Home > SolarWinds Lab Episode 53: SAM Template Showdown

SolarWinds Lab Episode 53: SAM Template Showdown

Head Geek Leon Adato and Product Manager Steven Hunt unload a double barrel of knowledge and deep-dive insight into what makes SAM components tick. They cover every single element and option, so you are able to build the most comprehensive, powerful, and useful templates in the Wild Wild West of your data center!

Back to Video Archive

Episode Transcript

We're going to start by looking at the aspects of SAM component monitors. Wait, wait, wait, wait. That's it? No set up? No goofy intro, no... You said you wanted to cover all the SAM component monitors. Well, I did, but I thought we could at least get a geek in a bee costume or something. Do you have any idea how many there are? Of course, I know how many there are, but I still think that we have to do some kind of... Roll the list please. [Light-hearted retro music] Okay, well, what are we doing wasting time? Hi, everyone, I'm Leon Adato. And I'm Steven Hunt, and welcome to SolarWinds Lab. We obviously have a lot to cover to answer the questions that we've gotten about configuring SAM components. If I have questions as you're watching, go ahead and ask them in that chat window you see over there, and if you don't see a chat window that means you're not watching this episode live. To do that, head over to lab.solarwinds.com and sign up for reminders on upcoming episodes, and you can even leave us comments about what you'd like to see us cover next. Clock's ticking. I am done. Let's hit it. So first off, let's talk about what's common amongst the component monitors. That's a really good idea. And actually, just for everyone, anytime we show you a component element, we're going to show it that one time. We're not going to go over it in every single template that we go over, because there's lots of things that sort of build as they go. If you're watching, you're jumping right into the third demo that we're doing, and you say, well, wait, what about that? You're going to have to go back and take a look at it, because we probably covered it earlier on. So yeah, let's take a look at the things that are existing in every single component across the... All right, let's do that. First, let's just take a look at any component monitor and kind of what you have to start with to ensure that it is functioning correctly. Great. The first thing you want to do is be able to select a component monitor inside of an application template, and then you want to set a test node. So the whole purpose of this is just making sure that this is working correctly, right? Anything that I'm going to monitor against, I'm able to actually make that function happen. Right. The number of times I've checked off the box and then hit Test and it doesn't work is in the thousands. So yeah, you first have to set the test node. Then you can test, just. Yep. So the way to do that, select it, select the test node. Expand your list. You can group by vendor. You can group by machine type. However, you can find that node. Find your machine, select it, click OK. Now my test node is set. Now any time that I need to make a change to a component monitor and then I need to validate, will that actually work? All I have to do is select my component monitor and click test. So wait for that to happen, make sure that that test executes correctly. And then once it's successful, you'll get the prompt. Some other things that we want to look at, just from a basic component monitor standpoint, is things like thresholding. Okay. So this is very, very critical to the usage of component monitors. We're polling data, we're trying to get information back, and we want to take action on it in some form or fashion. This is a perfect example. So in this component monitor that we're using, you can see certain thresholds for CPU, for memory. The whole purpose here is to set up a value that you can define for different situations, for example, warning or critical state. So for CPU threshold, I would come in here and I would set whatever my defined value should be for my CPU threshold. This is really what your organization wants to set in terms of that value, right? What is it that is considered warning or critical for your systems? One of the places where this becomes extremely important is setting up alerts. I know that a lot of folks will set up a component, but then they put their values in the alert trigger, and the challenge there is that, you know, in one particular component element, the thresholds are at 80/90, and then in another one, it's at 70/60, whatever it is. Here, instead, what you can do is set, you know, alert me when it is critical. Alert me when it is warning. I don't know what the number is. I don't care what the number is, because the template, the component, controls that, so you can create a lot more generic alerts because, at the component level, it's handling the logic of what it needs to be. Just so that your head is in the right space for why this would, why you would use this. You'd say, alert when critical. I don't know what the number is. I don't care. Right, and that's extremely effective, because I can do this for a broad base of nodes, or I can do this for individual nodes by overriding the template itself. Right, right. I can easily come in here and say for CPU threshold, I want to set my warning state at 80% or greater or I want to set my critical state at 90% or higher. Sure. Now, at any point in time that I need to alert or get information about the fact that the state of my system, has the CPU gone beyond that threshold? It's now configured that way. Fantastic. Is there any other way we can do this though? So, there's another aspect. We don't have to do this static definition. We