snmpd.config, find the following lines in the file:
location := \"Room 200\"\ncontact := \"sysmeister@example.com\"\n\nread := \"public\"\n\nwrite := \"geheim\"\ntrap := \"mytrap\"\n
Set location to the correct location for this device and set contact to the system administrator contact.
Set the desired community name, in this example we use public
read := \"public\"\n
Enable bsnmpd in /etc/rc.conf
Add this at the end of the file:
bsnmpd_enable=\"YES\"\n
Start snmpd:
service bsnmpd start\n
We recommend to unstall the bsnmp-ucd package for more complete monitoring.
Installing this package involves the following steps:
pkg_add -r bsnmp-ucd\n
Locate and uncomment the line in /etc/snmpd.config
begemotSnmpdModulePath.\"hostres\" = \"/usr/lib/snmp_hostres.so\"\n
Add the next line below the just uncommented line: begemotSnmpdModulePath.\"ucd\" = \"/usr/local/lib/snmp_ucd.so\"\n
When done restart the bsnmp daemon:
/etc/rc.d/bsnmpd restart\n
"},{"location":"collectors/probes/snmp/#debian-based-systems","title":"Debian based systems","text":"The first step is to install snmpd usingapt:
sudo apt install snmpd\n
The next step is configuring snmpd. For this we need to edit /etc/snmp/snmpd.conf. Prior to editing this file we suggest making a backup of the existing configuration. This can be done by using the following command:
sudo cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.bak\n
Example snmpd.conf file:
############# InfraSonar SNMP Config ##################\ncom2sec readonly default infrasonar\ngroup InfraSonarGroup v2c readonly\nview all included .1\naccess InfraSonarGroup \"\" any noauth exact all none none\nsyslocation planetearth\nsyscontact support@infrasonar.com\n
Note
The community string in the above example is set to infrasonar. Also note the settings for syslocation and syscontact.
Restart the SNMP daemon to make the configuration effective:
sudo service snmpd restart\n
Verify that the service is running correctly:
sudo service snmpd status\n
This should result in a similar output like this:
\u25cf snmpd.service - Simple Network Management Protocol (SNMP) Daemon.\n Loaded: loaded (/lib/systemd/system/snmpd.service; enabled; vendor preset: enabled)\n Active: active (running) since Thu 2021-07-29 10:37:24 CEST; 1s ago\n Process: 14393 ExecStartPre=/bin/mkdir -p /var/run/agentx (code=exited, status=0/SUCCESS)\n Main PID: 14394 (snmpd)\n Tasks: 1 (limit: 2358)\n Memory: 5.0M\n CGroup: /system.slice/snmpd.service\n \u2514\u250014394 /usr/sbin/snmpd -Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -f -p /run/snmpd.pid\n\nJul 29 10:37:24 donkey-kong systemd[1]: Starting Simple Network Management Protocol (SNMP) Daemon....\nJul 29 10:37:24 donkey-kong systemd[1]: Started Simple Network Management Protocol (SNMP) Daemon..\nJul 29 10:37:24 donkey-kong snmpd[14394]: NET-SNMP version 5.7.3\n
"},{"location":"collectors/probes/snmp/#centos","title":"CentOS","text":"You can find a guide on how to install SNMP on CentOS here.
"},{"location":"collectors/probes/snmp/#hp-proliant-hosts","title":"HP Proliant hosts","text":"The HP agents can be installed and queried on HP Proliant hosts using SNMP. This section describes the setup.
Add the following section to the repository file: /etc/yum.repos.d/hp.repo:
[HP-Proliant]\nname=HP Proliant Red Hat Enterprise Linux $releasever - $basearch\n#baseurl=ftp://ftp.redhat.com/pub/redhat/linux/enterprise/$releasever/en/os/$basearch/Debuginfo/\nbaseurl=http://downloads.linux.hp.com/SDR/downloads/ServicePackforProLiant/RedHat/$releasever/$basearch/current/\n#http://downloads.linux.hp.com/SDR/downloads/ServicePackforProLiant/RedHat/5/x86_64/current/\nenabled=1\ngpgcheck=0\ngpgkey=http://downloads.linux.hp.com/SDR/downloads/ServicePackforProLiant/GPG-KEY-ProLiantSupportPack\n
Install the HP agents:
yum install hp-snmp-agents hp-health\n
You will get additional questions about the desired configuration. This will update the snmpd.conf file.
Start the agents:
/sbin/hpsnmpconfig\n/etc/init.d/hp-snmp-agents start\n/etc/init.d/snmpd restart\n
"},{"location":"collectors/probes/snmp/#vwware","title":"VWware","text":""},{"location":"collectors/probes/snmp/#virtual-center-appliance","title":"Virtual center appliance","text":"The VMware virtual center appliance can be configured to be monitored using SNMP.
- Log in to the webinterface (https://ip:5480) using a root account.
- Enable shell access: access --> shell / ssh.
- Log in using SSH and execute the following commands:
snmp.set --port 161\nsnmp.set --communities public\nsnmp.enable\n
- Verify if the snmpd service is started:
shell.set --enabled.true\nshell\nservice snmpd status\n
- Add the SNMP-probe in InfraSonar.
"},{"location":"collectors/probes/snmp/#esxi","title":"ESXi","text":"For the monitoring appliance to query the ESXi host, the following modifications must be made to the /etc/snmp/snmpd.conf file. This can be achieved by logging on to the ESXi hosts using SSH.
rocommunity <RO_Community_String>\ntrapcommunity <TRAPS_Community_String>\ntrapsink <IP_ADDRESS_Monitoring_Appliance>\npublic syscontact <sysadmin_contact_email_address>\nsyslocation <system_location>\n
Where:
Variable Description <RO_Community_String> Read only community string. This string should be added to the host config. <TRAPS_Community_String> Enter a trap community string. InfraSonar does not use this. <IP_ADDRESS_Monitoring_Appliance> IP address of the monitoring appliance. <sysadmin_contact_email_address> optional Email address of the sysadmin. <system_location> optional Note describing the physical location of the device. For the modifications to take effect, the SNMPD must be restarted using the following command:
/etc/init.d/snmpd restart\n
"},{"location":"collectors/probes/snmp/#known-issues","title":"Known issues","text":""},{"location":"collectors/probes/snmp/#unable-to-derive-address-info","title":"Unable to derive address info","text":"InfraSonar derives the address info from the ifdescr oid 1.3.6.1.2.1.2.2.1.2
We have seen devices return data in a hexadecimal format which cannot be decoded.
The solution for now is to disable the ipAddress check on the asset.
"},{"location":"collectors/probes/snmp/apcups/","title":"APC UPS","text":""},{"location":"collectors/probes/snmp/apcups/#apc-ups","title":"APC UPS","text":""},{"location":"collectors/probes/snmp/apcups/#introduction","title":"Introduction","text":"The APC UPS probe uses the snmp protocol to perform its queries.
"},{"location":"collectors/probes/snmp/apcups/#features","title":"Features","text":"The APC UPS probe consist of a number of UPS specific checks:
Battery status Input/output frequency Input/output voltage UPS Load Temperature
"},{"location":"collectors/probes/snmp/apcups/#deployment","title":"Deployment","text":"Ensure the following section is added to your docker-compose template to enable the APC UPS probe:
apcups-probe:\n << : *infrasonar\n image: ghcr.io/infrasonar/apcups-probe\n
"},{"location":"collectors/probes/snmp/apcups/#credentials","title":"Credentials","text":"As the APC UPS probe uses SNMP the SNMP section in our credentials documentation is applicable for this probe. The probe configuration uses the apcups section as default in the InfraSonar credentials file.
"},{"location":"collectors/probes/snmp/apcups/#conditions","title":"Conditions","text":"The label APC UPS can be used to configure our default condition set.
"},{"location":"collectors/probes/snmp/apcups/#additional-information","title":"Additional information","text":" APC UPS probe source code
"},{"location":"collectors/probes/snmp/eaton/","title":"EATON","text":""},{"location":"collectors/probes/snmp/eaton/#eaton","title":"Eaton","text":""},{"location":"collectors/probes/snmp/eaton/#introduction","title":"Introduction","text":"The Eaton probe uses the snmp protocol to perform its queries.
"},{"location":"collectors/probes/snmp/eaton/#features","title":"Features","text":"The Eaton probe consist of a number of UPS specific checks:
Battery status Alarms Input, Bypass & Output measurement Environmental monitoring, temperature and humidity
"},{"location":"collectors/probes/snmp/eaton/#deployment","title":"Deployment","text":"Ensure the following section is added to your docker-compose template to enable the Eaton probe:
eaton-probe:\n << : *infrasonar\n image: ghcr.io/infrasonar/eaton-probe\n
"},{"location":"collectors/probes/snmp/eaton/#credentials","title":"Credentials","text":"As the Eaton probe uses SNMP the SNMP section in our credentials documentation is applicable for this probe. The probe configuration uses the eaton section as default in the InfraSonar credentials file.
"},{"location":"collectors/probes/snmp/eaton/#conditions","title":"Conditions","text":"The label Eaton UPS can be used to configure our default condition set.
"},{"location":"collectors/probes/snmp/eaton/#eaton-ups-input-source","title":"Eaton UPS input source","text":"A noteworthy condition is the Eaton UPS input source condition as this condition is triggered when the UPS lost it's main power.
An interesting use case for this condition is to setup a DutyCalls rule to notify on-call personal when main power is lost.
Good to known
As the UPS occasionally switches to battery power for a couple of seconds as part of its maintenance routine this condition potential get's triggered while all is well. To avoid sending incorrect notification we wait one cycle before sending out an alert.
As the check interval for this check is 1 minute sending out a notification for this event can potentially take a maximum off 2 minutes.
"},{"location":"collectors/probes/snmp/eaton/#operational","title":"Operational","text":""},{"location":"collectors/probes/snmp/eaton/#snmp-version","title":"SNMP version","text":"We noted we had to use SNMP version 1 in most scenario's we deployed this probe.
"},{"location":"collectors/probes/snmp/eaton/#additional-information","title":"Additional information","text":" - Vendor SNMP MIB information
- InfraSonar Eaton probe source code
"},{"location":"collectors/probes/snmp/hpilo/","title":"HP ILO","text":""},{"location":"collectors/probes/snmp/hpilo/#hp-ilo","title":"HP ILO","text":""},{"location":"collectors/probes/snmp/hpilo/#introduction","title":"Introduction","text":"The HP ILO probe uses the snmp protocol to perform its queries.
"},{"location":"collectors/probes/snmp/hpilo/#features","title":"Features","text":"The HP ILO probe consist of a number of specific checks:
System status (fan, power supply, memory, teperature cpu) HP Eventlog Array controller Storage (logical, phycial)
"},{"location":"collectors/probes/snmp/hpilo/#deployment","title":"Deployment","text":"Ensure the following section is added to your docker-compose template to enable the HP ILO probe:
hpilo-probe:\n << : *infrasonar\n image: ghcr.io/infrasonar/hpilo-probe\n
"},{"location":"collectors/probes/snmp/hpilo/#credentials","title":"Credentials","text":"As the HP ILO probe uses SNMP the SNMP section in our credentials documentation is applicable for this probe. The probe configuration uses the hpilo section as default in the InfraSonar credentials file.
"},{"location":"collectors/probes/snmp/hpilo/#conditions","title":"Conditions","text":"The label HP ILO can be used to configure our default condition set.
"},{"location":"collectors/probes/snmp/hpilo/#additional-information","title":"Additional information","text":" HP ILO probe source code
"},{"location":"collectors/probes/snmp/hpprocurve/","title":"HP ProCurve","text":""},{"location":"collectors/probes/snmp/hpprocurve/#hp-procurve","title":"HP ProCurve","text":""},{"location":"collectors/probes/snmp/hpprocurve/#introduction","title":"Introduction","text":"The HP ProCurve probe uses the snmp protocol to perform its queries.
"},{"location":"collectors/probes/snmp/hpprocurve/#features","title":"Features","text":"The HP ProCurve probe consist of a number of UPS specific checks:
CPU Memory Sensors
"},{"location":"collectors/probes/snmp/hpprocurve/#deployment","title":"Deployment","text":"Ensure the following section is added to your docker-compose template to enable the HP ProCurve probe:
hpprocurve-probe:\n << : *infrasonar\n image: ghcr.io/infrasonar/hpprocurve-probe\n
"},{"location":"collectors/probes/snmp/hpprocurve/#credentials","title":"Credentials","text":"As the HP ProCurve probe uses SNMP the SNMP section in our credentials documentation is applicable for this probe. The probe configuration uses the hpprocurve section as default in the InfraSonar credentials file.
"},{"location":"collectors/probes/snmp/hpprocurve/#conditions","title":"Conditions","text":"The label HP ProCurve can be used to configure our default condition set.
