Whats Up Gold 2021 Manual

Table of Contents
What to expect in the course ..................................................................................................................................................................................1

Learning Objectives .....................................................................................................................................................................................................1
Course Audience ............................................................................................................................................................................................................1
Prerequisites ....................................................................................................................................................................................................................1
Ipswitch Training Environment............................................................................................................................................................................. 2
Pollers ................................................................................................................................................................................................................................. 3
System Requirements ................................................................................................................................................................................................ 6
Logic ..............................................................................................................................................................................................................................6
Server ............................................................................................................................................................................................................................6
Client.............................................................................................................................................................................................................................. 7
Poller.............................................................................................................................................................................................................................. 7
Basic Navigation ...........................................................................................................................................................................................................8
Menu Bar ...........................................................................................................................................................................................................................8
Discovered Network..................................................................................................................................................................................................10
My Network ...................................................................................................................................................................................................................10
Auto vs Custom .....................................................................................................................................................................................................10
Group Picker .............................................................................................................................................................................................................11
Map................................................................................................................................................................................................................................11
User Administration .................................................................................................................................................................................................. 12
Users ............................................................................................................................................................................................................................ 12
User Groups ............................................................................................................................................................................................................. 12
User Rights ...............................................................................................................................................................................................................14
Password Policy..................................................................................................................................................................................................... 17
External Authentication .......................................................................................................................................................................................... 18
AD Integration ........................................................................................................................................................................................................ 18
Device Group Access Rights ........................................................................................................................................................................... 19
Supported Protocols ................................................................................................................................................................................................. 21
ICMP............................................................................................................................................................................................................................. 21
SNMP........................................................................................................................................................................................................................... 21
SNMPv1................................................................................................................................................................................................................ 23
SNMPv2 ............................................................................................................................................................................................................... 23
SNMPv3 ............................................................................................................................................................................................................... 24
WMI ............................................................................................................................................................................................................................. 24
Telnet/SSH .............................................................................................................................................................................................................. 24
JMX.............................................................................................................................................................................................................................. 25
i
Credentials .................................................................................................................................................................................................................... 26
Adding ....................................................................................................................................................................................................................... 27
Creating AWS Read Only Credentials ....................................................................................................................................................... 27
Azure Access .......................................................................................................................................................................................................... 29
Meraki Cloud Credential................................................................................................................................................................................... 29
Monitor Types .............................................................................................................................................................................................................. 31
Active Monitors .......................................................................................................................................................................................................... 32
Polling Characteristics .......................................................................................................................................................................................33
Are you sure your device or monitor is responding correctly?....................................................................................................33
Monitor Options ................................................................................................................................................................................................... 34
Hardware, Chassis and Wireless .................................................................................................................................................................. 35
APC UPS ............................................................................................................................................................................................................. 35
Fan ......................................................................................................................................................................................................................... 36
Power Supply ................................................................................................................................................................................................... 36
Printer .................................................................................................................................................................................................................. 37
Temperature..................................................................................................................................................................................................... 37
WAP Radio ......................................................................................................................................................................................................... 38
Application/Application Layer...................................................................................................................................................................... 39
JMX ........................................................................................................................................................................................................................ 39
Process Monitor ..............................................................................................................................................................................................40
Service Monitor ...............................................................................................................................................................................................40
PowerShell Monitor........................................................................................................................................................................................41
Telnet ....................................................................................................................................................................................................................41
SSH Monitor ...................................................................................................................................................................................................... 42
SQL Query.......................................................................................................................................................................................................... 43
HTTP Content .................................................................................................................................................................................................44
Active Script...................................................................................................................................................................................................... 46
REST API Monitor .......................................................................................................................................................................................... 47
Critical Services..................................................................................................................................................................................................... 49
Email Monitor ................................................................................................................................................................................................... 49
DNS ........................................................................................................................................................................................................................ 50
SQL Server Monitor ....................................................................................................................................................................................... 51
FTP ........................................................................................................................................................................................................................ 52
Ping........................................................................................................................................................................................................................ 53
Network Statistics.......................................................................................................................................................................................... 54
Network Management and Instrumentation ........................................................................................................................................ 56
ii
SNMP .................................................................................................................................................................................................................... 56
SNMP Extended .............................................................................................................................................................................................. 57
WMI Monitor ..................................................................................................................................................................................................... 58
WMI Formatted Monitor ............................................................................................................................................................................. 58
BGP Peer Status ............................................................................................................................................................................................. 59
TCP/IP ..................................................................................................................................................................................................................60
File System and Storage .................................................................................................................................................................................. 62
File Properties Monitor ............................................................................................................................................................................... 62
Folder Monitor ................................................................................................................................................................................................. 63
Storage monitors............................................................................................................................................................................................ 64
SMIS....................................................................................................................................................................................................................... 65
Storage Controller Health monitor ....................................................................................................................................................... 65
Storage Disk Drives ...................................................................................................................................................................................... 65
Storage File System ...................................................................................................................................................................................... 65
Storage LUN ..................................................................................................................................................................................................... 66
Storage Pool ..................................................................................................................................................................................................... 66
Cloud-Based Resources.................................................................................................................................................................................... 67
Cloud Resource Monitor ............................................................................................................................................................................. 67
Meraki Device Status Active Monitor .................................................................................................................................................. 67
Passive Monitors........................................................................................................................................................................................................ 68
Listener ..................................................................................................................................................................................................................... 68
SNMP Traps............................................................................................................................................................................................................ 69
Import Tool........................................................................................................................................................................................................ 70
Syslog ......................................................................................................................................................................................................................... 72
Windows Event ..................................................................................................................................................................................................... 73
Performance Monitors ............................................................................................................................................................................................ 74
Default Monitors .................................................................................................................................................................................................. 74
Custom Monitors.................................................................................................................................................................................................. 75
Hardware.................................................................................................................................................................................................................. 76
APC UPS ............................................................................................................................................................................................................. 76
Printer Ink/Toner ........................................................................................................................................................................................... 76
Session/OS .............................................................................................................................................................................................................. 77
Active Script...................................................................................................................................................................................................... 77
JMX ........................................................................................................................................................................................................................ 79
PowerShell .........................................................................................................................................................................................................80
SQL Query........................................................................................................................................................................................................... 81
iii
SSH ........................................................................................................................................................................................................................ 82
Rest API (performance) .............................................................................................................................................................................. 84
Network Management and Instrumentation ........................................................................................................................................ 85
SNMP .................................................................................................................................................................................................................... 85
WMI ........................................................................................................................................................................................................................ 85
WMI Formatted ............................................................................................................................................................................................... 86
Cloud........................................................................................................................................................................................................................... 87
AWS CloudWatch ........................................................................................................................................................................................... 87
Azure Cloud Billing ........................................................................................................................................................................................ 87
Azure Cloud Performance ......................................................................................................................................................................... 88
Thresholds...............................................................................................................................................................................................................90
What is a Discovery ................................................................................................................................................................................................... 91
Device Roles ................................................................................................................................................................................................................. 93
Roles ........................................................................................................................................................................................................................... 93
Sub-Roles ................................................................................................................................................................................................................. 94
Advantages ............................................................................................................................................................................................................. 94
Configuring ............................................................................................................................................................................................................. 95
Configuration ................................................................................................................................................................................................... 95
New Scans ..................................................................................................................................................................................................................... 97
Start ............................................................................................................................................................................................................................ 97
Expand....................................................................................................................................................................................................................... 97
Virtualization Environments .................................................................................................................................................................... 97
Wireless Infrastructure ................................................................................................................................................................................ 98
Storage Devices .............................................................................................................................................................................................. 98
Seed Address Scan ........................................................................................................................................................................................ 98
Limit ......................................................................................................................................................................................................................... 100
Exclusions........................................................................................................................................................................................................ 100
Limits ................................................................................................................................................................................................................. 100
Credentials .............................................................................................................................................................................................................101
Options .....................................................................................................................................................................................................................101
Send email notifications upon completion of Discovery..........................................................................................................101
Prefer SNMP SysName as display name ..........................................................................................................................................101
Allow DNS look-up to resolve hostnames from IP ..................................................................................................................... 102
Advanced discovery connectivity checks ....................................................................................................................................... 102
Maximum Threads....................................................................................................................................................................................... 102
Timeouts ........................................................................................................................................................................................................... 103
iv
Schedule .................................................................................................................................................................................................................104
Review & Run ....................................................................................................................................................................................................... 105
Save ..................................................................................................................................................................................................................... 105
Run / Save & Run Now .............................................................................................................................................................................. 105
Best Practices of Using Scans ..................................................................................................................................................................... 106
Understand the purpose for the scan ............................................................................................................................................... 106
Take small bites (at first)......................................................................................................................................................................... 106
Seeded scans cast a ‘wide net’ .............................................................................................................................................................. 106
IP/MAC Address Exceptions........................................................................................................................................................................ 107
Exclude a List of IP Addresses ................................................................................................................................................................... 107
Saved Scan Settings............................................................................................................................................................................................... 108
Preconfigured Scans .............................................................................................................................................................................................. 109
Scheduled Refresh ............................................................................................................................................................................................ 109
Scheduled Discovery........................................................................................................................................................................................ 109
Examples Scans ...................................................................................................................................................................................................110
Discovery Scan History .........................................................................................................................................................................................110
Scan History ..........................................................................................................................................................................................................110
Scan Results............................................................................................................................................................................................................ 111
Discovered Network................................................................................................................................................................................................ 112
List View .................................................................................................................................................................................................................. 112
Filter Tab ........................................................................................................................................................................................................... 112
Active Scans tab ............................................................................................................................................................................................ 112
Discovery Legend tab................................................................................................................................................................................. 113
Map View................................................................................................................................................................................................................. 114
Legend ................................................................................................................................................................................................................ 114
Active Scans ..................................................................................................................................................................................................... 114
Filters ................................................................................................................................................................................................................... 115
Selecting Device ............................................................................................................................................................................................ 116
Zoom Controls ................................................................................................................................................................................................ 116
Hiding Devices................................................................................................................................................................................................ 116
Start Monitoring .................................................................................................................................................................................................. 117
Returning to List View ..................................................................................................................................................................................... 117
Hybrid View ........................................................................................................................................................................................................... 117
List View .................................................................................................................................................................................................................. 118
Map View................................................................................................................................................................................................................. 119
Overlays .................................................................................................................................................................................................................. 120
v
Layout Options ....................................................................................................................................................................................................122
Additional Features Common to both views .......................................................................................................................................122
Legend ................................................................................................................................................................................................................122
Filters ...................................................................................................................................................................................................................123
Map view layout ....................................................................................................................................................................................................... 124
Auto Layout .......................................................................................................................................................................................................... 124
Custom Layout .................................................................................................................................................................................................... 124
Customizing the Map ............................................................................................................................................................................................ 124
Device Groups ..................................................................................................................................................................................................... 124
Physical.............................................................................................................................................................................................................. 124
Dynamic..............................................................................................................................................................................................................125
Tools ..........................................................................................................................................................................................................................127
Edit Controls ....................................................................................................................................................................................................127
Map Options ....................................................................................................................................................................................................127
Annotations..................................................................................................................................................................................................... 128
Style..................................................................................................................................................................................................................... 128
Custom Links in a Custom Map.................................................................................................................................................................. 129
Device Information .................................................................................................................................................................................................. 131
Information Cards ............................................................................................................................................................................................... 131
Device Properties .....................................................................................................................................................................................................133
Device properties Dialog ................................................................................................................................................................................133
Device Properties Interface .....................................................................................................................................................................133
System Status and Properties............................................................................................................................................................... 134
Device Center ................................................................................................................................................................................................. 134
Devices in APM ................................................................................................................................................................................................... 142
Applications in APM ......................................................................................................................................................................................... 142
Definitions.............................................................................................................................................................................................................. 142
Application States ............................................................................................................................................................................................. 143
Application Profiles ................................................................................................................................................................................................ 143
Importing and Exporting Application Profiles ......................................................................................................................................... 144
Monitored Applications ........................................................................................................................................................................................ 145
Application Discovery ........................................................................................................................................................................................... 146
Maintenance Mode ................................................................................................................................................................................................. 147
Maintenance Mode Characteristics................................................................................................................................................................ 147
Are you sure your device or monitor is responding correctly? ...................................................................................................... 148
Actions .......................................................................................................................................................................................................................... 148
vi
Notification Type Actions ............................................................................................................................................................................. 148
Audio/Visual Actions ................................................................................................................................................................................. 148
Messaging Actions ...................................................................................................................................................................................... 149
Remote/Local Script or Execution Actions ........................................................................................................................................... 151
Log Actions ............................................................................................................................................................................................................153
Recurring Actions ...............................................................................................................................................................................................153
Blackout Schedule and Policies ....................................................................................................................................................................... 154
Weekly Blackout Schedules.......................................................................................................................................................................... 154
Blackout Policy .................................................................................................................................................................................................... 154
Application Monitoring Actions and Action Policies .............................................................................................................................155
Application Monitoring Actions ..................................................................................................................................................................155
Action Policies ..................................................................................................................................................................................................... 156
WhatsUp Gold Action Policies ...........................................................................................................................................................................157
Alert Center Alerts .................................................................................................................................................................................................. 158
Notification Policies................................................................................................................................................................................................ 159
Thresholds ..................................................................................................................................................................................................................160
Alert Center Dashboard ........................................................................................................................................................................................ 161
Dashboards and Reports ..................................................................................................................................................................................... 162
Overview................................................................................................................................................................................................................. 162
Dashboards................................................................................................................................................................................................................. 163
Home Dashboard ............................................................................................................................................................................................... 163
Overview................................................................................................................................................................................................................. 164
Device Status ....................................................................................................................................................................................................... 164
Alert Center .......................................................................................................................................................................................................... 165
Live Activity .......................................................................................................................................................................................................... 165
Plugin Dashboards ............................................................................................................................................................................................ 166
Application Monitoring ............................................................................................................................................................................. 166
Log Management ......................................................................................................................................................................................... 166
Network Traffic Analyzer ........................................................................................................................................................................ 169
Virtual Monitoring ..............................................................................................................................................................................................172
Wireless ....................................................................................................................................................................................................................173
Full Page Reports .....................................................................................................................................................................................................175
Logs ................................................................................................................................................................................................................................ 176
Predictive Trending ................................................................................................................................................................................................177
Report Configuration and WhatsUp Gold Database ............................................................................................................................ 178
Alert Storm and Dependencies ........................................................................................................................................................................ 179
vii
Alert Storm ............................................................................................................................................................................................................ 179
Eliminating Alert Storms................................................................................................................................................................................ 179
Device Dependencies ...................................................................................................................................................................................... 180
Critical Monitoring.............................................................................................................................................................................................. 181
Log Management .................................................................................................................................................................................................... 182
Overview................................................................................................................................................................................................................. 182
Configuring Log Sources ............................................................................................................................................................................... 182
Syslog ................................................................................................................................................................................................................. 182
Windows Event Logs.................................................................................................................................................................................. 183
Log Filters .............................................................................................................................................................................................................. 183
Ingestion Filters ............................................................................................................................................................................................ 183
Advanced Filters........................................................................................................................................................................................... 184
Configuration Management ............................................................................................................................................................................... 186
Overview................................................................................................................................................................................................................. 186
Network Device Configurations ................................................................................................................................................................. 187
Comparing Configurations............................................................................................................................................................................ 187
Auditing Devices ................................................................................................................................................................................................ 188
Alerting.................................................................................................................................................................................................................... 188
Other Management Tasks ............................................................................................................................................................................ 188
Assigning Tasks.................................................................................................................................................................................................. 189
Customizing .......................................................................................................................................................................................................... 189
Appendix A .................................................................................................................................................................................................................190
Monitor Script Syntax...................................................................................................................................................................................... 190
Keywords ..........................................................................................................................................................................................................190
Script Syntax: Expect=Keyword .......................................................................................................................................................... 190
Script Syntax: Send=Keyword............................................................................................................................................................... 192
Script Syntax: SimpleExpect Keyword.............................................................................................................................................. 193
Script Syntax: Flow Control Keywords ............................................................................................................................................. 194
Send to Disconnect Examples ............................................................................................................................................................... 195
Appendix B ................................................................................................................................................................................................................. 196
Regular Expression Syntax........................................................................................................................................................................... 196
Matching a Single Character .................................................................................................................................................................. 196
Quantifiers ....................................................................................................................................................................................................... 197
Matching Position ........................................................................................................................................................................................ 197
Other ................................................................................................................................................................................................................... 197
Abbreviations ................................................................................................................................................................................................. 198
viii
Appendix C ................................................................................................................................................................................................................. 199
Extending WhatsUp Gold with custom scripting ............................................................................................................................. 199
About Active Script languages ............................................................................................................................................................. 199
Scripting Active Monitors............................................................................................................................................................................. 200
Using the context object with active monitors ........................................................................................................................... 200
Example active script active monitors .................................................................................................................................................. 202
Monitoring printer ink level and utilization .................................................................................................................................. 202
Alert when temperature exceeds or drops out of range ....................................................................................................... 204
Determine invalid user account activity ......................................................................................................................................... 205
Monitor bandwidth utilization on an interface............................................................................................................................ 209
Monitor an SNMP agent running on a nonstandard port .......................................................................................................213
Monitor for unknown MAC addresses .............................................................................................................................................. 214
Scripting Performance Monitors ............................................................................................................................................................... 218
Reference Variables .................................................................................................................................................................................... 218
Using the context object with performance monitors ............................................................................................................. 218
Example active script performance monitors......................................................................................................................................221
Graphing printer ink level utilization ..................................................................................................................................................221
Poll a reference variable and perform a calculation .................................................................................................................. 223
Graph a temperature monitor ............................................................................................................................................................... 225
Use SNMP GetNext. ....................................................................................................................................................................................226
Poll multiple reference variables .........................................................................................................................................................228
Scripting Actions ............................................................................................................................................................................................... 230
Example active script actions...................................................................................................................................................................... 233
Post device status to Twitter ................................................................................................................................................................ 233
Acknowledge all devices ..........................................................................................................................................................................234
ix
Preface
What to expect in the course

Learning Objectives
This class provides you with practical knowledge and specific skills to maintain a complex
network using WhatsUp Gold Plus, which includes Application Monitoring, Virtual
monitoring, Network Traffic Analyzer, as well as Configuration Manager.
All the classes for WhatsUp gold are based on the “Big 5 Tasks” a network or server
administrator. This is what you need to get out from network monitoring system, to have a
successful deployment.
These big 5 tasks are Discovery, Mapping, Monitoring, Alerting and Analysis
• Discovery is finding all your devices that are on your network. Your routers, switches,
servers and more
• Mapping is showing what devices are connected to what
• Monitoring is determining the state of your devices. Are they up or down, as well as, the
performance of your devices?
• Alerting is making sure you are aware of the status of your devices and being notified
when they are down or performing out of thresholds.
• Analysis is using WhatsUp Gold reports, Dashboards and more to help troubleshoot and
verify the metrics of your network and its devices.
Course Audience
This course is intended for the following audiences:
• Network Administrators
• Server/System Administrators
• WhatsUp Gold Implementers
• WhatsUp Gold Users
Prerequisites
We Recommend (but not required) that students have:
• A working knowledge of network administration

• A working knowledge of server administration
• Familiar with network monitoring/administration terms
1
Ipswitch Training Environment
During this class, each student will have access to a fully functional installation of WhatsUp
Gold that exists within a training environment, complete with an entire network of real-
world, operational devices. Network devices such as routers, switches, wireless access
points, and a firewall, as well as non-network devices such as Windows servers, Application
servers, and File servers all work together to offer you a realistic and representative
network in which to take advantage of everything WhatsUp Gold and its plug-ins have to
offer.
The Ipswitch Training Environment (ITE) fulfils two main roles for Students attending
WhatsUp Gold training:
• The ITE allows you to attend WhatsUp Gold training without the need to use your
production WhatsUp Gold server or install a second copy of WhatsUp Gold on your
network just for training.
• The ITE provides Students with an environment rich in the type of interesting
traffic and conditions you will want to see live in WhatsUp Gold and its additional
features.
Both benefits work together to offer you engaging and relevant lab exercises with no setup
required on your part.
The ITE provides us with a very flexible and portable architecture that we hope you’ll like.
Essentially, you could log in to the ITE from anywhere in the world and get started with
WhatsUp Gold training immediately.
2
Introduction
to WhatsUp
1
Gold
Introduction
Pollers
Polling is the term used for monitoring discovered devices in WhatsUp Gold. Polling can
occur in several ways, depending upon the monitors configured for network devices. The
default polling method uses Internet Control Message Protocol (ICMP). The default polling
interval for WhatsUp Gold is 60 seconds. If you engage the State Suppression, it will only
do a state change IF the state changed. The back-end configuration manages the
frequency checking for the state change with the objective for efficiency of operations.
A small amount of data is sent from the WhatsUp Gold computer across the network to the
device it is watching. If the device is up, it echoes the data back to the WhatsUp Gold
computer. A device is considered down by WhatsUp Gold when it does not send the data
back.
WhatsUp Gold comes with one Poller on the local machine and additional ones can be
purchased. The WhatsUp Gold Poller is an application used to perform and assign WhatsUp
Gold device polling operations to monitor network devices. Specifically, additional external
pollers installed on servers your network transmit active monitor and performance monitor
data to the WhatsUp Gold server. Extending polling activity across multiple pollers
increases the number of devices for which WhatsUp Gold can poll and collect data to send
back to the WhatsUp Gold system. This is referred to as clustered polling. Using clustered
polling, WhatsUp Gold can efficiently scale polling operations to a larger number of
network devices, ultimately providing the capacity to monitor and manage larger networks.
Scalability Pollers Scalability pollers assist with Active Monitors these will include
Assist with Active ActiveScript Monitors, JavaScript, VBScript and PowerShell Custom
and Performance Script Monitors. When assisting with Performance Monitors these
Monitors include PowerShell Custom Script Monitors.
3
Currently, Scalability Pollers do not assist with Discovery, Active Script Performance
Monitors, Passive Monitors, Configuration Management Tasks, Wireless Polling, or the MIB
Walker.
To assist in determining if you need an additional pollers, the Poller Health dashboard
report displays the status of the local poller and all pollers installed on your network. This
dashboard report allows you to ascertain at a glance if one or more pollers are down.
Each entry in the report contains the following information:

• Status: A color-coded indicator of poller status.
• Name: Displays the name of the poller.
• Lag Time: The amount of time in seconds the poller is behind its scheduled
time to poll devices; indicates poller overloaded.
• Lag Time Status: Indicates if lag time is causing a polling issue.
o A yellow status icon is rare and is only seen as an automatic intermediary
between red and green when a poller starts up or is failing.
• To the left of each poller name is a circular icon that serves as a visual indicator
of poller status:
o Red: Indicates the listed poller is not active or status is unknown.
o Yellow: Indicates the poller is starting up or beginning to fail.
o Blue: Indicates the listed poller is active and running properly.
An average poll lag time of a few seconds or more indicates your system may not be
performing optimally. The WhatsUp Gold CPU and memory utilization reports may also
indicate performance issues.
To install an additional poller, you must configure each poller to send data to the WhatsUp
Gold server by entering a name to identify the poller, the server name or IP address to
identify the device running WhatsUp Gold, and valid credentials required to access the
WhatsUp Gold host computer. You must also use this information to configure WhatsUp
Gold to receive data from each poller installed on our network.
The machine on which the WhatsUp Gold scalability poller is installed must have
the same access to the network as the WhatsUp Gold machine. Polling data is
always reported from the viewpoint of the WhatsUp Gold machine regardless of
which device performed the polling task. Therefore, if a poller can only access a portion of
the network, devices to which the poller does not have access (even previously discovered
by WhatsUp Gold) are reported as down.
The following are prerequisites for installing an additional poller on your WhatsUp Gold
system:
4
• Local admin privileges for the host machine are required to install the WhatsUp
Gold poller.
• The Windows account from which you install the poller must have a known
password. You will be prompted to enter this password during the poller
installation process.
• .NET4 is required for installation and is available to install if not already installed
on the host machine.
For a poller to successfully connect to WhatsUp Gold, enable communication on the

following ports: TCP 9713 - Polling Data Communications and TCP - 9730 Polling Control
Communications.
5
System Requirements
Logic
WhatsUp Gold user interface logic now resides on the client side. This greatly reduces the
performance impact to you and the WhatsUp Gold Server. The result is a much more
responsive experience for you. Due to this WhatsUp now has recommended requirements
for both server and any client connecting to the web interface.
Server
For a full list of OS and hardware requirements please see the release notes available from
our web site. https://www.ipswitch.com/support/documentation.
Requirements may vary depending on the configuration of WhatsUp Gold. Increasing the
number of devices monitored, number of monitors, types of monitors, polling intervals or
other configurations can result in additional load on the server and database. Adjustments
to the hardware may be required to optimize performance for your network.
100 Devices / 2,500 Devices / 20,000 Devices / 100,000

500 Monitors 12,500 Monitors Monitors
Processor Quad-core Quad-core Quad-core
Processor Speed 2.6 GHz or 2.6 GHz or more 2.6 GHz or more
more
RAM 8 GB 16 GB WUG: 8 GB
Dedicated SQL Server: 32 GB
(64 GB recommended)
Database MS SQL 2014 Dedicated Microsoft Dedicated Microsoft SQL
Express SQL Server 2008 R2 / Server 2008 R2 / Microsoft
Microsoft SQL Server SQL Server 2012 / Microsoft
2012 / Microsoft SQL SQL Server 2014
Server 2014
Hard Drive 25 GB of free OS/App: 15 GB or OS/App: 15 GB or more free
space more free space in space in RAID 1
RAID 1 Database files: 8 x 250 GB in
RAID 10
SQL: 4x100 GB Log files: 2 x 100 GB in RAID
Raid 10 0
Temp DB files: 2x250 GB
Raid 0
For more information about moving SQL server database and log files, see the WhatsUp Gold
database migration and Management Guide
NIC 100 Mbps 100 Mbps 1 Gbps
Preferred: 1 Preferred: 1 Gbps
Gbps
Video 1280x1024 or 1280x1024 or higher 1280x1024 or higher
higher
6
Client
With the change in logic we recommend the following the guidelines below as a minimum
suggestion.
100 Devices 2,500 20,000
/ 500 Devices / Devices /
Monitors 12,500 100,000
Monitors Monitors
Processor i5 Class i7 Class i7 Class
RAM 8 GB 8 GB 16 GB
Video 1280x1024 or 1280x1024 or 1280x1024 or
higher higher higher
Sound Card SAPI-capable SAPI-capable SAPI-capable
sound card sound card sound card
required for required for required for
Text-to- Text-to- Text-to-
Speech Speech Speech actions
actions actions
Poller
Additional pollers may be installed on any Windows system on the network, other than the
WhatsUp Gold server if they meet the following minimum requirements.
Minimum required for each additional poller
Processors i5 Class
Processor speed 2 GHz
RAM 4 GB
Hard drive space 2 GB
Network interface card 100 Mbps
7
Basic Navigation
Menu Bar
WhatsUp Gold menu bar has a common look and feel across all the Ipswitch products.
WhatsUp Gold currently had 3 different menus and one button on the main portion of the
menu bar. Your menu options are Discover, Analyze, and Settings.
The Discover Menu allows you to view the map of discovered devices or perform a
discovery from a new scan or a previously saved scan.
The My Network Button, which takes you to the interactive network map to monitor your
device inventory, connectivity and status information. This is the default map view you see
when logging into WhatsUp Gold.
The Analyze menu is where you would access any default or custom dashboards as well as
generate reports. This is also where you would go to see the extensive library of logs
containing historical data to aid in troubleshooting potential network issues.
The last menu is Settings, which allows you to configure everything from the WhatsUp
Gold itself to individual customization of your deployment.
On the right-hand side of the menu bar there are some additional
items. First is the search box, where you can
search for:
• Application navigation and
functionality
• Monitored and discovered devices
• Libraries
• Traffic (Flow Sources)
• Help and reference content available in the local and online help, Ipswitch
community and the knowledgebase.
Items matching your search will appear under 4 different filter controls Filter now filters on
ANY IP address on the device was just the default associated with the device but not any
of the IP addresses associated with the device.
Next to the search box is a small bell that will take you to Web Alarms dialog
page, showing you all the web Alarms that have been triggered but not
dismissed.
If a newer version than your installed version of WhatsUp Gold has been
released, the Update Available button will be displayed between the Web Alarm
and the user preferences menu. Clicking on the Update Available button will
8
drop down a dialog indicating the new version’s information. Clicking on the new version
will take you to more information on how to download the new version.
The User Preferences menu will list the user that is currently logged in.
By clicking on it you get a menu with the following options:
• User Preferences
o Opens the user preferences dialog
 If the account you logged into WhatsUp Gold with was created
using internal authentication, you will have the option to change
the user password
 Display Section
• Option to change the language for the user if additional
languages were installed with WhatsUp Gold
• Option to change the color for UP from Green to Blue.
Aids those with Red/Green color blindness
• Device state change highlighting
o Enable/Disable an animation effect in the Map
View or on the device information card
 Enable or disable (show/hide) the live activity bar across the
bottom of the web interface for this user
 Alarms Section
• Enable/Disable web alarms for this user
• Change the time interval for when the web alarm process
checks the list of tripped web alarms to display
• Change the System sounds played for system web
alarms
• Logout
o Logs the user out of the current web session
All the way on the right of the menu bar is the Help menu where you can:
• Open the WhatsUp Gold help files

• View the What’s New / Release Notes
• View the Welcome dialog again
• View the Quick Start Videos
• Assess the Progress® | Ipswitch® web site
• Go to the Education and Training Home page
• Support
o Get Support
o Progress Community
o Knowledge Base
o Online Help and Documentation
• About
o Opens the About dialog where you can see the current usage and License
information.
9
Discovered Network
The Discovered Network list or map view is where you will find all the devices WhatsUp
Gold has discovered and is either being monitored or is ready to begin monitoring. It is as
simple as selecting your devices and clicking the start monitoring button.
My Network
My Network features all the monitored devices in your network. You have the option to
see these devices in a list view, map view or a hybrid view that features access to both in
one interface.
Auto vs Custom
While you can see everything in a single map you have two different option in viewing the
map. You have an Auto Layout or a Custom Layout.
The Auto Layout arranges your devices according to connectivity. It also gives you the
option to show all the devices in sub-groups. The Custom Layout allows you to organize
your devices where you want them to be. It gives you finer tuning of your devices and
device groups, including adding shapes, annotations and images to the map. Custom links
can be added between groups or devise-groups. You can define active monitors for custom
links; for groups it is for the "entire" groups.
10
Group Picker
To navigate the different device groups, you can click on the down arrow on the Group
picker. It will expand the navigation tree. Clicking on the arrow shrinks it again.
When the tree is expanded you can see the 3-bar menu. This menu allows you to edit, copy,
delete, or create device groups and much more.
Map
You can enhance the map with the use of overlays. Apply filters by clicking the Funnel Icon.
As well as view your device in a Map view, Grid view or a hybrid of both.
11
Initial
2
Preparation
Initial Preparation
User Administration
Users
Everyone who is going to be using WhatsUp Gold should have their own login and
password, using either internal, LDAP/AD, or Cisco ACS authentication. User accounts
allow users to log in to the web interface of WhatsUp Gold and control access to data and
functionality either through direct assignment of user rights or by membership in a user
group. Also, WhatsUp Gold logs all web user activity making it easy to track down who did
what if something strange starts going on.
User Groups
Leveraging user groups allows for a single point of editing and configuration of user rights.
If at any time you need to change the user rights assigned to a selection of users, doing so
at the user group level requires only a single configuration change, versus changing all user
accounts individually, if no user groups were present.
This also follows best security practice which states to limit user interaction. Therefore,
instead of making changes to multiple users it allows for only making the change one time,
while still giving the users the rights they need to perform their job/duties.
User rights are One method of user rights management for WhatsUp Gold involves creating user groups
cumulative when with specific permissions sets and adding users to the groups that control features to
users are assigned to which they need access. Users can be a member of multiple groups. Their rights will be
multiple groups. inherited from each group.
You will want to keep the number of Groups at a minimum, to make it easier
to manage. Only create groups that are needed, while still letting them
control the user rights.
12
WhatsUp Gold comes with 5 default user groups which were found are the most common
roles and user right configurations across our customer base.
1. WUG Administrators: Users should be assigned to this group if they are
responsible for administering and/or configuring the WhatsUp Gold server.
The user rights enabled for this group are equivalent to the default admin
user
2. Super Users: Users should be assigned to this group if they are responsible
for configuring the WhatsUp Gold server. The user rights enabled for this
group are equivalent to the WUG Administrators groups except for the
manage user right which is disabled.
3. Network Managers: Users assigned to this group manage larger,

segmented networks. They may access all reports, configure monitors,
actions, manage alert center thresholds, and manage groups and individual
devices, finally they can create and share dashboards with other users.
4. Network Admins: This group should consist of network engineers who

monitor outages and receive alerts. Users assigned to this group may
access reports related to the devices and alerts, but do not have access to
system logs or real time performance reports. They can manage devices
assigned to device groups but cannot manage those groups. Users in this
group can also view and manage personal dashboard views, but cannot
share them with other users
5. Report Viewers: This group is for users who only need to view device,
group, inventory, and alert center reports. Users in this group may also view
and manage personal
dashboard views.
You may also want to add any

other groups you may need
besides the default groups. You
will also want to make sure you
use correct naming conventions.
This allows you to see what type
of rights a group has by just
looking at the name.
13
User Rights
User Rights govern what actions and rights a user can perform in WhatsUp Gold. Users
inherit rights from group memberships first then any additional rights given to them
individually. Like Active Directory, a user can be a member of multiple groups.
User rights are cumulative in nature, meaning they will get all the rights from every
group they are a member of. Plus, any additional rights given to them.
User rights are cached and should refresh within 5 minutes, or when the user logs off and
then back into WhatsUp gold.
The Table below lists and describes each user right:
Account Administration
Manage Users (Admin Enables users to create and edit users for the web
Rights) interface. This option also allows users to specify Group
Access Rights.
Enabling this right will enable all other rights.
Manage all Dashboards Enables users to add and publish all dashboard views as
well as configure, move and delete dashboard reports
within all dashboard views.
Manage Personal Enables Users to add, delete, and copy dashboard views,
Dashboards as well as edit the properties of an owned dashboard view.
Change Your Password Enables users to change their password from the
Preference dialog (Click [username] > User Preferences
from the upper-right of the network Performance monitor
interface.
Manage and Publish Enables users to add and publish dashboard views as well
Dashboards as configure, move, and delete reports within owned
dashboard views.
APM
Access Application Enables user to view APM.
Monitoring
Configure Application Enables users to configure application profiles in APM.
Profiles
Configure Application Enables users to configure application instances in APM.
Instances
Devices
Access Discovery Enables users to discover network devices, define device
roles that help identify specific device features, and add
them to the WhatsUp Gold database.
Manage Devices Enables users to add new device and edit existing devices
in the groups to which the user has access.
A user must have this right to view and hear Web

