.. _arbitrator-configuration:
Configuration
=================
.. _SP23|New config screen added to allow customer ndx file retention times. Default is 6 months.:
.. _SP23|New PRI and SIP Trunk probes for Cisco Voice Gateways. Please reference Arbitrator Cisco PRI and SIP Probe Configuration for instructions.:
.. _SP25|Webex API support added (Requires Dashboard SP66 Release for visualization).:
.. _22.1|VOSS-934:
.. _22.1|EKB-12298:
.. _22.2|EKB-13343:
.. _23.1|EKB-13157:
.. _23.1|EKB-15145:
.. _23.1|VOSS-986:
.. _23.1|VOSS-1153:
The menu bar at the top of the screen provides options to navigate to each
of the configuration sections. Each will be covered in its own section of
this guide.
* :ref:`arbitrator-policy-configuration`
* :ref:`arbitrator-asset-configuration`
* :ref:`arbitrator-probe-configuration`
* :ref:`arbitrator-controls`
* :ref:`arbitrator-response-procedure-configuration`
* :ref:`arbitrator-credential-configuration`
* :ref:`arbitrator-customer-configuration`
* :ref:`arbitrator-access-control`
* :ref:`arbitrator-import-export`
* :ref:`arbitrator-archive-management`
* :ref:`arbitrator-log-management`
* :ref:`arbitrator-tools`
|
.. image:: /src/images/assurance-correlation-image7.png
|
.. _arbitrator-policy-configuration:
Policy Configuration
--------------------------
Polices are a modular groupings of correlation rules, actions and response
procedures that define how to respond to certain situations that happen on
the monitored systems. Policies are usually system and manufacturer
specific but can contain custom scripts for actions and response
procedures. Each policy will also contain several correlation rules that
are designed to create Alerts based on the best practices of that
particular system manufacturer. These alerts can apply to:
* Business Processes
* Infrastructure
* Security
* Applications
* Unified Communications
* Network behavior
* Metrics and Threshold Violations
|
.. image:: /src/images/assurance-correlation-image3.png
|
Correlation Rules
.................
A Correlation rule extracts data from the various sources and then defines
the parameters for Alert creation within a Policy. It may contain 1 or
more Correlation Definitions along with specific actions and Response
Procedures. Each correlation rule consists of the following parameters:
.. tabularcolumns:: |p{4.5cm}|p{10.5cm}|
+--------------+------------------------------------------------------------------+
| Parameter | Description |
+==============+==================================================================+
| Name | Descriptive name for the correlation rule which will be |
| | displayed within an Alert and viewed in Alert Analyzer. |
+--------------+------------------------------------------------------------------+
| | Enter a complete description of the problem that created the |
| Description | alert along with any specific remediation steps that should |
| | be taken to resolve the problem. |
+--------------+------------------------------------------------------------------+
| | Simple: Select if the rule is to analyze a single log and as |
| | a result of the rule, you want to execute an action. |
| | |
| | Compound: Select if the rule is to correlate more than one |
| | log, the results of another correlated event or multi-tiered |
| | rules. A compound rule can be one or more simple rules that |
| | feed into one primary rule, or it can come directly from the |
| | source. |
| Type | |
| | Unique: Same as Simple but as a definition will be the only one. |
+--------------+------------------------------------------------------------------+
| Threshold | Selects how many times this rule is to match before an |
| | action occurs. |
+--------------+------------------------------------------------------------------+
| Window | Select the time window for the rule to match before an |
| | action occurs. |
+--------------+------------------------------------------------------------------+
.. tabularcolumns:: |p{4.5cm}|p{10.5cm}|
+-------------------+------------------------------------------------------------------+
| Parameter | Description |
+===================+==================================================================+
| Severity | Indicates what is to appear in the Status field on the Alert |
| | Viewer monitor. |
| | |
| | Select the severity for this rule: |
| | |
| | * Informational |
| | * Minor |
| | * Major |
| | * Critical |
+-------------------+------------------------------------------------------------------+
| Action | Choose the action that is to occur for this rule, based on |
| | the selection in the Severity field |
| | |
| | * Respond - If the condition is met, set a marker and send |
| | an alert. |
| | * Track - If the condition is met, track the event, but do |
| | not post it to the Alert Analyzer. |
| | * Track/Respond - If the condition is met, send an alert |
| | and continue to monitor. |
| | * Respond on Expire – If the condition is met, wait to |
| | send an alert until the window time has expired. If you want |
| | the policy/rule to only alert after an application does not |
| | respond, based on the setting (for example, to ping 9 times |
| | in 10 minutes), choose **Track and Respond**. For the |
| | example in this case, the alert triggers as soon as it sees 9 |
| | ping failures. This setting (Respond on Expire) does not |
| | track. |
| | * Submit - Submit the results of a correlation event back |
| | into the Correlation Engine so that the behavior can be |
| | analyzed and re- correlated. |
| | * Submit/Respond - Submit this alert back into the |
| | Correlation |
| | |
| | Engine so that the event can be analyzed and re-correlated. |
| | Then set a marker and send an alert. |
+-------------------+------------------------------------------------------------------+
| | For any rule that is satisfied, an Incident Response |
| | Procedure occurs and an event is posted to the Alert |
| Response | Analyzer. Select the Response Procedure from the drop-down |
| Procedure | menu to execute when conditions have been met. |
+-------------------+------------------------------------------------------------------+
| Definition Output | Selects a single Correlation Definition's extracted |
| | value to be displayed with the Alert. |
+-------------------+------------------------------------------------------------------+
| Enabled | Toggle to enable/disable the rule |
+-------------------+------------------------------------------------------------------+
| | Toggle to enable/disable whether the rule will include |
| Inherit Output | the results of the filter attached to the policy |
| | module. |
+-------------------+------------------------------------------------------------------+
| | Toggle to halt processing of logs to any other rules |
| | within the policy if the rule matches. This will |
| Halt Processing | highlight the Policy in Green to indicate that this |
| | function is in use. |
+-------------------+------------------------------------------------------------------+
| Correlation | Click the wrench icon where you can define one or more |
| Definitions | definitions match and or extract the required data from |
| | a log or event. See Correlation Definitions. |
+-------------------+------------------------------------------------------------------+
| Output Order | Sets the preferred order to output the extracted data |
| | from the Correlation Definitions. |
+-------------------+------------------------------------------------------------------+
| Done | Click the Done box when the rule is complete |
+-------------------+------------------------------------------------------------------+
| Save | Be sure to click the Save button so your rule (or |
| | changes) are saved and committed. |
+-------------------+------------------------------------------------------------------+
|
.. image:: /src/images/assurance-correlation-image4.png
|
Correlation Filters provide a simple way of ensuring that all of
the correlation rules within the policy are firing on the correct set of
data. The engine first looks at the filter criteria, then it selects only the
data that matches the criteria, and then it applies the correlation
rule. You can add as many of these as required.
Each filter has the following options:
===================== ==========================================================================
Filter Option Description
===================== ==========================================================================
Name Provide a name as close as possible to the data elements you wish to
filter. This allows the output to match the name once viewed in the
alert text.
Pattern The extraction method used to pull a particular data point out. Click
the Wrench icon adjacent to the box to launch the **Regex Wizard**,
which helps you to find and extract the data.
The **Regex Wizard** has two sections:
1. Select a Log: In the top section you can search and select the log
or data set you will be utilizing. That will then show up in the
bottom portion under the phrase "Select log from the list above or
paste log here:". You can copy and paste a log into this section
as well.
2. Create Regex: Once you have your log then go to this section. Here
you can use the wizard to create the Regular Expression required.
Close the wizard and copy this pattern the Regex into the box under
Pattern.
Source Field From the drop-down, choose the source from which data is extracted.
