3 modi per ridurre il numero di falsi positivi in una nuova Dashboard

Postato il Aggiornato il

Uno, due, tre.

Quando un partner  imposta una nuova dashboard la prima cosa che nota è la presenza di numerosi alert con il default setting. Per prevenire questi falsi positivi, bisogna prendere un paio di precauzioni

When a new partner is setting up a new dashboard the first thing they notice there are too many alerts with the default settings. In order to combat these false positives, one just needs to be aware of a couple of steps to take:

Change the Alert Policy for Anti-Virus Update Checks. By default, whenever an anti-virus is out of date, even if it is just 1 hour out of date, the check will fail; therefore, set it to only alert when 2 or 3 days out of date. Be sure to set it both on the Server Alert Thresholds and Workstation Alert Threshold unodashboard2015-11-30_09h04_34

2015-11-30_09h12_58duedashboard

Delete unnecessary Checks. When an agent is installed on a Server or Workstation, On installation it builds check for all relevant services. By default, Microsoft has its own Anti-Virus and Anti-Malware services monitoring for the presence of third party anti-virus: therefore, checks are built for these services. After you deploy Managed Anti-virus, these checks need to be deleted. (Right click on the check and select “Delete Checks Like This” to delete checks on more than one computer at a time.) Be sure to delete any other unnecessary checks like Drives that can’t be found and so forth.

  • 2015-11-30_09h48_43tredashboard

When you first install MAX RemoteManagement on a server, you may notice a high amount of performance monitoring alerts on your servers. This may seem daunting at first, but you can quickly get these alerts under control. First thing to note is that you are not necessarily monitoring for performance. Nearly every server has different hardware and usage of its resources; therefore, you are monitoring for variation in the behavior of the server not its performance. If a server has been using an average of 10% of its processor and suddenly it jumps to 20%, you would still want to know what changed, even though 20% is far beneath the optimum processor usage.

Start by clicking on the “More Information” link next to the failed check. 2015-11-30_14h54_174dashboard

Notice that the Non Paged Memory is red. This is telling you that this is where the check failure is. At this point you want to get a baseline of the Non Paged Memory in order to set your threshold. Notice there is a “View Report” button up in the right hand corner of the window. This is where you go to obtain that baseline.   If the Green Line goes above the Red Line, the check will fail. So in this case 70 MB would be an appropriate threshold.

  1. 2015-11-30_14h55_445dashboard
  2.  2015-11-30_15h00_537

To set the threshold for Non-Pageable RAM, first right click on the check and select “Edit Check” and change the “Alert if non-paged pool>” to the proper threshold: in this case it is 70 MBboh

boh1

Rispondi

Effettua il login con uno di questi metodi per inviare il tuo commento:

Logo WordPress.com

Stai commentando usando il tuo account WordPress.com. Chiudi sessione /  Modifica )

Google+ photo

Stai commentando usando il tuo account Google+. Chiudi sessione /  Modifica )

Foto Twitter

Stai commentando usando il tuo account Twitter. Chiudi sessione /  Modifica )

Foto di Facebook

Stai commentando usando il tuo account Facebook. Chiudi sessione /  Modifica )

w

Connessione a %s...