Alarms.
Manage Device Groups Enables users to create, edit, or remove device groups on
the network.
14
Monitoring
Administer Alert Center Enables users to resolve or acknowledge Alert Center
Thresholds threshold alerts
Configure Actions Enables users to create, edit and remove actions on
device in the groups which the user has access.
Configure Passive Monitors Enables users to create, edit, and remove passive
monitors on devices in the groups to which the user has
access.
Manage Recurring Actions Enables users to create, edit and remove recurring actions
on devices in the groups to which the user has access.
Configure Action Policies Enables users to create, edit and remove action policies
on devices in the groups which the user has access.
Configure Active Monitors Enables users to create, edit, and remove active monitors
on devices in the groups to which the user has access.
Configure Performance Enables users to create, edit, and remove performance
Monitors monitors on devices in the groups to which the user has
access.
Reports
Access Alert Center Reports Enables users to view Alert Center dashboards and
reports
Access Inventory Reports Enables users to view Layer-2 data including reports and
reporting tools.
Access Real Time Enables users to view the Real Time Performance reports
Performance Reports
Access Virtual Monitor Event Enables users to view the event logs generated by the
Logs Virtual Monitors
Access Virtual Monitor Enables uses to view virtual monitor reports
Reports
Export / Email Reports Enables users to export reports as a pdf file, export the
data as an Excel (XML), csv, or txt files, or email an
exported report to a specified email address.
Manage Scheduled Reports Enables users to manage and view scheduled reports of
other Network Performance users (Settings > Scheduling
Activities > Scheduled Reports).
Access Group and Device Enables users to view group and device reports for the
reports groups to which the user has access.
Access Network Traffic Enables users to view the Network Traffic Analysis (NTA)
Analysis Reports reports
Access System Reports Enables users to view WhatsUp Gold component logs:
Activity Log, Actions Applied Log, Actions Activity Log,
Discovery Scan Log, General Error Log, Logger Health
Messages, Poller Health, Web User Activity Log
Access Virtual Monitor Map Enables users to view the virtual machines on the Virtual
Overlay
Access Wireless Enables users to view wireless reports and overlays
Manage Business Hours Enables users to view and configure the business hours
System Administration
Access Tools Menu Enables users to access the tools menu for networking
utilities.
Configure Credentials Enables users to configure SNMP and Windows
credentials
15
Configure Network Traffic Enables users to create and delete WhatsUp Gold
Analysis Network Traffic Analyzer sources, collection intervals and
data intervals for reports.
Email Settings Enables users to configure Network Performance Monitor
email settings from (Settings > System Settings > Default
Email Settings).
Manage SNMP MIBs Enables users to download and delete SNMP MIBs
through the SNMP MIB Manager.
Configure Alert Center Enables user to create, edit and delete WhatsUp Gold
alert Center thresholds and notification policies
Configure External Enables user to configure external authentication (LDAP /
Authentication MSAD / Cisco ACS) for user authentication in the web
interface.
Configure Wireless Enables users to configure wireless settings.
Manage Configuration Enables users to configure Network Configuration
Management Tasks Manager tasks and task scripts on devices in the groups
which the user has access.
System Administration Enables users to edit system configuration items,
including the maximum number of passive monitor
records, maximum dimensions of map, and enabling or
disabling mobile access.
16
Password Policy
When you sync users with external authentication systems it will let you control the
password policy in a central location. These creates a one place for users to comply with
your security policies across a variety of applications.
Password Policy allows you to configure different aspects of the password, for WhatsUp
Gold User accounts, that are authenticating internally. The table below shows the different
aspects you can configure:
Password Policy
Account Lockout Duration Enter the time in minutes that the system should delay
(minutes) before allowing a locked-out user from performing a log
on attempt.
Maximum number of days Enter the minimum number of days required between
between password changes password changes.
Password expires after Enter the number of days before a password expires.
(days)
Retain Passwords for at Enter the number of days to retain previously used
least (days) passwords.
Ensure password not reused Enter the number of passwords that are not to be reused
against previous against previous passwords.
Warn when (days) left Enter the number of days to warn user before password
before password expiration expiration.
Minimum complex password Enter the minimum number of characters required for
length the password policy. The default minimum complex
password requirement is one special character, one
capital (upper case) letter, one lower case letter, and one
number.
17
External Authentication
WhatsUp Gold allows you to synch authentication with two different types of
authentication systems:
• Active Directory / LDAP Server
• Cisco ACS
While there are advantages with synching with any external authentication system, your
biggest advantage is when you synch with Active Directory. When synching with AD you
can synch your WhatsUp Gold user groups with your Active Directory groups; allowing AD
group membership supply access and rights into WhatsUp Gold.
The biggest advantage is you will no longer have to create user accounts. When a user logs
into WhatsUp Gold for the first time, the user account will automatically get created with
the correct rights according to group membership.
You will need to do clean up, for we do not automatically delete accounts.
AD Integration
To integrate with Active Directory (AD) external authentication, you start by going to
Settings > System Settings > External Authorization > Active Directory/LDAP Server Setup.
Clicking the Edit link next to External
authentication server, will open the Edit Active
Directory/LDAP Server Setup dialog. This
where you configure your LDAP or Active
directory settings. If you prefer to synch with
Cisco ACS, you will need to go to Settings >
System Settings > External Authorization >
Cisco ACS Server Setup.
On the Domain controller/LDAP server, you will
want to enter your domain name instead of
your server name or IP address. The domain
name should have C-names in DNS which
resolve your domain name to all your domain
controllers, so if one goes down, you can still
log in. Select Use Active Directory and enter
the domain name you use to log into AD. (Use
the NetBIOS Domain name or short domain
name).
If are using LDAP and not Active Directory be sure to use the fully qualified name
LDAP server might be CN=%s, OU=Users, o=yourdomain.net where %s is replaced
by the username and password of the user.
18
WhatsUp Gold does Next you are going to synch your Active
not support nested Directory groups with your WhatsUp Gold
groups within Active groups, you will need to click the Browse
Directory AD/LDAP groups link to find your AD groups
you want to sync with. You will need to enter a
username and password, this is not stored, it is
any user who can access AD, so you can browse
your Active Directory Groups.
Once your groups are selected Click OK to return
and choose from the drop down what WhatsUp
gold group will be associated with each Active
Directory Group.
Device Group Access Rights
Device group access rights enable the system administrator of WhatsUp Gold to allow or
deny read and write access to specific physical groups and devices. These rights can be
enabled or disabled by the administrator and are disabled by default (except for the user’s
Home device group, to which each user has Group Read access). Device group access
rights are useful when users need to view and edit only those groups that matter to them,
as would be the case with a large network with multiple network administrators. Device
group access rights allow an administrator to grant each user rights to only the devices on
the network for which that user is responsible.
There are four types of device group access rights:
• Group Read: This right allows users to view groups and devices in the
selected group. This right allows users to see the group’s map and device
list. Group-level reports are not affected by group access rights but are
affected by user rights.
• Group Write: This right allows users to edit group properties and add, edit,
and delete devices and subgroups within the selected group.
• Device Read: This right allows users to view the device properties of all
devices within the selected group. Device-level reports are not affected by
group access rights but are affected by user rights.
19
• Device Write: This right allows
users to edit the device
properties of any device within
the selected group and to delete
the device from the group.
20
Supported Protocols
Protocols are the rules or standards that define the syntax, semantics, and synchronization
of communication and possible error recovery methods.
Credentials are used to control access to information or other resources. Credentials are
the passwords and other authentication methods used to access the different protocols
used for network management.
ICMP
The most basic protocol that we probably all use for network troubleshooting is – ping – it
is also a very valuable tool for network discovery. The only configuration information that
is needed to run a ping is the IP address of a target device.
A host device sends out a specific
Internet Control Message
Protocol (ICMP) packet called
“echo” to the target IP address,
which contains both the sender’s
(host) and the intended receiver’s
(target) IP addresses. If the
intended device is running and
can respond to this message, it
does so with a response packet
called “echo reply” which also
contains the two IP addresses, but with the sender and recipient addresses flipped. To
ensure more confidence in the results of this one exchange, ping can be configured to send
out a few packets, or to continuously transmit packets until stopped. However, since it is
possible to disable the intended device from responding to “echo” packets, the lack of an
“echo reply” response does not necessarily mean a device does not exist at that IP address,
is not operating, or that the path to that target is unavailable.
Therefore, the most information the host device could learn through ping is that there is a
device at a given IP address, because it receives a response. If you intend to use ping for
discovery or monitoring in WhatsUp Gold, make sure every device on your network can
respond to “echo” packets, which is the default setting unless otherwise restricted.
To help reduce security risk, allow ICMP traffic only to and from the WhatsUp
gold server and any additional pollers through any firewalls
SNMP
SNMP, Simple Network Management Protocol, is one of many protocols that have been
introduced as part of the Internet, and more specifically, from the Internet Architecture
Board. It is a defined collection of tools to exchange information between devices for the
purposes of managing and monitoring networked devices and is part of the overall TCP/IP
protocol suite. The first official publication of the protocol was released in 1988, which is
21
now referred to as SNMP Version 1 or SNMPv1. Since then, SNMP has been revised twice,
so in addition to SNMPv1, there is SNMPv2 and SNMPv3. The details of all versions of
SNMP are very interesting, and the most pertinent features will be discussed throughout
this class at the point where and when they relate to the next Lab exercise. Although
“simple” is part of the name, SNMP is by no means trivial, and there are many books and
websites that go into the myriad details of dozens of official Request for Comments (RFC)
documents.
At this point, we will view SNMP at a very high level and only insofar as to compare it
against ping as a scanning technique.
SNMP can poll networked devices and monitor data such as utilization and errors for
various systems on a host device. SNMP can also be used for changing the configuration of
the host, which enables remote network management. SNMP is based on the concept of
network management and monitoring as a system of logical elements including a Network
Management System, Managed Devices and SNMP Agents, which are software modules, on
those devices.
In our case, WhatsUp Gold is the Network Management System, and the fundamental
SNMP architecture is depicted here:
Unlike ping, SNMP can send out a specific message from one device to request information
from another device, which responds back with the requested information, and there are
specific formats described in the RFCs for the arrangement of the information within these
messages.
To be more specific, it is the Network Management System (WhatsUp Gold) that initiates
the request/response exchange, not just any host device, and it’s the SNMP Agent on the
Managed Device that would respond to the Management System queries. The message
sent from the Management System is simply called a “Get” message and a “Response” is
returned from the device.
22
More information relating to hardware and software is exchanged with SNMP, such as
make, model, serial number, and performance as well as OS version, state, and status.
SNMPv1
Introduced the term “community” to refer to all the devices in an SNMP network, and this
concept continues to be used. A unique name or collection of alphanumeric characters is
used to identify a community and serves as a case-sensitive password, called a
“Community String.” Community strings are used to authenticate the exchange of SNMP
messages, providing a basic level of security. WhatsUp Gold and each of the SNMP Agents
use this string to indicate that they belong to the same community. Every message
exchanged between them also must contain this string (passed in clear text), because any
mismatch between the string in the message and the string assigned to the device
receiving this message would result in the message being ignored by that device. A device
can belong to several communities, and its SNMP agent can differentiate requests from any
management system, if that management system string is listed on the device.
There are two cases of community strings used: Read and Read/Write. In many cases,
vendors of SNMP managed devices will enter “public” by default for the Read community
string on their products, and possibly “private” by default for the Read/Write community
string. Each of these community strings allow connections exactly as their name would
imply, so exercise caution in selecting appropriate community strings for each purpose.
Best security practice is to no longer use the Public and Private Community
strings but ones that are unique for your environment.
SNMPv2
Although security was addressed in SNMPv2 and resulted in many alternatives, ultimately
the use of clear text community strings was carried over into SNMPv2c in addition to an
expanded set of commands and it became the new SNMP standard. Today the terms
SNMPv2 and SNMPv2c are used interchangeably.
23
SNMPv3
Adds many additional benefits to earlier versions, but notably increased security through
encryption of packets, integrity against packet tampering, and authentication between
manager and agents. This latest version of SNMP was recognized by the IETF in 2004 and
continues to gain popularity in network management largely due to these security
enhancements, but SNMPv2 is still widely used as well.
There are many more parameters and settings used by all three versions of the SNMP
protocol operations, but the fundamental operation is similar among them. We will be
describing SNMP often, to address some of these configuration elements.
We strongly recommend that you enable SNMP on all your devices before discovery to
take advantage of the capabilities that SNMP offers. We will discuss how to do this later
from an overview perspective, but each vendor will have its own way of doing so.
WMI
Windows Management Instrumentation (WMI) is Microsoft’s implementation of the Web-
based Enterprise Model technology for unified monitoring of distributed environments. It is
a set of extensions that provide an operating system interface to collect management data
on Windows-based systems. WMI performance monitors can supervise Windows servers,
desktops, and applications performance and health. The monitors can proactively identify
failures and bottlenecks by tracking component processes and workloads, and thereby aid
in faster troubleshooting. Administrators can also create custom monitors for any web-
based or virtual domain applications. Additionally, WMI also trends historical data to chart
out application performance over time.
WhatsUp Gold can gather information about Windows computers using WMI. To monitor
Windows servers via WMI you must have windows credentials, whether with local
administrative rights or at least WMI and DCOM query permissions.
In many cases, the information available via WMI is also available via SNMP. However,
Microsoft has deprecated SNMP starting with Windows Server 2012 and it may be altered
or unavailable in subsequent versions. So, it is recommended to use WMI with your
Windows devices.
Telnet/SSH
Telnet is an application layer protocol used on the Internet or local area networks to
provide a bidirectional interactive text-oriented communication facility using a virtual
terminal connection. User data is interspersed in-band with Telnet control information in an
8-bit byte-oriented data connection over the Transmission Control Protocol (TCP).
Telnet was developed in 1969 beginning with RFC 15, extended in RFC 854, and
standardized as Internet Engineering Task Force (IETF) Internet Standard STD 8, one of
the first Internet standards.
24
Historically, Telnet provided access to a command-line interface (usually, of an operating
system) on a remote host, including most network equipment and operating systems with a
configuration utility (including systems based on Windows NT). However, because of
serious security concerns when using Telnet over an open network such as the Internet, its
use for this purpose has waned significantly in favor of SSH.
The term telnet is also used to refer to the software that implements the client part of the
protocol. Telnet client applications are available for virtually all computer platforms. Telnet
is also used as a verb. To telnet means to establish a connection with the Telnet protocol,
either with command line client or with a programmatic interface. For example, a common
directive might be: “To change your password, telnet to the server, log in and run the
password command.” Most often, a user will be telnetting to a Unix-like server system or a
network device (such as a router) and obtaining a login prompt to a command line text
interface or a character-based full-screen manager.
Secure Shell (SSH) is a cryptographic network protocol for operating network services
securely over an unsecured network. The best-known example application is for remote
login to computer systems by users.
SSH provides a secure channel over an unsecured network in a client-server architecture,
connecting an SSH client application with an SSH server. Common applications include
remote command-line login and remote command execution, but any network service can
be secured with SSH. The protocol specification distinguishes between two major versions,
referred to as SSH-1 and SSH-2.
The most visible application of the protocol is for access to shell accounts on Unix-like
operating systems, but it sees some limited use on Windows as well. In 2015, Microsoft
announced that they would include native support for SSH in a future release.
SSH was designed as a replacement for Telnet and for unsecured remote shell protocols
such as the Berkeley rLogin, RSH, and REXEC protocols. Those protocols send information,
notably passwords, in plaintext, rendering them susceptible to interception and disclosure
using packet analysis. The encryption used by SSH is intended to provide confidentiality
and integrity of data over an unsecured network, such as the Internet, although files leaked
by Edward Snowden indicate that the National Security Agency can sometimes decrypt
SSH, allowing them to read the content of SSH sessions.
JMX
JMX (Java Management Extensions) is a set of specifications for application and network
management in the J2EE development and application environment. JMX defines a method
for Java developers to integrate their applications with existing network management
software by dynamically assigning Java objects with management attributes and
operations. By encouraging developers to integrate independent Java management
modules into existing management systems, the Java Community Process (JCP) and
industry leaders hope that developers will consider non-proprietary management as a
fundamental issue rather than as an afterthought.
JMX facilitates the centralized management of managed objects (called Mbeans) which
acts as Java wrappers for applications, services, components, or devices in a distributed
25
network. The actual management is provided by an MBean server, which acts as a registry
for all manageable resources. The MBean server is the spine of the JMX architectural frame,
allowing server components to plug in and discover all manageable objects.
Java Management Extensions for management and monitoring are an optional extension to
the standard Java Developer Kit (JDK) and can be used in place of Simple Network
Management Protocol (SNMP).
Credentials
The Credentials system stores the applicable login, community string, or connection string
information for network devices such as routers, switches, servers, virtual hosts, and other
devices. Credentials can be divided up into 7 categories:
• Network Management
o SNMPv1
o SNMPv2
o SNMPv3
• System Attributes and Instrumentation
o Windows (WMI)
o VMWare
o SSH (Typically used for Linux and UNIX systems)
• Remote Execution
o SSH (Secure Shell Client)
o Telnet
• Storage Device Management
o SMIS [SMI-S] (Storage Management Initiative Specification)
• Cloud
o AWS (Amazon Web Services)
o Azure
• Wireless
o Meraki Cloud
• Application
o ADO (Active Data Objects)
o JMX
o REST API
o Ubiquiti.
Hyper-V uses windows credentials, therefore if you are licensed for Virtual
Monitor then you will just need to enter your Windows Credentials
26
Adding
You need to follow your manufacturer’s or operating system’s instructions on adding
and enabling protocols on each of your devices. Inside of WhatsUp Gold you can add
the credentials to the credential library which can be accessed by clicking Settings >
Libraries > Credentials.
Creating AWS Read Only Credentials

1. Login to the AWS Portal and Navigate to IAM
27
2. Select Users and click Add user
3. Specify the user name and enable Programmatic access
4. Select Attach existing policies

a. Select AmazonEC2REadOnlyAccess from the list
28
5. Make sure everything is correct
6. Copy the Access key and Secret and use them to create a new AWS
Credential in WhatsUp Gold
Azure Access
Follow Microsoft’s instructions for setting up the keys for your Azure account here:
https://docs.microsoft.com/en-us/azure/billing/billing-enterprise-api under the
Enabling data access to the API section.
Meraki Cloud Credential

To enter a credential for Meraki Cloud, you first must obtain the API key from your
Meraki dashboard.
1. To obtain the API key required to create a Meraki credential in WhatsUp Gold:
2. Log in to the Meraki dashboard (http://dashboard.meraki.com).
3. Click your username in the upper-right corner of the dashboard, then select My
profile from the menu that appears.
4. Click Generate API key under the API access section of the dashboard.
5. Copy the API key displayed.
Return to WhatsUp Gold to continue creating the Meraki Cloud credential.
29
3
Monitors
Monitors
While the discovery process learns what devices are on your network, and you can always
add monitors after you are already monitoring your device. It is best to create all your
monitors first, so you can automatically deploy monitors based on the role of the device.
So, what do monitors do they monitor the condition, state and/or performance of devices
that make up your network.
Monitoring the status of the devices on your network requires making or accepting
connections to and from each network location, gathering data about the device, and
determining if the data is acceptable in terms of what you would expect to see in a healthy
environment. In some cases, it is useful to compare the data against a range of acceptable
responses to see if the device is operating as it should. In other cases, you may want to rely
on the device to monitor itself and send data to the WhatsUp Gold server passively, or to
simply collect and store data for long-term analysis.
Each of these scenarios may require a different connection method and monitoring
solution, and the Monitor Library in WhatsUp Gold allows you to configure a set of
monitors to accomplish each task.
The Monitors Library also allows you to test active monitors
against a device(s) before applying the monitor. To test an
active monitor,
select the monitor
from the list of
active monitors and
click the test link. A Test :< MonitorName>
dialog will open.
Select the device to test the monitor against
from the Device for test dropdown.
Select which Network Interface to test against
from the dropdown, the default interface is
selected automatically.
If the selected monitor does not require a
credential, it will run under whatever context
the Poller engaging is running under. This is
very important to know if you are testing active
script or PowerShell active monitors. Otherwise,
select the proper credential from the credential library in the drop-down list. You also have
30
an option to access the credential library directly by clicking the library button.
Additionally, it will run under whatever poller is being used for that device.
Once all the fields are filled in, click the
test button.
It will provide results of the test, so you
can adjust if needed.
Monitor Types
There at four types of monitors in WhatsUp Gold:
• Active Monitors – Actively monitor your device. They determine if your

devices are Up or down
• Passive Monitors – sit back and wait for your devices to report to them
• Performance Monitors – check how your devices are performing (CPU,
drive space, memory, etc.…)
• Application – monitors your applications health and status.
Each monitor type offers unique functionality, with different options and configuration
needs, and the data you collect with each monitor type can be used in a distinctly different
way.
31
Active Monitors
As its name implies, an Active Monitor actively polls your devices. It will interact with a
target device for specific information, such as a ping reply, SNMP response or service
status request. After a device is added to the database, WhatsUp Gold begins monitoring
that device using ICMP (Internet Control Message Protocol) and any other active monitors
established for that specific device role, such as Interface SNMP active monitors on a
Router or Switch.
There are approximately 20 default active
monitors. There are 35 different monitors
to create available in the default instance
of WhatsUp Gold, ranging from fan,
temperature and power supply monitoring
to basic TCP-based service monitors such
as HTTP, SMTP, DNS and Radius. You can
create your own custom Active Monitors
as well, ranging from very basic port
monitors to advanced synthetic
transaction monitors.
Active Monitors simulate user events and actively poll for specific metrics such as MIB
values or other sorts of instrumentation, service and application availability and latency,
apply queries and exercise APIs. To accomplish this WhatsUp Gold has 6 types or areas of
monitors:
• Chassis, Hardware, and Wireless

• Application/Application Layer
• Critical Services
• Network Management and Instrumentation
• File system and Storage
• Cloud-Based Resources
Many of the monitors in the Critical Service area are better suited to monitor as
an application, instead of on individual devices.
32
Polling Characteristics
For Active monitors to determine the state of the target device it must first poll that
device. Polling is the active watching, or monitoring, of your network by WhatsUp Gold. In
the polling process, WhatsUp
Gold sends a message to the
device, and expects an
appropriate response. If a
response is either not received
or is not the expected
response, the monitor is considered down. When an Active monitor reports down it will
initiate a state change. No other type of monitor can initiate a state change. Meaning only
active monitors determine if a monitor or device is up or down.
The default polling interval is once every 60 seconds which is configurable per device or
per monitor.
Are you sure your device or monitor is responding correctly?

You can determine the state of your device with Device States; these State Changes are
dependent on a period.
Down state (not responding - 0): Means it just reported down and WhatsUp continues to
poll the device. If, after 2 minutes, two complete polling periods, the monitor is still
reporting down, another state change, Down 2 min (not responding – 2), will occur.
Maintenance Mode, which will be covered later along with actions, is a way to show the
device is in a planned maintenance window. WhatsUp Gold will not Poll the device and
therefore will not initiate any other state changes, fire any actions, or log any activity.
Besides the default State Changes, you may create your own custom state changes. For
example, you need a down for at least 30 minutes or down for 15 besides the default down
5 or down 20. Custom state changes are currently only available to through the Admin
console; Under Configure > Program Options > Device States. Because the WhatsUp Gold
Admin Console is being phased out, the shapes and colors for custom state changes are
left from previous versions and will not display or affect the Web Interface.
33
Monitor Options
When adding/editing a monitor to/on your
device, you have multiple options in which to
configure each monitor to fit the environment.
The first option is which interface the monitor
should be applied to. By default, this is the
primary or default interface. If a device has
multiple IPs make sure it is assigned to monitor
on the correct one. There are multiple options
available Under the Advanced section of the
Active Monitors Properties Page.
Argument: Enter text to append to the OID for
the interface on the selected device. By default,
it identifies the number used by the SNMP
interface.
Comment: Enter user defined
text to appear in the Active
Monitors list.
Use independent poll

frequency for this monitor:
Select this option to have the
selected monitor polled based
on the Poll frequency.
Poll frequency: Enter the amount of time (in seconds) between polls for the selected
monitor. This setting is not displayed unless you select the Use independent poll frequency
for this monitor option.
Independent poll frequency for all monitors is ignored when an active monitor is
specified as critical.
34
Hardware, Chassis and Wireless
APC UPS
The APC UPS monitor watches your
American Power Conversion Uninterruptible
Power Supply (APC UPS) device and alerts
you when selected thresholds are met or
exceeded, output states are reached, and/or
abnormal conditions are met.
Thresholds: Select which thresholds to

monitor. Click Configure to set individual
threshold settings if desired.
Monitor the following output states: Select

the output state(s) on which you want to be
alerted.
Monitor the following abnormal conditions:

This monitor uses SNMP to pull the information Select the abnormal condition(s) on which
you want to be alerted.
An alert can be sent when the UPS battery capacity is below 20%, when the
battery temperature is high, when the battery is in bypass mode due to a
battery overload state, and many other UPS alert conditions.
35
Fan
The Fan Monitor checks manufacturer-
specific device fans and cooling devices,
such as active and passive cooling
components, to see if they are enabled
and returning values signaling, they are
working properly. The monitor first
checks if the monitored device is
manufactured by Dell, Cisco, or HP. Then,
it checks for any enabled fans and other
cooling devices. If a fan is disabled, the
monitor ignores it. This monitor uses SNMP to pull the information
The monitor is considered down when it

does not return one of the following values:
1 - Normal (for Cisco devices or Dell PowerConnect switches and routers)
2 - OK (for ProLiant switches and routers)
3 - OK (for Dell Servers)
4 - OK (for HP ProCurve Servers)
Not all types of device fans and cooling components can be monitored
Power Supply
The Power Supply monitor checks manufacturer-
specific power supplies devices to see if they are
enabled and returning values signaling, they are
in an Up state. The monitor first checks if the
monitored device is manufactured by Dell, Cisco,
or HP. Then, it checks for any enabled power
supply devices. If a power supply is disabled, the
monitor ignores it.
The monitor is considered down when it does not return one of the following values:
1 - Normal (for Cisco switches/routers)
1 - OK (for Dell switches/routers)
2 - OK (for HP ProLiant servers)
3 - OK (for Dell server devices)
4 - Good (for HP ProCurve switches/routers)
Not all types of power supplies can be monitored
36
Printer
The Printer monitor uses SNMP to collect data on SNMP-enabled network printers. If a
failure criterion is met, any associated
actions fire.
Warning for the Printer active monitor to
work, in addition to being SNMP-enabled,
the printer you are attempting to monitor
must also support the Standard Printer
MIB.
Enter or select the appropriate
information in the Failure Criteria section:
If the ink level in any of the cartridges
falls below___%. Enter a numerical value
for the threshold. If the ink level of any
printer ink cartridge falls below this
percentage, the monitor is considered
down. By default, this option is not
selected.
If the printer registers any of the

Some printers may not support all the SNMP objects associated with
following alerts. By default, the monitor the available monitor alert checks.
watches for all the listed printer alerts. If
you do not want to monitor an alert, clear its selection in the list. If the printer registers one
of the selected alerts, the monitor is considered down.
Example, you can monitor for printer ink levels, for a paper jam, for low input
media (paper), for a fuse that is over temperature, and more.
Temperature
The Temperature monitor checks manufacturer-
specific temperature probes to see if they return a
value signaling, they are in an Up state. First, the
monitor first checks if the monitored device is
manufactured by Cisco, Dell, HP, or Ravica. Then, it
checks for any enabled temperature probes.
The monitor is considered down when it does not return one of the following values:
1 - Normal (for Cisco switches and routers)
2 - OK (for HP ProLiant servers)
2 - Normal (for Ravica temperature probes)
37
3 - OK (for Dell Servers)
4 - Good (for HP ProCurve switches and routers)
If a temperature probe is disabled, the monitor ignores it.
WAP Radio
The WAP Radio monitor uses SNMP
authentication to determine the status of a
Cisco Aironet wireless access point. The monitor
first checks the ifType (OID 1.3.6.1.2.1.2.2.1.3)
value. The ifType value of 71 - IEEE 80211 must
be present for the monitor to continue checking
the WAP radio device status.
Then, if the ifType value is true, the
ifAdminStatus (OID: 1.3.6.1.2.1.2.2.1.7) value is checked. If the ifAdminStatus value for the
interface is in the Down or Testing state, the active monitor is considered Down and the
ifOperStatus (OID: 1.3.6.1.2.1.2.2.1.8) value is checked. If the ifOperStatus value is 1 - Up or 5 -
Dormant, the WAP radio is determined to be in the Up state. Otherwise, the device is
considered in the Down state.
38
Application/Application Layer
JMX
The JMX Active Monitor allows you to monitor any server that supports JMX by requesting
one or more JMX attributes the server supports and allows you to easily browse and add
available attributes to the monitoring
list.
Port. Enter the port number on the
server that WhatsUp Gold should use
to communicate with the JMX service.
Use SSL with RMI Registry. Enable
this option to use the JMX active
monitor secured by SSL.
Click Add to launch the JMX
Credentials dialog.
Enter the IP address or host name
of the target device to browse.
You can also click the Browse button
(...) to select a device from the device
list.
Ensure the Port and Use SSL with RMI Registry settings reflect your selections made in
the previous dialog.
If needed, select an existing JMX credential from the list or click the Browse button (...) to
access the Credentials Library, then create a new one.
Click OK to proceed to the JMX Browser which you can use to select the target device,
domain/path, and attribute(s) to monitor. The monitor configuration dialog should now
display the attributes you selected in the JMX Browser.
Select one or more attributes, then click Configure to launch the Comparison Definition
dialog.
Specify the Comparison Type and Comparison Value for the selected attribute(s).
Click OK to return to the monitor configuration dialog.
Repeat procedure steps as needed to configure comparison settings for other attributes to
be monitored.
Multiple attributes can be selected and configured at once if they are of the
same type. You can also select multiple attributes, then click Copy to
configure multiple comparison types and values for those attributes
simultaneously using the same monitor.
39
Process Monitor
Process monitor determines if a process is
running and issues state changes for the
device as needed.
Protocol to use. Select either SNMP or
WMI as the protocol for the monitor to use
to connect to the selected device. If using
SNMP, click Advanced to set the SNMP
timeout and number of retries if desired.
Process Name. Enter name of a process or
click Browse (...) to navigate and connect
to a device from which to select a process
to monitor.
Down if the process is. Specify if the
selected process is either not loaded or is running for the monitor to report a Down status.
Service Monitor
The Service monitor checks the status of a service on a Windows machine and has the
option of restarting the service. Service restart can only occur if the appropriate
administrator permissions exist.
Protocol. Select either SNMP or WMI as the protocol for the monitor to use to connect to
the selected device. If using SNMP, click Advanced to set the SNMP timeout and number of
retries if desired.
Service Name. Click browse (...) to specify a server or workstation running the service by
entering an IP address or hostname and selecting applicable SNMP credentials.
Restart on failure. Enable this option to attempt to restart the service when it enters a
Down state.
Use an Action to restart the service instead of the Restart on Failure option.
Also using SNMP, if or when possible, will preserve system resources. If you
are going to use the NT Service monitor as a critical monitor, then you must
use WMI.
If you change protocols the service must be selected in the Service Name field
for the monitor to work.
40
PowerShell Monitor
The PowerShell monitor provides a
platform for performing a wide
variety of monitoring tasks through
direct access to script component
libraries, including the .NET
Framework.
Prerequisites:
WhatsUp Gold uses the 32-bit (i.e.
x86) PowerShell engine. Therefore,
only 32-bit PowerShell snap-ins are
supported, and 64-bit only snap-ins
will not function properly. Snap-ins
that work on both 32-bit and 64-bit
operating systems are configured for
64-bit systems by default and must
be manually con-figured for 32-bit
PowerShell engine to function properly with WhatsUp Gold.
The PowerShell Scripting active monitor requires the use of windows credential.
Configure:
Timeout (Seconds). Enter the length of time WhatsUp Gold attempts to connect to the
selected de-vice. When the time you enter is exceeded without connecting, a timeout
occurs and WhatsUp Gold stops trying to connect to the SMTP server. This is considered a
failed connection. Although the de-fault timeout is 60 seconds, you are discouraged from
using a timeout longer than 10 seconds. Use the shortest timeout possible.
Run under device credentials. Enable this check box to execute the script using the
Windows credentials for the affected device.
Script text. Enter your monitor code.
Telnet
The Telnet monitor checks for a Telnet
server on port 23. If no telnet service
responds on this port, then the service is
considered Down.
Timeout. Enter the length of time
WhatsUp Gold attempts to connect to the
selected device. When the specified time is
exceeded without connecting, a timeout
occurs and WhatsUp Gold stops trying to
connect to the server. This is considered a
failed connection.
Use in rescan. Enable this option to have the monitor appear in Device Properties. If
enabled, clicking Refresh Connectivity within the Device Properties interface adds the
monitor to the selected de-vice if the applicable protocol or service is active on that device.
41
SSH Monitor
The SSH monitor uses SSH authentication to connect to a remote device to execute
commands or scripts which can be either
embedded in the monitor or placed as an
executable script file on the remote machine
with a command embedded in the monitor
to run the script. The success or failure of
the monitor is dependent upon values
returned by the commands or scripts that
can be interpreted by WhatsUp Gold as Up
or Down.
Command to run. Enter the command to run
and execute on the remote device. The
command can be anything the device can
interpret and run; for example, a Unix shell
command or a Perl script. The command or
script must return a string value. Please
note, if you create a script to run on the
remote device, it must be developed, tested, and/or debugged on the remote machine.
Line end character. Select the appropriate line end type: None, Linefeed, Carriage return,
or Carriage return linefeed. Multiline scripts are entered and persisted on a Windows
operating system and include line-ending characters that may not be recognized on the
target device. This configuration feature instructs WhatsUp Gold to replace the line-ending
characters with the selected characters prior to connection and command execution.
The monitor is considered Up if the following output. Select the appropriate output
criteria. For example, if you are checking to see that a specific network connection is
present on the remote device, ensure the output contains the specific connection. If the
network connection you specify is not present when the monitor checks, the monitor is
considered Down.
Use regular expression. Enable this option to apply the target string as a regular
expression as it searches the output from the command and considers the selected output
criteria. The target string is evaluated as simple text if this option is disabled.
SSH credential. Select the appropriate SSH credential WhatsUp Gold uses to connect to
the remote device. WhatsUp Gold uses the SSH credential assigned to the monitored
device if Use the device SSH credential is selected.
42
SQL Query
The SQL Query monitor uses WMI or ADO authentication to determine if specific
conditions exist in a Microsoft SQL, MySQL, or ORACLE database by querying the
database. If the configured conditions are present, the monitor is Up. If changes made to
the database since the last query cause data to
no longer fall within the defined criteria, the
monitor is Down.
Server Type. Select Microsoft SQL Server,
MySQL, or ORACLE as the database server
type. Please note, MySQL database is
supported and listed as a server type option
only if the MySQL 5.2.5 Connector is installed.
Connection Timeout. Enter the amount of
time WhatsUp Gold waits for the server to
respond before terminating the connection
and returning the timeout error. The minimum
allowed value is 1 second whereas maximum
allowed value is 120. Please note, this setting
only applies to polling whereas the query
builder assumes a default of 15 seconds for the
connection timeout.
Server Address. Enter the server address in the applicable format:
ServerName\Instance format for Microsoft SQL Server.
Example: WUGServer\SQLEXPRESS
ServerName for MySQL.
Example: WUGServer
ServerName/ServiceName for Oracle.
Example: WUGServer/Oracle.
The SQL query you enter Port. Enter the database server port number.
must return a single
numeric value. SQL Query to Run. Enter the query to run against the specified database to check for
Specifically, a single certain database conditions.
record that has just one
column. If the query Click Build to launch the SQL Query Builder for assistance with developing proper query syntax.
returns more than one
record, the monitor fails
Only SELECT queries are allowed.
to store the data. If the
query returns a single
Click Verify to test if the entered database query is valid.
record but there are
multiple columns in the
Number of rows returned is. Select this option to determine the success or failure of the monitor
record returned, then the scan based on rows returned by the SQL query. All database rows must match the criteria
monitor will pick the first settings for the monitor to be considered Up.
column as the value to
store and this first column Content of each retrieved row matches the following criteria. Select this option to determine the
must be numeric, success or failure of the monitor scan based on criteria which each database row must match. If
otherwise the monitor will
fail to store the data.
multiple threshold criteria are used, all thresholds must match the criteria in each row for the
monitor to be considered Up.
43
Click Add, Edit, and Delete as needed to create, modify, and remove database column values and
conditions, respectively.
To monitor a MySQL database, download and install the MySQL .NET Connector on
the WhatsUp Gold machine. Please note, only MySQL version 5.2.5 is supported due
to potential compatibility issues. MySQL .NET Connector version 5.2.5 can be
downloaded directly from the WhatsUp Gold website
(http://www.whatsupgold.com/MySQL525Connector).
When connecting to a remote SQL instance, WhatsUp Gold only supports the
TCP/IP network library.
HTTP Content
This monitor requests a URL and
checks the HTTP response against
an expected content. If the response
does not return the expected
content, the monitor fails. You can
use this monitor to ensure that your
web pages are available for viewing,
to check if a page renders properly
on specific browsers, or even to
check for the presence/absence of
specific content. If the monitor does
not find the specified content, the
monitor is considered Down.
This monitor supports additional
authentication methods for 401
challenge-based authentication.
Note, this does not cover form-based
authentication where a user would
enter a username/password combination into a standard web form. Often internal systems
run with self-signed certificates, you can now use this monitor against web pages running
self-signed certificates. If you have SSL certificate errors on your webpage, like you may
find on internal websites, an actual user may choose to ignore those errors and continue to
the page. The HTTP Content Monitor supports an option to ignore SSL Certificate errors,
just as a user may do, so you can monitor web pages behind any of your SSL certificates,
regardless of their validity.
You can also choose to have the monitor fail if a specified string is found, which is useful for
detecting specific error messages. Lastly, the monitor can be created more generically with
the use of a %device.hostname variable, so you can create one monitor for use against
multiple servers, such as mirrored sites. This monitor supports string matching with regular
expressions, so you can set up robust search criteria.
44
Provide a unique name and description for the monitor, then configure the following:
• Use in rescan. Enable this option to have the monitor appear in Device Properties.
If enabled, clicking Rescan Device from the device management actions menu
within the Device Properties interface adds the monitor to the selected device if
the applicable protocol or service is active on that device.
• Timeout. Enter the length of time WhatsUp Gold attempts to connect to the
selected device. When the specified time is exceeded without connecting, a
timeout occurs and WhatsUp Gold stops trying to connect to the server. This is
considered a failed connection.
• Monitor webpage content. Click Edit content to specify the location to check for
HTTP content. The URL must begin with a proper URI, such as http:// or https://.
The URL can include the full path to the document including the document's file
name and any query string parameters. For example,
http://www.example.com/reports.htm?ReportID=100. Please note, this field
supports the use of the following percent variables: %Device.HostName and
%Device.Address. Configure the following additional settings for the URL:
o Use authentication mechanism. Enable and select Basic, Negotiate, or
NTLM. If None is selected, WhatsUp Gold will not attempt to authenticate.
Negotiate is recommended for Windows-based system. When this option
is enabled You must also provide a valid username and password.
o Proxy server. If the specified content is behind a proxy server, enter the
IP address of the proxy server.
o Proxy port. Port on which the proxy server listens.
o Ignore Certificate Errors. Enable this checkbox to force WhatsUp Gold to
disregard any certificate errors.
o User agent. Select a browser from the list. The user agent string identifies
which web browser is making an HTTP request. Use this feature to imitate
your website being visited by various browsers. The user agent from the
latest version of the browser is populated for the browser you select.
o Custom headers. Click the add icon to specify up to three headers for
which you want to check.
Important: Errors can result when using invalid custom headers or
when modifying headers which do not allow modification, such as the
HTTP Host header. Click Request URL contents in the monitor
configuration interface to test custom headers. If a problem with the
header exists, WhatsUp Gold displays an error message. For example, the message
"An error occurred with the requested website. Error: The 'Host' header cannot be
modified directly. Parameter name: name." indicates the user entered
Host:myhost.com as a custom header when the Host header cannot be modified.
• Search for content. Content to search for on the specified website as either Plain
text or a Regular expression. Please note, this monitor uses standard regular
expression processing as supported by the .NET framework.
45
Important: Depending on your individual monitor and/or application settings,
the HTTP Content active monitor may not recognize HTML tags entered in
the Web page content to find field. If you experience this behavior, you can
troubleshoot using several methods. First, you can simply remove any HTML tags from
your search content. Second, you can launch the WhatsUp Gold admin console and
disable FIPS mode as enabling this feature causes WhatsUp Gold to add a space within
each HTML tag to ensure a more secure networking environment. Third, you can
enable the Use regular expression option.
• Monitor state if content not found. Select the state WhatsUp Gold should report for the
monitor in the event the specified content was not found.
Example Content URLs
To check content for the default page of a newly installed IIS server:
http://my-device/iisstart.htm
—where my-device is the hostname or IP address where a fresh instance of IIS is running.
To see how the HTTP Content monitor works, you can test it against one of the example
documentation pages hosted by the Internet Assigned Numbers Authority (IANA):
http://www.example.com
Active Script
The Active Script monitor allows you write either VBScript or JScript code to
perform specific customized checks on a device. If the script returns an error
code, the monitor is considered Down. Example scripts are in the Appendix.
• Use in rescan. Enable this option to have the monitor appear in Device
Properties. If enabled, clicking Rescan Device from the device management
actions menu within the Device Properties interface adds the monitor to the
selected device if the applicable protocol or service is active on that device.
• Execution Model. Use the drop-down control provided to indicate if the script
will utilize a direct data access or isolated process execution model.
o Direct Data Access execution model
 Allows direct database access via Context.GetDB
 Script failures may cause the Poller Engine to crash
o Isolated Process execution model
 No access to the WUG database
 Variables can still be passed to the script
 Poller Engine is protected from dangerous scripts
46
• Script text. Select either VBScript or JScript, then enter the actual script code for
the monitor to run.
To set the result in WhatsUp gold use the command Context.SetResult.

