4D Server Probe
This probe attempts to connect to a 4D server listening on port 19813. If the response contains the database name, the probe exits with OKAY status; if not, the result is WARN. If no response arrives within timeout, the probe exits with a WARN status.
Filename: com.dartware.tcp.4D
Version: 1.5
Apache Server-Status (HTTP)
This probes monitors an Apache Web Server with the mod_status Apache module enabled. The Apache Status module allows a server administrator to find out how well their server is performing. This probe reads the HTML page provided by the Status module that presents the current server statistics.
To enable status reports for this probe, add this code to the httpd.conf file on the target server:
<Location /server-status>
SetHandler server-status
Order Deny,Allow
Deny from all
Allow from InterMapper-Address
</Location>
This probe supports the Apache ExtendedStatus directive, if enabled.
Filename: com.dartware.tcp.apache.txt
Version: 1.0
AppleShareIP
The file-sharing protocol used by Apple computers over TCP/IP. The default TCP port number for AppleShareIP connections is port 548.
This TCP probe connects to the AppleShareIP port and issues a "Get Server Info" request. The probe succeeds if the server returns a reply with no error.
This probe does not actually create an AppleShare session.
Filename: com.dartware.tcp.appleshareip
Version: 1.5
OS X Server AFP Probe
This TCP probe queries a Mac OS X Server installation for various details about its Apple File Sharing using the Server Admin port and protocol.
A request for status information is made via an HTTPS post to the Server Admin port. The server responds with XML data that is then parsed by the probe.
User is the name of a user with admin privileges on the specified server.
Password is the password for the admin user specified in User.
Note: The implementation of this probe uses OpenSSL on MacOS X.
Filename: com.dartware.tcp.osxserver.afp.txt
Version: 1.0
OS X Server FTP Probe
This TCP probe queries a Mac OS X Server installation for various details about its FTP Server using the Server Admin port and protocol.
A request for status information is made via an HTTPS post to the Server Admin port. The server responds with XML data that is then parsed by the probe.
User is the name of any user on the specified server. An admin user is not required.
Password is the password for the user specified in User.
Note: The implementation of this probe uses OpenSSL on MacOS X.
Filename: com.dartware.tcp.osxserver.ftp.txt
Version: 1.0
OS X Server Information
This TCP probe queries a Mac OS X Server installation for various details using the Server Admin port and protocol.
A request for status information is made via an HTTPS post to the Server Admin port. The server responds with XML data that is then parsed by the probe.
User is the name of any user on the specified server. An admin user is not required.
Password is the password for the user specified in User.
Note: The implementation of this probe uses OpenSSL on MacOS X.
Filename: com.dartware.tcp.osxserver.info.txt
Version: 1.0
OS X Server NAT Probe
This TCP probe queries a Mac OS X Server installation for various details about its NAT service using the Server Admin port and protocol.
A request for status information is made via an HTTPS post to the Server Admin port. The server responds with XML data that is then parsed by the probe.
User is the name of any user on the specified server. An admin user is not required.
Password is the password for the user specified in User.
Note: The implementation of this probe uses OpenSSL on MacOS X.
Filename: com.dartware.tcp.osxserver.nat.txt
Version: 1.0
OS X Server Print Probe
This TCP probe queries a Mac OS X Server installation for various details about its Print Server using the Server Admin port and protocol.
A request for status information is made via an HTTPS post to the Server Admin port. The server responds with XML data that is then parsed by the probe.
User is the name of any user on the specified server. An admin user is not required.
Password is the password for the user specified in User.
Note: The implementation of this probe uses OpenSSL on MacOS X.
Filename: com.dartware.tcp.osxserver.print.txt
Version: 1.0
OS X Server QTSS Probe
This TCP probe queries a Mac OS X Server installation for various details about its QuickTime Streaming Server using the Server Admin port and protocol.
A request for status information is made via an HTTPS post to the Server Admin port. The server responds with XML data that is then parsed by the probe.
User is the name of any user on the specified server. An admin user is not required.
Password is the password for the user specified in User.
Note: The implementation of this probe uses OpenSSL on MacOS X.
