bsm primer

All rights reserved. No parts of this work may be reproduced in any form or byany means - graphic, electronic, or mechanical, including photocopying,recording, taping, or information storage and retrieval systems - without thewritten permission of the publisher.

Products that are referred to in this document may be either trademarks and/orregistered trademarks of the respective owners. The publisher and the authormake no claim to these trademarks.

While every precaution has been taken in the preparation of this document, thepublisher and the author assume no responsibility for errors or omissions, or fordamages resulting from the use of information contained in this document orfrom the use of programs and source code that may accompany it. In no eventshall the publisher and the author be liable for any loss of profit or any othercommercial damage caused or alleged to have been caused directly orindirectly by this document.

Printed: July 2009 in Dallas, Tx.

FireScope BSM Primer

© 2009 FireScope, Inc.

Publisher

Technical Editors

Cover Designer

FireScope Inc.

Cindy TurrietaMelissa McKayMatt RogersRyan Counts

Nick Alemond

3



Table of Contents

Part I Introduction 5

Part II Getting Started 7

Part III Starting the Virtual Appliance 9

Part IV Starting the Physical Appliance 10

Part V Key Terms 12

Part VI My Dashboard 15

................................................................................................................................... 161 Creating Pages

................................................................................................................................... 172 View Shared Content

................................................................................................................................... 183 Page Elements

................................................................................................................................... 204 My Spaces

.......................................................................................................................................................... 20Create New Spaces

................................................................................................................................... 225 Search

Part VII Setting up Services and Monitoring 24

................................................................................................................................... 251 Configuring a Monitored Asset

.......................................................................................................................................................... 25Configuration Items

......................................................................................................................................................... 25Lab #1: Creating / Editing Configuration Items

.......................................................................................................................................................... 27Attributes

......................................................................................................................................................... 28Operation Types

......................................................................................................................................................... 29Lab #2: Creating / Editing Attributes

......................................................................................................................................................... 31Web Monitoring

......................................................................................................................................... 31Lab #3: Create a Web Monitoring Scenario

......................................................................................................................................... 33Steps

.......................................................................................................................................................... 35Events and Notifications

......................................................................................................................................................... 37Events

......................................................................................................................................... 37Event Definition Functions

......................................................................................................................................... 37Lab #4: Defining Events

......................................................................................................................................................... 40Actions and Notifications

......................................................................................................................................... 40Lab #5: Configuring Notifications and Actions

......................................................................................................................................... 44Notification Tips

.......................................................................................................................................................... 45Visual Controls

.......................................................................................................................................................... 46Templates

......................................................................................................................................................... 47Creating / Editing Templates

......................................................................................................................................................... 49Linking Templates to CIs

................................................................................................................................... 512 Logical Groups

.......................................................................................................................................................... 51Aggregate Events

................................................................................................................................... 543 Services



.......................................................................................................................................................... 54Service Modeling

.......................................................................................................................................................... 55Policies

......................................................................................................................................................... 56Lab #6: Creating Policies

................................................................................................................................... 594 Maps

.......................................................................................................................................................... 59Google Maps

.......................................................................................................................................................... 59Custom Maps

................................................................................................................................... 625 Enterprise Service Bus

.......................................................................................................................................................... 63Consuming a Custom Feed

.......................................................................................................................................................... 63Supported ESB Transports

.......................................................................................................................................................... 64Supported Databases

................................................................................................................................... 656 Virtual Center Integration

.......................................................................................................................................................... 66Process Overview

.......................................................................................................................................................... 66Configuring a Virtual Center Connection

.......................................................................................................................................................... 68Configuring Managed Hosts and Guests

Part VIII Reporting 70

................................................................................................................................... 711 Viewing Reports

................................................................................................................................... 722 Report Types

................................................................................................................................... 733 Lab #7: Building a Report

Part IX Administration 75

................................................................................................................................... 761 User Administration

.......................................................................................................................................................... 76Users

.......................................................................................................................................................... 76User Groups

................................................................................................................................... 772 Discovery

.......................................................................................................................................................... 77Lab #8: Configuring Discovery Rules

.......................................................................................................................................................... 79Discovery Actions

................................................................................................................................... 833 Appliance Administration

Part X Service Management 84

................................................................................................................................... 861 Policy Status

................................................................................................................................... 882 Latest Data

................................................................................................................................... 913 Events

................................................................................................................................... 924 Actions

................................................................................................................................... 935 Web Check

................................................................................................................................... 946 Syslog Viewer

................................................................................................................................... 967 Visual Controls

................................................................................................................................... 988 Historical Trend View

................................................................................................................................... 1009 Google Maps

................................................................................................................................... 10210 Maps


5

5

1. Introduction

1. IntroductionWelcome to the FireScope Administration Guide. This document is designed to be your handy reference guide toperforming most of the common administrative tasks within FireScope. In order to perform these tasks, you will needAdministrative rights within FireScope and possibly access to the FireScope Config website. Additional resources may befound at http://support.firescope.com.

Overview of Sections1. Dashboard - This section covers creating and using dashboards in FireScope.2. Setting up Services and Monitoring - This section covers configuring hosts, events and notifications.3. Reporting - For viewing, creating or editing reports, this section covers it all.4. Administration - This section covers maintenance of your FireScope installation, including data retention settings and

backups.5. Service Management - This section covers the capabilities within the Service Management section of FireScope.


6

6

1. Introduction


7

7

2. Getting Started

2. Getting Started

To help you get started with FireScope, the following are the high-level processes you will want to follow.

1) Start the ApplianceFireScope is offered as either a virtual or physical appliance. The first time the appliance is started, it may take longer toload as FireScope initializes for the first time. Depending on your version, follow the steps outlined in the next section - Starting the Appliance.

2) Defining ServicesService Groups are logical groups of networked assets that contribute to client-facing services such as email, CRM orfinancial applications. When defining services, it is recommended that you start with what your users consider to be themost critical services provided by IT, and then identify which servers, network equipment, storage devices or othernetworked assets contribute to this service. Defining services are easy, at this point all that is necessary is naming theService Groups, such as CRM Service, Public Website, Email or any other services that IT provides to end users.For hardware that contributes to multiple business services, such as routers and switches, consider creating LogicalGroups for easier configuration.

3) Configure DependenciesThe next step is to setup the Configuration Items, such as application servers, database servers, switches, storagesolutions and other networked devices that contribute to each of the services you defined in step #1. You have two optionsto choose from, manual configuration or auto discovery, depending on your internal policies or preferences. The fastestmethod is auto discovery; all you have to do is define your discovery rules and let FireScope do the work.

4) Setup Event and Performance Metric Data CollectionNow that you’ve identified which Configuration Items contribute to your Service Groups, the next step is to collect event andperformance data to manage the performance and business impact of your services. Metrics can run the gamut fromprocessor utilization, page file statistics or even application metrics; this in addition to polling logs for specific eventinformation. To make the process of configuring these metrics easier, FireScope uses a template engine to apply settingsto multiple Configuration Items. In addition to the templates that come out of the box, you can create your own templates tomeet your unique needs. Multiple templates can be applied to individual CI’s; for example a Redhat server could use a basicsnmp template, a Redhat template for operating system specific metrics, as well as a MySQL, Apache, FTP and JMXtemplate for application specific metrics.In addition to deciding which metrics to measure, you also have flexibility over how FireScope collects these metrics. Usethe related links for details on selecting the best data collection methods.

5) Set Service-Level ThresholdsOnce you’ve begun collecting metrics and events, the next step is to define service levels. Start with Event Definition foreach Configuration Item to define thresholds for key metrics or to identify critical events. For example, an Event Definitioncould be created to flag when Apache has reached 90% of processor utilization, or when 5 or more invalid login attemptshave occurred. You can also flag one of these Event Definition to be the Availability Event for the CI it is associated with.Unlike other solutions that define a server as being down when it is unreachable, FireScope lets you define when a CI is nolonger contributing to the Services it is linked to. You can also configure Actions to enable FireScope to respond to theseevents, either through notification or by automatically executing commands to begin remediation.

Aggregate Events expand on Event Definition to give visibility into infrastructure wide events, even across disparatetechnologies, by linking multiple Event Definitions together in either an AND (all component events must be true to triggerthe Aggregate Event) or an OR (an occurrence of any of the component events will cause the Aggregate Event to fire). Anexample would be all file servers experiencing above average network utilization as indicative of a possible virus outbreak.


8

8

2. Getting Started

For Service-Level Agreements (SLA’s), Service-Level Objects (SLO’s) or corporate policy enforcement, you can link one ormore Event Definitions to build complex event tracking. For example, your SLA for a CRM system may be 99.99% serviceavailability, an average time to create a new record should not exceed 3 minutes and for security there should not be morethan 30 failed login attempts per day. All of these aspects of the SLA can be created by linking multiple Event Definitions or Aggregate Events to build these complex service levels.

One last step remains. When configuring SLA’s or SLO’s, you can generate a financial impact of that event, directly in theform where the policy is defined. This is critical to achieving effective Business Service Management as it helps define IT’svalue in a way that members outside of IT can easily understand. Rather than discussing IT in terms of uptime or kilobytes,this enables IT leaders to discuss events in the terms of how much it cost the business. The exact formula used to measurefinancial impact is yours to decide, a couple of example formulas are included in the related links for this section.

6) Define Dashboards and ReportsNow that FireScope is monitoring your environment, the final step is for each user to log in and define their own customdashboards and reports. Security in FireScope


9

9

3. Starting the Virtual Appliance

3. Starting the Virtual Appliance


10

10

4. Starting the Physical Appliance


Your FireScope appliance includes a set of inner rails in two sections:inner rails and inner rail extensions. The inner rails are preattached anddo not interfere with normal use of the chassis if you decide not to use aserver rack. Attach the inner rail extension to stabilize the chassis withinthe rack.

To install the inner rails:1. Place the inner rack extensions on the side of the chassis aligning the

hooks of the chassis with the rail extension holes. Make sure theextension faces “outward” just like the pre-attached inner rail.

2. Slide the extension toward the front of the chassis.3. Secure the chassis with 2 screws as illustrated.4. Repeat steps 1-3 for the other inner rail extension.

Your FireScope appliance comes with a standard power cable, networkcable not included. The network cable will be plugged into the left-sidenetwork port, which should be labeled with a #1.

Connect a monitor and keyboard to your FireScope appliance and turnon the appliance. After the boot process has successfully completed,you will see the appliance administration screen shown above.

Please note the IP Address displayed in green. This is the IP Address ofyour FireScope Appliance.


11

11


From a computer connected to the same network as this appliance,launch a web browser and type ‘http://’, the appliance’s IP address,followed by ‘:8004’ (e.g.http://172.16.0.1:8004) to access the FireScopeAppliance Configuration Wizard. The default username and password arelisted below.

Username : adminPassword : password

Complete the Appliance Configuration Wizard as it guides you throughconfiguring the following settings:

· Network Settings· Time Zone Settings · Appliance Configuration Admin password · Multi-Node Configuration · FireScope Licensing

You are now ready to log into FireScope for the first time. Use ‘admin’as your username, and ‘password’ as your default password to log in.


12

12

5. Key Terms

5. Key Terms

TERM DESCRIPTION

Active Active refers to a mode that the FIRESCOPE Agent can run in. When running actively, theagent keeps track of what items to send to the server and at what intervals. The agent canpoll the server at set intervals in order to keep track of what items it should be sending.

Active checker Active checker gather operational information from the system where FIRESCOPE Agent isrunning, and report this data to the FIRESCOPE for further processing.

Action An action is a response taken when a Trigger has been triggered. Actions can be configuredto send messages to specific user groups as defined in FIRESCOPE, based on their MediaType settings, or execute remote commands.

Agent Agent refers to the program that is run on hosts that want to be monitored. It is run as aservice and can process both active and passive checks simultaneously.

Alerter Alerter is a server process which is responsible for execution of actions (emails, sms,scripts).

Attribute An attribute refers to an individual item that is monitored on a host, such as load average orresponse time. Item can refer to an item obtained via the FIRESCOPE agent, SNMP, or othermeans. Attributes can be configured as float, 64-bit integers, character strings, or log values.

Configuration Item A configuration item is considered any asset that is being monitored by FireScope. Examplesinclude hosts, machines, applications and more.

Composite Event Composite Events are logical groupings of Events, such as when every server in a groupexperiences large numbers of failed logins. Composite Events are defined by linking one ormore Events together in either an AND (all associated Events must have occurred) or OR(any of the associated Events have occurred) configuration.

Composite EventDefinition

The Definition of a Composite Event is the description of what must occur on one or moreassets for a Composite Event to have occurred.

Event An Event is when the conditions described by an Event Definition have occurred.

Event Definition Event Definitions describe the conditions that must occur to trigger an Event. For example,processor utilization above 95% would be a common example of an Event Definition

Graphs Graphs can refer to the simple graphs that are available for each numerical Item that ismonitored, or it can refer to custom graphs which can be used to show several numericalItems in one graph.

IT Services IT Services refers to a feature within FIRESCOPE that allows users to define an SLA andhave FIRESCOPE keep track of the expected SLA and actual SLA. IT Services are definedas groups of triggers and can be configured to calculate the minimum of a group or maximumof a group.