Pattern Type From the drop-down, choose the type of expression you want to use:
* String Match
* Regular Expression Match
* Regular Expression Match/Extract (Most Often Used)
* Regular Expression Multi-Valued Extract
Function If the extracted data is integer-based, you can apply the following
functions for comparing data:
* None
* Greater Than
* Less Than
* Same
Value This field is available only if the data extracted is an integer.
===================== ==========================================================================
|
.. image:: /src/images/assurance-correlation-image1.png
|
.. rubric:: Example: Policies and Alerts
Let's say you have a Ping policy that you've set to alert after 10 failures in 20 minutes.
Depending on how you've set up your rules, the following may occur:
* The policy may run against all your assets and trigger an alarm if the cumulative Ping
failure (across all assets) hits 10
* The policy may trigger an alarm for each asset that fails a ping 10 times in 20 minutes
Thus if it sees 10 failures (across all assets) in 20 minutes, an alert is triggered. However,
if you want 10 failures per asset, you need a definition for the IP address, and
set the filter function to **Same**, which defines that when you see 10 failures for the same IP address,
trigger an alert.
You can configure this definition in two ways:
* As a filter on the policy
* As a specific rule definition.
Correlation Definitions
.......................
A Correlation Definition defines what criteria to match within the data.
Each definition will consist of the following parameters:
.. tabularcolumns:: |p{4.5cm}|p{10.5cm}|
+----------------+-----------------------------------------------------------------+
| Parameter | Description |
+================+=================================================================+
| | Name this as close as possible to the data elements being |
| Name | extracted. That way the output matches the name once viewed |
| | in the alert text. It is also utilized in the key value pair |
| | within the alert text. |
| | |
| | This is the extraction methodology utilized to pull the |
| | particular data point(s) out. Simply find the log containing |
| | the data by utilizing the search bar above. Within that log |
| | you can highlight the text you want to extract. Once |
| | highlighted a box will pop up allowing you to name the field |
| | and extract it. This will automatically create the Regex to |
| | extract the data. The highlight method is about 95% accurate. |
| | |
| | If you have trouble with this method due to special |
| | characters in the data set, then you can utilize the "wrench" |
| | icon beside the Pattern box and it will bring up the "Regex |
| | Wizard" to assist in finding and extracting the data. |
+----------------+-----------------------------------------------------------------+
| Pattern | Within the Regex Wizard there are 2 sections: |
| | |
| | * Select a Log: In the top section you can search and |
| | select the log or data set you will be utilizing. That |
| | will then show up in the bottom portion under the phrase |
| | "Select log from the list above or paste log here:". As |
| | the phrase indicates you can copy and paste a log into |
| | this section as well. |
| | * Create Regex: Once you have your log then go to this |
| | section. Here you can utilize the wizard to create the |
| | Regular Expression required. Close the wizard and copy |
| | this pattern the Regex into the box under Pattern. |
+----------------+-----------------------------------------------------------------+
.. tabularcolumns:: |p{4.5cm}|p{10.5cm}|
+----------------+----------------------------------------------------------------------+
| Parameter | Description |
+================+======================================================================+
| Source Field | In the drop-down box select the source from which the data is |
| | being extracted. |
+----------------+----------------------------------------------------------------------+
| | Select from the drop-down box the type of |
| | expression you want to utilize: |
| | |
| Pattern Type | * String Match |
| | * Regular Expression Match |
| | * Regular Expression Match/Extract (Most Often Used) |
| | * Regular Expression Multi-Valued Extract |
| | |
| | .. note:: |
| | |
| | The "Extract" pattern types above will cause the correlation |
| | engine to include the definition name and the matched value in |
| | the Alert Message. |
| | |
| | |
| | |
| | |
| | |
+----------------+----------------------------------------------------------------------+
| Function | The functions below may be used to change what the correlation |
| | engine counts as a "match" in the log. Alerts are only triggered |
| | if the specific number of matches are found. |
| | |
| | * None - Default. Only use Pattern type matching to trigger a match. |
| | * Greater Than - Should only be applied to integer values. |
| | If the extracted value is greater than the configured value, |
| | then a "match" is made. |
| | * Less Than - should on be applied to integer values. If the |
| | extracted value is less than the configured value, then a |
| | "match" is made. |
| | * Same - Can be applied to both Text or Integer. If the extracted |
| | value is the same as previous occurrences, a match triggered. |
| | For example, if multiple devices are sending an error message, |
| | only the first error will trigger an alert. If the desired goal |
| | is to trigger an alert for unique IP address, then the IP |
| | address definition should have the Same function applied. |
+----------------+----------------------------------------------------------------------+
| Value | This field will only be available if the |
| | Function selected is either "Greater Than" or "Less Than". |
+----------------+----------------------------------------------------------------------+
|
.. image:: /src/images/assurance-correlation-image2.png
|
Creating a Policy
.....................
To Create a Policy:
1. Click the Policy View from the Configuration Menu Bar at the top of the
page.
2. Click the Plus Icon at the bottom left of the Policies panel
3. Fill in the Policy name and press enter.
|
.. image:: /src/images/assurance-correlation-image8.png
|
Creating a Correlation Rule
...............................
To Create a new Correlation Rule:
1. Click the Policy to which you wish to add the rule.
2. Click the Plus icon at the bottom of the Rules panel.
3. Fill in the rule name and the parameters.
|
.. image:: /src/images/assurance-correlation-image33.png
|
Creating a Definition
......................
To create a new definition:
1. Click the wrench icon within any rule to bring up the search engine.
2. Enter a search term that is relevant or is in the log that you would
like to match and press Enter. This will return the last 10 logs with
this term in them.
3. Utilize the highlight and extract procedure or the Regex Wizard as
described in the in "Correlation Definitions" section above.
4. Once finished click Update in the top right of the screen and be sure
to save your Definition on the next page.
|
.. image:: /src/images/assurance-correlation-image34.png
|
Deleting a Correlation Rule
.............................
To delete a Correlation Rule:
1. Click the policy name on the left side of the screen.
2. Click the check box on the Correlation rule you wish to delete.
3. Click the minus icon at the bottom of the correlation panel.
4. Click the Save icon in the upper right to save your change.
|
.. image:: /src/images/assurance-correlation-image31.png
|
Deleting a Policy
....................
To delete a Policy:
1. Click the check box next to the name of the Policy you wish to delete.
2. Click the minus icon in the bottom left of the policy panel.
3. Click the Save icon in the upper right to save your change.
|
.. image:: /src/images/assurance-correlation-image32.png
|
Disabling and Enabling a Policy
.................................
To Disable and Enable a Policy:
1. Select the Policy by clicking the check box next to the name of the
policy.
2. Click the Green Check Box at the bottom of the Policies listing
column.
3. The Name of the Policy will become italicized indicating that the
Policy is Disabled
4. To Enable the Policy: Click the Green Check Box again. The name will
turn back to a normal font indicating it is enabled.
|
.. image:: /src/images/assurance-correlation-image29.png
|
Cloning a Policy
..................
Cloning a Policy allows the quick replication of all of the Correlation
Policy rules and definitions. The user then can simply change only the
required elements for the new policy.
To Clone a Policy:
1. Select the Policy by clicking the check box next to the name of the
policy.
2. Click the Blue "C" Box at the bottom of the Policies listing column.
3. Rename the Policy and make your modifications.
4. Be sure to click Save to save the new policy.
|
.. image:: /src/images/assurance-correlation-image30.png
|
Export and Import a Policy
............................
The Arbitrator platform allows for full export / import of all of its
configuration. Within the Policy Configuration section, you can export and
import the policy that you exported from another system.
A new system log table ``insights_system_log`` has also been added
to log user actions and a user can create a dashboard to view these actions.
See the:
.. raw:: html
Log Search Section
.. raw:: latex
Log Search Section in the Dashboard and Reporting Administration Guide.
|
.. image:: /src/images/insights-import-export-log.png
|
To Export a Policy:
1. Select the check boxes of the policies to export, or select the **Name** check box
at the top of he **Policies** list to select *all* policies.