can actually use what's called calculating a baseline. I love these. It's actually really, really simple to do. You open up your component monitor, you go to the specific threshold that you want to set, and then you select "Use threshold calculated from baseline data." Now, this is extremely similar to what we do for nodes, as well. Right. Now, in the nodes screen, you can actually see the baseline data that we're collecting. Here, it actually isn't available, but that's okay. If you want to read more about it, if I wanted to see more what it was talking about, where would I go? So you can, if you look in this blurb right down here, it talks about calculating thresholds or baselines. If you click on that, you'll read a little bit more about baseline thresholding, and you can go into our actual online documentation that will give you a lot more in-depth detail about that. Very good. Okay. Anything else that's common across all of our templates? Well, so, you can also define like, polling intervals, more or less, right? Like, how does this data apply across a single polled instance or multiple polling? Mmhmm. So if you look here, you'll be able to see that, by default, we've set this for a single poll. You can actually come in here and define that for a number of consecutive polls, or you can say a number out of another number of polls. So, perfect example, right? I want to make sure that this is the case for over a duration of time. Sure. Say, for the last 24 hours, or the last two hours, or whatever the value is that you want to set. You can actually define that to ensure it's not necessarily that one point in time in instance, but it's actually happened for a longer duration, which is a significant issue. So you're saying that I want to make it critical or warning or whatever when three out of the last five polling intervals have been warning, but they don't have to be consecutive. It's not one, two, three. It could be one, three, five. Correct. And then it's critical, even though two and four were okay, but it's still wobbly enough that I'd want to know that it was in a warning state or a critical state. Correct. So, it happened once, it happened multiple, consecutive times, or it happened multiple times, non-consecutively. That's great. So, now that we've gone over some of the things that are consistent across all the templates, now, I think we should get into some of the specific template components and really look at what they have to offer. That's a great idea. Now, before we dig into the specifics of a few components, I just want to point out that building a component is something that if you have SAM, it's one of the, probably the first thing that you've done after you've loaded up your devices. But a lot of folks will add them using the Component Wizard and then they sort of walk away, or it looks very complicated, or what have you. This is a skill that you build over time, that understanding how to either handcraft— you know, just add them in from the actual template or modify them isn't something that comes to you right away. And one of the reasons we're covering it now is because we've gone over, in a lot of episodes, just, and then you add a component, and then you create a template. But digging into the details of this is something that people have asked for a lot, and I just wanted to hit every single line in there one at a time. So I don't know if that's your experience. Yeah, well, it's one of those things that makes SAM really, truly powerful, right? The ability to monitor anything and everything in your environment. Component monitors and the flexibility of those is what really allows that in-depth monitoring capability that SAM was built for. Right. So I'm going to start with what I consider to be the most foundational component that SAM has, which is the SNMP Process Monitor. I know we can do Perfmon, and, you know, we've added things over the years. I remember when SAM was in its nascency, but this is sort of the basics of it. And of course, it works on Linux, so of course I'm starting here. It does work on Windows as well. You can monitor SNMP on Windows. It does, you're absolutely right, and that was where, again, SAM started, and we're going to talk about that also. So here, I've got a component monitor. I'm monitoring process using SNMP. I'm monitoring cron, and there's actually not that much to it. What is the name of the process, and a command line filter if, for example, Java, you wanted to pull out a specific Java process that had a command line there, you would put that, and it would use it to look for that. But where do I get this name? That's one of the questions I get first. How do I know what the name is, if I'm not going to use the wizard, which—use the wizard. That's how you do it. But, if you're wondering where we get it from, we've got a couple of Linux running here, and it's actually the machine that would be the test node. And if you're familiar with Linux, P.S., run the processes, and I'm going to say everything. That gives me a list of all the processes that are running, and in this case, I'm looking from cron or something like cron or whatever, so I would use a grep feature. And there, you can see right there at the bottom, this one process is called cron, sbin/usr/sbin/cron. I don't need to give the path to it. Right. I just need to give the name of it, which is right there. That's how you get the name of the process. But, to your point, what if this is a Windows process? What if I'm doing SNMP monitoring of processes on Windows? Well, then you go to Task Manager, right? And there's a list of your processes, but you have to be a little bit careful, because you wouldn't be looking for Firefox, parentheses, 32 bit, or let me pick another example. IIS Worker