13

13

5. Key Terms

TERM DESCRIPTION

Location Environment monitored by a single Node.

Logical Group A container for Configuration Items that logically groups them into whatever organizationalsystem makes sense for your business. This can be by geographical location, businessservice, management group, discipline or your own unique system of organization.

Master or Master Node Master Node. Master Node may have one or several Children. Master Node can controlconfiguration of the Children.

Media Type Media Types are used to notify FIRESCOPE users when an Action has occurred. Mediatypes can be via email or custom scripts. Media Types are configured globally to be madeavailable to all Users, and then specified per User to allow certain Users to be notified via onemedia type, and other users to be notified via another media type.

Node FIRESCOPE Server in distributed setup monitoring number of hosts.

Node ID Node ID is an unique number which identifies Node, or FireScope appliance, when usingFireScope's multi-site capability. Each Node must have its own unique Node ID. Note thatMultisite is an Enterprise-Edition only feature.

Queue Queue refers to the internal queue of items the FIRESCOPE server is monitoring. Based onthe specified intervals of items the FIRESCOPE server maintains a queue to keep track ofthe items and when it should poll them.

Passive Passive refers to a mode that the FIRESCOPE Agent can run in. When running passively, theagent waits for requests for attributes from the server and sends them back as requested. Itshould be noted that typically the agent runs in both modes, and the modes are defined by theAttribute when it is configured.

Policy Policies are a linked collection of Event Definitions and or Composite Event Definitions thatdescribe the status of service group-wide conditions. Policies are typically used to monitorcompliance of SLA's, SLO's or corporate policies.

Service Group A Service Group is a container for Configuration Items or Logical Groups that contribute to acommon business service. For example, an ERP Service Group may contain the databaseserver, application server and front-end server for the ERP service, as well as any systemsthat provide data feeds into the service, the core network equipment that enable this serviceto communicate, and more.

SLA Service Level Agreement

SLO Service Level Object

Template A Template is a Configuration Item that has a defined set of Attributes, Events, etc. whichConfiguration Items can be linked to. This allows easier configuration of CI's and changeswithout having to change each individual CI. CI Templates are no different from other assetsexcept that their status is set to ‘Template’ during configuration and as such nothing isactually monitored.


14

14

5. Key Terms

TERM DESCRIPTION

User The FIRESCOPE web interfae can be configured to allow access to multiple users at varyinglevels of access. Users can be allowed anonymous access via the guest account and beallowed to view all available data but not modify any changes, or users can be given accessto only view or modify specific sections of FIRESCOPE.

User parameter User Parameter (UserParameter) refers to custom scripts defined in an agent’s configurationfile. User parameters are defined by a key and command. The key refers to the item definedin the web interface and can be configured to accept arguments as sent by the server.


15

15

6. My Dashboard

6. My DashboardMy Dashboard gives users the ability to quickly view information on different types of pages. There are three types ofpages displayed in My Dashboard:

Page Type

Private Private page - seen only by you

Shared Shared page - seen only by specified user groups

Public Public page - seen by all FireScope users

At any time while in My Dashboard, you can toggle between Private, Shared and Public pages through the drop-down menuon the right.


16

16

6.1 My Dashboard

6.1 Creating Pages

Start by clicking on the Add Page icon at the top right of the page. This will take you to an easy form where you canname the page, set a layout and define security:

Configuration of Pages

Page Settings

Name Type the name of the new page

Page Type The type of page you're adding

Private Private page - seen only by you

Shared Shared page - seen only by specified user groups

Public Public page - seen by all FireScope users

Page Layout Settings

Rows How many rows the page spacing will be

Columns How many columns across the page spacing will be


17

17

6.2 My Dashboard

6.2 View Shared ContentIf you or any of your colleagues have set a page to be Shared, you can access the page by using the drop-down at the topright of the page and selecting Shared Pages from the Viewing drop-down menu.

Sample Shared Content:

Each of the tabs at the top of the web page are Shared pages. Permissions to view this content is controlled through UserGroups. If you belong to a User Group which has been given access to these pages, you will see them displayed in SharedPages.


18

18

6.3 My Dashboard

6.3 Page ElementsThroughout FireScope Business Service Management, you will find many elements that will make your tasks even easier.While you utilize FireScope's solutions, look for the following elements to aid you in getting the most out of your experience.

PageletsPagelets are the content displayed to you. Sometimes referred to as Resources, this is the content selected by users to bedisplayed in their Private, Public or Shared pages within the dashboard.

Best Practices, Tips and TricksAs you make your way through the product, you will notice Best Practices displayed on the right side of your screen. Thesetips change as you utilize different sections of FireScope to offer tips on how to best utilize the functionality and get themost efficiency from the product. These helpful hints can be turned off by going to Edit User Profile and un-checking the Show Hints checkbox.

Last EventsIn the lower right corner of your screen the last 10 events of the Configuration Item you are monitoring will be displayed.This arms you with information that can help you quickly make decisions when responding to events.


19

19

6.3 My Dashboard


20

20

6.4 My Dashboard

6.4 My SpacesThe My Spaces area within FireScope gives users a place to organize their pages into categories, if so desired. This givesa better way to organize and display a user's dashboard, and mitigates the need for multiple rows of display tabs when continually adding pages.

Multiple Rows of Pages Added to Dashboard

The My Spaces within FireScope is for private page views only, and are not shared publicly.

One suggestion for a user's Space would be to group pages that are related to Service Grouping

6.4.1 Create New Spaces

To create a new Space

Click on the Create New Space button and complete the following form

Create New Spaces Form

Create Space

Name Name of the new space


21

21

6.4 My Dashboard

Pages Available The pages whose security and other settings are make it available to be placed in thisnew space

Pages Display The pages that have been selected to be displayed in this new space

Add/Remove By clicking either button, you can add or remove the selected page from being displayedon this new space

Save/Cancel Save the new Space, or cancel these settings


22

22

6.5 My Dashboard

6.5 SearchLocated at the top right of the FireScope interface is the Search feature, which enablesyou to easily search through all Events, Syslog messages and SNMP data collected byFireScope. Simply enter a keyword to search by and click on the hour glass icon tosearch. The following screen shows an example of the results.

The top section of the results page displays the search criteria, in the case above we searched by the keywords 'too high'and searched through all events, syslog and snmp data for the previous 3 days worth of data. Search results are groupedby the type of returned entries, which means that all relevant Events will be displayed, followed by all relevant Syslogmessages, and finally any relevant SNMP data. Using the FireScope Grid controls, you can now page through results tofind any specific entries that are relevant for your needs.

To learn more about a specific event or message, simply click on the summary. This will take you to a detail page that


23

23

6.5 My Dashboard

shows all related metrics and CI information. Use the browser's back button to return to search results.

Advanced Search

For more advanced searching capabilities, click on the 4-rows icon ( ) in the search box. The following form will appear.

From the advanced search feature, you can fine tune your search by type of data to search by, specific Service Groupsand Logical Groups to search in, or confine the search to a specific time frame.


24

24

7. Setting up Services and Monitoring

7. Setting up Services and MonitoringThis section covers configuring the assets that FireScope will monitor, as well as logically grouping them into the businessservices they contribute to and identifying events.

At a high level, the following describes the process of configuring FireScope to monitor an individual asset.

As you can see in the diagram above, the process of configuring a monitored asset includes 4 key steps, described below.1. Setup Configuration Item - The Configuration Item entry in FireScope acts as a container that identifies the IP Address

or FQDN of the asset.2. Configure Attributes - Attributes are the individual metrics, logs and operational states of the asset you wish to monitor.3. Define Events - Events can be configured to identify whenever an asset has an error or an attribute's value is outside of

operational thresholds. 4. Build Graphs - Visualize current and trending conditions by building pie charts, trend graphs and more, which can be

added to your custom dashboards.

Once you've configured the individual assets, you can then configure the services to be managed. The following describesthe process of setting up a Service Group and establishing SLA or Policy thresholds.

These five key steps, each described in detail in later sections include:1. Setup Service Group - These represent each of your critical business or IT services.2. Assign CI's - Once the Service Group has been created, we next associate the Configuration Items that contribute to

the service.3. Setup Web Monitoring - In the case of services that include a web-based user interface, FireScope can simulate

common user tasks to track performance and availability from the users' perspectives.4. Define Service Levels - Any combination of Event Definitions configured for the CI's that contribute to this service can

be linked to measure SLA's, SLO's or general policies around any aspect of the service, such as availability,performance or business expectations.

5. Create Dashboards - Each user can create their own view of operational conditions through customized dashboards.


25

25

7.1 Setting up Services and Monitoring

7.1 Configuring a Monitored AssetIn order to ensure you are receiving the richest set of system events and data possible, FireScope offers a variety of datacollection methods to choose from. Data collection methodologies can be selected on Attribute by Attribute basis. Forinstance, servers may communicate conditions through rich agents as well as via Syslog or SNMP. Not all data collectionmethods offer the same range of data types, and each has its own set of limitations and pre-requisites. The table below willguide you through the available collection methods to help you strategize the best deployment for your unique environment.

7.1.1 Configuration Items

Configuration Items (CI) are the assets on your network that FireScope will be monitoring. Grouped into Logical Groupsand Service Groups, Configuration Items contain Attributes, which are the metrics or logs you wish to keep an eye on (e.g.Processor Utilization, Free Disk Space, log entries). Each Configuration Item can be connected with FireScope utilizing anagent (see Agent Installation section) or through SNMP, Syslog or other communication methods. This section will guideyou through creating or editing configuration items.

As you can see in the diagram above, the process of configuring a monitored asset includes 4 key steps, described below.1. Setup Configuration Item - The Configuration Item entry in FireScope acts as a container that identifies the IP Address

or FQDN of the asset.2. Configure Attributes - Attributes are the individual metrics, logs and operational states of the asset you wish to monitor.3. Define Events - Events can be configured to identify whenever an asset has an error or an attribute's value is outside of

operational thresholds. 4. Build Graphs - Visualize current and trending conditions by building pie charts, trend graphs and more, which can be

added to your custom dashboards.

7.1.1.1 Lab #1: Creating / Editing Configuration Items

1. Login to FireScope with Configuration or Administrative privileges.2. Expand the Configuration menu, then select Configuration Items Overview from the sub-menu.3. You will see a list of all current configuration items. You can filter this display by logical grouping or service group by

using the drop downs at the top of the results, or the fields along the column headers to filter by more specific criteria.4. To disable or delete a Configuration Item, click the check box to the left of the name of the corresponding host, then click

on either the Disable Selected or the Delete Selected button at the bottom of the results.

Note: Disabling a Configuration Item will cause FireScope to no longer collect data from that CI, but all previous datacollected will still be accessible. Deleting a CI will similarly not delete any data, but will mark this device and itshistorical data for deletion during the next Housekeeping cycle. For information on Housekeeping timing, please seeHistory Settings and Cleaning History, in the Ongoing Administrative Tasks section.

5. To edit an existing Configuration Item, click on the Configuration Item name.6. To add a new Configuration Item, click Create Configuration Item or Click on the [+] next to Configuration Items in the

left-side menu.7. Enter a friendly name for this Configuration Item in the name field, preferably the host name in the case of systems. 8. The status field should be set to Monitored. Setting this to Not Monitored will cause FireScope to stop collecting data

from this CI.9. The Connection Settings section includes the network information necessary for FireScope to communicate with this

asset. The following guidelines should be :a. Connect To - FireScope can either use the IP Address or DNS Name to resolve this asset's network address. IP

Address is the faster of the two as it requires no DNS lookup process.


26

26


b. DNS Name - The fully qualified DNS address of this CI. Only required if you specify DNS Name in the Connect To field.c. IP Address - The IP Address of this CI, only required if you specify IP Address in the Connect To field.d. Port - If you are using a FireScope agent to collect data from this CI, this should be the port that the agent is listening

on. The Default is 8042. If you aren't using the agent, this field can be ignored.e. Domain - This should only be used if you are going to use WMI to collect attribute values, and will be the Active

Directory domain name.f. Proxy Configuration Items - If using FireScope Sentinel, you would select the Configuration Item acting as a proxy for

data collection.10.In the Logical Group and Service Group sections, you add this CI to any services it contributes to, or associate it with

similar assets.11.To automatically create Attributes, Event Triggers and graphs for this Configuration Item, use the Add button in the Link

With Template section. Clicking this button will open a nodal menu of installed templates, simply click the name of thetemplate that is most similar to this CI. Multiple templates can be used as appropriate. For more information, please seethe Templates section of this manual.

12.The Profile section of a CI is optional, and is available in case you wish to include additional information that might beuseful for other users.

13.Click Save when finished.

Configuration Item Parameters

Parameter Description

Name Unique host name. The name must be unique within FIRESCOPE Node.

If no IP address is given, the name is used as a DNS name for accessing this host byFIRESCOPE or an SNMP agent or performing Simple Checks.

Groups List of Logical Groups this host belongs to.

Use IP address Use IP address instead of host name. It is recommended as it won’t require any dependency onDNS servers and it works faster.

IP address IP address.

Port Port number of FireScope Agent running on this host. If no FireScope agent is used, the port isignored.

Use standard FireScope port number 10050.

Status Monitored – the host is monitored

Not monitored – the host is not monitored

Link with templates Link host with one or many templates.

