Introduction

Download this manual as a PDF file

This section describes how to discover and collect data from devices in SL1. It also describes how to configure and manage those devices in SL1 after they have been discovered.

NOTE: For information about the data that SL1 collects from monitored devices, how to configure monitoring policies to collect that data, and how SL1 displays the data in the user interface, see the section on Monitoring Device Infrastructure Health.

Use the following menu options to navigate the SL1 user interface:

  • To view a pop-out list of menu options, click the menu icon ().
  • To view a page containing all of the menu options, click the Advanced menu icon ().

What is a Device?

Devices are all networked hardware in your network. SL1 can monitor any device on your network, even if your organization uses a geographically diverse network. For each managed device, you can monitor status, create policies, define thresholds, and receive notifications (among other features).

Some of the devices that SL1 can monitor are:

  • Bridges
  • Copiers
  • Firewalls
  • Load Balancers
  • Modems
  • PDU Systems
  • Probes
  • Printers
  • Routers
  • Security Devices
  • Servers
  • Switches
  • Telephony
  • Terminals
  • Traffic shapers
  • UPS Systems
  • Workstations

In SL1, devices also include component devices and virtual devices.

What is a Device Record?

As part of monitoring your network, SL1 collects data using common networking protocols. Most collected data is associated with a device in SL1. A device record in SL1 can represent:

  • Physical network hardware, such as servers, switches, routers, or printers.
  • A component of a larger system, such as a data store in a hypervisor system or a blade server.
  • Any other entity about which you want to collect data, but want or need to associate that data with a container that does not correspond directly to a physical device or a component. For example, you might configure a device record that represents a web site or a cloud service.

What is a Device Class?

Device classes determine:

  • How devices are represented in the user interface
  • Whether the device is a physical device or a virtual device
  • How managed devices are discovered with the discovery tool

The Device Class Editor page (System > Customize > Device Classes) allows advanced administrators to define new or legacy device classes in SL1 and to customize properties of existing device classes.

Most TCP/IP-compliant devices have an internally-defined class ID, called the System Object ID and abbreviated to SysObjectID. This SysObjectID is an SNMP OID defined by the manufacturer. Each manufacturer specifies a SysObjectID for each different hardware model. In SL1, each SNMP device class is associated with a SysObjectID. During initial discovery, SL1 searches each device for the SysObjectID and assigns each device to the appropriate device class.

SL1 also includes device classes for devices that do not support SNMP. These device classes are associated with values returned by nmap. SL1 runs nmap against each device during discovery.

The following sections describe the types of device classes used in SL1.

What is a Device Category?

A device category is a logical categorization of a device by primary function, such as "server", "switch", or "router". SL1 uses device categories to group related devices in reports and views.

Device categories are paired with device classes to organize and describe discovered devices. Device class usually describes the manufacturer. Device category describes the function of the hardware. Each device class can include a device category.

NOTE: "Reserved" device categories are those device categories required by SL1. These device categories cannot be edited or deleted. If a device category does not display the bomb icon (), the device category is a reserved device category and cannot be deleted.

How Does SL1 Manage Devices?

  • Using discovery, SL1 automatically locates or discovers all hardware and hardware-components in your network. SL1 can also automatically discover most software applications running in your network.
  • Using Dynamic Applications, SL1 can automatically discover component devices.
  • During discovery, devices are categorized by device class and device category for quick identification. You can customize device classes and device categories and also define custom device classes and device categories.
  • On the SL1 Devices and Device Manager pages, you can view details about each discovered device, including IP address and MAC address, operating system, hardware components (like CPU, RAM, swap, file systems), interfaces, open ports, and installed software.
  • For each device, you can use the Device Administration panel or the Device Investigator page to define configuration and policies for the device.
  • For each device, you can use the Device Reports panel or the Device Investigator page to view details about the device, including graphical reports.
  • SL1 can monitor bandwidth usage for each discovered network interface. SL1 can generate reports and billing documents for each network interface.

