Perspective User Guide

© PacketTrap Networks Inc, 2008

p2

© PacketTrap Networks 2008

p3

© PacketTrap Networks 2008

This section will give you a brief introduction to PacketTrap Networks and our award winning products.

PacketTrap provides affordable enterprise class network and application management software that improves performance

across our customer's most complex networks. PacketTrap's flagship solution, PacketTrap Perspective™, provides IT

professionals with a 360 degree view of their single and multi-site networks and allows them to manage and maintain their

infrastructure from a single interface.

PacketTrap Networks was founded on the premise that existing network management offerings are point products that lack

integration and correlation, are too complex and expensive and/or are poorly supported. We are committed to providing you

with tool suites, platforms and other solutions that are developed by network engineers for network engineers. We commit to

providing the actionable data you want, when you want it, and how you want it. PacketTrap strives to make network

management more affordable, effective and easier so you spend less time worrying about your network and more time

managing it.

p5

© PacketTrap Networks 2008

PacketTrap Perspective™ is a comprehensive and affordable network management and application monitoring solution for

single and multi-site networks. It solves the problems associated with bandwidth, performance, and connectivity and allows

you to take back control of your network.

servers, and applications in real-time

routers, and other network infrastructure gear

Perspective™ automatically notifies you when network performance degrades, allowing you to fix

problems before any impact on user and customer experience. Through a simple wizard, you can

configure alerts for multiple conditions that meet the needs of your network. Perspective™ monitors

network events, traffic, and conditions to create a performance baseline which ensures that you don ’t get

inundated with false-positive alerts from normal network activity. Additionally, Perspective™ can

automatically escalate critical alerts until the problem is resolved and can suppress alerts for scheduled

network maintenance.

Perspective Application Monitoring provides in-depth visibility of running processes and performance

counters for mission-critical applications, network services, and web applications. Application failures are

usually the most common problems that occur in IT infrastructure. These powerful monitors help IT

Admins and network engineers prevent application failures and identify degradations early.

Linux devices

Perspective can automatically take actions to restore services when a failure occurs, including restarting

applications and windows services, or rebooting servers. Network administrators can focus more time on

revenue-generating initiatives by automating remediation in Perspective.

Perspective installs and more importantly configures in 15 minutes through a simple 3 step process.

After installation, Perspective performs a fast and comprehensive scan of the entire network to discover

all devices. Leveraging various discovery techniques, Perspective provides a complete set of attributes

for each device that has been discovered. Each device is then assigned to a Smart Policy with

p6

© PacketTrap Networks 2008

recommended monitors to complete the deployment process.

15 minutes

Perspective has log monitoring and management capabilities, with the ability to collect, analyze, alert,

report, and archive Event Log from Windows hosts, SysLog from distributed UNIX hosts, Routers,

Switches, and other SysLog devices, and Application logs from IIS web server, IIS FTP server, and MS

SQL server. It helps system administrators to troubleshoot, performance problems on hosts, select

applications, and the network.

and usage statistics for a host

PacketTrap Perspective provides unparalleled visibility into network performance, fault management,

and device availability across any size of network. The iGoogle like Dashboard is a “network

management dashboard” with a summary display of key performance indicators (KPIs) like CPU load,

network interface traffic, latency, packet loss and event logs, exposing troubled devices and areas of the

network. With support for drag and drop, it’s easy to customize each dashboard by simply adding and

removing gadgets. Perspective’s full screen mode feature maximizes screen real estate and rotates

multiple dashboards. Now managers and operations staff can continuously monitor key assets of the

company to ensure that your network is always running at peak performance.

latency, and packet loss

counters for MS Exchange, SQL, Active Directory

Perspective Network Traffic Flow provides in-depth visibility into traffic network patterns and usage to

determine how traffic impacts the overall health of the network. Drill down into applications,

conversations, devices will identify the exact sources of spikes and burst to take proper actions.

Perspective stores flows for historical reporting that proves invaluable for network capacity planning.

Perspective Performance Baseline automatically analyzes collected data to identify changes in network

behavior and establishes a baseline that represents the regular and expected activity of a device and

network. The established baseline accurately reflects your organization’s use of the IT infrastructure by

taking into account patterns and variations in usage – for example, increased processor utilization on

Monday mornings at 9:00am. Performance Baseline continuously logs subsequent activity of a device

and compares it to baseline. Once irregular behavior is detected, Perspective produces a qualified alert

that contains details to be used as a starting point to help guide the troubleshooting and remediation

process.

p7

© PacketTrap Networks 2008

shorten mean time to repair

Perspective integrates seamlessly with the award-winning Network Engineer’s pt360 Tool Suite. The

pt360 Tool Suite consolidates dozens of network diagnostic tools into a single, integrated solution. The

tool suite includes Ping utilities, Switch Port Mapper, Cisco configuration management, traffic generator,

TFTP Server, and many more useful tools. The pt360 Tool Suite is a perfect complement to the

extensive real-time monitoring provided by Perspective.

Designed for organizations with multi-site networks, Perspective Remote Agent provides secure

connectivity between IT headquarters and any number of remote sites. The remote agent ensures that

all key network performance data is collected and sent to Perspective, providing visibility into the entire

IT infrastructure. Taking commands from Perspective, the remote agent can also enforce policies and

execute actions.

Perspective Reports enables you to generate reports for all collected network data. Any report can

instantly be printed, emailed, and saved. You can drill down into specific time periods or events or

change chart type with a single click – a feature that is particularly useful when troubleshooting issues.

Leveraging the report scheduler, email reports on a daily, weekly or monthly basis to colleagues and

executive management.

Perspective gives you control over what users can and cannot do on the system. User accounts are

configured for which type of information is displayed in the Perspective Studio for an individual user or

group of people. In addition user accounts have email address for integration to alert notifications and

scheduled reports. This layer of security ensures that the right people have access to the right

information.

Perspective has the ability to automatically backup configurations files for your Cisco routers and

switches. Configuration backups can be scheduled to run as needed and are stored in the Perspective

database. Config files can be viewed and compared all in the same interface. In addition you can be

immediately alerted when any configuration has been changed. You can customize the backup settings

to meet your particular needs in PacketTrap Policies.

p8

© PacketTrap Networks 2008

Leveraging Perspective’s device profiling intelligence, it recommends monitors and data gathering

intervals for all devices discovered in your network. Smart Policies encompass devices, monitors, alerts

and scheduled task, so any configuration changes occur from one central location. This intuitive design

saves you time and dramatically improves ease of use.

Wireless Monitor Module gives Perspective the ability to monitor wireless networks. As wireless become

a more integrated in today’s network, it is important that IT managers maintain visibility into wireless

access points, clients and sessions. Perspective Wireless Monitoring centralizes the management of

distributed wireless networks with configuration in Smart Policies and monitoring in Dashboards.

Understand how well your wireless network is performing and detect rogue users.

p9

© PacketTrap Networks 2008

You can contact PacketTrap Networks in multiple ways:

Sales 866-MYpt360 (866-697-8360)

Sales@PacketTrap.com

www.PacketTrap.com

Support www.PacketTrap.com/support

The Packet Scoop www.Packetrap.com/blog

p10

© PacketTrap Networks 2008

The following documents are available to assist you in using PacketTrap Network products. They can be found at

http://packettrap.com/support/

User Guide Provides detailed setup, configuration, and use cases

for Perspective Studio.

http://packettrap.com/support/index.aspx

Release Notes Provides product updates and known issues for

Perspective Studio.

http://community.packettrap.com/viewforum.php?f=20

Datasheet Provides overview of product features and key

benefits

http://packettrap.com/pdf/Perspective_Datasheet.pdf

p11

© PacketTrap Networks 2008

© 2008 PacketTrap Networks, Inc.

All rights reserved.