Use profile Use host profile.


27

27


Device Type, Name,OS, SerialNo, Tag,MAC Address,Hardware, Software,Contact, Location,Notes

The remaining fields on this form are optional and can be used to store additional informationabout this host that may be useful during incidents.

7.1.2 Attributes

An Attribute is a specific metric or log you wish to collect data for, such as CPU load average or CI response time, and isassociated with a Configuration Item. An attribute can refer to a metric obtained via any of FireScope's data collectionmethods. Attributes can be configured as float, 64-bit integers, character strings, log or text values.

ShortcutThe easiest way to add Attributes for a Configuration Item is to associate the CI with a Template. Templates arepre-configured Configuration Items of a specific type, such as Windows Server or Cisco 2600, and include a list ofcommonly used Attributes, Event Definitions and Graphs. More than one Template may be associated with a ConfigurationItem. See the section on Templates for more information.

Method Requirements Scope of Data Available

SNMP v1 Device must be SNMPv1 compatible, or have an SNMPagent installed.

The SNMPv1 SMI specifies the use of a number of SMI-specific data types,which are divided into two categories:· Simple data types· Application-wide data types.

Three simple data types are defined in the SNMPv1 SMI, all of which areunique values:· The integer data type is a signed integer in the range of -2,147,483,648 to

2,147,483,647.· Octet strings are ordered sequences of 0 to 65,535 octets.· Object IDs come from the set of all object identifiers allocated according to

the rules specified in ASN.1.

Seven application-wide data types exist in the SNMPv1 SMI: networkaddresses, counters, gauges, time ticks, opaques, integers, and unsignedintegers.· Network addresses represent an address from a particular protocol family.

SNMPv1 supports only 32-bit IP addresses.· Counters are non-negative integers that increase until they reach a

maximum value and then return to zero. In SNMPv1, a 32-bit counter size isspecified.

· Gauges are non-negative integers that can increase or decrease but thatretain the maximum (minimum) value reached, if it exceeds (or fall below)the maximum (or minimum) value, as specified in RFC 2578.

· A time tick represents a hundredth of a second since some event.· An opaque represents an arbitrary encoding that is used to pass arbitrary

information strings that do not conform to the strict data typing used by theSMI.


28

28


Method Requirements Scope of Data Available

· An integer represents signed integer-valued information. This data typeredefines the integer data type, which has arbitrary precision in ASN.1 butbounded precision in the SMI.

· An unsigned integer represents unsigned integer-valued information and isuseful when values are always non-negative. This data type redefines theinteger data type, which has arbitrary precision in ASN.1 but boundedprecision in the SMI.

SNMP v2 Device must be SNMPv2 compatible, or have an SNMPagent installed

The SNMPv2 SMI is described in RFC 2578. It makes certain additions andenhancements to the SNMPv1 SMI-specific data types, such as including bitstrings, network addresses, and counters. Bit strings are defined only inSNMPv2 and comprise zero or more named bits that specify a value. Networkaddresses represent an address from a particular protocol family. SNMPv1supports only 32-bit IP addresses, but SNMPv2 can support other types ofaddresses as well. Counters are non-negative integers that increase until theyreach a maximum value and then return to zero. In SNMPv1, a 32-bit countersize is specified. In SNMPv2, 32-bit and 64-bit counters are defined.

Additionally, SNMPv2 also specifies information modules, which specify agroup of related definitions. Three types of SMI information modules exist: MIBmodules, compliance statements, and capability statements.· MIB modules contain definitions of interrelated managed objects.· Compliance statements provide a systematic way to describe a group of

managed objects that must be implemented for conformance to a standard.· Capability statements are used to indicate the precise level of support that

an agent claims with respect to a MIB group. A NMS can adjust its behaviortoward agents according to the capabilities statements associated with eachagent.

SNMP v3 Device must be SNMPv3 compatible, or have an SNMPagent installed.

Essentially offers the same information as SNMPv2, with the addition of 3important security features:· Message integrity to ensure that a packet has not been tampered with in

transit.· Authentication to verify that the message is from a valid source.· Encryption of packets to prevent snooping by an unauthorized source.

Syslog Device must have Syslog agent, which is common onmost non-Microsoft operating systems.

Limited to data stored in log files, which does not include most systemperformance metrics. However, on most platforms the administrator candefine what information to log.

FireScopeAgent

Agent must be installed on device. Currently availablefor most operating systems, including Windows, Linux,Unix, BSD.

This method offers the largest scope of information collection. This includeslog data from any log file on the host machine as well as system performancedata and direct database connectivity.

Simple Check No requirements, performed directly through FireScopeappliance.

A simple check is ping testing to verify a CI is reachable. Available/Unavailable and response times are the only types of information that thismethod can collect.

Web Monitoring No requirements, performed directly through FireScopeappliance.

Web monitoring simulates a user experience on a web-based application andmeasures response times and download times.

7.1.2.1 Operation Types

When configuring Attributes in FireScope, one of the most critical settings is the Operation Type field, in the Data CollectionSettings section. This is because it instructs FireScope on what internal process to use to collect this information. Thetable below describes each of the Operation Types in detail.


29

29


Operation Type Description

Agent Check FireScope will make a request to the FireScope Agent installed on this Configuration Item forthe value of this attribute. As a result, the agent must be installed on this Configuration Item.

Agent Remote The FireScope Agent installed on this Configuration Item will send the value of this attribute toFireScope. Useful for geographically dispersed assets. This differentiates itself from AgentCheck because in this instance, the agent initiates the connection to the FireScope appliance.

TCP Check FireScope will create a TCP connection to a specified port to gather this attribute's value.

SNMPv1 Poll FireScope will request the value for this attribute using SNMPv1.

SNMP v2 Poll FireScope will request the value for this attribute using SNMPv2.

SNMPv3 Poll FireScope will request the value for this attribute using SNMPv3.

SNMP Trap FireScope will listen for this SNMP OID for this data. The Configuration Item will need to beconfigured to send this data.

Derived Check These are attributes specific to the FireScope appliance, and are useful for checking currentload and performance.

Grouped Check The value of a specified attribute from multiple Configuration Items will be used in a specifiedcalculation to ascertain the value of this attribute. Useful for looking at conditions of a group ofCI's, such as average processor utilization for a web farm.

Sentinel Check (WMI) In this case, a FireScope Sentinel will act as a proxy to collect WMI information from thisConfiguration Item. Useful in collecting data from remote locations.

Syslog Message FireScope will listen for Syslog messages from this Configuration Item.

Web Check These attributes are associated with a Web Monitoring scenario. See Web Monitoring.

7.1.2.2 Lab #2: Creating / Editing Attributes

1. Login to FireScope with Administrative or Configuration privileges.2. Attributes can be accessed in one of two ways:

a. Expand the Configuration menu on the left-side navigation and click Attributes. Using the drop down boxes at the topright of the page, select the Configuration Item you want to view or edit attributes for.

b. Expand the Configuration menu on the left-side navigation and click Configuration Items. Find the Configuration Item

you want to view or edit attributes for and click the icon to the right of this CI.3. This will display all of the currently configured Attributes for the Configuration Item selected in the drop down at the top

right of the results list. The following explains common tasks that can be performed on this screen.

a. Click the icon for any attribute to see the returned values for an Attribute for the last 30 minutes, 60 minutes or 6hours. This data will be displayed in the right-most column of the screen.

b. Attributes that have an icon have a sparkline visual control associated with them. The icon indicates that thisattribute is being used for a graph. These can be viewed either from your dashboard or in Visual Controls in theService Management menu.

c. To the right of the attribute type, you will see either an icon that denotes that this attribute is being actively

monitored, or an icon, which denotes that this attribute is currently disabled. Clicking this icon will disable thisattribute if it is currently active, or make it active if it is currently disabled.

4. To edit an Attribute, click on the name of the appropriate attribute. If an attribute is associated with a Template, the nameof the template will appear before the name of the attribute. In these cases, not all fields will be editable for this attribute,


30

30


such as the Operation and type information. If you need to adjust these settings for an Attribute associated with aTemplate, select the Template as the CI on step #3 and then edit this attribute.

5. Click Create Attribute to create a new Attribute.6. Give this Attribute a friendly name in the Description field, preferably something other users will be able to recognize.7. Set the Status to Active.8. Classify this attribute as either Availability, Performance or Security, depending on how Events based on this attribute

impact IT. 9. Configure the Data Collection settings section by first specifying the Type of operation. This tells FireScope what

method to use to collect values for this attribute. For details on the available Types, see the section on Operation Types.Depending on what is selected here, additional form fields to the right may appear.

10.If you already know the Operation name for this Attribute, enter it in the Operation field. Otherwise, you can click onSelect to launch the following dialog to select an Operation. For more information about the default operations, see thesection on Default Operations, or read the Scenarios section for examples of specific data collection methods such asSNMP, Agents and more.

11.To complete the Data Collection Settings section, use the following guidelines for each field:a. Units - This optional field will be appended to the end of all values for this Attribute whenever they are displayed.

Examples would be % in the case of processor utilization, Kb in the case of Kilobits and kbps in the case of kilobits per


31

31


second.b. Use Multiplier - In the case where you want to convert the value mathematically before storing, such as converting bits

to bytes, select Custom Multiplier. An additional field entitled Custom Multiplier will appear to the right of this drop downfor the number that should be multiplied.

c. Type of Information - What is the format of values that will be returned by this attribute? Please note that if you selectNumeric and the attribute returned text, this attribute will be disabled.

d. Value - You may not always want the actual value of an Attribute, but instead want to know how much it has changedsince the last time this attribute was queried. In these cases, you can select Delta (speed per second) or Delta(simple change) to have FireScope only record these values.

e. Update Interval - This specifies how often FireScope should retrieve or listen for new data. This number is in seconds,so 60 would check every minute, 3600 for once an hour, or 86400 for once a day.

f. Flexible Intervals - In cases where the CI is at a remote location, or network bandwidth is limited, you can schedulethis attribute to be updated only during specific windows of operation. For more on this feature, read the section on Update Intervals.

12.Fill in this form to add the Attribute. Note – for more information regarding the possible Operation values, see the chartsfollowing this section.

Note : To save time when configuring multiple similar CI's, you may want to create a template.

7.1.2.3 Web Monitoring

FireScope's Web Monitoring feature simulates a user experience to test common tasks performed on websites or webapplications. For example, if you have an E-Commerce website, FireScope can simulate browsing the site, adding items toa shopping cart, authenticating as a user or creating a new user account, and completing the typical user experience.

This feature goes beyond simple uptime monitoring by simulating a browser session and requesting a specific url, with theability to send POST and GET form values, and measuring the response time and analyzing the response itself. Commonuses of this feature include identifying when thresholds for website performance have been breached and notifying staffwhen 500 errors are being generated.

Alternative MethodThe fastest method of generating a Web Check scenario is by downloading and installing the FireScope FireFox Plugin at http://www.firescope.com/quickstart/ffplugin/. With this plugin installed, simply click Record in the plugin and perform thesteps you wish to monitor in your browser. When finished, click Stop in the plugin. You will now have an option to save. This will produce an XML file that can be imported into FireScope, creating a new Configuration Item titled 'WebCheckXXXX' where X is the date of your recording, and generating the web check scenario - including steps for each of the tasksyou performed in FireFox. From here, simply edit the scenario to adjust as necessary.7.1.2.3.1 Lab #3: Create a Web Monitoring Scenario

1. Log into FireScope with configuration or administrative rights.2. Expand the Configuration menu, then select Web Mon. from the sub-menu directly beneath Configuration Items

Overview3. To filter the list of existing scenarios, use the drop downs on the top right of the results list. (When creating a new

scenario, please make sure the configuration item associated with the attribute set you will be linking to thisscenario is selected before proceeding to the next step.)

4. Click on the Create Scenario button at the top right of the results list to create a new scenario, or click on the nameof the scenario you wish to edit. The following form will appear.


32

32


Complete the form and click Save to activate.


33

33



Attribute Set Host Attribute Set the scenario is linked to. Attributes automatically created by WEB monitoringmodule will be linked to the Attribute Set.

Name Name of the scenario. For example, “Login”.

Update interval (insec)

This parameter defines how ofter FireScope should execute this scenario.

Agent Name of user agent FireScope server pretends to be. For example, “Mozilla Firefox 1.5.0.7 onWindows XP”. Useful for testing agent dependent parts of WEB applications.

Status Active – scenario is active Disabled - FireScope won’t execute this scenario

Variables List of macro variables which can be used in URL and Post variables in steps of the scenario. For example: {user}=FireScope {md5pwd}=1233445cbef4556c5645568456e56645

Steps List of steps. See the next section for more information on creating and editing steps.

7.1.2.3.2 Steps

Web Monitoring Scenarios are made up of individual steps, which are essentially an HTTP or HTTPS request to beperformed by FireScope. This allows you to test anything from an individual page's response to, to testing a full processwithin a web application.

A common use of Web Monitoring Steps would be to test every stage of new user registration on an e-commerce site,enabling you to be alerted if one of these stages is generating errors, and to gain visibility into performance bottlenecks.

To create a step1. Follow the process of Creating/Editing a Web Monitor Scenario. Within the Scenario form, click the Add button.2. The following form will appear in a popup window.