Process. Okay, that's a great name, but that's not going to work, and this is where I also get a lot of questions from people saying hey, I put the process name in. This isn't it. You want to right click, go to Properties. This is what you're looking for, the w3wp.exe. That's the name of the process as it's running, you know, in the system. The pretty name isn't going to work here. We'll get to where it does work in a second, but that's the deal. Just be careful as you're picking these processes. And the other thing you want to remember is, again, this is SNMP Monitor. You have to put Configure SNMP on Windows. Yes. We've got some other component monitors we'll talk about here in a little bit that can help do this job a little bit more efficiently in terms of the context of Windows. Mmhmm, right. Exactly. But if you have machines that are, you know, across a firewall where you can't open up ports, and we'll talk about that also, SNMP is great in a pinch. I happen to be still a big fan of SNMP, even though it means that your server team has to configure it and all of that. You would. But I do, I still like it. All right. So that's process monitors. But let's take a look at a service monitor, because again, as we said, Windows service monitors look a little different. Here we have a Windows service monitor. I actually put this "Change My Name PLEASE" on purpose, because I see a lot of times when people add a component, it says Windows Service Monitor there, right there on the screen. You can change it. Click of the check mark, rename. We're going to call this what it is, WMI Service Monitor for Leon. So the importance of this really is, as you're building up your templates, as you're creating your component monitors, you know what this component monitor was used for. It helps in repurposing it for uses within other templates, but to your point, right, it's really, really important not to just have that generic name on there that came when the component monitor was added. Let's be specific about what we're trying to actually monitor with the component monitor. Also, because when you build your alerts, I can't tell you the number of times I have seen an alert come in that says, you know, Windows Service Monitor is down. Which one? Well, it's looking for the name to tell you what that is. So, for Windows Service Monitor, again, you've got the credential for monitoring. Now, since this is WMI, it's using Windows authentication. You'll want to use either one of the preset ones or inherit from the node if you're monitoring the node with WMI. I want to point out here, you can't add it here. Correct. So you're going to have to go in and add it prior to this screen, if that's what you need. Correct. And again, I've also tried to right-click and go to another tab, and add— it will not pick up here. You have to save, come back. So make sure that you have your credentials in there before you start. It's one of those base aspects of monitoring. Make sure you've got your credential store set up. That way, you can leverage that credential store in any aspect of your doing. Exactly. I'm going to come back to fetching method in a minute, but the service name, the net, and even it says Net Service Name, because really, what that is is a hint to say that if you went to the command line, because I love the command line, because, you know, I'm me. This is the name that would appear under Net Start. So let's make sure we highlight this, right? And the process we're looking at, the actual process name, the executable, from a service monitoring perspective, we're actually looking for the common service name that you would find in this list. Right. So here, it's Print Spooler, once again. Status, we're not, we don't need to talk much more about that, and actually, that's a thing for the whole episode again. If we've covered it once, we're not going to cover it again, so don't think that we're giving you short drift. You just have to go back, earlier on in the episode. All right, so fetching method. We have Fetching Method WMI, Fetching Method RPC. So, it's interesting, right? Which one do we choose? Right. The simple, short answer is that if you're inside your organization and you're not crossing any firewalls, and you're not going across a VPN, you probably want WMI. If you are doing those things, you might want RPC. Going a little bit larger, WMI uses a lot of ports. It uses port 135 to setup RPC. It uses port 445 for WMI, and then it uses any number of ports it wants between 1024 and 55,535. Yeah, whatever the operating system assigns. And it will change. Constantly. In the middle of a conversation. So it's not even like, once it sets up, establishes the connection. It's going to flow. It uses what are called ephemeral ports. Right. So, WMI uses lots and lots of ports, which make anybody who's managing your firewall incredibly unhappy. True. So you typically don't do that. RPC, on the other hand, uses a very small number of ports that you can see on the slide, and, you know, so it's a little bit easier, but there are some things you can't do with RPC, which is why we tend to encourage people to use WMI within their organization. Yep. So that's the fetching method in brief. And that's it. That's it for service monitoring. Yeah, everything else, you know, we had talked about it previously, in terms of the thresholding, the baselines, etc., that all applies here. Right. So I think what we need to do is cover some more templates now. Let's take a look at some of the more intense Windows things, like Perfmon and event one. You want to do that? Yeah, let's do that. Okay. So, we've been looking at WMI through the lens of doing service monitoring and process monitoring, but WMI can be used for a variety of other monitoring things that