Under the copyright laws, this manual or the software described within, can not be copied, in whole or part, without the

written consent of the manufacturer, except in the normal use of the software to make a backup copy. The same proprietary

and copyright notices must be affixed to any permitted copies as were affixed to the original. This exception does not allow

copies to be made for others, whether or not sold, but all of the material purchased (with all backup copies) can be sold,

given, or loaned to another person. Under the law, copying includes translating into another language or format.

Specifications and descriptions subject to change without notice.

p12

© PacketTrap Networks 2008

The name PacketTrap Networks, the software, the product name PacketTrap pt360 Tool Suite, PacketTrap Perspective,

and the PacketTrap logo are registered trademarks of PacketTrap Networks, Inc. PacketTrap Networks (the Software) is

copyright 2008 by PacketTrap Networks. All rights are reserved.

Microsoft Windows 98, Windows NT, Windows 2000, Windows XP, Windows Server 2003, Vista, Internet Explorer, and

Active Directory are trademarks or registered trademarks of Microsoft Corporation.

Adobe, Acrobat, and Acrobat Reader are either registered trademarks or trademarks of Adobe Systems Incorporated in the

U.S. and/or other countries.

Firefox is a trademark of the Mozilla Foundation.

Other product and company names mentioned herein may be trademarks and/or registered trademarks of their respective

companies and are the sole property of their respective manufacturers.

p13

© PacketTrap Networks 2008

This section will help you install and more importantly configure Perspective in a matter of minutes. In addition there are

useful resource guides of how to enable SNMP or WMI on your devices, configuring your encrypted credential store, and

updating Perspective when required.

The PacketTrap Perspective Studio is a light weight application that can run on almost any moderate Windows-based

machine. As a general guideline, the minimum specifications are:

Software / Hardware Requirement

Operating System One of the following 32-bit or 64-bit operating system is required:

CPU 2.0 GHz

Memory 2GB or more

Hard Drive Space 1GB or more

.Net Framework 2.0 or higher

Firewall Exceptions -

Allowed Programs

Automatically configured during Perspective installation:

ptserverservice

ptserverconfig

ptagentservice

ptagentconfig

ptstudio

Ports 5054 (TCP) = (Perspective Server port)

69 (UDP) - TFTP Server

514 (UDP) - Syslog Server

2055 (UDP) - Netflow

6343 (UDP) - SFLOW

9555 (UDP) - Netflow Alternative port #2

9995 (UDP) - Netflow Alternative port #3

p14

© PacketTrap Networks 2008

process.

Note: Perspective requires Microsoft .Net 2.0 and will automatically download it if not present of the machine. Be aware

of Microsoft dialog box to continue installation.

10. A Setup Status window will display that shows the progress of Perspective's installation. If you decide that you wish to

p15

© PacketTrap Networks 2008

Perspective™ installs and more importantly configures in 15 minutes through a simple 3 step process. After installation,

Perspective performs a fast and comprehensive scan of the entire network to discover all dev ices. Leveraging various

discovery techniques, Perspective provides a complete set of attributes for each device that has been discovered. Each

device is then assigned to a Smart Policy with recommended monitors to complete the deployment process.

Step 1: Choose an agent to run device discovery with. The Perspective Server agent is automatically selected by default.

Remote agents (other locations) will be added when installed and configured.

Select if you want to not include previous discovered devices that are in the device database in

your new search. This is speed up future discoveries on the same network.

Uses ICMP to get responding status of a device. See below for Advanced Settings.

Uses MAC Address to discover a device on the network.

Set the proper credential store for the network of the device you are going to monitor with the

Set the proper credential store for the network of the device you are going to monitor with the

Set the proper credential store for the network of the device you are going to monitor with the

Set the proper credential store for the network of the device you are going to monitor with the

p16

© PacketTrap Networks 2008

Step 6: Select the devices you want to do a deep discovery on. Filters available for all, SNMP responding or WMI

Responding nodes

type and details gathered during the discovery process. This process chooses the best fit policy

for each device.

Applies the standard Default Policy to all the devices selected from the discovery process. The

Default Policy attributes will be applies to all the devices selected.

Lists the count of devices to be updated by the following criteria: Total devices selected, New

devices discovered, and Devices for agent reassignment.

Ping settings allow you to turn on or off which resolutions are displayed.

Designates the maximum amount of time in milliseconds that Ping will wait for a response from

the target. If the target does not respond within the number of milliseconds set, Ping will assume it

is down.

Designates the number of hops along the way to the specified address. With a setting of 32, your

Ping Scan could pass through up to 32 different routers on the way to the remote address before

being thrown away by the network.

Allows you to control the number of Ping attempts to send each address during a scan.

When scanning networks containing Cisco routers, set this number above two (2). If the target IP

address is not in the ARP cache of a Cisco router, the router discards the ICMP query (Ping)

while it requests the MAC address of the target IP. The first Ping will never arrive at the subnet of

the target IP address. In this situation, the Cisco router responds to the second Ping.

Designates the time in milliseconds between each successive Ping to the target address. Setting

this value very low will send a constant stream of Pings to the target IP address.

Designates the maximum amount of time in milliseconds that Port scan will wait for a response

from the target. If the target does not respond within the number of milliseconds set, Port scan will

p17

© PacketTrap Networks 2008

assume it is down.

Simply add or delete any listed port and click on “ok.”

Simply enter the Port number in the field seperating the numbers with a comma.

The Device Viewer section provides the ability to drill into each discovered device.

Displays a detailed overview of a device including status, DNS, and processor, disk, memory, and

network interface usage.

Provides all the processes names and paths for a given device.

Gathers all the software installed on each device.

Was this information helpful to you?

p18

© PacketTrap Networks 2008

service(s) are started:

Windows Management Instrumentation

Windows Management Instrumentation Driver Extensions

Step 1: Go to the Control Panel and double click ‘Administrative Tools’.

Step 2: Inside ‘Administrative Tools’ double click ‘Computer Management’.

p19

© PacketTrap Networks 2008

Step 3: Expand Services and Applications, right click on WMI Control and follow the Windows menus.

Was this information helpful to you?

p20

© PacketTrap Networks 2008

information includes monitoring CPU, memory usage, and other critical performance details via PacketTrap Perspective.

Step 1: Navigate to the Control Panel and double click ‘Programs and Features

Step 2: Click ‘Turn Windows features on or off’.

Step 3: Scroll down to the ‘SNMP feature’ check both boxes and click ‘Ok’. Wait for windows to enable the software.

p21

© PacketTrap Networks 2008

Step 4: Now go back to the Control Panel and double click ‘Administrative Tools’.

Step 5: Inside ‘Administrative Tools’ double click ‘Computer Management’.

p22

© PacketTrap Networks 2008

Step 6: Under ‘Services and Applications’ click ‘Services’

Step 7: Scroll down to the ‘SNMP Service’ in the right hand pane.

p23

© PacketTrap Networks 2008

Step 8: Double click the ‘SNMP Service’ and navigate to the ‘Security’ tab. Make sure the ‘Accept SNMP packets from any

host’ is selected. For routine public enablement, under ‘Accepted community names’ click ‘Add’. Leave ‘Community rights’

as ‘READ ONLY’ and enter ‘Public’ for the ‘Community Name’. (A customized SNMP Community string can also be used.)

p24

© PacketTrap Networks 2008

Step 9: Click ‘Ok’ twice until you’re back at the above ‘Services’ screen. Right click the ‘SNMP Service’ and select ‘Start’.

Done!

An article containing useful information on SNMP can be found on the CISCO site at:

http://www.cisco.com/warp/public/535/3.html

Configuring SNMP Support for Cisco Devices:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/ffun_c/fcfprt3/fcf014.htm

Was this information helpful to you?

p25

© PacketTrap Networks 2008

p26

© PacketTrap Networks 2008

information includes monitoring CPU and memory usage from the PacketTrap devices.

Step 1: Navigate to the Control Panel and double click ‘Programs and Features’.

Step 2: Click ‘Add/Remove Windows Components’.

p27

© PacketTrap Networks 2008

Step 3: Select and double-click on Management and Monitoring Tools.