NOTE: SL1 includes pre-defined events (sometimes called "alerts" in other applications). An event is a message that is triggered when a specified condition is met. Among other things, an event can signal that a server has gone down, that a device is exceeding CPU or disk-space thresholds, that communication with a device has failed, or simply display the status of a device or component. You can define and customize events to best fit your infrastructure. Events can be viewed through SL1, sent to users' email accounts, and sent to users' pagers or cell phones.

  • You can define customized performance thresholds and hardware thresholds for a device. SL1 can generate events based on these thresholds.
  • SL1 monitors availability and latency for each device. You can define availability and latency thresholds. SL1 also generates graphical reports on each device's availability and latency.
  • SL1 monitors open ports. Based on user-defined policies, SL1 can generate an event when a new port is opened on any device in the network.
  • SL1 can monitor port-availability for each port in the network.
  • SL1 can discover and monitor the hardware components of each device.
  • SL1 can discover and monitor the software running on each device.
  • SL1 can monitor system processes and Windows services running on a device. Based on user-defined policies, SL1 can generate an event when a process or service is running or when a process or service is not running and should be.
  • You can use device groups and device templates to automate the configuration and policies for multiple devices.
  • You can create a virtual device to store data that you want to manage with SL1 but that cannot be associated with a traditional device or that you do not want associated with a traditional device.
  • You can monitor ESX servers and VMware "guest" devices as you would monitor any other hardware-based device.
  • You can create parent and child relationships between devices. These relationships allow you to use a single solution to resolve problems for the related devices.
  • You can create asset records for one, multiple, or all devices in the network. SL1 automatically populates as many fields as possible, using information retrieved during discovery.
  • SL1 includes an exhaustive list of real-time, dynamic, graphical reports to display trends and status for individual devices, groups of devices, or the entire network. These reports can be saved in multiple formats and can be printed.

What is Discovery?

Discovery is the tool that automatically finds all the hardware-based devices, hardware components, and software applications in your network. You must provide the discovery tool with a range or list of IP addresses and/or a list of fully-qualified domain names (hostnames), and the discovery tool determines if a device, hardware component, or software application exists at each IP address.

For each device, hardware component, or software application the discovery tool "discovers", the discovery tool can collect a list of open ports, DNS information, SSL certificates, list of network interfaces, device classes to align with the device, topology information, and basic SNMP information about the device.

The discovery tool also determines which (if any) Dynamic Applications to align with the device. If the discovery tool finds Dynamic Applications to align with the device, the discovery tool triggers collection for each aligned Dynamic Application.

For more information about discovery, see the section on Discovery & Credentials.

What is a Credential?

Credentials are access profiles that allow SL1 to retrieve information from devices and from software applications on devices. Credentials typically include information such as a username and password, as well as any additional information required for accessing and monitoring devices. Dynamic Applications in SL1 use credentials to retrieve SNMP information, database information, SOAP information, XML information, XSLT information, and WMI information.

Core Credential Types

SL1 includes several core credential types that can be configured to access and monitor most device types:

  • Discovery uses SNMP credentials to retrieve SNMP information during initial discovery and nightly auto-discovery. If SL1 can connect to a device with an SNMP credential, SL1 deems that device "manageable" in SL1.
  • Basic/Snippet credentials are not bound to a specific authentication protocol. You can use this type of credential for Dynamic Applications of type "WMI", of type "snippet", and when defining system backups. Basic/Snippet credentials can also be used for monitoring Windows devices using PowerShell.
  • Database Credentials allow SL1 to access data on a database on a managed device. SL1 uses database credentials when collecting data for Database Dynamic Applications.
  • LDAP credentials allow SL1 to communicate with an LDAP or Active Directory system. For details on integrating SL1 with LDAP or Active Directory, see the section on Using Active Directory and LDAP.
  • PowerShell credentials allow Dynamic Applications to retrieve data from Windows devices. If you align a Dynamic Application for PowerShell with a PowerShell credential, SL1 assumes that you want to use its built-in agentless transport to communicate with Windows devices.
  • SOAP/XML credentials allow SL1 to access a web server on a managed device, and are used for SOAP, XML, XSLT, and snippet Dynamic Application types. With snippet Dynamic Applications, the snippet code must define the authentication protocol.
  • SSH credentials allow Snippet-type Dynamic Applications in SL1 to use SSH to communicate with a remote device.

