4D Server
This probe attempts to connect to a 4D server listening on port 19813. If the response contains the database name, the probe exits with OKAY status; if not, the result is WARN. If no response arrives within timeout, the probe exits with a WARN status.
Parameters
database name - The name of the database to query.
timeout - Number of seconds to wait for response.
Filename: com.dartware.tcp.4D
Version: 1.6
This probes monitors an Apache Web Server with the Apache Status module enabled (mod_status). The Apache Status module allows a server administrator to find out how well an Apache server is performing. This probe reads output of provided by the Status module that presents the current server statistics, using the ?auto parameter.
To enable status reports for this probe, add this code to the httpd.conf file on the target server:
<Location /server-status>
SetHandler server-status
Order Deny,Allow
Deny from all
Allow from InterMapper-Address
</Location>
This probe supports the Apache ExtendedStatus directive, if enabled.
Parameters
Host Name - Name of the host server
URL Path - Path to the server status page
User ID - Server administrator username
Password - Administrator password
Filename: com.dartware.tcp.apache.txt
Version: 1.1
AppleShareIP
The file-sharing protocol used by Apple computers over TCP/IP. The default TCP port number for AppleShareIP connections is port 548.
This TCP probe connects to the AppleShareIP port and issues a "Get Server Info" request. If the the probe does not receive the expected response, the device's status is set to Down.
This probe sends a request; it does not actually create an AppleShare session.
Parameters
None.
Filename: com.dartware.tcp.appleshareip
Version: 1.6
AFP
This TCP probe queries a Mac OS X Server installation for various details about its Apple File Sharing using the Server Admin port and protocol.
Sends a request for status information via an HTTPS post to the Server Admin port and parses an XML response.
Parameters
User - the name of any user on the specified server. An admin user is not required.
Password - the user's password.
Note: The implementation of this probe uses OpenSSL on MacOS X.
Filename: com.dartware.tcp.osxserver.afp.txt
Version: 1.0
FTP
This TCP probe queries a Mac OS X Server installation for various details about its FTP Server using the Server Admin port and protocol.
Sends a request for status information via an HTTPS post to the Server Admin port and parses an XML response.
Parameters
User - the name of any user on the specified server. An admin user is not required.
Password - the user's password.
Note: This probe uses OpenSSL on MacOS X.
Filename: com.dartware.tcp.osxserver.ftp.txt
Version: 1.0
Info
This TCP probe queries a Mac OS X Server installation for various details using the Server Admin port and protocol.
Sends a request for status information via an HTTPS post to the Server Admin port and parses an XML response.
Parameters
User - the name of any user on the specified server. An admin user is not required.
Password - the user's password.
Note: The implementation of this probe uses OpenSSL on MacOS X.
Filename: com.dartware.tcp.osxserver.info.txt
Version: 1.0
NAT
This TCP probe queries a Mac OS X Server installation for various details about its NAT service using the Server Admin port and protocol.
A request for status information is made via an HTTPS post to the Server Admin port. The server responds with XML data that is then parsed by the probe.
Parameters
User - the name of any user on the specified server. An admin user is not required.
Password - the user's password.
Note: The implementation of this probe uses OpenSSL on MacOS X.
Filename: com.dartware.tcp.osxserver.nat.txt
Version: 1.0
This TCP probe queries a Mac OS X Server installation for various details about its Print Server using the Server Admin port and protocol.
Sends a request for status information via an HTTPS post to the Server Admin port and parses an XML response.
Parameters
User - the name of any user on the specified server. An admin user is not required.
Password - the user's password.
Note: The implementation of this probe uses OpenSSL on MacOS X.
Filename: com.dartware.tcp.osxserver.print.txt
Version: 1.0
QTSS
This TCP probe queries a Mac OS X Server installation for various details about its QuickTime Streaming Server using the Server Admin port and protocol.
Sends a request for status information via an HTTPS post to the Server Admin port and parses an XML response.
