Transcription
Kaseya FundamentalsWorkshopDAY THREEDeveloped byKaseya UniversityPowered byIT ScholarsKaseya Version 6.5Last updated March, 2014
DayTwoOverview DayTwoLabReview– PatchManagementConfigura;on Monitoring AgentProceduresIntroduc;on
Kaseya FundamentalsWorkshopPATCH PROCESSING
PatchProcessing Whenyouscheduleapatchthefollowingoccurs:1. rocessatthescheduled;me.2. romwheretheFileSourceissetforthatmachineID.3. abilityisthere.
PatchProcessing4. thoutwarningtheuser.5. tchstateaNerareboot.
InstallingMul;plePatches machine,allthepatchesareinstalledatthesame;me. sonce. Thistechniquesaves;meandreboots.
WSUSSCN2.CAB WhatisincludedinWSUSSCN2.CAB?Update ClassificationSecurity UpdatesCritical UpdatesUpdate RollupsService PacksUpdatesFeature PacksToolsClassification TypeIncluded in(Non-Vista / Vista)WSUSSCN2.CAB*High Priority / ImportantIncludes critical, important, Yesmoderate, low, and non-ratedsecurity updates.High Priority / ImportantYesHigh Priority / ImportantOptional – Software /RecommendedOptional – Software /RecommendedOptional – Software /RecommendedOptional – Software /RecommendedYesTypically notNoNoNo
PatchFailure therebootifrequested—thesystemre- ‐scansthetargetmachine. Ifapatchs;llshowsmissingaNerthere- ‐scan,failureisreported.
ReasonsforPatchFailure installonly
Kaseya FundamentalsWorkshopMONITOROVERVIEW
WhatisCovered? stemCheckReviewMonitorDataSummary
WhyMonitor? heralswithinthenetwork. Understandingtheenvironmentiskeytotroubleshoo;ng.
MonitoringConcepts How?– Howtocollectinforma;on?– sue(s)?– Howtopresentorno;fyalertstoVSAadministrator? Warning!– Toomuchinfo.isequivalenttonoinforma;on.– Beveryselec;veonwhatdatatocollect. Whatisavailable?– heneededdataonanongoingbasis.
WhattoMonitor? enanymanagedmachinegoesoff- areoveru;lized.
HowtoMonitor? Methods:1. Alerts:Monitorseventsonagentmachines.2. machines.3. ines.4. SystemCheck:Monitorseventsonnon- ‐agentmachines.5. SNMPSets:Monitorstheperformancestateonnon- ‐agentdevices.6. LogMonitoring:Monitorseventsinlogfiles.
HowtoRespond? estheusers
Kaseya FundamentalsWorkshopTERMS ANDCONCEPTS
WhatisanAlarm? Analarmisawarningofanexis;ngorapproachingdanger. xists. ormancesucceedsorfailstomeetapre- ‐definedcriteria. heenvironment.
Alarms&Alerts cematchesapre- ‐definedcriteriaor"alertcondi;on”. Analarmisawarningthatanalerthasoccurred.– ighticon:– plays:– Theseiconscanbecustomized.
LogsTwologsdis;nguishbetweenalertsandalarms. AlarmLog:– Tracksanyalarmthatwascreatedbyanalert. MonitorAcEonLog:– � Example–VSA’sMonitor- ‐ AlarmSummary
Ac;ons No;fica;onAc;ons:– A CreateAlarm– T CreateTicket– S RunScript/AgentProcedure– E EmailRecipients Thesefourtypesofac;onsarecalledtheATSEcode.– NoneoftheATSEac;onsarerequired.
TypesofAlerts VSAPagesthatCreateDifferentTypesofAlerts:– Monitor Alerts- applytoamachine.– Monitor AssignMonitoring– Monitor SNMPTrapsAlert– Monitor AssignSNMP– Monitor SystemChecks– Monitor ParserSummary– Monitor AssignParserSets– Discovery LANWatch– PatchManagement PatchAlerts– RemoteControl OffsiteAlertsNote:Add- ‐onmoduleshavealertsnotlistedhere.
MethodsofMonitoring Event- ystemCheck:monitorseventsonnon- ��les State- ‐based– ines– SNMPSets:monitorstheperformancestateonnon- ‐agentdevices
Event- ‐BasedAlerts ithinaspecified;meperiod. overs. eatedbyevent- ‐basedalerts. Whentheissueisresolvedyou"close'thealarm.
State- ‐BasedAlerts pectedrangeoroutsideofit. noutrightfailure. Ifyoucreateanalarmforstate- ent- ‐basedalarms. Butbecausestate- .
Note(On- ‐PremiseOnly) sandoff- nbeclosedautoma;callywhentheyrecover. eSystem Configurepage.