The format is Context.SetResult(0, Comment); 0 for Success (up) 1 for
failure (down)
REST API Monitor

The REST API Active Monitor allows you to monitor any REST API that supports
anonymous and basic authentication. It also allows you to validate the JSON
Response with JSONPath Queries.
• Use in rescan. This option indicates to WhatsUp Gold that it should attempt to
apply this active monitor when Discovery detects any new conditions that warrant
it.
• Timeout. Enter the amount of time WhatsUp Gold waits for the REST API to
respond before terminating the connection and returning the timeout error. The
minimum allowed value is 1 second and the maximum allowed value is 120.
• REST API
o Edit Custom Headers. Enter up to ten custom headers required to access
the REST API endpoint. A default Accept header is provided and is
specified as application/json.
Note: For monitoring a Progress Application Server for OpenEdge
OEManager REST API endpoint, the Accept header must be set to
application/vnd.progress+json or */*.
o REST API URL. The URL for the REST API endpoint that you want to
monitor.
Note: Reference variables (also called Percent variables) for System
(%System), Device (%Device), and Application (%Application) are
supported in the REST API URL. For more information, see Percent
Variables.
o Method. Select a supported HTTP method for the REST API endpoint.
Currently, only the GET method is supported.
o Ignore Certificate Errors. Enable this checkbox to force WhatsUp Gold to
o Use anonymous access. If the REST API endpoint does not require
authentication, check this box.
• Down Condition. The monitor will report as down if any of the HTTP response
codes listed is returned. You can control which response codes indicate that the
monitor is down, and you can also provide a JSONPath Query along with
47
conditions to indicate if the monitor is down. The monitor can use either a Down
Condition, a JSONPath Query, or both to return a down response.
• JSONPATH Query. Design a logical test for evaluating conditions that the REST
API endpoint returns:
o Select the Add icon to enter a conditional test using the JSONPath Query.
By default, the "No Comparison Set" text appears in-line.
o Double-click inside the JSONPath Query entry, and then select the
magnifying glass logo. This prompts you to enter a REST API Credential if
"Use anonymous access" is not checked. After the REST API Credentials
are verified, the JSONPath Builder window opens.
o Select the endpoint that you want to monitor.
o Build a logical test that represents a down condition for monitoring the
REST API endpoint. Supported value types are Boolean, Number, String,
and Other. The Other data type checks if a value is null. Empty strings are
supported.
48
Critical Services
Email Monitor
The Email monitor checks a mail server by first sending the server an email via SMTP. The
monitor then attempts to delete previously sent emails using either POP3 or IMAP. If any
step in the process fails, then the monitored is considered Down.
The email monitor supports encryption with SSL/TLS and SMTP Authentication
which ensures that the monitor sends emails to a secure email account.
You must use a separate email account for every email monitor created. Failure to
do so will result in false negatives. For example, if you want to check both IMAP
and POP3 on the same server, and create two instances of the monitor, one
configured with POP3 and one with IMAP, you must use two separate email
accounts. Otherwise, one monitor deletes all emails previously sent from both
instances of the monitor and incorrectly reports the mail server as Down.
Outgoing mail
• SMTP server. Enter the address of the server on which SMTP is running. Use the
default, %Device.Address, to use the device IP address on which the monitor is
attached.
• Port. Enter the port on which the SMTP service is listening. The standard SMTP
port is 25.
• Email to. Enter the address to which the Email Monitor sends email.
• Email from. Enter the address you want listed as "From" in the email sent by the
Email Monitor.
Incoming mail
• Mail server. Enter the address of the server on which the POP3 or IMAP service is
running.
• Account type. Enter the protocol (POP3 or IMAP) you want the monitor to use to
check for correct email delivery.
• Username. Enter the username of the account in which the monitor uses to log in.
• Password. Enter the password for the account in which the monitor uses to log in.
SMTP Advanced Properties
• SMTP server requires authentication. Enable this option if the specified SMTP
server requires authentication. Please note, this monitor supports CRAM-MD5,
LOGIN and PLAIN authentication methods. The authentication method is not
configurable. It is negotiated with the SMTP server automatically using the
strongest mutually supported authentication method.
• Username. Enter the username to be used for SMTP authentication.
• Password. Enter the password to be used for SMTP authentication.
49
• Use an encrypted connection (SSL/TLS). Enable this option to encrypt SMTP
traffic if your SMTP server supports encrypting data over a TLS connection.
Please note, WhatsUp Gold only supports explicit SSL sessions negotiated using
the STARTTLS command for SMTP connections.
POP3 advanced properties
• Port. Enter the port number where the POP3 or IMAP server listens.
• Use an encrypted connection. Enable this option to connect to a POP3 or IMAP
server in an encrypted mode. Select one of the following encryption methods:
• Use implicit SSL. Select this option to login to your POP3 or IMAP server in an
encrypted mode.
• Use SSL with STLS. Select this option to login to your POP3 or IMAP server in an
unencrypted mode, and then switch to a TLS connection by sending STARTTLS or
STLS command to the server
Important: WhatsUp Gold only supports clear text authentication for retrieving
mail. To protect your username and password when retrieving mail, you must
use an SSL encryption method. When connecting using STARTTLS, the
connection is encrypted before any authentication information is sent or any
mail is retrieved.
Note: If your IMAP server is configured to move the test message sent by the
monitor to any folder other than the Inbox, the monitor fails. WhatsUp Gold only
detects messages in the Inbox folder on an IMAP server.
DNS
The Domain Name Server (DNS)
monitor sends UDP DNS queries to a
device and verifies it receives a valid
response. If a response is not
received, the monitor is considered
Down. If the DNS response contains
multiple responses, the monitor
compares each against the validation
pattern. If no matches are found, the
50
• DNS Server. By default, the DNS active monitor queries the device to which the
monitor is assigned. Enter an alternate IP address to force the monitor to query a
different device. Please note, you can also use the %Device.Address percent
variable in this configuration field though no other percent variables are
supported.
• Domain Name. By default, the DNS active monitor performs a reverse DNS lookup
using 1.0.0.127.in-addr.arpa. Enter an alternate name to force the
monitor to query a different domain or subdomain.
• Type. Select the type of DNS record for the monitor to query. The default type is
Pointer Record.
• Validation Pattern. Enter an IP Address or regular expression pattern against
which to check the DNS monitor query results.
SQL Server Monitor

The SQL Server monitor provides real-time information about the state and health of
Microsoft SQL Server applications on your
network. This monitor supports monitoring of
Microsoft SQL Server 2000, and MSDE 2000
or later versions, which can be installed on
any machine in your network.
WhatsUp Gold can monitor and report the
status of the standard services associated
with TCP/IP servers, such as SMTP, POP3,
and IMAP, FTP, HTTP. If fail, users are unable
to get mail, transfer files, or use the web. It is
a good practice to set up monitoring on these
services, so you are the first to know if they
fail. The SQL Server monitor extends
monitoring to parameters reported by
Microsoft SQL Server (and Microsoft MSDE),
allowing you to get an early warning of a
degradation in performance. For example,
you can monitor system parameters on your SQL Server database server to see if
performance is within an expected range, and if not, you can intervene before the SQL
Server fails.
51
• SQL Server Instance Name. Enter the name of the database to monitor.
• Thresholds to monitor. Enable monitoring for specific parameters by selecting the
respective checkboxes.
• Configure. Click to specify values for the selected parameter.
• Services to monitor. Enable monitoring for specific services by selecting the
respective checkboxes.
Please note, to create custom parameters to monitor, the SQL Server host must be WMI-
enabled.
FTP
The FTP monitor performs upload, download, and delete tasks on designated FTP servers
to ensure they are functioning properly.
You can configure a single monitor to
perform all three tasks. However, if any one
of the tasks fails, the entire monitor is
considered Down. We recommend creating
a separate FTP monitor for each FTP
server you are monitoring unless the same
username and password are used for each
of the servers.
Provide a unique name and description for
the monitor, then configure the following:
• Use in rescan. Enable this option to

have the monitor appear in Device
Properties. If enabled, clicking Rescan
Device from the device management
actions menu within the Device Properties
interface adds the monitor to the selected device if the applicable protocol or
service is active on that device.
Server settings
• FTP Server. Enter the device address of the FTP server for which the FTP monitor
is configured and on which the monitor performs associated tasks.
• Port. Enter the port the monitor should use to communicate with the FTP server.
• Username. Enter the username used to access the FTP server for which the
monitor is configured.
52
• Password. Enter the password used to access the FTP server for which the
monitor is configured.
Important: Specify a username and password for an account with the
appropriate user permissions for the file actions you select. To upload files to
the server, the account must have write permissions. To download files from
the server, the account must have read permissions. And, to delete files from
the server, the account must have delete permissions.
• Use Passive Mode. Enable this option to use passive (PASV) mode rather than
active mode when attempting to connect to the FTP server and to perform the
subsequent tasks.
Monitor file actions
• Upload. Enable this option to have the active monitor upload a file to the
designated FTP server.
Please note, this option must be enabled to use the Download and/or Delete tasks.
• Download. Enable this option to have the active monitor download a file from the
• Delete. Enable this option to have the active monitor delete a file from the
Ping
Ping monitor sends an ICMP (ping) command to a device. This is the default monitor added
to all devices during discovery. If
the device does not respond, the
Provide a unique name and
description for the monitor, then
configure the following:
• Use in rescan. Enable this

option to have the monitor
appear in Device
Properties. If enabled,
clicking Rescan Device
from the device
management actions
menu within the Device Properties interface adds the monitor to the selected
device if the applicable protocol or service is active on that device.
53
• Retries. Enter the number of times WhatsUp Gold attempts to send the command
before the device is considered Down.
• Payload size. Enter the length in bytes of each packet sent by the ping command.
If getting multiple false negatives create a second ping with:

Timeout = 1 Retries=3-5 Use in rescan=unchecked
Network Statistics
The Network Statistics monitor uses Simple Network Management Protocol (SNMP) to
query a device to collect data on three device protocols, Internet Protocol (IP),
Transmission Control
Protocol (TCP), and User
Datagram Protocol (UDP)
and alerts you when
configured thresholds are
met or exceeded.
description for the monitor,
then configure the following:
• Use in rescan. Enable

this option to have the
monitor appear in Device
Properties. If enabled,
clicking Refresh Connectivity
within the Device Properties
interface adds the monitor to
the selected device if the applicable protocol or service is active on that device.
• Retries. Enter the number of times WhatsUp Gold attempts to send the command
before the device is considered Down.
• Thresholds to monitor. Select the IP, TCP, and/or UDP thresholds to monitor.
Click on any individual threshold to highlight it, then click Configure to specify
Down conditions for the selected threshold.
Tip: When configuring a threshold, it is helpful to copy the OID from the parameter
description listed on this dialog after you select a parameter. Paste this OID into the Object
ID box in the SNMP MIB Walker (ANALYZE > Tools > SNMP MIB Walker), then click Walk.
After the walk scan is complete, note the value listed. Perform several more walk scans,
noting the value after each scan completes. These values illustrate how much this
particular value may change over the course of several queries. Use these values as
54
guidelines when configuring a threshold for the Network Statistics Monitor. You can also
use the monitor Test function as an alternative to the SNMP MIB walker.
55
Network Management and Instrumentation
SNMP
The Simple Network Management Protocol
(SNMP) monitor gathers information about
the functions of an SNMP-enabled network
devices by querying it to verify it returns an
expected value. Depending on the specific
configuration, the monitor can be considered
either Up or Down depending upon the
returned value.
ObjectID/Instance. Select the target device
and required credentials, then select the
specific SNMP object to monitor in the SNMP
MIB Browser.
Check Type. Select one of the following check
types:
• When Constant Value is selected:

o Value. Depending on the
Object ID you selected, enter the appropriate value.
If the value matches, then the monitor is: select Up or Down.
• When Range of Values is selected:
o Low Value. Depending on the Object ID you selected, enter the
appropriate value.
High Value. Depending on the Object ID you selected, enter the
appropriate value.
• When Rate of Change in Value is selected:
o Rate of Change (in variable units per second). Enter the desired value. If
the value is above the rate, then the monitor is: select Up or Down.
56
SNMP Extended
SNMP Extended monitor utilizes
SNMP to gather specific
information about the functions of
multiple OIDs by querying the
group to verify they return an
expected value and allows you to
monitor all devices using SNMP.
While the standard SNMP monitor
checks a single OID against a single
threshold, the SNMP Extended
monitor checks multiple OIDs
against multiple thresholds using
an .xml file and predefined values
for each supported device type to
determine if the monitor is
considered either up or down
according to the returned value.
Import. Click to select the desired .xml file from the list containing applicable OIDs to
monitor, then click OK to return to the monitor configuration dialog. The Thresholds to
monitor section of the dialog displays the OIDs from the imported .xml file as parameters.
Configure. Click to specify the request type for the selected parameter.
Value is. When monitoring for a specific value, determine when the monitor should report
the device as Down by specifying if the response is greater than, less than, equal to, or
contains the entered numeric or string value.
Value is outside the range of. When monitoring a range, enter the minimum and maximum
values the response must fall within for the monitor to report the device as Down.
Rate of change between two polls is. When monitoring for a range of change, determine
when the monitor should report the device as down by specifying if the response is greater
than, less than, or equal to the entered value in seconds.
You can create your own xml files to import. Place the file in the <WhatsUp
Gold install directory>\data\SNMPExtended
57
WMI Monitor
The WMI monitor checks for specific values
on WMI-enabled devices. Monitored metrics
include systems resources like CPU, disk, and
memory utilization, as well as specific process
performance counters.
Performance Counter/Instance. Select the
target device, performance object, counter,
and instance to monitor.
Check Type. Select one of the following
check types:

o Value. Depending on the performance counter selected, enter the
appropriate value.
o If the value matches, then the monitor is: select Up or Down.
o Low Value. Depending on the performance counter selected, enter the
appropriate value.
o High Value. Depending on the performance counter selected, enter the
appropriate value.
o Rate of Change (in variable units per second). Enter the desired value.
o If the value is above the rate, then the monitor is: select Up or Down.
WMI Formatted Monitor

The WMI Formatted monitor checks
for specific values on WMI-enabled
devices. Monitored metrics include
systems resources like CPU, disk, and
memory utilization, as well as specific
process performance counters. While
like the WMI monitor that uses raw
data, the WMI Formatted active
monitor uses calculated counter data.
The difference between the WMI and
WMI formatted monitor is the
formatted monitor will be rounded,
instead of using a floating-point
decimal. It may also be in Gigabyte or
Megabyte instead of byte
Performance Counter/Instance. Select the target device, performance object, counter, and
instance to monitor.
58
Check Type. Select one of the following check types:

o Value. Depending on the performance counter selected, enter the
appropriate value.
o If the value matches, then the monitor is: select Up or Down.
o Low Value. Depending on the performance counter selected, enter the
appropriate value.
o High Value. Depending on the performance counter selected, enter the
appropriate value.
o Rate of Change (in variable units per second). Enter the desired value.
o If the value is above the rate, then the monitor is: select Up or Down.
BGP Peer Status

The Border Gateway Protocol (BGP) Peer
Status active monitor checks the status of
the connections between a router using BGP
protocol and its Internet Service Provider
(ISP) device peers. When the monitored
router detects any device, peer is not fully
connected, WhatsUp Gold reports the
monitor is Down.
When viewed on the State Change Timeline, you'll see detailed information from the router
in the Message column including the IP address of the affected device peer, the current
status of the connection, and the number of transitions recorded at the time the
connection was interrupted or broken.
Possible connection statuses can be found using the SNMP MIB Walker.
The number of transitions refers to how many times the connection intermittently switched
between fully connected and either partially or fully disconnected before remaining in a
disconnected state. For example, if the device peer was fully connected, then fully
disconnected with no intermittent data flow, the number of transitions would be 0. If the
connection went down, then up briefly, then down again before remaining disconnected,
the number of transitions would be 1.
To configure, simply provide a unique name and description for the monitor.
59
TCP/IP
The TCP/IP monitor determines the status
of the TCP/IP service that either does not
appear in the list of standard services or
uses a non-standard port. Basically, this is
a port check monitor.
Provide a unique name and description for
the monitor, then configure the following:
• Use in rescan. Enable this option

to have the monitor appear in
Device Properties. If enabled,
clicking Rescan Device from the
device management actions menu
within the Device Properties
interface adds the monitor to the
selected device if the applicable
protocol or service is active on
that device.
• Network type. Select the network type for the FTP (File Transfer Protocol) service
which is TCP; the network type for the RADIUS (Remote Authentication and Dial-
In User Service) service is UDP; the HTTPS monitor uses the SSL type.
• Port number. Enter the TCP or UDP port that you want to monitor.
• Script. You create a script using keywords. In general, Script Syntax is
Command=String. The command is either Send, Expect, SimpleExpect, or Flow
Control. (Appendix A - Keywords)
o Click RegExp builder to open the Rules Expression editor if desired. Any
text placed in the Expression box, appends to the end of the script as an
Expect expression.
60
WhatsUp Gold is installed with the following types of TCP/IP monitors already configured.
• Echo. Checks to make sure an Echo server is running on the assigned port.
• FTP. Checks to make sure an FTP server is running on the assigned port.
• HTTP. Checks to make sure an HTTP server is running on the assigned port.
• HTTPS. Checks to make sure the Secure HTTP server is running on the assigned
port.
• IMAP4. Checks to make sure an IMAP4 server is running on the assigned port.
• NNTP. Checks to make sure a NNTP server is running on the assigned port.
• POP3. Checks to make sure a POP3 mail server is running on the assigned port.
• Radius. Checks to make sure a Radius server is running on the assigned port.
SMTP. Checks to make sure a SMTP mail server is running on the assigned port.
• Time. Checks to make sure a Time server is running on the assigned port.
WhatsUp Gold knows the proper connecting commands for checking the
standard services listed on the Services dialog, but to monitor a custom service,
you may want to specify the commands
to send to the service and the responses
to expect from the service for WhatsUp
Gold to consider the service UP. You
need to determine the proper command
strings to expect and send for a custom
service.
• You can use a rule expression to

test a string of text for patterns.
• Enter an expression in the
Expression box. Use the , Match
case, and Invert result options
above the Expression box to help
build the expression.
• In the Comparison text box, enter
text to test compare against the
Using the Rules Expression Editor
expression you built in the
Expression box.
• Click Test to compare the expression against potential payloads you can receive.
After creating and testing the expression, click OK to insert the string into the Match on
box.
You create a script using keywords. In general, Script Syntax is Command=String. The
command is either Send, Expect, SimpleExpect, or Flow Control.
61
File System and Storage
File Properties Monitor
The File Properties monitor checks to see if a file in a local folder or on a network share
meets the conditions specified in the
monitor's configuration. This monitor
supports percent variables
(%Device.Address or
%Device.HostName) allowing you to
use a macro for applying multiple
devices to a monitor.
Note: The File Properties
monitor only checks files in
folders local to a device on which
WhatsUp Gold is installed or files
in network shares accessible from the
WhatsUp Gold device.

description for the monitor, then
configure the following:
• File path. Enter the Universal Naming Convention (UNC) file path that WhatsUp
Gold uses to access the file. For example: \\192.168.3.1\website\product\index.htm
for a file on a single device. If you provide the value for File size, File checksum
using, or File modified within options, you can also use percent variables for the
path of the file to monitor. For example,
\\%Device.Address\website\product\index.htm or
\\%Device.HostName\website\product\index.htm for a file located on multiple
machines with the same file path name. Please note, mapped drive paths are not
permitted.
• File does NOT exist. Enable this option if the file does not exist for the monitor to
report as Up.
• File exists. Enable this option if the file does exist for the monitor to report as Up.
• File size. Enable this option to determine the success or failure of the monitor scan
based on the size of the specified file.
• File last modified. Enable this option to determine the success or failure of the
monitor scan based on the date on which the file was last modified.
• File checksum using. Enable this option to determine the success or failure of the
monitor scan based on the file's checksum and specified algorithm used to
calculate the checksum.
Warning: Selecting this option can greatly increase the amount of time it takes to
complete the monitor scan and degrade or lag WhatsUp Gold performance. The
probability of lengthy monitor scans and slower performance increases when you
use algorithms other than SHA1 when you are scanning large files or when you scan files
located on network shares.
• File. Enable this option to specify if the file has or has not been modified within the
selected interval for the monitor to report as Up.
62
Folder Monitor
The Folder monitor uses the Windows credentials assigned to the device to determine if a
local or network share folder meets the conditions specified in the monitor configuration.
This monitor supports percent variables
(%Device.Address or %Device.HostName),
allowing you to use a macro for applying
multiple devices to a monitor. If the target
folder or directory contents change during
a poll, the change is ignored and is not
counted toward folder/file size specified in
the monitor configuration.
Note: The Folder monitor only checks
files in folders local to a device on
which WhatsUp Gold is installed or
files in network shares accessible from the
WhatsUp Gold device.
• Folder path. Enter the Universal Naming Convention (UNC) path that WhatsUp
Gold uses to access the folder. For example: \\192.168.3.1\website\product for a
folder on a single device. If you provide the value for File size, File checksum using,
or File modified within options, you can also use percent variables for the path of
the folder to monitor. For example, \\%Device.Address\website\product or
\\%Device.HostName\website\product for a folder located on multiple machines
with the same folder path name. Enable Include sub-folders to scan folders under
the selection for the specified content.
Warning: Selecting this option can greatly increase the amount of time it takes to
complete the monitor scan and possibly have an adverse effect on WhatsUp Gold
performance.
• All files. Select this option to configure the monitor to scan all accessible files.
• Files with matching names following wildcard expression. Select this option to
specify a wildcard expression WhatsUp Gold should use to determine which files to
scan. For example, enter *.exe to check for executable (.exe) files in the selected
folder. Please note, this option only works using a single wildcard expression. If
multiple expressions are entered in this field, the monitor reads the entry as one
wildcard expression.
Warning: When enabled, this option can significantly slow performance
dependent on the wildcard expression specified. The probability of slower
performance increases when this option is used in conjunction with the Include
sub-folders option.
• Folder does NOT exist. Enable this option if the folder does not exist for the
monitor to report as Up.
63
• Folder exists. Enable this option if the folder exists for the monitor to report as
Up.
• Actual folder size. Enable this option to determine the success or failure of the
monitor scan based on the actual size of the specified folder.
• Folder size on disk. Enable this option to determine the success or failure of the
monitor scan based on the size of the specified folder as it resides on disk.
• Number of files. Enable this option to determine the success or failure of the
monitor scan based on the number of files within specified folder.
Storage monitors
The features described in this section are included in Total and Total Plus. It will monitor
NetApp FAS series, Dell EMC Unity, and Dell Compellent storage. Dell EMC storage does
not support SNMP only SMI-S credentials. To successfully monitor NetApp FAS series
storage devices using WhatsUp Gold, you must install the Data ONTAP SMI-S agent. The
Agent is required for monitoring volume statistical data and must be installed on a machine
that can communicate with both WhatsUp Gold and the storage device or devices being
monitored.
Use the following procedure to install the agent:

1. Download the Data ONTAP SMI-S Agent executable file from NetApp. For detailed
information such as prerequisites, supported operating systems, versions, refer to
http://support.netapp.com.
2. Ensure you are logged in using the local Administrator account, then install the
SMI-S Agent.
3. Reboot the machine on which the SMI-S Agent was installed.
4. Open a command line, then run the following command to ensure the 'cimserver'
has started running:
-smis cimserver status: If the response indicates it is not running, ensure port
5988/5989 is not use by another program
-ORAccess the list of running services in the Windows Control Panel and start the
Data ONTAP SMI-S Agent service manually, if needed.
5. Launch the Data ONTAP SMI-S Agent program from the Windows Start menu.
6. Open a command line, then create a username and password for the SMI-S Agent
by running the following command:
-cimuser-a –u <username> -w<password>
The user created using this command must match an existing local Windows
user account. Additionally, when creating the credential in WhatsUp Gold,
enter the password created using this command rather than the password
for the local Windows user account.
7. Set the cache refresh rate interval time by creating a system variable named:
CACHE_REFRESH_SEC
The Data ONTAP SMI-S Agent uses a default collection interval of 5

minutes. It’s recommended setting the cache refresh rate interval to match
the interval set for disk utilization data collection in WhatsUp Gold
64
8. Prior to connecting the Agent to the SVM, launch a web browser and log in to
OnCommand System Manager.
9. Select the Network Interfaces tab.
10. Right-click the interface assigned to the SVM.
11. Select Enable Management Access.
12. Click Save.
13. Navigate to Configuration > Security > Users for the specific SVM in the
hierarchy at left.
14. Ensure the vsadmin user is present, unlocked, and sshd and ontapi are enabled.
15. Add the SVM to the SMI-S Agent by running the following command:
smis add <SVM IP address> vsadmin or smis addsecure <SVM IP address> vsadmin
to configure SMI-S to use HTTPS instead of HTTP
16. Ensure the SVM was successfully added by running the following command: smis
list
17. Repeat the two previous steps to add each SVM you want to monitor.
SMIS
The SMI-S monitor determines if the selected storage device is operational. The
success or failure of the monitor is dependent upon values returned by the
device that can be interpreted by WhatsUp Gold as up or down. This is used
with EMC/Dell EMC and NetApp Storage.
Storage Controller Health monitor
Storage Controller Health monitor uses SNMP to communicate with and
determine if a node within the selected storage device is operational. The
success or failure of the monitor is dependent upon values returned by the
device that can be interpreted by WhatsUp Gold as up or down.
To configure, simply provide a unique name and description for the monitor. Click
Advanced to set the SNMP timeout and number of retries as well as enable Use in Rescan if
desired.
Storage Disk Drives
The Storage Disk Drives monitor determines if the selected storage device is
operational. It is automatically assigned when a storage device is discovered.
The success or failure of the monitor is dependent upon health and operational
status values returned by the device that can be interpreted by WhatsUp Gold
as up or down. To configure, simply provide a unique name and description for the monitor.
Storage File System
The Storage File System monitor determines if the selected storage device is
65
Storage LUN
The Storage LUN monitor determines if the selected storage device is
Storage Pool
The Storage Pool monitor determines if the selected storage device is
66
Cloud-Based Resources
Cloud Resource Monitor
Cloud Resource Monitor determines if the selected cloud load balancer or cloud instance is
available. This is useful for tracking service level for applications running in the
cloud, tracking uptime, and monitoring health of managed infrastructure when
your network or datacenter resources extend to the cloud.
The monitor can be used to determine availability for:
• Amazon Web Service Elastic Load Balancing service

• Amazon Elastic Compute Cloud (EC2) instances
• Azure Resource Manager load balancers
• Azure Resource Manager virtual machines
The success or failure of the monitor is dependent upon health and operational status
values returned by the device that can be interpreted by WhatsUp Gold as up or down.
Before you apply this monitor to a device, the device must have valid AWS or Azure
credentials assigned (depending on the cloud service being utilized).
Meraki Device Status Active Monitor

Meraki Device Status Active Monitor retrieves the status of Meraki devices both online and
offline using an API call to the Meraki user dashboard. This monitor is added to
all Meraki Cloud devices by default added discovery. If the Meraki API returns
a status of "offline" to WhatsUp Gold, the monitor is considered Down. Simply
provide a unique name and description for the monitor to complete
configuration.
67
Passive Monitors
Passive monitors are responsible for listening for device events. Whereas active monitors
poll devices for data, passive monitors passively listen for device events. Because passive
monitors do not poll devices, they use less network bandwidth than active monitors.
Passive monitors are useful because they gather information that goes beyond simple Up
or Down by listening for a variety of events.
Although passive monitors are useful, you should not rely on them solely to monitor a
device or service—passive monitors should be used in conjunction with active monitors.
When used together, active and passive monitors make up a powerful and crucial
component of 360-degree network management.
Passive Monitor types are specific configurations of SNMP traps, Windows Log Events, or
Syslog Events. Though you can create any of these three types of passive monitors, SNMP
traps are most widely used on network-type devices and Windows Event Logs are used
solely on Windows devices. In all, there are about a dozen Passive Monitors in the default
instance of WhatsUp Gold Premium.
If you want to know when someone with improper credentials tries to access one of your
SNMP-enabled devices, you can assign the default Authentication Failure passive
monitor. The monitor listens for an authentication failure trap on the SNMP device, and
logs these events to the SNMP Trap Log. If you assign an action to the monitor, every
time the authentication failure trap is received, you are notified as soon as it happens.
Listener
A Passive Monitor Listener runs continuously on the WhatsUp Gold server listening for
events to occur. WhatsUp Gold is installed with three Passive Monitor Listeners:
• SNMP Trap Listener. This listens for SNMP traps, or unsolicited SNMP messages,
that are sent from a device to indicate a change in status.
• Syslog Listener. This listens for Syslog messages forwarded from devices
regarding a specific record and/or text within a record.
• Windows Event Log Listener. This listens for any WinEvent; for example, a
service start or stop, or logon failures. It will listen for events in the following logs:
o System
o Security
o Application
Both SNMP Trap and Syslog listeners are not enabled by default and must be enabled
before using SNMP Traps or Syslog passive monitors. You can start the listener under
Settings > System Settings > Passive Monitor listener
68
When an event occurs and is sent to
WhatsUp Gold the appropriate Passive
Monitor Listener first checks the contents of
the event to verify it is an item you have
defined as important and worth collecting.
This is done by checking the event for
specific key words and configuration
information that must match the
configuration of the monitor assigned to the
device in WhatsUp Gold. Then the listener
logs the event, notifies WhatsUp Gold, and
any associated actions assigned to the
passive monitor are fired. If the contents of
the event do not match the configuration of
the passive monitor the event is discarded
and no logging or actions take place.
In the case of Syslog and SNMP Trap passive
monitors you can also choose to accept and
log unsolicited events, which do not require a
matching passive monitor to be assigned to a
device and are stored immediately to the
database upon receipt. Take care when
implementing this option, however, as
collecting too many unsolicited events can
very quickly lead to a large database table.
You can start the listener under Settings > System Settings >
Passive Monitor listener
SNMP Traps
SNMP traps are commonly used on network devices such as routers and switches, as well
as some server-level devices, hardware devices, and appliances. SNMP traps can be
generated for a variety of situations, both for standardized events like an interface going
down and for more specialized situations like a period of high CPU utilization.
Most devices can be configured to send this data to up to two separate IP addresses using
the default UDP data port of 162, or to a non-standard port number of your choice. To
receive these events in WhatsUp Gold you must have the SNMP Trap Listener running on
the appropriate port, and have the remote device configured to send the trap to the IP
address and port number in use by WhatsUp Gold.
69
You can configure SNMP Traps using 2 different methods:
• Automatically using the Trap Definition Import Tool

• Manually using the Passive monitor Library
Import Tool
The easiest and simplest way to get your SNMP trap passive monitors created is using the
“Trap Definition Tool” found in the Admin console (Tools > Import Trap Definitions). It will
allow you to search for a specific trap you need WhatsUp Gold to listen for, and then import
it into the Passive Monitor library. After you have imported the trap, you can make and
configuration changes to the monitor in the Passive Monitor Library using the Rules
Expression Editor dialog.
Select the trap you want to import and click Import to passive monitor library. If the
Trap already exists in the database, it will not be imported a second time.
The SNMP Trap monitor listens for unsolicited messages from a monitored network device
notifying WhatsUp Gold of a specific event. The monitor can be configured to listen for all
SNMP traps or for only specific types.
70
• Generic Type (Major). Select the SNMP Trap type. Each trap has a generic type
number which is part of the rule determining the matching criteria for an incoming
trap.
• Specific Type (Minor). Enter an integer value from 0 to 4294967296. Please note,
the Generic Type (Major) must be set to Enterprise Specific.
• Enterprise/OID. Select the desired object identifier (OID) from the Enterprise
section of the MIB. This is the
SNMP enterprise identifier in the
trap, which is used for unique
identification of traps for a
particular application. If you
specify the OID in this box, then an
incoming trap matches this rule
only if the trap enterprise box
begins with the OID that you have
specified. If you are unsure of the
OID to use, or you do not need to
be specific, you can leave this box
blank and it is ignored. Please note,
this option is only available if Generic Type is set to 6-EnterpriseSpecific.
• Payload. Click Add to launch the Rules Expression Editor to create an expression,
test it, and compare it to potential payloads.
If you have multiple payload "match on" expressions, they are linked by "OR" logic—
not "AND" logic. If you have two expressions, one set to "AB" and the other to "BA",
it matches against a trap containing any of the following: "AB" or "BA" or "ABBA".
71
Syslog
Syslog messages are widely used amongst Unix and Unix-based systems as well as
network devices, and even simple devices such as printers and power supplies. Because of
this they are a very popular method of collecting and storing events from multiple device
types into a single depository of data for compliance purposes.
Syslogs are passed to UDP port 514 by default and can make use of varying severity levels
in the content of the event, making
them a handy utility for very
specialized passive monitoring and
alerting. As with SNMP Traps you
will need to start the listener in
WhatsUp under Settings > System
Settings > Passive Monitor listener
Syslog monitor listens for Syslog
messages on the devices to which it
is assigned.
For more information about Syslog
facilities and levels of severity, see RFC5424 (http://tools.ietf.org/html/rfc5424 page 9 for
facilities and page 10 for levels of severity).
Click Add to launch the Rules Expression Editor to create an expression, test it, and
compare it to potential payloads.
If you define multiple payload Match On expressions, each expression is

considered individually (think "or" operator).
72
Windows Event
Windows devices make use of event logs to store and track information, warning, and error
events logged by the local operating
system. These event logs can also be
monitored from a remote location,
allowing a network administrator to
browse the Windows Event Logs on a
remote server on their network.
Windows events include many different
parameters in a single event, including
an event ID, description, type, and
source.
Windows Event Log passive monitors
in WhatsUp Gold make use of these
parameters by allowing you to
configure collection of events that
meet a certain criterion, such as events
of a Warning type that come from a specific Source, or collecting all events that share a
common Event ID. Once this configuration is set in a passive monitor and the monitor is
saved to a device, WhatsUp Gold connects to that remote server and registers for that set
of events on the remote machine. From thereafter, any time the remote device logs an
event that matches your criteria the event is sent to the WhatsUp Gold server and logged
by the Windows Event Log Listener. Unlike SNMP Traps and Syslogs the listener is already
started.
As a best practice, we recommend keeping conditions simple by opting for
multiple Passive Monitors over complex sets of conditions. When complex
conditions are unavoidable, we recommend grouping all OR conditions
together at the beginning of the set of conditions, followed by the ANDs
The Windows Event Log monitor uses WMI authentication to listen for Windows events on
the devices to which it is assigned. To use multiple Windows Event Log monitors, assign a
unique monitor to each device. When assigning a Windows Event Log monitor, ensure the
device has credentials assigned to it first.
Condition. Enter a list of conditions to match. Only log entries matching these expressions
are converted to events. Conditions are processed sequentially from top to bottom. As
each condition is evaluated, its results are applied to the next condition until all conditions
are evaluated. For complex sets of conditions involving both ANDs and ORs, this serial logic
may produce different results than intended.
Click Edit to add or edit a condition or Clear to remove a condition from the box
Match On. Click Add to launch the Rules Expression Editor to create an expression, test it,
and compare it to potential payloads.
73
Performance Monitors
Performance Monitors are responsible for gathering data about the performance of the
devices running on your network for long-term analysis and reporting purposes. There are
many components that can be collected with performance monitors; for example, CPU and
memory utilization. This data is collected and stored in raw format and is then used to
create reports that trend utilization and availability of these device components over time.
A selection of performance monitors is available in a fresh installation of WhatsUp Gold,

making use of SNMP and ICMP to collect common performance statistics from a variety of
device types. Additionally, you can create custom performance monitors to track
performance metrics for APC UPS devices and Printers, as well as create custom monitors
based on Active Script, SNMP, SSH, and WMI to query performance counters on any type
of device. All NEW discovered devices will use WMI by default for windows devices; if
currently monitored will still run SNMP.
Performance monitors are added to individual devices through the Device Properties
dialog. You can add:
• Default Performance Monitors

• Device-specific (Custom) Performance Monitors
o Hardware
o Application/OS
o Network Management and Instrumentation
o Disk I/O and Throughput
Default Monitors
There are five default performance
monitors to track device performance
by checking and reporting on device
resources. These monitors are:
• CPU utilization
• Disk utilization
• Interface utilization
• Memory utilization
• Ping Latency and Availability
Each of these default performance

monitors includes a specialized set of
reports and utilities geared towards
getting up and running with
performance reporting very quickly. By simply selecting these monitors for collection on
your devices you can immediately make use of these built-in utilities, giving you the ability
74
to track long-term performance on your network with almost no setup or configuration
required.
The five default performance monitors cannot be edited, copied or deleted.
The default performance monitors will use either SNMP or WMI, depending on the
credential applied to the device, to connect, apply, and verify device performance.
Custom Monitors
In Addition to the default custom monitors you can create custom monitors to track
specific performance metric. The additional monitors can be split into 4 categories
Hardware, Application/OS, Network Management and Instrumentation, and Disk I/O and
Throughput. These additional monitors are:
• Hardware
o APC UPS
o Printer Ink/Toner
• Session/OS
o Active Script
o JMX
o PowerShell Scripting
o SQL Query
o SSH
o Windows Performance Counter
o Hyper-V Event Log
o Hyper-V Host VM
• Network Management and Instrumentation
o SNMP
o WMI
o WMI Formatted
• Disk I/O and Throughput
o VMWare Datastore IOPS
o Hyper-V Disk Activity
• Cloud
o Azure Billing
o Azure Performance
o AWS Cloudwatch
75
Hardware
APC UPS
The APC UPS monitor collects statistical output power usage information and graphs APC
UPS power utilization over time. This monitor detects when a monitored UPS
device is close to maximum performance level as well as the time of day
networking devices connected to the UPS device are using the most power
indicating the need to equally distribute the load across several UPS devices.
Only a unique name and description are required to successfully configure this monitor.
Printer Ink/Toner
The Printer Ink/Toner performance monitor uses SNMP to collect current
ink/toner level data from SNMP-enabled network printers. The target printer
must be SNMP-enabled and support the Standard Printer MIB for this monitor
to work properly. Use this monitor to check for potential issues such as low ink
levels. The monitored printer must support the Standard Printer MIB.
Ink/Toner Cartridge. Select the ink/toner cartridge you want to collect ink/toner level data.
Please note, you must create a Printer performance monitor for each color ink/toner
cartridge you want to monitor.
Collection interval. Specify how often data should be collected from the selected toner
cartridge.
Please note, all SNMP objects may or may not be supported by the specific printer being
monitored depending on its manufacturer and model.
Printer Ink/Toner Performance Monitor may only be
created for specific devices only. This monitor cannot
be added to the monitors library.
76
Session/OS
Active Script
Keep in mind that The Active Script Performance monitor enables you to write VBScript and JScript to easily
although you can poll poll one or more SNMP and/or WMI values, perform math or other operations on
multiple values using those values, and graph a single output value. You should only use the Active
the feature, only one Script Performance Monitor when you need to perform calculations on the
value will be stored to polled values.
the database: the
outcome of your The Active Script performance monitor requires one or more of the following credentials:
scripted calculation.
• SNMPv1
• SNMPv2
• SNMPv3
• WMI
Configure the Active Script performance monitor using the following boxes:
• Script type. Select either JSCRIPT or VBSCRIPT.