"},{"location":"collectors/probes/snmp/hpprocurve/#additional-information","title":"Additional information","text":" HP ProCurve probe source code
"},{"location":"collectors/probes/snmp/idrac/","title":"Dell iDRAC","text":""},{"location":"collectors/probes/snmp/idrac/#dell-idrac","title":"Dell iDRAC","text":""},{"location":"collectors/probes/snmp/idrac/#introduction","title":"Introduction","text":"The Dell iDRAC probe uses the snmp protocol to perform its queries.
"},{"location":"collectors/probes/snmp/idrac/#features","title":"Features","text":"The Dell iDRAC consist of a number of specific checks:
System status (fan, power supply, memory, teperature cpu) Eventlog Firmware
"},{"location":"collectors/probes/snmp/idrac/#deployment","title":"Deployment","text":"Ensure the following section is added to your docker-compose template to enable the HP ILO probe:
idrac-probe:\n << : *infrasonar\n image: ghcr.io/infrasonar/idrac-probe\n
"},{"location":"collectors/probes/snmp/idrac/#credentials","title":"Credentials","text":"As the Dell iDRAC probe uses SNMP the SNMP section in our credentials documentation is applicable for this probe. The probe configuration uses the idrac section as default in the InfraSonar credentials file.
"},{"location":"collectors/probes/snmp/idrac/#conditions","title":"Conditions","text":"The label HP ILO can be used to configure our default condition set.
"},{"location":"collectors/probes/snmp/idrac/#additional-information","title":"Additional information","text":" Dell iDRAC probe source code
"},{"location":"collectors/probes/snmp/synology/","title":"Synology","text":""},{"location":"collectors/probes/snmp/synology/#synology","title":"Synology","text":""},{"location":"collectors/probes/snmp/synology/#introduction","title":"Introduction","text":"The Synology probe uses the snmp protocol to perform its queries.
"},{"location":"collectors/probes/snmp/synology/#features","title":"Features","text":" System information Disk status RAID status Services IO
Docker supported Synology
Some Synology models support docker! You can utilize our docker agent to monitoring the containers running in the NAS.
You can also use the NAS to deploy our probes and utilize the NAS also a monitoring appliance. This works flawlessly as the InfraSonar resource usage is minimal.
"},{"location":"collectors/probes/snmp/synology/#deployment","title":"Deployment","text":"Ensure the following section is added to your docker-compose template to enable the Synology probe:
synology-probe:\n << : *infrasonar\n image: ghcr.io/infrasonar/synology-probe\n
"},{"location":"collectors/probes/snmp/synology/#credentials","title":"Credentials","text":"As the Synology probe uses SNMP the SNMP section in our credentials documentation is applicable for this probe. The probe configuration uses the synology section as default in the InfraSonar credentials file.
"},{"location":"collectors/probes/snmp/synology/#additional-information","title":"Additional information","text":" Synology probe source code
"},{"location":"collectors/probes/snmp/unifi/","title":"UniFi","text":""},{"location":"collectors/probes/snmp/unifi/#unifi","title":"UniFi","text":""},{"location":"collectors/probes/snmp/unifi/#introduction","title":"Introduction","text":"The UniFi probe uses the snmp protocol to perform its queries.
See also our API probe
You can also use our Unifi Controller and UniFi device collector.
"},{"location":"collectors/probes/snmp/unifi/#features","title":"Features","text":"The UniFi probe consist of a number of UPS specific checks:
System information Radio status VAP status
"},{"location":"collectors/probes/snmp/unifi/#deployment","title":"Deployment","text":"Ensure the following section is added to your docker-compose template to enable the UniFi probe:
unifi-probe:\n << : *infrasonar\n image: ghcr.io/infrasonar/unifi-probe\n
"},{"location":"collectors/probes/snmp/unifi/#credentials","title":"Credentials","text":"As the UniFi probe uses SNMP the SNMP section in our credentials documentation is applicable for this probe. The probe configuration uses the unifi section as default in the InfraSonar credentials file.
"},{"location":"collectors/probes/snmp/unifi/#additional-information","title":"Additional information","text":" UniFi probe source code
"},{"location":"collectors/probes/vmware/","title":"Index","text":""},{"location":"collectors/probes/vmware/#vmware","title":"VMware","text":""},{"location":"collectors/probes/vmware/#introduction","title":"Introduction","text":"InfraSonar has two probe to monitor VMware hypervisors:
Both probes use the VMware API to collect data.
We advise to always install bot the vCenter and the ESXi probes. For standalone ESXi host we created a specific label ensuring optimal monitoring for this scenario.
"},{"location":"collectors/probes/vmware/#features","title":"Features","text":"Two notable metrics we added to our guest monitoring:
Our default label for standalone ESXi hosts contains specific conditions for these metrics
"},{"location":"collectors/probes/vmware/#disk-bus-reset","title":"disk bus reset","text":"If a storage device is overwhelmed with too many read and write commands from an ESXi host, or if it encounters a hardware issue and fails to abort commands, it will clear out all commands waiting in its queue. This is called a disk bus reset. Disk bus resets are a sign of a disk storage bottleneck and can cause slower VM performance, as VMs will need to resend those requests. Disk bus resets typically do not occur in healthy vSphere environments, so you should investigate any VM with a positive value for the disk.bus.reset metric
"},{"location":"collectors/probes/vmware/#cpu-readiness","title":"CPU readiness","text":"The CPU readiness metric tracks the percentage of time a virtual machine is ready to run a workload but has to wait on the ESXi host to schedule it due to there not being enough physical CPU available. Monitoring CPU readiness time can give you a good idea of whether or not your VMs are running efficiently or spending too much time waiting and unable to run their workloads. While some CPU readiness time can be normal, VMware recommends setting an alert to let you know if this metric surpasses 5 percent. VMs that spend a significant percentage of their time in a ready state will be unable to execute tasks, which can lead to poor application performance and possibly timeout errors and downtime.
"},{"location":"collectors/probes/vmware/esx/","title":"ESXi","text":""},{"location":"collectors/probes/vmware/esx/#vmware-esxi","title":"VMware ESXi","text":""},{"location":"collectors/probes/vmware/esx/#introduction","title":"Introduction","text":"The VMware esx-probe uses the VMware API to monitor VMware ESXi hosts.
"},{"location":"collectors/probes/vmware/esx/#features","title":"Features","text":"THe ESXi probe can be used to monitor standalone VMware ESXi hosts as hosts part of a VMware V-center deployment.
We have a default label that contains specific conditions for monitoring stand alone ESXi hosts.
See our overall VMwware documentation for additional information.
- Configuration issues
- Hypervisor status
- Datastores
- Virtual datastore provisioning
- Actual capacity on the datastore
- Virtual capacity space actual virtually provisioned when using thin provisioning.
VMware guest monitoring
We offer a specific probe for VMware guest monitoring to retrieve even more in-depth metrics per virtual machine. See our VMware guest documentation for more information.
"},{"location":"collectors/probes/vmware/esx/#deployment","title":"Deployment","text":"The Vmware ESXi probe can best be deployed as a docker container using docker compose
"},{"location":"collectors/probes/vmware/esx/#configuration","title":"Configuration","text":""},{"location":"collectors/probes/vmware/esx/#credentials","title":"Credentials","text":"The VMware API requires a user account which is assigned the Read-only rol on each monitored ESXi host.
See the VMware documentation on how to setup a local account and assign this accountto the Read-only role.
The corresponding infrasonar.yaml 1 section when using for example infrasonar as user id looks as follows:
esx:\n config:\n username: infrasonar\n password: \"some_secure_passw0rd\"\n
Don't use root
We strongly advise setting up a separate user for monitoring to have a clear separation of responsibilities but also to avoid lock-out issues.
"},{"location":"collectors/probes/vmware/esx/#operational","title":"Operational","text":""},{"location":"collectors/probes/vmware/esx/#known-issues","title":"Known issues","text":""},{"location":"collectors/probes/vmware/esx/#cached-api-response","title":"Cached API response","text":"Sometimes InfraSonar reports different values than VMware consoles.
The cause for this is that the VMware API sends cached data as a response to queries.
The solution to mitigate this situation is to clean the VMware cache using the following commands on the affected ESXi host:
localcli hardware ipmi sel clear\netc/init.d/sfcbd-watchdog restart\netc/init.d/hostd restart\netc/init.d/vpxa restart\n
"},{"location":"collectors/probes/vmware/esx/#additional-information","title":"Additional information","text":" esx probe source code
-
Passwords are encrypted on the appliance the moment the file is saved, see our credentials documentation \u21a9
"},{"location":"collectors/probes/vmware/vcenter/","title":"vCenter","text":""},{"location":"collectors/probes/vmware/vcenter/#vmware-vcenter","title":"VMware vCenter","text":""},{"location":"collectors/probes/vmware/vcenter/#introduction","title":"Introduction","text":"The vcenter-probe uses the VMware API to monitor VMware Virtual center hosts.
"},{"location":"collectors/probes/vmware/vcenter/#features","title":"Features","text":" - vCenter alarms
- Cluster status
- Hypervisor hosts
- Datastores
VMware guest monitoring
We offer a specific probe for VMware guest monitoring to retrieve even more in-depth metrics per virtual machine. See our VMware guest documentation for more information.
"},{"location":"collectors/probes/vmware/vcenter/#deployment","title":"Deployment","text":"The vCenter probe can best be deployed as a docker container using docker compose
"},{"location":"collectors/probes/vmware/vcenter/#probe-configuration","title":"Probe configuration","text":""},{"location":"collectors/probes/vmware/vcenter/#credentials","title":"Credentials","text":"The VMware API requires a user account which is assigned the Read-only rol to access monitoring data on VMware vCenter appliance.
"},{"location":"collectors/probes/vmware/vcenter/#vcenter-integrated-with-ad","title":"vCenter integrated with AD","text":"When vCenter is integrated with Active Directory (AD), you will find a group in vCenter that has a corresponding group in AD.
Simply create a user with read-only permissions for your vCenter environment in AD and add it to the corresponding AD group. Your credentials for vCenter will be in the format of username@windows.domain.
The corresponding infrasonar.yaml 1 section when using for example infrasonar@vsphere.local as user id looks as follows:
vcenter:\n config:\n username: infrasonar@windows.domain\n password: \"some_secure_passw0rd\"\n
"},{"location":"collectors/probes/vmware/vcenter/#vcenter-standalone","title":"vCenter standalone","text":"When vCenter is not integrated with AD, you will create a new read-only user in your vSphere client and grant this account read-only access.
See the VMware documentation on how to setup a local @windows.domain account and how to grant this account read-only access.
The corresponding infrasonar.yaml 1 section in this scenario:
vcenter:\n config:\n username: infrasonar@vsphere.local\n password: \"some_secure_passw0rd\"\n
"},{"location":"collectors/probes/vmware/vcenter/#additional-information","title":"Additional information","text":" vcenter probe source code
-
Passwords are encrypted on the appliance the moment the file is saved, see our credentials documentation \u21a9\u21a9
"},{"location":"collectors/probes/vmware/vmwareguest/","title":"VMware guest","text":""},{"location":"collectors/probes/vmware/vmwareguest/#vmware-guest","title":"VMware guest","text":""},{"location":"collectors/probes/vmware/vmwareguest/#introduction","title":"Introduction","text":"The VMware guest uses the VMware API to monitor VMware guests on either ESXi or VMware vCenter.
Note
The VMware guest probes requires the VMware vcenter or VMware ESXi probe to be installed first as these act as a \"proxy\" for the guest queries.
"},{"location":"collectors/probes/vmware/vmwareguest/#features","title":"Features","text":"The VMware guest probe offers a deep inside into individual virtual machines running on VMware:
- Overview
- CPU Readiness
- Disk bus resets
- Virtual disks
- Snapshots
- VMware tools version
"},{"location":"collectors/probes/vmware/vmwareguest/#deployment","title":"Deployment","text":"The VMware guest probe can best be deployed as a docker container using docker compose.
"},{"location":"collectors/probes/vmware/vmwareguest/#probe-configuration","title":"Probe configuration","text":"Hypervisor Address of the hypervisor you want to query, usually you would use the IP or FQDN of the Vcenter asset used to managed the VMware cluster. When using an ESXi without Vcenter you can also enter the IP or FQDN of the ESXi host here.
Instance UUID You can lookup the instance UUID on the details page of the asset you want specified as hypervisor
Credentials As the VMware guest connects to a VMware vCenter host or ESXi host we urge you to use the same credentials for the VMware guest queries.
When monitoring guests running on a standalone ESXi environment you can use esx and when monitoring guest on Vcenter managed environment use vcenter
You can automate this step using our toolkit and VMware guests report.
Please reach out to support for additional information.
"},{"location":"collectors/probes/vmware/vmwareguest/#additional-information","title":"Additional information","text":" vcenter probe source code
"},{"location":"collectors/probes/wmi/","title":"Index","text":""},{"location":"collectors/probes/wmi/#wmi","title":"WMI","text":""},{"location":"collectors/probes/wmi/#introduction","title":"Introduction","text":"InfraSonar can use the WMI protocol to monitor Microsoft Windows hosts without installing an agent on them. Monitoring in this scenario is performed by periodically querying the Windows host using WQL queries.