AutoCloseofAlarms
SuspendingAlarms Thetriggeringofalarmscanbesuspended. meperiods,includingrecurring;meperiods. ithoutgenera;ngalarms. llectsdata,butdoesnotgeneratecorrespondingalarms.
GroupAlarms . eredaswell. amonitoringdashboard(introducedlater). tabinMonitor MonitorLists.
Kaseya FundamentalsWorkshopAlerts
WhyAlerts? certaineventofinterestistriggered. thatitsendsanemailtoyouifyourquickaYen;onisneeded.
WhyAlerts? ftheissueismoreimportant. racked.
AgentAlerts AgentStatus– AlertswhenAgentisoffline Applica;onChanges– Alertswhenanapplica;onisinstalledorremoved GetFiles– . HardwareChanges– Alertswhenahardwareconfigura;onchanges LowDisk– tage LANWatch– AlertswhenanAGENT- ‐LANWatchfunc;ondetectsnewmachines
AgentAlerts AgentProcedureFailure– Alertswhenanagentprocedurefailedtoexecutes Protec;onViola;on– Alertswhenanaccessviola;onsisdetected NewAgentInstalled– Alertswhenanewagentreportsinforthefirst;me PatchAlert– vents System– rver
Kaseya FundamentalsWorkshopEVENT LOG ALERTS
WindowsEventLog AlertonspecificWindowsEventLogentry. EventSetsdefinethesyntaxtomatchtocreatethealert. ccurrenceoftheevents. henconfiguringWindowsEventLogAlerts. EventLogsseongsdefineswhicheventsaretobecaptured.
CapturingEventLogs UnderAgent Categoriestocapture.
WindowsEventLog Source- ‐Theapplica;onthatproducedtheeventlog EventID Details- ‐Thedescrip;onoftheevent specificevents.
WindowsEventLog crip;on.
Kaseya FundamentalsWorkshopMONITOR SETS
Howtomonitorstate? sedtomonitortheperformanceofmachines. edinterval. r.
PerformanceObject sourceorservicethatcanbemonitored. avetheirownsetsofpredefinedcounters.
PerformanceObjectInstance ctsofthesametypeonacomputer. . eofanobject.
PerformanceCounter ciatedwitheachinstanceoftheobject. performanceobjectandinstance.
UpdateListsbyScan r,Objects,andInstances. ventLogtypes. cancollected.
Kaseya FundamentalsWorkshopSYSTEM CHECK
SystemCheck – WebServer,Ping,DNS,orspecificIPPort diagnos;csthatoutputstoatextfile.– CommandShellcommandi.edefragc: output.txt– tstring.
Kaseya FundamentalsWorkshopMONITORING RECAPREVIEWING DATA
MonitoringRecap Alerts– AgentStatus,LowDisk,Applica;onchanges, EventLogs– EWISFCV:Theeventcategory MonitorSets– CounterThresholds&ServiceChecks– LiveCounter&MonitorLogs SystemCheck– aveanagenttomonitorIPservices.
ReviewingtheData MonitorLog Alarmremedia;on– AlarmSummary– Monitordashboards Dashboard– ClassicConsole,AlarmDashboard,
DashboardList eneratedfromyourassignedmonitoring– esofissues.– umnsothatwhenthecondi;onismetthefilterisapplied.
DashboardList
MonitorDashboard StatusviewofOPENAlertsinAlarmSummary
Kaseya FundamentalsWorkshopAGENT PROCEDURES
Mo;va;on edures. ormul;plecomputers.
Mo;va;on hatfitsall. es.
Mo;va;on icscripts(calledproceduresinK2)usinganeasy- ‐to- ‐uselanguageandinterface. eployment,machinemaintenance,monitoring,andmore. hemachines.
AgentProcedureEditWindow SeparateEdi;ngWindow– Onlyoneedi;ngwindowcanbeopenedatone;me– Openmul;pleprocedures CommonTextedi;ngcommands– edprocedures.– UndoandRedo(upto10steps)– Intellisensetyping ding
AgentProcedureEditWindow
FileManagement FilesforsharedusageisstoredontheKaseyaServer.– Copyingmul;plefiles Youhavetheabilitytoselectmul;plefiles. InGoogleChromeyouhavetheDragandDropfunc;onality. omtheWriteFilecommand.
LocalizingFileTransfer UseLANCacheop;on K v2.zip UseaLocalizeWebServertodistributefiles. emp#\.
LABS DownloadtheLABSfromIT- ‐Scholarssite PerformtheLabs. ThedocumentsfortheHands- ‐onLabsprovidestepbystepguidetocompleteeachtask. rTsk.exe
LABS rTsk.exe
DayThreeWrapUpQ&ADayThreeHandsOnLabs DayFourTopics– AgentProcedures– PolicyManagement– StandardSolu;onsPackage
Kaseya Fundamentals Workshop Developed by Kaseya University Powered by IT Scholars Kaseya Version 6.5 Last updated March, 2014 DAY THREE