• Timeout (sec). Enter the length of time WhatsUp Gold attempts to connect to the
selected device. When the time
you enter is exceeded without
connecting, a timeout occurs and
WhatsUp Gold stops trying to
connect to the SMTP server. This
is considered a failed connection.
Please note, the maximum timeout
allowed is 60 seconds. However,
it’s not recommend setting a
timeout that exceeds 10 seconds.
Use the shortest timeout possible.
• Reference variables. Add, Edit, or
Remove SNMP and WMI reference
variables using the respective
buttons on the right of the dialog.
Please note, the use of reference
variables in the Active Script
performance monitor is optional.
For additional information, please see Using Reference Variables with Script
Monitors in the help files.
• Script text. Enter your monitor code.
77
To configure an SNMP Active Script performance
monitor:
• Click Add from the Add Active Script

Performance Monitor dialog to add a new
variable to the Reference variables field. The
Add New Reference Variable dialog appears.
• Enter the appropriate information:
o Variable name. Enter a unique name for
the variable.
o Description. (Optional) Enter a short
description for the variable.
• Select SNMP from the Object type list.
• Click browse (...) next to Instance. The MIB
Browser dialog appears.
• Enter the name or IP address of the computer you are trying to connect to in the
Select counters from computer box.
o You can click browse (...) to select a device from a list.
• Select the SNMP Credential used to connect to the device.
o You can also click browse (...) to access the Credentials Library to create a
new credential.
• Click OK. The SNMP MIB Browser appears.
• Use the navigation tree in the left panel to select the specific MIB you want to
monitor. You can view more information about the property/value at the bottom of
the dialog.
• Click OK to add the OID to the Performance counter and Instance fields in the Add
New Reference Variable dialog.
To configure a WMI Active Script performance monitor:
• Click Add from the Add Active Script Performance Monitor dialog to add a new
The first time that you
variable to the Reference variables field. The Add New Reference Variable dialog
poll a WMI reference
variable that requires appears.
two polls to calculate • Enter the appropriate information:
an average (such as o Variable name. Enter a unique name for the variable.
“Processor\% o Description. (Optional) Enter a short description for the variable.
Processor Time”), it • Select WMI from the Object Type list.
returns “Null.”
• Click browse (...) next to Instance. The Performance Counters dialog appears.
• Enter the Name or IP address of the computer you are trying to connect.
• Select the Windows Credential used to connect to the device.
o You can also click browse (...) to access the Credentials Library to create a
new credential.
• Click OK to connect to the computer.
• Use the performance counter tree to navigate to the Performance Counter you
want to monitor.
• Select the specific Performance Instance you want to monitor.
78
• Click OK to add the variable to the Performance counter field in the Add New
Reference Variable dialog.
* You need to include error handling in your monitor script. Your script either needs a
value to graph by using Context.SetValue, or you must use Context.SetResult to tell
WhatsUp Gold that the script failed.
* Context.GetReferenceVariable will return ‘null’ if the poll fails for any reason.
* If you do not have a call to SetValue or SetResult, the script does not report any errors
and no data is graphed.
* If SetValue is used, it is not necessary to use SetResult, as SetValue implicitly sets
SetResult to 0, or “good.”
* Results from this performance monitor are displayed on Custom Performance
Monitors full and dashboard reports.
* Errors from this performance monitor are displayed in the Performance Monitor Error
log, as well as EventViewer.exe.
JMX
The JMX Performance Monitor allows you to monitor any server that supports
JMX by requesting a single JMX performance counter the server supports and
allows you to easily browse and add available counters to the monitoring list.
• Object Path/Attribute. Select the

target device, domain/path, and
attribute to monitor. See the following
procedure steps for additional details
about selecting the object path and
attribute.
• Port. Enter the port number WhatsUp
Gold should use to communicate with
the JMX object.
• Use SSL. Select this option to use
Secure Socket Layer connection for
communication with the JMX object.
• Click the Browse button (...) to launch the JMX Credentials dialog.
• Enter the IP address or host name of the target device to browse.
• You can also click the Browse button (...) to select a device from the device list.
• Ensure the Port and Use SSL with RMI Registry settings reflect your selections
made in the previous dialog.
• If needed, select an existing JMX credential from the list
• or click the Browse button (...) to access the Credentials Library, then create a new
one.
• Click OK to proceed to the JMX Browser which you can use to select the target
device, domain/path, and attribute to monitor.
79
PowerShell
The PowerShell PowerShell Scripting enables you to create custom performance monitors using
Scripting performance Windows PowerShell.
monitor uses the
Windows credentials to
pull the performance WhatsUp Gold uses the 32-bit (i.e. x86) PowerShell engine. Therefore, only 32-bit
information. PowerShell snap-ins are supported, and 64-bit only snap-ins will not function
properly. Snap-ins usable in both 32-bit and 64-bit operating systems are
configured for 64-bit systems by default and must be manually configured for 32-
bit PowerShell engine to function properly with WhatsUp Gold.
• Timeout (sec.) Duration WhatsUp Gold attempts to connect to the selected

device. This is considered a failed connection.
• Reference variables. Add, edit, or remove SNMP and WMI reference variables
using the respective buttons on the right of the dialog. See steps below to
configure either an SNMP or WMI PowerShell Scripting Performance monitor.
• Run under device credentials. Click to execute the script using the Windows
credentials for the affected device.
• Script text. Enter your monitor code.
The use of reference variables in the PowerShell performance monitor is optional. If you do
use them, you must use Context.GetReferenceVariable, for reference variables to be polled
and their data graphed. Reference variables simplify your scripting code and enable you to
write scripts efficiently, without having
to use a list of device properties, as
with the Script Action and Script Active
Monitor. They manage the underlying
SNMP or WMI mechanisms you would
normally have to manage to access
SNMP or WMI counters on a remote
device.
By using the
Context.GetReferenceVariable (variable
name), you only need to specify the
name of a pre-defined variable.
WhatsUp Gold uses device credentials
and connects to the target device using
SNMP or WMI to retrieve the requested
information. This information is stored
in a variable that you can use later in
your script. For more information, see Using the Context Object with Performance Monitors
in the help files.
80
To monitor a MySQL SQL Query
database, download The SQL Query monitor uses WMI or ADO authentication to determine if specific
and install the MySQL conditions exist in a Microsoft SQL, MySQL, or ORACLE database by querying
.NET Connector on the the database.
WhatsUp Gold
machine. Please note, When connecting to a remote SQL instance, WhatsUp Gold only supports the TCP/IP
only MySQL version network library.
5.2.5 is supported due
to potential
compatibility issues.
MySQL .NET Connector Configure the following setting to create a SQL query monitor:
version 5.2.5 can be
downloaded directly • Server Type. Select Microsoft SQL
from the WhatsUp Gold Server, MySQL, or ORACLE as the
website database server type. Please note,
(http://www.whatsupg MySQL database is supported and
old.com/MySQL525Con
nector).
listed as a server type option only if
the MySQL 5.2.5 Connector is
installed.
• Timeout. Enter the amount of time
WhatsUp Gold waits for the server to
respond before terminating the
connection and returning the timeout
error. The minimum allowed value is 1
second whereas maximum allowed
value is 120. Please note, this setting
only applies to polling whereas the query builder assumes a default of 15 seconds
for the connection timeout.
• Server Address. Enter the server address in the applicable format:
o ServerName\Instance format for Microsoft SQL Server. Example:
WUGServer\SQLEXPRESS
o ServerName for MySQL. Example: WUGServer
o ServerName/ServiceName for Oracle. Example: WUGServer/Oracle.
• Port. Enter the database server port number.
• SQL Query to Run. Enter the query to run against the specified database to check
for certain database conditions.

The SQL query you enter must return a single numeric value. Specifically, a single record
that has just one column. If the query returns more than one record, the monitor fails to
store the data. If the query returns a single record but there are multiple columns in the
record returned, then the monitor will pick the first column as the value to store and this
first column must be numeric, otherwise the monitor will fail to store the data.
81
SSH
The SSH monitor uses SSH authentication to connect to a remote device to execute
commands or scripts which can be either embedded in the monitor or placed as
an executable script file on the remote machine with a command embedded in
the monitor to run the script. Each monitor returns a single numeric value
which is recorded in the database and then used later by other WhatsUp Gold functions as
needed.
• Command to run. Enter the command to run and execute on the remote device.
The command can be anything the device can interpret and run; for example, a
UNIX shell command or a Perl script. Please note, if you create a script to run on
the remote device, it must be developed, tested, and/or debugged on the remote
machine. Select one of the following script options:
o Numeric. The command or script must return a single numeric value. The
script can be as complex as required but MUST only return a numeric
value. For example, old, single-line UNIX-style:
free -m | awk 'NR==2{print $3}'
This is the script format required prior to WhatsUp Gold 16.2.3.
o Shell Interactive. This script is not constrained to only returning single
numeric values; however, the output MUST contain the string
'Result=xxxx' where xxxx represents a numeric value. For example, new
multi-line Linux-style:
echo Result=$(free -m | awk 'NR==2{print $3}')
This newer script format supports all the features of the target script
interpreters without burdening the script developer to limit the output to
a single numeric value.
Note: The Shell Interactive option supports user-defined custom regular
expressions to make it possible for WhatsUp Gold to successfully gather
performance data from some embedded systems including routers,
switches, and Integrated Dell Remote Access Controllers (iDRAC). To
enable this feature when configuring an SSH performance monitor, enable the
Use Custom Regex checkbox when the Shell Interactive option is selected.
Example: Default Regex
Command: <command that outputs the result in the default format>
Output: Result=15
When the default regex is run with this output, it matches on Result=15. The
capturing group considers 15 the result, so that is the value WhatsUp Gold stores
as the result of the poll. The regex inside the capturing group [0-9.,]+ matches on
any one or more 0-9 number, decimal point, and comma, though the value should
only have one decimal or comma in it to be parsed correctly into a number. If the
same regex was run against Result=A33, it would not match. However,
82
Result=33A would match on Result=33 and the capturing group would consider
33 the result.
Example: Custom Regex

To monitor the power usage of a Dell R710 (the specific statistic being
cfgServerPowerLastMinAvg) through the iDRAC management interface using the
following command, "racadm getconfig -g cfgServerPower", enter the following
regular expression. Please note, only the relevant lines of the expression are
included below.
# cfgServerPowerStatus=1
(Snipped)
cfgServerPowerCapEnable=0
# cfgServerPowerLastMinAvg=357 AC W | 1218 Btu/hr
# cfgServerPowerLastHourAvg=359 AC W | 1225 Btu/hr
(Truncated for brevity)
The regular expression used in this example to capture the watt usage average
over the last minute is cfgServerPowerLastMinAvg=([\d]+) which looks for
cfgServerPowerLastMinAvg= followed by one or more digits.The value that
would be returned as the result of the poll is 357 because the [\d]+ is inside a
capturing group (). Note that the regular expression specified MUST include a
capturing group () to return the result of the poll to WhatsUp Gold.
The monitor only consumes the last match it finds in the output. Even if the
command executed returns thousands of results, WhatsUp Gold only records the
last match. Additional information on .Net Default Regular Expression options can
be found here.
In the event WhatsUp Gold fails to find a match when processing the regular
expression against the output returned, the Performance Error Log will contain
the raw output received from the device. You can use this information to address
the issue(s) with the regex pattern specified in the monitor configuration.
• Line end character. Select the appropriate line end type:None, Linefeed, Carriage
return, or Carriage return linefeed. Multiline scripts are entered and persisted on a
Windows operating system and include line-ending characters that may not be
recognized on the target device. This configuration feature instructs WhatsUp
Gold to replace the line-ending characters with the selected characters prior to
connection and command execution.
83
Rest API (performance)
The REST API performance monitor parses JSON-formatted REST API response
data to extract performance metrics. The JSON response from the REST API call
must contain a numeric field that
returns a health-metric for the device, server,
or application.
Provide a unique name and description for the
monitor, then configure the following:
• Timeout. Enter the amount of time

WhatsUp Gold waits for the REST API
to respond before terminating the
connection and returning the timeout
error. The minimum allowed value is 1
second whereas maximum allowed
value is 120
• REST API
o Edit Custom Headers. Enter
up to ten custom headers required to access the REST API endpoint.
o REST API URL. The URL for the REST API endpoint that you want to
monitor.
Note: Reference variables (also called Percent variables) for System
(%System), Device (%Device), and Application (%Application) are supported in
the REST API URL. For more information, see Percent Variables. However, the
expression will evaluate to false if tested with the Verify button. It is
recommended to ensure the REST API returns a valid response before parameterizing
the expression and attaching it to a device.
• Method. Select a supported HTTP method for the REST API endpoint. Currently,
only the GET method is supported.
• Ignore Certificate Errors. Enable this checkbox to force WhatsUp Gold to
• Use anonymous access. If the REST API endpoint does not require authentication,
check this box.
• JSONPATH. Enter the path to the JSON object you want to monitor or use the
JSONPath Builder to ensure you have the correct path to the object you want to
monitor. The JSONPath must refer to a numeric field in the response from the
REST API call.
• JSONPath Builder. After you enter a valid REST API URL endpoint, use the
JSONPath Builder to view the structure of the JSON response and select the
numeric JSON value you want to monitor.
Click Verify to ensure you have entered a valid configuration for the REST API
performance monitor.
84
Network Management and Instrumentation
SNMP
The Simple Network Management Protocol (SNMP) monitor accesses SNMP-
supported network devices and graphs performance output.
• Performance counter/Instance.
Select the target device and
required credentials, then select
the specific SNMP object to
monitor in the SNMP MIB
Browser.
• Plot raw values. Enable this
option to monitor the current
polled value instead of tracking
the rate of change over time. Use
this feature to graph the current
value of the SNMP object
WMI
The WMI performance monitor watches for specific values on Windows Management
Instrumentation (WMI) enabled devices. WMI is a Microsoft Windows standard
for retrieving information from computer systems running Windows and is
installed by default on most Windows operating systems.
• Performance Counter and Instance. Enter the OID and instance in the respective
fields
o Or click browse (...) to access the Performance Counters dialog. The
Performance Counters dialog
appears.
• Use the navigation tree in the left
panel to select the specific
performance counter you want to
monitor. You can view more
information about the property/value
at the bottom of the dialog.
• In the right pane, select the specific
performance instance of the selected counter you want to monitor.
• Click OK to add the appropriate values to the Performance counter and Instance
boxes on the Add WMI Performance Monitor dialog. The Add WMI Performance
Monitor dialog appears.
85
WMI Formatted
Configuring WMI Formatted Counter monitors collects performance data on devices using
the Windows
Management
Instrumentation (WMI)
technology. WMI is Microsoft
Windows standard for retrieving
information Windows platforms.
WMI Formatted Counter

performance monitor uses
calculated counter data.
• Performance Counter and Instance. Enter the OID and instance in the respective
fields
o Or click browse (...) to access the Performance Counters dialog. The
Performance Counters dialog appears.
• Computer name. Name or IP address of the computer you are trying to connect to
and gather instrumentation from.
• Windows Credential. Select a credential to connect to the device you want to
monitor. Click browse (...) if you need to access the Credentials Library.
Add WMI Formatted Performance Monitor Dialog
• Performance Counter. Select the WMI object to monitor.

• Performance Instance. Select the instance of the counter.
• Performance counter and Instance boxes on the Add WMI Formatted
Performance Monitor dialog.
The difference between the WMI and WMI formatted monitors is the formatted
monitor will be rounded, instead of using a floating-point decimal. It may also be in
Gigabyte or Megabyte instead of byte
86
Cloud
AWS CloudWatch
The AWS CloudWatch Performance Monitor allows you to view the
performance statistics Amazon collects about your network resources.
1. Configure the following fields to set

up your AWS CloudWatch
Performance Monitor:
o Name. Enter a unique
name for the monitor. This
name displays in the
Performance Monitor
Library.
o Description. Enter additional information for the monitor. This description
displays next to the monitor name in the Performance Monitor Library.
2. Click Edit to begin selecting specific metrics to monitor.
3. Select your Region and valid AWS
Credential from the respective lists, then
click Connect.
4. Select the AWS Namespace, Metric,
and Statistic from the respective lists under
Choose Metric.
5. Choose an instance set from the list of
Available instance sets under Choose
Instance. Individual instances in the specified
set from which to select for monitoring
appear below.
6. Select an Instance to monitor. Once
loaded, you can click Load data to preview
available instance data.
7. Click Select to return to the
performance monitor configuration dialog.
8. Click Save.
Azure Cloud Billing

The Azure Cloud Billing Monitor gets periodic usage and billing totals
from the Enterprise Azure Management Portal.
Note: This monitor requires (enrollment number/API key). For more information, see
the topic titled Azure Credential.
87
• Name. Enter a unique name for the monitor. This name displays in the
Performance Monitor Library.
• Description. Enter additional
information for the monitor. This
description displays next to the
monitor name in the Performance
Monitor Library.
• Polling Interval. Enter an interval
to fetch the billing total. The
frequency and availability of usage values is determined by Azure.
Azure Cloud Performance

The Azure Cloud Performance Monitor allows you to view the
performance statistics Azure collects about your network resources.
Tip: You can select the cloud resource you want to monitor at configuration time
using the Create Azure Cloud Monitor dialog. For example, if you add an Azure blob
storage or table service to your cloud subscription and want to add a new monitor,
you can create and apply a new monitor directly —no new discovery scan is needed.
1. Configure the following fields to set up your Azure Cloud Performance Monitor:
o Name. Enter a unique
name for the monitor.
This name displays in
the Performance Monitor
Library.
o Description. Enter
additional information
for the monitor. This
description displays next to the monitor name in the Performance Monitor
Library.
2. Click Edit —select an Azure credential from the list, then click OK.
3. Browse for Azure resources associated with this credential and select them for
monitoring. Browse for resources in either of two modes:
88
o Device Context. A device (VMs, for example) managed by the Azure
subscription associated with the current credential. ( show me)
o Subscription. Any resource groups that you granted access to when you
created your API Key, and scope down: ( show me)
 Resource Group
 Resource Type
 Resource
4. Select a Metric. And click Load data to preview current data with the given
Aggregation Type (Average, Total, ...)
5. Click Save to return to the performance monitor configuration dialog.
6. View the summary and click Save to add the monitor.
89
Thresholds
You can set a Threshold on any of your performance monitors and more within Alert
Center. Alert Center has five major types of thresholds available out of the box:
Performance, Passive, System, Wireless, and Network Traffic Analysis. Each category
includes several different thresholds.
Alert Center Performance thresholds notify you about performance monitors that have
exceeded or dropped below threshold limits. These thresholds make use of data collected
by your default and custom performance monitors and saved to the WhatsUp Gold
database.
Alert Center Passive thresholds notify you when passive monitors fall out of the
parameters of the thresholds you configure. This threshold type looks at the passive
monitors that have been logged by the various Passive Monitor Listeners.
Alert Center Network Traffic Analysis thresholds notify you on WhatsUp Gold Network
Traffic Analysis feature aspects that fall out of the parameters of the thresholds you create.
These thresholds make use of standard and custom filters available within Network Traffic
Analysis. Also, you can use the Suspicious Connections Threshold to detect connection or
conversation events that occur with suspicious IP addresses. You can associate threshold
events with pre-configured chains of alert notifications to match your site's policies.
Alert Center System thresholds alert you on aspects of your WhatsUp Gold system
according to the threshold parameters you configure. Virtualization and Configuration
Manager Thresholds are also shown as System thresholds.
Alert Center Wireless thresholds relate to your wireless devices and aspects of these
devices that fall out of threshold, including wireless access point and client data.
90
4
Discovery
Network Discovery
What is a Discovery
Network discovery is the process WhatsUp Gold uses to identify devices on your network.
Network discovery is based on the concept of query and response, where one device will
launch a query, and one or more devices receiving this query will respond, in accordance to
the protocol used. This process scans each device to determine its IP address, host name
and possibly manufacturer, model, running software and services, and displays this
information in WhatsUp Gold’s interface. The various scanning protocols will return
different information.
WhatsUp Gold applies credentials and a sequence of steps to reveal, learn about, and
decide which monitors suit devices on your network. Once a device is discovered, you
choose if you want to manage/monitor the discovered device by promoting it to the My
Network map. Promoted devices count against your license total.
Network discovery scans can uncover device and host attributes, the device’s role within
the network (for example, DNS, SMTP, FTP server), and which other machines on the
network the device shares dependencies or frequent connections/conversations with.
91
Prior to initiating a discovery scan, first ensure your network devices can be discovered and
subsequently identified. WhatsUp Gold attempts to discover devices on your network using
ping (ICMP) and by scanning for open TCP ports. Please check to see if network devices
respond to one or both request types before beginning discovery.
After WhatsUp Gold discovers a device on an IP address, it uses SNMP and/or WMI data on
that device to gather all available information including the manufacturer and model, any
installed components such as fans, CPUs, and hard disks, the operating system, and specific
services (such as HTTP or DNS). Devices should be configured to respond to SNMP
requests whenever possible. Alternatively, WhatsUp Gold can also gather information
about Windows devices using WMI. In most cases, the information available using WMI is
also available using SNMP.
If a firewall exists between WhatsUp Gold and the devices to be discovered or if the
Windows firewall is enabled on the computer where WhatsUp Gold is installed, make
sure the appropriate ports are open to allow WhatsUp Gold to communicate via Ping,
SNMP, and WMI.
From the DISCOVER > New Scan page, select Advanced Setting > Expand scan to any
virtualization environments to control if Hyper-V or VMware hosts or VMs will be included
in the network discovery process.
• VMware. Valid VMware credentials are used. VMware Tools are also required.
• Hyper-V. Hyper-V devices are discovered when valid Windows credentials are
used. Groups and users for passing WMI management objects must be in place.
Host OS Application firewalls must align with default Hyper-V firewall rules
92
Assigned credentials
are used to refresh
Device Roles
device details. If
credentials or other
Roles
configuration details Each device discovered by WhatsUp Gold is assigned both a single primary and multiple
for the device have sub roles based on data gathered from the device during the discovery scan. Roles
changed since the assigned during discovery determine which monitors and attributes are assigned to the
previous refresh, the device automatically, and which actions are available for use. Additionally, role assignments
most appropriate affect what devices and associated icons the map views display when filters are applied as
primary role well as Layer 2 dynamic group membership and may affect certain overlay-specific
determined by behavior such as wireless or virtual.
WhatsUp Gold during
discovery could be
different depending on
what modifications
were made to the
device configuration
since the last time
device details were
refreshed. As a result,
new monitors may also
be applied to match the
updated role.
While WhatsUp Gold determines the most appropriate roles based on information received
from the device itself, you can modify the primary role assignment by clicking Change Role
in Device Properties, then selecting from the list of available roles and descriptions that
appears. The ability to change the primary role and/or sub roles can be beneficial if a
device serves a different purpose or performs multiple functions within your network. That
is, WhatsUp Gold may assign a primary role based on a device’s assumed function when it
is being used for a different reason within your network environment.
You can monitor a wireless infrastructure device that could be potentially be used
as a wireless controller, a router, switch, or similar in which case, it may benefit
you to change its role in WhatsUp Gold to more accurately reflect its actual
function.
If you modify any roles assigned to a device, new monitors are not automatically applied
based on the new roles. However, the monitors associated with the role determined by
WhatsUp Gold during discovery will be reapplied if you:
• Update the device by clicking Update Monitoring from the information card on the
Discovered Network map.
• Request updated information from the device by selecting Refresh Device Details
from the action menu.
93
If you have modified any monitors and/or attributes for the device, performing
these functions neither removes, disables, or re-enables monitors, nor do they
update attributes.
Finally, you may customize the default WhatsUp Gold configuration for device roles or
create new roles based on your specific network monitoring needs using the Device Role
Settings accessible from the WhatsUp Gold console application.
Sub-Roles
Devices in today’s networks support multiple roles per device. For example, a device can be
a virtual and windows server at the same time and have the appropriate monitors applied,
or a wireless LAN controller could also be a switch and DNS server at the same time.
Discovery supports multiple roles (one primary and many secondary roles) for one device
so monitors, maps, and UI components will be able to correctly handle these devices. A
device will always have one primary role and will be identified as such, when WUG
discovers a device that has multiple roles it determines which role is going to be the
primarily through a prioritized set of criteria.
WUG will apply all monitors for both roles and sub-roles that apply to that device. A
network admin will be able to change the primary role of a device that has multiple sub
roles.
Advantages
The biggest advantage of device roles is it reduces the manual configuration of your
devices. You can automatically add all our monitors (active, passive and performance),
during the discovery process. It will also apply an action policy automatically at the device
level. It will also allow you to customize other device properties such as attributes, notes
and more.
94
Configuring
The Device Role Setting are only located in the Admin console, on the WhatsUp Gold
Server. Once in the Admin console Click Tools > Device Role Settings. Here you can
configure each part of your devices. You can customize your device roles with different
percent variables that will try to be discovered and pulled automatically during the
discovery process.
You can see a full list of variables available for discovery by doing a search on the
help files for “Discovery Percent Variables”
Configuration
General Tab
• Device Role: basic information can be configured on this tab.

o Name
o Description
o Notes
• Source: has three possibilities
o Default - Role is preconfigured and is a standard feature in WhatsUp Gold
o Modified - Role is created using a default as a template and is then further
configured by the user
o Custom - Role and its configuration are created entirely by the user
• Weight
o Can be from 100 – 1000
o Used to tip the scale in favor of the role in case one or more roles are
selected during the discovery
o Sets the priority for adding sub roles
• Set as network device
o When on, will consider this a device that handles or directs network traffic
and add the appropriate performance and interface monitors to it.
Scan Rules Tab
• Where you will add the rules that WhatsUp Gold will consider when attempting to
best match a role and sub roles when making assignments to discovered Devices.
Suggested Roles
• (Sub Roles Wizard only) Consider these roles as candidates for the current sub
role definition.
Applied Sub Roles
• This is where you will select which sub roles will be applied to the device.
• Remember, in WhatsUp Gold, a device will be assigned a Single Primary role and
can have multiple sub roles
95
Attribute Tab
• Attributes are free-form name/value pairs that are used to save any kind of
information about a device.
• You can also use the attributes to categorize or tag devices with any label of your
choice, like a maintenance schedule or what building or which server rack the
device is located in.
• You can also include system and host attributes by using the Discovery Percent
variables. The most common discover attributes are included in the device role
template.
• The list of Discovery percent variables is accessible when you add a new attribute
and click on the Discovery Variable List link.
Custom Links Tab
• You will associate any web-browsable resources with the device

• The template has already added the Browse to the web link of the device by using
the URL of HTTP://%Device.UrlAddress
Monitor Tab
• On the monitors tab, you will add all the active, passive, and performance monitors
to your device as you see fit.
• Clicking the Add button, opens the list of all the monitors in your monitors’ library,
check all that you wish to apply and then click ok
• This will add the monitors to the list of monitors to add to the device when
promoting (start monitoring) the device to My Network.
• Each added monitor has options you may select
o Enable the monitor as critical
o And the application rule which has two choices
 Check support first
• Which will check the device to ensure the monitor can be
applied to the device
 Always applied
• Which will apply the monitor to the device if it is
supported by the device or not
Note: The default device roles, most monitors are applied via the sub roles
Action Policy Tab
• (Roles Wizard only) Associate device role(s) with policies that sequence and
bundle next steps for triggered thresholds, observed monitor state changes, and
cascading events.
Tasks Tab
• Associate a Configuration Management Task (configuration backup policy,

configuration audits, group policy, and more) with a role or sub role.
96
New Scans
Start
The discovery scan starts with the identifying information WhatsUp Gold should use to
attempt to discover your devices.
This can include: IP addresses, IP address
ranges, and IP subnets. You have the option
to discover devices using the Gateway IP
and/or local subnet of the server WhatsUp
Gold is installed on.
You may attempt to discover cloud devices
you have control over located in AWS,
Azure, or Cisco Meraki controlled devices.
Please note, if you are attempting to discover any of those
devices, make sure to enable these manufacturer-specific
discovery options.
You may upload a host file containing device information for
use and finally, you may include devices already monitored by
WhatsUp Gold to retrieve updated device information.
Expand
WhatsUp Gold will only attempt to discover devices within the starting settings. If you want
to find devices beyond those selected, you will have to expand the scan. Expand will
expand the scan from the starting set to connected devices. It will expand into your:
Virtualization Environments
Virtualization environments
expands the scan to include
guests and hosts referenced by
each virtualization server for
VMWare or Hyper-V
environments.
WhatsUp Gold supports virtual
hosts and virtual machines
running on the following virtual
environments:
• VMware vCenter Server versions 4.0, 4.1, 5.0, 5.5, 6.0, 6.5, and 6.7
• VMware ESX versions 3.5, 4.0, and 4.1
• VMWare ESXi versions 3.5, 4.0, 5.0, 5.1, 5.5, 6.0, 6.5, and 6.7
• Hyper-V Server 2012
• Hyper-V Server 2012 R2
• Windows Server 2012 (Hyper-V Role enabled)
• Windows Server 2012 R2 (Hyper-V Role enabled)
• Hyper-V 2016 (effective for Service Pack 2)
97
Wireless Infrastructure
Wireless infrastructure expands the scan to include Access Points referenced by each
Wireless LAN Controller (WLC). You may choose to include connected wireless clients
(guests) or not.
Supported wireless environments
Currently, WhatsUp Gold supports the following wireless environments
• Cisco wireless LAN controllers and access points

• Aruba
o Mobility wireless LAN controllers and access points
o Instant Access Point Wireless Devices
• Meru Networks wireless devices
• Ruckus wireless devices
Storage Devices
Storage Devices expands the scan to include devices referenced by each storage
controller or agent. The currently the supported storage environments are:
• NetApp FAS series
• Dell EMC Unity
• Dell Compellent
Seed Address Scan

The Seed Address Scan the seed scan uses network data e.g., route tables, ARP
cache, gathered from the starting set of devices, the “Seeds”, to build lists of new
seed addresses to expand the scan into. Then the scan will gather network data
from those devices to build new seed lists of devices, repeating up to the selected
scan depth is reached. The network data is gathered from the devices to build the
seed lists after credentials are applied during the scan. Note: If no credentials can
be applied to a device then, no network data can be retrieved from devices and the
seed scan can go no further than the original starting set.
Scan Depth
The scan depth allows the user to define how deep, physical hops, into the network the
scan will go. WhatsUp allows a scan depth of 1-6. Setting the scan depth to 1 will scan
for devices that are 1 physical
hop from the seed addresses. So,
if you used a single seed address
it would be everything
connected to that device.
98
A scan depth of 2 would discover all devices that are within 2 physical hops into
the network of all the
seed addresses.
Moving the scan depth

to 2, would allow
WhatsUp Gold to look
for any additional
devices that are within
2 physical hops from
the seed addresses.
Now, increasing the scan depth to 3 would allow WhatsUp Gold to look even further
into your Network, to find further unique devices.
Make sure you do not confuse subnet with Physical Hops.
99
Limit
Because the expand options could possibly expand the scan beyond your network, the
Scan has Limit options. The Limit has two different sections to exclude devices and limit
the scan to a specific scope.
Exclusions
Hidden Devices allows you to exclude the previously discovered devices in the hidden
device list from being scanned.
Exclude Specific IPs, Ranges, or Subnets allows you to exclude single or multiple IP
addresses, IP ranges, and/or
subnets from being
scanned.
Limits
The limit options are used
to define the boundaries
the scan will not go beyond.
Maximum number of
devices Is the number of
complete devices to
discover which is performed after IP addresses are merged into a single device of which
they belong.
Maximum number of IP addresses to try limits the number of IP addresses this scan tries.
Limit to Private Networks limits the scan to only the Industry standard private, non-
routable networks, for example: 10.0.0.0-10.255.255.255, 172.16.0.0-172.31.255.255,
192.168.0.0-192.168.255.255, or fd00::/8.
Limit to monitored subnets limits the scan to only the currently monitored network
subnets.
Single device, multiple devices, IP ranges, or subnets allows you to limit the scan to a
specified IP addresses, ranges, or subnets.
100
Credentials
This will display all credentials contained in the WhatsUp Gold Credentials Library. If you
do not already have any credentials or you need to add any additional credentials, you may
do so by clicking on the Plus icon. You may edit any existing credential by selecting the
credential then clicking on the pencil icon.
There are a couple ways to select the
credentials to use with the discovery.
You may use the “Use all current and
future credentials” check box at the
top. With this option checked, the
discovery will attempt to apply all the
credentials in the Credentials Library
in essentially a random order. The
“future credentials” comes from if you
run the scan again in the future, any
new or changed credentials in the
library will also be used. If you wish
to have the discovery attempt certain
credentials before the rest in the
library, you may set the priority of the credential using the checkboxes in the list. The
priority is set in the order you check them.
The other way is to specify which exact credential(s) you wish to use. You will uncheck
“Use all current and future credentials”, then place a check next to the credential(s) you
want to use. Only the credential(s) with the checkbox checked will be attempted. To
specify an order or priority, you may move them up or down in the list with the list buttons
, or use the arrow keys on your keyboard.
Options
Send email notifications upon completion
of Discovery
Send email notifications upon completion of
Discovery allows the discovery results to be
sent to you with information about the
completed scan.
If you have configured your Email setting
under Settings > System Settings >
Default Email Settings, it will automatically
fill in the appropriate Email settings.
Prefer SNMP SysName as display name