Step 4: Make sure both boxes are selected and click OK.

p28

© PacketTrap Networks 2008

Step 5: You are returned to the previous dialogue. Click on Next

p29

© PacketTrap Networks 2008

Step 6: When that configuration is completed, click finish. Return to the Control Panel and double- click ‘Administrative

Tools’.

Step 7: Inside ‘Administrative Tools’ double click ‘Computer Management’.

p30

© PacketTrap Networks 2008

Step 8: Under ‘Services and Applications’ click ‘Services’ and then scroll down to the ‘SNMP Service’ in the right hand pane.

Step 9: Double click the ‘SNMP Service’ and navigate to the ‘Security’ tab. Make sure the ‘Accept SNMP packets from any

p31

© PacketTrap Networks 2008

host’ is selected. For routine public enablement, under ‘Accepted community names’ click ‘Add’. Leave ‘Community rights’

as ‘READ ONLY’ and enter ‘Public’ for the ‘Community Name’. ( A customized SNMP Community string can also be used.)

Step 10: Click ‘Ok’ twice until you’re back at the above ‘Services’ screen. Right click the ‘SNMP Service’ and select ‘Start’.

Done!

Was this information helpful to you?

p32

© PacketTrap Networks 2008

To support Extreme devices, you must configure the device using the following configuration template.

enable sflow

configure sflow config agent 10.199.5.10

configure sflow collector 192.168.72.67 port 6343

configure sflow sample-rate 128

configure sflow poll-interval 30

configure sflow backoff-threshold 50

enable sflow backoff-threshold

enable sflow ports all

The sFlow collector value must reflect the IP address where Perspective is installed.

To support Foundry devices, you must configure the device using the following configuration template.

Note: Ensure your Foundry device supports sFlow version 5.

config> int e 1/1 to 4/48

interface> sflow forwarding

config> sflow destination 10.199.1.199 6343

config> sflow sample 128

config> sflow polling-interval 30

config> sflow enable

The sFlow destination value must be the IP where Perspective is installed.

To support HP devices, you must configure the device using the following configuration template.

Note: This will not show up in the command line interface. Because of this it will not return if the switch is reset.

setmib sFlowRcvrAddress.1 -o 0AC70199

setmib sFlowRcvrPort.1 -i 6343

setmib sFlowRcvrOwner.1 -D net sFlowRcvrTimeout.1 -i 100000000

setmib 1.3.6.1.4.1.14706.1.1.5.1.4.11.1.3.6.1.2.1.2.2.1.1.1.1 -i 37

setmib 1.3.6.1.4.1.14706.1.1.5.1.3.11.1.3.6.1.2.1.2.2.1.1.1.1 -i 1

setmib 1.3.6.1.4.1.14706.1.1.6.1.4.11.1.3.6.1.2.1.2.2.1.1.53.1 -i 8

setmib 1.3.6.1.4.1.14706.1.1.6.1.3.11.1.3.6.1.2.1.2.2.1.1.53.1 -i 1

Where 0AC70199 is the IP address of the computer (in hexidecimal) where Perspective is installed. Line 4 sets the sample

rate. Line 5 enables sFlow. Line 6 sets the polling interval, and line 7 enables polling.

p33

© PacketTrap Networks 2008

Enable J-flow on your device

p34

© PacketTrap Networks 2008

Enable Cisco Express Forwarding:

router(config)# ip cef

In the configuration terminal on the router, issue the following to start NetFlow Export.

It is necessary to enable NetFlow on all interfaces through which traffic you are interested in will flow. Now, verify that the

router is generating flow stats - try 'show ip cache flow'. Note that for routers with distributed switching (GSR's, 75XX's) the

Rendezvous Point CLI will only show flows that made it up to the RP. To see flows on the individual linecards use the 'attach'

or 'if-con' command and issue the 'show ip cache flow' on each LC.

Enable export of these flows with the global commands. 'ip flow-export source' can be set to any interface, but one which is

the least likely to enter a 'down' state is preferable. Netflow will not be exported if the specified source is down. For this

reason, we suggest the Loopback interface, or a stable Ethernet interface:

router(config)# ip flow-export version 5

router(config)# ip flow-export destination <ip-address> <port>

router(config)# ip flow-export source FastEthernet0

Use the IP address of your NetFlow Collector and configured listening port.

If your router uses BGP protocol, you can configure AS to be included in exports with command:

router(config)# ip flow-export version 5 [peer-as | origin-as]

The following commands break up flows into shorter segments.

router(config)# ip flow-cache timeout active 1

router(config)# ip flow-cache timeout inactive 15

Use the commands below to enable NetFlow on each physical interface (i.e. not VLANs and Tunnels, as they are auto

included) you are interested in collecting a flow from. This will normally be an Ethernet or WAN interface. You may also need

to set the speed of the interface in kilobits per second. It is especially important to set the speed for frame relay or ATM

virtual circuits.

interface <interface>

ip route-cache flow

bandwidth

Now write your configuration with the 'write' or 'copy run start' commands. When in enabled mode, you can see current

NetFlow configuration and state with the following commands:

router# show ip flow export

router# show ip cache flow

router# show ip cache verbose flow

p35

© PacketTrap Networks 2008

by all tools and gadgets which require them. It uses standard AES 256-bit encryption.

configuration of each of the three choices displayed is described in the following three sections.

you wish the characters to be obfuscated.

for any relevant tool or gadget.

name in the text box.

protocol being defined.

being defined.

p36

© PacketTrap Networks 2008

Step 6: Enter the name of your Domain.

Step 7: Enter your User Name for the Domain.

p37

© PacketTrap Networks 2008

Was this information helpful to you?

p38

© PacketTrap Networks 2008

PacketTrap has developed a robust framework for updating software to make sure your PacketTrap Perspective is running

the latest version currently available. There are two ways Perspective will update. One approach is manual update and the

other approach is auto update.

automatically .

www.PacketTrap.com/Support

Upon launch, Perspective Studio will check for any updates available at the PacketTrap patch server. The software will

automatically pull the updates and store in cache. They will be applied the next time Perspective Studio is launched.

Was this information helpful to you?

p39

© PacketTrap Networks 2008

The Studio is the management console for Perspective. It provides real-time visibility into network performance and device

details. In addition to monitoring dashboards, it allows you to configure policies, alerts and actions, run reports and modify

the administrative settings of Perspective. The Administrator controls what users can and cannot do on the system.

PacketTrap Perspective provides unparalleled visibility into network performance, fault management, and device availability

across any size of network. The iGoogle like Dashboard is a “network management dashboard” with a summary display of

key performance indicators (KPIs) like CPU load, network interface traffic, latency, packet loss and event logs, exposing

troubled devices and areas of the network. With support for drag and drop, it’s easy to customize each dashboard tab by

simply adding and removing gadgets. Now managers and operations staff can continuously monitor key assets of the

company to ensure that your network is always running at peak performance.

loss

SQL, Active Directory

Was this information helpful to you?

p40

© PacketTrap Networks 2008

The Dashboard can be customized to meet the needs of you and other users of Perspective. In addition to the settings

below, you can drag and drop gadgets from column to column and adjust the size of each column by moving the div ider bar

to the left or right.

Create multiple dashboards full of key gadgets. For example, create a dashboard for routers,

create one for servers, and even create one for your web properties to make sure they are up and

running.

Provides a list of gadgets to use on the dashboard. They encompass a broad suite of mission

critical data like device application, networking, devices, availability, and web-based tools. Please

see Configure a Gadget for more details.

These dashboard functions can be found by selecting the down arrow on each tab.

Set the number of columns for your dashboard page. Gadgets will resize automatically based on

the number of columns.

Give every dashboard tab a friendly name for easy navigation across your multiple dashboards.

Will clear the dashboard of any gadgets and allow you to start fresh in configuring the dashboard.

Will permanently remove the dashboard tab and all its associated gadgets.