Parameters
User - the name of any user on the specified server. An admin user is not required.
Password - the user's password.
Note: The implementation of this probe uses OpenSSL on MacOS X.
Filename: com.dartware.tcp.osxserver.qtss.txt
Version: 1.0
Web
This TCP probe queries a Mac OS X Server installation for various details about its Web Server using the Server Admin port and protocol.
Sends a request for status information via an HTTPS post to the Server Admin port and parses an XML response.
Parameters
User - the name of any user on the specified server. An admin user is not required.
Password - the user's password.
Note: The implementation of this probe uses OpenSSL on MacOS X.
Filename: com.dartware.tcp.osxserver.web.txt
Version: 1.0
RTMP
This probe sends an AppleTalk RTMP RDR Request query of type 3, and waits for a RTMP response.
Parameters
None.
Filename: com.dartware.rtmp
Version: 1.6
Xserve G4
This TCP probe queries an Xserve G4 for various details using the Server Monitor port and protocol.
Note: It is compatible Xserve G4s running Mac OS X 10.3.9 and earlier. For Xserves running 10.4 or later, please choose the Xserve Tiger probe.
Sends a request for status information via an HTTPS post to the Server Monitor port and parses an XML response.
Parameters
User - the name of any user on the specified server.
Password - the password for the specified user.
OS Version - the version of Mac OS X Server running on the Xserve.
The remaining options let you display or ignore data in the response. These options correspond to tabs in the Server Monitor application on Mac OS X Server.
Info - general information about the server, such as amount of RAM, and OS name, and version.
Drives - information about the drives installed on the server. Includes the manufacturer, model, and capacity of each drive.
Power - information about the power supply.
Network - Includes the hardware address, IP address, traffic information, and type of each interface.
Temperature - the ambient temperature of the server.
Blowers - information on the speed of the server's cooling fans.
Security - the state of the security lock and the enclosure.
Note: The implementation of this probe uses OpenSSL on MacOSX.
Filename: com.dartware.tcp.xserve.details
Version: 1.0
Xserve G5
This TCP probe queries an Xserve G5 for various details using the Server Monitor port and protocol.
Sends a request for status information via an HTTPS post to the Server Monitor port and parses an XML response.
Parameters
User - the name of any user on the specified server.
Password - the password for the specified user.
The remaining options let you display or ignore data in the response. These options correspond to tabs in the Server Monitor application on Mac OS X Server.
Info - general information about the server, such as amount of RAM, and OS name, and version.
Drives - information about the drives installed on the server. Includes the manufacturer, model, and capacity of each drive.
Power - information about the power supply.
Network - Includes the hardware address, IP address, traffic information, and type of each interface.
Temperature - the ambient temperature of the server.
Blowers - information on the speed of the server's cooling fans.
Security - the state of the security lock and the enclosure.
Note: The implementation of this probe uses OpenSSL on MacOSX.
Filename: com.dartware.tcp.xserve.g5.txt
Version: 1.0
Xserve RAID
This TCP probe queries an Xserve RAID for various details using the RAID Admin port and protocol.
Sends a request to an Xserve Raid via an HTTPS post via a series of HTTP POSTs and parses an XML responses.
Parameters
Password - the RAID administrator's monitoring password.
Filename: com.dartware.tcp.xserve.raid.txt
Version: 1.0
Xserve Tiger (PPC)
This probe queries an Xserve running Mac OS X 10.4 using the Server Monitor port and protocol. Because of this, the probe requires an administrators name and password in order to access the information. Due to significant hardware differences, there are separate probes for G4 Xserves, G5 Xserves, and Intel Xserves.
Apple has pre-configured several thresholds for various properties, such as temperatures, blower speeds, and power supply values. The Server Monitor protocol specifies when any of these thresholds are exceeded and the error message and status are reflected by this probe.
Sends a request for status information via an HTTPS post to the Server Monitor port and parses an XML response.
Parameters
User - the name of any user on the specified server.
Password - the password for the specified user.
