Now: monitoring; (was RE: Veering even more OT ...)
+1, I've smoked my Service Desk guys on that EXACT error before (not that I've ever done the same bonehead thing myself to burn this into my head) Setting up monitoring dependencies follows the same thing - no need to PING test a remote server if you can't ping a the local switch, or the remote router, etc. Which brings up a question as I've had this debate with my network architect. He says when monitoring servers to ping by IP instead of hostname in case DNS goes down. My point is you should be testing for that infrastructure anyway so ping by name doesn't get triggered unless DNS functionality (also tested for) is working. I'm of the test as you operate so if clients connect by hostname, then test by hostname. If only IP addr is used, then use that. Same for websites, etc. Would LOVE to see a whitepaper recommending one way or another. Thoughts? David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 -Original Message- From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Monday, May 31, 2010 6:29 AM To: NT System Admin Issues Subject: RE: Veering even more OT - was: Re: Big Changes Ahead for IT - Anyone seen this? +1 Back in the NT 4.0 days when interviewing candidates I'd ask them the first thing they'd check if a user could not login due to a 'domain controller cannot be found' type error. Amazing how many would jump directly to the more 'sophisticated' layers, check domain controller, IP Stack, WINS, etc To me the ONLY correct answer for the FIRST thing to check is: Check the Ethernet cable ! ( in my experience over 90% of these type errors were from the ether net cable either being unplugged or damaged ) Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' -Original Message- From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Saturday, May 29, 2010 9:23 PM To: NT System Admin Issues Subject: RE: Veering even more OT - was: Re: Big Changes Ahead for IT - Anyone seen this? Normalisation is used for data integrity not efficiency. And whilst there aren't many practical implementations of OSI, the concept of a layered approach to networking (physical link, node addressing, routing, session control) is very useful in design and diagnosing problems. Cheers Ken ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Now: monitoring; (was RE: Veering even more OT ...)
Kind of a chicken egg problem, seems like. Your network guy is right as far as that technically goes, but I'm with you. If DNS goes down, that needs to be the first order of business, since your business will start grinding to a halt anyway. I'd feel silly, pinging a server and not know that DNS was failing. On Tue, Jun 1, 2010 at 12:55 PM, David Lum david@nwea.org wrote: +1, I've smoked my Service Desk guys on that EXACT error before (not that I've ever done the same bonehead thing myself to burn this into my head) Setting up monitoring dependencies follows the same thing - no need to PING test a remote server if you can't ping a the local switch, or the remote router, etc. Which brings up a question as I've had this debate with my network architect. He says when monitoring servers to ping by IP instead of hostname in case DNS goes down. My point is you should be testing for that infrastructure anyway so ping by name doesn't get triggered unless DNS functionality (also tested for) is working. I'm of the test as you operate so if clients connect by hostname, then test by hostname. If only IP addr is used, then use that. Same for websites, etc. Would LOVE to see a whitepaper recommending one way or another. Thoughts? David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 -Original Message- From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Monday, May 31, 2010 6:29 AM To: NT System Admin Issues Subject: RE: Veering even more OT - was: Re: Big Changes Ahead for IT - Anyone seen this? +1 Back in the NT 4.0 days when interviewing candidates I'd ask them the first thing they'd check if a user could not login due to a 'domain controller cannot be found' type error. Amazing how many would jump directly to the more 'sophisticated' layers, check domain controller, IP Stack, WINS, etc To me the ONLY correct answer for the FIRST thing to check is: Check the Ethernet cable ! ( in my experience over 90% of these type errors were from the ether net cable either being unplugged or damaged ) Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' -Original Message- From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Saturday, May 29, 2010 9:23 PM To: NT System Admin Issues Subject: RE: Veering even more OT - was: Re: Big Changes Ahead for IT - Anyone seen this? Normalisation is used for data integrity not efficiency. And whilst there aren't many practical implementations of OSI, the concept of a layered approach to networking (physical link, node addressing, routing, session control) is very useful in design and diagnosing problems. Cheers Ken ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ -- David _ Are you better off than you were four trillion dollars ago? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Now: monitoring; (was RE: Veering even more OT ...)