Was this information helpful to you?

p41

© PacketTrap Networks 2008

The Dashboard gadgets can be configured for your specific monitoring needs. Perspective offers a wide range of gadgets to

can present any data being collected about your network. Every gadget in Perspective takes you through a similar and

intuitive configuration wizard that makes setup quick and easy.

Monitors the performance counters for Active Directory server.

will wait for a response from the target. If the target does not respond within the number

of milliseconds set, it is assumed down

going to monitor. To configure the credential store, please see the section titled

Credential Settings.

that you would like to monitor in the gadget

received through inbound Active Directory related replication. If this number is

consistently equal to zero, it means that replication is not occurring. Low numbers

may indicate that there is a network bottleneck or that the server's NIC is too busy

with other traffic to receive the requests in a timely manner.

number of Active Directory objects that have been received through replication, but

that have not yet been applied. This number may start high, but should diminish very

quickly. If this value takes a while to diminish, it is a clue that the server's hardware

might not be fast enough to keep up with the demand.

(compressed and uncompressed) that are being transmitted each second as a result

of the replication process. A lack of activity often indicates insufficient hardware.

objects which must be synchronized. Like the DRA Inbound Object Updated

Remaining in Packet counter, this value may start high, but should quickly dissipate.

If this counter's value remains high, it usually means that the hardware is having

trouble keeping pace with the demands being made of it.

servicing client API calls. You can use this value to determine whether or not the

domain controller could benefit from additional processors.

times each second that clients use a ticket to authenticate to the domain controller. A

lack of activity sometimes indicates that network problems are preventing requests

from reaching the domain controller.

successful LDAP bind took to complete. This value should remain consistently low.

Longer bind times can be an indication of network problems or of hardware that

needs to be upgraded.

are connected to the domain controller at the moment. The appropriate value

depends on your network, but if this value remains at zero, it means that you

probably have some network problems that are preventing client sessions from

connecting with the server.

LDAP queries made by clients each second. I recommend viewing this counter along

with the LDAP Successful Binds / Sec counter, which shows the number of

p42

© PacketTrap Networks 2008

successful LDAP binds each second. The biggest thing that you are looking for in

these two counters is activity. A lack of activity would almost always indicate that

network problems are disrupting the client's ability to interact with the domain

controller.

A detailed display of alerts that have been triggered by Perspective.

Indicates the availability of a node(s) by charting the ping results.

wait for a response from the target. If the target does not respond within the number of

milliseconds set, Ping Scan will assume it is down.

specified address. With a setting of 32, your Ping Scan could pass through up to 32

different routers on the way to the remote address before being thrown away by the

network.

to the target address. Setting this value very low will send a constant stream of Pings to

the target IP address.

hour.

Indicates the availability of a node based on response time and average packet loss.

wait for a response from the target. If the target does not respond within the number of

milliseconds set, Ping Scan will assume it is down.

specified address. With a setting of 32, your Ping Scan could pass through up to 32

different routers on the way to the remote address before being thrown away by the

network.

to the target address. Setting this value very low will send a constant stream of Pings to

the target IP address.

the warning threshold is met, the gauge will turn yellow; and when the critical threshold is

met, the gauge will turn red.

When the warning threshold is met, the gauge will turn yellow; and when the critical

threshold is met, the gauge will turn red.

p43

© PacketTrap Networks 2008

Indicates the availability of a list of node(s) by showing the response time and a color indicator

bar.

wait for a response from the target. If the target does not respond within the number of

milliseconds set, Ping Scan will assume it is down.

specified address. With a setting of 32, your Ping Scan could pass through up to 32

different routers on the way to the remote address before being thrown away by the

network.

to the target address. Setting this value very low will send a constant stream of Pings to

the target IP address.

Indicates the availability of a node by changing the color of the text. Green indicates the ping was

successful and red indicates the ping failed to reach the target.

wait for a response from the target. If the target does not respond within the number of

milliseconds set, Ping Scan will assume it is down.

specified address. With a setting of 32, your Ping Scan could pass through up to 32

different routers on the way to the remote address before being thrown away by the

network.

to the target address. Setting this value very low will send a constant stream of Pings to

the target IP address.

Displays the current device configuration file and allows you to compare it to a historical version.

Monitors the CPU usage percentage of a device.

SNMP will wait for a response from the target. If the target does not respond within the

number of milliseconds set, SNMP will assume it is down

you are going to monitor with the CPU Gauge. To configure the credential store, please

see the section titled Credential Settings.

are going to monitor with the CPU Gauge. To configure the credential store, please see

p44

© PacketTrap Networks 2008

the section titled Credential Settings.

the warning threshold is met, the gauge will turn yellow; and when the critical threshold is

met, the gauge will turn red.

hour.

Monitors the CPU usage percentage and average usage percentage of a device.

SNMP will wait for a response from the target. If the target does not respond within the

number of milliseconds set, SNMP will assume it is down

you are going to monitor with the CPU Gauge. To configure the credential store, please

see the section titled Credential Settings.

are going to monitor with the CPU Gauge. To configure the credential store, please see

the section titled Credential Settings.

the warning threshold is met, the gauge will turn yellow; and when the critical threshold is

met, the gauge will turn red.

Monitors the CPU usage percentage of device(s) within in network.

SNMP will wait for a response from the target. If the target does not respond within the

number of milliseconds set, SNMP will assume it is down

you are going to monitor with the CPU Gauge. To configure the credential store, please

see the section titled Credential Settings.

are going to monitor with the CPU Gauge. To configure the credential store, please see

the section titled Credential Settings.

Monitors the CPU and memory usage percentage of a device.

SNMP will wait for a response from the target. If the target does not respond within the

number of milliseconds set, SNMP will assume it is down

you are going to monitor with the CPU Gauge. To configure the credential store, please

see the section titled Credential Settings.

are going to monitor with the CPU Gauge. To configure the credential store, please see

the section titled Credential Settings.

p45

© PacketTrap Networks 2008

the warning threshold is met, the gauge will turn yellow; and when the critical threshold is

met, the gauge will turn red.

hour.

Monitors the CPU and memory usage percentage of a device.

SNMP will wait for a response from the target. If the target does not respond within the

number of milliseconds set, SNMP will assume it is down

you are going to monitor with the Memory Gauge. To configure the credential store,

please see the section titled Credential Settings.

are going to monitor with the Memory Gauge. To configure the credential store, please

see the section titled Credential Settings.

the warning threshold is met, the gauge will turn yellow; and when the critical threshold is

met, the gauge will turn red.

Monitors the CPU and memory usage percentage of a device(s).

SNMP will wait for a response from the target. If the target does not respond within the

number of milliseconds set, SNMP will assume it is down

you are going to monitor with the Memory Gauge. To configure the credential store,

please see the section titled Credential Settings.

are going to monitor with the Memory Gauge. To configure the credential store, please

see the section titled Credential Settings.

the warning threshold is met, the gauge will turn yellow; and when the critical threshold is

met, the gauge will turn red.

Displays the alerts triggered for a given device.

Displays logs files triggered for a given device.

p46

© PacketTrap Networks 2008

Monitors the disk utilization on a hard drive of a specific device.

SNMP will wait for a response from the target. If the target does not respond within the

number of milliseconds set, SNMP will assume it is down

you are going to monitor with the CPU Gauge. To configure the credential store, please

see the section titled Credential Settings.

are going to monitor with the CPU Gauge. To configure the credential store, please see

the section titled Credential Settings.

gigabytes, or terabytes.

hour.

Monitors the disk utilization of each drive as a percent of capacity for a device.

SNMP will wait for a response from the target. If the target does not respond within the

number of milliseconds set, SNMP will assume it is down

you are going to monitor with the CPU Gauge. To configure the credential store, please

see the section titled Credential Settings.

are going to monitor with the CPU Gauge. To configure the credential store, please see

the section titled Credential Settings.

warning threshold is met, the value will turn yellow; and when the critical threshold is met,

the value will turn red.

gigabytes, or terabytes.

Displays the IP Configuration information for a device.

p47

© PacketTrap Networks 2008

Monitors the memory usage percentage of a device.

