In part 2 of our WhatsUp Gold v12.3.1 review, we use discovery results to monitor systems and services, using state changes to trigger notifications and auto-responses.

by Lisa Phifer President Core Competence [December 24, 2008]

As networks have grown bigger and faster, surveillance tactics have been forced to evolve. When a critical link becomes a bottleneck or a business-critical service goes down, network operators need to react quickly—in real-time. Historical reports, culled from event logs and traps and hourly polls, are still essential for capacity planning and incident investigation. But operators in the hot-seat need more—much more. Ipswitch WhatsUp Gold v12.3.1 lays the groundwork for historical reporting, but leverages that infrastructure to fire off defined actions and present split-second performance graphs.

Polling and probing
As described in Part 1 of this review, WhatsUp Gold discovers networked devices and the services they support by probing protocols and SNMP/WMI attributes. Unless otherwise specified, discovered devices are added to the WhatsUp Gold database for on-going monitoring in the same fashion. These and other WhatsUp Gold monitors can then be refined from each device's Properties Panel.

Active Monitors periodically query server ports, looking for expected responses. If no reply or an unexpected answer is received, the service is marked as "Down," triggering a specified Action. When a future poll is successful, the service is marked "Up," triggering yet another Action. This is primary way that WhatsUp Gold tracks service availability and helps you respond quickly to outages.

Built-in Active Monitors can query DNS, TCP Echo, FTP, HTTP, HTTPS, IMAP4, NNTP, POP3, RADIUS, SMTP, SNMP, Telnet, and/or Time services. You can also poll other ports or protocols by creating your own Active Monitors. For example, we added monitors to poll web servers on alternative ports and use SNMP to check network interface status (Figure 1). Hint: To view and copy the OIDs supported by any SNMP-capable device, launch the SNMP Interface Viewer or the SNMP MIB Walker.

WhatsUp Gold also provides a library editor to create your own Active Monitors, such as those used to poll WMI attributes on Exchange and SQL Servers (Figure 2). For example, on devices running Exchange Server 2000 or later, WhatsUp Gold can alert you to link, queue, and cluster resource threshold crossings, and Site Replication, MAPI Information Store, and other service failures. On devices running SQL Server 2000 or later, WhatsUp Gold can watch processes, buffers, transactions, locks, users, SQL-generated alerts, and the status of various SQL services. Action Monitors can also be defined to probe web or other application servers for expected response strings and send/receive test messages through POP/SMTP servers. Operators that are more adventurous can even use VBScript or JScript to write their own Active Script Monitors, guided by examples. A handy Test function even helps you run any custom monitor on a selected device for debugging.

Alternatively, Passive Monitors can listen for asynchronous events that trigger status changes and Actions. Built-in Passive Monitors can receive standard SNMP traps (e.g., cold/warm start, link up/down, auth failure), SYSLOG messages, or Windows events (Figure 3). Custom Passive Monitors can be used to parse enterprise traps or messages/events that carry regular expressions—we used this to spot critical security incidents logged by our firewall. However, because failures can impede event flow, never rely exclusively on Passive Monitors—combine them with at least a basic ICMP Active Monitor to detect loss of reachability.

To dig deeper, Performance Monitors can use SNMP or WMI to periodically poll and record attributes for reporting purposes only. Built-in Performance Monitors can track CPU, memory, disk, and network interface utilization, but most operators will want to supplement these with monitors that track SNMP objects or WMI counters of interest to your organization (Figure 4). Hint: When creating your own WMI Monitor, hit the "..." button to view and select available attributes from any WMI-accessible device.

These monitors provide far more than SNMP network polling—right out of the box, WhatsUp Gold Premium can easily keep an eye on service availability, including key performance metrics for Windows SQL and Exchange servers. Tapping WhatsUp Gold's full service-level monitoring potential does require elbow grease, but wizards simplify that process. Monitors can even be applied to many devices in a single step—for example, use a Dynamic Group to select all devices with Windows credentials, then use the bulk field changer to add a WMI attribute monitor.

1. Polling and probing

2. Firing off actions