2. Click the green Down arrow button at the bottom of the **POLICY CONFIGURATION** panel.
3. The **Export CSV** dialog opens. Enter a **CSV file name** (You do
not have to add the ``.csv`` file extension) and click **Export**.
4. The **Export finished** dialog shows when the export file has been created.
Click **Download** to save the CSV file to your selected download location.
To Import a Policy:
1. Click the green Up arrow button at the bottom of the **POLICY CONFIGURATION** panel.
2. A pop-up box will appear asking you choose your file.
3. Click the **Choose file** button and select the exported CSV file that you
have saved to your computer.
4. Click the **Import** button.
Policy CSV Format
''''''''''''''''''
The following columns are in an exported CSV file:
::
"row action","policy group name",name,description,type,action,severity,
"respond procedure","SubCategory (definition: regular expression match)",
"Message (definition: regular expression match/extract)"
.. note::
* The ``"row action"`` column is used when importing and if it contains "delete",
then the row will be deleted upon import.
* The ``"respond procedure"`` column can be used when importing and should
then contain the Response Procedure name *exactly* as it exists on the system.
If a procedure is found, then it will be assigned to the associated rule.
If a new value is entered, a new Response Procedure is created. The default
Response Procedure is used if no value is entered.
* The combination: "policy group name", "name", "respond procedure" should be unique in
CSV row. If a policy found, its data will be updated. If not found, new policy will
be inserted. The "name" has to be unique. If a rule is found, its data will be updated.
If not found, new rule will be inserted to the policy indicated in "policy group name".
See: :ref:`arbitrator-response-procedure-configuration`.
|
.. image:: /src/images/assurance-correlation-image27.png
|
.. _arbitrator-asset-configuration:
Asset Configuration
--------------------
The Asset Configuration panel allows you to create Assets and Asset
Groupings. Assets can be any devices that are either sending data or from
which data is being retrieved. Each Asset can be assigned to a specific
customer to create a multi-tenant environment.
A new system log table ``insights_system_log`` has also been added
to log user actions and a user can create a dashboard to view these actions.
See the:
.. raw:: html
Log Search
.. raw:: latex
Log Search Section in the Dashboard and Reporting Administration Guide.
Creating an Asset Group
........................
To create a new Asset Group:
1. Click the Asset icon from the Menu bar.
2. Click the Plus icon in the bottom left corner of the Asset Groups
panel.
3. Enter the Group name and press Enter.
4. Click the Save icon in the upper right.
|
.. image:: /src/images/assurance-correlation-image28.png
|
Adding an Asset to an Existing Group
......................................
To add a new Asset to a Group:
1. Click Asset Group to which you wish to add an asset.
2. Click the Plus icon at the bottom of the Asset panel.
3. An asset entry box will open up. Fill out all of the details for the
asset under "Properties".
4. Click the "Interface" tab and fill out the details, if applicable.
5. Click the check button to the right of the screen to add the asset.
|
.. image:: /src/images/assurance-correlation-image25.png
|
.. note::
**Modification**: If present, then more than one asset in more than
one group can be modified when *modifying* assets. Change bars are
displayed next to each asset and group when the assets or groups
modified, for example:
|
.. image:: /src/images/insights-arb-assets-conf-change-bar.png
|
Deleting an Asset
...................
To delete an Asset:
1. Click the Asset Group in which your Asset is located.
2. Click the "check" box next to the asset you wish to delete.
3. Click the "minus" icon within the Asset panel.
4. Click the "Save" icon in the upper right corner.
|
.. image:: /src/images/assurance-correlation-image26.png
|
Deleting an Asset Group
..........................
To delete an Asset Group:
1. Click the "check" box next to the Asset Group you wish to delete.
2. Click the "minus" icon in the bottom left of the Asset Group panel.
3. Click the "Save" icon in the upper right corner.
|
.. image:: /src/images/assurance-correlation-image24.png
|
Assigning a Probe to an Asset
...............................
A Probe is a script or set of commands that are saved in the system and
can be utilized to gather data, issue commands to systems, auto repair or
send data. Assigning a probe to an asset is typically done to retrieve
data from that asset. Commands such as an SNMP GET or an API call are
utilized to retrieve data from a particular asset.
To assign a Probe to an Asset:
1. Click the asset group and then click on the actual asset within that
group that the Probe will run against.
2. Click the wrench icon, which will add a monitor profile to the asset.
3. The Probe Group (covered in the next section) screen is opened where
you can select from all of the saved Probes in the system.
4. Select the desired Probe
5. Next click the green pencil icon, which will open up a profile to
define the frequency the probe runs, the credentials needed for the
probe to run, the schedule for the Probe to run and the choice to
start it immediately.
.. note::
For SP25, the frequency for Polycom devices is set at 5 minutes.
6. Once complete click the check button to finalize the probe. This will
take you back to the Asset screen and to the asset you had selected.
|
.. image:: /src/images/assurance-correlation-image21.png
|
.. image:: /src/images/assurance-correlation-image22.png
|
Assigning a Customer to an Asset
.................................
The Correlation Platform has multi-tenancy built in that provides the
ability for different customers to see correlated or collected results of
only their data. Within the configuration of assets, you can assign each
asset to a specific customer. To assign a Customer to an Asset:
1. Click the asset group and then click on the actual asset within that
group that is to be assigned to a Customer.
2. Click the pencil icon that will open up the details of that asset.
3. Click the field labeled Customer and a drop-down list of available
Customers will appear.
4. Select the Customer that the asset belongs to and then click the blue
check box in the top right.
5. Click the Save icon to save the changes.
|
.. image:: /src/images/assurance-correlation-image19.png
|
Placing an Asset in Maintenance Mode
.....................................
The Correlation Platform allows any asset to be placed into Maintenance mode.
Doing so will stop the platform from responding with alerts until it is
removed from the mode. Data will still be collected but alerts will not be
sent.
1. Click the asset group and then click on the actual asset within that group
that is to be put into Maintenance mode.
2. Click the pencil icon that will open up the details of that asset.
3. Check the box next to the label Maintenance Mode and then click the
blue check box in the top right.
4. Click the "plus" icon to return to the Asset Group and then click the
"Save" icon to save the Maintenance Mode settings.
|
.. image:: /src/images/assurance-correlation-image20.png
|
Assets in maintenance mode can be filtered by selecting **Maintenance**
from the **Filter column** drop down list.
|
.. image:: /src/images/insights-arb-maintenance-filter.png
|
Export and Import an Asset
............................
Within the **ASSET CONFIGURATION** section, you can export and
import the asset that you exported from another system.
* When selecting asset groups, all assets belong to those groups will be selected
(selecting individual assets will not take effect).
* If the **Group Name** checkbox is selected, all assets will be included
- both **All groups** and **Ungrouped**.
To Export an Asset:
1. Select the check boxes of the assets to export, or select the **Group name** check box
at the top of he **Groups** list to select *all* assets.
2. Click the green Down arrow button at the bottom of the **ASSET CONFIGURATION** panel.
3. The **Export CSV** dialog opens. Enter a **CSV file name** (You do
not have to add the ``.csv`` file extension) and click **Export**.
4. The **Export finished** dialog shows when the export file has been created.
Click **Download** to save the CSV file to your selected download location.
To Import an Asset:
1. Click the green Up arrow button at the bottom of the **ASSET CONFIGURATION** panel.
2. A pop-up box will appear asking you choose your file.
3. Click the **Choose file** button and select the exported CSV file that you
have saved to your computer.
4. Click the **Import** button.
Asset CSV Format
''''''''''''''''''
The following columns are in an exported CSV file:
::
"Asset Name",Description,"IP Addres","MAC Address",Vendor,
Model,Version,"Host Name",Alias,"Asset Group Name",
"Type of Device(see below)","Device’s Timezone",Comments,
"Physical Address","Customer Name","Site Name","Row Action"
.. note::
* The ``"Row Action"`` column is used when importing and if it contains "delete",
then the row will be deleted upon import.