SNMP will wait for a response from the target. If the target does not respond within the

number of milliseconds set, SNMP will assume it is down

you are going to monitor with the CPU Gauge. To configure the credential store, please

see the section titled Credential Settings.

are going to monitor with the CPU Gauge. To configure the credential store, please see

the section titled Credential Settings.

the warning threshold is met, the gauge will turn yellow; and when the critical threshold is

met, the gauge will turn red.

hour.

Monitors the memory usage percentage and average usage percentage of a device.

SNMP will wait for a response from the target. If the target does not respond within the

number of milliseconds set, SNMP will assume it is down

you are going to monitor with the Memory Gauge. To configure the credential store,

please see the section titled Credential Settings.

are going to monitor with the Memory Gauge. To configure the credential store, please

see the section titled Credential Settings.

the warning threshold is met, the gauge will turn yellow; and when the critical threshold is

met, the gauge will turn red.

Monitors the memory usage percentage of device(s) within in network.

SNMP will wait for a response from the target. If the target does not respond within the

number of milliseconds set, SNMP will assume it is down

you are going to monitor with the CPU Gauge. To configure the credential store, please

see the section titled Credential Settings.

are going to monitor with the CPU Gauge. To configure the credential store, please see

the section titled Credential Settings.

Monitors the performance counters for MS Exchange server.

p48

© PacketTrap Networks 2008

will wait for a response from the target. If the target does not respond within the number

of milliseconds set, it is assumed down

going to monitor. To configure the credential store, please see the section titled

Credential Settings.

that you would like to monitor in the gadget

Exchange services. If this service is stopped, most Exchanges services are unable to

start.

Server anti-spam update service.

to client. If this service is stopped, clients are unable to connect to this computer

using the IMAP4 protocol.

mailbox stores and public folder stores. If this service is stopped, mailbox stores and

public folder stores on this computer are unavailable.

the Exchange store.

Hub Transport servers.

cmdlets.

clients. If this service is stopped, clients are unable to connect to this computer using

the POP3 protocol.

replication functionality for Mailbox server role databases and is used by local

continuous replication and cluster continuous replication.

Outlook clients, generates email addresses and offline address books, updates

free/busy information for legacy clients, and maintains permissions and group

memberships for the server.

structured and semi-structured data to allow fast linguistic searches on this data.

services.

Microsoft Exchange Transport log files.

Resources.

Internet Information Services.

inbound Active Directory related replication. If this number is consistently equal to

zero, it means that replication is not occurring. Low numbers may indicate that there

is a network bottleneck or that the server's NIC is too busy with other traffic to receive

p49

© PacketTrap Networks 2008

the requests in a timely manner.

latency in milliseconds for the past 1024 packets.

operations to the Microsoft Exchange Database disk volumes (both .edb and .stm

files).

server applications.

through WMI.

Resources.

Internet Information Services.

latency.

operations to the Microsoft Exchange Database disk volumes (both .edb and .stm

files).

to local users.

server applications.

through WMI.

Internet Information Services.

Attendant Service. The process called mad.exe is a core part of Microsoft Exchange.

It performs a number of key functions, for example, it will manage the loading of

additional dlls when you make config changes to Exchange. It also performs the

message tracking logging. You should leave this process running if you use Microsoft

Exchange. If you find that it is using a large amount of resources (e.g. 90% CPU) you

should check to see if there are any updates available for Exchange, from Microsoft.

the local SMTP queue.

messages are being delivered to local mailboxes.

p50

© PacketTrap Networks 2008

messages are being received.

being sent.

messages are submitted to the Exchange store.

folders are submitted to the Exchange store.

being delivered locally.

occur. This counter tells you how many RPC requests are outstanding. If Outlook is

notifying users that it cannot contact their Exchange server, it is likely that this

counter will show significant spikes.

currently being processed by the Exchange store. This counter should not exceed

100. You should also use this counter to establish a baseline of normal server

performance.

Monitors the network interface performance for a device by showing the percent of capacity or

throughput.

SNMP will wait for a response from the target. If the target does not respond within the

number of milliseconds set, SNMP will assume it is down

you are going to monitor with the CPU Gauge. To configure the credential store, please

see the section titled Credential Settings.

are going to monitor with the CPU Gauge. To configure the credential store, please see

the section titled Credential Settings.

hour.

Monitors the network interface performance for a device by showing the percent of capacity or

throughput.

SNMP will wait for a response from the target. If the target does not respond within the

number of milliseconds set, SNMP will assume it is down

you are going to monitor with the CPU Gauge. To configure the credential store, please

see the section titled Credential Settings.

are going to monitor with the CPU Gauge. To configure the credential store, please see

the section titled Credential Settings.

p51

© PacketTrap Networks 2008

the view for your gadget.

the warning threshold is met, the gauge will turn yellow; and when the critical threshold is

met, the gauge will turn red.

Displays the NetFlow / sFlow / JFlow for a switch or router.

Monitors the CPU performance of a list of node(s) by showing the usage percentage and a color

indicator bar.

website.

so you might consider disabling the refresh option.

Displays all the log files generated by Perspective in a single view.

Displays all the scheduled actions for Perspective in a single view.

Displays IP Address, device type and roles, operating system, domain, and other detailed system

information for a device.

Displays all the software installed for a device in the Perspective database.

Monitors the performance counters for SQL Server.

p52

© PacketTrap Networks 2008

will wait for a response from the target. If the target does not respond within the number

of milliseconds set, it is assumed down

going to monitor. To configure the credential store, please see the section titled

Credential Settings.

CTRL keys to select multiple items.

you would like to monitor in the gadget

started per second. Transactions are the basis of everything in SQL Server, and most

queries are implicit transactions. This measurement is extremely handy for

determining if the load has substantially increased over time. This also gives you an

indicator to how the workload is on your system.

how often a table index is not being used and results in sequential I/O. This is defined

as the number of unrestricted full scans. These can be either base table or full index

scans. Missing or incorrect indexes can result in reduced performance because of

too high disk access.

Server’s buffer pool without having to incur a read from disk. A well-balanced system

will have hit ratio values greater than 80%. The hit ratio ought to be 90% or better for

OLTP-type databases.

milliseconds, that a latch request had to wait before it was serviced. Over time it is a

good indicator for a general performance problem or if a performance issue is

specific to one user.

milliseconds, that a user is waiting for a lock. Over time it is a good indicator for a

general performance problem or if a performance issue is specific to one user. Locks

are inevitable but a sometimes a blocking or a deadlock can skew the v alues. Having

said that, less this wait the better it is.

performance counters that report information about wait status.

available.

Displays all the collected syslog messages for a specific device.

Displays detailed system information on a device.

Monitors the CPU performance of a list of node(s) by showing the usage percentage and a color

indicator bar.

p53

© PacketTrap Networks 2008

SNMP will wait for a response from the target. If the target does not respond within the

number of milliseconds set, SNMP will assume it is down

you are going to monitor with the CPU Gauge. To configure the credential store, please

see the section titled Credential Settings.

are going to monitor with the CPU Gauge. To configure the credential store, please see

the section titled Credential Settings.

Monitors the memory performance of a list of node(s) by showing the usage percentage and a

color indicator bar.

SNMP will wait for a response from the target. If the target does not respond within the

number of milliseconds set, SNMP will assume it is down

you are going to monitor with the CPU Gauge. To configure the credential store, please

see the section titled Credential Settings.

are going to monitor with the CPU Gauge. To configure the credential store, please see

the section titled Credential Settings.

Indicates the average packet loss of a list of node(s) by showing the response time and a color

indicator bar.

wait for a response from the target. If the target does not respond within the number of

milliseconds set, Ping Scan will assume it is down.

specified address. With a setting of 32, your Ping Scan could pass through up to 32

different routers on the way to the remote address before being thrown away by the

network.

to the target address. Setting this value very low will send a constant stream of Pings to

the target IP address.