often, people overlook, because they think that oh, I can just do a service, why would I need that? So what else can we do with it? So, that's a really good question. Thank you. If you think about, you know, what's available through a WMI query with inside of Windows, right, there's just about anything within the Windows that we can look at. So, for example, within this WMI query that we have here, we're looking at the available megabytes inside the operating system. Okay. So that's a perfect example of, through, you know, a service or process monitor, we're not going to get data like that. But we need to be able to grab information with regards to resource utilization on a box. There's numerous examples out there, right? We could go through and find what is the status of something that's configured within the operating system. Okay. In this case, we might look at the value that is returned in here in terms of, you know, that numerical value. What does that represent, right? Is it a certain value that we need to look at in terms of the size? Megabytes is a perfect example, and the other case that I was talking about with regards to a status, you know, zero, one. It's binary. Is it configured, is it not? Is it enabled, is it not? We can look at all those types of things with a WMI query. I feel like also this question about, what do I use a WMI component for was a question we got before PowerShell became quite so prevalent in people's, in the average IT pro's mind. You know, now, it's pretty well known that PowerShell is one of those essential skills that server admins, system administrators need to have, and you're sort of more aware of the things that you can pull out of the WMI's space itself. But yeah, this is the component that you use to pull out any of those things. Yeah, as a Windows administrator, WMI was our first foray into interacting and configuring the operating system. Mmhmm. Now that PowerShell exists, that's a whole other transition, but we can touch on PowerShell a little bit later with one of our other component monitors. Okay. We'll take a look at that. Otherwise, we're going to hold off on the... We're still doing scripting. We've got that coming in the future. I know Patrick has been chomping at the bit to talk about that. Exactly. So let's focus on the WMI query and really, like, how can we interact with it. Okay. So in this example, we're polling available megabytes. So one of the things that you might want to do is look at how that value relates to the previous value. Mmhmm. That you gathered, right? So you can simply check this box, Count Statistics as a Difference. Right. And this is something I talk about, you know, if you have a number that, first of all, isn't always increasing, you know, it's going up and it's going down. So, you know, did it go down by five, did it go up by 10? But the other thing is that even if you do have a number that's increasing, sometimes you want to alert on the delta. You know, I want to know. I don't care what the— especially for disk space. I don't care what the disk space is. I don't care if it's nine percent or 12%, but I do care if the leak from the last collection to this collection is more than 10% of the total space. Correct. This is one of the ways that you would be able to get that. Yeah, exactly. So growth pattern is the perfect way to identify, you know, if there's something wrong, and this could help you do so. Fantastic. What are the other things we can configure here? So, one of the other things you can do is, say you need to do a conversion of the data. So I'm looking at it from a megabytes perspective, but I want to really understand how that relates in a different value, right? So maybe I want to convert that down to kilobytes because of the value that I'm working with, most standardly represented via kilobytes. Or I want to go up in gigabytes, for example, right? Mmhmm. So I can, in some situations, this one shows common formulas on how we can convert that value. This is simply truncating and rounding the value that we select. But if we want to get something more complex in terms of being able to actually convert that number to a different number value, we can actually define a formula for doing so. Okay. So we can come in here and actually define that statistic as in a conversion method. So, statistic. While you're typing, I just want to point out there's an example down below and there's also a little more examples click-y, which is really useful if you want to see a few different variations. But, you know, we just put that there as reference. Perfect, and I'm just retyping in that actual existing formula, and this would change the conversion from megabytes to a higher value so we can use that for actually acting on. Great, and before we go further, I just want to remind everyone that this will appear in other places; for example, performance monitor counters. We're not going to talk about it there, because we talked about it here, but the same process exists, whichever component you encounter these kinds of transformations in. So, speaking of performance monitor. Mmhmm. Let's go take a look at that component monitor. Excellent. So we've got an example of a performance monitor counter. This one's specifically... It's my favorite. It's Processor Queue Length. I've talked about it at least a dozen times since, you know, I started on Lab two and a half years ago. So, you know, it's a Perfmon counter. It is just a Perfmon counter. It is just— but it's a beautiful one. It's a happy one. But this is a perfect example on how you can actually pull in different performance counters that are within the operating system. Processor Queue Length is a perfect example. If I want to pull information about the CPU average usage, I/O usage, anything