34

34


3. Complete the form and click Save.

Step attributes:


Name Unique step name. For example, “Login”.

URL URL. For example, http://www.firescope.com/forum/login.php (Note. If using query string parametersfor this step, include them on this line.)


35

35



Post List of post variables. For example: vb_login_username={user}&cookieuser=&vb_login_password=&s=&do=login&forceredirect=1&vb_login_md5password={pwd}&vb_login_md5password_utf={md5pwd} Note that {user} and {md5pwd} are macros we defined for this scenario in the previous section.

Variables must be separated by the & sign.

Timeout Timeout in seconds. FireScope will not spend more than X seconds on execution of this step. In caseof timeout, execution of scenario is terminated.

Required Required string in HTTP response defined as regular expression. Ignored if empty. If HTTP documentdoes not contain this string, execution of scenario is terminated.

Status Codes An alternative to using the Required field, this string looks at the returned http status code. Thefollowing describes the most commonly returned status codes.

Code Value

200 Ok

400 Bad Request

401 Unauthorized

404 Not Found

500 Internal ServerError

Every step automatically creates the following attributes linked to the scenario attribute set

Attribute Description

web.test.in[Scenario,Step,bps]

Download speed for step 'Step' of scenario 'Scenario'

web.test.rspcode[Scenario,Step]

Response code for step 'Step' of scenario 'Scenario'

web.test.time[Scenarion,Step,resp]

Response time for step 'Step' of scenario 'Scenario'

All these items can be used for graphing, triggers and everything supported by standard attributes 7.1.3 Events and Notifications

Once you've started collecting data from your managed assets, we can define Events to identify abnormal behaviour orissues. Events can be defined from one or more attributes, and can be as simple as identifying when processor utilizationis over 95%, or as complex as you like, such as adding up the size of every MDF file in a directory and generating an Eventwhen the total size has surpassed 60% of total drive space.

Events / Aggregate Events / Policies


36

36


Events, Aggregate Events and Policies determine not only the data that can be displayed in the dashboard but is thefoundation for building complex service models. This information can be provided to C-Level executives and business unitsto create a better understanding of what the true business impact is in the event of a failure or to provide positive feedbackthat all systems are properly functioning and providing the required services.

Event Definitions, Aggregate Event Definitions and Policies are very flexible and can allow for multiple constraints. As youcan see in the concept diagram below, Events can be logically grouped into Aggregate Events to identify issues that areimpacting multiple assets, and in turn Policies or SLA evaluations can be made up of Aggregate Events and individualEvents.

ActionsActions control how you want FireScope to react when an Event, Aggregate Event or Policy are triggered. Two types ofactions are supported: Send Message or Remote Command. As the name implies, Send Message will use whatever mediatypes are setup for the selected user or user group to send a pre-defined message. Email and SMS are currently supportedmethods of communication through FireScope.

Remote Command actions allow you to execute a command on a specific machine whenever a trigger is activated, such asrestarting a service or rebooting a machine.


37

37


7.1.3.1 Events

Event Definitions are used to define constraints on attributes and provide notifications or execute remote commands whenthese constraints are exceeded. For example, you may be monitoring average processor load on a specific ConfigurationItem, and want to know when this average for the past 5 minutes exceeds 70%. Events can be

If you want FireScope to perform notification or attempt specific remediation steps when an Event occurs, see the Actionsand Notifications section for details.7.1.3.1.1 Event Definition Functions

The functions that are available for use when creating Event Definitions are listed below.

Function Conditionals Explained

Evaluate the current sampled value N = Target or threshold value.

Evaluate the absolute change between the current andprevious values

N = How much change has occurred.

Evaluate the average of all values in the last {T} seconds orsamples

Last T = Number of seconds or returned values to average.N = Threshold

Evaluate the difference between the MAX and MIN valuesfor the last {T} seconds or samples

T = Number of seconds or returned values.N = Threshold

Evaluate the difference between current and previousvalues

N = Threshold of difference

Evaluate the number of times a desired value {V} isreturned in the last {T} seconds or samples

Last T = Number of seconds or returned values.V = Value to look forN = Threshold

Evaluate if the last 2 values were different, set N = true N = true/false

Evaluate the largest value received in the last {T} secondsor samples

Last T = Time range or number of returned valuesN = Maximum value

Minimal value for period of time {T} Last T = Time range or number of returned valuesN = Minimum value

Find string {T} in last value. X, where X is 1 if found,otherwise 0.

T = String to findX = 1 if found, 0 if not.

Sum of values over period of time {T} Last T = SecondsN = Threshold

7.1.3.1.2 Lab #4: Defining Events

1. Login to the FireScope with Configuration or Administrative privileges.2. Click on the Configuration tab, then select Event Definitions from the sub-menu. 3. You will now see a list of all currently configured Event Definitions. 4. To edit an existing Event Definition, click on the name of the Event.5. To create a new Event Definition, click on [+] next to the Event Definitions menu entry.6. Give this Event a Name, preferably something easily recognizable by other users.7. Classify this Event as either impacting Availability, Performance, Security or Business. Business is recommended when

evaluating business metrics such as revenue generation or e-commerce transactions.


38

38


8. In the Definition Criteria section, click on the Insert button. This will open a nodal window that will guide you throughdefining the Event's criteria, shown below.

a. Use the Select button to choose which Attribute this Event is based on. Selecting Use {EVENT.STATUS_VALUE}should only be used if you are going to use Advanced Mode when building this Event Definition. See the section onAdvanced Event Definitions for more information about this option.

b. In the Function drop down, select how you want this Attribute's value to be evaluated. See below for a description ofeach available function and scenarios for use.

c. Depending on the type of evaluation selected, additional fields will appear for specific values to be used in thisevaluation.

d. Click Insert when done.9. To include multiple criteria, or for more complex testing, select Advanced Mode for additional features. Please note, this

is recommended only for expert users. See the section on Advanced Event Definitions for more information.10.If this Event should only be evaluated if other, specific Events have not occurred, select and add them using the Event

Definition Dependency section. For example, if you are defining Events for a server, and don't wish them evaluated if thenetwork is down, select any network availability Events as dependencies for this Event.

11.Complete the rest of the form as appropriate and click Save.

If you want FireScope to perform notification or attempt specific remediation steps when an Event occurs, see the Actionsand Notifications section for details.

Sample Event Definition


39

39


Event Definition Attributes:


Name Easily identifiable name for this trigger. Macros can be used in this section as shortcuts. Seethe section on Macros for more information.

Definition Criteria Evaluation criteria for this Event Definition.

Event DefinitionDependency

In order to reduce false positives, dependencies are other Events that have not fired. Forinstance, if a switch goes down, you do not want multiple events fired off for every server orasset connected to this switch. Therefore, the switch being operational would be a dependentEvent for all assets connected to it.


40

40


Severity How important this issue is, as determined by you

Comments Internal description of this Event.

URL Address of a resource that provides additional information or issue resolution. For instance,this could point to an internal KB article describing common fixes for this issue.

Disabled Checking this box will cause this Event to be ignored.

Note: If you delete a trigger that is being used in a Google Maps map point or map link, the status ofthe map point or link will change to Unknown and a notification email will be sent to all members of theFireScope Administrators user group.

7.1.3.2 Actions and Notifications

Actions control how you want FireScope to react when an Event, Composite Event or Policy violation occurs. Two types ofactions are supported: Send Message or Remote Command. As the name implies, Send Message will use whatever mediatypes are setup for the selected users to send a pre-defined message. Email, SMS, Instant Message are all supportedmethods of communication through FireScope. See the section on Media Types for more information. Remote Commandactions allow you to execute a command on a specific Configuration Item or an entire Logical Group of CI's whenever aspecific Event occurs, such as restarting a service or rebooting a machine.

7.1.3.2.1 Lab #5: Configuring Notifications and Actions

1. Login to FireScope with Configuration or Administrative privileges.2. Expand the Configuration menu and select Events Actions.3. To disable or delete an action, use the checkbox to the left of the name of the action or actions, and click either Disable

Action or Delete Action at the bottom of the list of actions.4. To edit an action, click the name of the action you wish to edit.5. To create a new action, click the [+] icon to the right of the Events Actions menu item.6. Start by giving this Action a descriptive name, preferably something other users will recognize.7. Next define the conditions that should be met for this action to trigger. Multiple conditions can be configured, so you can

be as granular as you like. Use the following steps to define a condition:a. In the Conditions section of this form, click the New button. A New Condition mini-form will load just above this space.b. Use the first drop down box on the left to specify what aspect of an Event to use as criteria. See below for an

explanation of each condition type.c. Complete this mini-form with the specific condition that should be applied and click Add when done.d. Repeat from step 7a until you have added all of the conditions that should be evaluated before FireScope should

perform this action.8. Above the conditions section, a new Type of Calculation section will appear if you have more than one condition. If

EVERY condition must be met before performing this action, select AND. Otherwise, select OR.9. Now define what FireScope should do in the event that the conditions defined above have been met in the Operations

section. Multiple operations can be specified. Use the following steps to configure operations:a. Click the New button in the Operations section. A New Operation mini-form will load.b. Select either Send Message or Remote Command from the operation type drop down box.


41

41


Note : To use the Remote Command functionality, the FireScope agent must be installed and configured on theassociated Configuration Item.

c. Complete this mini-form and click Add when done. See below for an explanation of each field and their possible values.d. Repeat from step 9a until you have configured every operation that this Action should perform.

10.Click Save at the bottom of the form to save this Action and make it active.

Note : For email notification to function, be sure to configure MTA settings for your email server, and that all usershave an Email media type configured, so FireScope knows what email address to send to.


42

42


Condition Types Explained

Condition Type Description

Logical Group If an Event occurs, this will look at the Logical Groups that the Configuration Item the Eventoccurred on is assigned to. Useful if you have a Logical Group for all Windows servers and onlywant to notify Windows Administrators if an Event occurs.

Configuration Item This condition identifies the Configuration Item the Event occurred on. Useful if specific people arein charge of specific assets.


43

43


Event Definition To create an Action based on an individual Event Definition, this condition let's you specify whichEvent Definition this action should be applied to.

Event DefinitionDescription

Filter based on the description entered in the Event Definition. For example, an action can becreated for any Event who's description includes the word 'Down'.

Event DefinitionSeverity

This condition will cause this action to only occur for all Events with a high or major severity.

Event DefinitionValue

Define if this Action should be triggered based on the status of the Event. Useful if you wantnotification when an Event clears.

Time Period If this Action should only be applied on specific days of the week, or hours of the day.

Action Attributes


NameName this Action, preferably something easily recognizable for other users.

Conditions List of selected conditions that must occur to fire off this action. Multipleconditions can be created for an action to be triggered – all must haveoccurred for the action to be carried out. Click New to add conditions forthis action.You can delete entries from this list by clicking on the check boxto the left of the condition, and clicking Delete Selected.

OperationsThis section lists the operations that will be performed when the definedconditions are met, such as sending email alerts or executing commandson remote systems. To add an operation, click the New button. To removeone or more operations, click the checkbox to the left of the operation(s)you wish to remove and click Delete Selected.

IfOperation Type= SendMessag

e

Send Message To Choose either to send to an individual user, or a user group

Group or User Select the specific user or group to send this message to

Subject Subject of the message

Message Message to be sent. Macros can be used in the message, as well assubject line. See the section on Macros for information about the availablemacros.

IfOperationType =RemoteCommand

Remote CommandSyntax of remote commands:

REMOTE COMMAND Description

<host>:<command> Command ‘command’ will be executed on ‘host.

<group>#<command> Command ‘command’ will be executed on allhosts of host group ‘group’.


44

44


For Remote Commands to work, the FireScope agent must be installed onthe Configuration Item, and the user account the agent is running as musthave appropriate permissions to execute the commands entered in thisfield.

Status Enable or Disable this action

7.1.3.2.2 Notification Tips

A key difference between FireScope and many traditional solutions is that FireScope does not require you to configurenotification for each defined event. The FireScope approach lets you configure notification based on the types of events,or source Configuration Items. Below are a few scenarios commonly used by FireScope users that may give you someideas for configuring notifications for your environment.

Note : Notification can use email, SMS or instant message, and can be configured on a user by user basis. This isconfigured in the Media Types section of each user's configuration. If different methods of notification should be appliedfor different days or times, you can specify this information when defining each Media Type.

Note 2 : In the below scenarios, macros are used that will look up specific pieces of information at the time this action istriggered. They use the format {MACRONAME}. For more information on the available macros, see the section onmacros.

Scenarios Explained

Scenario Conditions Operations Operation Settings

Send me an email or SMS ifany Event with a severity ofMAJOR occurs.

Event Definition Severity = MAJOR Send Message toUser "ME"

Subject = "Majorevent on {CI} hasoccured"Message = "{EVENT.NAME} hasoccured on {CI}.

{EVENT.COMMENT}

Suggested Fix is{EVENT.REMMEDIATION_URL}"

Create ticket in 3rd partyhelpdesk system when eventsoccur with a severity of HIGHor MAJOR

Event Definition Severity = MAJOREvent Definition Severity = HIGH

This will use the OR type of calculation

Send Message touser "Helpdesk"

user with emailaddress thathelpdesk ismonitoring for newtickets.