* Row uniqueness is the combination of: "IP Address", "Customer Name", "Site Name".
If an asset found, its data will be updated. if not, new asset will be inserted
under the asset group indicated in column "Asset Group Name".
* The column "Asset Group Name" has to be unique. if an asset group is found, its
data will be updated. If not, a new asset group will be inserted.
* There are 2 entries in the import CSV:
* An asset with data in all columns. Most important is the very first column "Asset Name".
* An interface is a property of an asset. An interface only has data in from column "Description" to "Host Name".
Most important is that it does not have data on the very first column "Asset Name".
All CSV interface row(s) will be under an asset just right above it(them).
|
.. image:: /src/images/arbitrator-import-asset.png
|
.. _arbitrator-probe-configuration:
Probe Configuration
---------------------
The Probes Configuration panel allows you to assign a group of scripts to
an asset that can run on a set interval. These scripts will allow for data
collection from many types of devices. The protocols can be API, SNMP or
custom CLI scripts. SNMP v3 is also supported.
The return data from the Probes can then be injected
into the system for correlation or can be stored in the database to allow
for analysis on the Dashboard/Reporting server.
For PRI and SIP Trunk probes for Cisco Voice Gateways, reference:
.. raw:: latex
Arbitrator Cisco PRI and SIP Probe Configuration
.. raw:: html
Arbitrator Cisco PRI and SIP Probe Configuration
for instructions.
Creating a Probe Group
.........................
To create a new Probe Group:
1. Click the Probe icon from the Menu bar.
2. Click the "Plus" icon within the Groups pane in the bottom left
corner.
3. Enter the "Group" name and press Enter.
4. Click the "Save" icon in the upper right corner.
|
.. image:: /src/images/assurance-correlation-image17.png
|
Cloning a Probe Group
.........................
To clone an existing Probe Group:
1. Click the Probe icon from the Menu bar.
2. Select a Probe group to clone from.
3. Click the "C" icon within the Groups pane in the bottom left
corner.
4. The cloned "Group" name shows: * clone*. Modify this name
to the required name.
5. Click the "Save" icon to save the added Probe.
6. The probes contained in this new group can also be modified. Refer
to the steps to add, clone and modify probes.
|
.. image:: /src/images/insights-arb-probes-clone.png
|
Creating a Probe
....................
To create a new Probe:
1. Click the group in which you wish to create a new Probe.
2. Click the Plus icon within the Probes panel.
3. Enter the name and description of the Probe.
4. De-select the check icon from the field titled "Custom". This field is
utilized when putting a custom probe in place versus utilizing the
ones within the system.
5. Select the Probe Category from the drop-down list. This will populate
the scripts available in that category within the drop-down menu
titled "Select Script".
6. Select a script from the script drop-down list.
7. Enter any additional information required by the selected script, such
as the hostname, IP, etc.
8. Click the "Check" icon to close the probe in the far right of the
Probe panel.
9. Click the "Save" icon to save the added Probe.
|
.. image:: /src/images/assurance-correlation-image18.png
|
Cloning a Probe
...................
To clone a probe:
1. Click the probe which you wish to clone.
2. Click the "C" icon within the **Probes** panel.
3. The cloned "Probe" name shows: * clone*. Modify this name
to the required name as well as any other properties you need to.
4. Select the **Done** checkbox before saving.
5. Click the "Save" icon to save the added probe.
Creating a Custom Probe
.........................
To create a new Probe:
1. Click the group in which you wish to create a new Probe.
2. Click the Plus icon within the Probes panel.
3. Enter the name and description of the Probe.
4. Select and click the check icon from the field titled "Custom". This
field is utilized when putting a custom probe in place versus
utilizing the ones within the system.
5. Enter the path and script that you wish to run.
6. Click the "Check" icon to close the probe in the far right of the
Probe panel.
7. Click the "Save" icon to save the added Probe.
|
.. image:: /src/images/assurance-correlation-image15.png
|
Deleting a Probe Group
......................
To delete a Probe Group:
1. Click the check box next to the group name you wish to delete.
2. Click the Minus icon within the Probe Group panel in the bottom left.
3. Click the "Save" icon to save the changes.
|
.. image:: /src/images/assurance-correlation-image16.png
|
Deleting a Probe
.................
To delete a Probe:
1. Click the check box next to the Probe name you wish to delete.
2. Click the Minus icon within the Probe panel in the bottom right.
3. Click the "Save" icon to save the changes.
|
.. image:: /src/images/assurance-correlation-image14.png
|
Export and Import a Profile (assignment of a probe to an asset)
...............................................................
.. important::
This import/export is special. Since we do not have a Profile main screen,
the import/export profiles are in Probe Configuration; the same as the legacy
push button (right next import/export buttons).
Within the **PROBE CONFIGURATION** section, you can export and
import the profiles that you exported from another system.
A new system log table ``insights_system_log`` has also been added
to log user actions and a user can create a dashboard to view these actions.
See the:
.. raw:: html
Log Search
.. raw:: latex
Log Search Section in the Dashboard and Reporting Administration Guide.
To Export a Profile:
1. Click the Down arrow button at the bottom of the **PROBE CONFIGURATION** panel.
Since this is a probe configuration, we cannot select individual profiles,
so it will export all profiles in the system.
2. The **Export CSV** dialog opens. Enter a **CSV file name** (You do
not have to add the ``.csv`` file extension) and click **Export**.
3. The **Export finished** dialog shows when the export file has been created.
Click **Download** to save the CSV file to your selected download location.
To Import a Profile:
1. Click the Up arrow button at the bottom of the **PROBE CONFIGURATION** panel.
2. A pop-up box will appear asking you choose your file.
3. Click the **Choose file** button and select the exported CSV file that you
have saved to your computer.
4. Click the **Import** button.
Profile CSV Format
''''''''''''''''''''
The following columns are in an exported CSV file:
::
"Row Action","Asset Name","IP Address","Customer Name",
"Site Name","Probe Group Name","Credential 1 Name",
"Credential 2 Name","Frequency (s)",Enable
.. note::
* The ``"Row Action"`` column is used when importing and if it contains "delete",
then the row will be deleted upon import.
* "Probe Group Name" must be unique.
* Combination: "IP Address","Customer Name","Site Name" must to be unique.
* "Asset Name" is used as a reference of the asset.
* When importing and if an asset and a probe group are found, then a profile
will be updated/inserted. If not, nothing to import.
|
.. image:: /src/images/arbitrator-import-probe.png
|
Assignment of a probe to an asset
''''''''''''''''''''''''''''''''''''
A probe group assigned to an asset can be modified using a profile CSV file import by specifying
the related "Asset Name" and "Probe Group Name" in the CSV file.
For example, consider an asset "Local System" that has 3 profiles:
|
.. image:: /src/images/Insights-asset-local-system-3-profiles.png
|
We can assign probe "Cisco CUCM Version" to asset "Local System"
as a CSV file import:
|
.. image:: /src/images/Insights-CSV-row-add-profile-to-asset.png
|
After importing, the profile is added to the probe group.
|
.. image:: /src/images/Insights-asset-local-system-4-profiles.png
|
.. _arbitrator-controls:
Controls
------------
The Controls Configuration panel allows you to define a script or routine
that can be executed by a response procedure or attached as a probe. These
controls can be passed variables extracted from a correlation rule. The
resulting return of the scripts execution can be mapped to the database,
used as an action or can be injected back into the system to be correlated
against another element.
Creating a Control
....................
To create a new Control:
1. Click the Plus icon within the control panel.
2. Enter the name of the Control.
3. De-select the check icon from the field titled "Custom". This field is
utilized when putting a custom Control in place versus utilizing the
ones within the system.
4. Click and Select from the categories dropdown list to populate the
scripts dropdown.
