Global - advanced

Use the Advanced section to set advanced NAM Probe features.

User-IP mapping

User-IP mapping is a solution to manage non-standard user name identification scenarios and VPN user-IP mapping.

The term Virtual Private Network (VPN) refers to the means by which a user is connected to the network. A VPN is the provision of private voice and data networking from the public switched network through advanced public switches. A VPN switch dynamically converts (maps) an external user to an internal IP address in a private network.

A NAM Probe can monitor multiple VPNs and report on the mapping of internal user addresses to external user addresses and to user names.

A NAM Probe can receive information from the following VPN gateways:

  • Nortel Contivity
  • Intel Netstructure
  • Juniper Neoteris

Use the User-IP Mapping section to set methods for mapping user names to IP addresses in various types of monitoring.

General

In the General section, set the general conditions under which the user-IP mappings are performed.

The following properties are available:

Session client name mappings lease time

All mappings older than this many seconds are removed. The property is used exclusively in Citrix monitoring.

Default value: 60 seconds.

Session client name mappings timeout

The number of seconds the NAM Probe will wait for mappings. Note that you must enable the property first by selecting the Enabled check box. This property is used exclusively in Citrix monitoring.

Default value: 1 second (meaning this timeout is disabled).

Default lease time

The number of seconds after which a mapping is removed from the NAM Probe. Used only in some authentication protocols, including VoIP and DHCP.

Default value: 3600 seconds (1 hour).

Session application definition mappings lease time

All mappings older than this many seconds are removed. This applies to all protocols not mentioned in other Lease Time properties.

Default value: 30 seconds.

Download cycle interval

The interval of the mapping download cycle in seconds.

Default value: 300 seconds (same as the monitoring interval).

Mapping downloads offset

The number of seconds before the moment of monitoring data generation when the mappings should be downloaded. The purpose of this property is to synchronize the mapping downloads with data generation.

Default value: 60 seconds.

Listening

Intel Netstructure and Juniper Neoteris gateways use the syslog mechanism to send information to monitoring equipment.

Note

Intel Netstructure and Juniper Neoteris gateways have to be configured to send the required information to a NAM Probe. Please refer to the documentation for your VPN gateway for information on how to perform this configuration.

The NAM Probe retrieves user-IP mappings by listening to the TCP or UDP streams from external agents.

The following properties are available:

TCP

Select Enable TCP server listening for streams with mappings to retrieve mappings by listening to the TCP streams from external agents. You have to provide a valid port to listen on.

UDP

Select Enable UDP server listening for packets of syslog with mappings to enable retrieving mappings from UDP syslog packets. You have to provide a valid port to listen on. If there is heavy traffic, you might consider expanding the UDP buffer for incoming packets.

Agent addresses

Right-click the rows in the Agent addresses table to add the IP addresses of the agents allowed. If you do so, only agents from the IP addresses defined can connect. If you leave the table empty, there are no restrictions and any agent can connect. (This may be a security consideration.) You can also limit the number of agents concurrently pushing mappings to the NAM Probe. The Agent timeout property defines the time after which an agent that does not send anything is disconnected.

Parser

In the Parser section, choose one of the classes to analyze the streams and produce valid user-IP mappings. Choose a parser suitable for the device from which you retrieve the mappings.

SSL options

You can define new alert codes using the NAM Console, change predefined common SSL alert codes, and decide which alert codes should be taken into account when calculating the failures (transport) metric.

See SSL monitoring and Advanced - SSL options for a complete discussion.

Idle TCP sessions

Several configurable properties are available for controlling the evaluation of idle TCP sessions.

See Network performance monitoring and Advanced - idle TCP sessions for a complete discussion.

Type of service

A NAM Probe can be configured to extract the contents of the Type of Service (ToS) field contained in the IP packet header. You can request the entire ToS field to be extracted or a part of it, as specified by the Out-of-contract IP packet configuration option in the NAM Console. The value of ToS is then reported by the NAM Probe to the report server.

In addition, NAM Probe can also test if ToS bytes signify an out-of-contract packet. This is performed by applying an additional mask, ToS field mask, to the value of ToS as extracted above. If the resulting value is equal to that specified in the ToS value mask property, the packet is considered to be out-of-contract.

Thus, the function of each of the above configuration properties can be summarized as follows:

Out-of-contract IP packet

A mask used for extracting the value of ToS from the ToS field of the IP header. If this mask is zero, no ToS value is extracted.

ToS field mask

A mask used for extracting out-of-contract information from the value of ToS. The value of ToS used here is that extracted from the ToS field of the IP header, by means of Out-of-contract IP packet.

ToS value mask

The value signifying an out-of-contract IP packet. This value is used for comparison with the value obtained by means of ToS field mask. If the value of ToS obtained from the ToS field of the IP header by masking it with Out-of-contract IP packet and then with ToS field mask, is equal to ToS value mask, the IP packet is considered to be out-of-contract.

Network realized bandwidth

Several criteria are used to determine when NRB measurements should be taken.

Set the properties below to fine-tune the NRB measurements. Note that, as indicated below, some of them require to be changed only under very specific circumstances.

Client RTT calculation

There are cases when the standard RTT calculation used in the NRB measurements may be replaced by an algorithm based on a packet size to obtain more adequate results. You enable this mechanism by setting the Max and Min properties to values other than 0. The Min and Max values are the border client packet sizes that can be used to calculate the client RTT.

Bear in mind that you may hardly ever need to change the default values, which should be done under very specific circumstances.

Min. number of packets in transfer

The number of packets after which the NRB measurement starts.

