WIXLIB

Kaseya FundamentalsWorkshopDAY THREEDeveloped byKaseya UniversityPowered byIT ScholarsKaseya Version 6.5Last updated March, 2014

DayTwoOverview DayTwoLabReview– PatchManagementConfigura;on Monitoring AgentProceduresIntroduc;on

Kaseya FundamentalsWorkshopPATCH PROCESSING

PatchProcessing Whenyouscheduleapatchthefollowingoccurs:1. rocessatthescheduled;me.2. romwheretheFileSourceissetforthatmachineID.3. abilityisthere.

PatchProcessing4. thoutwarningtheuser.5. tchstateaNerareboot.

InstallingMul;plePatches machine,allthepatchesareinstalledatthesame;me. sonce. Thistechniquesaves;meandreboots.

WSUSSCN2.CAB WhatisincludedinWSUSSCN2.CAB?Update ClassificationSecurity UpdatesCritical UpdatesUpdate RollupsService PacksUpdatesFeature PacksToolsClassification TypeIncluded in(Non-Vista / Vista)WSUSSCN2.CAB*High Priority / ImportantIncludes critical, important, Yesmoderate, low, and non-ratedsecurity updates.High Priority / ImportantYesHigh Priority / ImportantOptional – Software /RecommendedOptional – Software /RecommendedOptional – Software /RecommendedOptional – Software /RecommendedYesTypically notNoNoNo

PatchFailure therebootifrequested—thesystemre- ‐scansthetargetmachine. Ifapatchs;llshowsmissingaNerthere- ‐scan,failureisreported.

ReasonsforPatchFailure installonly

Kaseya FundamentalsWorkshopMONITOROVERVIEW

WhatisCovered? stemCheckReviewMonitorDataSummary

WhyMonitor? heralswithinthenetwork. Understandingtheenvironmentiskeytotroubleshoo;ng.

MonitoringConcepts How?– Howtocollectinforma;on?– sue(s)?– Howtopresentorno;fyalertstoVSAadministrator? Warning!– Toomuchinfo.isequivalenttonoinforma;on.– Beveryselec;veonwhatdatatocollect. Whatisavailable?– heneededdataonanongoingbasis.

WhattoMonitor? enanymanagedmachinegoesoff- areoveru;lized.

HowtoMonitor? Methods:1. Alerts:Monitorseventsonagentmachines.2. machines.3. ines.4. SystemCheck:Monitorseventsonnon- ‐agentmachines.5. SNMPSets:Monitorstheperformancestateonnon- ‐agentdevices.6. LogMonitoring:Monitorseventsinlogfiles.

HowtoRespond? estheusers

Kaseya FundamentalsWorkshopTERMS ANDCONCEPTS

WhatisanAlarm? Analarmisawarningofanexis;ngorapproachingdanger. xists. ormancesucceedsorfailstomeetapre- ‐definedcriteria. heenvironment.

Alarms&Alerts cematchesapre- ‐definedcriteriaor"alertcondi;on”. Analarmisawarningthatanalerthasoccurred.– ighticon:– plays:– Theseiconscanbecustomized.

LogsTwologsdis;nguishbetweenalertsandalarms. AlarmLog:– Tracksanyalarmthatwascreatedbyanalert. MonitorAcEonLog:– � Example–VSA’sMonitor- ‐ AlarmSummary

Ac;ons No;fica;onAc;ons:– A CreateAlarm– T CreateTicket– S RunScript/AgentProcedure– E EmailRecipients Thesefourtypesofac;onsarecalledtheATSEcode.– NoneoftheATSEac;onsarerequired.

TypesofAlerts VSAPagesthatCreateDifferentTypesofAlerts:– Monitor Alerts- applytoamachine.– Monitor AssignMonitoring– Monitor SNMPTrapsAlert– Monitor AssignSNMP– Monitor SystemChecks– Monitor ParserSummary– Monitor AssignParserSets– Discovery LANWatch– PatchManagement PatchAlerts– RemoteControl OffsiteAlertsNote:Add- ‐onmoduleshavealertsnotlistedhere.

MethodsofMonitoring Event- ystemCheck:monitorseventsonnon- ��les State- ‐based– ines– SNMPSets:monitorstheperformancestateonnon- ‐agentdevices

Event- ‐BasedAlerts ithinaspecified;meperiod. overs. eatedbyevent- ‐basedalerts. Whentheissueisresolvedyou"close'thealarm.

State- ‐BasedAlerts pectedrangeoroutsideofit. noutrightfailure. Ifyoucreateanalarmforstate- ent- ‐basedalarms. Butbecausestate- .

Note(On- ‐PremiseOnly) sandoff- nbeclosedautoma;callywhentheyrecover. eSystem Configurepage.