5. Select a script from the script dropdown list.
6. Enter any additional information required by the selected script.
7. Click the Check icon to close the control in the far right of the
control panel
8. Click Save icon.
|
.. image:: /src/images/assurance-correlation-image55.png
|
Deleting a Control
.....................
To delete a Control:
1. Click the check box next to the Control name you wish to delete.
2. Click the Minus icon within the Control panel at the bottom.
3. Click the "Save" icon to save the changes.
|
.. image:: /src/images/assurance-correlation-image56.png
|
.. _arbitrator-response-procedure-configuration:
Response Procedure Configuration
---------------------------------
The Response Procedure configuration panel allows you to define an
automated response to a correlated event. Each Response Procedure can be
assigned to one or more Correlation Rules while also containing and/or
executing one or more of the following responses:
.. tabularcolumns:: |p{4.5cm}|p{10.5cm}|
+-----------+------------------------------------------------------------------+
| Action | Description |
+===========+==================================================================+
| Alert | Visually show the alert in the alert views within the User |
| | Interface. |
+-----------+------------------------------------------------------------------+
| | An email will be sent to the recipients address and contain the |
| | Policy and Correlation Rule details that are triggered. |
| Email | Additionally, any data that is extracted from the correlated |
| | event will be included. |
+-----------+------------------------------------------------------------------+
| | Executes the selected Control Script as a result of the |
| | correlated event. Data from the correlated event will be passed |
| Control | to the script as well. These scripts can be utilized as run-book |
| | and/or automated remediation. |
+-----------+------------------------------------------------------------------+
| Forward | The forward allows the correlated event to be forwarded to |
| | another Arbitrator Correlation platform. |
+-----------+------------------------------------------------------------------+
Creating a Response Procedure
...............................
To create a response procedure:
1. Click the "Calendar" icon at the top of the Configuration panel.
2. Click the plus icon in the bottom left of the Response Procedure name
panel. A box will open up where you can fill in the name of your
response procedure.
3. The panel to the right is broken into two sections:
a. Response Procedure Details – This is the section that you select to
add the elements defined in the table above.
b. Do Not Run Windows – Allows you to define certain date and times that
you don’t want the system to take the actions within the Response
Procedure.
|
.. image:: /src/images/assurance-correlation-image53.png
|
Assigning an Alert to a Response Procedure
...............................................
To assign the Alert function to a response procedure:
1. Click the Alert check box in the top left of the Response Procedure
Details panel.
2. If this system you are configuring is intended to be the redundant
platform then click the Disable on Failover box to allow all data to
flow but no actions to take place.
|
.. image:: /src/images/assurance-correlation-image54.png
|
Deleting a Response Procedure
...............................
To delete a Response Procedure:
1. Click the box next to the Response Procedure name.
2. Click the minus icon at the bottom of the Response Procedure name
panel.
3. Click the Save icon to save your changes.
|
.. image:: /src/images/assurance-correlation-image51.png
|
.. _arbitrator-how-to-enable-servicenow-integration:
How to Enable ServiceNow Intergration
--------------------------------------
|
.. image:: /src/images/VAA-add-SNOW-control.png
|
1. Navigate to Configuration (cog icon) on the arbitrator.
#. Navigate to Control and click + to enter a new control.
#. In the **Name** text box enter ServiceNow.
#. Untick **Custom**.
#. Fill in the following details:
* **Select Category**: ServiceNow
* **Select Script**: PushToServiceNow
* **Service Now IP Address / Hostname:**
* **Service Now Username:**
* **Service Now Password:**
#. Tick the blue tick box.
#. Click the **Save**.
#. Navigate to the Response Procedure Configuration menu.
#. Apply the control to the required IRP, such as the default IRP.
.. _arbitrator-servicenow-one-way-incident-integration:
ServiceNow One Way Incident Integration
-----------------------------------------
As the Correlation Platform detects new incidents a response procedure is
defined to send the event into ServiceNow utilizing their API. Incident
Response Procedures (IRP) are defined on an incident basis. Thus you can
choose which events need to be sent to ServiceNow based on severity, type,
threshold, or others. When the IRP kicks off it will create an event,
insert the following fields and send it to ServiceNow:
* short description: Arbitrator Policy, Rule and Reference_Id
* description: full message from arbitrator
* severity: severity
* urgency: based on severity
* impact: based on severity
* category: software
* comments: full message from Arbitrator
ServiceNow Requirements
...........................
* ServiceNow URL
* ServiceNow User with SOAP API rights to insert Incidents
* ServiceNow Password
Arbitrator Correlation Configuration
.....................................
* Version Required: 4.0001-15b
* Script: ``servicenow/PushToServiceNow.pl``
* parameters:
* ``URL_TO_SERVICENOW_INSTANCE``
* ``USERNAME``
* ``PASSWORD``
Screenshots From ServiceNow
............................
|
|924d7f4f8b22b0fc|
|
|ea8b6a1af79321ee|
|
.. _arbitrator-credential-configuration:
Credential Configuration
-------------------------
The Credentials configuration panel allows you to define and store
credentials securely. These credentials can be assigned to a Probe or
Control to allow for secure access to an asset, ticketing system or
script. (See: Asset Configuration, Response Procedure Configuration)
Creating a Credential
.......................
To create a Credential:
1. Click the "key" icon in the menu bar at the top.
2. Click the plus icon in the bottom left corner.
3. Enter the name to be assigned to the Credential.
4. Enter the Username and Password fields.
5. Click the blue check box.
6. Click the Save icon to save the credential.
|
.. image:: /src/images/assurance-correlation-image52.png
|
Deleting a Credential
........................
To delete a Credential:
1. Click the check box to the left of the credential name you wish to
delete.
2. Click the minus icon in the bottom left of the screen.
3. Click the Save icon to save your changes.
|
.. image:: /src/images/assurance-correlation-image49.png
|
.. _arbitrator-customer-configuration:
Customer Configuration
--------------------------
To enable multi-tenancy (assets, alerts and data) utilize the customer
configuration panel to define a customer and their related locations
(sites). Once defined, the Customer field can be applied to an asset and
or a user to restrict access to other customers assets, alerts and data.
(See: Asset Configuration, Access Control Configuration).
Creating a Customer
....................
To create a Customer:
1. Click the "customer" icon in the menu bar at the top.
2. Click the plus icon in the bottom left corner of the customer panel.
3. Enter the name of the Customer to be added and press Enter.
4. Enter the Username and Password fields.
5. Click the Save icon to in the upper right corner.
6. Proceed to creating a Customer Site.
|
.. image:: /src/images/assurance-correlation-image50.png
|
Creating a Customer Site
.............................
To create a site for a Customer:
1. Click the customer to which you wish to add the site.
2. Click the plus icon in the bottom of the site panel.
3. Enter the site name and press Enter.
4. Add additional sites if applicable.
5. Click the Save icon to in the upper right corner.
|
.. image:: /src/images/assurance-correlation-image47.png
|
Deleting a Customer
...................
To delete a Customer:
1. Click the check box of the customer you wish to delete.
2. Click the minus icon in the bottom of the site panel.
3. Click the Save icon to in the upper right corner.
|
.. image:: /src/images/assurance-correlation-image48.png
|
Deleting a Customer Site
............................
To delete a site for a Customer:
1. Click the customer in which you wish to delete the site.
2. Click the minus icon in the bottom of the site panel.
3. Click the Save icon to in the upper right corner.
|
.. image:: /src/images/assurance-correlation-image46.png
|
.. _arbitrator-access-control:
Access Control
----------------
The Access Controls Configuration panel allows for specific Role Based
Access Controls to be enabled. These controls are based on the role of the
user and the customer to which they belong.
Permission Groups
..................
The first tab under the Access Controls is the Permission Groups. This
allows the admin to define a group that has specific capabilities/rights
and subsequently add users to these groups.
