Trouble Shooting, Logs, Alarms and Triggers Configuration Example Lucent Security Products Configuration Example Series
All Rights Reserved © Alcatel-Lucent 2006, ##### Trouble Shooting, Logs, Alarms and Triggers This Configuration example will show you many tools that can be used in the ALSMS system for reporting and troubleshooting. Many of the pre-configured reporting screens built into the ALSMS. It will also show you how to set up triggers so that administrators and others can be notified when a given situation occurs. There are many other tools that can be used that are beyond the scope of this example but can be found in others including: The Command Line from the ALSMS or the Brick The Log Viewer Application which comes with the ALSMS Third party sniffer tools like Wireshark from (formerly known as Ethereal) Hopefully this example will leave you comfortable with setting up Triggers and Alarms as well as Actions for those triggers.
All Rights Reserved © Alcatel-Lucent 2006, ##### The ALSMS can gather just about any information that you can think of from the Bricks that it is managing. The actual Log information is stored on the drive of the ALSMS machine. For NT installations the default path is users\isms\lmf\log. The reporting tools found in ALSMS allow you to filter and format the information from the log files into more easily understood output. Logs, Alarms and Triggers
All Rights Reserved © Alcatel-Lucent 2006, ##### Logs, Alarms and Triggers Within the ALSMS you can use the custom report generator to produce custom reports. These reports are all generated in HTML format and can easily be exported to MS Excel just by right clicking on the report. Within Excel the data can be displayed in pie chart, bar chart and many other formats. There are also many third party reporting tools that work well with ALSMS. You may already have some of these reporting tools or may be interested in purchasing them in order to produce more colorful, graphics for reporting.
All Rights Reserved © Alcatel-Lucent 2006, ##### Logs, Alarms and Triggers Three third party reporting tools that work well with the ALSMS are: Webtrends Sawmill Telematehttp:// Any of these packages may be purchased separately.
All Rights Reserved © Alcatel-Lucent 2006, ##### Logs, Alarms and Triggers This module is designed to give you a solid overview of the logging capabilities including what to do with the information that is gathered in the form of “Triggering” an action based on an event. There are pre-defined reports accessed from the menus, you can also customize reports by filtering the log information.
All Rights Reserved © Alcatel-Lucent 2006, ##### Logs, Alarms and Triggers Status Overview One simple way to view information is to use the Status Overview. Monitor>Status overview This gives a good overview of what is happening in that Brick.
All Rights Reserved © Alcatel-Lucent 2006, ##### Logs, Alarms and Triggers Brick Snapshot Another great source of information is the “Brick Snapshot” Double Click on your Brick then click Brick Utilities>View Brick Snapshot. If you open a rule set and click on Policy Utilities you can view a policy snapshot. Brick Snapshots and rule set snapshots are a great tool when seeking assistance from another person or collaborating with another person. If you send them snapshots you will save both them and you plenty of time.
All Rights Reserved © Alcatel-Lucent 2006, ##### Logs, Alarms and Triggers Brick Snapshot
All Rights Reserved © Alcatel-Lucent 2006, ##### Logs, Alarms and Triggers Brick Snapshot The previous slide shows only the top section of the output from a Brick Snapshot. It goes on to show a great deal of information with regard to the Brick’s current configuration. This tool is especially handy when working with others on troubleshooting configurations. Just save the snapshot and it to them. A picture tells a thousand words.
All Rights Reserved © Alcatel-Lucent 2006, ##### Logs, Alarms and Triggers Administrators and ALSMS There are plenty of other handy tools like these to check administrators and ALSMS. Monitor>Administrators Or Monitor>ALSMS/LSCS
All Rights Reserved © Alcatel-Lucent 2006, ##### Logs, Alarms and Triggers ALSMS Service Status report Another good report that shows primarily utilization information is the ALSMS Service Status Report. Click Utilities>ALSMS Service Status
All Rights Reserved © Alcatel-Lucent 2006, ##### Logs, Alarms and Triggers Generating reports The report structures within the ALSMS are incredibility diverse. You can create, run and save all kinds of custom reports from a single screen. The reports can be customized and saved. The reports can also be set to show history by dates and times. So for instance if you want to see a report detailing sessions and their activity over the past hour you would fill out your form as shown on the following slide. Pay attention to all of the various options that you have along the way, then go ahead and create your own reports.