Subject = "NewEvent on {CI}"Message = "Event= {EVENT.NAME}CI = {CI}IP Address =

{IPADDRESS}"

Send notification to the LinuxAdministrators group if a failed

Logical Group = "Linux Servers"Event Definition Description like "failed"

Send Message toUser Group "Linux

Subject = "Failureidentified on {CI}"


45

45


Scenario Conditions Operations Operation Settings

event occurs on any of theservers in my Linux Serverslogical group.

This will use the AND type of calculationAdministrators" Message = "

{EVENT.NAME} hasoccured on {CI}."

If IIS stops responding onserver OWA_SRV_01, notifythe Windows Administratorsteam and start remediation

Event Definition = "IIS Not Responding" Send Message toUser Group"WindowsAdministrators"+Remote Command

Remote Command ="{CI}:IISReset"+See above forsuggestions on theconfiguration of theSend Messageoperations.

In the case of events thatoccur after hours, sendnotification of any Events tothe after hours team.

Time Period = "Mon-Fri, 1700-2400"Time Period = "Mon-Fri, 0000-0800"

This will use the OR type of calculation

Send Message toUser Group "AfterHours Team"

See above forsuggestions on theconfiguration of theSend Messageoperations.

7.1.4 Visual Controls

With FireScope, you have the ability to generate graphs based on any metrics collected from a networked asset. Thesegraphs can be line graphs, pie graphs, bar charts, stacked bar charts and more. Please note that while it is possible tocreate graphs based on any attribute, some attribute values don't lend themselves to producing good graphs, such as logfile entries or syslog messages.

There are three ways of creating visual controls, outlined below in order of least amount of work first. It is recommendedthat you use method #1 first to generate the most common visual controls, followed by methods #2 and #3 for more specificor unique graphing needs. Use method #3 in scenarios where you want a graph that includes multiple attributes.

Method 1 : Templates1. Create a Configuration Item. While in the Configuration Item editor, link this CI to one or more templates that already

contain graphs for key metrics. 2. When you click save, any graphs associated with the linked templates will automatically generate visual controls for this

new Configuration Item

Method 2 : Attribute Building1. Create a Configuration Item.2. Create an Attribute for the metric you want to visualize.3. At the bottom of the Create Attribute form is a section entitled Visual Control Display Settings.4. To generate a sparkline graph, check Display Performance Sparkline.5. To generate any of the other types of graphs, first check Show Performance Display and then select a graph type in the

Display Type drop down box.6. Optional settings, such as Warning Percent, Major Percent and Item Graph Max may be completed to enhance

presentation of this graph.


46

46


Method 3 : Manual Graph Creation1. Expand the Configuration menu, then select Visual Controls Overview from the sub-menu2. You will now see a list of all currently configured Visual Controls for the device specified in the drop down at the top

right of the results. Use the Logical Group, Service Group and Configuration Item drop downs to filter results.3. To delete a visual control, check the box to the left of the name of the visual control or graphs you wish to delete,

and then click on Delete Selected at the bottom. 4. You can copy a visual control to one or more similar Configuration Items by checking the box to the left of the name

of the control name and clicking Copy Selected To at the bottom of the results. This will take you to a page with achecklist of all currently installed Configuration Items. Check the Configuration Item(s) you wish to copy the visualcontrol to and click Copy at the bottom of the page.

5. To create a new control, select the type of graph you would like to create under the Visual Controls Overview andeither click on the [+] in the Visual Controls menu item.

6. The form that now appears will be different based on the type of visual control you are creating or editing.7. Regardless of the type of visual control you selected, there are two essential elements required to create a visual

control. These are the name of the visual control, and the Attribute(s) to be used as the source(s) of data for thevisual control. For the Trend graph type, multiple attributes can be selected to compare similar or dependentattributes.

8. Fill in the form and select the Attribute(s) to be used as data sources, and click save when you are done.

Note – Because of the flexibility of data sources that can be used with FireScope, not all visual controls may generatemeaningful results. It is recommended that administrators thoroughly consider which attributes will be associated with avisual control, and adjust as necessary to ensure that meaningful information is delivered.7.1.5 Templates

A Template is a defined set of Attributes, Triggers, etc. which Configuration Items can be linked to. This allows easierconfiguration of large numbers of CI's and changes to these CI's without having to change each individually.

When configuring multiple, similar configuration items within FireScope, templates make it considerably easier by eliminatingmuch of the redundant labor. For example, if you have a web farm with multiple Redhat servers running Apache and acustom application, you could create a single template that contains all of the attributes and events you wish monitored andapply this template to every server in the farm for faster configuration.

A template can be linked to multiple Configuration Items, just as a single Configuration Item can be linked to multipletemplates.

Any changes made to a component of a Template, such as an Attribute, Event Definition or visual control, will be applied toevery CI using that template.


47

47


7.1.5.1 Creating / Editing Templates

FireScope includes a default set of Templates to make it easier to configure the most commonly monitored makes andmodels of Configuration Items. However, you can also create your own Templates for your most commonly deployedassets. The following steps describe how to build your own templates.

Process overview

Creating Templates1. Log in to FireScope with Configuration or Administrative privileges.2. Expand the Configuration tab, then select Templates from the sub-menu under Utilities3. You will now see a list of all currently configured templates. This list can be filtered by group, using the drop down 4. To delete a template, click the checkbox next to the associated template, and click the Delete Selected button at

the bottom of the results. The Delete Selected with Linked Elements button will perform the same task, and alsodelete any Attributes, Event Triggers, Visual Controls and Policies associated with this template.

Note : No data is actually deleted when using these buttons. Instead, the database records are changed to adeleted state so they will no longer appear.

5. To edit an existing template, click on the name of the template.6. To create a new template, click on the [+] next to Templates in the main menu.7. Enter a friendly name for this Template in the Name field. Status should be Monitored in order for FireScope to

actively poll associated CI's. Leave Availability Trigger set to None for now.8. If you want any CI's that are linked to this Template to be automatically associated with a Logical Group, check the

appropriate box(es) in the Logical Groups section.9. Templates can be linked to other templates if necessary. For instance, if you are creating a Template for

monitoring the Apache application and know that you are only running Apache on Redhat servers in yourenvironment, you can link the Apache Template to the Redhat Template. In this scenario, any CI that is linked tothe Apache Template will also have the Redhat Template applied. Click the Add button in the Link with Templatessection to link this Template to other Templates.

10. Select a Device Type in the Profile Section of the form to describe CI's that are linked to this Template. All otherfields in the Profile section are optional. Please note that anything entered in these forms will be applied to any CI'slinked with this Template.

11. Click Save at the bottom of the form. We are not done creating this Template yet.12. Add Attributes to this Template by following the normal process of Attribute creation, with this newly created

Template as the associated CI.13. Add Event Definitions to this Template by following the normal process of defining Events, using the Attributes

created for this Template in step 12.14. Optionally, to assign a default Availability Event Definition for this Template, edit this template by using steps #1 -

#5 above, and select the appropriate Event Definition in the Availability Event Definition section.15. Optionally, you can create visual controls for this template, using the same process as used with a normal CI.16. You now have a new Template.


48

48


Template Attributes:


Name Unique template (CI) name. The name must be unique within the FireScope Node.

Logical Groups List of Logical Groups the template belongs to.

Link with template Used to create hierarchical templates.

The remaining fields are optional and can be used to store useful information about theseassets.


49

49


7.1.5.2 Linking Templates to CIs

Configuration Items can be linked to templates using several methods, outlined below, depending on how many CI's youneed to link to a template. Method #1 is best when only a single CI at a time is being linked to a template. Method #2 isbest for linking a large number of already created CI's to a template. The third option is best for linking new CI's to atemplate, as they are discovered by FireScope.

Method #1 : Configuration Item Editor (Single CI Linkage)1. If this is a pre-existing Configuration Item, edit the CI. Otherwise, follow the normal process for creating Configuration

Items.2. Scroll down to the Link with Template section of the form, shown below.

3. Click the Add button in this section to open a nodal list of all available Templates. Click the name of the template to link itto this CI.

4. Repeat step #3 for any additional templates this CI should be linked to.5. To unlink with a template, you have two options. Clicking Unlink with a template will retain any Event Definitions,

Attributes and Graphs that were created by the Template. Clicking Unlink and Clear will unlink with the template, andremove any Event Definitions, Attributes or Graphs that were associated with the Template.

6. Click Save at the bottom of the Configuration Item editor to save and apply template linkage.

Method #2 : Template Linkage (Mass CI Linkage)1. Log into FireScope with Administrative privileges.2. Expand the Administration menu and click on Template Linkage Admin.3. You will see a list of all available Templates. Click the name of the Template to be linked to CI's. The following screen

will appear.


50

50


4. Using the list of available Configuration Items, use Control-left mouse button to select the CI's you wish to link with thisTemplate. Click the Add >> button to move them to the Active list, which lists all CI's linked with this Template.

5. To unlink CI's with this Template, use Control-left mouse button to select them from the Active list, and click the <<Remove button.a. Now select the type of unlink operation to complete. If you want to retain any Attributes, Event Definitions or graphs

that were created by the initial linkage with the template, select unlink only. To remove any associated elements atthis time, select unlink and clear.

6. Click Save at the bottom of the form to apply your new linkage selections.

Method #3 : Discovery1. Log into FireScope with Administrative privileges.2. Create your Discovery rules as normal. 3. Create a Discovery Action, following the normal process. When adding Operations for this action, select Link with

Template and select the appropriate template. Repeat as necessary and click Save when done.


51

51


7.2 Logical GroupsConfiguration Items can be organized into any logical grouping that makes sense for your organization, whether that begeographically, by business service, or by management group – simply by generating Logical Groups. Logical Groups alsocontrol user-level access to data collected by configuration items. This section will cover creating Logical Groups, andassociating configuration items with Logical Groups.

Creating or Editing a Logical Group1. Login to FireScope with configuration or administrative privileges.2. Click on the Configuration menu on the left, then select Logical Groups from the sub-menu3. You will see a list of all current Logical Groups. 4. To edit a Logical Group, click on the name of the Logical Group.5. To create a new group, click on the [+] next to the Logical Groups menu entry.6. The Logical Group editor has only two fields. The first is the friendly name to describe the Logical Group. The

second is a list of configuration items to be associated with this group. To select multiple CI's, hold down thecontrol key when clicking. When this form is complete, click Save.

Alternative method to associating a Configuration Item with a group.1. Click on the Configuration menu, then select Configuration Items2. You will see a list of all current Configuration Items. You can filter this display by logical grouping by using the

Group drop-down at the top right of the results.3. Click on a configuration item to be associated with a host group to bring up the Configuration Item Editor. 4. The second field from the top of the Configuration Item Editor is a check-list of logical groups that this host is

associated with. Check the groups to associate this configuration item to, then click save.

7.2.1 Aggregate Events

Aggregate Events are useful for identifying related Events that occur on one or more Configuration Item within the sameLogical Group. The following scenario describes a situation where you might use an Aggregate Event.

Company A has created a Logical Group containing four load-balancing web servers. They want to know if all four serversbecome unresponsive, but not if at least one server remains responsive. Additionally, they do not want this event to befired if the network supporting these servers goes down (this is handled by a separate Aggregate Event, and they do notwant multiple events triggered if this happens).

In this scenario, an Aggregate Event would be created containing four Events (one for each web server beingunresponsive), with a dependent event monitoring the health of the network itself. With this configuration, an event will onlybe created if all four servers go down, and if the dependent event or events have not occurred.

The diagram below explains the relationship between Events, Aggregate Events and Policies. In this example, two Eventscontribute to an Aggregate Event to identify incidents that span more than one Configuration Item, in this case degradedperformance or a potential security threat. These two Aggregate Events are then combined to evaluate compliance of aPolicy, in this case the Availability SLA for the CRM service.


52

52


Creating / Editing Aggregate Events1. Login to FireScope.2. Before creating an Aggregate Event, all component Events must be defined.3. Click on the Configuration menu, then select Aggregate Event Definitions from the sub-menu4. You will now see a list of all currently configured Aggregate Events. This list can be filtered using the drop downs at the

top right of the results list.5. To edit an existing Aggregate Event, click on its name.6. To create a new Aggregate Event, click on [+] next to the Aggregate Events Definition menu link.7. Give this Aggregate Event a name and select a Logical Group from the Aggregate Event Applies to Group drop down. 8. Using the Add Event Definition Rule to Aggregate Event Definition drop down, select the Events that you want to be a

part of this Aggregate Event, clicking the Add button to save them to this Aggregate Event.9. Set the Logic Type to either And or Or. Use AND if this Aggregate Event should occur if all component Events occur.

Use OR if this Aggregate Event should occur if any of the component Events occur.10.Complete the rest of the form as appropriate and click save.

Aggregate Event Definition attributes:


Name Easily identifiable name for this Aggregate Event.

Aggregate Event Applies A Logical Group that this Aggregate Event is associated with. Only Events associated with


53

53


to Group assets within this Logical Group can be linked to this Aggregate Group.

Aggregate Event LogicType

This option allows you to specify if the member triggers in this group must ALL be true (ANDoperation) or if only a single true member Event should fire off this Aggregate Event.

Aggregate Event RulesApplied

The Events that make up this Aggregate Event. Use the 'Add Event Definition to AggregateEvent' drop down to add Events to this Aggregate Event.