Creating a Permission Group
'''''''''''''''''''''''''''''
To create a Permission Group:
1. Click the Permission Group tab under the Access Control panel. A list
of defined groups will be displayed.
2. Click the blue plus icon at the bottom of the panel.
3. Fill in the name of the group and select Realm Context drop-down
button. This will always be local for a single Arbitrator deployment.
4. Click the Timeout box if you wish this user group to have their
session timeout for non- use and require them to log back into the
UI.
5. Select each system screen name tab that you wish to grant access to
this group. As you select each tab it will turn green indicating that
this system screen will be available to this group.
6. Click the blue check icon when complete.
7. Click Save to complete the addition of the group.
|
.. image:: /src/images/assurance-correlation-image44.png
|
Assigning and Removing Users to and from a Permission Group
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
To Assign a User to a Permission Group:
1. Click User next to the Permission tab. A list of All Users and Users
in Groups will be displayed.
2. Click the Group to which you wish to add a User.
3. Drag the desired user(s) from the "All Users" section to the drop zone
under "Users in Group".
4. To remove a User from a Permission Group simply drag the user from the
"Users in Group" section over to the "All Users" section
5. Click Save to complete the action.
|
.. image:: /src/images/assurance-correlation-image45.png
|
Users
.........
The Users tab allows you to create a new user or modify an existing one.
The users can be set up as "Super Users" or assigned roles in the
permission groups. Once the user is added and saved then they will be
available to add to the Permission Groups per the last section.
Creating a New User
''''''''''''''''''''
To create a new User:
1. Click the User tab at the top of the screen next to Permission
Groups.
2. Click the blue plus icon at the bottom of the screen.
3. Fill in the required fields. (Full Name, Username, Password, Confirm
and Email).
4. Check the Super-User box if applicable.
5. Check the Force Password Change if you want this user to follow the
Password Policy.
6. Click the Locked Out box if you want this user to time on inactivity
on the UI.
7. Select the Customer drop-down box and assign the user to a customer.
8. Check the Disable multi-tenancy if this is a single customer and
multi-tenancy does not apply.
9. Click the Blue check icon to set the user.
10. Click the Save button to save the user.
|
.. image:: /src/images/assurance-correlation-image41.png
|
Deleting a User
''''''''''''''''''
To delete a User:
1. Click the check box next to the User name that you wish to delete.
2. Click the minus icon at the bottom of the screen.
3. Click the Save button to save your changes.
Nodes
...........
The Nodes tab allows you to create a new Arbitrator Correlation or
Dashboard/Reporting node. Once it is added and saved then the node can be
added to a Realm with other nodes.
Creating a Node
''''''''''''''''''
To create a Node:
1. Click the Node tab at the top of the screen next to Users.
2. Click the blue plus icon at the bottom of the screen.
3. Fill in the required fields. (System, GUI IP Address, Username and
Password).
4. Check the either the Direct box (http) or the Secure box (https) to
select the communication method.
5. Select the Appliance drop-down box and choose the type of system you
are adding.
6. Click the Blue check icon to set the Node.
7. Click the Save button to save the Node.
|
.. image:: /src/images/assurance-correlation-image42.png
|
Deleting a Node
'''''''''''''''''''
To delete a Node:
1. Click the check box next to the Node name that you wish to delete.
2. Click the minus icon at the bottom of the screen.
3. Click the Save button to save your changes.
Realms
..........
The Realm tab allows you to create a new Realm where VOSS Insights
systems can be grouped to communicate with each other. Once it is added
and saved then Nodes can be added to the Realm.
Creating a Realm
''''''''''''''''''''
To create a Realm:
1. Click the Realm tab at the top of the screen next to Nodes.
2. Click the blue plus icon at the bottom of the screen.
3. Fill in the Realm name that you desire.
4. Click the Blue check icon to set the Realm.
5. Drag the systems that you want in the Realm into the drop zone.
6. Click the Save button to save the Realm.
|
.. image:: /src/images/assurance-correlation-image39.png
|
Deleting a Realm
''''''''''''''''''
To delete a Realm:
1. Click the check box next to the Realm name that you wish to delete.
2. Click the minus icon at the bottom of the screen.
3. Click the Save button to save your changes.
Protected Subnets
......................
The Protected Subnets tab allows you to input the IP addresses of subnets
that will be protected from a control running against them. The Control
will check this list prior to running and will not run a script against a
device that is within a protected subnet.
Creating a Protected Subnet
'''''''''''''''''''''''''''''''
To create a Protected Subnet:
1. Click the Protected Subnet tab at the top of the screen next to
Realms.
2. Click the blue plus icon at the bottom of the screen.
3. Fill in the Name, IP Address and Mask of the Protected Subnet.
4. Click the Blue check icon to set the Protected Subnet.
5. Click the Save button to save your changes.
Deleting a Protected Subnet
'''''''''''''''''''''''''''''''
To delete a Protected Subnet:
1. Click the check box next to the Protected Subnet name that you wish to
delete.
2. Click the minus icon at the bottom of the screen.
3. Click the Save button to save your changes.
|
.. image:: /src/images/assurance-correlation-image40.png
|
Password Policy
..................
The Password Policy tab allows you to set and enforce password rules to
access the system. Each field is optional thus the user can choose the
best policy to enforce.
Creating a Password Policy
''''''''''''''''''''''''''''
To create a Password Policy:
1. Click the Password Policy tab at the top of the screen next to
Protected Subnets.
2. Within the box you have an option of Minimum Length, Minimum
Uppercase, Minimum Lowercase, Minimum Numeric, Minimum Special,
Password Lifespan and Maximum Login Attempts.
3. Fill in the desired inputs into each of these fields.
4. Click the Save button to save your changes.
|
.. image:: /src/images/assurance-correlation-image37.png
|
SAML
.........
The SAML tab allows you to configure single sign-on to other user
management platforms by utilizing the Security Assertion Markup Language
(SAML). This is an open standard for exchanging authentication and
authorization data between systems.
Creating single sign-on via SAML
''''''''''''''''''''''''''''''''''''
To create single sign-on via SAML:
1. Click the SAML tab at the top of the screen next to Password Policy.
The attributes on this page require you to interact with your
administrator of allowed users.
2. Click the box next to Enable SAML.
3. If the system is supporting a single customer, then click the Disable
Multi-Tenancy.
4. Fill in the optional principal attributes.
5. From your administrator obtain the Identity Provider Metadata XML and
paste it into the box provided.
6. From the following boxes provide each of the following to your
Identity Provider:
a. Audience URL (SP Entity ID)
#. Single Login URL
#. Single Logout URL
#. Click to view or download the platform SAML Metadata
#. Click to view or download the platform X.509 Certificate (2048 Bit)
7. Click the Save button to commit the SAML configuration.
8. (See Figures on the next few pages.)
|
.. image:: /src/images/assurance-correlation-image38.png
|
.. image:: /src/images/assurance-correlation-image36.png
|
.. image:: /src/images/assurance-correlation-image78.png
|
.. _arbitrator-import-export:
Import & Export
-------------------
The Import & Export Configuration panel allows you to select all or parts
of the system configuration to be exported to file or to import already
exported files into the system.
Exporting
..........
To export configuration items:
1. Click the Export tab at the top of the screen.
2. On the left-hand side will be folders containing all of the
configuration items. Either drag whole folders over to the drop zone
or open a folder and select a specific item to drag to the drop zone.
3. Once complete give the package a name in the box next to Package
Name.
4. Then give the package a description in the box next to Package
Description.
5. When complete click the Export button.
6. The package file will download to your local computer.
|
.. image:: /src/images/assurance-correlation-image79.png
|
Importing
.............
To import configuration items:
1. Click the Import tab at the top of the screen.
2. Select the file you wish to import by clicking the "choose file"
button. This will open up your local file system to select the file
from where you have it stored on your computer.
3. Double click the file or highlight it and click "Open".
4. Click the Upload button. This will open up all of the configuration
items you are importing.