Indicates the highest average disk volume usage as a percentage of drive capacity for a list of

devices by showing capacity used and a color indicator bar.

p54

© PacketTrap Networks 2008

SNMP will wait for a response from the target. If the target does not respond within the

number of milliseconds set, SNMP will assume it is down

you are going to monitor with the CPU Gauge. To configure the credential store, please

see the section titled Credential Settings.

are going to monitor with the CPU Gauge. To configure the credential store, please see

the section titled Credential Settings.

warning threshold is met, the value will turn yellow; and when the critical threshold is met,

the value will turn red.

gigabytes, or terabytes.

Indicates the highest average latency of a list of node(s) by showing the response time and a color

indicator bar.

wait for a response from the target. If the target does not respond within the number of

milliseconds set, Ping Scan will assume it is down.

specified address. With a setting of 32, your Ping Scan could pass through up to 32

different routers on the way to the remote address before being thrown away by the

network.

to the target address. Setting this value very low will send a constant stream of Pings to

the target IP address.

Indicates the highest network interface usage for a list of nodes by showing the percent of

capacity or throughput of a specific interface.

SNMP will wait for a response from the target. If the target does not respond within the

number of milliseconds set, SNMP will assume it is down

you are going to monitor with the CPU Gauge. To configure the credential store, please

see the section titled Credential Settings.

are going to monitor with the CPU Gauge. To configure the credential store, please see

the section titled Credential Settings.

the warning threshold is met, the gauge will turn yellow; and when the critical threshold is

met, the gauge will turn red.

Displays network traffic data by applications for the last hour.

p55

© PacketTrap Networks 2008

Displays network traffic data by conversations for the last hour.

Displays network traffic data by domains for the last hour.

Displays network traffic data by endpoints for the last hour.

Displays all the event logs collected by Perspective for a device. Log files include application,

security, and system event logs.

Displays critical windows services for up, down, disabled status and detailed information.

Display visibility into a wireless access point, clients and sessions. Key variables include signal

strength and quality.

Display granular information of all wireless access points on the network.

Display a chart graph for the number of wireless clients connected to a wireless access point.

p56

© PacketTrap Networks 2008

Display key variables of each client connected to the wireless access point.

Display the amount of receive and transmit network traffic generated by a wireless device.

Was this information helpful to you?

p57

© PacketTrap Networks 2008

Perspective Device Viewer creates a detailed repository of all devices on your network. It provides operating system,

interface and port details, IP addresses, installed Windows software and many other details.

p58

© PacketTrap Networks 2008

The device overview provides a clear summary of key information for all devices being monitored by Perspective.

Perspective provide robust functionality in the right click context menu.

Ability to create a new device group and add the selected device(s) to it.

Ability to add the selected device(s) to an existing device group.

Ability to remove the selected device(s) from a device group.

Ability to create a new policy and add the selected device(s) to it.

Ability to change the policy assignment for the selected device(s).

Ability to remove the selected device(s) from a policy.

Ability to delete a device from the Perspective database.

Ability to assign or change credentials for a device. Select Managed Credentials to create a new

Ability to run various tool in the pt360 Tool Suite. Note: The pt360 Tool Suite must be installed on

the same machine as the Perspective Studio.

Ability to RDP directly to the selected machine.

p59

© PacketTrap Networks 2008

Ability to Telnet directly to the selected machine.

Ability to web browser directly to the selected machine.

p60

© PacketTrap Networks 2008

Allows the user to create new Device Groups. These groups can be used in any Target field in the Perspective Viewer.

Ability to add or remove devices from the Device Group.

Ability to edit the name of the Device Group.

Ability to remove the Device Group from the system.

Was this information helpful to you?

p61

© PacketTrap Networks 2008

Remote agents (other locations)will be added when installed and configured.

Select if you want to not include previous discovered devices that are in the device database in

your new search. This is speed up future discoveries on the same network.

Uses ICMP to get responding status of a device. See below for Advanced Settings.

Uses MAC Address to discover a device on the network.

Set the proper credential store for the network of the device you are going to monitor with the

Set the proper credential store for the network of the device you are going to monitor with the

Set the proper credential store for the network of the device you are going to monitor with the

Set the proper credential store for the network of the device you are going to monitor with the

Step 6: Select the devices you want to do a deep discovery on. Filters available for all, SNMP responding or WMI

Responding nodes

type and details gathered during the discovery process. This process chooses the best fit policy

for each device.

Applies the standard Default Policy to all the devices selected from the discovery process. The

Default Policy attributes will be applies to all the devices selected.

p62

© PacketTrap Networks 2008

Lists the count of devices to be updated by the following criteria: Total devices selected, New

devices discovered, and Devices for agent reassignment.

Ping settings allow you to turn on or off which resolutions are displayed.

Designates the maximum amount of time in milliseconds that Ping will wait for a response from

the target. If the target does not respond within the number of milliseconds set, Ping will assume it

is down.

Designates the number of hops along the way to the specified address. With a setting of 32, your

Ping Scan could pass through up to 32 different routers on the way to the remote address before

being thrown away by the network.

Allows you to control the number of Ping attempts to send each address during a scan.

When scanning networks containing Cisco routers, set this number above two (2). If the target IP

address is not in the ARP cache of a Cisco router, the router discards the ICMP query (Ping)

while it requests the MAC address of the target IP. The first Ping will never arrive at the subnet of

the target IP address. In this situation, the Cisco router responds to the second Ping.

Designates the time in milliseconds between each successive Ping to the target address. Setting

this value very low will send a constant stream of Pings to the target IP address.

Was this information helpful to you?

p63

© PacketTrap Networks 2008

The device details section is a central view for all the devices in the Perspective database. In this view, you can see detailed

information about the peformance of each device and begin the troubleshooting process if needed.

Displays a detailed overview of a device including status, DNS, processor, disk, memory, network

interface usage, and a link to the Credentials assigned to the selected device.

Provides all the processes names and paths for a given device.

Gathers all the software installed on each device

Gathers important information related to the specific application being monitored.

Displays all the log files for a devie, including Windows Event logs, Syslogs, and Flow traffic.

Displays which policy and credentials have been assigned to a device.

Displays the most current configuration file backup which can also be compared to historical

configuration file backups.

Launches selected tool against selected device if pt360 Tool Suite is also installed on the Perspective machine. To learn

Quickly accesses multiple public domain databases and performs a search by IP address or

domain name.

Continuously logs running response times and exports data on demand to HTML, XML and CSV

files.

Boot any networked machine with previously enabled capability in the BIOS by means of a “magic

packet” from a remote location.

.

Finds the route from one IP host to another by sending specially configured packets in a series of

hops from node to node.

p64

© PacketTrap Networks 2008

Scans the subnet of its host and builds a table comprised of a pertinent MAC Address, ping

response-time, DNS, network card manufacturer and manufacturer address information for each

IP Address.

Tests for open TCP ports on specified individual machines and ports as well as within targeted

ranges of IP addresses and ports.

Matches each IP Address in a specified range of IP Addresses to its domain name, and then

checks back from the domain name to the IP Address to see if the resolution is the same forward

and in reverse.

A versatile graphing tool which offers graphing functions (spline chart, bar chart, and area chart)

and variable ICMP parameters to optimize data collection for differing situations and purposes.

Sends ICMP packets to a range of IP addresses; displays which are in use, measures the

response time, and provides DNS name.

Was this information helpful to you?

p65

© PacketTrap Networks 2008

IPs, IP ranges and Device Groups. Policies include email / SMS alerts and actions which automatically respond to

configured conditions.

Step 2: Select Enabled or Disabled, enter a name for the policy and a description (optional).

Allows the user to search for specific device.

Filter entire Perspective database by the following criteria: All, Devices, Device Groups, and

Policies.

Adds selected element (All, Devices, Device Groups, and Policies) members to Selected Targets

field at the bottom of the dialogue. Ctrl + click and Shift + click allow multiple selection. Double

clicking on an element also adds the element to Selected Targets.