Aggregate EventDepends on

In order to reduce false positives, dependencies are other Events that should not haveoccurred in order for this Aggregate Event to be evaluated. For instance, if a switch goesdown, you do not want multiple events fired off for every server or asset connected to thisswitch. Therefore, the switch being operational would be a dependent event for all assetsconnected to it.

Severity How important this Aggregate Event is, as determined by you

Comments Internal description of this Aggregate Event.

URL Address of a resource that provides additional information or issue resolution. For instance,this could point to an internal KB article describing common fixes for this issue.

Disabled Checking this box will cause this Aggregate Event to be ignored.


54

54


7.3 ServicesService Groups are considered to be any collection of CIs or applications that are provided clients, whether internal orexternal. Examples of Services your IT group may provide could be CRM, Web Applications, Mail, or event general networkand internet access.

When considering Services begin to think not only of what is required on the individual CI for the service to run but what isrequired from the entire infrastructure to ensure the service is available to necessary clients. For example: Mail Services - To maintain a properly functioning mail server you need to provide a server for the internalmail services to run on in addition to the network / internet access required to send and receive messages. Alsonecessary for this service, among others, is DNS, firewall security, spam filtering, user authentication, storageresources, and even the backup system used for disaster recovery. These and others are all pieces of yourinfrastructure that fit into the mail service in one manner or another.

Using the FireScope BSM solutions you are given the ability to model services in a way that complements your internalmanagement processes.

Creating or Editing a Service Group1. Login to FireScope with configuration or administrative privileges.2. Expand the Configuration menu, then click on Service Groups from the sub-menu.3. You will see a list of all current Service Groups. 4. To edit a Service Group, click on the name of the Service Group.5. To create a new Service Group, click on [+] next to Service Group6. The Group editor has only a few fields. The first is the friendly name to describe the service group. The Service Group

Type field denotes wether this collection of configuration items and Logical Groups makes up a Business ServiceGroup, an Infrastructure Service Group or an Operational Service Group. In the following two fields, you can selectwhat Logical Groups or individual configuration items make up this Service Group. To select multiple configurationitems or Logical Groups, hold down the control key when clicking.

7. When this form is complete, click Save.

7.3.1 Service Modeling

Best Practice Guide to Building Your Service Model

ITIL defines an IT Service as:

"A Service provided to one or more Customers by an IT Service Provider. An IT Service is based on the use ofInformation Technology and supports the Customer's Business Processes. An IT Service is made up from a combinationof people, Processes and technology and should be defined in a Service Level Agreement."

The key point to consider is that IT Services are modeled around the business processes IT supports. Therefore, it’sbeneficial to start your service modeling process by temporarily ignoring the technology and considering how the businessperceives their interaction with IT. Start with the most critical processes that drive the business.

An excellent starting point is the processes that directly drive revenue for the business. More than likely, your business sellsa product or service, so what processes does the sales team follow to complete a transaction? At what points do theyengage technology to support these processes? Each of these points of intersection is a possible IT Service. Begin by


55

55


naming the service in a way that the sales team would recognize, and then identify what IT assets, both hardware andsoftware, are required to deliver these services.

For example, the sales team is probably required to log their leads and customer interaction in a CRM system. We’ll namethis service ‘Lead Management’ so that whenever we discuss this service with members outside of IT they will readilyunderstand the business context. Looking at the underlying technology, we can determine that in order to deliver thisservice, we need the web servers the CRM is running on, the middle-tier CRM application servers, Oracle databaseservers, and three outsourced web services that provide data cleansing and lead importation. Each of these would then becreated as Configuration Item’s (CI’s) in FireScope and associated with the ‘Lead Management’ service.

But what other technology assets could potentially have an impact on this service? From these servers to the users thatconsume the service, every hop through a networked asset, such as routers, switches, or security solutions, should beassociated with this service. As many of these assets will be contributing to multiple services, we recommend creatingLogical Groups. A Logical Group is simply a grouping of Configuration Items based on any logic you like. For example, yourcore routers and switches might be linked to a Logical Group called ‘Core Network’. Linking all of these CI’s to multipleservices now only requires linking the Logical Group, and as you add or remove CI’s from this group, every service itcontributes to will reflect the change.

We can now repeat the process we followed in creating the Lead Management service to model other IT Services. Theideal method is to visit with each department of the company and become familiar with their key business processes anduse these as branching points to model IT services. Remember that ultimately IT Services are all about the benefit or valuethe end consumer experiences, and therefore needs to be articulated from their perspective to achieve maximumeffectiveness. Focus initially on what is delivered, not how it is delivered.

7.3.2 Policies

Policies enable complex evaluations of the condition of Service Groups, and are commonly used to measure SLA's, SLO'sor compliance policies. Each Policy is associated with a single Service Group, and can be made up of any combination ofEvent Definitions or Aggregate Event Definitions associated with CI's in that Service Group. The diagram below shows therelationship of the different types of Events.


56

56


In the case above, we have defined an SLA that is based on both performance and security aspects of the CI's thatcomprise the CRM Service Group. In many common scenarios, FireScope customers use multiple policies to monitor eachService Level Object (SLO) or Service Level Agreement (SLA) for a Service Group.

Unlike Events and Aggregate Events, Policies can be monitored by nines (99.998% uptime for example), by number of failedevents, and by their business impact. The business impact is a financial evaluation of the cost to the business wheneverthis Policy has a violation.

Business AvailabilityIn cases where multiple policies exist for a Service Group, you may want a single policy to be reflective of the overall statusof the Service Group itself. For this situation, Policies include a checkbox for Business Availability. When checked, thestatus of that Service Group will be based on the status of that Policy.

7.3.2.1 Lab #6: Creating Policies

1. Login to FireScope.2. Click on the Configuration tab, then select Policies from the sub-menu directly beneath Service Groups Overview.3. You will now see a list of currently configured policies. To filter the results, use the drop downs at the top of the page.4. To edit an existing policy, click on the name of the policy.5. To create a new policy, click on Create Policy or click on [+] next to the Policies menu entry found in step #2.6. Enter a name for this policy in the Name field. This should ideally be something recognizable by other users.7. Classify this policy based on how incidents impact operations. The Business classification is recommended when

evaluating business metrics such as revenue generation, e-commerce transactions that are evaluated by non-ITpersonnel.

8. If you wish to have a financial impact evaluated for incidents of this policy, enter the amount and interval for this


57

57


calculation. The amount to enter here is very much dependent upon your unique business and what best practices youwish to follow. The following are two formulas commonly used to help get you started thinking about this.

Labor Cost = People X Impact X Rate X HoursPeople = Number of workers affectedImpact = Avg. % of work they could not performRate = Average employee cost per hourHours = Number of hours of outage

Revenue Cost = (Revenue / Annual Hours) X Impact XOutage Hours

Revenue = Gross annual revenueAnnual Hours = Total annual business hoursImpact = Percentage impact (e.g. % reduction in

transactions or dollars during outage)Outage Hours = Number of hours of outage

9. Select a Service Group that this policy will be monitoring in the Policy Applies to Service Group drop down.10. If you want this Policy to determine the overall status of the selected Service Group, check the Affects Business

Availability checkbox.11. In the Policy Definition section, you will add all of the Events or Aggregate Events that will be evaluated for this policy.

a. To add an Event or Aggregate Event, use the Select button to open a nodal window. This will list all Events andAggregate Events associated with the selected Service Group. Click the name of the entry you wish to add to thispolicy. Repeat this step for as many Events or Aggregate Events you wish to be included in the evaluation of thispolicy.

b. Select either AND or OR for the Policy Logic Type. If every associated Event must have occurred in order for thisPolicy to be considered in violation, select AND. Select OR if any of these Events can occur to consider this Policyin violation.

12. There may be some situations where you do not want this policy evaluated. For example, if the network is down, youmay not want this to impact your Server Availability policy. In these cases, select those qualifying Events in the PolicyDependency section.

13. Complete the rest of the form as appropriate and click Save.

Policy Parameters


Name Friendly name for this policy

Policy Applies toGroup

This field is only selectable when creating a new policy, and defines what Service Group this policyapplies to.

Policy Logic Type This option allows you to specify if the member triggers in this policy must ALL be true (ANDoperation) or if only a single true member trigger (OR operation) should fire off this Policy.

BusinessAvailability

Setting this flag tells FireScope to evaluate this Policy whenever checking the status of theassociated Service Group.

Policy Definition List of Event Definitions or Aggregate Events currently associated with this policy. To remove anassociation, check the appropriate child entry and click Delete Selected. Use the Select button toadd Event Definitions or Aggregate Event Definitions to this policy.

Policy Dependency If this Policy should not be evaluated if specific Events have occurred, add those Events asdependent events.

Severity Define how critical policy violations should be classified


58

58


Comments Internal description of this policy

URL URL for more information concerning this policy. E.g., you can link to internal knowledge base withinstructions detailing how you wish staff to react when a policy violation occurs.

Disabled Check this box to disable the policy.

Initial Wiki Entry(Enterprise-EditionOnly)

You can add content to the Wiki entry for this policy through this text field. Useful for listing commonfixes for incidents, business processes related to this policy, etc.


59

59


7.4 Maps

7.4.1 Google Maps

FireScope's Google Maps mapping capability provides at-a-glance knowledge of critical system metrics in real time.The pre-set parameters can be easily customized according to any data collected by FireScope; e.g., Web serveravailability, network bandwidth, system security or other criteria. The interface offers graphical, satellite or hybridviews, with color-coded lines between locations that indicate connectivity status. AJAX-powered detail bubbles foreach facility show the aggregated status of system assets at that location, while a zoom in/out control allows users toview assets at levels ranging from street grids to international boundaries.

Note: in order to perform the following tasks, your FireScope account must be assigned to an administrative role.

Setting up a Google Map1. Request a Google Map key and insert in Administration - Google Map Keys.2. Create a Google Map in Configuration - Google Maps - Map Overview3. Create Map Points in Configuration - Google Maps - Map Points for each location, assigning a Logical Group and Aggregate Event Definition to determine status.4. Create Map Links in Configuration - Google Maps - Map Links to denote connectivity status between offices, with each link assigned an Event Definition or Policy to determine status.

7.4.2 Custom Maps

Custom Maps allow you to construct customized maps for specific areas of your infrastructure. For example, you may wantto make a view of your data center available which shows the racks, servers and possibly network equipment. With imagemapping you can overlay a set of icons onto this map to show status of the CIs associated with the icons. In addition youcan add links between CIs to show relationships.


60

60



61

61


Creating a Custom Map1. Create a Custom Map via Configuration - Custom Maps/Images - Custom Map (you can upload new backgrounds via the

Images link in the Custom Maps/Images group).2. Use the Edit button on the Custom Maps list to add Configuration Items and links as needed. As with the backgrounds,

custom icons can be uploaded through the Images link.


62

62


7.5 Enterprise Service BusAn Enterprise Service Bus is an abstraction layer between the core business logic of an application, in this caseFireScope's BSM engine, and external applications or data sources. In an enterprise architecture making use of an ESB,an application will communicate via the bus, which acts as a message broker between FireScope and the third-partyapplication. The key advantage of an ESB is that it allows different applications to communicate with FireScope by actingas a transit system for carrying data.

What does this mean?From a practical perspective, the ESB facilitates federating data from your Helpdesk system, ERP solution, customapplications and more without the need to do any custom programming. Simply tell FireScope how to get the data and mapthe incoming data columns to attributes in FireScope, and you're done.

As you can see in the above diagram, FireScope's Enterprise Service Bus receives or consumes data from third-partyapplications, normalizes this data to the format needed by FireScope's Business Service Management engine, enabling it tothen process this data as attributes and events in the same processes used by FireScope's inherent data collectionmethods such as SNMP, Syslog, Agents, etc.


63

63


7.5.1 Consuming a Custom Feed

The following diagram provides a high-level overview of the process of consuming a custom feed through FireScope'sEnterprise Service Bus, regardless of which transport method is being used.

1. Create ESB Groups - These logical containers are used to organize your transports to make them easier to find andmanage.

2. Configure Transports - For each data source, this configuration tells FireScope what protocol to use and where the datacan be found.

3. Test Connectivity - Verify your connection settings with a quick connectivity check in the FireScope interface.4. Define Attributes and Payload - Performed at the same time as the previous step, you can create attributes in bulk that

map to the incoming data source. For transports other than JDBC, this process will also generate a sample payload fileto help you prepare the data source.

5. Initialize the ESB - When creating or modifying ESB transports, the Enterprise Service Bus will need to be reset for thechanges to take effect.

7.5.2 Supported ESB Transports

Transport Description

JDBC Connect and query databases directly from the FireScope appliance. See the following section onJDBC for details on supported databases.

FTP Allows files to be read from a remote FTP server.

HTTP Enables consuming files from a remote web server.

HTTPS Secure version of the HTTP transport.

File Allows files to be read from network shares. Coming soon.

Multicast Allows attributes to be received via IP multicast groups. Coming soon.

POP3 Enables connectivity to POP3 inboxes. Coming soon.

SMTP Connectivity to SMTP Servers. Coming soon.

SOAP Allows FireScope to act as a SOAP client to connect to remote web services. Coming soon.