InfraSonar uses the open source aiowmi library released in 2021 by Cesbit.
"},{"location":"collectors/probes/wmi/#features","title":"Features","text":" - CPU, memory and disk utilization
- Network utilization
- Windows services
- Domain information for domain joined hosts
- Time drift
- Process information
- User information
- Local sessions
- Remote sessions (RDP)
- Configured shares
- Installed software (as reported by add/remove programs)
- Installed Windows updates
- VSS usage
"},{"location":"collectors/probes/wmi/#deployment","title":"Deployment","text":"The WMI probe is deployed as a docker container using docker compose.
"},{"location":"collectors/probes/wmi/#probe-configuration","title":"Probe configuration","text":""},{"location":"collectors/probes/wmi/#credentials","title":"Credentials","text":"The WMI-probe requires a service account with domain admin rights or a local administrative to perform the WMI queries.
While it is possible to configure a regular user with additional DCOM permissions we feel this provides a false sense of security as the DCOM privileges required are quite broad.
"},{"location":"collectors/probes/wmi/#checks","title":"Checks","text":""},{"location":"collectors/probes/wmi/#best-practices","title":"Best practices","text":""},{"location":"collectors/probes/wmi/#operational","title":"Operational","text":""},{"location":"collectors/probes/wmi/#firewall-requirements","title":"Firewall requirements","text":"The WMI-probe requires no configuration on the monitored asset, other then access via the WMI protocol.
"},{"location":"collectors/probes/wmi/#local-firewall","title":"Local firewall","text":"If the Microsoft Windows local firewall is enabled, you will need to allow \"Windows Management Instrumentation\" traffic.
To enable or disable WMI traffic using the firewall UI
- In the Control Panel, click on Security and then click on Windows Firewall.
- Click on Change Settings and then click on the Exceptions tab.
- In the Exceptions window, select the check box for Windows Management Instrumentation (WMI) to enable WMI traffic through the firewall. To disable WMI traffic, clear the check box.
Tip
Windows 11 has a special firewall that only allows access from hosts inside the same local subnet.
To enable WMI traffic at command prompt using WMI rule group
We can easily allow remote WMI using the following set of netsh commands:
netsh advfirewall firewall set rule group=\"Windows Management Instrumentation (WMI-In)\" new enable=yes\nnetsh advfirewall firewall set rule group=\"Windows Management Instrumentation (DCOM-In)\" new enable=yes\nnetsh advfirewall firewall set rule group=\"Windows Management Instrumentation (ASync-In)\" new enable=yes\n
"},{"location":"collectors/probes/wmi/#corporate-firewall","title":"Corporate firewall","text":"When monitoring hosts which are located behind a firewall, for example hosts in a DMZ, the firewall must be configured to allow WMI.
To comply with Internet Assigned Numbers Authority (IANA) recommendations, Microsoft has increased the dynamic client port range for outgoing connections in Windows Vista and Windows Server 2008. The new default start port is 49152, and the new default end port is 65535. This is a change from the configuration of earlier versions of Windows that used a default port range of 1025 through 5000.
- Windows server below 2008, access for the RPC Endpoint Mapper (135) as well as WMI (variable port range, by default 1024-5000) should be granted.
- Windows server 2008 and higher versions. access for the RPC Endpoint Mapper (135) as well as WMI (variable port range, by default 49152-65535) should be granted.
You can lookup the dynamic port range actually used by the Windows host using these commands:
netsh int ipv4 show dynamicport tcp\nnetsh int ipv4 show dynamicport udp\nnetsh int ipv6 show dynamicport tcp\nnetsh int ipv6 show dynamicport udp\n
Note
The range is set separately for each transport (TCP or UDP).
The port range is now truly a range that has a starting point and an ending point.
Microsoft customers who deploy servers that are running Windows Server 2008 may have problems that affect RPC communication between servers if firewalls are used on the internal network.
In these situations, we recommend that you reconfigure the firewalls to allow traffic between servers in the dynamic port range of 49152 through 65535.
This range is in addition to well-known ports that are used by services and applications. Or, the port range that is used by the servers can be modified on each server.
You adjust this range by using the netsh command, as follows: netsh int set dynamic start= number num= range. This command sets the dynamic port range for TCP. The start port is number, and the total number of ports is range."},{"location":"collectors/probes/wmi/#none-domain-credentials","title":"None domain credentials","text":"
None domain members
This is only required for hosts that are not a member of your Windows domain or when using a local account is required due to other circumstances.
By default only the true local administrator account can be used for remote WMI queries. You can use the following steps to create a local account:
- Create a local account and ensure the account is member of the group Remote Management Users.
- Authorize CIMV2 access:
- Open the WMI management console
wmimgmt.msc. - Right click WMI Control (Local) and select properties from the menu.
- Select the security tab.
- Browse to Root\\CIMV2.
- Click the button labeled security.
- Authorize COM access:
- Start the component Services console.
- Browse in the left pane to: Component Services \\ Computers.
- Right click My Computer and select **properties from the menu.
- Open the tab COM Security.
- Click Edit Limits in the Access Permissions pane.
- Add the account used for monitoring using the Add button.
- Ensure the account has Remote Access permissions.
- Close the access permission screen by clicking OK.
- Click on Edit Limits in the Launch and Activation Permissions pane.
- Add the account used for monitoring using the Add button.
- Ensure to allow: Local Launch, Remote Launch, Local Activation and Remote Activation.
- Close the windows by clicking OK twice and exit the Component Services console.
See also our WMI trouble shooting section about remote-UAC as you might need to disable this.
"},{"location":"collectors/probes/wmi/#microsoft-windows-server-2003","title":"Microsoft Windows server 2003","text":"You should ensure Management and Monitoring Tools are installed using Add/remove windows components
The software and updates check might not work as expected, we advise you to turn off these checks.
"},{"location":"collectors/probes/wmi/#microsoft-isa-server","title":"Microsoft ISA Server?","text":"Monitoring a Microsoft ISA server requires the following rules on the ISA server:
- Allow traffic from the monitoring appliance to localhost for all protocols.
- Within this rule, filtering \"Enforce strict RPC compliance\" must be disabled.
"},{"location":"collectors/probes/wmi/#known-issues","title":"Known issues","text":"See our troubleshooting section for known issues and ways to troubleshot WMI queries.
"},{"location":"collectors/probes/wmi/#additional-information","title":"Additional information","text":" Microsoft WMI probe source code
"},{"location":"collectors/probes/wmi/eventlog/","title":"EventLog","text":""},{"location":"collectors/probes/wmi/eventlog/#eventlog","title":"Eventlog","text":""},{"location":"collectors/probes/wmi/eventlog/#introduction","title":"Introduction","text":"The Hyper-V guest probes uses WMI to to monitor Microsoft Windows eventlog's.
"},{"location":"collectors/probes/wmi/eventlog/#features","title":"Features","text":" - Specific eventID's
- Predefined security IDS's
"},{"location":"collectors/probes/wmi/eventlog/#deployment","title":"Deployment","text":"The eventlog probe is deployed as a docker container using docker compose.
"},{"location":"collectors/probes/wmi/eventlog/#probe-configuration","title":"Probe configuration","text":"Deployment of the eventlog probe is the simulair to deploying the WMI probe as it is in essence an extension of the WMI probe.
Address Address of the eventlog host you want to query, in most cases this is the same address as used for the WMI probe.
Local conguration In most scenarios setting this to wmi is fine as this is the default section for WMI credentials. See our credentials documentation for more advanced implementation scenarios.
"},{"location":"collectors/probes/wmi/eventlog/#additional-information","title":"Additional information","text":""},{"location":"collectors/probes/wmi/eventlog/#security-eventlog-ids-monitored","title":"Security eventlog ID's monitored","text":"ID Description 4624 Successful account log on 4625 Failed account log on 4634 An account logged off 4648 A logon attempt was made with explicit credentials 4719 System audit policy was changed. 4964 A special group has been assigned to a new log on 1102 Audit log was cleared. This can relate to a potential attack 4720 A user account was created 4722 A user account was enabled 4723 An attempt was made to change the password of an account 4725 A user account was disabled 4728 A user was added to a privileged global group 4732 A user was added to a privileged local group 4756 A user was added to a privileged universal group 4738 A user account was changed 4740 A user account was locked out 4767 A user account was unlocked 4735 A privileged local group was modified 4737 A privileged global group was modified 4755 A privileged universal group was modified 4772 A Kerberos authentication ticket request failed 4777 The domain controller failed to validate the credentials of an account. 4782 Password hash an account was accessed 4616 System time was changed 4657 A registry value was changed 4697 An attempt was made to install a service 4698 A scheduled task was created 4699 A scheduled task was deleted 4700 A scheduled task was enabled 4701 A scheduled task was disabled 4702 A scheduled task was updated 4946 A rule was added to the Windows Firewall exception list 4947 A rule was modified in the Windows Firewall exception list 4950 A setting was changed in Windows Firewall 4954 Group Policy settings for Windows Firewall has changed 5025 The Windows Firewall service has been stopped 5031 Windows Firewall blocked an application from accepting incoming traffic 5152 A network packet was blocked by Windows Filtering Platform 5153 A network packet was blocked by Windows Filtering Platform 5155 Windows Filtering Platform blocked an application or service from listening on a port 5157 Windows Filtering Platform blocked a connection 5447 A Windows Filtering Platform filter was changed 4663 Attempt made to access object 4688 A new process has been created 4670 Permissions on an object were changed 4672 Special privileges assigned to new logon Windows Event Log probe source code
"},{"location":"collectors/probes/wmi/hyperv/","title":"Hyper-V","text":""},{"location":"collectors/probes/wmi/hyperv/#hyperv","title":"HyperV","text":""},{"location":"collectors/probes/wmi/hyperv/#introduction","title":"Introduction","text":"The Hyper-V guest probes uses WMI to to monitor Microsoft Windows Hyper-V hosts.
"},{"location":"collectors/probes/wmi/hyperv/#features","title":"Features","text":""},{"location":"collectors/probes/wmi/hyperv/#deployment","title":"Deployment","text":"The HyperV probe is deployed as a docker container using docker compose.
"},{"location":"collectors/probes/wmi/hyperv/#probe-configuration","title":"Probe configuration","text":"Deployment of the Hyper-V probe is the simulair to deploying the WMI probe as it is in essence an extension of the WMI probe.
Address Address of the Hyper-V host you want to query, in most cases this is the same address as used for the WMI probe.
Local conguration In most scenarios setting this to wmi is fine as this is the default section for WMI credentials. See our credentials documentation for more advanced implementation scenarios.
"},{"location":"collectors/probes/wmi/hyperv/#additional-information","title":"Additional information","text":" Microsoft Hyper-V guest probe source code
"},{"location":"collectors/probes/wmi/hyperv/#additional-information_1","title":"Additional information","text":" Microsoft Hyper-V probe source code
"},{"location":"collectors/probes/wmi/hypervguest/","title":"Hyper-V guest","text":""},{"location":"collectors/probes/wmi/hypervguest/#hyper-v-guest","title":"Hyper-V guest","text":""},{"location":"collectors/probes/wmi/hypervguest/#introduction","title":"Introduction","text":"The Hyper-V guest probes uses WMI to to monitor Microsoft Windows Hyper-V guests.
Note
The Microsoft Hyper-V guest probes requires the Hyper-V probe to be installed first as these act as a \"proxy\" for the guest queries.
"},{"location":"collectors/probes/wmi/hypervguest/#features","title":"Features","text":" - Guest status as provided by the
Msvm_ComputerSystem class
"},{"location":"collectors/probes/wmi/hypervguest/#deployment","title":"Deployment","text":"The HyperV- guest probe is deployed as a docker container using docker compose.
"},{"location":"collectors/probes/wmi/hypervguest/#probe-configuration","title":"Probe configuration","text":"Hypervisor Address of the hypervisor you want to query, usually you would use the IP or FQDN of the Hyper-V host.
GUID You can lookup the GUUID on the details page of the asset you want specified as Hyper-V host
Local conguration As the Hyper-V guest connects to the Hyper-V host we urge you to use the same credentials for the Hyper-V guest queries. When Hyper-V is deployed in a windows domain you can set local configuration to wmi as this section is the default section for domain credentials.
See also our credentials documentation.
You can automate this step using our toolkit and the Hyper-V guests report.
Please reach out to support for additional information.
"},{"location":"collectors/probes/wmi/hypervguest/#additional-information","title":"Additional information","text":" Microsoft Hyper-V guest probe source code
"},{"location":"collectors/probes/wmi/wmi-troubleshooting/","title":"WMI troubleshooting","text":""},{"location":"collectors/probes/wmi/wmi-troubleshooting/#manual-query","title":"Manual query","text":"You can test WMI access from a Windows host or the Linux appliance.