While these core credential types can be configured to monitor most device types, they use generic field labels that are not unique to each device type they might be used to access.

Universal Credential Types

SL1 also includes several universal credential types that are tailored to monitoring specific types of devices by using field names that correspond to the terminology used and the structures of data needed for those technologies. SL1 includes universal credentials for the following device types:

  • Aliyun
  • AWS, including credentials specific to Assume Role, EC2, and IAM
  • Azure
  • Citrix Xen
  • IBM
  • VMware

There are also several universal credential types that are used for SL1 configuration and administration, rather than to monitor specific device types. These include SL Service Connection and S3 Backup credential types.

If necessary, a single device can use multiple credentials. If more than one agent or application is running on the device, each agent or application can be associated with its own credential. During discovery, SL1 will use the appropriate credential for each agent.

For example, suppose you want SL1 to discover a device that supports SNMP v2. To retrieve SNMP data from that device, SL1 must use a valid SNMP v2 read-only community string. So we would first go to the device and define the SNMP read-only community string. Then we would return to SL1 and create a credential in the SL1 system, using that community string. This new credential would allow discovery to retrieve SNMP data from the device.

Now suppose this same device also includes a MySQL database. Suppose you want SL1 to use a Dynamic Application to monitor that database. To retrieve data from the database, SL1 must use a valid username and password for that database. So we would first go to the device that hosts the MySQL database and create a database username and database password for SL1 to use. Then we would return to SL1 and create a credential in the SL1 system. The credential would include the database username and database password for the MySQL database. This credential would allow the Dynamic Application to retrieve data about the MySQL database.

For more information about credentials, see the section on Discovery & Credentials.

What is a Virtual Device?

A virtual device is a container for collected data. A virtual device can be used when you want to:

  • Monitor a device or application that doesn't support TCP/IP, SNMP, or both. The device's data can be pushed to SL1 via another method (for example, email) and stored in a virtual device.
  • Monitor multiple SNMP agents on a single device. In such a case, one of the SNMP agents (for example, a hardware agent) can be associated with the device and another SNMP agent (for example, an agent that monitors a software application) can be associated with a virtual device.
  • Isolate and monitor specific parameters separately from their originating device. For example, you might want to monitor a database and keep its data separate from the hardware data you are collecting from the host device.

For more information about virtual devices, see the Virtual Devices section.

What are Component Devices?

SL1 uses Dynamic Applications to retrieve data from a management device and discover each entity managed by that management device. SL1 then uses that retrieved data to create a device for each managed entity. In some cases, the managed entities are nested.

  • In SL1 a managed entity is called a component device. A component device is an entity that runs under the control of a physical management device.
  • In SL1, the root device is the physical device that manages one or more component devices.
  • In SL1, a parent device is a device that has associated entities modeled as component devices. A parent device can be either a root device or another component device.

For example, in a Cisco UCS system, SL1 might discover a physical server that hosts the UCS manager. SL1 might discover a chassis as a component device. The chassis is a child device to the physical server; the physical server is the root device. SL1 might also discover a blade as a component device that is part of the chassis. The blade is a child device to the chassis. The chassis is the parent device.

The Device Components page (Devices > Device Components) displays all root devices and component devices in an indented view, so you can easily view the hierarchy and relationships between child devices, parent devices, and root devices.

Depending on your Key Privileges, you can access the Device Management tools, the Device Administration tools, view details about each device's interfaces, generate and print a report about a device, file a ticket about a device, view an asset record for a device, and perform bulk administrative tasks from this page.