TCP Enables data collection over TCP sockets. Coming soon.

UDP Enables data collection as datagram packets. Coming soon.

WSDL Invokes remote web services by obtaining the service WSDL. FireScope will then create a dynamicproxy for the service and invoke it. Coming soon.


64

64


7.5.3 Supported Databases

The following table describes the database technologies and versions currently supported by the FireScope EnterpriseService Bus JDBC transport. When crafting your queries for this transport, please keep in mind that this query is executedoften, depending on your interval settings and every row parsed for data. As a result, the query will need to includeappropriate filtering to only return fresh data.

Database Version Support (Driver stated)

MySQL 4.0 and above

Oracle Oracle 9i 9.2.0.8 and above

Microsoft SQL Server 6.5, 7.0, 2000 and 2005

Sybase 10,11,12,15


65

65


7.6 Virtual Center IntegrationFireScope BSM takes advantage of the Virtual Infrastructure Java API to communicate directly with VMWare Virtual Center,enabling direct access to all health metrics for the virtual center as well as the physical hosts and virtual machinesassociated with it. Using this process does not require an agent installation, nor any additional software.


66

66


7.6.1 Process Overview

From a 30,000 foot perspective, the process for configuring FireScope BSM to connect with a Virtual Center or ESX Serveris as follows:

1. Create a read-only account on the Virtual Center or ESX Server that FireScope BSM will use for connection. Thisaccount will need appropriate permissions to view all assets that will be monitored in FireScope.

2. Configure a Virtual Center connection (Found in Administration menu -> Virtual Center Config).3. Setup a Configuration Item for each physical host / VM / Virtual Center you wish to manage, specifying in the Connection

Settings section that it is using the Virtual Center connection configured in step #1.4. Create VM attributes (categorized in Attributes as VM Virtual Center, VM Host and VM Guest).5. Define Events and Policies accordingly, using these and any other attributes.

7.6.2 Configuring a Virtual Center Connection

To establish a connection to a Virtual Center or ESX server, we must first enter the connection settings, including accountcredentials for a valid user account on the VMWare server. We recommend creating an account that will only be used byFireScope.

Defining a Virtual Center Connection1. Create an account on the Virtual Center or ESX server with appropriate permissions to access the assets FireScope will

be monitoring (read-only access is sufficient).2. Log into FireScope with Administrative privileges, expand the Administration menu and select Virtual Center Config.3. Click on the name of an existing connection to edit its settings, or click the New button at the top right of the screen.4. Complete the form as appropriate. See below for an explanation of each parameter.5. Click Save when done.6. Now define Configuration Items and attributes for any physical hosts, storage assets, virtual machines that you wish to

monitor through this connection.

Example Virtual Center Connection List

Example Virtual Center Connection Completed Form


67

67


Virtual Center Connection Parameters


Name Friendly name for this connection - preferably something other users will easily recognize.

Description Optional. Short explanation of how this connection is being used.

IP IP Address or FQDNS name for this Virtual Center or ESX Server. Please ensure that yourFireScope BSM instance has appropriate network access to this server.


68

68


Port Default 443. Port to be used for connecting to the Virtual Center or ESX Server. Communication is performed over Secure HTTP. Only change if you have modified settings onthe targeted Virtual Center or ESX Server.

Username / Password Credentials for an account on the Virtual Center or ESX Server, with appropriate permissions toaccess the assets being monitored by FireScope. Recommended that you configure an accountthat will only be used by this connection.

7.6.3 Configuring Managed Hosts and Guests

Any Configuration Items that should be using a Virtual Center Connection to collect attribute data will first need to knowwhich Virtual Center connection to use. This setting is located at the Configuration Item level.

Configuring Physical Hosts and Guest VM's1. Follow the normal process for setting up a Configuration Item, and add the following setting.2. In the Connection Settings section, you will see a field titled 'Associate with Virtual Center'. Use the Select button next

to this field to specify which Virtual Center Connection to use when polling for attribute data.

3. If the Configuration Item's name in FireScope is different than the name being used in Virtual Center, enter the namebeing used by Virtual Center for this asset in the Virtual Center Infrastructure Client field. When polling the Virtual Centerfor data, FireScope will first look for assets using values entered in this field. If this field is blank, the Configuration Item'sname will be used.

4. Click Save.5. Define the attributes, or metrics, you wish to monitor for this CI. When creating these Attributes, make sure to use the

VM Virtual Center, VM Host or VM Guest for the type of attribute. This tells FireScope to use the Virtual Centerconnection to collect these metrics, as opposed to other methods such as via Agent, SNMP or ESB.

VM AttributesVirtually all system, network and disk health metrics accessible to Virtual Center are accessible through this connectionmethod. For a list of all VM-related attributes, please see http://www.firescope.com/quickstart/bsmbe/attributes/vm/.


69

69


Additionally, for several attributes you will need to know the Virtual Center Counter that corresponds to the exact metric youwish to monitor. This list can be found directly in the VMWare Virtual Infrastructure Client.


70

70

8. Reporting

8. ReportingAll users have access to reporting in FireScope, as well as the ability to create their own reports. As with the rest ofFireScope, each user only has access to data pertaining to the Service Groups that their assigned User Groups haveaccess to.


71

71

8.1 Reporting

8.1 Viewing Reports1. Log in to FireScope.2. Expand the My Dashboard menu on the left, and select View Reports.

3. You will now see a list of all of reports that you have access to. To view a report, click on its name.4. Each report can have up to three sections: the Chart, the Data and any Calculations. The Data section is the only

section that is mandatory in every report, Charts and Calculations will only appear if they were configured for this report.5. To navigate the data in this report, use the navigation toolbar at the top of the Data section. An example is shown below.

6. The drop down box on the left-side of this toolbar denotes how many rows of data to display per page. To adjust thisnumber, simply select a new value from this drop down. On change, the Data section of the report will be refreshed usingAJAX and will display the number of rows selected.

7. Paging through the data in this report can be accomplished in two ways. First, use the arrow icons; the outside iconsnavigate to the first or last page whereas the inner icons navigate to the next or last page. These icons may be grayedout if you are already on the first or last page. The other navigation option is to manually type in a page number in thetext field in the center of the toolbar. As soon as your cursor leaves this field, the Data section of the report will navigateto the entered page. Finally, on the far right-side of the toolbar, you will see which rows you are currently viewing, alongwith a total row count for this report.


72

72

8.2 Reporting

8.2 Report TypesThe table below describes in detail the various report type options available.

Report Type Description

Performance Ideal for analyzing trends in aspects of IT, the Performance report is based on one ormore attributes, which are selected from the first phase of the report. This report typeis commonly used to compare similar attributes from one or more CI's, or reviewingperformance of multiple attributes on the same CI.

Events The Events report type provides details on events for Service Groups, LogicalGroups or individual Configuration Items.

Inventory Use the Inventory report type for detailed reporting on the assets configured inFireScope, and can be based on Service Groups, Logical Groups or Device Types.

SLA, Availability While the Events report type is used for detail-level visibility of individual events, theSLA / Availability report is used for long-term reporting on availability or policycompliance for Service Groups, Logical Groups, individual Policies and more.

Current Value The Current Value report type is designed to provide statistics on the latest returnedvalue and query statistics for every attribute associated with a specifiedConfiguration Item, Logical Group or Service Group. Unlike the Performance reporttype, where we are looking at long-term trends in returned values, the focus of thisreport type is describing how FireScope is collecting these attributes.

Syslog If you are using FireScope's Syslog data collection capabilities, this report type isuseful in reporting purely on syslog messages.

Audit Log Only the Admin user has access to this report type, which details all user activity byindividual user or all users.


73

73

8.3 Reporting

8.3 Lab #7: Building a ReportThe following steps describe how to create reports within FireScope.

1. Log on to FireScope.2. Expand the My Dashboard menu from the primary navigation.3. To view a list of existing reports, click on Reports Admin. To create a new report, click on the [+] icon to the right of the

Reports Admin link.4. The process of building reports is a two phase process, with the first phase identifying the type of report (see Report

Types for more information), the date range and primary parameters, depending upon the type of report. The Accessdrop down denotes what users should be able to see this report; with Private denoting that only the currently logged inuser will see this report, Shared makes this report available for all users in your user group, and Public enables any userto view this report. Once these settings have been entered as appropriate, click Save and Continue.

Tip - To brand this report with your organization's logo, enter a URL to your logo in the Logo field. This url must beaccessible from the workstations viewing the report. This URL should start with either http:// or https:// and include the


74

74

8.3 Reporting

full URL to the image.

5. In the next phase of report building, we will choose the columns, grouping, charting and calculations desired for thisreport. See the following sections for details on each of these capabilities.

6. Once you have built out the report to as desired, click Save to store this report and click Reports to return to the reportslist.

7. Throughout the process of building reports, you can preview the output by clicking Save and then View.


75

75

9. Administration

9. AdministrationThe tasks described in this section can only be accomplished by users with FireScope Administrator privileges, and includeconfiguring Discovery, Import and Export and data retention policies.


76

76

9.1 Administration

9.1 User Administration

9.1.1 Users

1. Log in to FireScope with Administrative privileges.

2. Click on the Administration tab on the left navigation, then select Users from thesub-menu directly below.

3. To edit an existing user, click their name from the results list, or to create a new user, click on [+] next to the Users menuentry from step #2.

4. Complete the form and click save.

There are three different types of FireScope users:

Dashboard User These users have access to view Dashboard pages only. They will be able to view Publicand Shared Pages to which they've been granted access, and their own Private Pages. Theydo not have permissions to administer configuration items or other functionality within thesystem.

ConfigurationAdministrator

Users with Configuration Administrator permissions will have access to all content in theConfiguration menu, but will not have access to the Administration section.

FireScope Administrator FireScope Administrators have access to everything.

User rights are established by the FireScope Administrator when establishing new users.

9.1.2 User Groups

The Service Groups, Logical Groups and Configuration Items that a given user can view is dictated by the User Group(s)they are a member of. For example, if users should only see the assets at the physical location they work at, you mightcreate a User Group named for the location, assign only the users who work there, and associate this User Group only withthe Logical Groups or Service Groups based at that location. Users can be assigned to a User Group when editing either aUser or a User Group.

Creating / Editing a User Group1. Click on the Administration tab from the left navigation, then select Users from the sub-menu directly below 2. Select User Groups from the sub-navigation. This will list all available user groups and their current membership.3. To create a new user group, click on the [+] next to User Groups. 4. To edit an existing group, click on the name of the group.


77

77

9.2 Administration

9.2 DiscoveryFireScope has the ability to discover new assets as they come online through it's Discovery feature. ConfiguringDiscovery is a two step process: setting the active discovery range and specifying to FireScope how to react when a newsource is identified.

FireScope uses a “port-targeted” discovery model. This means that FireScope will only probe for the ports you specificallyenable as discovery “checks.”

NOTE: Discovery is by nature a somewhat invasive process. ALWAYS get approval from your Network Administratorbefore running Discovery jobs.

Name: This is the Name of the Scan Job, we recommend you make this as descriptive as possible.

IP Range: The Network IP addresses you wish to target for scanning. This can be a single IP, multiple IP's or a Range ofaddresses.

Examples: l

single: 192.168.1.5multiple: 192.168.1.5,192.168.1.10range: 192.168.1.5-10

Frequency: This defines how often your scan job will be run. We recommend initially staring with a 60 minute frequency foryour first scan jobs.

Timeout: This defines how long (in minutes) the scan will run before automatically terminating.

Timing: This defines how aggressive or fast a given scan will run. This is expressed in a Range from (0-5). “Shy” being 0and “Very Aggressive” being 5. You should tailor this value to the specific concerns of your network environment. Initiallywe recommend you use the “normal” setting as this provides the best balance of speed and network intrusiveness.

Checks: This defines the specific probe that you wish FireScope to conduct. You define a probe based on the Service youcheck and the port. A given Job can include multiple checks.

Status: A Job can be set to Active or Disabled status

9.2.1 Lab #8: Configuring Discovery Rules

1. Log into FireScope with Administrative privileges and expand the Administration menu.2. To see a list of all active discovery rules, click on Discovery. To edit a discovery rule, click on the name of the

rule.3. To review a list of all discovered assets, click on Discovery Status.4. To create a new discovery rule, click on the [+] icon next to Discovery.5. Start by entering a descriptive name for this scan.6. Enter the IP Range for this scan, using a hyphen (-) to denote a range after the last octet. For example, entering

192.168.0.1-255 will scan the entire class-C subnet.7. Frequency denotes how often this scan should be run, in minutes. Recommend setting this to 60 while initially

configuring FireScope, and then adjust to longer periods such as 1440 for once a day, or 10080 for once a weekduring normal operations.

8. Timing should not be set to Aggressive or Insane during normal business hours, as this may negatively impactnetwork performance.

9. Use the mini-form in the New Check section to specify which ports should be scanned. Most commonly used portsare listed in the drop down box, but you can check additional ports by selecting TCP from the list and typing in theport number in the text field to the right. Click Add to save each check. You can create as many checks as are


78

78

9.2 Administration

necessary.10. Complete the rest of the form as necessary, then click Save. See the table below for explanations about the other

fields.

Discovery Rule Parameters



79

79

9.2 Administration

Name Unique name for this discovery rule.