Filename: com.dartware.tcp.osxserver.qtss.txt
Version: 1.0
OS X Server Web Probe
This TCP probe queries a Mac OS X Server installation for various details about its Web Server using the Server Admin port and protocol.
A request for status information is made via an HTTPS post to the Server Admin port. The server responds with XML data that is then parsed by the probe.
User is the name of any user on the specified server. An admin user is not required.
Password is the password for the user specified in User.
Note: The implementation of this probe uses OpenSSL on MacOS X.
Filename: com.dartware.tcp.osxserver.web.txt
Version: 1.0
RTMP
The RTMP probe sends an AppleTalk RTMP RDR Request query of type 3, and waits for a RTMP response.
Filename: com.dartware.rtmp
Version: 1.5
Xserve G4 Probe
This TCP probe queries an Xserve G4 for various details using the Server Monitor port and protocol.
This probe will monitor Xserve G4s running Mac OS X 10.3.9 and earlier. For Xserves running 10.4 or later, please choose the Xserve Tiger probe.
A request for status information is made via an HTTPS post to the Server Monitor port. The server responds with XML data that is then parsed by the probe.
User is the name of any user on the specified server.
Password is the password for the user specified in User.
OS Version specifies the version of Mac OS X Server that is running on the Xserve.
The remaining options allow you to display or ignore the corresponding data. These options correspond to the tabs in the Server Monitor application on Mac OS X Server.
Info is general information about the server, such as amount of RAM and OS name and version.
Drives is information about the various drives installed on the server. This information includes the manufacturer, model, and capacity of each drive.
Power is information pertaining to the power supply.
Network information includes the hardware address, IP address, traffic information, and type of each interface.
Temperature is the ambient temperature of the server.
Blowers is information on the speed of the server's cooling fans.
Security monitors the state of the security lock and the enclosure.
Note: The implementation of this probe uses OpenSSL on MacOSX.
Filename: com.dartware.tcp.xserve.details
Version: 1.0
Xserve G5 Probe
This TCP probe queries an Xserve G5 for various details using the Server Monitor port and protocol.
A request for status information is made via an HTTPS post to the Server Monitor port. The server responds with XML data that is then parsed by the probe.
User is the name of any user on the specified server.
Password is the password for the user specified in User.
The remaining options allow you to display or ignore the corresponding data. These options correspond to the tabs in the Server Monitor application on Mac OS X Server.
Info is general information about the server, such as amount of RAM and OS name and version.
Drives is information about the various drives installed on the server. This information includes the manufacturer, model, and capacity of each drive.
Power is information pertaining to the power supply.
Network information includes the hardware address, IP address, traffic information, and type of each interface.
Temperature is the ambient temperature of the server.
Blowers is information on the speed of the server's cooling fans.
Security monitors the state of the security lock and the enclosure.
Note: The implementation of this probe uses OpenSSL on MacOSX.
Filename: com.dartware.tcp.xserve.g5.txt
Version: 1.0
Xserve RAID Probe
This TCP probe queries an Xserve RAID for various details using the RAID Admin port and protocol.
Status information is requested from the Xserve RAID via a series of HTTP POSTs. The server responds with XML data that is then parsed by the probe.
Password is the monitoring password used for RAID Admin.
Filename: com.dartware.tcp.xserve.raid.txt
Version: 1.0
Xserve Tiger Probe
This probe queries an Xserve running Mac OS X 10.4 using the Server Monitor port and protocol. Because of this, the probe requires an administrators name and password in order to access the information. Due to significant hardware differences, there are separate probes for G4 Xserves, G5 Xserves, and Intel Xserves.
Apple has pre-configured several thresholds for various properties, such as temperatures, blower speeds, and power supply values. The Server Monitor protocol specifies when any of these thresholds are exceeded and the error message and status will be reflected by this probe.
A request for status information is made via an HTTPS POST to the Server Monitor port. The server responds with XML data that is then parsed by the probe.
User is the name of any user on the specified server.
Password is the password for the user specified in User.
The remaining options allow you to display or ignore the corresponding data. These options correspond to the tabs in the Server Monitor application on Mac OS X Server.