that I can look at from a performance counter standpoint within the operating system, I can actually poll through here. Great. So what are some of the specific transformations we can do here? So one of the things that we probably want to look at is fetching method, which, we touched on that a little bit, but it becomes a little bit more in depth. There's a couple more options that are available here. So let's open up the fetching method drop-down. There we go. And these are, yeah, there's two extra examples. Actually, three extra examples that weren't in the previous one that you saw, which is why we're coming back to it. So I'm going to put a chart up, just to look at all, you know, to give descriptions of each one of those. So what we've got is, I'm going to leave default for a second. Right. We have three methods, which are effectively doing RPC, and we talked about the ports that are needed for RPC and the use cases, right? If you're going across a VPN, across a firewall, you're going to use RPC because it uses fewer ports and you can lock it down. WMI, you have too many ports. You have too many. You have a lot of ports, and you're going to use that necessarily when you're internal. That's the first thing. But we have three different ways of doing an RPC collection. So let's go ahead and run them down. So the first type of RPC call is managed, and this is a simple .NET call. Mmhmm. Basic .NET call methodology. The next is external. So this is using the CounterFetcher utility that we have. The example here is we're not actually leveraging the operating system, the native capability of the operating system. We're utilizing our own utility to actually go in and make that RPC call. So, CounterFetcher.exe is something we included in the SolarWinds product set. Right. Just in case, whatever. Right. And then the native capability, the PDH API call. So again, this is native to the operating system, this ability to actually leverage what's there, leverage what's in the operating system, and do that natively. Perfect. So I said we would talk more about the default, the top item, before. A lot of times, it gets overlooked. People think it's the, you know, please pick one. It's not. Default means that it's going to try the most appropriate other methodology, in order, until it finds one that works. So in most cases, that's the one you're going to stick with. Right, and in most cases with things inside the product, the default configuration is probably what you want to stick with, unless you know you need to change that. Right. Okay. So that's Perfmon counters. I don't think there's anything else new there. So, where are we going to go from there? So now, let's look at the Event Log Monitor. So this one, we're going to dig into a little bit, because there's quite a bit of configuration here. There's a lot. So think about any time that you need to actually go in and understand, is there anything within the event log, something that was written there, something that you need to identify that's either a problem, an issue, you know, that's often been written to the log. So, will give the ability to actually go and dig through that log, find that information, whether it's the existence of that once, whether it's the existence of it multiple times over time. We can go in, and dig and find that. Okay, so what do we got? So the first thing we need to look at is Log to Monitor. So if anyone's dug through the event log, which I'm sure you all have, many, many times, what type of log are we looking at? Oftentimes, we're looking at the application log, right? Right. Did the application write something? Although security comes up a lot, although whatever, the fact is is that any log is going to look through all of them. If you know it's only going to be in one particular log, if the machine you're looking at has a special log that your application has created, that'll be there too. Yep, you can even define custom. If there's a specific log that you've written to or that your application was working with or something that you've got set up, you can go dig into that custom log. Yep. All right, so we'll set this to Application. So the next thing is Match Definition. So we can look at, you know, any time the error pops up in the log, and that's a match, or we can get a lot more specific. We can set that to custom, and then we can actually come in and define the log source. So this is specifically like, what wrote to the event log. We can define aspects about the event ID. We can match a specific event ID. We can find all IDs within a certain criteria, or we can exclude specific IDs. Right, so all the IDs except these ones. Right. So we'll set this to match only specific IDs. Define your ID number. So ideally, you know what was written to the log or you've identified what is it you're looking for. You'll define that ID number. Or multiples, with commas. Or multiples if you need to. We can separate that out if we need to. And then event type. So, again, this is very common to the event log. We need to define error, warning. What is it that we're looking for? The type of event that we're looking for. Mmhmm. We can even look for, you know, what user generated it. We can get very specific into the user account or the system account that actually generated and defined that. Then we can also get down into, like, the actual event information. So you're looking for, for example, certain keywords within there. You don't want to necessarily define the full thing. You don't know exactly what the full text is, but you know certain aspects about that event so you can actually go in and define, you know, those specific keywords. With wildcards, or... Correct, correct. Right. So you can just do a part of a phrase or whatever it is. Right. And if