The remaining options let you display or ignore data in the response. These options correspond to tabs in the Server Monitor application on Mac OS X Server.
Info - general information about the server, such as amount of RAM, and OS name, and version.
Drives - information about the drives installed on the server. Includes the manufacturer, model, and capacity of each drive.
Power - information about the power supply.
Network - Includes the hardware address, IP address, traffic information, and type of each interface.
Temperature - the ambient temperature of the server.
Blowers - information on the speed of the server's cooling fans.
Security - the state of the security lock and the enclosure.
Note: The implementation of this probe uses OpenSSL on MacOSX.
Filename: com.dartware.tcp.xserve.tiger.txt
Version: 1.0
Barracuda HTTP
This TCP probe queries a Barracuda Spam Firewall for various performance statistics.
The BASIC->Status page of the Administrators interface is retrieved via HTTP.
Parameters
User - Firewall administrator name.
Password - Firewall administrator password.
Port - Firewall's Web Interface HTTP Port as set on the BASIC->Administration page.
Thresholds
Set thresholds as follows:
In/Out Queue Size - The returned value should normally be less than 100. An In or Out Queue value that consistently exceeds 100 for more than 30 minutes may indicate a problem that needs attention.
Note: The returned value may rise temporarily, then go back down after 10 or 15 minutes.
- For the Inbound Queue, this is normal behavior, but can also be the result of an orchestrated attack. The Barracuda attempts to read as many messages as it can, which results in a slower processing rate, which in turn increases the number of messages in the queue.
- For the Outbound Queue, an increase usually indicates that the destination server is unavailable or the local DNS is not functioning properly.
Recommended settings:
- A value exceeding 100 for more than 15 minutes should result in a Warning.
- A value exceeding 500 for more than 30 minutes should result in an Alarm.
Average Latency - The average time, in seconds, to receive, process and deliver the last 30 messages. The value should normally be below 50 seconds. If the latency consistently exceeds 50 seconds for more than 30 minutes may indicate a problem that needs attention. Sometimes the value will rise temporarily and then go back down after 10 or 15 minutes. This is normal behavior.
Recommended settings:
- A value exceeding 50 seconds for more than 15 minutes should result in a Warning.
- A value exceeding 150 seconds for more than 30 minutes should result in an Alarm.
Last Message - The time, in minutes, since the last message was received. For a busy machine, this value should normally be less than 5 minutes. A value consistently exceeding 20 minutes for more than 30 minutes may indicate a problem that needs attention. Sometimes the value will rise temporarily and then go back down after 2 or 3 minutes. This is normal behavior.
Recommended settings:
- A value exceeding 15 minutes should result in a Warning.
- A value exceeding 30 minutes should result in an Alarm.
CPU 1/CPU 2 Fan Speed - Should be between 3,000 and 5,000 (RPM)
Recommended settings:
- A value for either CPU fan that falls below 2500 should result in a Warning.
- A value for either CPU fan that falls below 500 should result in an Alarm.
Firmware Storage - Typical value (in percent) is 60 - 80%. A value above 80% usually means that a debug file needs to be deleted. This can be done on a non-emergency basis.
Recommended settings:
- A value above 80% should result in a Warning.
- A value above 90% should result in an Alarm.
Mail/Log Storage - - Typical value (in percent) is 1 - 70%.
Recommended settings:
- A value above 70% should result in a Warning.
- A value above 80% should result in an Alarm.
System Load - The system's load (in percent.) During normal operation, this value can vary wildly, anywhere between 1 and 100%. A value that remains at 100% for more than 2 hours may indicate a problem that needs attention. The value may rise temporarily, then go back down after 2 or 3 minutes. This is normal behavior.
Recommended settings:
- A value above 80% for more than 1 hour should result in a Warning.
- A value above 90% for more than 3 hours should result in an Alarm.
CPU Temperature - Should be between 40 and 70 degrees C
Recommended settings:
- A value above 70 degrees C for more than 30 minutes should result in a Warning.