.

Adds all of the entire Perspective database to the Selected Targets field.

Lists the pending elements which will be added to the policy. Double clicking on an element

Removes the element from Selected Targets.

.

Removes selected element (All, Devices, Device Groups, and Policies) members from Selected

Targets field at the bottom of the dialogue. Ctrl + click and Shift + click allow multiple selection.

Removes all pending elements from the Selected Targets field.

Step 5: Configure the data to be monitored for policy members by marking the monitor checkboxes. The interval for each

monitor is selected by a drop down (combo box) menu and is tailored to the best fit interval choices.

p66

© PacketTrap Networks 2008

This includes System Information and Network Interface Configuration.

This group of monitors includes Ping, CPU, Memory, Disk Volumes, Programs Installed and

Running Processes

This group of monitors includes Web Server, Active Directory, Exchange Server, SQL Server,

Windows Services, DNS, POP3 and SMTP

.

The log group of monitors contains Syslog Listener, Application Event Logs, Security Event Logs

and System Event Logs

Includes Network Interface Configuration, Network Interface Traffic, Network Statistics and IP

Configuration.

Tests for open TCP ports.

This group includes Configuration Backup, Wireless, and the Netflow Collector.

Was this information helpful to you?

p67

© PacketTrap Networks 2008

PacketTrap Perspective comes will a robust inventory of montiors:

Provides device IP Address, device type and roles, operating system, domain, and other detailed

system information for a device.

Provides interface name, MAC Address and other network interface information for a device.

Sends an ICMP (ping) command to a device. If the device does not respond to the request, the

Ping monitor is considered down.

Settings:

Ping Timeout (ms) - Designates the maximum amount of time in milliseconds that Ping will wait

for a response from the target.

Ping Packet TTL (Time-To-Live) - Designates the number of hops along the way to the

specified address. With a setting of 100, your Ping Scan could pass through up to 100 different

relay points on the way to the remote address before being discarded by the network.

Pings Per Node - Allows you to control the number of Ping attempts to send to each address

during a scan.

When scanning networks containing Cisco routers, set this number above two (2). If the target

IP address is not in the ARP cache of a Cisco router, the router discards the ICMP query (Ping)

while it requests the MAC address of the target IP. The first Ping will never arrive at the subnet

of the target IP address. In this situation, the Cisco router responds to the second Ping.

Delay Between Pings (ms) - Designates the time in milliseconds between each successive

Ping to the target address. Setting this value very low will send a constant stream of Pings to the

target IP address.

Monitors the number of processors, current usage, and average usage over time.

Monitors the memory currently used, available free memory and total memory capacity of a

system.

Provides disk usage and total capacity per volume for a device. Results are available in raw

p68

© PacketTrap Networks 2008

numbers and as percentages.

Provides a detailed list of all software programs installed on a device.

Provides name, path, CPU and memory consumption for all processes running on a device.

Sends a HTTP or HTTPs request to a device. If the device doesn't respond or responds with the

wrong string, the web server monitor is considered down.

Settings:

Timeout (ms) - Designates the maximum amount of time in milliseconds that Ping will wait for a

response from the target.

Port - Designate the port of the web server

Monitors the status and performance of application specific counters for Active Directory server.

Monitors the status and performance of application specific counters for MS Exchange server.

Settings:

Services - Capture data like Imap4, POP3, and Transport.

Specific Processes - Capture data like system processor and store

Counters - Capture data like transport queues and logical disk

Monitors the performance counters for SQL Server.

Settings:

Services - Capture data like SQL Browser and writer.

Specific Processes - Capture data like processor and privileged time.

Counters - Capture data like database transactions, buffer manager, latches and locks

Monitors critical windows services for up, down, disabled status and detailed information.

DNS monitor sends a DNS lookup request and ensures a value is returned.

Settings:

Resolve NetBIOS Name - Will resolve the NetBIOS name during the monitoring process.

Resolve LMHost - Will resolve the LMHost during the monitoring process.

p69

© PacketTrap Networks 2008

Resolve Host - Will resolve the Host during the monitoring process.

Resolve Forward DNS - Will resolve the Forward DNS during the monitoring process.

Connects to a POP3 enabled server using the POP3 server and port information provided. Once

connected, an attempt is made to retrieve the number of messages on the server and also to read

the 1st message in the list. If any of these attempts fails, the pop3 server is considered as

non-responding.

Connects to a SMTP server using the SMTP and port information provided. Once connected, an

attempt is made to send a test message to the recipient selected using the SMTP server. If these

attempts fail, then we consider the smtp server to be non-responding.

Settings:

Mail Recipient - Enter the email address for the test message

Receives, logs and displays syslog messages from routers, switches, and any other syslog

enabled device. Filter by facility, severity, date, host name, and key word.

Settings:

Filters - Select the types of messages by facility and severity to be collected by Perspective.

Provides in-depth visibility into traffic network patterns and usage to determine how traffic impacts

the overall health of the network. Drill down into applications, conversations, devices will identify

Receives and displays complete information for application event logs from Windows devices for

you to detect occurrences or problems. Ability to set filters by event type.

Settings:

Event Type - Collect errors, warnings and/or information logs. Use Ctrl to select more than one

log file type.

Receives and displays complete information for security event logs from Windows devices for you

to detect occurrences or problems. Ability to set filters by event type..

Receives and displays complete information for system event logs from Windows devices for you

to detect occurrences or problems. Ability to set filters by event type.

Settings:

Event Type - Collect errors, warnings and/or information logs. Use Ctrl to select more than one

log file type.

p70

© PacketTrap Networks 2008

Monitors network interface performance for a device by showing the percent of capacity or

throughput. Tracks the inbound and outbound traffic for each network interface in the device.

Provides Netstat information of active connections and their state for a device.

Provides IP configuration details like IP Address, Subnet Mask, and Default gateway for a device

Creates a TCP client and attempts to connect to the defined port to determine if port is opened or

closed.

Settings:

Timeout (ms) - Designates the maximum amount of time in milliseconds that the connection

will wait for a response from the target.

Selected Ports - Enter the ports to be monitored. Seperate ports by a comma.

Automatically backup configurations files for your Cisco routers and switches. Config files can be

viewed and compared all in the same interface.

Settings:

Timeout (ms) - Designates the maximum amount of time in milliseconds that the connection

will wait for a response from the target.

Backup - Select running config and startup config

Credential - Use telnet/SSH credential when available

Ability to monitor wireless networks and gain visibility into wireless access points, clients and

sessions. Monitors key variables on access points, including signal strength and quality.

Was this information helpful to you?

p71

© PacketTrap Networks 2008

Devices is an easy way for you to add or remove devices from a policy with a simple click.

Provides a catalog of devices for you to add one or many of them to a policy.

Allows you to remove a device(s) from a policy. Highlight the device and select the remove button.

Allows you to remove all devices in a policy. A helpful utility when there are many devices.

Was this information helpful to you?

p72

© PacketTrap Networks 2008

Perspective™ automatically notifies you when network performance degrades, allowing you to fix problems before any

impact on user and customer experience. Through a simple wizard, you can configure alerts for multiple conditions that

meet the needs of your network. Perspective™ monitors network events, traffic, and conditions to create a performance

baseline which ensures that you don’t get inundated with false-positive alerts from normal network activity. Additionally,

Perspective™ can automatically escalate critical alerts until the problem is resolved and can suppress alerts for scheduled

network maintenance.

you wish to send the email alert to in the To and CC fields.

Allows you to set the performance thresholds for monitors at which alerts are triggered. Conditions

can be set for all the monitors in Perspective.

Note: A condition will only work if the associated monitor is enabled for a device. For example, the

CPU montitor must be enabled for an alert to work on CPU over 90%.

Conditions include: Processor, Disk %, Disk Free Size, Process Status, Memory, Av erage

Latency, Average Packet Loss, Syslog, Win Service Status, Program Found / Not Found, Active

Directory Counters, SQL Server Counters, Exchange 2007 Counters, Exchange 2003 Counters,

Exchange 2000 Counters, Application Event Log, System Event Log, Network Adapter Status,

SMTP, POP3, HTTP, Ports and Cisco Config.