there's events that are somewhat similar, not only can you include certain events, but you can exclude certain events when we're digging through this. When it says this, but not when it says that. Right, right. And the next this is number of past polling intervals to search for. So, how far back do we want to look into this? I've actually had someone on THWACK recently ask about, you know, how can they search for a certain event that happened multiple times with a timeframe, with 24 hours. So if you know your polling interval... Which is typically five minutes, that's the default. Right, then you can multiply that out by the total amount of time that you want to look back within that long. Right, it also helps to reduce the number of duplications. Because if you're saying, I'm looking for this event within the last 15 minutes or 20 minutes or whatever it is, then you know that, if it hasn't happened for that amount of time, then it's going to clear. So it's a way of thinking about, how do I not get one alert every five minutes because it still happened. It happened again. Right. That's the other reason for that particular value. So in the example that I mentioned before, they want to find it within a certain timeframe, and they want to find, you know, did it happen so many times within that timeframe. So I can actually go in and define, you know, if match found, in this case, based on event count. So the amount of times that event actually happened within the interval that we defined. So, you know, if this happened 10 times within the last, say, 24 hours, whatever we defined, we can actually define that as a warning or define that as critical. You know, whatever the case may be. Right, and again, as we saw earlier, if we see 10 times, it doesn't have to be 10 consecutive times. It could be 10 times within a 24-hour period, which is a lot more than 10 polling cycles. Yep. In this case, I may want to know that, you know, it happened five times within the past x number of polling cycles, and that just gives me a heads up. That's a warning. But then once it reaches my actual threshold of 10, I know that there's a significant problem with this application that I need to address. Right. Really nice. That's a lot of good Windows stuff. What I'd like to do is transition to something completely different and start taking a look at the web-based components, because I know that we have a lot of viewers and folks who are using SAM to monitor their web environment in interesting ways. Absolutely. Let's take a look. Okay. So where I want to start is actually with a component that doesn't get a lot of love, and that's the Web Link Monitor. And the reason is because people don't understand the difference between it and the HTTP monitor. It looks almost the same, so what are the differences? Why would I pick this? So, the main reason why you would utilize this one is just to understand, are there any broken links with inside the page that you're polling up? Got it. So what it's doing is going to the page and just following links. Right, right. Not actually checking to see if the page is responding, but we're actually looking to see, are there existence of broken links, and if there are, how many are there? So it's actually very different from HTTP, but you have to sort of know that. And we do explain that in the description, but sometimes people read a little fast. So we have the URL, the starting URL, sort of the root of it, and it's going to follow from there, except compression. Right, so the whole aspect is if there's a compression in the web page, you need to be able to understand that that exists. That it's happening. Right. Okay. Exclusion filter is, again, strings that you want to ignore, either in the link or in the text of the link. Ignore external links, ones that are going outside of this webpage. Those that you don't have any control over, potentially. Convert value, we saw before. Same idea there. And then that's it. That's the rest of the template. So there's not much there, but it's a really useful component to use if you're trying to check the validity of your website or make sure that nothing has gotten broken, like you said. But, there's also the HTTP Monitor. That's the one that I think people use most often when it comes to web monitoring. First of all, we want to specify the port—80 by default, but of course people set their webpages on different things. 8080, we'll leave 443 out for a moment. But people can put things on 1111. The sky's the limit. Yep. So that's the port number which is being used here as a variable, and I think people sometimes don't understand that, and they hardcode the port there. Yeah, what's important there is to be able to define what that incoming value is going to be so you can kind of dynamically set it. Right. So, host header is something that I've actually not dug a lot into. So what's that all about? So if anyone that's familiar with creating webpages, interacting with webpages, webpage development, they understand, what is that kind of initial communication with the web server? That information is involved in the host header. So being able to define some of that information within here and utilize that when I'm sending the request to the web server for the check. And again, what we're saying is, is this page up? Is it responding the way we want? So part of that is the host header coming back. Right. Am I doing a get request, a put request, a post request, or a delete request? Again, if you're familiar with webpage actions, that's, you know, those are the things. Those are all common. Those are, yeah. If you don't know what they are, it's get. If you're not sure, it's going to be get. Don't worry about it. And if not, maybe ask your web admin. Yeah. And the same thing