| Administrator Handbook | TOC |
The Bulk TCP Poller allows you to monitor network application (TCP ports) availaibility. Network applications are mainly reachable by means of TCP port. From an IP client point of view, an application is available if the application TCP port is available to open a new session with him. This Plugin perform this test for you at regular intervals and sends an alarm if a wrong status is dedected.
The power of this Plugin allows you to monitor hundreds of Hosts and for each of them hundreds of TCP ports (application) with various alarm severity.
This Plugin could also be useful to check the permissiveness or laxisme of a Firewall and to warns you if an security breach is opened.
This Plugin could also be use to detect Troyan horse viruses on hosts. The detection could run either permanently or on-demand.
Hereunder, the main windows of the Bulk TCP Poller.
The installation of the Bulk TCP Poller Plugin is performed
in the directory workspace.
Select one host in your directory and then from the contextual Menu select
Insert Task and Plugin.
First, we need to know at least the following information:
We must specify which port we want to monitor. Either we type the Port number (only TCP port number) or choose it in the list.
We should now set the other parameters.
The goal of our Plugin is to generate alarms when status change. To set
this we have to set the following fields:
The Alarm number is set to something higher than 10000 and not already assigned. This number will appears in the event manager and allows you to do filtering.
The level helps you to define the importance of the event. Highest level of gravity is 10, lowest level is 0 (red in the event manager).
The “If Port TCP is” field allows you to select the status
that will generate the alarm.
If you test the availability of the application you will set the condition
to down.
If you are checking security permisiveness you will want to be notified
if aTCP port is reachable. In this case you set the condition to up. If
alarm is sent, it will allows you to detect that an intermediaite Firewall
allows the application to go through or a that a Troyan horse is installed
on a remote machine.
Next step is to set the polling interval to which hosts will be polled. In Global parameter, Polling Interval, select a value.
You could also click on the 
button that opens the WIZARD
and select your polling interval from there.
We could now select the hosts to which we want to apply the previous defined parameters
You could add hosts to the list either manually by setting one by one
the host IP address or you could pick them up in the Directory. The second
way is far most faster an support the shift and Ctrl selection in the
list.
You could also select a host by opening the WIZARD
with a click on the
button.
When this is done, we could see the hosts in the list.
We can now start the Polling process by pressing the start button. The
Plugin starts to poll the hosts at regular intervals and displays the
current TCP port status.
From there, you could change a host or a group of host parameters. Select
it/them by double click on the list, the current parameters would appear
in the corresponding field, change what you want and apply the changes
by clicking the Modify Host(s) From List button.
The Bulk TCP Poller updates the Value field after each polling. If the value field becomes red it means that the Port is not reachable. (Not that an alarm is sent).
Alarm sent by this Plugin should appears in your event manager:
The above information could also be check remotely if you have started the LoriotPro WEB server (refer to LoriotPro documentation for setting this service).
You could access from a navigator your current TCP table. Click on the Bulk TCP poller task (hammer)
www.loriotpro.com |
|