On Tue, Jun 1, 2010 at 3:55 PM, David Lum david@nwea.org wrote: Which brings up a question as I've had this debate with my network architect. He says when monitoring servers to ping by IP instead of hostname in case DNS goes down. My point is you should be testing for that infrastructure anyway so ping by name doesn't get triggered unless DNS functionality (also tested for) is working. Generally speaking, I would prefer ping by name, simply so that when IP addresses or network numbers change, you don't have to manually update your monitoring system. Setting that problem aside, I would prefer two tests: One to test name resolution of that particular host's name (perhaps in multiple forms), and one to ping by IP address. That gives you more granularity in your monitoring system. One tells you when name resolution for that particular host is screwed up; the other tests connectivity and the ability of the host to return packets. Knowing *which* is down is more data than knowing one or both is down. (I guess my ideal monitoring system would internally cache name lookups so that it could intelligently try the last known IP address if DNS is down, but one could argue that would be a rather severe case of creeping featureism.) I'm of the test as you operate ... I generally agree. However, I expect your operations do not consist of pinging the host. The users are actually connecting to HTTP or SMB or SMTP or whatever. Ping is a synthetic test, and very different from the real thing. I've had boxes which were responding to ping be otherwise crashed to the point of needing a hardware reset. So I would be less inclined to worry about that aspect for a ping test (provided you are testing name resolution as well). Certainly, pinging by IP address without also monitoring name resolution means you will miss name resolution problems. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Now: monitoring; (was RE: Veering even more OT ...)
That's what I liked about What's Up Gold. You could test by ping, by http, https, smtp, etc. Pretty much any type of connection could be tested. :-) -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Tuesday, June 01, 2010 4:52 PM To: NT System Admin Issues Subject: Re: Now: monitoring; (was RE: Veering even more OT ...) On Tue, Jun 1, 2010 at 3:55 PM, David Lum david@nwea.org wrote: Which brings up a question as I've had this debate with my network architect. He says when monitoring servers to ping by IP instead of hostname in case DNS goes down. My point is you should be testing for that infrastructure anyway so ping by name doesn't get triggered unless DNS functionality (also tested for) is working. Generally speaking, I would prefer ping by name, simply so that when IP addresses or network numbers change, you don't have to manually update your monitoring system. Setting that problem aside, I would prefer two tests: One to test name resolution of that particular host's name (perhaps in multiple forms), and one to ping by IP address. That gives you more granularity in your monitoring system. One tells you when name resolution for that particular host is screwed up; the other tests connectivity and the ability of the host to return packets. Knowing *which* is down is more data than knowing one or both is down. (I guess my ideal monitoring system would internally cache name lookups so that it could intelligently try the last known IP address if DNS is down, but one could argue that would be a rather severe case of creeping featureism.) I'm of the test as you operate ... I generally agree. However, I expect your operations do not consist of pinging the host. The users are actually connecting to HTTP or SMB or SMTP or whatever. Ping is a synthetic test, and very different from the real thing. I've had boxes which were responding to ping be otherwise crashed to the point of needing a hardware reset. So I would be less inclined to worry about that aspect for a ping test (provided you are testing name resolution as well). Certainly, pinging by IP address without also monitoring name resolution means you will miss name resolution problems. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Now: monitoring; (was RE: Veering even more OT ...)
That's what I meant by test as you operate, ping was just an example. If you have an FTP server, make sure those services are up and those ports are reachable. In the Windows world, I check for RPC being available and Server services being available (as well as DHCP client, DNS client, etc) before trying other test on said host. If the necessary services aren't reachable, no need to test for items that are DEPENDANT on that functionality (well, there are times you might want to parallel test as previously covered). Dave -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Tuesday, June 01, 2010 1:52 PM To: NT System Admin Issues Subject: Re: Now: monitoring; (was RE: Veering even more OT ...) I'm of the test as you operate ... I generally agree. However, I expect your operations do not consist of pinging the host. The users are actually connecting to HTTP or SMB or SMTP or whatever. Ping is a synthetic test, and very different from the real thing. I've had boxes which were responding to ping be otherwise crashed to the point of needing a hardware reset. So I would be less inclined to worry about that aspect for a ping test (provided you are testing name resolution as well). Certainly, pinging by IP address without also monitoring name resolution means you will miss name resolution problems. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~