What is a Dynamic Application?

Dynamic Applications are the customizable policies that tell SL1 what data to collect from devices and applications. For example, suppose you want to monitor a MySQL database running on a device in your network. Suppose you want to know how many insert operations are performed on the MySQL database. You can create or edit a Dynamic Application that monitors inserts. Every five minutes (for example), SL1 could check the number of insert operations performed on the MySQL database. SL1 can use the retrieved data to trigger events and/or to create performance reports.

SL1 includes Dynamic Applications for the most common hardware and software. You can customize these default Dynamic Applications to suit your environment. You can also create custom Dynamic Applications.

Dynamic Applications in SL1 support a variety of protocols to ensure that SL1 can always communicate with the devices and applications in your network and retrieve information from them. Dynamic Applications can use the following protocols to communicate with devices:

  • SNMP
  • SQL
  • XML
  • SOAP
  • XSLT (uses SOAP and XSLT to convert XML data to a new format)
  • WMI (Windows Management Instrumentation), including WMI and WBEM
  • Windows PowerShell
  • Custom Python applications (called "snippets") for proprietary or more complex data retrieval

What is an SL1 Agent?

The SL1 agent is a program that you can install on a device monitored by SL1. There is a Windows agent, an AIX agent, a Solaris agent, and a Linux agent. The agent collects data from the device and pushes that data back to SL1.

Similar to a Data Collector or Message Collector, the agent collects data about infrastructure and applications.

You can configure an agent to communicate with either the Message Collector or the Compute Cluster.

The following minimum agent versions are required for SL1 12.1.1 and later: Windows version 131; Linux version 174; AIX version 180; and Solaris version 180. Users who require agent-based log collection on a device with a Windows agent or a Linux agent must have the minimum Windows agent (131), or for a Linux agent (174). ScienceLogic recommends that users perform an upgrade, if they do not have the minimum required agent versions, via the Upgrade button on the Agent page in the current user interface, or by downloading and upgrading the agent manually.

For more information about monitoring devices with the agent, see the section on Monitoring with the SL1 Agent.

What is Virtualization?

Virtualization is when multiple virtual machines run on a single hardware platform. Each virtual machine is a software-based implementation of a computer that executes programs like a hardware-based computer. A virtual machine provides a platform on which you can run an operating system and software applications. For example, a single server could contain a virtual machine running Windows and Windows applications, another VM running Linux and Linux applications, another VM running BSD and BSD applications, and another running Macintosh OS and Macintosh applications.

A hypervisor is the software that allows one or more virtual machines to run on a single hardware platform. The hypervisor software allows the virtual machines to share the RAM, CPU, and disk space on the hardware platform.

Each virtual machine can run its own operating system. A virtual machine can provide an alternate instruction set from the hardware-based computer.

Virtual machines are frequently used to:

  • Run multiple operating systems on a single computer.
  • Consolidate hardware servers and run multiple server applications on a single server.
  • Provide multiple, isolated development environments.

What is an Asset Record?

An asset record is a collection of relevant information about an asset. In SL1, asset records are usually created for hardware devices.

In SL1, asset records can contain information about:

  • The name, make, and model of a device.

  • The serial number of a device.
  • Function and status of the device.
  • Networking information, like host ID, IP address, and DNS server for the device.
  • Hardware information like amount of memory, CPU, and BIOS or EPROM version.
  • Physical location of the device.
  • Vendor information for the device, including PO or check number, warranty policy, and service policy.
  • Description of the network interface.
  • Description of each hardware component (if applicable).
  • Description of installed software (if applicable).

SL1 will populate as many fields as possible automatically, using data retrieved during discovery and collections. You can enter values in all the fields or in only those fields that are required for your business processes.

You can specify which asset fields will be populated from data retrieved during discovery and collections and which fields will be populated manually. To specify this behavior, go to the Asset Automation page (System > Settings > Assets).