Prefer SNMP SysName as display name uses the SNMP SysName string from the device
name when available.
101
Allow DNS look-up to resolve hostnames from IP
Allow DNS look-up to resolve hostnames from IP allows WhatsUp Gold to use DNS lookups
to resolve the hostnames from the devices’ IP addresses.
Advanced discovery connectivity checks

Ping Only
Ping only is the most basic of the scans. It will not discover devices with ICMP turned off or
with ICMP/Ping blocked by hardware or software firewalls. However, this is the fastest type
of scan.
Ping & Credential Port Connectivity Checks
Ping & Credential Port Connectivity Checks, which is the default scan type, will check for
devices using ping and
ports commonly
associated with
supported credentials.
This option is
recommended as it will
allow more devices to be
discovered than with just
ping alone.
Ping & Port Connectivity Checks
Ping & Port Connectivity Checks uses ping and an extended list of connectivity ports to
discover devices. This option can potentially find the greatest number of devices, however,
causes more network traffic, and needs more time. The ports can be configured in the
DiscoveryService.exe.config file located in the install directory of WhatsUp Gold.
Maximum Threads
Maximum Threads sets how many threads WhatsUp will use to discover your network.
Lowering the number, the longer the discovery will take. Increasing
the threads will decrease the time the scan takes but may increase the
demand for network and other resources. Max threads are
configurable from one up to a maximum value of 512.
102
Timeouts
The Timeout settings allows you set how many
milliseconds before the discovery will give up on
ping, SNMP, and WMI connections on an IP
address before moving on to the next. Ping and
SNMP also have the options to set the number
of retries before giving up. The default settings
for Ping and SNMP are 2000 milliseconds (ms)
and 10,000 ms for WMI. It is recommended up
increase the timeouts for Ping and SNMP to
5000 ms (5 seconds) because network
equipment’s primary job is routing/switching
network traffic and not responding to Ping and
SNMP requests.
103
Schedule
After you have optimized the discovery
settings for your network, you may
schedule it to run periodically. Either
click next or Schedule to go to the
schedule configuration settings. Each
time discovery runs, it detects new
devices on your network and checks for
changes on existing devices to update.
You may also configure email
notifications that distribute information
about the results of the scheduled
discovery.
Once in the Schedule area tab, place a check in the box next to schedule to configure
your settings. The scan may be configured to run Daily, Weekly, Monthly, or a custom
time frame. Under the daily option, it may be configured to run every weekday or recur
every so many days. Weekly allows you to
determine what days of the week it will run,
with the ability to fine tune the scan to run
every so many weeks. Monthly allows the
scan to run on a certain day every so many
months. The last option, custom, lets the
scan to be ran every so many minutes, hours,
or days.
The scan may also be configured to

expire after a certain date, keeping it from running after that date.
104
Review & Run
The last step is to review your settings. This tab allows you to review all the scan settings,
credentials, options, and
schedule of the scan. If you
need to make changes, click
on the pencil icon  to the
right of the applicable
section. This is also where
you may enter a name and a
description for the scan.
There are also three buttons
on the upper right-hand side
of the dialog when you first
arrive on the Review & Run
tab: Back, Save, and Run.
Save
The Save button will save
the scan to the saved scan
settings and close the Discovery Scan Dialog. You must give it a name to be able to save
the scan. It will remind you if you didn’t name it and click the save button.
Run / Save & Run Now
The Run button is displayed when you first arrive at the Review & Run tab of the Discovery
Scan Dialog. Clicking on the run button will start the scan without saving it to
the saved scan settings. The scan will show up in the scan history with the
default name of Discovery.
When you name the scan by typing in the Name text box, the Run button is changed to
Save & Run Now. Clicking the Save & Run Now button will save the
scan to the saved scan settings with the name entered and it also
starts the scan. The scan will show up in the scan history with the name the scan was
saved with.
105
Best Practices of Using Scans
Understand the purpose for the scan
• The simplest scans (such as ping/ARP/Public SNMPv1) run very quick but only
check basic connectivity for the list of target IP addresses you provide. They
validate that an IP address is in use and check that typical ports are active. When it
comes time for you to add monitoring, without knowing more details about the
device, WhatsUp Gold initially adds TCP and ping monitors.
Tip: Windows Firewall and other packet filtering methods can ignore or
block ping (Echo) requests. If you add appropriate credentials using the Discovery
Wizard (Windows in this case) your scan can see past false negatives.
• Deeper Discovery scans (such as seeded scans with credential lists that might
include platform, VM host, VM guest, cloud resource credentials, and more) take
longer to complete because Discovery learns more as it runs and processes that
information to produce more accurate and interesting results (such as target
device OS, target device services that are network available, and more). When it
comes time for you to add monitoring, WhatsUp Gold uses these results to start
the device out with a useful list of monitors.
Take small bites (at first)
• Start with a Host List, a small subnet, or a few target IP addresses before you try
to scan a larger subnet or an entire network.
• Saved discovery scan settings are easy to modify and re-use. Save the settings
from runs that work best.
• You can add credentials to a saved setting for a simple scan, so you can re-run it
later as a deep discovery scan.
• If you 'go big' with a scan, you can use the Limit sub tab and even the Maximum
Number of Devices threshold to tune and cap a scan's reach.
Seeded scans cast a ‘wide net’

For example, let's say you are starting out by using only the default gateway as a device to
discover. If you run the Discovery Wizard on the IP address of the default gateway in
Seeded scan, the discovered device set expands out to include all devices and
conversations known to the gateway up to the Scan Depth ("hops" away from the initial
target IP).
106
IP/MAC Address Exceptions
Relating to excluded devices, you can exclude device from merging during the discovery
process by entering their IP Address or MAC address. You can find this area under
SETTINGS>Discovery Settings>IP/MAC Address Exceptions.
Exclude a List of IP Addresses

Discovery IP Address Exclusions (SETTINGS menu > Discovery Settings > Global
Exclusions) enables you to maintain a list of IP addresses that you wish to exclude from
WhatsUp Gold network discovery.
Typical Leverage Points:
• Reduce discovery scan time by hiding ranges not in use.

• Ignore/hide devices with static or fixed IP addresses that are managed by other
applications or agents.
107
Saved Scan Settings
Under the Discover Menu you have an option labeled Saved Scan Setting (DISCOVER >
Saved Scan Settings). By highlighting a saved scan, you have a variety of option available
to you.
• Scan Now: Launches the selected scans. You can have up to four scans running at
the same time.
• New: Create a new scan that starts with the default discovery template.
• Edit: Edits existing saved scan. This button will not be active if more than one scan
is selected.
• Copy: Copies the information from selected scan and put into a new scan with the
default name of “Copy of...” Again, the button will not be active if more than one
scan is selected.
• Delete: Deletes the selected scans. Will not be active if the default scan is one of
the selected scans.
• Cancel: Cancels the selected scans if they are running.
• Set as Default: Selected scan becomes the default template when all new scans
are created. Like Edit and Copy this Button will not be active if more than one scan
is selected
108
Preconfigured Scans
Scheduled Refresh
WhatsUp Gold installs with five
preconfigured scans, the first
being the Schedule Refresh. This
scan goes out and rescans all the
current discovered devices. If the
devices have the “Keep Details
Current” checked, this scan will
automatically update any devices
being monitored. If it is not
checked it will keep the updated
information in the discovery
portion of WhatsUp Gold. This
allows for the ability to update
the device manually, at any given
time.
So, what does this scan update? It looks for new or better information about a device,
including but not limited to better fitting device roles, device attributes and device
properties.
The “Keep Details Current” is checked by default on every device.
Scheduled Discovery
The second of the preconfigured scans
is the Scheduled Scan. This scan is a
seed address scan with a scan depth of
3, using all current and future
credentials. This scan is not set to
refresh and details of your monitored
devices.
109
Examples Scans
The last preconfigured scans are the Example scans.
There is the IP Address Scan Example. As the name implies, it is an IP address scan that
includes the local gateway and subnet. This scan is set to default, which means when you
click New, this scan is used as the template.
The next is the Seed Address scan example. This scan is set to a seed address with a scan
depth of three and includes the local gateway and subnet.
And the final example is the Large Network IP address scan example. This scan is identical
to the IP address scan example except for the number of threads which is set to 100
instead of 40.
Discovery Scan History

Scan History
The Discovery History view lists the history of discovery scans. Use this view to trace back
scans in the timeframe they were made, verify results, and re-run them.
• Name. Discovery
scan identifier or
profile name.
• Started. Date and
time group when
scan was initiated.
• Status. Network
discovery status
indicator. For
example, Completed.
• Devices Found.
Devices WhatsUp
Gold discovery
connected to and opened an initial network connection with.
• Devices Complete. Devices specified either in IP address list or seeded this that
yielded discovery results.
• Devices with Valid Credentials. Number of devices where one or more credential
instances in the credential list configured for discovery was successful.
Clicking the hyperlinked number in the Devices Found column to launch the Scan Results
log.
110
Scan Results
Scan Results report reveals the results of the applicable discovery scan.
• Display Name. The display name for the device discovered.

• IP Address. The IP address for the device discovered.
• Device Role. The role
assigned to the device
during discovery based on
information retrieved from
the device by WhatsUp Gold.
• OS. The operating
system running on the
device discovered.
• Brand. The device
manufacturer.
• Credential Type. The
credential or credentials
used to discover and retrieve
data from the device.
• Scan Result. Indicates if the device is currently monitored or unmonitored.
• Current Status. Additional status information reported by the device, if available.
111
Discovered Network
List View
After you start a discovery, or click on Discover> Discovered Network menu, you are taken
to the Discovered Network. If this is your fist time using WhatsUp Gold, it defaults to the
list view. Once you log out, WhatsUp Gold will remember which page you were on and
return to that page/view when you log back in with the same account.
The discovered network displays all devices which have been discovered after running
your discoveries. Devices which are not being monitored do not count against your license
count. Only those devices being monitored will take points from your license.
The discovered network list view has multiple features:
Filter Tab
The Filter Tab is where you
can filter the list results,
displaying only the devices
which match the filter; more
about this in the map view
section.
Active Scans tab

The next tab will show any
active scans running. It shows
you overall progress of the
current scan(s). WhatsUp
Gold only allows a maximum
of four simultaneous running
scans. If you start more than
four, the 5th and subsequent
scans will be queued and run
after one of the other four
finishes. You may cancel a
scan from here. Canceling a
scan does not just stop the
scan and everything is lost, cancelling says, don’t go any further, but finish what you are
doing and clean up. So, it will finish merging devices with multiple IP addresses in to one
device and add them to the discovered network. In the list, it shows the progress of the
current scan(s) and the status of the scan on the devices themselves. This is not particular
to the active scan tab; the progress and status will show when any scan is currently running
in the list view. Also when you start and or update monitoring a device, the progress will
also show on the active scans tab.
112
Discovery Legend tab
The Discovery Legend tab explains the device Icons.
• Unmonitored - Devices discovered but not monitored.

• Monitored, Up - This can be green or blue depending on what color the user has
set for UP in their user preferences.
• Monitored, Down –
the device icon is
red
• Monitored,
Maintenance – the
device icon displays
yellow
• Monitored,
Unknown – the
device icon displays
grey
• Down monitors –
the device icon
displays grey with a red dot
• Unacknowledged passive monitor – the device icon displays grey with a black
triangle
You may collapse the Tabs by clicking on the collapse arrow and reshow them by clicking
on any of the tabs.
When you select a single
device in the list view, it
will display the Device
Information on the
upper right-hand side.
113
Selecting multiple
devices will display the
Group Card.
The list view has an export button allowing you to export the list of devices which are
currently displays, in Excel (XML), CSV, or TXT file formats.
Clicking on the Display Map button will
take you to the Map view.
Map View
The discovered network map view has many of the same features as the list view.
Legend
The legend on the discovery map is found in the lower left-hand corner. It displays the
same icons as the list view. The legend can also be
minimized by clicking on the down arrow. Click the Up
arrow to restore it to full size.
Active Scans
The Active scans will show up under the
Discovery Legend when any active scan is
running. If you are promoting devices to be
monitored, the progress of that action will be
shown here as well. Again, WhatsUp Gold can run
up to four scans or one promotion action at any given time.
114
Filters
WhatsUp Gold allows for applying filters to the map, so you can see\select just the devices
you need. To access the filter, you click on the funnel icon in the upper left-hand corner.
Once it is selected the menu will appear.
The filter menu is divided into multiple sections.
• The Filter text, Name/IP, MAC Address,

Location, or Brand: enter an IP address, Name or a
location name to be used
• Recent Scans-Dropdown menu: Shows the last
four scans or select a scan time range
• Roles-Dropdown menu: Shows all available roles,
default or custom, to filter devices on their role
• Credential Types-Dropdown menu: Shows
available credentials types that can be applied
• Operating system-Dropdown menu: Shows the
available Operating systems
• Monitored Status-Dropdown menu: Selects
desired status; Up, Down, Maintenance, Unknown, etc.…
• Discovery Status-Dropdown menu: Select the desired status; Complete, In
Progress, Unknown (No Credentials)
As you type the filter text box WhatsUp will match what is being
typed in the appropriate fields. Selecting the filter type will apply
the filter. WhatsUp Gold allows for multiple filters to be applied.
As filters are applied, the devices that do not match will remain on
the map but are subdued nor are they selectable. All the devices
matching the filter will remain normal,
non-subdued, and selectable. To remove
the filters by clicking the X next to the
filter name or click the Clear All to
remove all the filters. Filter now filters on
ANY IP address on the device was just
the default associated with the device
but not any of the IP addresses
associated with the device.
115
Selecting Device
The Select Tool allow WhatsUp to toggle between pan and select modes. Pan
mode allows for moving the map around. In this mode you can select single
devices. To select multiple devices, you will need to hold the shift Key down while
selecting each device.
When in Select mode you can draw a rectangle around multiple device to “capture”
them.
Zoom Controls
You may increase or decrease the size of the devices on the map view by using
the zoom controls located in the lower right corner just above the toggle between
pan and select button. Use the Plus sign to zoom in and the Minus to zoom out.
The Next Icon is the Zoom to Fit, Forces the entire map to fit inside the displayed
area. The Map also allows you to zoom in and out with a simple turn of a wheel
mouse. When using the mouse, it will center the zoom on the location of the
map.
Hiding Devices
Hiding devices allows for removing devices from the discover map without
permanently deleting them. To hide a device(s), select the device(s) you want
hidden and click the eye with a slash icon  in
the information card.
To unhide any device, Click Hidden Devices

Icon  in upper left corner under filters.
In Hidden Devices dialog, select device(s) to be

unhidden. Then click Show Devices button.
116
Start Monitoring
Once a discovery has been run, any devices in the discover list/map may be promoted to
start monitoring in WhatsUp gold. To promote your
device(s), select the device(s) you want to monitor then
click Start Monitoring or Start/Update Monitoring in
the upper right-hand corner of the device or group
cards.
If you delete devices out of the Discover Map, any devices that you are currently
monitoring will repopulate in the discover map.
Returning to List View

To go back to the list view, click Device List at the bottom of
the map.
Hybrid View
You may also view your devices in a hybrid view that will display the map on the top and
the device list at the bottom of the screen. Click the single up arrow on the Device list
button to show this view. You can return to the map by clicking the X or go to full Device
List by clicking the Device list button.
When viewing the list on the Discovered Network map, you may select just one or multiple
devices using the check boxes at left, then click Start/Update Monitoring on the
information card that appears to begin monitoring or update applicable information for the
device(s) on the My Network map view. Selecting devices on the grid also allows you to
hide, delete, or rescan connectivity from the information card using the respective icons.
117
5
My Network
My Network
List View
If this is the first-time logging into WhatsUp Gold or clicking on the My Network button,
you are taken to the My Network List view. Again, when you log out of WhatsUp Gold, it
will remember which page you visited last and will return you to that same page the next
time you log in.
The My Network list view looks and works very similar to
the Discovered Network list view with a few major
differences. The My Network only displays those
devices which are being monitored. The List view has
the Monitor Legend tab which displays the monitor
legend which consists of UP, Up with down monitors,
Down, Maintenance, Unknown, and Unknown with down
monitors.
There is the Filters & Overlays tab which has the filter
which works exactly as the Discovery List filter, but it does not contain any of the filters for
discovery because the My Network only displays devices which are being monitored.
Overlays are a way to enhance or remove details to the list or map views of the My
Network.
118
There is the Groups tab which shows a list of all the default or user added groups
contained within WhatsUp Gold.
Also, you may click the export button to export the list of devices which are currently
displayed, in Excel (XML), CSV, or TXT file formats.
Clicking on the Display Map button will take you to the Map view.
Map View
WhatsUp Gold My Network map view is also very similar to the discovered network map;
the legend is
almost identical,
filter, zooming,
selecting options,
along with
returning to the
list view as well as
a hybrid view of
My Network, are
identical.
What sets the My
Network map view
apart from the
discovered network map view besides only displaying those devices which are currently
being monitored is the use of the Overlays.
119
Overlays
Overlays give the ability to enhance or remove the level of map detail by applying the
different overlays. There are five overlay options available:
• Device Overlay
• Device Connectivity
• Dependency and Link Status
• Wireless
• Virtual
• Interface Utilization Links
• Application Monitoring
You may have anywhere from 1-6 overlays selected. You must have at least one overlay
selected (it will not let you remove them all).
Icon Description
Devices Overlay displays monitored devices in your network.
Network Connections and Link Status Overlay displays devices

with their network connections, showing what devices are
connected to what devices.
Device Dependencies overlay
This overlay will also show any decencies links, that have been
configured on your devices. The dashed arrow will start on the
device and point to the device it is dependent on.
Wireless overlay displays the wireless network(s). Showing the
virtual connections between the wireless controllers and access
points, as well as, the connection from access points and wireless
clients. Wireless clients will only show when wireless overlay is
selected.
Virtual overlay displays virtual environment(s). This includes
virtual devices with both VMWare and Hyper-V, their hosts and
guests. When you zoom into the map with the overlay enabled,
there are additional icons (called badges), that appear next to the
device icons. These badges depict the roll the device has within
the virtual environment.
Icon Description
VMWare VCenter
VMWare Data Center
VMWare Cluster
VMWare Host
120
VMWare Virtual Machine
Hyper-V Host
Hyper-V Virtual Machine
Interface Utilization Links displays the status of the links

between device icons. The thickness and color of the links indicate
the current utilization.
Application Monitoring displays annotations representing rolled-
up application monitoring status are applied to applicable device
icons on the map.
Icon Description
Up
Down
Warning
Maintenance
Unknown
Overlays operate similar in the list view except for the wireless, virtual and
application monitoring overlays. Wireless SID groups, virtual badges nor data
centers, nor application monitoring badges display with overlays on in the list view.
121
Layout Options
Additional Features Common to both views
Legend
The legend on the My Network views is very similar to the legend on the Discovered
Network views. It is found in the lower left-hand corner of the map view or Monitor Legend
tab in list view. It explains the device icons:
• Up
• Down:
• Maintenance
• Unknown
• Down monitors
• Unacknowledged passive monitor
The legend in the map view can also be minimized by clicking on the down arrow.
Click the Up arrow to restore it to full size.
Icon Device Description
A green ring indicates the device is Up. It is operating as expected per

the specific active monitors assigned and enabled.
A red ring indicates the device is Down. All active monitors must
report down.
A yellow ring indicates the device is currently in Maintenance Mode.

The device will not be polled, actions will not be triggered, and
activity will not be logged until it is taken out of maintenance mode.
A light gray ring indicates the status of the device cannot be

determined because WhatsUp Gold was unable to successfully
communicate with and/or gather useful data from the device when
polled.
A red dot on the device ring indicates the device has one or more
active monitors reporting down.
A black triangle on the device ring indicates one or more

unacknowledged passive monitor.
122
Filters
The My Network filters work exactly as they did in the discovered network, except there
are not the options to filter on the Discovery Status. To access the filter, you click on the
funnel icon in the upper left-hand corner of the map view, or the Filters & Overlays tab of
the list view. Once it is selected the menu will appear.
The filter menu is divided into multiple sections:
• The Filter text, Name/IP, MAC

Addresses, Location, Brand Section: You enter
an IP address, Name, MAC address, Brand, or a
location name to be used and select the filter to
apply
• Roles-Dropdown menu: shows all
default and custom roles
• Credential Types-Dropdown menu:
Shows available credentials that can be applied
• Operating system-Dropdown menu:
Shows the available Operating systems
• Monitored Status-Dropdown menu:
Selects desired status; Up, Down, Maintenance,
Unknown, etc.…
As you type the filter text box WhatsUp will match what is being typed in the appropriate
fields. Selecting the filter type will apply the filter. WhatsUp
Gold allows for multiple filters to be applied.
You can apply as many filters as you want until you run out of
room on the web page.
In the map view, the devices that do not match will remain on
the map but are subdued
nor are they selectable.
All the devices matching
the filter will remain normal, non-subdued, and
selectable.
In the list view, only devices which match the filter are
displayed in the list.
To remove the filters by clicking the X next to the filter

name or click the Clear All to remove all the filters.
123
Map view layout
WhatsUp Gold’s My Network map allows for 2 different views. There is an Auto Layout,
which automatically arranges devices based on connectivity. Then there is a custom Layout
allowing each map to be customized in configuration, shapes and annotations.
Auto Layout
Auto Layout is the default view and is the one you see when you first log into WhatsUp
Gold. The devices are automatically arranged according to connectivity and
other factors. Anytime you re-click the Auto Layout icon the map will attempt to
redraw the map keeping any links lines from overlapping.
This layout gives you the option to
view all the devices in subgroups.
This option is checked by default.
When selected, the view shows
devices in the group selected and all
its subgroups but will not show any
groups. When unselected the view shows only what is in the group selected, be it devices
and\or groups.
Custom Layout
Custom Layout allows for full customization; arrangement of devices, adding
of shapes, images and annotations. This layout allows to the addition of
background images/maps then placing each device on the map where it is located.
Customizing the Map

Device Groups
Using device groups in WhatsUp Gold helps to quickly find and diagnose problems within
the network environment. WhatsUp Gold allows for as many device groups as needed to
organize the network in a way that is meaningful to the layout of the network and its
monitoring needs.
When WhatsUp Gold starts monitoring the devices, it places them into 2 types of groups.
• Physical Groups (non-dynamic)

• Dynamic groups
Physical
Non-dynamic groups are referred to as “Physical groups,” or simply as “device groups.”
When you start monitoring a device, you can select a physical group to place the devices in.
By default, WhatsUp will place all the device in the physical group “Discovered Devices”.
124
The Physical Groups icon will show the worst state of any device with in that
group, in the lower right-hand corner. This allows you to get an indication of the
status of your devices before even going into the group.
Physical Groups also make use a group access rights allowing you to restrict read and write
access to the group and devices.
Since the inventory remains static, Physical Groups best used for:
• Mapping
• Inventory
Dynamic
All devices discovered on your network are placed into a single dynamic group named ‘All
devices’ by default. Additional groups are created automatically when SQL queries search
for devices based on user-specified criteria during discovery. These are referred to as
dynamic groups because group membership can change automatically based on the data
WhatsUp Gold receives from the devices.
There are two types of dynamic groups that exist in WhatsUp Gold:
• Layer 2 dynamic groups

• WhatsUp Gold dynamic groups.
WhatsUp Gold Dynamic groups are created by SQL queries based on user-
specified criteria, or by WhatsUp Gold background processes.
By default, all devices discovered on your network are placed into a dynamic group named
“All devices (dynamic group)” and there are also a number of examples of common devices
sorted in a device group named “Dynamic.
Group Examples.” These advanced dynamic groups do not have customizable maps
available but allow you to specify rules for dynamic membership of devices in the group.
As new devices are added to being monitored or updated by WhatsUp Gold, each dynamic
group may contain any number of the new devices found by WhatsUp Gold depending on
the criteria used by the group or may contain no devices at all. Dynamic groups can be
created for specific device types, device attributes, active monitors, or anything else that is
stored for individual devices in the database. They will also update automatically showing
the most current results.
The WhatsUp Gold Dynamic Group Icon will not show the worst state of the devices within
the group.
125
Layer2 Groups use the same Icon as the WhatsUp Gold dynamic groups and will show the
worst state of any device within that group. During the discovery process
WhatsUp Gold gathers Layer 2 data: information related to the physical
connectivity between your network nodes. Detailed information about your devices, their
interfaces, connection speeds, and addressing is all compiled into a set of results that allow
WhatsUp Gold to automatically generate integrated topology maps showing both Layer 2
connectivity and Layer 3 addressing information.
You can use New Group, Advanced Settings, Layer 2 Dynamic Group to build customized
Layer2 Groups. The filtering options allow you to specify membership based on device
properties such as Role, Name or IP, and choose to include connected devices.
Layer 2 groups share properties of both Physical and Dynamic Groups. The Graphic below
shows the shared aspects.
Physical Groups and Layer2 map groups show the worst state of any device in the group
on the Icon; they also make use of access rights to control read and write access to the
group.
Layer2 Map Groups and Dynamic Groups are updated automatically to show the most
current discovery results, as well as, make use of filters to include and exclude devices.
At any time, you can refresh the device details and its connectivity. Just select the
device(s) or group click on the Action Menu and select refresh device Details or
Refresh Connectivity.
126
Tools
WhatsUp Gold allows customization of the My Network map using a suite of drawing tools
used to annotate and enhance the level of detail to represent the network work
environment more accurately. To begin customizing the map, click the “Custom Layout”
icon” to disable the automatic map arrangement defined by WhatsUp Gold. Next click the
pencil icon , in the bottom right hand side of the map, to display the map editing tools.
If you are still on “Auto Layout” the pencil will not be displayed
Edit Controls
The controls in this area allow the shape, image or text to bring to the front, send to the
back, locked, unlocked, cloned, or deleted.
Icon Description
Bring to Front: Brings the selected shape forward.
Send to Back: Sends the selected shape back.
Lock: Groups the selected images together to act as a single image.
Unlock: Separates the grouped images back into individual images.
Clone: Makes a duplicate of the selected shape. This control will not clone a
device.
Delete: Deletes the selected shape.
Map Options
Icon Description
Always Show Device names remain displayed on your custom map
Labels regardless of zoom level.
Displays truncated device names below icons on the custom
map. Please note when this option is enabled:
For domain name servers, everything prior to the first "." is
displayed.
Clip device names For devices using IPv4, only the IP address is displayed.
For devices using IPv6, only the compressed IP address is
displayed.
For all other devices, the first ten characters followed by
ellipses "..." is displayed.
Device names in
Device names are displayed in all caps
uppercase
Show graph
Displays the grid background behind the mapped nodes.
paper
Forces device icons and annotations to align with background
Snap to grid
grid intersection points when repositioning.
127
Annotations
When in custom layout WhatsUp gold allows for the additional of multiple shapes, images
and annotations to the map.
Icon Description
Line Segment: Used the mouse to draw a line. Grab the end of
a selected line to rotate the line.
Rectangle: Click on the map for a starting point, then drag the
mouse to expand the rectangle. Use the guide boxes to
change height and width.
Circle: Click on the map for a starting point, then drag the
mouse to expand the circle. Use the guide boxes to change
height and width.
Network Cloud: Click on the map for a starting point then drag
the mouse to expand the cloud. Use the guide boxes to
change height and width.
Image: Opens a dialog box to select an image. WhatsUp Gold

will then upload the file for use. Click the mouse at the location
for the upper left corner. Use the guide boxes to change height
and width.
Text: Click on the map to select a starting point for the text.
Type your text in the Sample Text box in the Style area.
Style
Style controls allow for changing the options of a selected Shape or text. Many controls can
be seen with any shape, while a few are dedicated to certain shapes or Text.
Icon Description
Fill: Allows for changing of the fill color
of the shape.
Fill None: Checking the box removes
any fill color.
Line Width: Set the boarder width of
any shape. When on Text it is like Bold
increasing the thickness of the line
weight.
Stroke: Changes the boarder color of
any shape.
128
Corner Radius: This control is specific
to the rectangle shape and will control
the radius of the corners.
Bold, Italic, Underline, and Strike

Through: These controls are specific
when dealing with Text added to the
map. Allows the text to be Bolded
Italicized, Underline and\or Strike
through.
Size: Again, specific when dealing with

the Text. Let’s you set the font size of
any text.
Custom Links in a Custom Map

You may have the need to add your own custom link lines between devices, between a
device and a group, between groups, or between objects on your custom maps.
129
When you select two devices, a device and a group, two groups, a device and an object, or a
group and an object while editing the custom map, you are presented with the custom link
button on the group device card.
Clicking the button adds a link between the two
and allows naming the link at each device.
You may also, for a device only (not a group or an
object), you may add a monitor to the link which
will show the link status.
Clicking the 
under the link
label opens the monitor picker allowing the selection of
which monitor
to apply to
the link at the
specified
device.
Once a monitor is added, clicking the  under the link

label will remove the monitor from the link.
To remove the link altogether, select the objects the link

has been added to, then click the Remove Link button at
the bottom of the information card.
130
Device Information
Information Cards
Select any device on either list view or map view to display its Device Information card
which displays extensive information about the device.
There are multiple sections depending on the device’s role and its status. Some information
that will show is the devices identity, status, role, Performance monitor’s last polled value,
group membership, credentials applied, applications, NTA, virtual, or wireless information.
It also provides controls for accessing dialog screens for:

 Device Properties
 Device Status
 State Change Timeline
 Action Menu gives a dropdown or basic actions related to a device. Choosing an
action from this menu performs that action to each selected device.
131
When multiple devices on this map view are
selected, the action menu changes to display a
dropdown of group management actions.
132
Device Properties
Device properties Dialog
Any device on the network will have certain properties associated with it, such as the
configuration stored locally on the device and data associated with the device’s hardware
and software. In WhatsUp Gold, the concept of device properties encompasses a wide array
of information, including generalized data pertaining to name, vendor, serial number,
release version, etc. provided by the vendor, as well as IP address, location, contact, etc.
configured by the network or server Administrator. In addition, WhatsUp Gold assigns
credentials, monitors, tasks, etc., as configured by the WhatsUp Gold Administrator.
Device Properties Interface
The Device Properties interface displays available data about the selected device itself and
its assignments. Upon accessing Device Properties, identifying information for the selected
device as well as its current status and notes about its initial discovery can be seen at the
center of the interface.
At the very top of the Device properties dialog is the device picker, actions, and status
reports menu.
The device picker allows selecting another device’s
properties without closing the dialog window.
The device status button exits the device properties page and takes you to the
 selected device’s status dashboard.
The action menu allows applying different actions to the device. There are also
 buttons to take you to the help menu expand the properties to full screen and
where you exit the device properties.
133
System Status and Properties
The System Status and Properties section just below the menus, is where the host
properties, device role classification and status information are displayed. The Device
Summary lists basic information about the device. Clicking the link text (Edit or Configure)
allows you to edit that area (Display Name, Host Name, IP address, SNMP OID, Role, or
Notes).
Keep Details Current allows a discovery scan to update the devices

automatically when enabled (default setting).
Device Center
Monitors Tab
Allows browsing, applying, configuring, or deleting active, passive, and performance
monitors to the device. Also contains links to directly access the monitors library and the
actions and policies library if a monitor or action/action policy is not available for use with
the current device.
Critical monitoring may also be enabled and set up using the Setup Critical monitoring link
to access the critical
monitor dialog for
the device.
134
Polling Tab
The polling tab allows adjusting the polling interval for the device as well as the target IP
address and setting up device dependencies for the device.
Polling Interval. Determines how frequently WhatsUp Gold fetches observations from this
device.
Poll Using. Select an IP address for a particular interface or resolve to a specific DNS
hostname.
Poller. The name
and status of the
poller gathering
information from
this device.
Poller Avg Lag. The
average amount of
time in seconds the
poller is behind its
scheduled time to
poll devices.
Poller Description.
The description given when adding/editing the poller in using the Polling Configuration
interface.
Manual Maintenance. Drop the managed device to maintenance mode and specify a date
and time for the maintenance period to end without further end-user interaction, if desired.
(Useful mode and marker in reports and for SLA accounting.)
Configure Polling Up/Down Dependency. Poll based on the status of another device or
resolved host.
Schedule Recurring Maintenance Times. Specify when the selected device regularly
enters/exits maintenance mode without user interaction.
135
Actions Tab
The actions tab allows adding Action Polices or individual actions to be applied to the
device which can send notifications, log events, execute scripts or programs.
Credentials Tab
The credentials tab allows viewing, editing (changing), or deleting credentials associated
with the device. Also allows directly accessing the Credentials Library if you require to add
a new credential to
WhatsUp Gold.
Groups Tab
The groups tab allows you to add/remove the device from existing device groups.
136
Attributes Tab
The attributes tab enables you to view device system and host descriptions, modify some
of this information, and populate user defined attributes (such as Contact Information).
Most fields are
populated at
discovery time such
as device MAC
address, device
name, and so on. For
example, for a
Windows device,
Discovery pulls in
system and host
information
(Computer
Properties) as
attributes.
Other fields, such as contact information, can be auto populated at discovery time using
custom role definitions or edited through the Attributes panel.
Roles Tab
The roles tab allows browsing, changing, applying, and removing the roles applied to this
device during
discovery.
Primary Role is
considered the main
function of the
device on your
network. Sub Roles
are the device’s
secondary, tertiary ...
functions the device
holds in the
network.
137
Inventory Tab
The Inventory tab is displays tables of system-specific, host, OS, chassis, and layer 2
connectivity data reported by the selected device when discovered/rescanned. The
inventory provides complete views of the device management information.
Richness of
information depends
on credentials
available at scan
time.
Information
available depends
on device role/type.
(Windows devices
will show updates,
switches show ARP
cache, for example.) Information is read-only from this view.
Refresh Timeline Tab

The refresh timeline tab shows device history of add/update monitoring events and
device rescan events.
• Event. Type of refresh that triggered the refresh.