5. Make any changes to the settings as required.
6. Click Import.
7. A progress screen will pop up. Once complete click OK.
|
.. image:: /src/images/assurance-correlation-image75.png
|
.. _arbitrator-archive-management:
Archive Management
--------------------
The Archive Management panel provides options on backing up the Arbitrator
Correlation platform.
API Config
.....................
A number of API configurations to enable monitoring can be configured.
Webex Config
'''''''''''''
From SP25, **Webex Config** is available
to enable the configuration of Webex monitoring.
(Requires Dashboard SP66 Release for visualization)
|
.. image:: /src/images/SP25-Webex-config.png
|
.. note::
For Webex API support, your network should be configured to access: ``https://webexapis.com/v1``, port 443.
(Admin menu > LayerX Network Configuration, **DNS Settings** may need to be configured to reach the external site.)
.. rubric:: Webex API Configuration Steps
1. From the main landing page, select the **System Configuration** (wrench/spanner), which opens a new tab.
2. On the new tab, select **Archive Management** (file cabinet).
3. Go to **Configuration Management > API Config > Webex Config**
to fill in the settings:
a. Click the **Create Access Token** button, enter your account credentials
and copy the JSON string which performs OAuth handshake with Webex.
b. Set **Enabled** to ``enabled``.
c. At **CUSTOMER** enter the Customer Name (if multi-tenancy is required)
d. At **AccessToken** paste the copied JSON token from step a.
e. Click **Verify Access Token** and to verify, inspect the output in **View Output**.
f. Click **Save Access Token**, which will create a new Customer-specific "Webex Config - " entry.
under the **API Config** list. (You need to click away and return to **Configuration Management**
to reload with the new entry.)
|
.. image:: /src/images/SP25-Webex-Config-screen.png
|
Created configurations can be deleted or modified. This will be needed for Access Tokens,
as these contain an ``expires_in`` value.
.. _ms-teams-config:
MS Teams Config
'''''''''''''''''
From release 23.1, **MS Teams Config** is available
to enable the configuration of MS Teams monitoring.
MS Teams API configuration requires an initial application
registration on Microsoft Azure.
.. rubric:: Application Registration in Azure
1. Search for Azure Active Directory:
|
.. image:: /src/images/insights-arb-teams-reg-azure-srch-ad.png
|
2. Select **Manage > App registrations** and then select **New Registration**
|
.. image:: /src/images/insights-arb-teams-reg-azure-new-app-reg.png
|
3. Enter a meaningful application **Name** to display to users and
under **Supported account types**, select **Accounts in this organization directory**
and click **Register**.
|
.. image:: /src/images/insights-arb-teams-reg-azure-new-app-name-type.png
|
4. When the new application is registered, locate the **Application (client) ID** and
**Directory (tenant) ID** on the next page and store these values in a secure location.
|
.. image:: /src/images/insights-arb-teams-reg-azure-app-id-dir-id.png
|
5. Select the **API permissions** menu under **Manage** and then select the
following **Application permissions**:
* ``CallRecords.Read.All``
* ``Device.Read.All``
* ``DeviceManagementApps.Read.All``
* ``DeviceManagementApps.ReadWrite.All``
* ``DeviceManagementConfiguration.Read.All``
* ``DeviceManagementConfiguration.ReadWrite.All``
* ``DeviceManagementServiceConfig.Read.All``
* ``DeviceManagementServiceConfig.ReadWrite.All``
* ``Directory.Read.All``
* ``Directory.ReadWrite.All``
* ``User.Read.All``
* ``User.ReadBasic.All``
* ``User.ReadWrite.All``
* ``Group.Read.All``
* ``Group.ReadWrite.All``
* ``GroupMember.Read.All``
* ``ServiceHealth.Read.All``
* ``TeamworkDevice.Read.All``
* ``TeamworkDevice.ReadWrite.All``
6. Grant admin consent:
|
.. image:: /src/images/insights-arb-teams-reg-azure-app-admin-consent.png
|
7. From **Certificates & secrets**, create authentication from **New client secret**:
|
.. image:: /src/images/insights-arb-teams-reg-azure-app-cert-secret.png
|
8. Copy the value and store in a secure location.
|
.. image:: /src/images/insights-arb-teams-reg-azure-app-cert-secret-value.png
|
The stored:
* **Application (client) ID**,
* client secret **Value** and
* **Directory (tenant) ID**
will be used on the Arbitrator configuration dialogue screen.
.. rubric:: Configuration of the tenant collection from the Arbitrator
Configuration is carried out on the Arbitrator **Settings** menu
from **ARCHIVE MANAGEMENT > API Config > MS Teams Config**.
|
.. image:: /src/images/insights-arb-api-config-msteams.png
|
New Tenants can be created with **Enabled** either enabled or disabled.
If disabled, no API requests will be made until it is enabled.
1. Enter stored values:
* Enter the tenant id (**Directory (tenant) ID**) in the **CUSTOMER** field
* Enter an easily identifiable account name in the **Name** field.
* Enter the client ID (**Application (client) ID**) in the **ClientID** field.
* Enter the client secret **Value** in the **ClientSecret** field.
These values should be for a client that is dedicated to this
use and should not be used it to request a token from any other source
while the API collector is enabled.
2. Click **Save Data** to save the configuration.
3. Refresh the screen (move away from the configuration screen to another and back) to see the new configuration.
.. _arbitrator-archive:
Archive
..........
Under the Archive tab there are a few options based on the specific
functions the user wants to backup.
Setup
'''''''
The system does a backup daily. For the most part, there is nothing for
the user to configure. All data and configurations that exists on the
system are archived automatically on a daily basis.
Archived data are logically grouped together and by default stored into
separate archived files locally on the box. There is a separate page for
each Archive group. More detailed information about each Archive group can
be found on the individual Archive group pages. The user also has the
option to mount an NFS drive to the system. All archived files will then
get archived to the NFS mounted drive. Note: removing the NFS mount will
NOT copy the NFS contents back to local storage. Only NFS v3 mounts are
currently supported today.
|
.. image:: /src/images/assurance-correlation-image76.png
|
Arbitrator Backup
''''''''''''''''''''''''
This page contains the settings for the backup of the Arbitrator. There is
nothing to edit here. The settings are simply displayed for informational
purposes only. This Archive group contains the following data: Arbitrator
Configuration settings (Database: Assets, Alerts, Policies, Rules, Probe
Groups, Response Procedures, Controls), User Permissions settings
(ldap), NDX files, Avaya data, Pexip data, and all other data currently
being collected in the Arbitrator database.
The backup excludes data from the CALL table, Cisco Tables, and raw Cisco
CDR/CMR files. Data in the CALL table can be very large and is expendable.
Cisco Tables and raw Cisco CDR/CMR files are part of a separate Archive
group.
|
.. image:: /src/images/assurance-correlation-image73.png
|
Cisco Files
'''''''''''''''''''
Archival for Cisco files. This Archive group will back up all Cisco CDR
and Cisco CMR raw files. These are the files that are SFTP’d to the system
by the Cisco Call Manager. The settings here are for informational
purposes only. However, the user may disable the storage of raw Cisco CDR
and Cisco CMR raw files on the system. This option could be used to
conserve disk space.
|
.. image:: /src/images/assurance-correlation-image74.png
|
Cisco SQL
'''''''''''''''''''
Archival for Cisco SQL data. This Archive group will back up all Cisco
data in the database tables. This is the data that has already been
processed by the system. There is nothing to edit here. The settings here
are for information purposes only. The data here is grouped together by
the Cisco Call Manager IP Address. This allows for more granular control
on which Call Manager data to import.
|
.. image:: /src/images/assurance-correlation-image71.png
|
Ndx
''''
This Archive group will manage Ndx files on the system. Default **monthsKept** is 6 months.
|
.. image:: /src/images/VAA-config-ndx-file-retention-times.png
|
Pexip Files
'''''''''''''''
Archival for Pexip files. The system can be used to collect PEXIP data.