Info is general information about the server, such as number of CPUs, amount of RAM, and OS name and version.
Drives is information about the various drives installed on the server such as the manufacturer, model, capacity, and SMART messages for each drive.
Power includes myriad measurements including CPU power and current, and power supply voltages.
Network information includes the hardware address, IP address, traffic information, and type of each interface.
Temperature lists several temperatures in the enclosure.
Blowers is information on the speed of the server's cooling fans.
Security monitors the state of the security lock and the enclosure.
Note: The implementation of this probe uses OpenSSL on MacOSX.
Filename: com.dartware.tcp.xserve.tiger.txt
Version: 1.0
Barracuda Spam Firewall (HTTP)
This TCP probe queries a Barracuda Spam Firewall for various performance statistics.
The BASIC->Status page of the Administrators interface is retrieved via HTTP.
User is the name of the administrator.
Password is the password for administrator.
Port is the Barracuda's Web Interface HTTP Port set on the BASIC->Administration page.
Thresholds
In/Out Queue Size: X In/ X Out - both values should be less than 100. If either value consistently exceeds 100 for greater than 30 minutes that MAY mean there is a problem that needs to be looked at. Sometimes the value will rise temporarily and then go back down after 10 or 15 minutes.
This is normal behavior for the Inbound Queue and can be the result of an orchestrated attack. The Barracuda will attempt to read in as many messages as it can and that will tend to slow down the processing rate, which in turn means an increase in the queue size. If the Outbound Queue increases that usually means that the destination server is unavailable or the local DNS is not working.
Recommendation - If either queue exceeds 100 for more than 15 minutes = WARNING, if either queue exceeds 500 for more than 30 minutes = ALARM
Average Latency: X seconds - Is the average time it takes to receive, process and deliver the last 30 messages. It should normally be below 50 seconds. If it is consistently over 50 seconds for greater than 30 minutes that MAY mean there is a problem that needs to be looked at. Sometimes the value will rise temporarily and then go back down after 10 or 15 minutes. This is normal behavior.
Recommendation - If average latency exceeds 50 seconds for more than 15 minutes = WARNING, if average latency exceeds 150 seconds for more than 30 minutes = ALARM
Last Message: X minute ago - For a busy machine this value should be low, normally less than 5 minutes. If it is consistently over 20 minutes for greater than 30 minutes that MAY mean there is a problem
that needs to be looked at. Sometimes the value will rise temporarily and then go back down after 2 or 3 minutes. This is normal behavior.
Recommendation - If last message exceeds 15 minutes = WARNING, if last message exceeds 30 minutes = ALARM
Unique Recipients: X number - This number represents the number of unique email addresses processed over the past 24 hours.
Recommendation - No general rule possible.
CPU 1 Fan Speed: X RPM - Should be between 3,000 and 5,000 RPM
CPU 2 Fan Speed: X RPM - Should be between 3,000 and 5,000 RPM
Recommendation - If either CPU fan speed is less than 2500 = WARNING, if either fan speed is less than 500 = ALARM
Redundancy (RAID): Fully Operational - If this ever says that they are NOT fully operational that is a problem that needs to be looked at.
Recommendation - If RAID says it is no fully operational for more than 2 hours = WARNING, if RAID says it is not fully operational for more than 48 hours = ALARM
Firmware Storage: X % - Should be somewhere between 60 - 80%. If it exceeds 80% that usually means that a debug file needs to be deleted. This can be done on a non-emergency basis.
Recommendation - If firmware storage exceeds 80% = WARNING, if firmware storage exceeds 90% = ALARM
Mail/Log Storage: X % - Should be somewhere between 1 - 70%.
Recommendation - If mail/log storage exceeds 70% = WARNING, if mail/log storage exceeds 80% = ALARM
System Load: X % - Can vary wildly between 1 and 100% during normal operation. If it stays at 100% for greater than 2 hours that MAY mean there is a problem that needs to be looked at. Sometimes the value will rise temporarily and then go back down after 2 or 3 minutes. This is normal behavior.