"},{"location":"collectors/probes/wmi/wmi-troubleshooting/#linux-appliance","title":"Linux appliance","text":"WMI command line query for the Linux appliance or any host running Docker.
docker run --rm -it \\\n --network host \\\n ghcr.io/infrasonar/wmi-probe \\\n pywmitool \\\n -a <computername or IP> \\\n -u userid> \\\n -d <domain> \\\n -q \"SELECT Name FROM Win32_OperatingSystem\"\n
"},{"location":"collectors/probes/wmi/wmi-troubleshooting/#windows-host","title":"Windows host","text":"You can test if WMI is working correctly on a Windows host by using the wbemtest command:
wbemtest\nnamespace \\\\<computername or IP>\\root\\cimv2\nquery\nselect name from win32_computersystem\n
Note
Make sure to replace <domain>, <userid>, and <computername or IP> with the correct values.
"},{"location":"collectors/probes/wmi/wmi-troubleshooting/#wmi-probe-known-issues","title":"WMI-probe - Known issues","text":""},{"location":"collectors/probes/wmi/wmi-troubleshooting/#access-denied","title":"Access denied","text":"There are various possible solutions for an access denied error.
"},{"location":"collectors/probes/wmi/wmi-troubleshooting/#winrm-quickconfig","title":"winrm quickconfig","text":"Run the following command to verify the configuration:
commandwinrm quickconfig\n
This should result in an output similar to the example output below:
outputWinRM service is already running on this machine.\nWinRM is not set up to allow remote access to this machine for management.\nThe following changes must be made:\n\nConfigure LocalAccountTokenFilterPolicy to grant administrative rights remotely\nto local users.\n\nMake these changes [y/n]? y\n\nWinRM has been updated for remote management.\n\nConfigured LocalAccountTokenFilterPolicy to grant administrative rights remotely\n to local users.\n
"},{"location":"collectors/probes/wmi/wmi-troubleshooting/#verify-security-policy-settings","title":"Verify Security Policy settings","text":"In Security Settings --> Local Policies --> Security Options check these settings:
- Network access
- Do not allow storage of passwords and credentials for network authentication, must be DISABLED.
- Sharing and security model for local accounts must be set to CLASSIC.
Typically we see these settings configured via Group Policy for standalone systems. These are part of the Local Security Policy.
"},{"location":"collectors/probes/wmi/wmi-troubleshooting/#lan-manager-authentication-level","title":"LAN Manager authentication level","text":"LAN Manager authentication level can cause the query error: NTSTATUS: NT_STATUS_ACCESS_DENIED:
- Start the group policy editor
gpedit.msc. - Browse to:
- Computer Configuration
- Windows Settings
- Security Settings
- Local Policies
- Security Options
- Verify if Network security: LAN Manager authentication level is set to:
Send LM & NTLM - use NTLMv2 session security if negotiated.
"},{"location":"collectors/probes/wmi/wmi-troubleshooting/#remote-uac","title":"Remote UAC","text":"If you are monitoring a non-domain Windows asset you might see the notification unable to authenticate: ACCESS_DENIED (5)
This might happens if you don't use the local administrator account itself but instead created a separate account, even if this is a member of the local administrators group.
To fix this you need to disable remote User Account Control (UAC). Disabling remote user account control does not disable local UAC functionality.
To disable remote UAC for a workgroup computer:
- Using an administrator account, logon the computer you want to monitor.
- Go to Start \u2192 Accessories \u2192 Command Prompt. Type
regedit - Browse to the key:
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System - Locate or create a DWORD entry named
LocalAccountTokenFilterPolicy and provide a DWORD value of 1. To re-enable remote UAC, change this value to 0.
"},{"location":"collectors/probes/wmi/wmi-troubleshooting/#wmi-error-0x80041010","title":"WMI error 0x80041010","text":"Performance counter based checks such as:
- base.cpu
- base.uptime
- base.volume-io
Might give the following WMI Query error:
WMI Query error occured, error message: NTSTATUS: NT code 0x80041010 - NT code 0x80041010
To resolve this error, use the following command on the troubled host:
%windir%\\system32\\wbem\\wmiadap.exe /f\n
"},{"location":"collectors/probes/wmi/wmi-troubleshooting/#fix-broken-wmi-setup","title":"Fix broken WMI setup","text":""},{"location":"collectors/probes/wmi/wmi-troubleshooting/#rebuild-the-wmi-repository","title":"Rebuild the WMI repository","text":"On Windows XP and above you can use the following command to rebuild the WMI repository:
rundll32 wbemupgd, UpgradeRepository\n
"},{"location":"collectors/probes/wmi/wmi-troubleshooting/#reinstall-wmi-in-the-registry","title":"Reinstall WMI in the registry","text":"The following commands will reinstall WMI in the registry:
winmgmt /clearadap\nwinmgmt /kill\nwinmgmt /unregserver\nwinmgmt /regserver\nwinmgmt /resyncperf\n
"},{"location":"collectors/probes/wmi/wmi-troubleshooting/#broken-performance-counters","title":"Broken performance counters","text":"To rebuild all Performance counters including extensible and third-party counters, enter the following commands in an Administrative command prompt. Press ENTER after each command.
Rebuilding the counters:
cd c:\\windows\\system32\nlodctr /R\ncd c:\\windows\\sysWOW64\nlodctr /R\n
Resyncing the counters with Windows Management Instrumentation (WMI):
WINMGMT.EXE /RESYNCPERF\n
Stop and restart the Performance Logs and Alerts service. Stop and restart the Windows Management Instrumentation service.
"},{"location":"collectors/probes/wmi/wmi-troubleshooting/#disk-performance-data-missing","title":"Disk performance data missing","text":"Enable Disk performance counters using the following command:
DISKPERF -Y\n
You will receive the following message:
Disk performance counters on this system are now set to start at boot. This change will take effect after the system is rebooted.
See also: kb102020.
"},{"location":"collectors/probes/wmi/wmi-troubleshooting/#access-denied-on-select-from-win32_service","title":"Access denied on SELECT * FROM Win32_Service","text":"Run the following command in an administrative prompt:
sc sdset SCMANAGER D:(A;;CCLCRPRC;;;AU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;BA)S:(AU;FA;KA;;;WD)(AU;OIIOFA;GA;;;WD)\n
"},{"location":"collectors/probes/wmi/wmi-troubleshooting/#reverse-dns","title":"Reverse DNS","text":"WMI can fail when querying on an IP address, if reverse DNS is not ok.
"},{"location":"collectors/probes/wmi/wmi-troubleshooting/#netlogon-service","title":"Netlogon service","text":"Verify that the Netlogon service is running and set to start automatically.
"},{"location":"collectors/services/","title":"Services","text":"A service collector is used to monitor a global service such as, for example, the status of Microsoft 365, AWS health, Google Cloud status, etc. The collected service status is reported back to all interested containers.
"},{"location":"collectors/services/#ipv4-addresses","title":"IPv4 addresses","text":"Our services run in our cloud platform and use the following IPv4 addresses:
- 34.90.55.73
- 34.90.105.247
Ensure assets you want to monitor using a service are allowed to be accessed from these IP addresses.
"},{"location":"collectors/services/last_seen/","title":"Last seen","text":""},{"location":"collectors/services/last_seen/#last-seen","title":"Last Seen","text":""},{"location":"collectors/services/last_seen/#introduction","title":"Introduction","text":"The last seen service is a service running in the InfraSonar backend responsible for retrieving the latest timestamp we retrieved a check result for an asset.
"},{"location":"collectors/services/last_seen/#deployment","title":"Deployment","text":"The last seen service requires no configuration and can easily be deployed to an asset by adding the last seen collector to the asset.
"},{"location":"collectors/services/mailroundtrip/","title":"MailRoundTrip service","text":""},{"location":"collectors/services/mailroundtrip/#description","title":"Description","text":"The InfraSonar MailRoundTrip service is a synthetic monitor verifying the complete email flow. The steps below outline the email roundtrip for mailroundtrip@example.org:
- The first step is to lookup all MX records for
example.org. - Our MailRoundTrip service sends an email to all MX records.
- The receiving email server is configured to automatically forward all mail sent to the probe address. In our case
mailroundtrip@example.org is forwarded to mail@mrt.infrasonar.com.
This approach ensures all components such, as DNS, internet connection, email filtering, and email server components involved in receiving and sending email, are part of the measurement.
Note
Sending an email to all MX records ensures the email fallback scenarios work when you need to rely on them.
"},{"location":"collectors/services/mailroundtrip/#deployment","title":"Deployment","text":""},{"location":"collectors/services/mailroundtrip/#service-configuration","title":"Service configuration","text":"The only required configuration property for the MailRoundTrip service is the mail domain. So in our case this would be: mailroundtrip@example.org
"},{"location":"collectors/services/mailroundtrip/#mail-service","title":"Mail service","text":"The email service you want to monitor example.org needs to forward messages send to mailroundtrip@example.org to mail@mrt.infrasonar.com
Note
Ensure you forward these emails without storing them in your email database or use a routine to automatically cleanup the messages to avoid digital waste.
"},{"location":"collectors/services/mailroundtrip/#microsoft-exchange-configuration","title":"Microsoft Exchange Configuration","text":"The email roundtrip flow works as follows on a Microsoft Exchange infrastructure:
- The central monitoring server sends an email to a pre-configured user.
- The Exchange user auto-forwards the message to the email contact, which is the email address used by the central monitoring server.
- The central server receives and parses the message.
"},{"location":"collectors/services/mailroundtrip/#detailed-configuration-guides","title":"Detailed configuration guides","text":" - Google Workspace
- Microsoft 365
- Microsoft Exchange 2003
- Microsoft Exchange 2010
"},{"location":"collectors/services/mailroundtrip_google_workspace/","title":"Google workspace","text":" - Open the Google Admin Console.
- Navigate to: Apps > Google Workspace > Gmail.
- Select Default routing:
- Click on ADD ANOTHER RULE:
- In the section Specify envelope recipients to match, select Single recipient and enter the email address: mailroundtrip@. Where is your email domain.
- In the section If the envelope recipient matches the above, select Change envelope recipient, set Replace recipient* and enter:
mail@mrt.infrasonar.com. - Under Spam, select Bypass spam filter for this message.
- Click Save.
"},{"location":"collectors/services/mailrountrip_exchange2003/","title":"Microsoft Exchange 2003","text":"Start the \"Active Directory Users and Computers\" tool on a server, which also contains the Exchange 2003 management tools. Usually the exchange or SBS server.
"},{"location":"collectors/services/mailrountrip_exchange2003/#create-a-receiving-mailbox-user","title":"Create a receiving mailbox user","text":" - Create a new user in the for your organization correct OU:
- Provide the Full name. We recommend using: Mail Round Trip Monitoring Receive mailbox.
- Provide the User logon name. We recommend: mailroundtrip.
- Click on Next to continue.
- Password options:
- Enter a secure password. This password is not used and can be changed anytime.
- Select \"User cannot change password\" and \"Password never expires\".
- Click on Next to continue.
- Create the actual mailbox:
- Usually you can leave this default. Adjust the Server and mailbox store if required.
- Finish the creation of the user:
- Verify the configuration.
- Click on Finish to finalize the user creation process.
"},{"location":"collectors/services/mailrountrip_exchange2003/#create-a-return-mail-contact","title":"Create a return mail contact","text":"Add a mail contact. This contact is required to forward the mail back to the monitoring host.
- Right click in the organization unit where you want to create the mail contact.
- Select Cew -> Contact.
- Enter the contact details:
- Provide a Full name, we suggest: Mail Round Trip Monitoring Return Address.
- Click on Next to continue.
- Add the SMTP address:
- Click on Modify:
- Select SMTP Address.
- Click on OK.
- Enter the return email address:
- Enter the return mail address in the E-mail address field: mail@mrt.infrasonar.com.
- Click on OK.
- Finish:
- Verify the settings.
- Click on Next to continue.
- Click on Finish.
"},{"location":"collectors/services/mailrountrip_exchange2003/#hide-the-return-mail-contact","title":"Hide the return mail contact","text":"We suggest hiding the contact from the address-book, so details will not be shown to end-users.
- Right-click on the Mail Round Trip Monitoring Return Address contact you just created and select Properties.
- Open the Exchange advanced tab.
- Select Hide from Exchange address lists.
- Click on OK.
"},{"location":"collectors/services/mailrountrip_exchange2003/#modify-the-receive-mailbox-user","title":"Modify the receive mailbox user","text":" - Double click on the previously created Mail Round Trip Monitoring Receive mailbox user.
- Open the Exchange Features tab:
- Disable all features.
- Open the Exchange Advanced tab:
- Enable Hide from Exchange address lists.
- Open the \"Exchange General\" tab:
- Click on Delivery options.
- Click on Modify.
- Enter the Mail Round Trip Monitoring Return Address.
- Click on Ok three times.