• Source. Agent or task that triggered the refresh.
• User. WhatsUp Gold User. (None for scheduled refresh/update actions.)
• Date. Date/time.
138
Links Tab
The links tab presents any user-defined URLs associated with the selected device.
Agent Tab
Manage Agent deployment and access related status and asset information.
Applications Tab
The applications tab allows you to View and manage application instances WhatsUp Gold is
monitoring on the
selected device.
139
Logs Tab
Manage log data collection and corresponding ingestion rules/filters for the selected
device.
Tasks Tab
Configuration Management allows you to manage and run scheduled tasks as well as
modify and compare configuration archives assigned to the selected device. This option
will only be
available if
you are
licensed for
Configuration
Manager,
default with
Total Plus
140
Application
6
Monitoring
Application Monitoring
Services and devices running on a network sometimes play a small role in a much larger
system, one spanning across multiple servers and appliances and hosting a variety of
critical resources. Each of these devices itself makes up a standalone element that can be
monitored individually, perhaps using WhatsUp Gold to check the status of that device and
to report or alert accordingly. However, this status information is much more insightful
when the availability of the entire multi-part system is considered. For example, does the
entire system rely upon a single resource for connectivity or authentication? What
happens if that resource fails: is there a backup already in place, or another method that
can be used in the interim? When should the status of the system be considered “Down,”
and when should it send a warning of a possible failure? Should redundant systems be
verified independently, or as a part of a more complex environment? Answering these
monitoring questions is the crux of WhatsUp Gold Application Monitoring.
Application Monitoring (APM) provides you with the logical tools needed to monitor any
type of complex network infrastructure where multiple systems or applications are present,
and the availability of these applications must be verified. APM allows you to dissect an
application into its component parts and to monitor these individual components, giving
you a detailed view of the overall status of the application by looking at the sum of its
elements. The services, processes, software, hardware, and core infrastructure in use by an
application can be monitored in a manner that provides not only a detailed view into the
status of the application itself, but also the flexibility to group these sub-systems together.
APM’s interface provides simplified management of each element and testing of individual
components at different physical or virtual network locations. Using a system of actions
and policies contained within libraries, you can configure alerts that fire when your
resources are unavailable and track the performance of your applications via management-
based component checks.
141
Devices in APM
Nodes on your network are referred to as devices in APM, a term that is used for all
computers, servers, routers, switches, firewalls, appliances and hosts. These networked
devices provide the framework for your applications, with each device offering a set of
services or resources that might be in use by one or more applications running on the
network. When monitoring the elements of each application in APM it becomes necessary
to connect to and query these devices for information, and each of these connections is
unique according to the type of service being hosted on that device and the role the device
fills on the network. Some devices are Server Devices and might be monitored for services
such as Active Directory, HTTP, SMTP, FTP, or SQL. Other devices are seen as Network
Devices and would be polled for interface utilization, interface errors, CPU usage, or the
availability of a VPN tunnel. Together, all these devices work to provide each application
the resources and connectivity it needs to fulfill its assigned role(s).
Using APM to monitor the status of an application first requires that any devices in use by
the application are available for monitoring within WhatsUp Gold. In the case of an
advanced application this could include multiple devices, each providing a critical resource
used by the application. These devices are queried for availability, service status,
connectivity, and performance, and the worst overall status of all dependent devices and
resources then becomes the status applied to the application itself.
Applications in APM
Applications within APM are backend network application and not end-user type
applications like Microsoft Word or Adobe Reader. The most common type of application
that you may encounter is a web application. The most common type of web application is
Microsoft’s SharePoint Server. A web application typically consists of a server of some type
with a web server service running on it, like Microsoft’s Internet Information Services (IIS)
or Apache HTTP Server. A web application also typically has some type of backend
database running on another server.
Applications in WhatsUp Gold application monitoring are sorted by type or category. Then
under each type, applications are sorted by version.
Definitions
Application: An application is made up of one or more programs running on one or more
monitored systems
There are three distinct application types leveraged by WhatsUp Gold:
Simple application: A simple application is an application that is not dependent on
another application to run
Complex application: A complex application is an application configured to be
dependent on one or more applications to run
Discrete application: A discrete application is an application upon which a
complex application has a dependency.
142
Application Profile: An application profile is a blueprint for monitoring a given type of
application within WhatsUp Gold. It defines the collection of components and distinct
applications that reflect the health and status of a specific type of application
Monitored Application: A monitored application is a running copy of an application profile
that monitors the defined collection of components, distinct applications, and thresholds
necessary to define the health and performance of a given type of application. A
monitored application can extend the application profile by adding components,
component groups, or discrete applications. The application profile is not changed when a
monitored application is extended.
Component: A component is a single data point collected as part of an application profile
(e.g., CPU Utilization)
Application States
Application States within Application Monitor are like the device states used with Active
Monitors with some distinct differences. Up in Application Monitor like everything else in
WhatsUp Gold meaning your application(s) is/are healthy and responsive. If an application
stops responding or responds differently than expected, down. Depending on the severity
of the outage it will show a warning, which means that part of the application could be
down, but the full application is still running, but needs attention. And there is also a
maintenance state.
Application Profiles
An Application is a group of devices, services, and resources that operate together to
perform a specific function on your network. For example, this could be your company web
server that hosts an internal wiki site, or a mail server used to interact with your clients.
The application itself might rely on a team of authentication servers, database servers, and
hardware utilities to host its content, and a disruption in any of these background devices
would result in the application becoming unavailable.
These backbone devices may have their own set of dependent hardware and server
devices on the network, elements they rely on to operate correctly. Many times, external
systems exist separate from the workstations you interact with on the network and the
networks hosting applications, making it more difficult and complex to monitor the entire
application.
An Application Profile in APM is a template that is used whenever an application of a type
is created. Every application profile carries with it a set of configuration options, including
identification information, functional settings, a version number, and monitored items
(called Components).
Usually an Application Profile is made up of multiple components, each with their own
unique configuration options. Application profiles are also often grouped by their type,
such as displaying all Microsoft applications together, then grouping specific application
profiles together according to their settings.
143
End-to-end monitoring of the Application Server in the diagram above would require
connecting to several different devices on the network using a variety of connection
methods. After gathering data from the Database Server and the Authentication Server, as
well as the Application Server itself, the true availability of the application could be verified
and displayed within APM. These devices in turn utilize a dedicated Storage Appliance
being managed by a Workstation, a system that might be monitored as a standalone
application in APM. All these elements can be grouped into a single Application Profile: a
collection of network components used in the monitoring of an application.
Importing and Exporting Application Profiles

Tools found in the APM Application and Profile setup allow you to interact with other APM
users by sharing Application Profiles. From the WhatsUp Gold Community site, you can
download Ipswitch and user-created application profiles. You may also import an
application profile sent to you by another APM user and saved to the local hard drive.
Importing profiles allows you to get set up with a new application type very quickly, and to
monitor an application identically in two separate installations of APM. Likewise,
application profiles can be exported from APM to the local WhatsUp Gold server, allowing
you to send a profile to a colleague that has a similar network configuration. You can also
publish your application profiles to the WhatsUp Gold Community site for other APM users.
Sometimes it is best to import an application profile to use as a starting point for
monitoring of a resource, then to tweak the profile for your network configuration after
adding it to APM. Using Microsoft’s SharePoint as
an example, one network may have a very generic
installation of SharePoint, one that would be
covered by importing an application directly from
the community site to and using it as-is. By
importing an application for SharePoint and adding
it to APM you can very easily start monitoring this
application using options that suit most basic
installations of SharePoint that are available, and
modifying these settings only when needed, to
tune the application to your environment.
144
However, another SharePoint installation on a different network may make use of the more
advanced installation options, such as a connection to a remote MS SQL server for data
storage, utilization of an IIS web server farm for hosting the web content and relying on an
Active Directory server to verify access to the website. This installation spreads the
SharePoint application across multiple devices and makes use of additional resources not
covered by the generic SharePoint application profile, so much so that building an
application profile from scratch would allow you to direct your monitoring according to that
exact installation. This second example would normally require very complex and involved
configuration to monitor the entire SharePoint application from start to finish, since it relies
on several dependent (or discrete) applications for functionality. In this example it would
be easier to import generic application profiles for any discrete applications used by
SharePoint (IIS, SQL, and Active Directory), and to configure these applications as
standalone elements in APM. Then, create or import an application profile for SharePoint
itself and add the discrete applications to it. You can always modify the SharePoint
application profile later by reconfiguring these discrete background applications, and in
using this approach you can “re-use” the discrete applications multiple times, such as
adding the MS SQL application to a different profile monitoring the WhatsUp Gold system.
Monitored Applications
Once an application profile is created or imported and configured to your liking it can be
used to generate individual instances of monitored applications in APM. Whereas the
application profile is a template of an application on your network, each monitored
application acts as a unique copy of that application, meaning it can be modified to monitor
each instance of an application on your network more accurately. The application profile is
not changed when the monitored application is extended or modified. You can have as
many monitored applications of an application profile as required, but as your licensing
permits. Licensing in APM uses ten (10) points per monitored application. The number of
components per application does not matter, you can have a monitored application with
one component or 50; it is still ten points per monitored application.
When manually adding a monitored application, it is always a good idea to test the newly
configured monitored application before saving it to APM, along with testing each
component within. This allows you to identify and work through any connectivity issues or
problems with the configuration of the instance, and to verify that the instance will operate
as expected. Testing a monitored application also shows you the current values for each
component and how that compares to the thresholds configured for each component state,
allowing you to re-evaluate the default threshold values. Also, if you will be monitoring disk
utilization in your application(s), you must specify which disk you will monitor before you
can save the monitored application.
145
Application Discovery
Monitored applications can be quickly created, tested, and applied to the network using the
Discover Applications utility in APM, which allows you to select a list of devices from the
WhatsUp Gold device list and to query each device for the availability of a series of
applications. Any time an application is found to be running on a device in your network,
that unique Application and Device combination is saved as discovered application
instance, allowing you to add instances to your application profiles very easily. This
functionality makes it simple to take an existing WhatsUp Gold network and determine
which types of applications are running on the network using Credentials and Devices from
WhatsUp Gold.
To be discoverable, an application profile must have at least one discoverable component
associated with it, and at least one device from the selected device WhatsUp Gold device
group must have those that component running. To use your custom application profiles
in Application Discovery, ensure the “Use in discovery” option is selected when adding or
editing its components.
146
7
Actions
Maintenance Mode
As described earlier, an active monitor expects a response from a monitored device,
otherwise the monitored device will be considered down. This would create a problem if a
device needs to be taken down for maintenance.
Maintenance mode is a feature within WhatsUp Gold to alleviate this situation.
Maintenance Mode Characteristics

Any Device placed in Maintenance mode:
• Will not be polled

• Actions will not be triggered
• Actions set up to trigger when going in or out of
maintenance mode will trigger
• Any activity be logged
A device in maintenance will show up in yellow\orange with the wrench, when zoomed in,
the wrench will be in the lower left-hand corner
You may manually turn on or off maintenance mode for a device or group of devices. You
may also add an expiration date and time to manually enabled maintenance mode to
ensure it will end in case someone forgets to turn it off.
With Maintenance mode, you can also set a reoccurring maintenance schedule for a device.
The scheduled maintenance overrides a manual maintenance mode even though

manual expiration has expired.
147
Are you sure your device or monitor is responding
correctly?
You can determine the state of your device with Device States these Stage Changes are
dependent on a time period.
Down state (not responding - 0): Means it just reported down and WhatsUp continues to
poll the device. After 2 minutes there is another state change to down at least 2 min you
can also add addition device states
Maintenance Mode we will get into later in the class when we deal with actions but in short
it is a way to show the device is in the middle of a planned maintenance window. WhatsUp
does not Poll the device and the shapes and colors are still left from previous versions and
will not affect the Web Interface in V17.
State Changes are dependent on a continuous time frame regarding if it is up or down.
State changes are currently only available to customize through the Admin console; Under
Configure > Program Options > Device States
Actions
WhatsUp Gold actions are designed to perform a task as a device or an active monitor state
change occurs, or a passive monitor condition exists. Actions can try to correct the
problem, notify someone of the state change, or launch an external application. As you
configure an action, you choose the task it is to perform. Also, when you configure an
action, you choose whether to assign it to a device, or to an active or passive monitor.
To check the status of an action, or to cancel an action, in the WhatsUp Gold

console go to Tools > Running Actions.
Notification Type Actions

Notification type actions are separated into two different catagories:
• Audio / visual actions

• Messaging actions
Audio/Visual Actions
Audio / visual actions will play a sound or display a
visual notification in the WhatsUp Gold web admin.
There are three sound actions that you may apply.
These sound actions will only sound on the WhatsUp Gold server and only if there is a
sound card installed.
148
The default web alarm will display in the WhatsUp Gold web admin. The web admin must
be open and logged into for it to display. The default web
alarm is persistent, meaning that the alarm will
continuously return unless it is dismissed. If the web
admin is closed, the web alarm will continue to run in the
background until someone logs into the web admin and
dismisses it. The default web alarm will also play a sound if
the machine where the web browser is being utilized has a
sound card installed.
It is recommended that you only use the web alarm if

you have someone continually monitoring the web
admin.
Messaging Actions
Messaging actions include:
• Beeper Actions
• Pager Actions
• Text to Speech
• Post to Slack
• E-mail Actions
• Texting actions which are
o SMS Action
o SMS Direct
Beeper and Pager actions may sound old, but they are still applicable in
the medical arena. They require a modem to be installed, or some other
way of sending a message to them.
The Text to Speech Action plays a message entered as text in the message
configuration.
The Post to Slack action generates a notification message in the specified Slack
channel/workspace or alternately to a specific Slack user. Prior to configuring this
action in WhatsUp Gold, you must create and retrieve an incoming webhook URL
from the Slack App Directory. For detailed information and procedures, please see
Incoming WebHooks for Slack.
Texting type actions include SMS action and SMS direct actions.
SMS action requires a modem connected to the WhatsUp Gold Server to dial out
and send the text to the recipient device.
149
The SMS direct action utilizes a GSM modem, a specialized type of modem which
accepts a SIM card, and operates over a subscription to a mobile operator, just
like a mobile phone, to send text messages to the recipient device.
You can set up an email action to send a text message to a mobile device. Almost
all cellular providers have an email address, typically <phone
number>@provider.com, which does not need a modem or GSM modem.
E-mail Actions allow you to send an email directly through your e-mail server or
e-mail provider to the desired recipient(s).
E-mail actions are fully customizable. You may customize the Subject line and the body of
the message. The body can be sent in either plain text or in HTML. To utilize HTML, you
would select the HTML radio button, then enter your HTML tags you wish to use to make
the email as robust as you want.
E-mail actions are also customizable by utilizing WhatsUp Gold Percent variables. Percent
variables pass information about the device or monitor to the action. You may use them in
other actions and not just email actions.
A complete list of all WhatsUp Gold percent variables is listed in the help files.
https://docs.ipswitch.com/NM/WhatsUpGold2019/03_Help/1033/index.htm?42503.htm?zoo
m_highlight=percent+variable?toc.htm)
150
Remote/Local Script or Execution Actions
Remote/Local or Execution Actions are those that can execute some other type of action
like running a script or launching a program.
Remote/Local or Execution actions include:
• Service Restart Actions
• Active Script Actions
• Power Shell Actions
• SSH Actions
• Program Actions
• SNMP Set Actions
• Post to IFTTT
• ServiceNow Incident Creation action
• Configuration Management Action
• VMWare Action
Service Restart Action starts a previously stopped service. The service restart
utilizes WMI credentials only. It has a command option that will allow stopping
as well as starting a service on a device.
Active Script Actions allow you to write either VBScript or JScript code to
perform a customized action. If the script returns an error code, the action failed.
This script has a context object you can use to get specific information about
the context of the action.
PowerShell action delivers a robust and flexible environment to the experienced

user for developing custom actions through direct access to script component
libraries, including the .NET Framework. For more information, see PowerShell
script examples.
The SSH action connects to remote devices via SSH to execute commands or
scripts. The script or command can be anything that the device can interpret
and run; for example, a UNIX shell command or a Perl script.
Program Actions can be defined to launch an external application. You provide

the full path to the executable, the running directory, and any program
arguments you need to launch the program.
151
SNMP Set Action sends an SNMP Set to a device to change a specific SNMP
action. You can configure SNMP Set actions to perform a number of tasks,
including rebooting a device, changing the state of a network remotely, disabling
or enabling a device feature, etc.
The Post to IFTTT action in WhatsUp Gold leverages the WebHooks service
available in IFTTT to trigger one or more actions using several available services
which can connect to IFTTT. The services library supported by IFTTT is extensive
and capable of executing a wide variety of actions. For detailed information, please see the
IFTTT website.
ServiceNow Incident Creation action generates a support ticket from WhatsUp

Gold using valid ServiceNow account credentials.
Configuration Management Action creates a new action or configures an

existing action in the WhatsUp Gold Actions Library.
Configuration Management is available only in Total Plus
VMWare actions perform operations such as starting, stopping, or taking a

snapshot of virtual machines running on a VMWare host or being managed by a
VMWare vCenter server.
152
Log Actions
Log Actions Include:
• Log to Text File

• Syslog Action
• Windows Event Log Action
Log to text file action will write a custom log message to a text file. You will
specify the full path of the location of the log to write. An option to append to
an existing file or overwrite an existing file. The log message that will be
written to the file supports percent variable.
Syslog Action will send a Syslog message to a host that is running a Syslog
server. You will enter the IP address and port number, typically UDP port 514, of
the Syslog server. The message will be your custom syslog message which may
include percent variables. The Syslog message box limits input to 511 characters. If
notification variables are used, then the message that gets sent is limited to 1023 bytes, to
comply with the Syslog protocol. Non-visible ASCII characters such as tabs and line feeds
are replaced by space characters.
Windows Event Log action allows you to configure log messages to post to the
Windows Event Viewer. You must specify the source, which is the origin of
messages logged to the Windows Event Viewer. The default source is the
Ipswitch WhatsUp Log Action. You must also enter an event ID, select a level for the
message, and the log message that displays in the Windows Event Viewer which supports
percent variables.
Recurring Actions
Recurring actions (SETTINGS menu > Scheduling Activities > Recurring Actions) enable
users to fire Actions stored in the Actions Library based on a regular schedule,
independent of the status of devices.
Recurring actions can perform tasks such as sending checkpoint messages through email
or SMS text letting users know a system is up and running.
153
Blackout Schedule and Policies
Blackout schedules and policies suspend specific actions they are applied to during a
scheduled period.
Weekly Blackout Schedules

Weekly blackout schedule is the blackout period assigned to individual actions. They are
stored along with the individual action and are applied only to that action.
• To add a blackout schedule to an action.

• Select Device
• Click Monitor Setup
• Select Monitor which has the action applied / to be applied and edit
• In the Setup Actions for Monitor State Changes dialog box
o Add or Edit action to apply blackout schedule
• In the action builder dialog click Blackout Schedule button
• The Weekly Blackout Schedule dialog appears.
o Set the times for which you want the blackout to occur.
Blackout Policy
Blackout Policies are applied to Application Monitoring actions or Alert Center

notifications. Blackout Policies are stored in a shared library between the two. If you
create a blackout policy for an Application Monitoring action, the same blackout policy may
be applied to an Alert Center notification policy or visa-versa.
To add a blackout policy:
• From either Application Monitoring Action Policies (SETTINGS > Application

Monitoring > Application Monitoring Actions and Policies) or Alert Center Libraries
(SETTINGS > Alerts & Actions > Alert Center Libraries) dialog
o At the bottom click on Blackout Policies to expand.
• Click Add button
o The New Blackout Policy Dialog appears
• Enter the appropriate information:
o Name. Enter a unique name for the blackout policy.
o Description. Enter additional information about the blackout policy.
• Click and drag to select the blackout periods you want to create.
• Click Save
154
Application Monitoring Actions and Action Policies
Application monitoring has its own set of actions. You may apply many of the same actions
are you can with standard WhatsUp Gold actions. Application Monitoring actions include:
Active Script, E-mail, Log to file, PowerShell Script, Program, Service Restart, SMS, SMS
Direct, SSH, Syslog, VMWare, and Windows Event Log actions.
Application monitoring actions have their own set of unique percent variables. This
provides the means to include information about your applications, devices, and the
Application Monitoring system in your alerts. These variables are used to send detailed
statistics about the outage or to provide device and application data to a proactive action
like a PowerShell script.
The main difference between standard WhatsUp Gold actions and Application monitoring
actions is that you cannot directly apply application monitoring actions directly, they must
be applied in an Action Policy.
Application Monitoring Actions
Application Monitoring has its own set of actions which are accessed under:
Settings>Application Monitoring>Application Monitoring Actions and Policies
This is going to open the library where you can add, edit, and delete the actions. There are
no default actions within Application Monitoring, so you must add all actions that you want
to use.
All the action types available for Application Monitoring are the same as the actions that
can be applied to devices or monitors, except there are fewer types available
Application Monitoring has its own unique set of percent variables which provides the
means to include information about your applications, devices, and the Application
Monitoring system in your actions.
155
With Application monitoring, you may not directly apply actions to an application, profile,
or component like WhatsUp Gold actions may be applied directly to the monitor or directly
to the device. You must use an action policy to apply an action.
Action Policies
The main reason why an action could not be directly applied, is because the state changes
within Application Monitoring are handled differently than how they are with WhatsUp
Gold active monitor states.
WhatsUp Gold Active Monitors go from UP
to DOWN, DOWN to UP, Maintenance to UP
... Application Monitoring has the WARNING
state as well.
In the Action Policy, there are four tabs, one
for each of the state changes of UP, DOWN,
Warning, and Maintenance.
Each tab if configurable for going into that
state from the other four states, which
includes Unknown. Which means there are
256 possible state changes that can be
configured. And each of the four states per
tab is configurable for a time of minutes,
hours, days, weeks, or months to determining
the duration of the state change or how long the component remained in the previous
state.
Once a state change has occurred it is up to you to decide which actions to fire because of
that outage. This is done by defining Action Rules and applying those rules to application
states. By configuring certain actions to fire only for a very
specific set of circumstances and configuring a delay in the
actions defined for a given state, you can make use of an
unlimited number of configuration options covering every
avenue of alerting. Just as important as the severity of the
issue is the duration: an application only showing the
Warning state for a few minutes is less severe than an
application staying in the Warning state for several hours
before going Down, or one going immediately from Up to
Down. For this reason, consider the amount of time a state
change persists whenever you are creating a new action
policy. You may want to wait several minutes before
sending an email to make sure the device is unavailable or
set a certain amount delay before alerting a higher-up,
giving you a chance to fix the issue first. Then, using the
option to repeat an alert, you can make sure notifications are being sent until the issue is
fixed.
156
WhatsUp Gold Action Policies
Just like in Application Monitoring, you may group multiple WhatsUp Gold actions together
creating an Action policy to use with
your WhatsUp Gold Devices or
Monitors.
Action Policies are a time saver when

assigning multiple actions to devices.
The actions can be assigned on the
same or different state changes
within the policy.
You may assign your action in a

sequence to create an escalation policy. This is done by assigning different actions on
different state changes. For example:
• Firing an Email action when a device has been down for 2 minutes, with the email
going to a small list of “on-call” personnel.
• Sending a second Email to the on-call personnel at down for 5 minutes, in addition
to an SMS Action to the Systems Administrator.
• Notifying the on-call team, the Systems Administrator, and the IT Manager at the
down for 20 minutes state if the problem has not been resolved.
Once this action policy is created and applied to your devices, you can very easily revamp
the policy later to include more actions or reconfigured settings and immediately have that
change propagated to all devices configured to use the action policy.
The Implicit Action policy automatically assigns actions to all devices in your database.
You cannot opt out of the Implicit Action policy and it only assigns actions at the device
level.
157
Alert Center Alerts
WhatsUp Gold Alert Center lets you receive alerts for performance monitors,
Wireless data, the WhatsUp Gold system, Network Traffic Analysis, and
Configuration Management. This notification system operates independently of
the actions and action policies configured in WhatsUp Gold for active and passive monitors.
Alerts are triggered based on thresholds you set. Thresholds are set up using: Number of
items occurring, Item reaches a certain %, MB or GB, reaches a certain level for a least a
given amount of time, or when a specific
condition occurs.
Alert Center Thresholds, Notification
Policies, Notifications, and Blackout
Polices are found under
SETTINGS>Actions and Alerts>Alert
Center Libraries.
When a device’s or devices’ monitor(s) go
out of threshold, Alert Center can send
an alert. To distinguish the differences
between Actions/Action Policies for
Active Monitors or Passive Monitors and
Alerts/Notification Policies in Alert
Center, the two are separate and
independent from each other.
Actions and action policies trigger on state changes for Active monitors or trigger on single
events for Passive monitors which are all based on the current polling of your Devices.
Alerts and Notification Policies in Alert Center scan existing data in the database for
Performance monitors and Passive monitors and trigger when thresholds set by you are
exceeded.
158
Actions and action policies have multiple action types that can be applied, like the
executable
action types,
the proactive
action types,
and the
notification
action types.
Alerts and
notification
policies have
only
notification
type alerts
and only
include; SMS,
SMS Direct, and Email alerts.
With actions and action policies, notification actions are completely user customizable
because the messages are sent in plain text or HTML. Alerts and notification policies
notifications are very limited in what you can customize because the information being
sent is in preformatted HTML tables.
Notification Policies
To add a notification to an Alert Center
threshold, it must belong to an Alert Center
Notification policy. A notification policy
consists of up to three phases or steps. At
each step, you may configure, select,
whichever email or SMS actions you wish
to send. Between each step, there is a
configurable timeline, so you may
determine how much time could elapse
between them.
In addition, you may set a repetition

interval for the final step. Step 1 of the
notification policy begins as soon as an
item falls out of threshold. You may specify
when steps 2 and 3 begin in the Escalation
Steps section of the dialog. You will specify
how many minutes, hours, or days steps 2 or 3 will start after step 1 begins.
159
Thresholds
Alert Center has five major types of thresholds available out of the box: Performance,
Passive, Network Traffic Analyzer (When licensed for it), System, and Wireless. Each
category includes several different thresholds shown below:
• Alert Center Performance thresholds notify you about performance monitors that
have exceeded or dropped below threshold limits. These thresholds make use of
data collected by your default and custom performance monitors and saved to the
WhatsUp Gold database.
• Alert Center Passive thresholds notify you when passive monitors fall out of the
parameters of the thresholds you configure. This threshold type looks at the
passive monitors that have
been logged by the various
Passive Monitor Listeners.
• Alert Center Network Traffic
Analysis thresholds notify
you on WhatsUp Gold
Network Traffic Analysis
aspects that fall out of the
parameters of the thresholds
you create. These thresholds
make use of standard and
custom filters available in
Network Traffic Analysis.
• Alert Center System
thresholds alert you on
aspects of your WhatsUp
Gold system health
according to the threshold
parameters you configure. Blackout summary, Hyper-V, and VMware thresholds
are also shown as System thresholds.
• Alert Center Wireless thresholds relate to your wireless devices and aspects of
these devices that fall out of threshold, including wireless access point and client
data.
160
Alert Center Dashboard
The Alert Center dashboard can be found under ANALYZE>Dashboards>Alert Center. It

provides a centralized location of all thresholds within Alert Center. You can see what
notifications are running; select which thresholds to view: either all, out of threshold, or in
threshold; filter your alerts by type: performance, passive, network traffic analyzer, system,
or wireless; sort by: items out of threshold or threshold names.
161
Dashboards
8
and Reports
Dashboards and Reports

Overview
Reports are an essential part of network
management and are an invaluable for many
network operations. They help in daily
operations, by displaying alerts, state
changes, load utilization, as well as quality of
service. They are also used in scheduled and
periodic audits because they automatically
gather, audit, and analyze information about
your devices. In addition, they track
performance, status, and utilization of your
devices and lastly aid in troubleshooting
potential issues with the network, a group of
devices, or a single device.
WhatsUp Gold dashboards and reporting are
available under the Analyze menu.
There are three types of Reports:
Dashboards: Multiple reports on the same
screen giving access to perform critical device
management, troubleshooting and forensic
tasks.
Full-page reports: Display performance and
historical data collected during the operation of the application. You can use these reports
to troubleshoot and monitor your network and devices. Monitor reports give you a broad
data view that can be modified to display data for a given time frame, which is useful in
pinpointing the time an event occurred or when viewing multiple graphed items.
Log reports: Display system-wide information and information about the WhatsUp Gold
server, and typically do not focus on a specific device nor a specific device group. For
example, the Action Log displays all actions for all network devices.
162
Dashboards
A dashboard puts multiple reports all on a single page.
Home Dashboard
The first type of dashboard is the Home dashboard, Analyze -> Dashboards -> Home
Dashboard. The Home Dashboard includes views containing a range reports that survey
common performance, availability, and system auditing scenarios. You can also add your
preference of reports from the Reports Library to the default Home Dashboard views or to
custom views you create.
Those included views with their default reports are:
• Overview. Report presents a high-level view of your WhatsUp Gold network

monitoring environment.
o Current Device States. Device counts color-coded and categorized by
current state.
o Enabled Active Monitors. Active monitor counts color-coded and
categorized as either up or down.
o Network Composition. Total device count categorized by assigned role.
o Network Coverage. Total device count categorized by monitored versus
unmonitored.
• Top 10. Ranked top n list of built-in performance as well as active monitor (ping)
reports.
o Interface Errors. Ranked list of network interfaces reporting errors.
o Interface Discards. Ranked list of network interfaces discarding packets.
o Interface Utilization. Ranked list of network interface capacity utilization.
o Interface Traffic. Ranked list of network interface traffic totals.
o Ping Availability. Ranked list of responses to ICMP echo ("ping") requests.
o Disk Utilization. Ranked list of storage capacity utilization.
o CPU Utilization. Ranked list of CPU capacity utilization/CPU Idle.
o Memory Utilization. Ranked list of RAM capacity utilization.
• Actions & Alerts. Operational summary for monitored devices including device
health, active monitor status, and triggered notifications, actions, and scripts.
o Actions Fired. Devices that satisfied a policy condition that caused
WhatsUp Gold to invoke an action (corrective action, notification, backup,
and so on.)
o Completely Down Devices. Devices that due to monitor precedence and
policy are considered down.
o Down Active Monitors. Devices with active monitors in a down state.
• Wireless. Access point performance, traffic, and summaries. Client volume per
wireless segment and rogue accounting.
o System Summary. Remote station (client) inventory, client types, radio
parameters such as SNR and RSSI.
o Bandwidth. (Inbound and outbound wireless traffic comparison).
163
o Bandwidth Summary. Average total input and output utilization. Top
client station MAC address.
o Client Count. Highest number of wireless clients observed.
o Rogue Count. Remote stations that are not yet identified.
o RSSI. Radio frequency signal strength for given device(s).
o Signal to Noise Ratio. RF signal to noise ratio.
• Critical Activity
o Network monitoring activity categorized by feature and/or function.
• Storage Monitoring
o Disk Free Space. Disk Free Space reports compare disk storage capacity to
actual utilization for devices with on-disk storage.
o CPU Utilization. CPU Utilization reports present each processor load and
idle time for one or more host devices.
o Interface Traffic. Interface Traffic report reveals source and destination
traffic accounting for one or more devices.
o Disk Utilization. Disk Utilization reports compare disk storage capacity to
actual utilization for devices with on-disk storage.
o Memory Utilization. Memory Utilization reports present minimum,
maximum, and average memory utilization for one or more devices you
specify.
Overview
The Overview full-page report presents a high-level view of your WhatsUp Gold network
monitoring environment. It includes the following dashboard reports to provide at-a-glance
information:
• Current Device States. Device counts color-coded and categorized by current

state.
• Enabled Active Monitors. Active monitor counts color-coded and categorized as
either up or down.
• Device Role Composition. Total device count categorized by assigned role.
• Network Coverage. Total device count categorized by monitored versus
unmonitored.
Device Status
The Device Status dashboard provides a complete system summary and performance
survey for a single device. There are multiple ways to get to the device status dashboard;
from the device information card, from device properties, or from the Analyze Menu >
Dashboards > Device Status.
Device Status dashboard includes the following views and their default reports:
• Monitoring. Monitor status, summary, and logs.

o Down Active Monitors. Active monitors reporting a down state.
o Device Active Monitor States. Active monitor health for the current device
(at a glance)
o All Down Interfaces. Interfaces with all monitors or critical monitor in
down state.
164
o Tail of State Change Log. Last n device state changes recorded.
o Monitors Applied. Monitors configured and applied to the current device.
o Tail of Action Activity Log. Last n actions recorded and logged to the
activity log.
• Disk/CPU/Memory. Performance, capacity utilization, and availability.
o CPU Utilization. CPU load metrics.
o Memory Utilization. Memory usage metrics.
o Disk Utilization. Storage usage metrics.
o Ping Response Time. Ping response time for the current device.
• Router/Switch/Interface. Network capacity utilization.
o Interface Utilization. Network traffic across one or more network
interfaces for each device or device group you specify.
• General. Custom and polled system information and links
o Device Attributes. Table of attribute values, labels, and descriptions that
characterize a single device.
o Device Notes. Notes field associated with the current device.
o Device Custom Links. Add frequently used or critical hyperlinks by device
to dashboard.
Alert Center
It provides a centralized location of all thresholds within Alert Center. You can see what
notifications are running;
select which thresholds to
view: either all, out of
threshold, or in threshold;
filter your alerts by type:
performance, passive,
network traffic analyzer,
system, or wireless; sort by:
items out of threshold or
threshold names.
Live Activity
WhatsUp Gold Live Activity displays activity occurring in all areas of the application across
your network monitoring environment in near real-time.
• Category. The area of WhatsUp Gold in which the individual activity occurred (e.g.,
Monitor, Log, System).
• Component. The individual element item within the specified category generating
the activity (e.g., device/monitor name, log entry, service).
• Severity. Indicates if the activity is being reported as Information, Warning, or
Critical.
• Message. Provides additional details about the specific activity that occurred.
• Elapsed Time. Reports the amount of time that has passed since the specific
activity occurred.
165
Plugin Dashboards
Application Monitoring
Application Monitoring includes a range of reports that allow you to view the performance
status for monitored applications on your network. You can also add your preference of
reports from the Reports
Library to the default
Application Monitoring views
or to custom views you
create.
The Application Monitoring
dashboard includes the
following view and its default
reports:
• Application State Summary. Reveals application status based on profile type,

customized profile, or a specific application instance.
• Running Action Policies. Reveals actions invoked or pending as part of an
application policy implementation.
• Status over Time. Charts application or service availability.
• Application Availability Summary. Reveals application instances, their current
state, and provides quick access to monitor status for a given instance.
• Application State Change Log. Records transitions in application monitoring
states. By default, it displays the last n events.
• Application Resolved Items Log. Displays a record of the action policies previously
acknowledged in the Running Action Policies report.
• Application Action Log. Records actions, triggers, recorded activities, and their
associated policies.
Log Management
The Log Management dashboard is a reporting tool which provides a centralized location
specific to data collected by WhatsUp Gold Log Management.
Log Activity
The Log Activity dashboard report presents a summary of all log entries retrieved by or
sent to WhatsUp Gold within the selected time period. The report displays a graph tracking
the quantity of log
entries by severity.
It can be
configured to
chart log entry
quantity by
minute, hour, or day by clicking the Settings icon and selecting from the Chart Options
menu. Please note, this menu also includes a Group by Time setting of Automatic which
causes the report to adjust from minute to hour to day depending on the length of the
date/time range selected without user interaction. Additionally, you have the ability to
further customize the chart by clicking on any of the severity categories shown in the
166
legend below the graph to hide them from display. Click any hidden category to return the
corresponding chart data to the display.
Log Management Server Status
The Log Management Server Status report is a relatively basic view that provides you with
a dedicated interface with which to see high-level Elasticsearch server information. This
includes the server name and
connection status as well as
current data retention
setting and disk space limits.
More specifically, Total Disk
Space Usage Limit
represents the limit of total
disk space used on disks
where Elasticsearch stores its
data while Maximum Total
Disk Space Usage Limit
reflects a setting inside
Elasticsearch itself which represents the maximum amount users are allowed to set the
Total Disk Space Usage Limit percentage within the Log Management Settings dialog.
At the bottom of the report view, you can now see the following operational metrics:
• Devices configured to collect Windows Event Logs

• Devices configured to collect Syslogs
• Total number of log events collected
• Log data size (GB)
• Daily size increase (GB)
• Average log events per second (over the past hour)
• Maximum log events per second (over the past 24 hours)
• Maximum log events per second (over the past 24 hours)
Log Source Statistics

The Log Source Statistics report provides you with a list of all devices configured as log
sources along with high-level log data collection statistics for each for the date/time range
selected for
the selected
date/time
range. Using
this report,
you can see at
a glance if log data collection is enabled for the device, the number of events collected, the
rate of collection (Events Per Second), and the percentage of total events collected.
167
Top 10 Devices with Critical Syslog Issues report provides you with a list of ten devices
configured as log sources that have collected the most Syslog events categorized as
"Critical" for the selected
date/time range. Using this
report, you can see at a
glance if log data collection
is enabled for the device, the
number of events collected,
the rate of collection (Events Per Second), and the percentage of total events collected.
Top 10 Devices with Critical Windows Security Events report provides you with a list of
ten devices configured as
log sources that have
received the most Windows
security events categorized
as "Critical" for the selected
date/time range. Using this
report, you can see at a glance if log data collection is enabled for the device, the number
of events collected, the rate of collection (Events Per Second), and the percentage of total
events collected.
Top 10 Devices with Critical Windows Application Events report provides you with a list
of ten devices configured as log sources that have received the most Windows application
events categorized as
"Critical" for the selected
date/time range. For
Windows Event Logs, events
categorized as "Critical"
include the underlying
severity levels of both Critical and Error. Using this report, you can see at a glance if log
data collection is enabled for the device, the number of events collected, the rate of
collection (Events Per Second), and the percentage of total events collected.
Top 10 Devices with Critical Windows System Events report provides you with a list of
ten devices configured as log sources that have received the most Windows system events
categorized as "Critical" for
the selected date/time
range. For Windows Event
Logs, events categorized as
"Critical" include the
underlying severity levels of
both Critical and Error.
Using this report, you can see at a glance if log data collection is enabled for the device, the
number of events collected, the rate of collection (Events Per Second), and the percentage
of total events collected.
168
Top 10 Devices with Critical Syslog Issues
The Top 10 Devices with Critical Syslog Issues report provides you with a list of ten devices
configured as log sources that have collected the most Syslog events categorized as
"Critical"
for the
selected
date/time
range.
Using this report, you can see at a glance if log data collection is enabled for the device, the
number of events collected, the rate of collection (Events Per Second), and the percentage
of total events collected.
Network Traffic Analyzer

Network Traffic Analyzer dashboards enable you to view, analyze, and share current and
historic traffic and network performance patterns. This rich feature set enables you to
leverage built-in and custom dashboards and NOC views, on demand or scheduled reports,
report data export and scheduled report distribution (such as sending a daily report by
way of email), advanced filtering, and much more.
Traffic Analysis dashboard provides four operational views, each with its own suite of
reports, charting,
graphing along with
endpoint,
application, and
keyword filtering
rule sets. Advanced
filtering, time range,
and grouping by IP
address, location
and more make NTA
a very powerful
decision support,
forensic, and root
cause analysis solution.
• Homepage. Top n traffic, connections, and bandwidth utilization reports at a

glance.
• Senders and Receivers. Top n interfaces ranked by incoming and outgoing traffic,
geo location, and Internet domain.
• Troubleshooting. Top concurrent connections received/initiated, half-open or
failed connections received/initiated, and traffic hitting non-standard ports.
• Geo Maps. Displays geographic locations of devices sending and receiving the
most traffic.
o Top Cities report reveals geographic locations of devices sending and
receiving the most traffic.
169
o Top Conversations Between Cities report reveals traffic between locations
(cities).
Traffic Overview provides a highest-level view of your NTA-monitored traffic. It includes:

• Interface Usage. Report of interface activity and trends from selected sources.
• NBAR Applications - Interface Totals. Traffic volume by application category.
• Top Sources with Interfaces. Top n of the sources with traffic broken down by
interface and direction.
• Traffic Totals. Total traffic volumes.
170
Traffic data metrics are collected from any network devices that support:
• flow export
o NetFlow
o NetFlow-Lite
o sFlow
o J-flow
o IPFIX
• SNMP: Returns traffic totals when flow source export is not enabled or for sampled
flow
You manage flow source configuration and collection status from the NTA Sources Library
(SETTINGS > Network Traffic Analysis > NTA Sources).
The NTA Source Library provides a table view of:
• Flow sources detected on your network.