Recommendation - If System Load is higher than 80% for more than 1 hour = WARNING, if System Load is higher than 95% for more than 3 hours = ALARM
CPU Temperature: Should be between 40 and 70 degrees C
Recommendation - If CPU Temp is higher than 70 degrees C for more than 30 minutes = WARNING, if CPU TEMP is higher than 80 degrees C for more than 1 hour = ALARM
Filename: com.dartware.tcp.barracuda.http.txt
Version: 3.1
Barracuda Spam Firewall (HTTPS)
This TCP probe queries a Barracuda Spam Firewall for various performance statistics.
The BASIC->Status page of the Administrators interface is retrieved via HTTPS.
User is the name of the administrator.
Password is the password for administrator.
Port is the Barracuda's Web Interface HTTP Port set on the BASIC->Administration page.
Thresholds
In/Out Queue Size: X In/ X Out - both values should be less than 100. If either value consistently exceeds 100 for greater than 30 minutes that MAY mean there is a problem that needs to be looked at. Sometimes the value will rise temporarily and then go back down after 10 or 15 minutes.
This is normal behavior for the Inbound Queue and can be the result of an orchestrated attack. The Barracuda will attempt to read in as many messages as it can and that will tend to slow down the processing rate, which in turn means an increase in the queue size. If the Outbound Queue increases that usually means that the destination server is unavailable or the local DNS is not working.
Recommendation - If either queue exceeds 100 for more than 15 minutes = WARNING, if either queue exceeds 500 for more than 30 minutes = ALARM
Average Latency: X seconds - Is the average time it takes to receive, process and deliver the last 30 messages. It should normally be below 50 seconds. If it is consistently over 50 seconds for greater than 30 minutes that MAY mean there is a problem that needs to be looked at. Sometimes the value will rise temporarily and then go back down after 10 or 15 minutes. This is normal behavior.
Recommendation - If average latency exceeds 50 seconds for more than 15 minutes = WARNING, if average latency exceeds 150 seconds for more than 30 minutes = ALARM
Last Message: X minute ago - For a busy machine this value should be low, normally less than 5 minutes. If it is consistently over 20 minutes for greater than 30 minutes that MAY mean there is a problem
that needs to be looked at. Sometimes the value will rise temporarily and then go back down after 2 or 3 minutes. This is normal behavior.
Recommendation - If last message exceeds 15 minutes = WARNING, if last message exceeds 30 minutes = ALARM
Unique Recipients: X number - This number represents the number of unique email addresses processed over the past 24 hours.
Recommendation - No general rule possible.
CPU 1 Fan Speed: X RPM - Should be between 3,000 and 5,000 RPM
CPU 2 Fan Speed: X RPM - Should be between 3,000 and 5,000 RPM
Recommendation - If either CPU fan speed is less than 2500 = WARNING, if either fan speed is less than 500 = ALARM
Redundancy (RAID): Fully Operational - If this ever says that they are NOT fully operational that is a problem that needs to be looked at.
Recommendation - If RAID says it is no fully operational for more than 2 hours = WARNING, if RAID says it is not fully operational for more than 48 hours = ALARM
Firmware Storage: X % - Should be somewhere between 60 - 80%. If it exceeds 80% that usually means that a debug file needs to be deleted. This can be done on a non-emergency basis.
Recommendation - If firmware storage exceeds 80% = WARNING, if firmware storage exceeds 90% = ALARM
Mail/Log Storage: X % - Should be somewhere between 1 - 70%.
Recommendation - If mail/log storage exceeds 70% = WARNING, if mail/log storage exceeds 80% = ALARM
System Load: X % - Can vary wildly between 1 and 100% during normal operation. If it stays at 100% for greater than 2 hours that MAY mean there is a problem that needs to be looked at. Sometimes the value will rise temporarily and then go back down after 2 or 3 minutes. This is normal behavior.
Recommendation - If System Load is higher than 80% for more than 1 hour = WARNING, if System Load is higher than 95% for more than 3 hours = ALARM
CPU Temperature: Should be between 40 and 70 degrees C
Recommendation - If CPU Temp is higher than 70 degrees C for more than 30 minutes = WARNING, if CPU TEMP is higher than 80 degrees C for more than 1 hour = ALARM
Filename: com.dartware.tcp.barracuda.https.txt
Version: 3.1
Big Brother Probe
This probe allows you to use InterMapper as a Big Brother "BBDISPLAY" to collect information sent by Big Brother clients.