"},{"location":"collectors/services/mailrountrip_exchange2010/","title":"Microsoft Exchange 2010","text":"Start the Microsoft \"Exchange Management Console\" on a server which also contains the Exchange 2010 management tools. This console can usually be found on the Microsoft Exchange or SBS server.
"},{"location":"collectors/services/mailrountrip_exchange2010/#create-a-new-mailbox","title":"Create a new mailbox","text":" - Right click on Mailbox under Recipient Configuration:
- Select New Mailbox.
- Select User Mailbox.
- Click on Next.
- Select New User.
- Click on Next.
- Provide User Information:
- Provide the Full name, we recommend using: Mail Round Trip Monitoring Receive mailbox.
- Provide the User logon name, we recommend: mailroundtrip.
- Provide a password. (Note: this password is not used anywhere so any random password will suffice)
- Optionally select the OU were you want this account to be created.
- Click on Next to continue.
- Specify mailbox settings:
- Optionally select the mailbox database, were you want the mailbox to reside.
- Click on Next to continue.
- Set archive settings:
- Select Don't create an archive. This mailbox does not contain any email.
- Click on Next to continue.
- Review settings:
- Click on New to create the new mailbox.
- Click on Finish.
"},{"location":"collectors/services/mailrountrip_exchange2010/#create-a-return-mail-contact","title":"Create a return mail contact","text":"Create a mail contact containing the mail round trip return address.
- Open Recipient configuration.
- Right click on Mail contact.
- Select New Mail Contact.
- Create a new mail contact:
- Select New Contact.
- Click on Next.
- Provide a Full name, we suggest: Mail Round Trip Monitoring Return Address.
- Enter an alias, we suggest: mailroundtripreturn.
- Click on the Edit... button:
- Enter the following return email address in the E-mail address field: mail@mrt.infrasonar.com.
- Click on Next:
- Review settings.
- Click on New to create the mail contact:
- Verify that the mail contact was created successfully:
- Click on Finish.
"},{"location":"collectors/services/mailrountrip_exchange2010/#modify-the-return-contact","title":"Modify the return contact","text":" - Right click on on the previously created mail contact.
- Select Properties from the dropdown menu.
- Open the General tab:
- Enable Hide from exchange address lists.
- Click on OK to close the dialog.
"},{"location":"collectors/services/mailrountrip_exchange2010/#modify-the-receive-mailbox-user","title":"Modify the receive mailbox user","text":"Forward all mail to the \"Mail Round Trip Monitoring Mailbox\" from the previously created \"Mail Round Trip Monitoring Return Address\" contact.
- Right click on the previously created receive mailbox user.
- Select Properties from the drop down menu:
- Open the General tab:
- Enable Hide from exchange address lists.
- Open the Mail Flow Settings tab.
- Double click on Delivery Options:
- Select the Forward to selection box.
- Click on Browse:
- Select the \"Mail Round Trip Monitoring Return Address\" contact.
- Click on OK.
- Click on OK to close the previous screen.
"},{"location":"collectors/services/mailrountrip_microsoft365/","title":"Microsoft 365 mail roundtrip","text":"Using contacts is the easiest way to setup the mail roundtrip in Microsoft 365.
It is also possible to use a mailbox instated of a contact for receiving email and setup a forwarding rule on the mailbox. This requires you however tot turn off allow external forwarding which is not a Microsoft best practice.
"},{"location":"collectors/services/mailrountrip_microsoft365/#create-two-contacts","title":"Create two contacts","text":" - Open the Microsoft 365 admin center
- Open the users menu and then select contacts
- Click add contact to create a mailroundtrip contact for receiving emails
- Set Display name to: mailrountrip-receive
- Set Email to: mailrountrip-receive@365.test-technolgy.nl
- Enable: Hide from my organization's global address list
- Click add contact again to create the mailroundtrip contact forward to account
- Set Display name to: mailrountrip-infrasonar
- Set Email to: mail@mrt.infrasonar.com
- Enable: Hide from my organization's global address list
"},{"location":"collectors/services/mailrountrip_microsoft365/#setup-rules","title":"Setup rules","text":" - Open the Exchange admin center
- Open the Mail flow menu and then select rules
- Click the Add rule button and select Create a new rule
- Name: InfraSonar mailroundtrip
- Apply this rule if: Select The recipient and then is this person
- Select the mailrountrip-receive contact you created before
- Do the following: Redirect the message to these recipients
- Select the mailrountrip-infrasonar contact you created before
- Click Next
- Leave the rule settings
- Review and Finish
- Ensure the rule is enabled!
"},{"location":"collectors/services/microsoft_365/","title":"Microsoft 365","text":""},{"location":"collectors/services/microsoft_365/#microsoft-365","title":"Microsoft 365","text":"Microsoft 365 is an InfraSonar service which can monitor your Microsoft 365 tenant.
"},{"location":"collectors/services/microsoft_365/#features","title":"Features","text":"Add the moment the following Azure resources are supported:
- Subscriptions
- Health status
"},{"location":"collectors/services/microsoft_365/#configuration","title":"Configuration","text":"Our Microsoft 365 service needs the following properties:
- Directory (tenant) Id
- Application (client) Id
- Client secret value
In the next paragraphs we describe how to setup the Azure service and how to retrieve the required properties.
"},{"location":"collectors/services/microsoft_365/#prepare-your-azure-environment","title":"Prepare your Azure environment","text":"Open the Azure portal (https://portal.azure.com/) using an account with sufficient privileges to register an Azure app and set permissions.
"},{"location":"collectors/services/microsoft_365/#create-an-app-registration","title":"Create an app registration","text":" - From the main menu, open Azure Active Directory
- Open App registrations from the Azure Active Directory sub-menu
- Select new registration
- Enter the user-facing display name e.g., InfraSonar Azure Service
- Who can use this application or access this API: Selecting Accounts in this organizational directory only in most cases
- Click Register
- A new Windows opens, note the following ID's down:
- Application (client) ID
- Directory (tenant) ID
- Click Add a certificate or secret next to client credentials
- Click New client secret in the Client secrets tab
- Enter a description: e.g.m InfraSonar azure Service client secret
- Set an expiration date, note this value down and remember to renew before this date!
- Click Add
- Note down the Value, note this can not be retrieved again once you close this window!
Don't close this Windows, next step is setting API permissions.
"},{"location":"collectors/services/microsoft_365/#api-permissions","title":"API permissions","text":" - Select API permissions from the menu
- Click Add a permisssion
- Click Microsoft Graph
- Select Application permissions
- Search ServiceHealth
- Expand the ServiceHealth tab
- Select ServiceHealth.Read.All
- Search Organization
- Expand the Organization tab
- Select Organization.Read.All
- Click the Add permisssions button
- Note the status column shows a
Not granted... status - click
Grant admin consent for <your domain-name> - You will be asked if you are sure to grant consent for the requested permissions for all accounts in your domain, click yes to continue.
"},{"location":"collectors/services/microsoft_365/#deploy-the-infrasonar-service","title":"Deploy the InfraSonar service","text":" - Open the InfraSonar environment you want to add the resource to
- Click add asset or use an existing asset
- Add the microsoft365 collector
- Open the microsoft365 collector tab and enter the required information
- Directory (tenant) Id
- Application (client) Id
- Client value
- Optional, deselect checks you don't want to use.
"},{"location":"collectors/services/microsoft_azure/","title":"Microsoft Azure","text":""},{"location":"collectors/services/microsoft_azure/#microsoft-azure","title":"Microsoft Azure","text":""},{"location":"collectors/services/microsoft_azure/#introduction","title":"Introduction","text":"Preview
The Azure service is a preview release. Contact InfraSonar support if you want to get involved in testing our preview release.
"},{"location":"collectors/services/microsoft_azure/#features","title":"Features","text":"Add the moment the following Azure resources are supported:
- Virtual machine
- Private DNS zone
- DNS zone
- Regular Network Interface
- Public IP address
"},{"location":"collectors/services/microsoft_azure/#configuration","title":"Configuration","text":"Our Azure service needs the following properties:
- Directory (tenant) Id
- Application (client) Id
- Client secret value
- Subscription Id
- Resource group Name
In the next paragraphs we describe how to setup the Azure service and how to retrieve the required properties.
"},{"location":"collectors/services/microsoft_azure/#prepare-your-azure-environment","title":"Prepare your Azure environment","text":"Two steps are required to prepare your Azure environment for the InfraSonar Azure service.
- Register the InfraSonar service as an Azure app
- Authorize the registered app to the resources you want to monitor
Open the Azure portal (https://portal.azure.com/) using an account with sufficient privileges to register an Azure app and set permissions.
"},{"location":"collectors/services/microsoft_azure/#create-an-app-registration","title":"Create an app registration","text":" - From the main menu, open Azure Active Directory
- Open App registrations from the Azure Active Directory sub-menu
- Select new registration
- Enter the user-facing display name e.g., InfraSonar Azure Service
- Who can use this application or access this API: Select Accounts in this organizational directory only
- Click Register
- A new Windows opens, note the following ID's down:
- Application (client) ID
- Directory (tenant) ID
- Click Add a certificate or secret next to client credentials
- Click New client secret in the Client secrets tab
- Enter a description: e.g.m InfraSonar azure Service
- Set an expiration date, note this value down and remember to renew before this date!
- Click Add
- Note down the
Value, note this can not be retrieved again once you close this window!
"},{"location":"collectors/services/microsoft_azure/#app-authorization","title":"app authorization","text":"An app authorization is required per resource group you want to monitor.
- Open the resource group containing the Azure resource you want to monitor
- Note down the Subscription ID
- Open Access control (IAM)
- Select the tab Role assignments
- Click Add and then Add role assignment
- Search the Reader role from the Role tab
- Open the Members tab
- Ensure Assign access to User, group, or service principal is selected
- Click Select members
- Search the name used by the app registration e.g., InfraSonar Azure Service
- Select the app and click the select button
- Give an optional description
- Verify the role assignment and press Review + assign
The registered app can now query the Azure portal's resources via the Azure API
Rinse and repeat
Repeat the above app authorization steps for each resource group containing the resource you want to monitor.
"},{"location":"collectors/services/microsoft_azure/#deploy-the-infrasonar-service","title":"Deploy the InfraSonar service","text":" - Open the InfraSonar environment you want to add the resource to
- Click add asset or use an existing asset
- Add the azure collector
- Open the azure collector tab and enter the required information
- Directory (tenant) Id
- Application (client) Id
- Client secret value
- Subscription Id
- Resource group Name, Resource group name as used in Azure
- Optional, deselect checks you don't want to use.
"},{"location":"collectors/services/paloalto/","title":"Palo Alto","text":""},{"location":"collectors/services/paloalto/#palo-alto","title":"Palo Alto","text":""},{"location":"collectors/services/paloalto/#introduction","title":"Introduction","text":"InfraSonar monitors Palo Alto firewalls using the rest API.
Also available as probe
We also offer a probe to monitor Palo Alto firewalls, this allows you to monitor firewalls using your own InfraSonar appliance.
"},{"location":"collectors/services/paloalto/#features","title":"Features","text":""},{"location":"collectors/services/paloalto/#configuration","title":"Configuration","text":"When the GlobalProtect Portal or Gateway is enabled the probe needs to use a different TCP port number 4443 instead of 443. You can toggle this behavior when configuring the service.
"},{"location":"collectors/services/paloalto/#ipv4-addresses","title":"IPv4 addresses","text":"Ensure you authorize the IPv4 addresses we use for our services.
"},{"location":"collectors/services/paloalto/#credentials","title":"Credentials","text":"The Palo Alto rest API uses a key which can be generated for a user.
Don't use an admin account
We strongly recommend creating a read only account specific for monitoring.
"},{"location":"collectors/services/paloalto/#get-your-api-key","title":"Get your API key","text":"source
To generate an API key, make a GET or POST request to the firewall\u2019s hostname or IP addresses using the administrative credentials and type=keygen:
curl -k -X GET 'https://<firewall>/api/?type=keygen&user=<username>&password=<password>'\n
Ensure to change
<firewall> with your firewall IP or FQDN<username> with the username of your readl-only monitoring user<password> with the password of your readl-only monitoring user
A successful API call returns status=\"success\" along with the API key within the key element:
<response status=\"success\">\n <result>\n <key>Your_secret_key_is_here</key>\n </result>\n</response>\n
You can test your API key using the following command:
curl -k 'https://<firewall>//api/?type=op&cmd=<show><system><info></info></system></show>&key=<apikey>'\n
Ensure to change:
<firewall> with your firewall IP or FQDN<apikey with the previously generated API key
"},{"location":"collectors/services/paloalto/#revoke-api-keys","title":"Revoke API keys","text":"You can revoke all currently valid API keys, in the event one or more keys are compromised. To change an API key associated with an administrator account change the password associated with the administrator account. API keys that were generated before you expired all keys, or a key that was created using the previous credentials will no longer be valid.
"},{"location":"collectors/services/paloalto/#configure-api-key-lifetime","title":"Configure API Key Lifetime","text":"Source
An optional step is to configure the API Key Lifetime.