- A value above 80 degrees C for more than 1 hour should result in an Alarm.
Filename: com.dartware.tcp.barracuda.http.txt
Version: 3.1
Barracuda HTTPS
This TCP probe queries a Barracuda Spam Firewall for various performance statistics.
The BASIC->Status page of the Administrators interface is retrieved via HTTPS.
Parameters
User - Firewall administrator name.
Password - Firewall administrator password.
Port - Firewall's Web Interface HTTP Port as set on the BASIC->Administration page.
Thresholds
Set thresholds as follows:
In/Out Queue Size - The returned value should normally be less than 100. An In or Out Queue value that consistently exceeds 100 for more than 30 minutes may indicate a problem that needs attention.
Note: The returned value may rise temporarily, then go back down after 10 or 15 minutes.
- For the Inbound Queue, this is normal behavior, but can also be the result of an orchestrated attack. The Barracuda attempts to read as many messages as it can, which results in a slower processing rate, which in turn increases the number of messages in the queue.
- For the Outbound Queue, an increase usually indicates that the destination server is unavailable or the local DNS is not functioning properly.
Recommended settings:
- A value exceeding 100 for more than 15 minutes should result in a Warning.
- A value exceeding 500 for more than 30 minutes should result in an Alarm.
Average Latency - The average time, in seconds, to receive, process and deliver the last 30 messages. The value should normally be below 50 seconds. If the latency consistently exceeds 50 seconds for more than 30 minutes may indicate a problem that needs attention. Sometimes the value will rise temporarily and then go back down after 10 or 15 minutes. This is normal behavior.
Recommended settings:
- A value exceeding 50 seconds for more than 15 minutes should result in a Warning.
- A value exceeding 150 seconds for more than 30 minutes should result in an Alarm.
Last Message - The time, in minutes, since the last message was received. For a busy machine, this value should normally be less than 5 minutes. A value consistently exceeding 20 minutes for more than 30 minutes may indicate a problem that needs attention. Sometimes the value will rise temporarily and then go back down after 2 or 3 minutes. This is normal behavior.
Recommended settings:
- A value exceeding 15 minutes should result in a Warning.
- A value exceeding 30 minutes should result in an Alarm.
CPU 1/CPU 2 Fan Speed - Should be between 3,000 and 5,000 (RPM)
Recommended settings:
- A value for either CPU fan that falls below 2500 should result in a Warning.
- A value for either CPU fan that falls below 500 should result in an Alarm.
Firmware Storage - Typical value (in percent) is 60 - 80%. A value above 80% usually means that a debug file needs to be deleted. This can be done on a non-emergency basis.
Recommended settings:
- A value above 80% should result in a Warning.
- A value above 90% should result in an Alarm.
Mail/Log Storage - - Typical value (in percent) is 1 - 70%.
Recommended settings:
- A value above 70% should result in a Warning.
- A value above 80% should result in an Alarm.
System Load - The system's load (in percent.) During normal operation, this value can vary wildly, anywhere between 1 and 100%. A value that remains at 100% for more than 2 hours may indicate a problem that needs attention. The value may rise temporarily, then go back down after 2 or 3 minutes. This is normal behavior.
Recommended settings:
- A value above 80% for more than 1 hour should result in a Warning.
- A value above 90% for more than 3 hours should result in an Alarm.
CPU Temperature - Should be between 40 and 70 degrees C
Recommended settings:
- A value above 70 degrees C for more than 30 minutes should result in a Warning.
- A value above 80 degrees C for more than 1 hour should result in an Alarm.
Filename: com.dartware.tcp.barracuda.https.txt
Version: 3.1
Big Brother Probe
This probe lets you use InterMapper as a Big Brother "BBDISPLAY" to collect information sent by Big Brother clients.
Parameters
Purple Time - sets the number of minutes to wait without a report before indicating a problem. In an actual Big Brother server, this is thirty minutes; Big Brother shows a device as purple if it goes this long without a report from the device. This probe shows it as DOWN.