All Rights Reserved © Alcatel-Lucent 2006, ##### Click on ALSMS/Reports/Sessions Logged. Right click on Sessions Logged and select New Sessions Logged. Click on the tabs to see what other information you can look at. Fill out the form any way you choose to see the information that you need, then click the “Run” button. Logs, Alarms and Triggers Generating reports
All Rights Reserved © Alcatel-Lucent 2006, ##### Logs, Alarms and Triggers Generating reports
All Rights Reserved © Alcatel-Lucent 2006, ##### You can run reports on any of the following: Closed Sessions Sessions logged Administrative events VPN Events Alarms Authentication Logs, Alarms and Triggers Generating reports
All Rights Reserved © Alcatel-Lucent 2006, ##### Notice that you can turn the “Is” buttons into “Is not” buttons for even more variables. Create some reports. Use as many variables as you can. Press the “Run” button to view reports. See if you can export a report to MS Excel. Logs, Alarms and Triggers Generating reports
All Rights Reserved © Alcatel-Lucent 2006, ##### A Trigger scans the ALSMS logs for a set of conditions, when the conditions are matched the action associated with the trigger is taken. When a trigger detects a set of conditions that are user defined, the action that is associated with this trigger is taken. The next two slides will show you all of the triggers and all of the possible actions that can be taken based on these triggers, as of ALSMS version 9.1. Logs, Alarms and Triggers Actions This next section will discuss triggers for alarms and their associated actions.
All Rights Reserved © Alcatel-Lucent 2006, ##### Alarm code Brick Error Brick Failover event Brick ICM Alarm Brick interface lost Brick lost* Brick Proactive monitoring Brick SLA round trip delay alarm ALSMS error ALSMS proactive monitoring LAN to LAN tunnel lost* LAN to LAN tunnel up Local Presence map pool QOS Rule Bandwidth exceeded alarm QOS Rule Bandwidth guarantees alarm QOS Rule Bandwidth Throttling alarm QOS Zone Bandwidth Guarantees alarm QOS Zone Bandwidth throttling alarm Real Secure Unauthorized ALSMS login attempt* User authentication Triggers
All Rights Reserved © Alcatel-Lucent 2006, ##### Direct Page – Page the administrator. – Set up paging in the Configuration Assistant. – Send to responsible party. – Set up address in “action” or Administrator account. SNMP Trap – to any SNMP Manager – Set up SNMP host in “Action Wizard” and configuration assistant. SYSLOG – Sends UDP packet to Syslog server. – Set up SYSLOG server in “Action Wizard” and configuration assistant. Logs, Alarms and Triggers Here are the possible Actions:
All Rights Reserved © Alcatel-Lucent 2006, ##### The following is an example of an action being taken on a configured trigger. Example: The LAN Admin wants to be ed when more than 5 failed user logins happen in a five-minute period. First, we need to create the action, as that will be the required response when we define the Trigger. Logs, Alarms and Triggers and Actions
All Rights Reserved © Alcatel-Lucent 2006, ##### Logs, Alarms and Triggers and Actions Creating an Action Expand the Alarms folder and click on the Actions folder. Right click and select New Action Set Action Name to “ Admin” In Action Type pull-down select “ ”. You can select Use default, if Admin’s account includes an address; otherwise insert the of choice. Click File>Save and Close
All Rights Reserved © Alcatel-Lucent 2006, ##### Creating a Trigger 1.Open the Triggers folder and select New Trigger 2.Set Trigger Name to “Intruder alert” 3.In Trigger Type pull-down select “User Authentication”. 4.Fill in a Description 5.Set Threshold Count to 5, Threshold Period to 5 Minutes, Sleep Period to 15 seconds, and click Next. 6.Click on Group Tab, select System and click “>” 7.Click on Action Tab, select Admin and click “>” 8. Click File>Save and Close Logs, Alarms and Triggers and Actions
All Rights Reserved © Alcatel-Lucent 2006, ##### Logs, Alarms and Triggers and Actions If you are on and there were 5 failed login attempts in less than 5 minutes the administrator would receive an notifying him or her of a possible intruder to the network. Select Send a Console Message on this screen so that we can test our trigger without .
All Rights Reserved © Alcatel-Lucent 2006, ##### Click on the pre-set trigger called “Unauthorized login attempts”. Modify as you see to the right. Threshold count 2, Threshold Period 5 Minutes. Note, not seconds but minutes. Save and Close. Test this by logging out and back in with the wrong password a few times. Or use the ALSMS Remote Navigator to test with. Logs, Alarms and Triggers and Actions
Lucent Technologies – Proprietary Use pursuant to company instruction Logs, Alarms and Triggers For more detailed information on configuring this feature click Help>On Line Product Manuals>Reports, Alarms and Logs Guide See the section on Configuring Alarm Triggers. The Product Manuals can also be found on your ALSMS CD.