Purple Time is the number of minutes to wait without a report before indicating a problem. In an actual Big Brother server, this is thirty minutes; Big Brother will show a device as purple if it goes this long without reports from the device. We will show it as DOWN (blinking red).
Filename: com.dartware.bigbrother
Version: 1.6
BlitzWatch
The protocol used to monitor the performance of a BlitzMail server. BlitzMail is a TCP/IP-based client-server electronic mail system developed at Dartmouth College. In the BlitzMail system, all mail and mail preferences are stored on one or more BlitzMail servers, thus giving a user access to their email from anywhere. The BlitzWatch probe provides a simple view into the current state of a single BlitzMail server in terms of simultaneous user count, CPU utilization, and disk transfer statistics.
Filename: com.dartware.blitzwatch
Version: 1.5
Citrix Server
This probe connects to a Citrix server that defaults to listening on port 1494. It checks the received response for the presence of "ICA", indicating that the Citrix server is running.
This probe goes into alarm condition if:
- it receives an unexpected disconnect
- it connects, but doesn't receive a response after 30 seconds
- the response doesn't contain the string "ICA"
Filename: com.dartware.tcp.citrix.txt
Version: 1.1
InterMapper Authentication Server (IMAuth)
This TCP probe queries an InterMapper DataCenter server to verify that IMAuth is configured and running on that server. This will only work when run against InterMapper DataCenter 5.1 or later.
User is the DataCenter admin user's name.
Password is the DataCenter admin user's password.
Port is the port the DataCenter server listens on.
Filename: com.dartware.tcp.imauth
Version: 0.3
InterMapper Database (IMDatabase)
This TCP probe queries an InterMapper DataCenter server to verify that IMDatabase is configured and running on that server. This will only work when run against InterMapper DataCenter 5.1 or later.
User is the DataCenter admin user's name.
Password is the DataCenter admin user's password.
Port is the port the DataCenter server listens on.
Filename: com.dartware.tcp.imdatabase
Version: 0.3
DND Protocol
The protocol used to lookup directory entries and validation information in a DND server. The DND is a centralized authentication/directory service developed at Dartmouth College. The default TCP port number for DND connections is port 902.
Name is the name to look up in the DND.
Filename: com.dartware.tcp.dnd
Version: 1.6
FileMaker Pro Server Probe
The FileMaker Pro database server listens on port 5003. This probe attempts to connect and exits with OKAY status if it succeeds.
Filename: com.dartware.tcp.filemaker
Version: 1.6
FirstClass Email Server
This probe connects to a FirstClass mail server that defaults to listening on port 510. It sends two carriage returns, and expects to receive a banner; the default contains "FirstClass System".
Filename: com.dartware.tcp.firstclass
Version: 1.6
KeyServer Status
This probe tests the operation of Sassafras Software's KeyServer via TCP/IP. KeyServer is a software license management tool for Windows, Macintosh and thin-client based computers.
This probe sends a proprietary status request to the KeyServer -- a full description is available from Sassafras Software. By default, the server accepts UDP requests on port 19283.
KeyServer is a registered trademark of Sassafras Software.
Filename: com.dartware.keyserver
Version: 1.5
Lotus Notes Probe
Lotus Notes uses Port 1352 for its Remote Procedure Call and Notes Replication.
This probe simply establishes a connection to the indicated port, which presumably is a Lotus Notes server. If the connection is successful, the device's status is set to OK; otherwise, its status is DOWN.
Filename: com.dartware.tcp.lotusnotes
Version: 1.4
MeetingMaker Probe
The MeetingMaker server listens on port 649. This probe attempts to connect and exits with OKAY status if it succeeds.
Filename: com.dartware.tcp.meetingmaker
Version: 1.4
SNMP - Microsoft DHCP Lease Check
This probe generates an alarm if the count of free DHCP leases on a Microsoft DHCP server goes below the indicated number.