with redirects. If I'm going to http://leonisawesome.com, but that redirects to, you know, something boring, like, you know, leon.com or something, then that's a redirect. Do you want to follow it, or are you really trying to see if that site is up? Correct. Use proxy--do not use proxy. Again, if you're familiar with your web environment, you either say that you want to or don't want to use the proxies, and then if you say you want to use it, you have to give the address of the proxy. Correct. Now, user agent. This is one that I think a lot of users get stuck in. They play around with it, or it actually hangs them up. So what are some things that we should know about the user agent? So the important part here is being able to essentially emulate what browser you're utilizing. Different browsers may potentially interact with different websites differently, and you may want to define a certain browser interaction. Maybe your site only supports certain browsers, and you need to specifically check that browser's interaction with the website itself. So this is where you would actually define the browser itself. So this is announcing to the page, hey, I am Chrome, or I am Internet Explorer, or I am whatever, so that the webpage can respond appropriately. Because the webpage itself is actually saying, oh, if you're Internet Explorer, then I'm going to give you this kind of code versus if you're Firefox or what have you. Potentially, right. So that's great, and I can even see having the same monitor a couple of items to test each one so that you know, oh, it broke, but it only broke under this or that. Right. Okay. Search string is when you're looking on the page. Yeah, you actually want to find text on the page specifically, and this works with the second piece there, fail if found. So if you've actually found that string, say you're searching for something that you know will exist on the page when there's a problem that actually happens with the webpage. You can actually define that search string and then say that this check is going to fail because you did find it. Right. So, famously, one of our other Head Geeks, whose name I will not mention, but it rhymes with Bestiny Dertucci, used this to get tickets to a concert. She went to the concert ticket sales, and it says, no, not on sale yet, and she kept searching for... She searched for not on sale yet, and she said, you know, fail if not found, and then she got an alert immediately when tickets went on sale, that way, and she was able to get near the front row. SolarWinds Application Monitor: not just for your data center. Not just for the data center anymore. Right. You can use this for all sorts of nefarious purposes. Header request, full request or headers only. Yeah, so, again, we were talking about the header definition in the beginning. So do we want to have the full request and actually check against that, or do we just simply want to submit the header? Right, because if you have a large webpage, it takes a long time to load, or you just don't need to drag it across the wire every time. Yeah, maybe the only thing we're just checking is that initial response. Right. Once again, accept compression. We talked about that with the web link monitor. No big deal there. Authentication node. Normal, pre-authentication, always authenticate. So this is a common thing that we obviously see like in IS servers. Is there an authentication that needs to happen to the website? So you can actually define that from here, and you're either going to authenticate or you're going to pre-authenticate. Got it, okay. And that is the HTTP monitor. So now, I want to switch over. Remember, we talked about the ports, and, you know, not 443. That's because there's a separate template specifically for HTTPS, for the secure socket layers transactions. So here, we're looking at that. There's not a lot different from the regular HTTP. The port's 443, fantastic. Or if you have another potential secure port that you want to utilize that you've set. Right, exactly. And otherwise, the differences are here with the certificate errors, so are we going to ignore, or do not ignore the certificate errors? Because it's secure, so it's going out and it's getting, it's making a certificate transaction. But keep in mind, this is that typical, that user interaction behavior. So if you've got maybe an internal certificate that users don't have to worry about and you just ignore that and move forward, maybe you didn't set up your website as securely as you should have. Or it's internal and you want to have it be, have a secure transaction, but you're doing all the internal certificate stuff, so you want to ignore that popup that says, this is not a... So we can take that into account. Right. The same thing for the CA and the CN. Correct. Errors. So that's really all that's different with HTTPS versus HTTP. Yeah, we just really have to take in the context of the certificates. Right. So there's one more HTTP-specific item, and that is the HTTP form, which I have a component here. The form login. Now, the idea here is that you're going onto a webpage, and it's going to pop up a screen that says, you know, who are you, give me your login, what have you, and this can really confound my ability to test a website because I've got to log into it before I get there. So the idea here is that I'm going to fill out the form, I'm going to answer the form, and I'm going to make sure I get to the next page I expect to get to after that. Yeah. So you know, it's a little bit more advanced web monitoring. I want to understand what is that interaction going to be, and what is my response that I'm going to get out of that. This is going to enable that capability. Right. So, we have the credential for monitoring. Now, we