Be aware though that monitoring fails when the API key is expired!
"},{"location":"collectors/services/paloalto/#service-configuration","title":"Service configuration","text":" - Add the paloaltosvc service on your asset
- Open the paloaltosvc configuration tab
- Enter the address and API key
- The API key is encrypted before it is send to the InfraSonar backend
- Click save
"},{"location":"collectors/services/paloalto/#known-issues","title":"Known issues","text":""},{"location":"collectors/services/paloalto/#xml-api-issue-with-passwords-containing-special-characters","title":"XML API Issue With Passwords Containing Special Characters","text":"Passwords containing special characters can cause problems retrieving the API key.
source
"},{"location":"collectors/services/ping/","title":"Ping","text":""},{"location":"collectors/services/ping/#ping","title":"Ping","text":""},{"location":"collectors/services/ping/#introduction","title":"Introduction","text":"The ping-service is a service variant of our ping-probe.
This service send ping requests from our InfraSonar cloud platform to the monitored asset.
"},{"location":"collectors/services/ping/#features","title":"Features","text":" - Ping roundtrip monitoring, min and max timing
- Number of successfully and/or dropped packages
"},{"location":"collectors/services/ping/#probe-configuration","title":"Probe configuration","text":"Property Description Address The address that the probe should ping. Interval Interval should be a value between 1 and 9, The default interval is 1. Count Count should be a value between 1 and 9, the default count is 5 Timeout Timeout in seconds should be a value between 0 and 240, the default timeout is 10 seconds."},{"location":"collectors/services/ping/#check-specifics","title":"Check specifics","text":"Ping returns the minimum time and maximum time as this provides a better insight than just an average ping response.
The number of successful and dropped ping packages are also monitored.
"},{"location":"guides/forecasting/","title":"Forecasting","text":""},{"location":"guides/forecasting/#forecasting","title":"Forecasting","text":"Forecasting is automatically enabled for metrics when used in conditions.
"},{"location":"guides/forecasting/#view","title":"View","text":""},{"location":"guides/forecasting/#forecast-maintenance","title":"Forecast maintenance","text":"In some scenarios a forecast needs to be reset.
A good example is show below where free space drops and the settles.
You can force generating a new forecast by deleting the previous forecast as shown below:
"},{"location":"guides/infrasonar_appliance_windows/","title":"Running InfraSonar containers on Windows","text":""},{"location":"guides/infrasonar_appliance_windows/#infrasonar-on-windows","title":"InfraSonar on Windows","text":"As InfraSonar uses Docker containers it can be easily deployed on multiple platforms including Microsoft Windows.
Docker is a great concept to deploy and maintain Linux applications and services even on a Microsoft Windows host.
Checkout the Get Started with Docker guide to learn more.
There are two options to accomplish this:
- Docker Desktop for Windows (ideal for home-lab and test-scenarios) The official Docker documentation has a great guide on this
- Use containers with Hyper-V isolation on Windows. We found the Ubuntu documentation to be most useful.
Info
We tested this setup on a Windows 11 host running Docker Desktop version 4.17.0
"},{"location":"guides/infrasonar_appliance_windows/#deploy-the-infrasonar-containers","title":"Deploy the InfraSonar containers","text":"Step by step guide:
- Open notepad
- Copy the docker-compose.yml file from our documentation page using the button
- Paste the file into the just opened notepad
- Ensure to set the correct tokens for the agentcore and docker-probe in the
docker-compose.yml file - Save the file as
docker-compose.yml, in this example we use a folder named InfraSonar in de Documents folder. !!! Be aware notepad has a tendency of adding .txt at the end of the filename. - Open a dos box
cmd.exe cd to the folder containing the infrasonar.yml file cd %userprofile%\\documents\\infrasonar\n
- Pull the InfraSonar containers using this compose pull:
docker compose pull\n
Downloading all layers might take some time, the total size off all layers is 5Gb - Once the containers are downloaded you can start the environment using:
docker compose up -d\n
InfraSonar on Windows"},{"location":"guides/infrasonar_appliance_windows/#tune-vmmem-memory-consumption","title":"Tune Vmmem memory consumption","text":"As shown by this docker stats output resource usage for the InfraSonar probes is very limited. WSL however claims a lot of memory by default.
docker stats outputCONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS\nbbf5f976f370 infrasonar-eaton-probe-1 0.01% 6.105MiB / 1.865GiB 0.32% 0B / 0B 0B / 0B 1\n8c9e76c02422 infrasonar-ping-probe-1 0.04% 8.492MiB / 1.865GiB 0.44% 0B / 0B 0B / 0B 1\n17e811490457 infrasonar-vcenter-probe-1 0.01% 7.301MiB / 1.865GiB 0.38% 0B / 0B 0B / 0B 1\ncd31bd13a236 infrasonar-agentcore-1 0.01% 6.812MiB / 1.865GiB 0.36% 0B / 0B 0B / 0B 2\n69f1e6ccc784 infrasonar-mssql-probe-1 0.01% 6.719MiB / 1.865GiB 0.35% 0B / 0B 0B / 0B 1\ne33dee93aaaa infrasonar-tcp-probe-1 0.01% 5.312MiB / 1.865GiB 0.28% 0B / 0B 0B / 0B 1\n276f90782d43 infrasonar-santricity-probe-1 0.01% 8.035MiB / 1.865GiB 0.42% 0B / 0B 0B / 0B 1\n72b609c9aa8f infrasonar-paloalto-probe-1 0.01% 7MiB / 1.865GiB 0.37% 0B / 0B 0B / 0B 1\nae075f468016 infrasonar-docker-agent-1 0.03% 59.76MiB / 1.865GiB 3.13% 0B / 0B 0B / 0B 2\n886cc62a929e infrasonar-netapp-probe-1 0.01% 6.957MiB / 1.865GiB 0.36% 0B / 0B 0B / 0B 1\nd75b00d7f3ea infrasonar-esx-probe-1 0.01% 6.383MiB / 1.865GiB 0.33% 0B / 0B 0B / 0B 1\nb44ff0ac2e3a infrasonar-wmi-probe-1 0.02% 6.992MiB / 1.865GiB 0.37% 0B / 0B 0B / 0B 1\n3d1e2202050c infrasonar-hpprocurve-probe-1 0.01% 6.938MiB / 1.865GiB 0.36% 0B / 0B 0B / 0B 1\nbe51bb8784ba infrasonar-unifi-probe-1 0.01% 6.695MiB / 1.865GiB 0.35% 0B / 0B 0B / 0B 1\n696339a2d744 infrasonar-snmp-probe-1 0.01% 10.4MiB / 1.865GiB 0.54% 0B / 0B 0B / 0B 1\n1fa404f5d74d infrasonar-dns-probe-1 0.01% 5.66MiB / 1.865GiB 0.30% 0B / 0B 0B / 0B 1\n525d977d3fe0 infrasonar-hpilo-probe-1 0.01% 6.898MiB / 1.865GiB 0.36% 0B / 0B 0B / 0B 1\nc33ffae3eaeb infrasonar-synology-probe-1 0.01% 6.531MiB / 1.865GiB 0.34% 0B / 0B 0B / 0B 1\n8b6b0ceb9038 infrasonar-http-probe-1 0.01% 6.902MiB / 1.865GiB 0.36% 0B / 0B 0B / 0B 1\n
Luckily there is an easy fix.
Shut down WSL
Run this on your command line:
wsl --shutdown\n
Edit your .wslconfig file
As the .wslconfig file is a hidden file it is best to open it directly using notepad:
notepad %UserProfile%/.wslconfig\n
If it doesn\u2019t exist yet, just create it.
Edit your .wslconfig file to limit memory usage You should have something like this in the file:
[wsl2]\nmemory=2GB\n
"},{"location":"guides/migration/","title":"Migration scenarios","text":"There are scenarios where a monitored environment needs to be moved to a container belonging to another organization.
An example of such a scenario is when a monitored environment will be serviced by another managed services partner.
This document outlines our preferred migration approach to ensure uninterrupted monitoring.
"},{"location":"guides/migration/#migration-steps","title":"Migration steps","text":"Migrating a monitored environment consists of two steps, which can be performed independently.
- Monitoring infrastructure transition.
- Hierarchy transition.
However, the actual first step is to contact InfraSonar support to assist with the transition.
InfraSonar support ensures a hassle-free transition by aligning all parties involved.
"},{"location":"guides/migration/#monitoring-infrastructure-transition","title":"Monitoring infrastructure transition","text":"This step involves transiting of the InfraSonar implementation inside the monitored environment; in most cases, this is the monitoring appliance.
As this appliance is potentially used to provide other services within the monitored environment, we advise starting with setting up a new appliance (with the agentcore and probes) and transitioning the monitored host to this new agentcore. This process is similar to decommissioning an agentcore.
We do not recommend a \"rip and replace\" scenario, as this is not beneficial for the monitored environment.
If the leaving and receiving parties are discussing terms and conditions, we recommend the following first:
- Deploy a new agentcore infrastructure.
- Perform a hierarchy transition.
- Move the monitored hosts to the new agentcore infrastructure.
- Remove the \"old\" agentcores from InfraSonar.
- Decommission and remove leaving party appliance(s).
These steps can be performed without any access to the appliance(s) of the leaving party.
Suppose the leaving party demands the appliance to be removed prior to the hierarchy transition. In that case, InfraSonar monitoring will most likely be disturbed when the orphaned hosts are transitioned to the new agentcore(s).
We strongly encourage a gradual and joint approach, as this ensures uninterrupted monitoring services of the monitored environment.
"},{"location":"guides/migration/#hierarchy-transition","title":"Hierarchy transition","text":"A hierarchy transition is the move of a monitored environment from a container of the leaving party to a container of the receiving party. This is an administrative action performed inside the InfraSonar cloud platform.
This step can only be performed by InfraSonar support and requires written and signed consent by the owner or its representative of the monitored environment. This consent should be sent via email to support@infrasonar.com.
InfraSonar support will contact the parties involved to align the timeline for this transition to ensure optimal service for the monitored party.
Warning
Before a hierarchy transition, the leaving party should verify if the notes section does not contain references that should not be transitioned.
During the hierarchy transition, the following irreversible actions will be performed:
- All custom conditions and labels will be removed, as they are the property of the leaving party.
- All alarms will be removed, as they might contain the usernames of the leaving party.
- Historical alerts will be removed, as they contain usernames and references to customizations owned by the leaving party.
- All Channels configuration will be removed.
If you have questions or remarks concerning this section, don't hesitate to contact InfraSonar support.
"},{"location":"guides/raspberrypi_dashboard/","title":"Raspberry Pi dashboard","text":""},{"location":"guides/raspberrypi_dashboard/#raspberry-pi-dashboard","title":"Raspberry PI Dashboard","text":"This guide describes how we have setup some Raspberry Pi 3's at Cesbit HQ for our digital dashboards. 1
"},{"location":"guides/raspberrypi_dashboard/#intall-rspbian-desktop-edition","title":"Intall Rspbian desktop edition","text":"Install Raspbian Download the \u201cdesktop\u201d edition, this more then sufficient for our needs.
Once your Raspberry Pi has started open the Raspberry Pi Configuration. (Menu \u2192 Preferences \u2192 Raspberry Pi Configuration)
"},{"location":"guides/raspberrypi_dashboard/#basic-configuration","title":"Basic configuration","text":" - Set your hostname in the system tab
- Enable VNC in the interfaces tab
- Optional: configure WLAN access
"},{"location":"guides/raspberrypi_dashboard/#software-installation","title":"Software installation","text":"sudo apt update && \\\nsudo apt remove -y apt-listchanges && \\\nsudo apt full-upgrade -y && \\\nsudo apt install -y fonts-noto-color-emoji xdotool && \\\nsudo apt autoremove -y && \\\nsudo apt autoclean\n
"},{"location":"guides/raspberrypi_dashboard/#maintenance-scripts","title":"Maintenance scripts","text":"Three script to ensure carefree maintenance are used. These scripts are stored in the user home-drive, this is default /home/pi
"},{"location":"guides/raspberrypi_dashboard/#morning","title":"Morning","text":"Thi script updates the Pi and performs a reboot to ensure a fresh start in the morning
/home/pi/morning.bash#!/usr/bin/env sh\n\n# A daily upgrade is good hygiene.\nsudo apt update && sudo apt full-upgrade -y && sudo apt autoremove -y && sudo apt autoclean\n\n# A daily restart mitigates browser memory leaks, and forces the screen to turn on\nsudo reboot now\n
"},{"location":"guides/raspberrypi_dashboard/#boot","title":"Boot","text":"This script performs some cleanup actions after a reboot en ensure the dashboard is loaded upon a fresh start.