The check is specific to a scope.
Scope is the DHCP scope to check (e.g., "192.168.1.0").
Free Lease Warning is the number of free leases remaining at which the device should go into warning.
Free Lease Alarm is the number of free leases remaining at which the device should go into alarm.
Free Lease Critical is the number of free leases remaining at which the device should become critical.
Click View the DHCP scope table to see a list of scopes available, along with their in-use lease, free lease, and pending offers information.
Filename: com.dartware.snmp.dhcpcheck.txt
Version: 0.3
NT Services
This probe monitors the state of one or many services on a Windows NT-based machine, including Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003. InterMapper uses the Service Control Manager (SCM) to retrieve the information about the running services. This probe only works if the InterMapper server is running on a Windows computer.
Services to Monitor is the list of services selected for monitoring. Services with green icons are currently running; those with red icons are stopped.
InterMapper will monitor one or many services whose box is checked. For a single machine, you may choose from all the services on the machine. For multiple machines, you may choose from among the services common to all of the machines.
Username is the name of an administrative user on the machine being probed. InterMapper will use this username to log into the target machine in order to be able to query the Service Control Manager.
Password is the password for the supplied username.
If Username and Password are left blank, the user credentials under which InterMapper is running will be used.
Note that InterMapper must be running as an administrative user for this probe to operate, or you must have supplied the username and password of an administrator in the NT Services panel in Server Settings so that InterMapper can temporarily elevate its privileges.
Filename: com.dartware.ntsvcs.std
Version: 1.8
SQL Query
This probe establishes an ADO connection to Microsoft SQL Server running on the target host. It issues the query you specify and displays the returned fields. If no records are returned the status of the device is set to Critical.
The Query parameter is the SQL query you wish to perform. It should be enclosed in double-quotes. Using the "TOP" keyword in your query will likely make it return faster. You may wish to specify specific columns in your query and include a "WHERE" or an "ORDER BY" clause.
The Rows and Columns parameters allow you to limit the output of your query to the first "Columns" fields of the first "Rows" records returned.
The Instance parameter specifies the SQL Server instance you wish to query on the target host. If you wish to query the default instace you should leave this blank.
The Database parameter specifies the database on the target instance to be queried.
The User parameter may be a SQL Server user on the target host, or may take the form of "domain\\user" for a domain login. Leave it blank if integrated authentication is desired. The user must have been granted dbreader privilege to the database.
The Timeout (sec) parameter allows you to override the timeout set on the device.
InterMapper invokes the sql_query.vbs VB script which must reside in the Tools sub-directory of the InterMapper Settings directory.
Filename: com.dartware.cmd.sql_query.txt
Version: 1.3
Nagios NRPE over SSL/TLS
The NRPE ("Nagios Remote Plugin Executor") protocol defines a way to execute Nagios plugins on remote machines. After you install a Nagios NRPE daemon and and one or more Nagios plugins on a remote machine, InterMapper uses the following procedure to retrieve the status of that machine.
- Establish an encrypted SSL/TLS connection to the remote NRPE daemon
- Request that a specific Nagios plugin be executed
- Receive the response from the plugin
- Parse the response and display the state of that machine.
The NRPE daemon uses a configuration file (nrpe.cfg) that has command definition entries in this form:
command[check_swap]=/usr/local/nagios/libexec/check_swap -w 20% -c 10%
When the NRPE daemon receives a request to run the "check_swap" plugin, it issues the command above.
The Nagios Plugin paramenter tells which plugin to execute. It must match one of the command definitions in the nrpe.cfg file, e.g., the text within square brackets [ ... ]. To test the connection from InterMapper to the NRPE daemon, set Nagios Plugin to the value "_NRPE_CHECK".
For information about installing an NRPE daemon, see the NRPE Documentation (at http://nagios.sourceforge.net/docs/nrpe/NRPE.pdf), especially the section on Remote Host Configuration. Nagios and the Nagios logo are registered trademarks of Ethan Galstad. For more information, see http://www.nagios.org.
Filename: com.dartware.tcp.nrpe.txt
Version: 1.2