Filename: com.dartware.bigbrother
Version: 1.7
BlitzWatch
This probe monitors the performance of a BlitzMail server.
BlitzMail is a TCP/IP-based client-server electronic mail system developed at Dartmouth College. In the BlitzMail system, all mail and mail preferences are stored on one or more BlitzMail servers, giving a user access to email from anywhere.
This probe provides a simple view into the current state of a single BlitzMail server, showing simultaneous user count, CPU utilization, and disk transfer statistics.
Parameters
None.
Filename: com.dartware.blitzwatch
Version: 1.6
Citrix Server
This probe connects to a Citrix server, using default port 1494. It checks for the presence of the string "ICA" in the response, which indicates that the Citrix server is running.
This probe sets the device to Alarm if:
- a disconnect is received unexpectedly.
- doesn't receive a response within 30 seconds after connecting
- the response doesn't contain the string "ICA"
Parameters
None.
Filename: com.dartware.tcp.citrix.txt
Version: 1.2
IMAuth
This TCP probe queries an InterMapper DataCenter server to verify that IMAuth is configured and running on that server. This only works with InterMapper DataCenter 5.1 or later.
Parameters
User - the DataCenter admin user's name.
Password - the DataCenter admin user's password.
Port - the port the DataCenter server listens on.
Filename: com.dartware.tcp.imauth
Version: 0.4
IMDatabase
This TCP probe queries an InterMapper DataCenter server to verify that IMDatabase is configured and running on that server. This will only work when run against InterMapper DataCenter 5.1 or later.
Parameters
User - the DataCenter admin user's name.
Password - the DataCenter admin user's password.
Port - the port the DataCenter server listens on.
Filename: com.dartware.tcp.imdatabase
Version: 0.4
DND Protocol
The protocol used to lookup directory entries and validation information in a DND server. The DND is a centralized authentication/directory service developed at Dartmouth College. The default TCP port number for DND connections is port 902.
Parameters
Name - the name to look up in the DND.
Filename: com.dartware.tcp.dnd
Version: 1.7
FileMaker Pro
This probe attempts to connect to a Filemaker Pro database server. By default, the port is 5003. If successful, device status is set to Okay.
Parameters
None.
Filename: com.dartware.tcp.filemaker
Version: 1.7
FirstClass Server
This probe connects to a FirstClass mail server. It sends two carriage returns, and expects to receive the specified banner; the default contains "FirstClass System". By default, it listens on port 510.
Parameters
Banner - Expected text string.
Port - Port to send on.
Filename: com.dartware.tcp.firstclass
Version: 1.7
KeyServer
This probe tests the operation of Sassafras Software's KeyServer via TCP/IP. KeyServer is a software license management tool for Windows, Macintosh and thin-client based computers.
The probe sends a proprietary status request to the KeyServer -- a full description is available from Sassafras Software. By default, the server accepts UDP requests on port 19283.
KeyServer is a registered trademark of Sassafras Software.
Parameters
None.
Filename: com.dartware.keyserver
Version: 1.6
Lotus Notes
Lotus Notes uses Port 1352 for its Remote Procedure Call and Notes Replication.
This probe attempts to establish a connection to port 1532, assumed to be a Lotus Notes server. If the connection is successful, the device's status is set to Okay; otherwise, it is set to Down.
Parameters
None.
Filename: com.dartware.tcp.lotusnotes
Version: 1.4
MeetingMaker
The MeetingMaker server listens on port 649. This probe attempts to connect and exits with OKAY status if successful.
Parameters
None.
Filename: com.dartware.tcp.meetingmaker
Version: 1.5
DHCP Lease Check
This probe monitors the count of free DHCP leases on a Microsoft DHCP server. If the count goes below the specified thresholds, the device enters ALARM or WARNING state.
The check is specific to a scope.
Parameters
Scope - The DHCP scope to check (e.g., "192.168.1.0").