/home/pi/boot.bash#!/usr/bin/env sh\n\n# Disable screensaver. Varies across Pi models & Raspbian versions; might be outdated.\n# Google \"raspberry disable suspend screensaver\" for help\n\nxset s off\nxset -dpms\nxset s noblank\n\n# Move the mouse cursor out of the way!\nxdotool mousemove 0 0\n\n# Avoid \"Chrome didn't shutdown correctly\" notification on unclean shutdown\nsed -i 's/\"exited_cleanly\":false/\"exited_cleanly\":true/' ~/.config/chromium/'Local State'\nsed -i 's/\"exited_cleanly\":false/\"exited_cleanly\":true/; s/\"exit_type\":\"[^\"]\\+\"/\"exit_type\":\"Normal\"/' ~/.config/chromium/Default/Preferences\n\n# Start Chromium, in fullscreen \"kiosk\" mode, and disabling update notifications\nchromium-browser --kiosk --check-for-update-interval=31536000 'https://app.infrasonar.com/dashboard'\n
"},{"location":"guides/raspberrypi_dashboard/#evening","title":"Evening","text":"This script turns off the display and kills the chrome browser to conserve valuable resources.
/home/pi/evening.bash#!/usr/bin/env sh\n\n# Shutdown screen, to save the planet\nDISPLAY=:0 xset dpms force off\n\n# Don't consume dashboard resources off office hours, to save the planet\npkill chromium\n
"},{"location":"guides/raspberrypi_dashboard/#schedule-the-scripts","title":"Schedule the scripts","text":"Ensure all three scripts are executable:
chmod +x /home/pi/boot.bash \nchmod +x /home/pi/morning.bash \nchmod +x /home/pi/evening.bash \n
Add the following line at the end of the auto start script /etc/xdg/lxsession/LXDE-pi/autostart to ensure the dashboard is loaded upon boot:
@/home/pi/boot.bash\n
and remove the following line from this file:
@xscreensaver -no-splash\n
Use the following command to ensure executing of the morning and evening script using cron:
(crontab -l ; echo \"0 7 * * 1-5 /home/pi/morning.bash\") | crontab -\n(crontab -l ; echo \"0 18 * * 1-5 /home/pi/evening.bash\") | crontab -\n
If you want to edit the crontab you can do so using crontab -e
The website [crontab guru]9https://crontab.guru/) can be very helpfull to understand the crontab notation
"},{"location":"guides/raspberrypi_dashboard/#setup-the-dashboard","title":"Setup the dashboard","text":"last step is to login to infrasonar and configure the dashboard to your liking.
Note
InfraSonar stores its dashboard configuration in local browser storage allowing you to setup multiple different dashboards using one account.
"},{"location":"guides/raspberrypi_dashboard/#enjoy","title":"Enjoy","text":"That's all enjoy your new dashboard!
Don't forget to send us a picture for our wall of dashboards fame!
support+dashboard@infrasonar.com
-
Based upon the excellent work done by unito \u21a9
"},{"location":"guides/remote_support/","title":"Remote support","text":""},{"location":"guides/remote_support/#tmate","title":"tmate","text":"We opt to use tmate to provide remote support as it is easy to use, fully open source, and allows TeamViewer-like access to the terminal.
"},{"location":"guides/remote_support/#installation","title":"Installation","text":"Tmate comes preinstalled on our appliances, but if you have set up your environment manually, you might need to install tmate first.
On Debian / Ubuntu systems the installation is straightforward:
sudo apt-get install tmate\n
For other distributions, follow the guides provided at the tmate website
"},{"location":"guides/remote_support/#usage","title":"Usage","text":"Just type tmate while connected via ssh or in the console of your virtual appliance.
You will be greeted with a screen like this:
Tip: if you wish to use tmate only for remote access, run: tmate -F [0/0]\nTo see the following messages again, run in a tmate session: tmate show-messages\nPress <q> or <ctrl-c> to continue\n---------------------------------------------------------------------\nConnecting to ssh.tmate.io...\nNote: clear your terminal before sharing readonly access\nweb session read only: https://tmate.io/t/ro-generated_ro_id\nssh session read only: ssh ro-generated_ro_id@lon1.tmate.io\nweb session: https://tmate.io/t/generated_id\nssh session: ssh generated_id@lon1.tmate.io\n
Send our support engineer this information via a secure channel and ensure access is only used by our support engineer by observing the screen. If in doubt, exit the session using the exit command or by pressing ctrl-d
"},{"location":"integrations/","title":"Overview","text":"All kinds of applications are or can be integrated with InfraSonar. This way we can offer your organization as much functionality as possible without you having to stop using your favorite applications. Here's how to integrate your favorite application(s) with InfraSonar.
DutyCalls is a notification routing tool made to make events more visible to its audience. Using DutyCalls in conjunction with InfraSonar offers a great solution to route alerts to the on-call staff.
ConnectWise Manage is a PSA solution for MSP business. Our integration offers easy creation of ConnectWise Manage tickets from InfraSonar alerts.
"},{"location":"integrations/connectwise_manage/","title":"ConnectWise","text":"InfraSonar has a specific API endpoint to integrate with ConnectWise Manage.
This integration allows an InfraSonar environment to be \"mapped\" to a ConnectWise Manage company, thus allowing the automatic creation of ConnectWise Manage tickets from InfraSonar alerts.
If you want to use this integration, please get in touch with InfraSonar support for assistance.
"},{"location":"integrations/dutycalls/dutycalls-best-practices/","title":"DutyCalls","text":"We assume you have set up the DutyCalls integration as described here
"},{"location":"integrations/dutycalls/dutycalls-best-practices/#infrasonar-configuration","title":"InfraSonar configuration","text":"Using the InfraSonar channel configuration, you can configure and finetune which alerts are passed on the DutyCalls.
Configuration is possible on these three levels:
- Severity, allows you to specify from which severity level an alert is passed to DutyCalls.
- Conditions, allows you to configure which conditions are allowed or are rejected to pass on to DutyCalls.
- Hosts allows you to configure for which hosts you want to receive DutyCalls notifications.
It is also possible to suppress specific conditions from sending an alert to DutyCalls.
Best practice.
- Only send alerts with the severity level alert or higher.
- Use reject rules but sparsely.
- Use configure specific hosts only when absolutely required.
"},{"location":"integrations/dutycalls/dutycalls-best-practices/#setup-your-team","title":"Setup your team","text":"Lead by example
DutyCalls is especially useful for self-organizing teams.
"},{"location":"integrations/dutycalls/dutycalls-best-practices/#add-team-members","title":"Add team members","text":" - Let your team members log on to DutyCalls to ensure the platform recognizes them.
- Invite your team members to your workspace.
"},{"location":"integrations/dutycalls/dutycalls-best-practices/#manage-exceptions","title":"Manage exceptions","text":"DutyCalls uses manager alerts to manage exceptions if the regular operation does not go as expected.
A DutyCalls manager can set up Manager alerts per workspace or per channel; the best practice is to set these up per workspace and only deviate if necessary.
Alert Default behavior Unacknowledged tickets Notifies if a ticket is not acknowledged in 1 hour Acknowledged tickets Notifies if an acknowledged is not modified in 1 hour Open tickets Notifies when a ticket is open for more then 2 hours. Another critical alert to configure is the minimum number of active subscribers, this must be done per channel.
In most scenarios, you would want at least one subscriber per channel, but for high-profile environments, it might be better to up the number to ensure swift follow-up.
"},{"location":"integrations/dutycalls/dutycalls-best-practices/#subscriber-notifications","title":"Subscriber notifications","text":"DutyCalls can notify via email or in-app notifications.
SMS and phone notifications are available using an optional license.
Best practice.
Using phone notifications ensures the best response from engineers as in-app or SMS notifications tend to get unnoticed.
"},{"location":"integrations/dutycalls/dutycalls-getting-started/","title":"DutyCalls","text":"Do you want to stay informed about the latest InfraSonar alerts directly in DutyCalls? Make use of the ready-made DutyCalls integration.
This guide helps you to to get started with DutyCalls.
"},{"location":"integrations/dutycalls/dutycalls-getting-started/#dutycalls-configuration","title":"DutyCalls configuration","text":"Implementing DutyCalls is a four step approach.
flowchart LR\n A((Create DutyCalls <br> account))-->B\n B((Create DutyCalls <br> workspace))-->C\n C((Create DutyCalls <br> source))-->D((Create DutyCalls <br> Channel))
"},{"location":"integrations/dutycalls/dutycalls-getting-started/#create-a-dutycalls-account","title":"Create a DutyCalls account","text":"Creating a DutyCalls account is the first step. The DutyCalls sign-up documentation provides additional information on account creation.
"},{"location":"integrations/dutycalls/dutycalls-getting-started/#create-a-dutycalls-workspace","title":"Create a DutyCalls workspace","text":"A DutyCalls workspace is usually a representation of a company or department.
Steps for creating a workspace:
- Enter the workspace name
- Set the correct timezone
- Provide an optional icon for your workspace (Only icons of the PNG format are accepted and the maximum dimensions are 128 x 128 pixels. The width and height must also be equal to each other.)
"},{"location":"integrations/dutycalls/dutycalls-getting-started/#create-a-dutycalls-source","title":"Create a DutyCalls source","text":"For InfraSonar we use DutyCalls custom API mapping to format the data toward a compatible DutyCalls data source
InfraSonar specific steps:
- Open the previously created workspace
- Select Services from the right hand menu
- Click the Add service button
- Provide a name for the service e.g. InfraSonar and click next
- Select yes when asked if you want to use a predefined template and select the InfraSonar template
- Click Add to continue
"},{"location":"integrations/dutycalls/dutycalls-getting-started/#create-a-dutycalls-channel","title":"Create a DutyCalls channel","text":"A DutyCalls channel must be linked to the source created in the previous step.
- Browse to the previously created service
- Click the Add channel button
- Provide a name for your channel, we suggest to keep the channel name and environment name the same. Setting up a channel per environment is our best practice.
- Choose the manager for this channel, the manager get's notified if something is amiss within the channel
- Select the previously created InfraSonar service
- Set the minimum number of active subscribed to your organizations needs, when this is your first setup you might want to set this to 1
- Click Add
- Observe the channel and note the No. Active Subscribers is
0/1, click subscribe to retrieve notifications for this channel
DutyCalls has now been setup, next step is to configure InfraSonar to integrate with DutyCalls.
"},{"location":"integrations/dutycalls/dutycalls-getting-started/#infrasonar-configuration","title":"InfraSonar configuration","text":"To complete the setup and receive alerts in DutyCalls, some additional configuration has to be done in InfraSonar.
This step requires the DutyCalls Service credentials.
"},{"location":"integrations/dutycalls/dutycalls-getting-started/#retrieve-dutycalls-service-credentials","title":"Retrieve DutyCalls Service credentials","text":" - Open DutyCalls
- Select Services from the left hand menu
- Click the Setup icon from the service you have setup for InfraSonar
- Click Send security code; this wil send a code to the email address you are logged on with in DutyCalls.
- Enter the received security code
- Make note od the username and password
"},{"location":"integrations/dutycalls/dutycalls-getting-started/#source-configuration","title":"Source configuration","text":"The first step is to add the source you just created to the desired InfraSonar container.
- Select the container for which you would like to configure DutyCalls.
- Click the DutyCalls icon in the left hand menu, this should open the DutyCalls configuration page
- Click on the Configure source button.
- Enter the previously retrieved username as Consumer key and the password as Consumer secret and click on the Save button.
"},{"location":"integrations/dutycalls/dutycalls-getting-started/#rules-configuration","title":"Rules configuration","text":"The second step is to add a rule .....
you created to the container you selected in the previous step.
- Select the Channels option from the left-hand menu in InfraSonar
- Click the Add channel button to add a DutyCalls channel
- Provide the correct Channel name as previously created in DutyCalls
- Enter an optional description
- Select the correct DutyCalls source
-
Optionally set condition and host filters, to filter the alerts that will be forwarded to DutyCalls.
The configuration has now been completed. Alerts related to the configured InfraSonar container will be posted in the configured DutyCalls channel.
"},{"location":"introduction/getting_started/","title":"Getting started","text":""},{"location":"introduction/getting_started/#getting-started-with-infrasonar","title":"Getting started with InfraSonar","text":""},{"location":"introduction/getting_started/#familiarize","title":"Familiarize","text":"We recommend setting up a small-scale testing environment and using this documentation to guide you on your journey to become acquainted with InfraSonar and its terminology.
"},{"location":"introduction/getting_started/#implementation-steps","title":"Implementation steps","text":"We outline the implementation steps for an agent-less implementation as this is a non-intrusive way to get to know InfraSonar.
"},{"location":"introduction/getting_started/#agent-less-implementation","title":"Agent-less implementation","text":"Implementing a basic InfraSonar configuration is easy because InfraSonar can be deployed agent-less and thus leaves no footprint on the monitored infrastructure.
The first step is to deploy an InfraSonar appliance
- Deploy the InfraSonar appliance Deploy an InfraSonar appliance in your infrastructure.
- Add assets Use our webapp to add assets and collectors per asset to your container.