Min. transfer time

The number of seconds that must pass before the NRB measurement starts.

Min. transfer size

The number of bytes that must be transferred before the NRB measurement starts.

Max. time

The maximum time in seconds, that can pass before receiving the ACK packet, after which the NRB measurement is skipped.

Transfer continuation condition

Use these properties to determine the conditions under which the transfer, that is a concept used in calculating the NRB, is continued.

The transfer is continued if the time between the data packet and the last recorder ACK packet is shorter than the sender RTT multiplied by the Transfer continuation condition percent plus the time in milliseconds as set in Transfer continuation condition add.

Bear in mind that you may hardly ever need to change the default values, which should be done under very specific circumstances.

Network analyzer agent

You can manage the Dynatrace Network Analyzer Agent on the NAM Probe through the NAM Console.

To enable or disable the Dynatrace Network Analyzer Agent through the NAM Console:

  1. In the NAM Console, right-click the NAM Probe and select Open Configuration from the context menu.
  2. In the NAM Probe Configuration window, select Global ► Advanced ► Dynatrace Network Analyzer Agent.
  3. Select or clear the Enable Dynatrace Network Analyzer Agent check box.
    • If the check box is selected, you must change the Configuration Type to Draft by clicking Edit as Draft at the top of the window.
    • If you enable the agent, it will start automatically when you restart the system.

This configuration setting is stored in configuration file /usr/adlex/config.avgt.xml.

Excluded client ranges

You can exclude particular client IP address ranges from NAM Probe analysis.

Provide the start and end IP addresses for each range to exclude from NAM Probe analysis.

Be sure not to filter everything out or there will be no data in your reports.

Tenants

You can manage tenants on a selected NAM Probe using the NAM Console.

  1. Open NAM Console ► Deployment ► Manage devices.

  2. Select Open Configuration from the context menu for a NAM Probe.

    The NAM Probe Configuration window appears.

  3. In the NAM Probe Configuration dialog box, in the Configuration panel, select Global ► Advanced ► Tenants.

    The Tenants screen is displayed.

  4. On the Tenants screen, define one or more tenants.

    • For each tenant name, you must define at least one rule that defines the sort of traffic that will be considered traffic for that tenant. For example, all traffic on a certain port, or all traffic on a certain VLAN, or all traffic on a certain VLAN and a certain interface, will belong to the tenant whose name you are entering here.
    • For each tenant name, you can define more than one such rule, so that you might, for example, create three rules to assign all traffic on three different VLANs as belonging to the same tenant name.

    For each tenant rule you want to add, click Console add icon at the top of the Tenant configuration on NAM Probe table.

  5. Use the up Move up arrow and down Move down arrow arrows to set the order of precedence for the rules.

    If two or more rules potentially match some traffic, the first matching rule on this list (from top to bottom) determines the tenant to which that traffic is assigned.

    You can make processing more efficient by putting the most likely matching rules near the top.

  6. After you have configured all tenants on this NAM Probe, specify how to treat traffic that does not match the configured tenants.

    Unassigned

    If Unassigned is selected, all traffic that does not match the tenant rules defined above remains unassigned to any tenant.

    Tenant name

    If Tenant name is selected, all traffic that does not match the tenant rules defined above is automatically assigned to the specified tenant. You can select a tenant name from the names defined in the rules above or you can type a new tenant name.

  7. Click Save and Publish to save your changes and publish them to the selected NAM Probe.

NAM Probe diagnostics

NAM Probe can generate the self diagnostic data used in the DMI NAM Probe Statistics Report. The NAM Probe Diagnostics screen provides a set of options to fine-tune the diagnostic data generation and reporting.

To access NAM Probe Diagnostics screen, open the NAM Probe configuration and select General ► Advanced ► NAM Probe Diagnostics.

The following configuration options are provided in the NAM Console when you access NAM Probe Diagnostics :

General Settings

Fine-tune the general behavior of NAM Probe when collecting data for the report.

Sampling Interval

Set the interval in which the NAM Probe diagnostic data is generated.

Applies to NAM 2017 May

Data Generation Delay

The number of seconds after the beginning of a minute when the diagnostic data is generated. This setting is necessary to avoid generation of diagnostic and monitoring data at the same time affecting the NAM Probe performance.

Thresholds

Set the thresholds triggering the error state in the report.

CPU utilization

CPU performance indicator expressed as CPU usage per thread expressed in percent.

Memory utilization

Memory performance indicator expressed as the amount of memory used by NAM Probe data objects. This is equal to the number of object multiplied by the size of the objects.

Disk utilization

Disk performance indicator expressed as the percentage of occupied disk space on NAM Probe.

Drop status

Drop performance indicator expressed as percentage of dropped packets from received packets. Dropped packets are typically a result of hardware or resource failure.

SSL errors

SSL errors indicator expressed as percentage of errors from observed SSL traffic.

Total lost packets

Lost packets indicator expressed as percentage of total lost packets from observed number of packets. Lost packets are unaccounted packets outside the deployment boundaries.

Scripts

Max single script execution time

You can set the maximum time for the script execution before the script is considered unresponsive and script time out occurs.

Max memory usage by single script execution

You can set the maximum amount of memory that any single script will have available. This prevents the scripts from consuming too much memory resource and hinder other operations.

Database

Oracle and TDS database dynamic ports

Only enable when the monitored database does not use static port assignments.
When database dynamic ports are enabled, the multiprocessing capabilities of the analyzer are disabled.

  • Enable dynamic ports for TDS Software Services (lower performance)
  • Enable dynamic ports for Oracle Software Services (lower performance)