Free Lease Warning - The number of remaining leases at which the device enters WARNING state.
Free Lease Alarm - The number of free leases remaining at which the device enters ALARM state.
Free Lease Critical - The number of free leases remaining at which the device enters CRITICAL state.
View the DHCP scope table - Click to view a list of available scopes, along with information about in-use lease, free lease, and pending offers.
Filename: com.dartware.snmp.dhcpcheck.txt
Version: 0.4
NT Services
This probe monitors the state of one or more services on a Windows-based machine, Windows NT 4.0 and newer. InterMapper uses the Service Control Manager (SCM) to retrieve the information about the specified services. This probe works only if the InterMapper server is running on a Windows computer.
Parameters
Services to Monitor - The list of services to be monitored. In the status window, services with green icons are currently running; those with red icons are stopped.
InterMapper monitors services whose boxes are checked. For a single machine, choose from all the services on the machine. For multiple machines, choose from those services common to all of the machines.
Username - The name of an administrative user on the machine being probed. InterMapper uses this username to log into the target machine to query the Service Control Manager.
Password - The password for the specified user.
If Username and Password are left blank, the user credentials under which InterMapper is running will be used.
Note: In order for this probe to operate, InterMapper must be running as an administrative user, or you must supply an adminsitrator username and password for in the NT Services panel in Server Settings. This allows InterMapper to elevate its privileges temporarily.
Filename: com.dartware.ntsvcs.std
Version: 1.9
SQL Server Query
This probe establishes an ADO (ActiveX Data Object) connection to a Microsoft SQL Server running on the target host. It issues the specified query and displays the returned fields. If no records are returned, the device status is set to Critical.
Parameters
Query - contains the SQL query to send. It should be enclosed in double-quotes. Using the "TOP" keyword in your query improve the response to the query. You may want to specify specific columns in your query and include a "WHERE" or an "ORDER BY" clause.
Rows and Columns - let you limit the output of your query. Enter the number of "Columns" and the number of "Rows" records of the query you want to view.
Instance - specifies the SQL Server instance on the target host the query is sent to. If you wish to query the default server instance, leave this field blank.
Database - specifies the database on the target instance to query.
User - can be an SQL Server user on the target host, or may take the form of "domain\user" for a domain login. Leave it blank to use integrated authentication. The specified user must have dbreader privileges to the database.
Timeout (sec) - allows you to override the device's specified timeout.
InterMapper invokes the sql_query.vbs script, included with this probe.
Filename: com.dartware.cmd.sql_query.txt
Version: 1.4
Nagios NRPE
The NRPE ("Nagios Remote Plugin Executor") protocol defines a way to execute Nagios plugins on remote machines. After you install a Nagios NRPE daemon and and one or more Nagios plugins on a remote machine, InterMapper uses the following procedure to retrieve the status of that machine.
- Establish an encrypted SSL/TLS connection to the remote NRPE daemon
- Request that a specific Nagios plugin be executed
- Receive the response from the plugin
- Parse the response and display the state of that machine.
The NRPE daemon uses a configuration file (nrpe.cfg) that has command definition entries in this form:
command[check_swap]=/usr/local/nagios/libexec/check_swap -w 20% -c 10%
When the NRPE daemon receives a request to run the "check_swap" plugin, it issues the command above.
Parameters
Nagios Plugin - tells which plugin to execute. It must match one of the command definitions in the nrpe.cfg file (the text within square brackets [ ... ]). To test the connection from InterMapper to the NRPE daemon, set Nagios Plugin to the value "_NRPE_CHECK".
For information about installing an NRPE daemon, see the NRPE Documentation (at http://nagios.sourceforge.net/docs/nrpe/NRPE.pdf), especially the section on Remote Host Configuration. Nagios and the Nagios logo are registered trademarks of Ethan Galstad. For more information, see http://www.nagios.org.
Filename: com.dartware.tcp.nrpe.txt
Version: 1.2