The raw PEXIP data files are kept, by default, for historical purposes.
However, in order to conserve disk space, the user may choose to disable
the local storage of the raw PEXIP files.
|
.. image:: /src/images/assurance-correlation-image72.png
|
Remote Storage
''''''''''''''''''
If standard / local storage
is chosen in the Archive Setup page, then this screen allows the user to configure remote
archival of the Arbitrator backup files. Each Archive group produces one
or many archive files. The system can be configured to SCP these archive
files to a backup location or to another Arbitrator.
The archives can be sent to a separate backup location
(NFS, SFTP-server, SCP or remote synced to another Arbitrator).
* **archive_interval**
This can be set on a schedule of:
i. Daily
ii. Weekly
iii. Monthly
* Method: **Select an option**
* **disable** - System will reset storage options, e.g. archives locations are
reset to the local system if these were previously on a remote host.
* **nfs** - System will mount the filesystem as a local drive.
The system ``drop/lxt_archive`` directory is linked with a symbolic link to
``/mnt/nfsshare`` on a host, thereby saving space on the system.
Selecting this option enables additional controls:
|
.. image:: /src/images/arbitrator-arch-mgt-remote-strg-nfs-options.png
|
* **Check NFS Host**: Click and use the **View Output** button to see verification output.
* **Check NFS Mount**: Check the **destination** location (entered below) *after* saving
the configuration. **View Output** shows disk usage on the destination of the NFS host.
* **rsync** - System will sync the archive directory to remote system.
The remote system must have rsync installed for this to work.
* **rsyncToArb** - System will sync the archives directory to a remote Arbitrator.
This utilizes the rsync protocol so both Arbitrators will always be in sync.
* **scp** - System will copy archives to a remote location. Scp is not a sync.
To reduce load on system and network, system only copies new / changing archives over to the scp location.
* **sftp** - System will copy archives to a remote location. Sftp is not a sync.
To reduce load on system and network, system only copies new / changing archives over to the sftp location.
* **IP location**
IP address. Also add **username** and **password**.
* **destination**
The path on the remote server to the folder where backups are to be stored.
|
.. image:: /src/images/assurance-correlation-image69.png
|
See also: :ref:`backup-restore-arbitrator`.
Collect
..........
The Collect tab allows you to choose configuration options
for collection.
Cisco Remote Copy
''''''''''''''''''''
This option allows you to set up where to store Cisco CDR/CMR files.
Use this section to configure where the collection of Cisco CDR/CMR files
should be stored. "local" is the default location and will be the local
Arbitrator Correlation platform. Choose "remote arbitrator" and the
processed Cisco CDR/CMR files will be stored to the database of a remote
arbitrator. This is useful if the data of multiple arbitrators needs to be
stored to a centralized arbitrator. The "remote_ip" needs to be filled in
with the ip address of the "remote arbitrator", if configured.
|
.. image:: /src/images/assurance-correlation-image70.png
|
Oracle Microsoft Operator Connect
''''''''''''''''''''''''''''''''''
If customer CDR folders for Oracle Call Manager were set up during Arbitrator
setup, then parsing CDRs and using API calls to create the call record
in the MS Tenant via the Operator Connect API is configured from the setup up on
the **Oracle Microsoft Operator Connect** screen.
|
.. image:: /src/images/insights-arb-archive-oracle-ms-operator-connect.png
|
.. raw:: html
For CDR folder setup, see Add Customer CDR Folders
.. raw:: latex
For CDR folder setup, see the "Add Customer CDR Folders" topic in the Arbitrator Install Guide.
LDAP External Config
........................
The system uses a local LDAP server to store user information. The system
also supports authenticating with an external Microsoft Active Directory
server. If an external Microsoft AD is used, the system will
automatically sync all users locally. Local user accounts are necessary to
set specific system privileges. Please note that Microsoft AD passwords
are never stored locally. Authentication always occurs with external
Microsoft AD. Once authenticated, the system allows the user access based
on the user's local system privileges. In order to properly configure this
screen, the customer administrator must have an in-depth knowledge of the
customer's Microsoft AD architecture. Improper configuration may cause too
little or too many users in the system.
|
.. image:: /src/images/assurance-correlation-image67.png
|
SNMP V3 User Config
...................................
This allows the system to be configured to work with SNMP v3. It allows
you to select the specific authentication and encryption methods to be
utilized.
|
.. image:: /src/images/assurance-correlation-image65.png
|
Syslog Server
..............
The system has the ability to send out syslog messages about several of
the internal functions including backup and archival success. Use this
screen to configure the IP address of your central syslog server. This is
a system wide setting. If an IP address is specified, the system will send
any internal VOSS Insights messages onto the specified syslog server.
Only one central syslog server can be specified at this time. Please
validate firewall settings are open to allow incoming messages on the
specified IP address and port.
|
.. image:: /src/images/assurance-correlation-image66.png
|
Tunnel
.........
This tab allows you to go in and create VPN tunnels between Arbitrator
Correlation platforms.
Creation
''''''''''
Allows the creation of SSH tunnel to the specified endpoint, including the
interim hops needed.
|
.. image:: /src/images/assurance-correlation-image62.png
|
Management
'''''''''''
Use this tab to list and manage all of the existing tunnels.
|
.. image:: /src/images/assurance-correlation-image64.png
|
Request History
''''''''''''''''
Allows the listing of tunnel requests and management of those requests.
|
.. image:: /src/images/assurance-correlation-image60.png
|
.. _arbitrator-log-management:
Log Management
---------------
The Log Management panel allows you to customize the archival of the index
data store. It can be performed based on Size, Time or a combination of
both.
To set the archival process click on the Log Management tab:
..
SP19
1. Select the file size at which to start the archive.
2. Select the time interval at which to start the archive.
3. Add the location to where the archive file will be sent.
4. Set the **IP Address**, Choose the **Method** of transport (e.g. SFTP),
give it a **Path** and input any **Credentials** required.
|
.. image:: /src/images/assurance-correlation-image61-method.png
|
.. image:: /src/images/assurance-correlation-image61.png
|
.. _arbitrator-tools:
Tools
---------------
SNMP Tools
...............
The SNMP Tools panel allows you to very easily load or import MIBs and
then build SNMP actions/ scripts to be saved as Probes within the
platform. The system comes with a library of MIBs that can be opened by
selecting the Load button. If a new one is needed it can be imported by
selecting the Import button.
The system comes with a library of MIBs that can be opened by selecting
the Load button. Click the Tools Tab:
1. To load an existing MIB simply select the Load button
2. A window will open up with a choice of all the manufacturer MIBs
available in the system.
3. Scroll through and select the desired MIB.
|
.. image:: /src/images/assurance-correlation-image58.png
|
4. Once selected you can open up all of the branches and leaves and view
each associated OID.
5. Choose the folder you wish to utilize and input the connection
settings for that system.
6. Select the Connection button, input the host name or IP and choose the
SNMP version. If selecting V3 then a set of different parameters will
pop up and you will need to fill these in.
|
.. image:: /src/images/assurance-correlation-image59.png
|
7. Choose the operation to perform: GET, GET NEXT or WALK
8. The operation will return the values of the OID you query in the field
below it. Checking any of the boxes beside the field will un-gray the
"Create Probe" box.
9. Do this for each Probe you want to create.
|
.. image:: /src/images/assurance-correlation-image57.png
|
10. When you select "Create Probe" a new box will open that will allow
you to give the Probe a name and either save it to an existing Probe
Group or create a new one.
11. Now you have a new Probe that will run the particular SNMP command
you requested.
.. |924d7f4f8b22b0fc| image:: /src/images/924d7f4f8b22b0fc.png
.. |ea8b6a1af79321ee| image:: /src/images/ea8b6a1af79321ee.png