Persepctive can take actions on a device for you if the conditions are met. The inventory of

actions includes for Windows: Start Service, Stop Service, Pause Service, List Services, Creat

Process, Kill Process, List Process, List Process Top Cpu Usage, List Process Top Memory

Usage, List Process Top Read from Disk, List Process Write to Disk, List Network Statistics,

Shutdown Restart, IP Config Info for Host, Route Table Info for Host

Linux: Start Linux Process, Kill, Linux process, List Active Connections, List Daemon Processes,

List Directory Details, List File System Details, List Installed Packages, List IP Config Details, List

Memory Status, List Network Statistics, List Routing Table, List Running Processes, List Top Cpu

Details, Shutdown Linux

p73

© PacketTrap Networks 2008

Allows for notification to be sent when an alert has not been reset or addressed for a specific

period of time. For example, if an alert is not reset after 30 minutes, send another notification to

the entire IT Department.

Allows you to set the performance thresholds that need to be met in order for an alert to be reset.

This helps you ensure that the device is back to optimal performance.

Was this information helpful to you?

p74

© PacketTrap Networks 2008

Perspective can execute scheduled actions automatically to restore services when a failure occurs, including restarting

applications and windows services, or rebooting servers. Network administrators can focus more time on

revenue-generating initiatives by automating remediation in Perspective.

Add details regarding the action.

Select checkboxes for Enabled will enable or disable the action.

Notify on Start - Perspective will send email when the action starts and inform you of the condition

that has been met.

Stop on Failure - Checking this box will send a notification to inform that the action will be stopped

due to reset conditions being satisfied.

Notify On Finish - Selecting this option will send email to inform when the action has been

completed.

Configure the To and CC addresses that will receive the action notifications.

Set the desired interval for the notification emails.

Start Service, Stop Service, Pause Service, List Services, Creat Process, Kill Process, List

Process, List Process Top Cpu Usage, List Process Top Memory Usage, List Process Top Read

from Disk, List Process Write to Disk, List Network Statistics, Shutdown Restart, IP Config Info for

Host, Route Table Info for Host

Start Linux Process, Kill, Linux process, List Active Connections, List Daemon Processes, List

Directory Details, List File System Details, List Installed Packages, List IP Config Details, List

Memory Status, List Network Statistics, List Routing Table, List Running Processes, List Top Cpu

Details, Shutdown Linux .

p75

© PacketTrap Networks 2008

Allows the user to configure created actions.

Remove selected action.

Remove all actions for the current policy.

Was this information helpful to you?

p76

© PacketTrap Networks 2008

Perspective Reports enables you to generate reports for all collected network data. Any report can instantly be printed,

emailed, and saved. You can drill down into specific time periods or events or change chart type with a single click – a

feature that is particularly useful when troubleshooting issues. Leveraging the report scheduler, email reports on a daily,

weekly or monthly basis to colleagues and executive management.

Was this information helpful to you?

p77

© PacketTrap Networks 2008

Was this information helpful to you?

p78

© PacketTrap Networks 2008

or

Was this information helpful to you?

p79

© PacketTrap Networks 2008

Was this information helpful to you?

p80

© PacketTrap Networks 2008

Was this information helpful to you?

p81

© PacketTrap Networks 2008

Was this information helpful to you?

p82

© PacketTrap Networks 2008

Was this information helpful to you?

p83

© PacketTrap Networks 2008

Period.

p84

© PacketTrap Networks 2008

Was this information helpful to you?

p85

© PacketTrap Networks 2008

Perspective Administrations provides you with many of the configurations options that you need to customize Perspective for

your network.

Was this information helpful to you?

p86

© PacketTrap Networks 2008

Perspective Performance Baseline automatically analyzes collected data to identify changes in network behavior and

establishes a baseline that represents the regular and expected activity of a device and network. The established baseline

accurately reflects your organization’s use of the IT infrastructure by taking into account patterns and variations in usage –

for example, increased processor utilization on Monday mornings at 9:00am. Performance Baseline continuously logs

subsequent activity of a device and compares it to baseline. Once irregular behavior is detected, Perspective produces a

qualified alert that contains details to be used as a starting point to help guide the troubleshooting and remediation process.

to repair

Step 1: Determine the number of weeks you would like to calculate baseline from. This setting can range from 1 to 4 weeks.

Any alerts based on performance baseline will start enacting after one week of data collection and analysis, even if your

performance baseline is set for 4 weeks.

Step 2: Determine the week day groupings. You can group the days of the week to make baselines more accurate and

reflect how the network is utilized in your company. To group any set of days, simply give those days the same number. For

example, if your network load is the same Monday to Friday but lower on the weekends, then set Monday to Friday to the

same number (e.g.1) and set Saturday and Sunday to a different number (e.g 2). To have each day be its own baseline, set

each day to a different number (e.g. 1 - 7).

Note: All settings take effect immediately, and can be changed at any time.

Was this information helpful to you?

p87

© PacketTrap Networks 2008

Your PacketTrap Perspective comes with a robust software updating system that ensures the product is always running the

latest and great software release.

Step 1: Lauch the Check for Updates utility and it will automatically look for new software updates.

Step 2: If new updates are found, simply select Download the update. Perspective will provide details of version, size,

release date, notes and the download status.

Step 3: Select Install the Update. The software update will now be applied to your Perspective. Once complete, the local and

any remote studios will automatically be updated the next time they connect to Perspective.

Was this information helpful to you?

p88

© PacketTrap Networks 2008

by all tools and gadgets which require them. It uses standard AES 256-bit encryption.

configuration of each of the three choices displayed is described in the following three sections.

you wish the characters to be obfuscated.

for any relevant tool or gadget.

name in the text box.

protocol being defined.

being defined.

p89

© PacketTrap Networks 2008

Step 6: Enter the name of your Domain.

Step 7: Enter your User Name for the Domain.

p90

© PacketTrap Networks 2008

Was this information helpful to you?

p91

© PacketTrap Networks 2008

PacketTrap Perspective has the capability to email alert notifications and scheduled reports. These are critical components

for any IT department to make sure they are aware of any issues immediately. Thus it is important that you configure your

SMTP settings as soon as possible.

Step 1: Assign a Configuration Name.

Step 2: Assign the From Email Address. If email will only be sent to internal email addresses, then the From email address

can be fake. (e.g. Perspective@yourcompany.com) If email will also be sent to external email addresss like Gmail, then the

From email must be a valid email address.

Step 3: Configure the SMTP Server and Port. By default, Perspective is set for Port 25.

Step 4: Enter your Logon User Name and Password.

Step 5: If your email server requires secure password authentication (SPA), then enable by select the checkbox.

Step 6: Save your SMTP Settings.

Step 7: Select Test Account Settings. Enter an email address to verify that you have configured it properly. A test email will

be delivered to the email account.

Was this information helpful to you?

p92

© PacketTrap Networks 2008

Perspective gives you control over what users can and cannot do on the system. User accounts are configured for which

type of information is displayed in the Perspective Studio for an individual user or group of people. In addition user accounts

have email address for integration to alert notifications and scheduled reports. This layer of security ensures that the right

people have access to the right information.

Step 1: Select New to add a new user to Perspective.

Step 2: Enter the User Details of Name, Password and Privileges

Step 3: Save.

Step 4: Send the new user a link to download the Perspective Studio.

Was this information helpful to you?

Perspective integrates seamlessly with the award-winning Network Engineer’s pt360 Tool Suite. The pt360 Tool Suite

consolidates dozens of network diagnostic tools into a single, integrated solution. The tool suite includes Ping utilities, Switch

Port Mapper, Cisco configuration management, traffic generator, TFTP Server, and many more useful tools. The pt360 Tool

Suite is a perfect complement to the extensive real-time monitoring provided by Perspective.