• Flow sources you configured manually or automatically using NTA Device
Configuration.
• Devices polled for NBAR traffic totals.
• Groups or individual interfaces providing SNMP or flow statistics.
171
You can use the Potential NetFlow Sources dialog (Settings > Network Traffic Analysis >
NTA Device Configuration) for the following:
• View results of flow export

sources configured and
already advertising on your
network.
• Identify devices that can be
used for NetFlow export.
• Status for flow monitor
sources already exporting.
• Configure flow monitor
sources directly from
WhatsUp Gold (click the Configure button) for those sources that support remote
configuration MIBs.
Note: When WhatsUp Gold has the necessary read/write credentials to access
target source devices using SNMP, you can use the Configure button to check if
MIB objects needed to perform remote configuration for NetFlow are present in
the device's MIB registry. Check with the manufacturer’s documents on how to
enable the NetFlow MIB on your specific device(s).
Virtual Monitoring
Virtual Monitoring dashboard is a built-in dashboard that reveals data for an individual
VMware or Hyper-V host. Use the source selector to choose the host device. While it is in
Dashboard format it acts more like a report, meaning you cannot add, remove or modify
the dashboard. To create a customized version of this dashboard, create a new view and
add, arrange and configure these reports or others individually.
The virtual dashboard consists of two columns, all reports on the left-hand column are for
the virtual host and the right-hand for the virtual guests.
The following reports are in the left-hand column:
• Virtual Host Attributes. Host machine characteristics and info.

• CPU Utilization. Host machine VM CPU capacity usage.
• Memory Utilization. Host machine VM capacity usage.
• Disk Utilization. Host machine disk capacity usage.
• Interface Utilization. Host machine interface usage.
The following reports are in the right-hand column:
• Virtual Machines CPU Utilization. VM CPU capacity usage.

• Virtual Machines Memory Utilization. VM memory capacity usage.
• Virtual Machines Disk Activity. VM read/write metrics.
• Virtual Machines Interface Utilization. VM network bandwidth utilization.
172
Hyper-V and VMWare virtual devices report memory statistics differently.
• When reporting usage, VMWare displays active memory and Hyper-V displays
assigned memory.
• When reporting allocation, VMWare displays consumed memory and Hyper-V
displays memory demand.
• When reporting maximum, VMWare displays granted memory and Hyper-V
displays maximum memory.
Wireless
The Wireless Monitoring dashboard reveals both end-station and access point wireless
traffic and Radio Frequency (RF) performance measurements for the selected interval.
The Wireless Monitoring dashboard includes the following views and their default reports:
• Wireless Infrastructure
o Bandwidth. (Inbound and outbound wireless traffic comparison).
o Bandwidth Summary. Average total input and output utilization and Top
client station MAC address.
o System Summary. Remote station (client) inventory, client types, radio
parameters such as SNR and RSSI.
o RSSI. Radio frequency signal strength for given device(s).
o Signal to Noise Ratio. Radio frequency signal to noise ratio.
• Clients and Rogues
o Client Count. Highest number of wireless clients observed.
o Rogue Count. Remote stations that are not yet identified.
• CPU and Memory
o CPU Utilization. CPU capacity usage on the wireless access point.
o Memory Utilization. Memory capacity utilization on the wireless access
point.
173
174
Full Page Reports
Full page reports are split into four categories under the Analyze
menu.
• Performance
• Network
• Device
• Inventory
Many full-page reports are the same reports viewed on
dashboards but show full screen. Full page reports may be
filtered on a group of devices or down to a single device.
The data in reports may be exported to a PDF file, a formatted
CSV or text file, Microsoft Excel (XML) file, or a PDF. You may
also email reports in the same formats, or send them on
scheduled intervals
175
Logs
WhatsUp Gold has an extensive array of different log reports found under the Analyze >
logs. Logs can be split into 5 different categories.
• System executable and application

logs
o Activity log
o Action applied and action
activity logs
o Discovery Scan log
o General Error log
o Logger Health Messages
o Poller health
o Web User Activity Log
• Managed device platform logs
o Syslog (Tail of Syslog)
o Windows event log (Tail of
Win Event Log)
o VMware Event Log
o Hyper-V Event Log
• Monitor logs
o Performance Monitor Error
Log
o Passive Monitor Error log (Tail
of Passive Monitor Error Log)
o SNMP Trap Log (SNMP Trap
Log)
o Syslog (Tail of Syslog)
o Action Log
o Down Active Monitors
• Control and Management of Runtime
and Startup Configurations
o Start –vs- Run
o Policy Audit
o Task Log
• Network traffic logs
o Network Traffic Analysis log
o Unclassified Traffic Log
o Wireless Log
176
Predictive Trending
The Predictive Trending Report
displays a suite of reports that
present historical and average
statistics for common performance
measures, so you can better
anticipate how the selected device or
devices will perform in the future.
This allows you to act before there is
a problem if a metric is trending
toward a critical limit.
Predictive trending provides the following five individual dashboard reports:
• CPU Utilization. Reports average CPU utilization percentage for each individual
processor.
• Memory Utilization. Reports both physical and virtual memory capacity and usage.
• Disk Utilization. Reports disk utilization percentage for individual drives.
• Interface Utilization. Reports measurements for network traffic across network
interfaces.
• Ping Response Time. Reports minimum, maximum, and average response times.
Please note, this dashboard is completely static. Additional reports cannot be added, and
the five default reports described previously cannot be removed. Only the device(s)
displayed (), reporting time frame (), and applied business hours () may be modified.
177
Report Configuration and WhatsUp Gold Database
Data is stored in the WhatsUp Gold database to populate all the various reports that are
available in the application, and yet the storage available to WhatsUp Gold is limited.
Therefore, consideration must be given to managing the growth of that database. This
database size and growth is controlled by settings relating to the retention of data saved
by WhatsUp Gold.
Retention Policy: Each data type in WhatsUp Gold (performance, passive, and active) has a
specific setting available for how long you would like to keep the data in the database
overall. Performance data can also be controlled in a more precise manner, giving you the
option to roll up performance monitor data at different intervals. These settings are
available in SETTINGS > System Settings > General Settings.
Controlling the size of the database: By default, data is kept for 365 days for
performance, active and passive monitor data, and for NTA data. Data older than 365 days
is marked as “expired” in the database and is cleaned up automatically by WhatsUp Gold
over time. Any time a monitor is removed from a device, or when a device or monitor is
deleted, the data associated with that element is also marked as expired.
An expired record is defined as a record which is marked as to be overwritten but has yet
to be overwritten by a new record. Typically, the percentage of expired records to total
records is small (less than 10%); if a large configuration change is made, the ratio of expired
records may be different. In practice, we recommend this ratio not exceed 25% for any
database table. You can purge all expired records for a given table from the Table
Maintenance property page in the Database Tools dialog.
For example, when WhatsUp Gold collects large quantities of unnecessary or unwanted
passive monitor data, a very large table can result. The first step is to ensure that WhatsUp
Gold is only collecting data for passive monitors you have explicitly configured for your
devices. To do this, ensure that both the SNMP Trap Listener and the Syslog Listener are
not accepting unsolicited messages. After setting WhatsUp Gold to collect data from only
passive monitors that are assigned to devices, all data present because of the old settings
is marked as expired at once, which can result in many expired rows. The next step is to
clear the unneeded data from the database using the utilities available in the Database
Tools dialog in the WhatsUp Gold Console Admin, Tools > Database Utilities > Tools.
178
9
Alert Storms
Alert Storm and Dependencies

Alert Storm
What is an alert storm? An alert
storm is where you have notification
action(s) / action policies applied to
all your devices at either the device
or monitor level within WhatsUp
Gold. Then you have a failure or one
of your network devices, maybe a
core switch or something similar,
goes down or stops all network traffic
from passing it. Because of the
random device polling order, WhatsUp Gold will start reporting or sending notifications for
all the devices that it does not receive a response from due to the loss of network
connectivity. What starts out as a couple of devices reporting down, will soon turn into a
flood or storm of notifications/alerts filling up your inbox or phone text messages.
Eliminating Alert Storms

How are Alerts Storms prevented? The best way is to not have a single point of failure in
your network. You will want to use redundant switches, routers, gateways, or use clustered
/ high-availability servers. However, these might not always be possible or financially
feasible.
WhatsUp Gold does give you options to help prevent them:
• First, set up notification actions on devices that are important or critical, and apply
blackout policies to non-critical devices during non-business hours.
• Use Alert Center and set up thresholds over time
• Try using proactive/self-healing actions before sending alerts
• Use maintenance mode for devices you are purposely taking off-line
The best thing to do is to set up Device Dependencies
179
Device Dependencies
Device dependencies determine if a dependent device is to be polled based on the state of
another device. The state of the other device is determined by the state of one or more of
its active monitors.
There are two types of device dependencies:
• Up Dependency
o The device is polled only if the selected active monitors on a second
device are in the up state.
o Can be thought of as
being “behind” the
device to which it has a
dependency.
o Polled only if the device
"in front" of it is up.
• Down Dependency
o The device is polled only
if the selected active
monitors on a second
device are in the down
state.
o The device can be
thought of as something
is “in front of” the device
to which it has a dependency.
o The dependent devices in front will not be polled unless the device
further down the line is down.
You may set a device as the Dependency Root. The dependency root sets the device as the
center or root device which all connected devices will have an up dependency set on that
device. All subsequent devices will cascade outward with an up dependency set on the
previous connected device(s).
180
Critical Monitoring
Critical active monitoring, also known as
intra-device dependencies, allows you to
define a specific polling order for a device's
active monitors. For example, you can
make one monitor dependent on another
monitor on the same device, such as making
an HTTP monitor dependent on the Ping
monitor, so that you are not flooded with
multiple alerts on the same device if
network connectivity is lost.
In a critical monitor polling path, critical
monitors are polled first. If you specify more
than one critical monitor, you also specify
the order in which they are polled.
Critical monitors are "up" dependent on one
another; if critical monitors return
successful results, non-critical monitors are
polled. If any of the critical monitors go
down, all monitors behind it in the critical
polling order are no longer polled and are placed in an unknown state for the duration of
the polling cycle. If, at the start of the next polling cycle, the critical monitor returns
successful results, polling of successive critical monitors and non-critical monitors resumes.
When critical monitoring is enabled, and you specify a critical polling order, you now
receive only one alert when a device loses its network connectivity, instead of an alert for
each down monitor on the device.
Only monitors that you specify as critical follow a specific polling order; non-critical
monitors are not polled in any specific order. Additionally, if multiple non-critical monitors
fail, all associated actions fire.
181
10
Log Management
Log Management
Log Management add-on allows you to collect Windows Event Log and Syslog events from
any available device configured as a log data source. You can customize Log Management
to collect events which fit your specific needs by defining search criteria and applying
several common and/or format-specific filters when viewing corresponding reports and
dashboard views.
Overview
WhatsUp Gold Log Management configuration settings are kept in the WhatsUp Gold
database. The actual log data collected is stored in an Elasticsearch database. You also
have the choice of using WhatsUp Gold Log Management with a local or remote existing
Elasticsearch installation. To do so, simply specify the URL and valid access credentials
when prompted during installation.
Configuring Log Sources

Before you can successfully collect log data, you must configure one or more monitored
devices to serve as log data sources. To successfully collect Syslog data, you must
configure WhatsUp Gold AND the actual Syslog server. For the Syslog server, configure
and enable the push of log data to WhatsUp Gold using IP Address, hostname, etc. One
port is dedicated to listening for Syslog data all the time. Additionally, if you have set up
any passive monitors for Syslog or Windows Event Logs, we recommend disabling them
due to duplicate collection of data.
There are two ways to configure a Syslog source. The first way using the Log Data Source
Setup under Settings, Log Management, Log Data Source Setup. This method is used to
add multiple devices at the same time. The second way is on the device properties of a
selected device, this method adds only the selected device as a source.
Once you select the source, then you will choose whether to collect Syslog or Windows
Event Log data. If you want to collect both Syslog and Windows Event logs from a device,
you must perform the source configuration twice, once for Syslog, then again for Windows
Event Logs.
Syslog
Before you can collect Syslog data, you must enable the Syslog Server in the Log
Management Settings.
182
Note: Before you enable the Syslog Server, you must ensure the Syslog Passive
Monitor Listener is turned off. If it is enabled when you go to the Log
Management Settings, it will display a reminder.
To enable the Syslog Server, go to Settings, Log Management, Log Management Settings.
Scroll down to the Syslog Server Settings and check the Enable Syslog server. This will
expand the Syslog server IP address and port settings for IPv4 and IPv6. By default, the
server settings are set to respond to all IP addresses on the server (0.0.0.0 for IPv4 and ::
for IPv6) and the default port of 514. You can change these to match your system. You
may enter multiple addresses separated by a comma.
In the Log Data Source Setup dialog, click add and select Syslog, then click add to select
the device or devices you wish to collect syslog data from.
Setting up a log data source within Log Management within WhatsUp Gold only tells
WhatsUp Gold to accept the device. You must configure the actual device to send its
Syslog data to WhatsUp Gold on the IP address and port you set in the Log Management
Syslog Server settings.
Windows Event Logs
Windows Events data is collected from the Application, Security, and System or from
Specific logs to include, but not limited to, Forwarded Events, Hardware Events, Internet
Explorer, and more from the log source(s).
Note: It is recommended you should disable any Windows Event Passive monitors
you have setup on the same device(s) you are going to collect Log Management
Windows Event Log data to avoid duplicating data.
Once you have selected either Syslog or Windows Event logs to collect, you will next select
the ingestion filter to apply to the select log.
Log Filters
Depending on how you configure log data collection, WhatsUp Gold has the potential to
collect enormous amounts of data and possibly fill your storage database to capacity.
Proper use of ingestion (advanced) filters in concert with the conservative use of
applicable settings and/or configuration will help prevent this from occurring.
There are two sets of filters, ingestion filters, which are filters you use to accept, ingest, log
data into Log Management, and advanced filters, which are user-defined filters used to
filter what data is displayed in the Log Management dashboards and reports.
Ingestion Filters
Ingestion filters are used when collecting log data to filter out the data you do not want to
collect. Ingestion filters are default filters and cannot be edited, indicated with a .
Ingestion filters include:
183
For Syslog
• All
o Accepts all logs send to the Syslog server for the selected device
• All Syslog Severity Levels - except Debug
o Only accepts Syslog data with severity levels of
 Critical
 Error
 Warning
 Information
• Syslog Severity Levels - Emergency, Alert, Critical, and Error
o Any other severity level will be rejected
• Syslog Severity Levels - Emergency, Alert, Critical, Error, Warning, and Notice
For Windows Event
• All
o Accepts all log data
• Windows Event Severity Levels - Critical and Error
• Windows Event Severity Levels - Critical, Error, and Warning
Advanced Filters
Advanced filters are user-created filters used to filter the display results on Log
Management dashboards and reports. Advanced filters are created by going to the Log
Filter Library under SETTINGS: Log Management: Log Filter Library. Click the  to open
the Advanced Filter Builder.
First, give your new filter a name. This is the name by which you'll find the filter in WhatsUp
Gold when working with log management reporting and alerting features.
Select a field from the first drop-down menu on the left. This menu is categorized by type
and can be searched using the data entry field at the top of the list. Then select the
relationship between the selected log field and the user-defined criteria the filter will
consider from the drop-down menu in the center. Enter the criteria the filter should
consider in the data entry field at the right. If you would like to create an additional item for
the Criteria group, click the Add icon, then repeat the previous steps as needed to
complete the group.
If you would like your filter to have additional groups, click Add filter group to begin
specifying additional criteria, as needed.
Ensure the drop-down menus separating both filter and criteria groups reflect the correct
relationship between each group (e.g., Criteria Group A AND Criteria Group B OR C.)
IP Address + begins with + 172.
AND
Event Severity + matches + Critical
184
OR
Event Severity + matches + Warning
To remove any item from a criteria group, click the X icon to the right of the target item or
to remove an entire criteria group from the filter, click the applicable Delete hyperlink.
When your filter is complete, click Save.
Checking the Create alert threshold checkbox at the bottom of the Advanced Filter Builder
dialog will open the Add Log Management Filter Frequency Threshold dialog to create an
Alert Center threshold after you click the Save button on the Advanced Filter builder
Dialog. The Advanced Filter Builder dialog appears with the Log Filter field already filled
with the name of the filter you just saved. Saving the threshold adds it to the Alert Center
threshold library.
185
Configuration
11
Management
Configuration Management
Configuration Management enables automated management, compliance, and periodic
auditing of device configurations —the most critical aspect of your network and application
infrastructure. Leveraging templates, archives, and automated configuration management
actions provided by Configuration Management libraries and tracked by WhatsUp Gold
dashboards, reporting, and logging yields better network performance, frees valuable time,
and provides transparency to all stakeholders.
Overview
Managing your devices with configuration manager is a multi-step process:
• First, you should make an initial backup

of the configuration of your devices.
This will be used as a starting point, and
a reference for future backups. Going
forward, each incremental backup will be
used to…
• Compare device configuration, either
from one device to another or the
previous configuration of a device to its
current configuration.
• You can also run audits on your devices
to identify devices that already have unauthorized settings in place.
• Any time an audit fails, or when a device configuration is changed, you can receive
alerts letting you know exactly which devices, which configuration settings, and
which individual line items failed your audit or task.
• This information can then be used to develop configuration templates and to
update the configuration of your device configuration, as well as to manage
passwords and credentials assigned to your devices.
• Finally, after updating each device, bringing them into compliance, you can
generate a new baseline configuration backup, and start the process over again.
186
Network Device Configurations
Most network devices depend upon detailed configuration settings to operate correctly.
Items like IP addresses, routing tables, interface/VLAN configuration, usernames,
passwords, and security settings are critical to setting up and maintaining a functional
network and losing these configuration settings can lead to widespread network outages.
These configuration settings are stored on the network device in configuration files, which
come in two types:
• Startup Configuration: the configuration settings used when the network

device starts up from a powered off state. This configuration can be
thought of as the default configuration of the device.
• Running Configuration: this configuration includes Startup
Configuration File settings in addition to any settings that have been
changed since the last startup. This configuration file can be thought of as
a running list of changes made to the device.
When making configuration changes to a network device the changes are first stored to the
Running Configuration and must be manually saved to the Startup Configuration or they
will be lost if the device loses power. Therefore, it is important to save any recent changes
to the Startup Configuration if you wish them to be a permanent setting on the device.
However, saving improper or incorrect configuration settings to the Startup Configuration
can have disastrous results; because of this it is VERY important to make backups of the
configuration files of your network devices before making any changes (either to the
Running or Startup Configuration).
Comparing Configurations
Backing up either the startup or running configuration are two of the default scripts
available when adding a task within Configuration management that can be scheduled or
run on demand. Once the configurations are backed up, you can compare the
configurations side-by-side with the Archive Compare. It allows you to step though each of
the differences that may appear between the two.
187
Auditing Devices
Device configuration is often a part of compliance, with many organizations requiring that
devices only have secure configurations in place. If any of these items that are found in
your device configuration could potentially cause you to fail an audit, for example:
• An active Telnet login

• A “public” SNMP community
• SNMPv2 community strings in general
• Simplistic usernames and passwords
The Configuration Management Policy Library contains many default audit policies which
cover items such as PCI, HIPAA, SOX, and FISMA. You may also create your own policies:
which check for; Message of the day, banner messages on login, Custom login pages and
warnings, or settings that all devices should have (IP and hostname settings, for example)
Policies may be checked on demand and added as a part of your standard task scheduling
and alerting.
Alerting
Every schedulable task has an option for a separate Alert Center threshold. You may alert
on:
• Successes – send alert if a task succeeds

• Failures – send alert if a task fails to run correctly
• Changes – send alert if changes in configuration exist
• Policy – send alert if one or more policies fail
You may send any standard Alert Center Notification Policy with the threshold. You may
also choose to send an email with the configuration changes which are detected in a
configuration file.
Other Management Tasks

Configuration management is not only to schedule backups and compare them. You can
change devices on your network using a few different tasks and utilities:
• You may manually restore a configuration file to a device.

• Save a configuration file as a template, which can then be used to restore the
configuration to a different device.
• Run a Password Task to update usernames and passwords on a device from the
credentials library from within WhatsUp Gold.
• You may create custom tasks to upload a configuration to a device via TFTP or
standard Telnet/SSH access.
188
Assigning Tasks
You may apply tasks in a few distinct ways, which will ultimately affect the functionality of
the task at run time. You may add multiple devices to a single task which allows you to
backup or update all your devices at the same time; this is very useful for wide-sweeping
changes that should result in every device sharing the same settings.
You may run a task on a device-to-device basis from right within device properties, which
allows you to be selective in choosing devices to update.
You may only schedule tasks that backup the Startup or Running configuration by default.
Any tasks that restore a configuration file or those that update passwords may not be
scheduled; they may only run on demand. However, with custom scripts, ANY task may be
scheduled successfully.
When creating the schedule, you may choose the frequency of your backup task(s) and the
number of incremental backups that you save to the database.
Customizing
There are times when managing your network and the devices that it is comprised of,
requires a custom solution.
Configuration Manager allows you to create specialized tasks that can fulfill virtually any
requirement you have when dealing with manageable devices.
• When any devices that are brand new to market, or ones that were added to the
network a long time ago, can require a script not included in the default System
Script Library.
• In certain situations, you may want to manage a device through a non-traditional
connection method, or a device that does not use configuration files in a
traditional sense (such as a Telnet connection sending commands to a Unix
server)
• Any time you need to schedule a task that restores a configuration file to a device
or to change credentials on a scheduled basis, you must create a custom script
with a task to run the script.
• Finally, current, and future integration between products in the WhatsUp Gold
suite will rely on scheduled tasks to monitor your devices and alert on network
issues.
These are all critical areas of network management that usually require a very hands-on
approach. You can limit the time it takes to manage these areas by utilizing scripting with
your configuration manager.
189
Appendix A
Monitor Script Syntax
You create a script using keywords. In general, Script Syntax is Command=String. The
command is either Send, Expect, SimpleExpect, or Flow Control.
Note: A script can have as many send and receive lines as needed. However, the more you
have, the slower the service check.
Keywords
Note: To comment out a line, use the # symbol as the first character of the line
• To send a string to a port, use the Send = keyword.

• To expect a string from a port, use the SimpleExpect = or the Expect = keyword.
• To receive a conditional response for an error or success, use Flow Control
Keywords
Example
If you have a TCP service to check, you need to do the following:
• expect something on connection

• send a command
• check for a response
• send something to disconnect
Script Syntax: Expect=Keyword

Expect=Keyword gives you flexibility to accept variable responses and pick out crucial
information using special control characters and regular expressions.
If you do not need flexibility or are new to writing your own custom TCP/UDP scripts, you
may want to use the SimpleExpect keyword.
There are 4 variations of the Expect Keyword:
• Expect. Returns true when the expected value is matched.

• Expect(MatchCase). Only returns true when the case matches the expected value.
• DontExpect. Returns true when the value is not found.
• DontExpect(MatchCase). Returns true when the value is not found.
The Expect syntax is Expect=Response, where the Response is either specified as an exact
text string, or a mixture of regular expression rules and text.
190
Example 1:
#
# Note: script comments start with a # character
#
# Send a simple text command
#
Send = Hello There
#
# Expect a nice response that begins with, "Hi, how are you"
#
Expect=^Hi, how are you
Example 2:
#
# Send a command followed by CR/LF
#
Send=Select * from Accounts\r\n
#
# Expect a large response, but we only care to check that somewhere
# in the response John Doe is mentioned
#
Expect=John Doe
Example 3:
#
# Send a binary escape (27) and an x y and z and then a nak (21)
#
Send=\x1Bxyz\x15
#
# Expect something that does *not* contain 123 escape (27)
#
DontExpect=123\x1B
191
Script Syntax: Send=Keyword
To Send command on a connection, use a Send=keyword.
The script syntax is Send=Command. The Command is exactly the message you want to
send. You may use a combination of literal characters and binary representations.
WhatsUp Gold understands the C0 set of ANSI 7-bit control characters. A Binary can be
represented as \\x##, where the ## is a hexadecimal value. Those familiar with the table
may also choose to use shorthand such as \A (\x01) or \W (\x17)
You can also use \r and \n as the conventions for sending the carriage return and line feed
control characters to terminate a line.
The following table shows the keywords you can use.
Keyword Description
\\x## Binary value in Hexadecimal. For example, \\x1B is escape
\\ The "\" character
\t The tab character (\x09)
\r The return character (\x0D)
\n The new line character (\x0A)
Example 1:
#
#
# Send a simple text command
#
Send=Hello There
Example 2:
#
#
Send=Select * from Accounts\
r\n
Example 3:
#
# Send a binary escape (27) an x y and z and then a nak (21)
#
Send=\x1Bxyz\x15iv)
192
Script Syntax: SimpleExpect Keyword
The SimpleExpect Keyword lets you specify expected responses from a service. Responses
can even be binary (i.e. non-printable ASCII character) responses. If you know exactly (or
even approximately) what to expect you can construct a simple expect response string to
match against.
This keyword allows you some flexibility in accepting variable responses and picking out
only crucial information. If you need additional flexibility you may want to consider using
the regular expression syntax available in the Expect keyword.
The SimpleExpect script syntax is SimpleExpect=Response, where the response is a series
of characters you expect back from the service. The following table displays keywords that
match logic and wildcards to compare responses byte-by-byte expanding escape codes as
you go.
Command Options:
Keyword Description
\x## Binary value (in Hexadecimal) for example \x00 is null
. Matches any character
\% The "%" character
\. The "." character
\\ The "\" character
Note: Only the number of characters specified in the expect string are used to match the response.
The response is expected to start with these characters. Any extra trailing characters received are
just ignored.
Example 1:
#
#
# Send=Hello There
#
# Expect a nice response
#
SimpleExpect=Hi, how are you?
Example 2:
#
#
Send=Select * from Accounts\r\n
#
# Expect a large response, be we only care to check that first word
# received is "Customer"
#
SimpleExpect=Customer
193
Example 3:
#
# Send a binary escape (27) an x y and z and then a nak (21)
#
Send=\x1B\x15
#
# Expect any byte (we don't care) then an abc and an ack (6)
#
SimpleExpect=.abc\x06
Note: You can use Telnet to find the proper value for SimpleExpect, or an
Expect string for a particular service. Packet Capture tools can also be very useful.
Script Syntax: Flow Control Keywords

The following Flow Control keywords are used in a script to return "error" or "success"
responses of steps within that script.
• IfState. This checks for the current state (ok or error) and jumps to a label if true.
Valid syntax: IfState {ERR|OK} label
Example:
IfState ERR End
IfState OK Bye
• Goto. This immediately jumps to a label.

Valid syntax: Goto End
Example:
Goto End
• Exit. This immediately ends the script with an optional state (ok or error). The
optional state overrides the current state.
Valid syntax: Exit {ERR|OK}
Example:
Exit ERR
Exit OK
• :Label. This defines a label that can be the target of a jump. A label is defined by a
single word beginning with the ":" character.
Valid syntax: :(with a name following)
194
Example:
:Bye
• OnError. This allows for a global handling of an error situation

Valid Syntax: OnError {EXIT|CONTINUE|GOTO} label
Example:
OnError EXIT (Default behavior)
OnError CONTINUE
OnError GOTO Logoff
Send to Disconnect Examples

For a service like FTP, to disconnect would be QUIT/r/n. If a command string is not
specified, the connection is closed by sending a FIN packet and then an RST packet.
The /r (carriage return) and /n (line feed) are the conventions for sending these control
characters to terminate a string.
You can use:
/r = 0x0a
/n = 0x0d
/t = 0x09 or /xnn where nn is any hexadecimal value from 00 to FF
The disconnect string is:
Send=QUIT/r/n
195
Appendix B
Regular Expression Syntax
This table lists the meta-characters understood by the WhatsUp Gold Regex Engine.
Matching a Single Character

Meta-character Matches
. dot Matches any one character
Matches any character inside the brackets.
[...] character class
Example, [abc] matches "a", "b", or "c"
Matches any character except those inside the
brackets.
Example, [^abc] matches all characters except "a",
[^...] negated character class
"b", or "c".
See below for alternate use - the way ^ is used
controls its meaning.
Used within a character class. Indicates a range of
characters.
- dash
Example: [2-7] matches any of the digits "2"
through "7".
Example: [0-3a-d] is equivalent to [0123abcd]
Interpret the next character literally.
\ escaped character
Example: 3\.14 matches only "3.14". Whereas 3.14
matches "3214", "3.14", 3z14", etc.
Match a single binary character. nn is a
hexadecimal value between 00 and FF. Example:
\\xnn binary character
\\x41 matches "A"
Example: \\x0B matches Vertical Tab
196
Quantifiers
? question One optional. The preceding expression once or not at all.
Example: colou?r matches "colour" or "color"
Example: [0-3][0-5]? matches "2" and "25"
* star Any number allowed but are optional.
Example: .* Zero or more occurrences of any character
+ plus One required, additional are optional.
Example, [0-9]+ matches "1", "15", "220", and so on
??, +?, *? "Non-greedy" versions of ?, +, and *. Match as little as possible,
whereas the "greedy" versions match as much as possible
Example: For input string <html>content</html>
<.*?> matches <html>
<.*> matches <html>content</html>
Matching Position
^ caret Matches the position at the start of the input.
Example: ^2 will only match input that begins with "2".
Example: ^[45] will only match input that begins with "4" or "5"
$ dollar At the end of a regular expression, this character matches the end
of the input.
Example: >$ matches a ">" at the end of the input.
Other
| alternation Matches either expression it separates.
Example: H|Cat matches either "Hat" or "Cat"
(...) parentheses Provides grouping for quantifiers, limits scope of
alternation via precedence.
Example: (abc)* matches 0 or more occurrences of the
string abc
Example: WhatsUp (Gold)|(Professional) matches
"WhatsUp Gold" or "WhatsUp Professional"
\0, \1, ... backreference Matches text previously matched within first, second, etc,
match group (starting at 0).
Example: <{head}>.*?</\0> matches "<head>xxx</head>".
! negation The expression following ! does not match the input
Example: a!b matches "a" not followed by "b".
197
Abbreviations
Abbreviations are shorthand Meta-characters.
Abbreviation Matches
\a Any alphanumeric character: ([a-zA-Z0-9])
\b White space (blank): ([ \\t])
\c Any alphabetic character: ([a-zA-Z])
\d Any decimal digit: [0-9]
\D Any non-decimal digit: [^0-9]
\h Any hexadecimal digit: ([0-9a-fA-F])
\n Newline: (\r|(\r?\n))
\p Any punctuation character:
,./ \';:"!?@#$%^&*()[]{}-_=+|<>!~
\P Any non-punctuation character
\q A quoted string: (\"[^\"]*\")|(\'[^\']*\')
\s WhatsUp Gold style white space character:
[\\t\\n\\r\\f\\v]
\S WhatsUp Gold style non-white space character:
[^\\t\\n\\r\\f\\v]
\w Any word characters (letters and digits):
([a-zA-Z0-9_])
\W Non-word character: ([^a-zA-Z0-9_])
\z An integer: ([0-9]+)
Example 1
To check an IRC (Internet Relay Chat) service, you can send the command Version/r/n and
the expected response from the IRC service is: irc.
Name: IRC; Port: 6667; TCP.
Send=Version/r/n
Expect=irc
Send=QUIT/r/n
198
Appendix C
Extending WhatsUp Gold with custom scripting
This section explains how to use the native development tools included in WhatsUp Gold to
extend the product beyond its stock capabilities with Active Script Active Monitors,
Performance Monitors, and Actions.
WhatsUp Gold includes three types of Active Scripts, which allow you to write custom
Jscript and VBScript code to do tasks that WhatsUp Gold cannot natively perform.
• Active Script Active Monitors perform specific customized checks on a device.