- Add labels Label your assets to apply our pre-defined conditions.
Probe configuration and credentials
Some probes require you to configure credentials, see our probe and credentials specific documentation for more information.
"},{"location":"introduction/getting_started/#implementation-support","title":"Implementation support","text":"Feel free to reach out to us for support when implementing/evaluating InfraSonar.
Our implementation Consultants have years of experience and are keen to show you around and get the best out of our platform.
"},{"location":"introduction/platform/","title":"Platform","text":"This section provides an overview of the InfraSonar monitoring platform.
"},{"location":"introduction/platform/#architectural-overview","title":"Architectural overview","text":"An architectural overview of the InfraSonar platform
InfraSonar can be broken down in three area's:
- Collectors;
- InfraSonar cloud;
- InfraSonar application.
"},{"location":"introduction/platform/#collectors","title":"Collectors","text":"Within InfraSonar, we identify three concepts for collecting data:
- Agents Agents run autonomously on an endpoint and send data straight to the InfraSonar platform.
- Probes Probes query an endpoint using a specific protocol.
- Services Services monitor an endpoint and report the status to multiple containers. E.g. Microsoft 365 Service Health Status
"},{"location":"introduction/platform/#infrasonar-cloud","title":"InfraSonar cloud","text":"The InfraSonar cloud platform is hosted on the Google Cloud Platform.
Data from a monitored environment is received and processed in the InfraSonar cloud platform on what we call the Hubs. These Hubs evaluate the data against configured conditions and store received time series data in SiriDB. Received state data is kept in memory by the Hubs.
"},{"location":"introduction/platform/#infrasonar-application","title":"InfraSonar application","text":"The InfraSonar application is a web based user interface which accessible using any modern web browser.
The application can send messages to end-users using email or Dutycalls.
See our application section in the documentation for more information
"},{"location":"introduction/support/","title":"Support","text":""},{"location":"introduction/support/#support","title":"Support","text":"How can we help you?
"},{"location":"introduction/support/#services","title":"Services","text":""},{"location":"introduction/support/#implementation-services","title":"Implementation services","text":"Implementing a monitoring solution can be a challenging task.
Our implementation consultants have a lot of experience in not only implementing InfraSonar but also on helping your organization into accepting and eventually embracing a new way of working.
"},{"location":"introduction/support/#support_1","title":"Support","text":"Support is only a phone-call, slack message or email away.
"},{"location":"introduction/support/#custom-development","title":"Custom development","text":"A InfraSonar is an open platform adding custom probes, agents and or services to our platform is easily done.
Feel free to contact us to discuss your monitoring needs.
"},{"location":"introduction/support/#analysis-support","title":"Analysis support","text":"Analyzing monitoring data and combining metrics to create custom dashboards to offer an in-depth view of your monitored infrastructure is one off InfraSonors unique features.
If you have any specific requirements we can jointly figure out what would we the best way to setup InfraSonar dashboards.
"},{"location":"introduction/support/#contact-details","title":"Contact details","text":" support@infrasonar.com
+31 85 876 8733
"},{"location":"introduction/support/#availability","title":"Availability","text":"We are a European company based in the Netherlands. Our general availability is from Monday to Friday between 08:00 and 17:00 (CET)1.
-
Different times are possible by appointment.\u00a0\u21a9
"},{"location":"introduction/terminology/","title":"Terminology","text":""},{"location":"introduction/terminology/#terminology","title":"Terminology","text":"Terminology in IT is always a bit of a challenge we try to make it easier by outlining what we mean with curtain terms.
"},{"location":"introduction/terminology/#terminology-overview","title":"Terminology overview","text":"Term Description Agentcore Central component in a monitored infrastructure that acts as a relay between probes and the InfraSonar cloud. Agents A standalone InfraSonar component that can send monitoring data to InfraSonar via the API API The API allows users to perform automated access using a personal access token. Appliance A dedicated (virtual) Linux appliance for InfraSonar. Asset A monitored network component in an environment. Collectors These perform the actual measurement and are tailored per monitored component. InfraSonar knows three types of collectors: probes for agentless monitoring, agents for standalone or event driven monitoring and services for remote monitoring from the cloud. Container Used to organize environments and authorization in those environments. Frontend These are the webservers hosting the UI for end users to access InfraSonar. Hub State is stored here in memory, and logic is performed when new monitoring data arrives. SiriDB The database used for storing timeseries data with a long term retention."},{"location":"introduction/what_is_Infra_Sonar/","title":"What is InfraSonar","text":""},{"location":"introduction/what_is_Infra_Sonar/#what-is-infrasonar","title":"What is InfraSonar","text":"InfraSonar comes out of the box with many predefined conditions based on years of experience and best practices.
This predefined set of conditions and agent-less monitoring capabilities make for an easy and non-intrusive rollout with minimum effort.
Single source of truth
InfraSonar's detailed data collection allows it to serve as your organization's single \"source of truth.\"
"},{"location":"introduction/what_is_Infra_Sonar/#infrasonar-capabilities","title":"InfraSonar capabilities","text":" - State monitoring This allows us to monitor whether the status is still in the desired state, detect state changes and even detect missing items such as volumes, services, and software.
- Performance monitoring Monitors the current state and notifies when a threshold is reached. Performance data is stored in our time series database SiriDB for analysis over time.
- Analysis Performance data and hit alerts (open & closed) are used for analysis over time.
"},{"location":"introduction/what_is_Infra_Sonar/#history","title":"History","text":"InfraSonar started in 2013 as Oversight as the brainchild of an IT architect (Rik) and a senior software developer (Jeroen).
In 2023 we released a completely revised platform under the name InfraSonar.
With InfraSonar we took the lessons learned and made a more versatile and resistent platform not only suitable for IT environments but for any platform were state and performance monitoring are required.
"},{"location":"privacy-security/privacy/","title":"Privacy","text":"Protecting the privacy of the InfraSonar Platform and its customers is a top priority. This page describes what we do and what you as a user can do to guarantee this privacy as well as possible.
"},{"location":"privacy-security/privacy/#data-control","title":"Data control","text":"Customer data is your data, not InfraSonar\u2019s. We only process your data according to your agreement(s). It is, therefore, also possible to manage and delete all user-related information.
"},{"location":"privacy-security/privacy/#data-access-and-restrictions","title":"Data Access and Restrictions","text":"Only a minimum number of InfraSonar employees have access to user data to ensure user privacy.
We recommend following the same policy in your InfraSonar environments. Only give users access to the resources they need.
"},{"location":"privacy-security/privacy/#data-collection-and-use","title":"Data collection and use","text":"We are transparent about data collection and use. We are committed to transparency, compliance with regulations like the GDPR, and privacy best practices. That is why we only collect data necessary for the platform's functioning. It is up to the user to determine which monitoring data needs to be collected.
In addition, we never sell customer data or service data to third parties.
"},{"location":"privacy-security/privacy/#data-retention","title":"Data retention","text":"InfraSonar has the following different retention periods for its data.
"},{"location":"privacy-security/privacy/#configuration-data","title":"Configuration data","text":"Configuration data such as labels, conditions and authorizations are stored while configured.
When a configuration change is made, we don't retain any history in our logging and backups.
"},{"location":"privacy-security/privacy/#time-series-data","title":"Time series data","text":"Time series data is stored in SiriDB, part of the InfraSonar cloud platform.
- For actively monitored assets/hosts we store performance data with a retention period of 66 weeks (15 months).
- Time series that have not received any data for three weeks are purged from the database, as these are stale metrics.
"},{"location":"privacy-security/privacy/#closed-alerts","title":"Closed alerts","text":"Closed alerts have a retention period of 8 weeks.
"},{"location":"privacy-security/privacy/#state-data","title":"State data","text":"State data is kept in memory and is considered volatile.
"},{"location":"privacy-security/privacy/#backup-retention","title":"Backup retention","text":" - SiriDB backups have a four day retention period.
- Configuration data backups have an eight weeks retention period.
"},{"location":"privacy-security/privacy/#data-localization","title":"Data localization","text":"All data collected by InfraSonar is stored in the European Union in accordance with the GDPR.
"},{"location":"privacy-security/security_considerations/","title":"Security considerations","text":"InfraSonar is an infrastructure monitoring platform as a service.
This document outlines some security considerations to take into account when deploying InfraSonar.
Our focus and efforts are aimed at retrieving monitoring data, and sending the collected data securely to the InfraSonar cloud platform for further analysis.
Note
InfraSonar is not an IT automation tool and cannot make changes to a monitored environment. However, some InfraSonar implementations use the InfraSonar API to integrate with an on-premises automation solution such as Ansible, ensuring a single point of truth for configuration management.
"},{"location":"privacy-security/security_considerations/#context","title":"Context","text":"To properly read this security considerations page, it is essential to keep the following context in mind:
- InfraSonar monitoring data is collected through:
- Probes running in a Docker container on the monitoring appliance.
- Agents are sending data via the InfraSonar API.
- Services services run in our cloud platform and retrieve monitoring data autonomously.
- Collected data is sent to the InfraSonar platform for further analysis and user consumption in the InfraSonar frontend.
The platform guide explains this architecture further.
"},{"location":"privacy-security/security_considerations/#infrasonar-design-principles","title":"InfraSonar design principles","text":"Our development team adheres to these principles:
- Use least privilege accounts to access monitoring data when possible.
- Use vendor-documented standards such as API or management protocols to query data.
- When credentials are required, these should be stored encrypted on the monitoring appliance.
- The customer or managed service provider controls access to InfraSonar data.
- Avoid third-party libraries when possible.
- Set up security scanners in our version control system for all projects.
- Security-related issues take precedence over all other matters.
"},{"location":"privacy-security/security_considerations/#the-three-states-of-data","title":"The three states of data","text":"InfraSonar processes massive amounts of monitoring data stored for historical analysis, such as trending. We strive to treat all collected data as if it were sensitive data.
InfraSonar data can be in one of 3 so-called states.
Data at rest Data currently not being accessed, which is stored on a physical or logical medium.
InfraSonar stores data in it\u2019s cloud platform on AES256 encrypted disks. The appliance itself has no disk encryption but uses file-based encryption where possible.
Data in transit Data that \u201ctravels\u201d between devices. The most straightforward example is emails that are in transit.
All data sent between InfraSonar services is SSL encrypted. Data collected by probes is potentially unencrypted, as not all technologies used to collect monitoring data use encryption. SNMP v2c is an example where data is sent without any encryption.
Data in use Data actively in use by one or more applications for analysis or for access/consumption by end-users.
When data is in use, it needs to be in a readable format; this is especially true for data consumed by end-users. Automated data processing takes place in the datacenters, which have several certifications related to security measurements. These include, but are not limited to:
- ISO/IEC 27001
- ISO/IEC 27017
- ISO/IEC 27018
- SOC 2
- SOC 3
The InfraSonar appliance has no special security measures other than those of the environment in which the appliance is used to protect data.
"},{"location":"privacy-security/security_considerations/#data-classification","title":"Data classification","text":"We use the following data classification for InfraSonar and InfraSonar related data:
Restricted - Configuration data stored on the monitoring appliance, as this contains (encrypted) credentials.
- Log data stored on the appliance, as this potentially contains user ids.
- InfraSonar accounts lists.
Sensitive - Time series data and performance metrics collected on monitored assets / hosts.
- State data.
- InfraSonar platform source code.
- CRM data.
- Contracts.
Internal - InfraSonar back office, such as invoices.
- InfraSonar support incidents.
- InfraSonar Slack and email communication.
Public - InfraSonar open source code:
- SiriDB - Time series database used in InfraSonar.
- ThingsDB - NoSQL database used in InfraSonar.
- InfraSonar probes.
- InfraSonar documentation.
"},{"location":"privacy-security/security_considerations/#monitoring-appliance","title":"Monitoring appliance","text":"The monitoring appliance on which the InfraSonar probes and InfraSonar agentcore are deployed requires extra attention, as many vendors do not support a 'least privilege' approach to collecting monitoring data. As such, the probes often require the use of highly privileged accounts and sometimes even root or administrator accounts.
Our recommendations:
- Set up SSH Passwordless Authentication.
- Disable User SSH Passwordless Connection Requests.
- Disable SSH Root Logins.
- Use SSH Protocol 2.
- Set SSH Connection Timeout Idle Value.
- Limit SSH Access to Certain Users.
- Configure a Limit for Password Attempts.
- Update the underlying Linux operating system frequently.
- Perform a daily pull command for new InfraSonar containers.
- Use the
latest tag for InfraSonar containers unless otherwise specified by InfraSonar support. - If your company requires version pinning, please let us know so we can explicitly notify you when we release probe updates.
- Frequently update the password used by InfraSonar probes.
- Use disk encryption when possible.
"}]}
\ No newline at end of file
diff --git a/sitemap.xml.gz b/sitemap.xml.gz
index 6e52cf0b..0817998d 100644
Binary files a/sitemap.xml.gz and b/sitemap.xml.gz differ