looked at credentials earlier, but I want to take a minute, because they have to be in there before you create this component, but this does throw people a couple of times. So a lot of people go in to Manage Accounts, and they create either user accounts here, and that's not what it is. That's not where it goes, even though it says manage accounts. Where you want to go is under SAM settings, and the Credentials Library here. This is the place where you would set up your credentials for the SAM monitoring. That's the one. Not the other place that a lot of people run into. So just so you're aware, it's the SAM credentials library, not the regular credentials library. Okay, so that's the credential for monitoring. Everything—a lot of the stuff here is familiar already. The port, the host header, the use proxy. Again, ignore or don't ignore the CA errors, compression, but then we get to the log form. Okay, the login form is looking for keywords that are actually in the form that say, this is where I put my username, this is where I put the password. How do I know what thing on the screen is the form for me to look at? Right, so, you know, as that form is being built, there's specific elements to that that define which it is, if it's the username, it's the password, it's whatever field that is. That's what you have to know and understand to be able to fill out this section of the component monitor. Right. Now, one way, if you don't talk to your web developer, which you should talk to your web developer, but one way you can find out if you don't, if you're not able to, is to bring up that form page and then do a show source. Right. Because the show source is going to show you all the things. Now, it's a lot of web code. It's a lot of HTML. But you should be able to zero in on the form and see these keywords in case we haven't listed these. And notice that we're saying login, or. That's the pipe symbol, the up and down there. So login or auth or email, so you can add your own to your list or remove these. So, again, Login Form Keywords, the Login Control Keywords, that's the actual control you're going to be putting things into, and the Password Control. Once you have that, there's also, how do I know that the login failed or it succeeded? You can do a regular expression or straight text to say this is how I know that I succeeded or didn't. And again, sometimes people look here and say, yeah, but where do I put the password? Oh, that's what that credential was for. That's the thing that's going to fill in the username and the password. Yeah, so whatever you're using to emulate the end-user's interaction with that web form, you want to make sure that that's filled out within the credentials library, and that's what's going to be utilized with those keywords and components there. Right. Okay, so we have one more. That's all the HTTP-type things, but there's one more web-based component that I wanted to spend some time on, and that is the SSL Certificate Expiration Monitor. We get a lot of conversation about this on THWACK. People are very excited to be able to monitor their SSL expiration and get a warning before it... It's a big issue if that expires and users can't get to the webpage that they're trying to utilize. So, we see this paired up with many of the other component monitors. Right, and renewing your SSL certificate is not something you can do in five minutes. No, it takes a little bit of time, especially depending upon who you're getting certificates from. If they're internal, it's a little bit faster. If they're an external public cert, obviously that's going to take some turnaround time. Right, and I mean, we're talking, you know, hours if you're lucky. Right. Days is more likely. Right. So this is why you don't want it to fail on you accidentally. As far as the elements, though, it's ridiculously simple. Very easy. You're going to specify the port number for the secure socket. So again, it's HTTPS. You know, what's your port? Typically, 443. And then people say, well, what about my URL? Where's my URL? It's not there, because you're going to point it to the server. Yeah, you're looking directly at the web server and asking them for their certificate. Right. So you're going to say, on this web server, ask it what its SSL certificate date is. So I actually have a test node. I just want to show this one. I'm actually using solarwinds.com, and we're testing against it. And we have 342 days on our certificate. So, now, we can alert when that number is less than 10. 10, 7, whatever. 25. Yeah, whatever that definition needs to be so you can ensure that you can go get your certificate renewed in time, so you don't cause any user downtime. Right. And you can convert the value in case you want to convert it to weeks, for example, or months, or what have you. And that's it. That's really all there is. Yeah, it's really very simple. So how much more do you want to cover? We can't keep this folks here forever. Well, but haven't even begun to cover all the new components we added in SAM version 6.4, though. Actually, there aren't any new components in 6.4. What SAM 6.4 actually features is our new ability to do hybrid monitoring even better. We now can monitor AWS EC2 instances and EBS volumes. Well, we've got to do an episode on that, then. One thing at a time. [Leon sighs] Okay. We still have to go over components for protocol monitoring, user experience, database, email, and Java. And that doesn't even begin to cover the script-based components that I plan on digging into with Patrick. So how about we cut them some slack, pause here, and cover the rest in part two. That'll work. Would you like to close us out? For SolarWinds Lab, I'm Steven Hunt. And I'm Leon Adato. Thanks for watching. [Upbeat electronic music]