AutoCloseofAlarms

SuspendingAlarms Thetriggeringofalarmscanbesuspended. meperiods,includingrecurring;meperiods. ithoutgenera;ngalarms. llectsdata,butdoesnotgeneratecorrespondingalarms.

GroupAlarms . eredaswell. amonitoringdashboard(introducedlater). tabinMonitor MonitorLists.

Kaseya FundamentalsWorkshopAlerts

WhyAlerts? certaineventofinterestistriggered. thatitsendsanemailtoyouifyourquickaYen;onisneeded.

WhyAlerts? ftheissueismoreimportant. racked.

AgentAlerts AgentStatus– AlertswhenAgentisoffline Applica;onChanges– Alertswhenanapplica;onisinstalledorremoved GetFiles– . HardwareChanges– Alertswhenahardwareconfigura;onchanges LowDisk– tage LANWatch– AlertswhenanAGENT- ‐LANWatchfunc;ondetectsnewmachines

AgentAlerts AgentProcedureFailure– Alertswhenanagentprocedurefailedtoexecutes Protec;onViola;on– Alertswhenanaccessviola;onsisdetected NewAgentInstalled– Alertswhenanewagentreportsinforthefirst;me PatchAlert– vents System– rver

Kaseya FundamentalsWorkshopEVENT LOG ALERTS

WindowsEventLog AlertonspecificWindowsEventLogentry. EventSetsdefinethesyntaxtomatchtocreatethealert. ccurrenceoftheevents. henconfiguringWindowsEventLogAlerts. EventLogsseongsdefineswhicheventsaretobecaptured.

CapturingEventLogs UnderAgent Categoriestocapture.

WindowsEventLog Source- ‐Theapplica;onthatproducedtheeventlog EventID Details- ‐Thedescrip;onoftheevent specificevents.

WindowsEventLog crip;on.

Kaseya FundamentalsWorkshopMONITOR SETS

Howtomonitorstate? sedtomonitortheperformanceofmachines. edinterval. r.

PerformanceObject sourceorservicethatcanbemonitored. avetheirownsetsofpredefinedcounters.

PerformanceObjectInstance ctsofthesametypeonacomputer. . eofanobject.

PerformanceCounter ciatedwitheachinstanceoftheobject. performanceobjectandinstance.

UpdateListsbyScan r,Objects,andInstances. ventLogtypes. cancollected.

Kaseya FundamentalsWorkshopSYSTEM CHECK

SystemCheck – WebServer,Ping,DNS,orspecificIPPort diagnos;csthatoutputstoatextfile.– CommandShellcommandi.edefragc: output.txt– tstring.

Kaseya FundamentalsWorkshopMONITORING RECAPREVIEWING DATA

MonitoringRecap Alerts– AgentStatus,LowDisk,Applica;onchanges, EventLogs– EWISFCV:Theeventcategory MonitorSets– CounterThresholds&ServiceChecks– LiveCounter&MonitorLogs SystemCheck– aveanagenttomonitorIPservices.

ReviewingtheData MonitorLog Alarmremedia;on– AlarmSummary– Monitordashboards Dashboard– ClassicConsole,AlarmDashboard,

DashboardList eneratedfromyourassignedmonitoring– esofissues.– umnsothatwhenthecondi;onismetthefilterisapplied.

DashboardList

MonitorDashboard StatusviewofOPENAlertsinAlarmSummary

Kaseya FundamentalsWorkshopAGENT PROCEDURES

Mo;va;on edures. ormul;plecomputers.

Mo;va;on hatfitsall. es.

Mo;va;on icscripts(calledproceduresinK2)usinganeasy- ‐to- ‐uselanguageandinterface. eployment,machinemaintenance,monitoring,andmore. hemachines.

AgentProcedureEditWindow SeparateEdi;ngWindow– Onlyoneedi;ngwindowcanbeopenedatone;me– Openmul;pleprocedures CommonTextedi;ngcommands– edprocedures.– UndoandRedo(upto10steps)– Intellisensetyping ding

AgentProcedureEditWindow

FileManagement FilesforsharedusageisstoredontheKaseyaServer.– Copyingmul;plefiles Youhavetheabilitytoselectmul;plefiles. InGoogleChromeyouhavetheDragandDropfunc;onality. omtheWriteFilecommand.

LocalizingFileTransfer UseLANCacheop;on K v2.zip UseaLocalizeWebServertodistributefiles. emp#\.

LABS DownloadtheLABSfromIT- ‐Scholarssite PerformtheLabs. ThedocumentsfortheHands- ‐onLabsprovidestepbystepguidetocompleteeachtask. rTsk.exe

LABS rTsk.exe

DayThreeWrapUpQ&ADayThreeHandsOnLabs DayFourTopics– AgentProcedures– PolicyManagement– StandardSolu;onsPackage

Kaseya Fundamentals Workshop Developed by Kaseya University Powered by IT Scholars Kaseya Version 6.5 Last updated March, 2014 DAY THREE