They report their status as a success or failure, and the monitor's status effects the
device's status in the same way that stock active monitors do. For more
information, see Scripting Active Monitors (on page 194).
• Active Script Performance Monitors track specific values over time and can
be used to generate logs and graphs of historical data. For more information, see
Scripting Performance Monitors (on page 212).
• Active Script Actions can be configured to trigger when an active monitor's
state changes. They can be programmed to perform a variety of tasks, from
running automated remediation scripts to posting data to external, third party
services via API. For more information, see Scripting Actions (on page 224).
About Active Script languages

Active scripts can be written in JScript or VBScript. For more information on either of these
languages, consult the MSDN Language Reference for that language.
• https://docs.microsoft.com/en-
us/dotnet/api/microsoft.jscript?view=netframework-4.8
• https://docs.microsoft.com/en-us/windows/win32/lwef/using-vbscript
Note: Not all aspects of JScript and VBScript can be used in Active Scripts. In general, any
function or method that involves the user interface level, such as VBScript's MsgBoxes or
JScript's alert(), are not allowed.
199
Scripting Active Monitors
Active Script Active Monitors perform specific customized checks on a device. They report
their status as a success or failure, and the monitor's status effects the device's status in
the same way that stock active monitors do.
Keep in Mind
• You need to include error handling in your monitor script. You must use
Context.SetResult to report the status of the script to WhatsUp Gold.
• Errors from this active monitor appear in EventViewer.exe.
Using the context object with active monitors

The context object provides an interface for your script to interact with WhatsUp Gold. All
methods and properties are retrieved using the Context namespace.
Methods Method description

LogMessage(sText); This method allows for a message to be written to the WhatsUp
Gold debug log.
Example
Jscript
Context.LogMessage( "Checking Monitor name using

Context.GetProperty()");
VBScript
Context.LogMessage "Checking Address using

Context.GetProperty()"
PutProperty(sPropertyName); This method allows you to store a value in the INMSerialize object.
This value is retained across polls.
Example
Jscript
var nCount = parselnt(nNum) +1;

Context.PutProperty("MyNumeric",nCount);
SetResult(nCode, sText); This method allows for a result code and result message to be set.
This is how you could tell the WhatsUp Gold system if the monitor
succeeded or not. Every script should call SetResult. If SetResult is
not called, the script is always assumed to have succeeded.
Example
JScript
Context.SetResult(0, "Script completed successfully.");
//Success
Context.SetResult(1, "An error occurred."); //Failure
VBScript
Context.SetResult 1, "An error occurred."
200
GetProperty(sPropertyName); This method offers access to any of the device properties listed
below. These names are case sensitive.
Property Description
"ActiveMonitorTypeName" The active
Monitor display name
"Address" The IP address of the
Device
"DeviceID" The device ID
"Mode" 1 = doing discovery
2 = polling
3 = test
"ActiveMonitorTypeID" The active monitor's
type ID
"CredSnmpV1:ReadCommunity" SNMPv1 Read
Community
"CredSnmpV1:WriteCommunity" SNMPv1 Write
Community
Community
Community
"CredSnmpV3:Username" SNMPv3 Username
"CredSnmpV3:Context" SNMPv3 Context
"CredSnmpV3:AuthPassword" SNMPv3 Authentication p
"CredSnmpV3:AuthProtocol" SNMPv3 Authentication
protocol
"CredSnmpV3:EncryptPassword" SNMPv3 Encrypt
Password
"CredSnmpV3:EncryptProtocol" SNMPv3 Encrypt
Protocol
"CredWindows:DomainAndUserid" Windows Domain and
User ID
"CredWindows:Password" Windows Password
Example
Jscript
var sAddress = Context.GetProperty("Address");

var sReadCommunity =
Context.GetProperty("CredSnmpV1:ReadCommunity");
var nDeviceID = Context.GetProperty("DeviceID");
GetDB; This property returns an open connection to the WhatsUp Gold
database.
201
Example active script active monitors
These scripts demonstrate potential uses of Active Script Active Monitors. To view other
Active Script Active Monitors created by other WhatsUp Gold users, visit the Progress user
community (https://community.progress.com/s/code-share).
• Monitoring printer ink level and utilization (on page 196)

• Alert when temperature exceeds or drops out of range (on page 198)
• Determine invalid user account activity (on page 199)
• Monitor bandwidth utilization on an interface (on page 203)
• Monitor an SNMP agent running on a nonstandard port (on page 207)
• Monitor for unknown MAC addresses (on page 208)
Monitoring printer ink level and utilization
Note: This example is provided as an illustration only and is not supported. Technical
support is available for the Context object, SNMP API, and scripting environment, but
Ipswitch does not provide support for JScript, VBScript, or developing and debugging
Active Script monitors or actions. For assistance with this example or with writing your own
scripts, visit the Progress user community (https://community.progress.com).
This active monitor polls an object of the printer MIB to gather the ink level information
and then computes the ink percent utilization of a printer.
The active monitor will fire an alert if the utilization exceeds a value set on the first line of
the script.
Note: This script was tested on an HP MIB.
Run the SNMP MIB Walker net tool to check the OIDs of the two polled objects and
eventually adjust their instance (1.1 in this example):
1.3.6.1.2.1.43.11.1.1.8.1.1 and 1.3.6.1.2.1.43.11.1.1.9.1.1.
Note: This script is included as a code example only. The Printer Active Monitor should
be used to monitor printers.
var nMarkerPercentUtilization = 70; // This monitor will fail if the printer ink
utilization is above this value %.
var oSnmpRqst = new ActiveXObject("CoreAsp.SnmpRqst");
202
var oComResult = oSnmpRqst.Initialize(nDeviceID);
if (oComResult.Failed)
{
Context.SetResult(1, oComResult.GetErrorMsg);
}
else
{
// poll the two counters
Context.LogMessage("Polling marker maximum level");
var oResponse = oSnmpRqst.Get("1.3.6.1.2.1.43.11.1.1.8.1.1");
if (oResponse.Failed)
{
Context.SetResult(1, oResponse.GetErrorMsg);
}
var prtMarkerSuppliesMaxCapacity = oResponse.GetValue;
Context.LogMessage("Success. Value=" + prtMarkerSuppliesMaxCapacity);
Context.LogMessage("Polling marker current level");
oResponse = oSnmpRqst.Get("1.3.6.1.2.1.43.11.1.1.9.1.1");
{
}
var prtMarkerSuppliesLevel = oResponse.GetValue;
Context.LogMessage("Success. Value=" + prtMarkerSuppliesLevel);
var nPercentUtilization = 100 * prtMarkerSuppliesLevel /
prtMarkerSuppliesMaxCapacity;
if (nPercentUtilization > nMarkerPercentUtilization)
{
Context.SetResult(1, "Failure. Current Utilization (" + (nPercentUtilization + "%) is
above the configured threshold (" + nMarkerPercentUtilization) + "%)");
}
203
else
{
Context.SetResult(0, "Success. Current Utilization (" + (nPercentUtilization + "%)
is below the configured threshold (" + nMarkerPercentUtilization) + "%)");
}
}
Alert when temperature exceeds or drops out of range
This active monitor polls an SNMP-enabled temperature sensor. If the temperature

exceeds or drops below the configured acceptable range, an alert is fired.
scripts, visit the Progress user community (http://community.progress.com).
/* This JScript script polls the temperature from an SNMP-enabled sensor from "uptime devices"
(www.uptimedevices.com) and makes sure the temperature is within an acceptable range configured right
below. */
// The OID of the temperature object for that device is 1.3.6.1.4.1.3854.1.2.2.1.16.1.14.1
var nMinAllowedTemp = 65;

var nMaxAllowedTemp = 75;
var oComResult = oSnmpRqst.Initialize(nDeviceID);
{
}
else
{
// poll the two counters
Context.LogMessage("Polling the temperature");
var oResponse = oSnmpRqst.Get("1.3.6.1.4.1.3854.1.2.2.1.16.1.14.1");
{
}
else
{
var nTemperature = oResponse.GetValue / 10.0;
// comment out the following line to convert the temperature to Celsius degrees
//nTemperature = (nTemperature - 32) * 5 / 9;
Context.LogMessage("Success. Value=" + nTemperature + " degrees");
if (nTemperature < nMinAllowedTemp || nTemperature > nMaxAllowedTemp)
{
Context.SetResult(1, "Polled temperature " + nTemperature + " is outside of
the defined range " + nMinAllowedTemp + " - " + nMaxAllowedTemp);
}
else
204
{
Context.SetResult(0, "Success");
}
}
}
Determine invalid user account activity

This active monitor will change a device's state to Down if an invalid, or unexpected user
account logs on. The monitor will stay up if the valid, expected account is logged on, or if
no one is logged on.
sComputer = Context.GetProperty("Address")
nDeviceID = Context.GetProperty("DeviceID")
'Assuming ICMP is not blocked and there's a ping monitor on the device, we want to
'perform the actual check only if the Ping monitor is up. ConnectServer method of
'the SWbemLocator has a long time out so it would be good to avoid unnecessary tries.
'Please note there's no particular polling order of active monitors on a device.
'During each polling cycle, it's possible that this monitor could be polled before
'Ping is polled. If the network connection just goes down but Ping is not polled yet,
'and therefore, still has an up state, this active monitor will still do an actual
'check and experience a real down. But for the subsequent polls, it won't be doing a
'real check (ConnectServer won't be called) as Ping monitor has a down state, and this
'monitor will be assumed down.
If IsPingUp(nDeviceID) = false Then
Context.SetResult 1,"Actual check was not performed due to ping being down. Automatically set to
down."
Else
sAdminName = Context.GetProperty("CredWindows:DomainAndUserid")
sAdminPasswd = Context.GetProperty("CredWindows:Password")
sLoginUser = GetCurrentLoginUser(sComputer, sAdminName, sAdminPasswd)
sExpectedUser = "administrator"
If Not IsNull(sLoginUser) Then
205
If instr(1,sLoginUser, sExpectedUser,1) > 0 Then
Context.SetResult 0,"Current login user is " & sLoginUser
ElseIf sLoginUser = " " Then
Context.SetResult 0,"No one is currently logged in."
Else
Context.SetResult 1,"an unexpected user " & sLoginUser & " has logged in " &
sComputer
End If
End If
End If
'Check if Ping monitor on the device specified by nDeviceID is up.
'If nDeviceID is not available as it's in the case during discovery, then assume
'ping is up.
'If ping monitor is not on the device, then assume it's up so the real check will be
'performed.
Function IsPingUp(nDeviceID)
If nDeviceID > -1 Then
'get the Ping monitor up state.
sSqlGetUpState = "SELECT sStateName from PivotActiveMonitorTypeToDevice as P join "

&_
"ActiveMonitorType as A on P.nActiveMonitorTypeID=A.nActiveMonitorTypeID " & _
"join MonitorState as M on P.nMonitorStateID = M.nMonitorStateID " & _
"where nDeviceID=" & nDeviceID & " and A.sMonitorTypeName='Ping' and " & _
" P.bRemoved=0"
Set oDBconn = Context.GetDB
Set oStateRS = CreateObject("ADODB.Recordset")
oStateRS.Open sSqlGetUpState,oDBconn,3
'if recordset is empty then
If oStateRS.RecordCount = 1 Then
If instr(1,oStateRS("sStateName"),"up",1) > 0 Then
IsPingUp = true
Else
IsPingUP = false
End If
Else
206
'if there's no ping on the device, then just assume up, so regular check will
happen.
IsPingUp= true
End If
oStateRS.Close
oDBconn.Close
Set oStateRS = Nothing
Set oDBconn = Nothing
Else
'assume up since there's no device yet. It's for scanning during discovery.
IsPingUP = true
End If
End Function
'Try to get the current login user name.
Function GetCurrentLoginUser(sComputer, sAdminName, sAdminPasswd)
GetCurrentLoginUser=Null
Set oSWbemLocator = CreateObject("WbemScripting.SWbemLocator")
On Error Resume Next
Set oSWbemServices = oSWbemLocator.ConnectServer _
(sComputer, "root\cimv2",sAdminName,sAdminPasswd)
If Err.Number <> 0 Then
Context.LogMessage("The 1st try to connect to " & sComputer & " failed. Err:" &
Err.Description)
Err.Clear
'If the specified user name and password for WMI connection failed, then
'try to connect without user name and password. Can't specify user name
'and password when connecting to local machine.
Set oSWbemServices = oSWbemLocator.ConnectServer(sComputer, "root\cimv2")
If Err.Number <> 0 Then
Err.Clear
Context.SetResult 1,"Failed to access " & sComputer & " " & _
"using username:" & sAdminName & " password." & " Err: " & Err.Description
Exit Function
207
End If
End If
Set colSWbemObjectSet = oSWbemServices.InstancesOf("Win32_ComputerSystem")
For Each oSWbemObject In colSWbemObjectSet
'Context.SetResult 0,"User Name: " & oSWbemObject.UserName & " at " & sComputer
sCurrentLoginUser = oSWbemObject.UserName
Err.Clear
Next
If Cstr(sCurrentLoginUser) ="" Then
GetCurrentLoginUser = " "
Else
GetCurrentLoginUser = sCurrentLoginUser
End If
Set oSWbemServices = Nothing
Set oSWbemLocator = Nothing
End Function
208
Monitor bandwidth utilization on an interface
This active monitor is used to monitor the total bandwidth utilization (both in and out
octets) of an interface by polling values of the interface MIB.
// Settings for this monitor:
// the interface index ifIndex:
var nInterfaceIndex = 65540;
// this monitor will fail if the interface utilization goes above this current ratio:
// current bandwidth / maxBandwidth > nMaxInterfaceUtilizationRatio
var nMaxInterfaceUtilizationRatio = 0.7; // Set to 70%
// Create an SNMP object, that will poll the device.
// Get the device ID
// This function polls the device returns the ifSpeed of the inteface indexed by
nIfIndex.
// ifSpeed is in bits per second.
function getIfSpeed(nIfIndex) {
var oResult = oSnmpRqst.Initialize(nDeviceID);
if (oResult.Failed) {
return null;
return parseInt(SnmpGet("1.3.6.1.2.1.2.2.1.5." + nIfIndex)); // ifSpeed
// Function to get SNMP ifInOctets for the interface indexed by nIfIndex (in bytes).
// Returns the value polled upon success, null in case of failure.
function getInOctets(nIfIndex) {
209
return null;
return parseInt(SnmpGet("1.3.6.1.2.1.2.2.1.10." + nIfIndex)); // inOctets
// Function to get SNMP ifOutOctets for the interface indexed by nIfIndex (in bytes).
function getOutOctets(nIfIndex) {
return null;
return parseInt(SnmpGet("1.3.6.1.2.1.2.2.1.16." + nIfIndex)); // outOctets
// Helper function to get a specific SNMP object (OID in sOid).
function SnmpGet(sOid) {
var oResult = oSnmpRqst.Get(sOid);
return null;
else {
return oResult.GetPayload;
// Get the current date. It will be used as a reference date for the SNMP polls.
var oDate = new Date();
var nPollDate = parseInt(oDate.getTime()); // get the date in millisec in an integer.
// Do the actual polling:
var nInOctets = getInOctets(nInterfaceIndex);
var nOutOctets = getOutOctets(nInterfaceIndex);
var nIfSpeed = getIfSpeed(nInterfaceIndex);
if (nInOctets == null || nOutOctets == null || nIfSpeed == null) {
Context.SetResult(1, "Failure to poll this device.");
210
else {
var nTotalOctets = nInOctets + nOutOctets;
// Retrieve the octets value and date of the last poll saved in a context variable:
var nInOutOctetsMonitorPreviousPolledValue =
Context.GetProperty("nInOutOctetsMonitorPreviousPolledValue");
var nInOutOctetsMonitorPreviousPollDate =
Context.GetProperty("nInOutOctetsMonitorPreviousPollDate");
if (nInOutOctetsMonitorPreviousPolledValue == null ||
nInOutOctetsMonitorPreviousPollDate == null) {
// the context variable has never been set, this is the first time we are
polling.
Context.LogMessage("This monitor requires two polls.");
Context.SetResult(0, "success");
else {
// compute the bandwidth that was used between this poll and the previous poll
var nIntervalSec = (nPollDate - nInOutOctetsMonitorPreviousPollDate) / 1000; //
time since last poll in seconds
var nCurrentBps = (nTotalOctets - nInOutOctetsMonitorPreviousPolledValue) * 8 /
nIntervalSec;
Context.LogMessage("total octets for interface " + nInterfaceIndex + " = " +
nTotalOctets);
Context.LogMessage("previous value = " + nInOutOctetsMonitorPreviousPolledValue);
Context.LogMessage("difference: " + (nTotalOctets -
nInOutOctetsMonitorPreviousPolledValue) + " bytes");
Context.LogMessage("Interface Speed: " + nIfSpeed + "bps");
Context.LogMessage("time elapsed since last poll: " + nIntervalSec + "s");
Context.LogMessage("Current Bandwidth utilization: " + nCurrentBps + "bps");
if (nCurrentBps / nIfSpeed > nMaxInterfaceUtilizationRatio) {
Context.SetResult(1, "Failure: bandwidth used on this interface " +
nCurrentBps + "bps / total available: " + nIfSpeed + "bps is above the specified ratio: "
+ nMaxInterfaceUtilizationRatio);
else {
211
Context.SetResult(0, "Success");
// Save this poll information in the context variables:
Context.PutProperty("nInOutOctetsMonitorPreviousPolledValue", nTotalOctets);
Context.PutProperty("nInOutOctetsMonitorPreviousPollDate", nPollDate);
212
Monitor an SNMP agent running on a nonstandard port
This active monitor watches an SNMP agent running on a non-standard port (the standard
SNMP port is 161).
var nSNMPPort = 1234; // change this value to the port your agent is running on
// Get the device ID
// Initialize the SNMP request object
if(oResult.Failed)
Context.SetResult(1, oResult.GetPayload);
else
// Set the request destination port.
var oResult = oSnmpRqst.SetPort(nSNMPPort);
// Get sysDescr.
var oResult = oSnmpRqst.Get("1.3.6.1.2.1.1.1.0");
if (oResult.Failed)
Context.SetResult(1, "Failed to poll device using port " + nSNMPPort + ".
Error=" + oResult.GetPayload);
else
Context.SetResult(0, "SUCCESS. Detected an SNMP agent running on port nSNMPPort );
213
Monitor for unknown MAC addresses
This active monitor watches MAC addresses present on a network by polling an
SNMPmanaged switch and the bridge MIB. In the example script, you define a list of MAC
addresses you will allow to connect to the network. This monitor will fail if it finds devices
that do not match the addresses specified in the list.
// Modify the list below. It defines a list of allowed mac addresses with mapping to switch interface
// on the network.
// This script will poll a managed switch using SNMP and the bridge MIB to detect MAC addresses present
// on your network that should not be and to detect misplaced machines (connected to the wrong port).
//
// The MAC addresses should be typed lowercase with no padding using ':' between each byte
// for instance, "0:1:32:4c:ef:9" and not "00:01:32:4C:EF:09"
//
var arrAllowedMacToPortMapping = new ActiveXObject("Scripting.Dictionary");
arrAllowedMacToPortMapping.add("0:3:ff:3b:df:1f", 17);
arrAllowedMacToPortMapping.add("0:3:ff:72:5c:bf", 77);
arrAllowedMacToPortMapping.add("0:3:ff:e2:e5:76", 73);
arrAllowedMacToPortMapping.add("0:11:24:8e:e0:a5", 63);
arrAllowedMacToPortMapping.add("0:1c:23:ae:b0:4c", 48);
arrAllowedMacToPortMapping.add("0:1d:60:96:e5:58", 73);
arrAllowedMacToPortMapping.add("0:e0:db:8:aa:a3", 73);
var ERR_NOERROR = 0;
var ERR_NOTALLOWED = 1;
var ERR_MISPLACED = 2;
function CheckMacAddress(sMacAddress, nPort)
sMacAddress = sMacAddress.toLowerCase();
214
if (!arrAllowedMacToPortMapping.Exists(sMacAddress))
return ERR_NOTALLOWED;
var nAllowedPort = arrAllowedMacToPortMapping.Item(sMacAddress);
if (nAllowedPort != nPort)
return ERR_MISPLACED;
return ERR_NOERROR;
var oComResult = oSnmpRqst.Initialize(Context.GetProperty("DeviceID"));
else
var DOT1DTOFDBPORT_OID = "1.3.6.1.2.1.17.4.3.1.2";
var DOT1DTOFDBADDRESS_OID = "1.3.6.1.2.1.17.4.3.1.1";
var sOid = DOT1DTOFDBPORT_OID
var bStatus = true;
var arrMisplacedAddresses = new Array();
var arrNotAllowedAddresses = new Array();
var i=0;
while (i++<1000)
oComResult = oSnmpRqst.GetNext(sOid);
break;
sOid = oComResult.GetOID;
215
if (sOid.indexOf(DOT1DTOFDBPORT_OID) == -1)
// we are done walking
break;
var nPort = oComResult.GetPayload;
// the last 6 elements of the OID are the MAC address in OId format
var sInstance = sOid.substr(DOT1DTOFDBPORT_OID.length+1, sOid.length);
// get it in hex format...
oComResult = oSnmpRqst.Get(DOT1DTOFDBADDRESS_OID + "." + sInstance);
continue;
var sMAC = oComResult.GetValue;
var nError = CheckMacAddress(sMAC, nPort);
switch (nError)
case ERR_NOTALLOWED:
arrNotAllowedAddresses.push(sMAC + "(" + nPort + ")");
break;
case ERR_MISPLACED:
arrMisplacedAddresses.push(sMAC + "(" + nPort + ")");
break;
case ERR_NOERROR:
default:
// no problem
//Write the status
Context.LogMessage("Found " + i + " MAC addresses on your network.");
if (arrMisplacedAddresses.length > 0)
Context.LogMessage("Warning: Found " + arrMisplacedAddresses.length + "
216
misplaced addresses: " + arrMisplacedAddresses.toString());
if (arrNotAllowedAddresses.length > 0)
Context.SetResult(1, "ERROR: Found " + arrNotAllowedAddresses.length + "
unknown MAC addresses on your network: " + arrNotAllowedAddresses.toString());
else
Context.SetResult(0, "SUCCESS. No anomaly detected on the network");
217
Scripting Performance Monitors
Active Script Performance Monitors let you write VBScript and JScript to easily poll one or
more SNMP or WMI values, perform math or other operations on those values, and graph a
single output value. You should only use the Active Script Performance Monitor when you
need to perform calculations on the polled values. Keep in mind that although you can poll
multiple values using the feature, only one value will be stored to the database: the
outcome of your scripted calculation.
Reference Variables
Reference variables simplify your scripting code and enable you to write scripts efficiently,
without having to grab a list of device properties, as with the Script Action and Script
Active Monitor. They take care of the underlying SNMP or WMI mechanisms that you
would normally have to use to access SNMP or WMI counters on a remote device.
By using the Context.GetReferenceVariable (variable name), you only need to specify the
name of a pre-defined variable. WhatsUp Gold uses a device's credentials to connect to the
target device using SNMP or WMI to retrieve the requested information. This information is
stored in a variable that you can use later in your script.
Important: The use of reference variables in the Active Script Performance Monitor is
optional. If you do use them, you must use Context.GetReferenceVariable,for reference
variables to be polled and their data graphed.
Keep In Mind
• You need to include error handling in your monitor script. Your script either needs
a value to graph by using Context.SetValue, or you must use Context.SetResult to
tell WhatsUp Gold that the script failed.
• Context.GetReferenceVariablewill return 'null' if the poll fails for any reason.
• If you do not have a call to SetValue or SetResult, the script does not report any
errors and no data is graphed.
• If SetValue is used, it is not necessary to use SetResult, as SetValue implicitly sets
SetResult to 0, or "good."
• Results from this performance monitor are displayed on Custom Performance
Monitors full and dashboard reports.
• Errors from this performance monitor are displayed in the Performance Monitor
Error log as well as EventViewer.exe.
Using the context object with performance monitors

The context object provides an interface for your script to interact with WhatsUp Gold. All
methods and properties are retrieved using the Context namespace.
Note: You may have to remove the copyright information from the cut and paste if it
appears when you copy from this help file.
218
Methods Method description
LogMessage(sText); This method allows for a message to be written to the WhatsUp Gold
debug log.
Example
JScript
Context.LogMessage( "Checking Monitor name using
VBScript
Context.LogMessage "Checking Address using Context.GetProperty()"
PutProperty(sPropertyName); This method allows you to store a value in the INMSerialize object. This
value is retained across polls.
Example
JScript
var nCount = parselnt(nNum) +1;

Context.PutProperty("MyNumeric",nCount);
SetResult(nCode, sText); This method allows for a result code and result message to be set. This
is how you can tell the WhatsUp Gold system if the monitor succeeds or
fails.
Every script should call SetResult. If SetResult is not called, the script is
always assumed to have succeeded.
Example
JScript
Context.SetResult(0, "Script completed
successfully."); //Success
Context.SetResult(1, "An error occurred.");
//Failure
VBScript
GetReferenceVariable(sRefVar This method allows the code to grab a reference variable to be used in
Name); the monitor.
Example
JScript
Context.GetReferenceVariable("A")
A reference variable "A" would have had to have been created.

SetValue(nValue); This method allows you to graph a value.
Example
JScript
Context.SetValue(245)
GetProperty(sPropertyName); This method offers access to any of the device properties listed below.
These names are case sensitive.
"ActiveMonitorTypeName" The active monitor
display name
"Address" The IP address

of the device
"Mode" 1 = doing discovery
219
2 = polling
3 = test
"ActiveMonitorTypeID" The active monitor's

type ID

community

community

community

community
"CredSnmpV3:Username" SNMPv3 Username
"CredSnmpV3:Context" SNMPv3 Context
"CredSnmpV3:AuthPassword" SNMPv3
Authentication
password
"CredSnmpV3:AuthProtocol" SNMPv3
Authentication
protocol
"CredSnmpV3:EncryptPassword" SNMPv3 Encrypt

password
"CredSnmpV3:EncryptProtocol" SNMPv3 Encrypt

protocol
"CredWindows:DomainAndUserid" Windows Domain

and User ID
Example
JScript
var sReadCommunity =
Context.GetProperty("CredSnmpV1:ReadCommunity");
220
Example active script performance monitors
These scripts demonstrate potential uses of Active Script Performance Monitors. To view
other Active Script Performance Monitors created by other WhatsUp Gold users, visit the
Progress user community (http://community.progress.com).
• Graphing printer ink level percent utilization (on page 215)

• Poll a reference variable and perform a calculation (on page 218)
• Graph a temperature monitor (on page 220)
• Poll the storage table using SNMP GetNext (on page 221)
• Poll multiple reference variables (on page 223)
Graphing printer ink level utilization

This performance monitor uses two reference variables to poll and compute the ink
level percent utilization of a printer for later graphing.
Note: This script was tested on an HP MIB.
Run the SNMP MIB Walker net tool to check the OIDs of the two reference variables and
eventually adjust their instance (1.1 in this example): 1.3.6.1.2.1.43.11.1.1.8.1.1 and
1.3.6.1.2.1.43.11.1.1.9.1.1.
// prtMarkerSuppliesLevel is an SNMP reference variable defined with an OID or 1.3.6.1.2.1.43.11.1.9

and an instance of 1.1
// prtMarkerSuppliesMaxCapacity is an SNMP reference variable defined with an OID or

1.3.6.1.2.1.43.11.1.8 and an instance of
1.1
Context.LogMessage("Print the current marker level");
var prtMarkerSuppliesLevel = Context.GetReferenceVariable("prtMarkerSuppliesLevel");
Context.LogMessage("Print the maximum marker level");
var prtMarkerSuppliesMaxCapacity = Context.GetReferenceVariable("prtMarkerSuppliesMaxCapacity");
if (prtMarkerSuppliesMaxCapacity == null || prtMarkerSuppliesLevel == null) {
Context.SetResult(0, "Failed to poll printer ink levels.");
221
}
else {
Context.LogMessage("marker lever successfully retrieved");
var nPercentMarkerUtilization = 100 * prtMarkerSuppliesLevel / prtMarkerSuppliesMaxCapacity;
Context.LogMessage("Percent utilization=" + nPercentMarkerUtilization + "%");
Context.SetValue(nPercentMarkerUtilization);
222
Poll a reference variable and perform a calculation
This performance monitor polls a reference variable, and then performs an arithmetic
calculation with the returned value.
// This script is a JScript that demonstrates how to use a reference variable in a script.
// The reference variable "RVsysUpTime" is an SNMP reference variable defined
// with an OID of 1.3.6.1.2.1.1.3 and instance of 0.
// Poll reference variable RVsysUpTime
var RVsysUpTime = Context.GetReferenceVariable("RVsysUpTime");
if (RVsysUpTime == null) {
// Pass a non-zero error code upon failure with an error message.
// The error message will be logged in the Performance Monitor Error Log
// and in the eventviewer.
Context.SetResult(1, "Failed to poll the reference variable.");
else {
223
// Success use the polled value to convert sysUpTime in hours.
// sysUpTime is an SNMP timestamp which is in hundredths of seconds:
var sysUpTimeHours = RVsysUpTime / 3600 / 100;
// Save the final value to graph:
Context.SetValue(sysUpTimeHours);
224
Graph a temperature monitor
This performance monitor polls an SNMP-enabled temperature sensor using the CurTemp
reference variable.
// This script is a JScript script that polls the temperature of an SNMP-enabled sensor from "uptime devices"
(www.uptimedevices.com).
// It uses an SNMP reference variable named CurTemp defined with an OID of
1.3.6.1.4.1.3854.1.2.2.1.16.1.14
// and an instance of 1.
//
// That device indicates the temperature in degrees Fahrenheit.
var oCurTemp = Context.GetReferenceVariable("CurTemp");
if (oCurTemp == null) {
Context.SetResult(1, "Unable to poll Temperature Sensor");
else {
// convert temperature from tenth of degrees to degrees
var nFinalTemp = oCurTemp / 10.0;
// comment out the line below to convert the temperature in Celsius degrees:
//nFinalTemp = (nFinalTemp - 32) * 5 / 9;
Context.SetValue(nFinalTemp);
225
Use SNMP GetNext.
This performance monitor walks the hrStorageType MIB to find hard disks in the storage
table. After a hard disk is found, it obtains indexes of it and polls new objects (the storage
size and units).
// This scripts walks hrStorageType to find hard disks in the storage table.
// A hard disk as a hrStorageType of "1.3.6.1.2.1.25.2.1.4" (hrStorageFixedDisk).
// Then it gets the indexes of the hard disk in that table and for each index, it polls
two new
// objects in that table, the storage size and the units of that entry.
// It adds everything up and converts it in Gigabytes.
var hrStorageType = "1.3.6.1.2.1.25.2.3.1.2";
// Create and initialize the snmp object
var arrIndexes = new Array(); // array containing the indexes of the disks we found
// walk the column in the table:
var oSnmpResponse = oSnmpRqst.GetNext(hrStorageType);
if (oSnmpResponse.Failed) Context.SetResult(1, oSnmpResponse.GetPayload);
var sOid = String(oSnmpResponse.GetOid);
var sPayload = String(oSnmpResponse.GetPayload);
while (!oSnmpResponse.Failed && sOid < (hrStorageType + ".99999999999"))
if (sPayload == "1.3.6.1.2.1.25.2.1.4") {
// This storage entry is a disk, add the index to the table.
// the index is the last element of the OID:
var arrOid = sOid.split(".");
arrIndexes.push(arrOid[arrOid.length - 1]);
226
oSnmpResponse = oSnmpRqst.GetNext(sOid);
sOid = String(oSnmpResponse.GetOid);
sPayload = String(oSnmpResponse.GetPayload);
Context.LogMessage("Found disk indexes: " + arrIndexes.toString());
if (arrIndexes.length == 0) Context.SetResult(1, "No disk found");
// now that we have the indexes of the disks. Poll their utilization and units
var nTotalDiskSize = 0;
for (var i = 0; i < arrIndexes.length; i++) {
oSnmpResponse = oSnmpRqst.Get("1.3.6.1.2.1.25.2.3.1.5." + arrIndexes[i])
nSize = oSnmpResponse.GetPayload;
oSnmpResponse = oSnmpRqst.Get("1.3.6.1.2.1.25.2.3.1.4." + arrIndexes[i])
nUnits = oSnmpResponse.GetPayload;
nTotalDiskSize += (nSize * nUnits);
// return the total size in gigabytes.
Context.SetValue(nTotalDiskSize / 1024 / 1024 / 1024); // output in Gigabytes
227
Poll multiple reference variables
This performance monitor graphs the percentage of retransmitted TCP segments over
time using two reference variables: RVtcpOytSegs and RVtcpRetransSegs.
/* This script is a JScript that will allow you to graph the percentage of retransmitted TCP segments over time
on a device.
For this script, we use two SNMP reference variables:
The first Reference variable RVtcpOutSegs is defined with OID 1.3.6.1.2.1.6.11 and instance 0. It polls the
SNMP object tcpOutSegs.0, the total number of TCP segments sent out on the network. */
var RVtcpOutSegs = parseInt(Context.GetReferenceVariable("RVtcpOutSegs"));
/* The second reference variable RVtcpRetransSegs is defined with OID 1.3.6.1.2.1.6.12 and instance 0. It polls the
SNMP object tcpRetransSegs.0, the total number of TCP segments that were retransmitted on the system. */
var RVtcpRetransSegs = parseInt(Context.GetReferenceVariable("RVtcpRetransSegs"));
//Error Checking
if (isNaN(RVtcpRetransSegs) || isNaN(RVtcpOutSegs)) {
Context.SetResult(1, "Failed to poll the reference variables.");
228
else {
// Compute the percentage:
var TCPRetransmittedPercent = 100 * RVtcpRetransSegs / RVtcpOutSegs;
// Set the performance monitor value to graph
Context.SetValue(TCPRetransmittedPercent);
229
Scripting Actions
Active Script Actions can be configured to trigger when an active monitor's state changes.
They can be programmed to perform a variety of tasks, from running automated
remediation scripts to posting data to external, third party services via API.
Keep In Mind
• You need to include error handling in your monitor script. Your script must use
Context.SetResult to report the status of the action to WhatsUp Gold.
• Your script should check periodically to see if it has been canceled by the user. To
do this, use the IsCancelled()method described in Using the Context object with
Actions.
Method Method description

LogMessage(sText); This method allows for a message to be written to the WhatsUp
Gold debug log. Messages are displayed in the Event Viewer.
Examples
JScript
Context.LogMessage( "Checking action name using
VBScript
Context.LogMessage "Checking Address using Context.GetProperty()"
SetResult(LONG nCode, This method allows for a result code and result message to be set. This
sText); is how you can tell the WhatsUp Gold system if the action succeeded or
failed.
Examples
JScript
Context.SetResult(0, "Script completed successfully.");
//Success
Context.SetResult(1, "An error occurred."); //Failure
230
VBScript
NotifyProgress(sText); This method allows for a message to be written to the actions progress
dialog. Messages are displayed in the Test dialog and Running Actions
dialog.
Examples
JScript
Context.NotifyProgress( "Checking action name using
VBScript
Context.NotifyProgress "Checking Address using Context.GetProperty()"
IsCancelled(); This method tests whether the action has been canceled by the user.
If the return is true, then the script should terminate.
A cancel can be issued by the user in the action progress dialog and by
the WhatsUp Gold engine when shutting down.
GetProperty(sPropertyName); This property offers access to many device specific aspects. You obtain
access to these items using the names listed. These names are case
sensitive.
"ActionName" The action display name
"Address" The IP Address of the device
"Name" Network name of the device
"DisplayName" Display name of the device
"ActionTypeID" The action type ID
"TriggerCondition" The reason the action

was fired.
Trigger values:
1 - Monitor changed
from DOWN to UP
2 - Monitor changed
from UP to DOWN
4 - A Passive Monitor was

received...
8 - The "Test" Button

was hit
16 - This is a recurring action...
32 - Device is UP
64 - Device is DOWN
The following context objects are only available if impersonations

are enabled.
"CredWindows:DomainAndUserid" Windows Domain
231
and User ID
Example
JScript
232
Example active script actions
These scripts demonstrate a few potential uses of Active Script Actions. To view other
Active Script Actions created by other WhatsUp Gold users, visit the Ipswitch user
community (https://community.ipswitch.com).
• Post device status to Twitter (on page 228)
• Acknowledge all devices (on page 229)
Post device status to Twitter

This action posts the status of the device to which it's applied to the microblogging service
Twitter. This is useful for creating an externally viewable and off-site list of device status.
Note: This example is provided as an illustration only and is not supported. Technical support is
available for the Context object, SNMP API, and scripting environment, but Ipswitch does not
provide support for JScript, VBScript, or developing and debugging Active Script monitors or
actions. For assistance with this example or with writing your own scripts, visit the Progress user
community (http://community.progress.com).
Dim xml
Set xml = createObject("Microsoft.XMLHTTP")
'Update to include your account's username and password.
sUser = "username"
sPass = "password"
sStatus = "WhatsUp Gold says, '%Device.DisplayName %Device.State at %System.Time on %System.Date'"
xml.Open "POST", "http://" & sUser & ":" & sPass & "@twitter.com/statuses/update.xml?status=" & sStatus, False
xml.setRequestHeader "Content-Type", "content=text/html; charset=iso-8859-1"
xml.Send
Context.SetResult 0, xml.responseText
Set xml = Nothing
233
Acknowledge all devices
This action resets the acknowledge flag on all devices. When a device is unacknowledged,
the label on its icon renders as white text on black. If you don't use the acknowledge
feature, this action can be used to make sure that icons always show as acknowledged.
Note: This example is provided as an illustration only and is not supported. Technical support is
available for the Context object, SNMP API, and scripting environment, but Ipswitch does not
provide support for JScript, VBScript, or developing and debugging Active Script monitors or
actions. For assistance with this example or with writing your own scripts, visit the Progress user
community (http://community.progress.com).
// This JScript action sets the acknowledge flag to true for all devices.
// Written by Tim Schreyack of Dynamics Research Corporation
// Get the database info
var oDb = Context.GetDB;
if (null == oDb) {
Context.SetResult( 1, "Problem creating the DB object");
else {
var sSql = "UPDATE ActiveMonitorStateChangeLog SET bAcknowledged = 1 WHERE
bAcknowledged = 0";
var oRs = oDb.Execute(sSql);
var sSql = "UPDATE Device SET nUnAcknowledgedActiveMonitors = 0 WHERE
nUnAcknowledgedActiveMonitors = 1";
var sSql = "UPDATE Device SET nUnAcknowledgedPassiveMonitors = 0 WHERE
nUnAcknowledgedPassiveMonitors = 1";
234

Whats Up Gold 2021 Manual

Uploaded by

Copyright:

Available Formats

You might also like

Whats Up Gold 2021 Manual

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Whats Up Gold 2021 Manual

Uploaded by

Copyright:

Available Formats

Table of Contents

What to expect in the course ..................................................................................................................................................................................1

What to expect in the course

• A working knowledge of network administration

Each entry in the report contains the following information:

For a poller to successfully connect to WhatsUp Gold, enable communication on the

100 Devices / 2,500 Devices / 20,000 Devices / 100,000

• Open the WhatsUp Gold help files

3. Network Managers: Users assigned to this group manage larger,

4. Network Admins: This group should consist of network engineers who

You may also want to add any

Enabling this right will enable all other rights.

A user must have this right to view and hear Web

Device Group Access Rights

Creating AWS Read Only Credentials

3. Specify the user name and enable Programmatic access

4. Select Attach existing policies

Meraki Cloud Credential

2. Log in to the Meraki dashboard (http://dashboard.meraki.com).

5. Copy the API key displayed.

Return to WhatsUp Gold to continue creating the Meraki Cloud credential.

• Active Monitors – Actively monitor your device. They determine if your

• Chassis, Hardware, and Wireless

Are you sure your device or monitor is responding correctly?

Use independent poll

Thresholds: Select which thresholds to

Monitor the following output states: Select

Monitor the following abnormal conditions:

The monitor is considered down when it

If the printer registers any of the

If a temperature probe is disabled, the monitor ignores it.

To set the result in WhatsUp gold use the command Context.SetResult.

REST API Monitor

SQL Server Monitor

• Use in rescan. Enable this option to

• Use in rescan. Enable this

If getting multiple false negatives create a second ping with:

• Use in rescan. Enable

• When Constant Value is selected:

• When Constant Value is selected:

WMI Formatted Monitor

• When Constant Value is selected:

BGP Peer Status

• Use in rescan. Enable this option

• You can use a rule expression to

Provide a unique name and

Use the following procedure to install the agent:

The Data ONTAP SMI-S Agent uses a default collection interval of 5

• Amazon Web Service Elastic Load Balancing service

Meraki Device Status Active Monitor

• Automatically using the Trap Definition Import Tool

If you define multiple payload Match On expressions, each expression is

A selection of performance monitors is available in a fresh installation of WhatsUp Gold,

• Default Performance Monitors

Each of these default performance

• Script type. Select either JSCRIPT or VBSCRIPT.

• Click Add from the Add Active Script

• Object Path/Attribute. Select the

• Timeout (sec.) Duration WhatsUp Gold attempts to connect to the selected