Hi all,
I'm just getting started with SAM, and have run into an issue that's taken the better part of my Wednesday with no resolution in sight.
Security team has ask if we can monitor the directory size for an agent's logs, but the agent isn't installed on every server (nor is it centralized to C: or D:).
I could ask security team for a static list of nodes, where the agents reside, but given the rate of server turnover that list wouldn't be valid more than a few days.
I'd like to build a dynamic series of monitors and groups, which won't require much upkeep going forward.
I created a File Existence monitor with 2 components (one for C:, one for D:) and assigned it to a Windows Servers group covering our environment.
That left me with a bunch of up/down Component monitors. If the logs were on C: then they wouldn't be on D:, vice versa:
Image may be NSFW.
Clik here to view.
So I filtered those results with a group and a couple dynamic queries pulling out the component for the drive on the node, where the agent logs reside:
Image may be NSFW.
Clik here to view.
That gives me a dynamic group of the nodes that have the directory I need to monitor.
However, the group is at the component level. So when I create a Directory size monitor and assign it to the group, it doesn't look at the node on which those components reside.
There doesn't seem to be a way to make a group using 'Orion Object is Node' and have it look at the File Existence monitor to get the filtered list I want.
Has anyone else setup something similar and taken a different approach?
Is there something I've overlooked in my approach?
I really don't want to have to go to mgmt and tell them I set it up in SCOM, as we're trying to move as much as we can from SCOM to Solarwinds.
However, I also don't want to manually keep up with the list of nodes.
Thanks.
