After you install the probe software

After the operating system has been installed on the NAM Probe and it has been activated, perform the following configuration actions:

Note

Make sure that you are logged in as root before attempting to edit any of the configuration files. Most NAM Probe configuration actions are performed with dedicated software tools and utilities, but there may be situations when a configuration file must be edited directly.

Configure network drivers and network interfaces

  1. Log on as the root user with a default password greenmouse.
  2. Execute the RTM configuration tool (rtminst).
  3. Configure the driver and interface.

Configure additional firewall settings

The NAM Probe uses rtmgate to communicate with other Dynatrace components such as NAM Console, NAM Server, and AppMon server.

The fresh NAM Probe installation includes a system firewall that controls incoming and outgoing network traffic based on configured security rules. The rtmgate listens on TCP port 8443 and UDP port 9093 and, by default, it uses the system firewall to redirect incoming requests from TCP port 443 to TCP port 8443 and from UDP port 514 to UDP port 9093.

An upgraded NAM Probe installation that is already using the system firewall will preserve all existing rules and exceptions. The upgrade process will automatically add and map the required communication ports redirections.

Protocol Incoming port Redirected port
TCP 443 8443
UDP 514 9093

The default firewall setup on fresh NAM Probe installations blocks all other communication on your NAM Probe. Depending on your deployment scenario, you may require additional firewall exceptions or port redirections for your NAM Probe. You can add the specific port or the port range to the public zone, or you can add the entire NAM Probe interface to the trusted zone. Use the official system documentation for more advanced firewall settings.

Adding specific ports to the public zone

Log on as the root user with the default password greenmouse.

Add a port or a range of ports to the public zone.

  • (Choice) Add a specific TCP or UDP port to the public zone, where xxxx is the port followed by the protocol indicator (TCP or UDP).
  [root@probe ~]# firewall-cmd --zone=public --permanent --add-port=xxxx/tcp
  • (Choice) Add a specific range of TCP or UDP ports to the public zone, where xxxx is the first port in the range and yyyy is the last port in the range, followed by the protocol indicator (TCP or UDP).
  [root@probe ~]# firewall-cmd --zone=public --permanent --add-port=xxxx-yyyy/tcp )

Restart the firewall service.

[root@probe ~]# systemctl restart firewalld.service

Adding specific interface to the trusted zone

Log on as the root user with a default password greenmouse.

Add specific probe interface to the trusted zone.

[root@probe ~]# firewall-cmd --zone=trusted --change-interface=ethX

Restart the firewall service.

[root@probe ~]# systemctl restart firewalld.service

Set data memory limit using the rtminst.

  1. Log on as the root user with a default password greenmouse.
  2. Execute the RTM configuration tool (rtminst).
  3. Set the correct data memory limit as described in data memory limit.

Synchronize time using the NTP server

If the NAM Probe is not managed by a report server, you can configure time synchronization by using NTP client software. The NTP client software is used to restart traffic monitoring when a time continuity problem occurs. NTP client software is installed as part of the operating system and can be configured to start up automatically.

Configure the ntpd service.
Configure the server or servers to be used for time synchronization by specifying the preferred server IP addresses in the configuration file /etc/ntp.conf .

A basic ntp.conf file lists two time servers, a server it will synchronize with and a pseudo IP address for itself (in this case, 127.127.1.0). The pseudo IP address is used in case of network problems or if the remote NTP server goes down. NTP synchronizes with itself until it can start synchronizing with the remote server again.

Since the local clock is not accurate, it should be fudged to a low stratum (accuracy), as shown in the example above. Set it to 10. List at least two time servers with which to synchronize. One time server acts as a primary server and the other time server acts as a backup. Also, list a location for a drift file. Over time ntpd will learn the system clock's error rate and automatically adjust for it, using the information stored in this file.

There is a public pool of hosts available that have agreed to be time servers. The server [pool.ntp.org](http://pool.ntp.org) uses DNS round robin to make a random selection from a pool of time servers who have volunteered to be in the pool. When you use them, your configuration file will be similar to the following example:

You may also select sub-zones of the [pool.ntp.org](http://pool.ntp.org) that are geographically closer to your location.
The iburst parameter is optional and facilitates faster initial synchronization.

Set the ntpd service to start automatically.
To set the service to start automatically at system startup, execute the following command:

[root@NAM Probe ~]# chkconfig ntpd	on

Start ntpd service manually only once, after completing the first two steps above.

After reconfiguration, restart the service manually:

[root@NAM Probe ~]# service ntpd restart

Authorize access to the NAM Probe

Access of other NAM components to the NAM Probe is governed by users defined in the the /var/lib/tomcats/rtmgate/conf/tomcat-users.xml file. While you can use the build in account (adlex /vantage), you can create additional or modify existing users by editing the the tomcat-users.xml file. For more information, see Creating additional users or modifying the existing rtmgate users.