IP Range Specify the range of IP addresses FireScope should check for CIs.

Frequency Time between scans.

Scan TCP/SYN requests perform a brief scan, primarily to check for open ports and are generallyfaster and less stressful on the machines being scanned. TCP Connect (), on the other hand,makes a complete connection on the interrogated ports to gather more detailed information.

Timing The timing feature controls how intensive FireScope should be in scanning your network,Paranoid, Sneaky and Polite minimize the impact on your network but take longer to run. Werecommend only using Aggressive or Insane if you have an extraordinarily fast network or arewilling to sacrifice some accuracy for speed.

Timeout If no response has been received after XX number of seconds, stop waiting.

New Check You can have FireScope check for specific features on each asset to identify specific servicesor features to control how FireScope reacts to different types of assets.

Port Port number of FireScope Agent running on this CI. If no FireScope agent is used, the port isignored. Use standard FireScope port number 10050.

Status Whether this rule is active or disabled.

9.2.2 Discovery Actions

Discovery actions define how FireScope should respond when assets matching specific parameters are discovered. Forexample, you might create an action to look for any discovered asset running Windows 2003 Server, and have FireScopeautomatically create a Configuration Item for these assets, link them to the Windows and Windows Disks templates, andeven put them in the Windows Servers Logical Group.

Configuring Discovery Actions1. Log into FireScope with Administrative privileges, expand the Administration menu.2. To view a list of existing actions click Discovery Actions. Click the name of an action to edit.3. To create a new action, click on the [+] next to Discovery Actions.4. Give this action a descriptive name that other users can readily understand.5. Define the conditions where this action should be performed by using the New button in the Conditions section.

This will display a short mini-form to specify this condition. Click Add once this is appropriately filled in. See theConditions section below for more information about filling this section in. Repeat this process until you have all ofthe conditions you want applied.

6. If you have more than one condition added, an additional field will appear above the conditions called Type ofCalculation. Select AND from this drop down if you want this action to occur if EVERY condition is met; otherwiseclick OR.

7. Now define how FireScope should respond when a discovered asset meets these conditions, using the New buttonin the Operations section.

8. Click Save. On the next execution of any Discovery Rule, this action will be applied. It does not retro-activelyapply to previous discovery results.


80

80

9.2 Administration

ConditionsThe following table describes the available conditions for discovery actions.


81

81

9.2 Administration

ConditionExampleCondition Looks at Description

Comment like Public Applications

This checks the descriptions of each of the applications found throughdiscovery.

ConnectMethod

=host-prohibited

Applications

DiscoveryStatus

DiscoveryStatus =???

Host

IP Address <>192.168.0.1

Host Checks against the IP Address of the discovered assets. Must be thecomplete IP Address.

Listening Port = 80 Applications

Was there a response from this port, indicating a program actively listening tothis port. In this example, we're looking for active web servers.

When using this condition, make sure to use it in combination with a PortStatus condition.

MAC Address =00:30:48:8F:3F:8A

Host Does the discovered asset's MAC Address match the parameter. Must be thecomplete MAC Address.

NetworkDistance

= 1 Host How many network hops separate the discovered asset from the FireScopeappliance.

OS 1 Like Linux Host FireScope performs multiple tests to try to identify the operating system of thediscovered asset. The most likely match is OS 1, followed by OS 2 as asecondary check.

OS 2 Not LikeWindows

Host See above

Port Status = open Applications

What was the status of the listening port. Possible values include open,filtered and closed. Should be used in combination with Listening Port.

Product Name LikeApache

Applications

When checking ports during a discovery scan, FireScope queries the name ofthe application.

ProductVersion

Like 2.1.6 Applications

After querying a discovered application for its name, FireScope also requestsits version number.

Protocol = tcp Applications

This condition looks at what protocol was used for scanning a port. Possiblevalues include tcp and udp. Should be used in combination with Port Status tofilter only ports that have a listening application.

ServiceCategory

= snmp Applications

Depending on the type of application that is discovered, it may return acategory of service. Many possible outputs exist, depending on the vendor.


82

82

9.2 Administration

Discovery Actions Parameters


Name Unique name for this discovery action.

Event Source Select Discovery to create a discovery action.

Conditions What conditions should trigger this action, such as the IP address of the discovered asset,active ports or other aspects.

Operations Once the conditions have been met, this section specifies what FireScope should now do. Usethe New Operation mini-form to configure FireScope to create a new CI, move it to a newLogical Group, link it to a template or perform some other action. As shown above, you canspecify multiple actions to be performed.

Status Whether this rule is active or disabled.


83

83

9.3 Administration

9.3 Appliance AdministrationThe FireScope BSM appliance has a secondary interface specifically for administering the appliance itself. Virtually all ofyour routine maintenance tasks, such as installing updates, performing backups or restarting the appliance, can becompleted from this interface. It is recommended that administrators log into the Appliance Configuration Interface aboutonce a month to check for updates.

Log in to the FireScope Appliance Configuration interface, through one of two ways:1. If you are currently logged into FireScope as a FireScope Administrator, is by expanding the Administration menu and

selecting the last link, Appliance Configuration Wizard.2. From a browser window type in the address of your FireScope appliance, and add :8004 to the end (e.g.

http://192.168.0.1:8004)

The default login credentials for this interface are as follows:Username : adminPassword : password

We strongly recommend changing the the admin password at your earliest convenience.

NoteThe first time you log into the FireScope Appliance Configuration Interface, you will be taken through a wizard to configurekey settings, including setting the time zone, changing the administrative password and network settings.

Common Administrative Tasks· Checking Appliance status· Viewing Appliance system information· Rebooting your FireScope appliance· Backing up / Restoring your FireScope appliance· Configuring Time Zone Settings· Configuring Appliance Network Settings· Configuring FireScope to use a proxy server· Changing Appliance Configuration Admin Password


84

84

10. Service Management

10. Service ManagementIf you have Administrative rights you will have more functionality available to you that just the Dashboard.

In the left navigation, you will have a section called "Service Management". From this section you can manage theFireScope services such as Web Monitoring, Events, Actions, Syslog and more.

Left Navigation displaying Service Management options


85

85

10. Service Management


86

86

10.1 Service Management

10.1 Policy StatusThe Service Policy Status displays the latest status for policies associated with selected Service Groups and the eventtriggers that comprise the policies.

The table displays the name of the policy (as created by an authorized administrator), the date and time the policy triggeredan event, and whether the policy effects Availability (A), Performance (P), Security (S), or Business Impact (B)

The Service Policy Status provides a drill down feature to find more information on these policies. By clicking on the nameof the policy status, the link will take you to an expanded view of the events associated with this trigger.


87

87



88

88


10.2 Latest DataThe Latest Data page displays the latest data extrapolated from selected Configuration Items (CIs)

The data is paginated and displayed in increments of 50 events and are filterable by the drop down boxes in the global filterlocated in the top. Global filters are found throughout each page and allow users to filter by Service Group, Logical Group,or Configuration Item.

Note: You must have at least a Configuration Item selected as there is no "All" option for the Configuration Item drop-downmenu.

Example of Latest Data for Configuration Item named FireScope

This screen capture is sample data of the Latest Data for the Exchange Server 01 Configuration Item, ALL Service Groupsand ALL Logical Groups.

Description The attribute being displayed in latest data

Key Unique key FireScope uses to gather data

Int. Interval - how often the information is being pulled and displayed

Type Indicates how FireScope is collecting data (FS Agent, Syslog, SNMP, etc)

Active or Inactive The icon will change depending on the active status

Attribute Sets Logical grouping of Attributes

Error If an error has occurred, the type of error will be displayed

Last Value Displays last value reported by Attribute

APS A= AvailabilityP= PerformanceS= SecurityB= Business ImpactDescribes which metric is being monitored.

(History)Click on this icon to view the data history for this Attribute


89

89



90

90



91

91


10.3 EventsThe Events page displays the latest Policy Events recorded by FireScope. The information is displayed in increments of 5,10, 25, 50 or 100 events and are filterable by the drop down boxes in the global filter located in the top. Global filters arefound throughout each page and allow users to filter by Service Group, Logical Group, or Configuration Item.

Pagination options include limiting the number of events to be displayed at once and allows you to scroll through the pageseasily.

Parameters found in the Events Display

Events An event being displayed

A A= Availability. If the event is an availability-related event, a color-coded event triggerindicator will be displayed in the cell.

P P=Performance. If the event is a performance-related event

S S=Security. If the event is security-based event...

B B=Business Impact.

Time The time that the event occurred

Severity Color The color in the last cell is a severity color that has been established when the policyevent was created. Different organizations will have different colors assigned to specificseverities.


92

92


10.4 ActionsThe Actions page under Service Management displays the latest Actions taken by FireScope. Actions control how youwant FireScope to react when an Event Trigger, Trigger Group or Policy are fired off. Two types of actions are supported:Send Message or Remote Command. As the name implies, Send Message will use whatever media types are setup for theselected users to send a pre-defined message.

Email, SMS, Instant Message are all supported methods of communication through FireScope. See the section on MediaTypes for more information. Remote Command actions allow you to execute a command on a specific machine whenever atrigger is activated, such as restarting a service or rebooting a machine.

Parameters

Time The exact time the Action took place

Type What type of Action was taken

Status The status of the Action (sent or not sent)

Retries Left How many more times FireScope will try to execute the Action

Recipient The intended recipient of the Action

Message The message included in the Action

Error If an error has been triggered, it will be displayed here.


93

93


10.5 Web CheckFireScope's Web Check feature enables organizations to monitor availability and performance of web sites and web-basedapplications. This feature goes beyond simple uptime monitoring by simulating a browser session and requesting a specificurl, with the ability to send POST and GET form values, and measuring the response time and analyzing the response itself.

Common uses of this feature include identifying lower thresholds for website performance and notifying staff when 500errors are being generated.


94

94


10.6 Syslog ViewerFireScope includes a SysLog listening agent to collect event data from any Syslog-enabled device. The FireScope Syslogmodule listens on the default UDP port 514. To configure a device to send Syslog to FireScope, simply use the IP addressassigned to your FireScope Appliance.

Syslog-enabled devices can produce a large amount of data in a short amount of time. In order to help control this flood ofdata, FireScope offers two methods of filtering - by Facility and by Priority. The process is simple, FireScope provides alist of all available facilities and priorities, enabling you to simply check the ones you wish to capture. Any eventsassociated with a facility or priority that is not checked will be ignored. To set your preferred filter levels, follow the stepsbelow.

1. Login to the FireScope Administration website2. Click on the Administration tab, and then select Syslog Facilities (or Priorities) Settings from the sub-menu directly

beneath "Utilities"3. Make sure the check boxes for the facilities or priorities you wish to capture are checked, and then click Save.


95

95



96

96


10.7 Visual ControlsVisual Controls show all graphs and other visual displays associated with Configuration Items. Below is an example ofVisual Displays associated with a selected sample CI.

Comprehensive Example of Visual Controls for Sample Configuration Item

Visual Controls are established by a FireScope authorized administrator.


97

97



98

98


10.8 Historical Trend ViewHistorical Trent View offers the capability to view metrics originating from a previous time period. The graphs allow users tocompare current trend data with historical data, enabling network managers and other IT operators to base future planningon empirical data.

This view will display the selected trend graph for a selected period of time with extended room on the timeline of the graphfor added time on either side of the current time.

Historical Trend View for a two hour period beginning at 8:43am on June 2 compared against two hour period on July 3


99

99



100

100


10.9 Google MapsUsing Google Maps functionality, FireScope displays links and points on Google Maps to visually show users geographicdata. Often points on a map will be data centers, co-locations, regional offices, or other important locations. EnterpriseEdition users have the option of utilizing multiple Google Maps within FireScope., whereas Business Edition users canutilize one Google Map.

Map points and links are created by a FireScope user with configuration rights but can be viewed by anyone by addingGoogle Maps to Dashboard pages.

Map PointsThese are the pin-point geographic locations as added by a FireScope user with configuration rights. These map points canbe associated with policies and events and can visually display an error (or other notification) associated with the policies,directly on the map. (see below for one example of this).

Map LinksLinks can be established between Map Points to show relationships between geographic locations.

PermissionsIf a user does not have permissions to view a particular Service Group or Logical Group, the map will still be displayed butthe user will not see the Map Point or Map Link associated with that group.

The information displayed for both Map Points and Map Links is shown in real time using AJAX, so you never have to worryabout refreshing to reset your view. If a policy is triggered between map links, it will automatically be shown on the mapdisplay.


101

101



102

102


10.10 MapsNot to be confused with a Google Map (geographic map), Maps can be any image uploaded to FireScope. FireScope offersfunctionality to overlay graphic components over these image maps. Policies and events can be associated with suchgraphics to visually display found issues. FireScope offers a wide array of icons to represent many common elements foundwithin an organization. Users with configuration rights have access to create and configure image maps.

A few examples of how users have used this functionality:

· Uploaded diagram of server room and overlayed graphic server icons to indicate where servers are located, and when anevent is triggered, the server effected is noted on the image map

· Photos of buildings where datacenters are housed· Diagram of server racks with icons of particular units installed

Example of an image map with icon overlay


103

103


For more information, downloads and tips please visitSupport.FireScope.com.

bsm primer

Documents