LAN Watch

Monitor > LAN Watch

Agent > LAN Watch

LAN Watch uses an existing VSA agent on a managed machine to periodically scan the local area network for any and all new devices connected to that LAN since the last time LAN Watch ran. These new devices can be workstations and servers without agents or SNMP devices. Optionally, the VSA can send an alert when a LAN Watch discovers any new device. LAN Watch effectively uses the agent as a proxy to scan a LAN behind a firewall that might not be accessible from a remote server.

Using Multiple Machines on the Same LAN

Typically, you do not have to run a LAN Watch on more than one machine in a scan range. Some reasons to do a LAN Watch on multiple machines within the same scan range include:

• There are multiple SNMP Communities within the same scan range and therefore there are multiple machines with different SNMP Community Read values.
• There are multiple vPro-enabled credentials required.
• There are different alert configurations required.
• The user wishes to have redundant SNMP monitoring.

LAN Watch and Install Agents using Windows or Macintosh

Both Windows and Macintosh agents can discover Windows and Macintosh machines on the same LAN using LAN Watch. Agent > Install Agents can only install agents on:

• Windows machines if the LAN Watch discovery machine was a Windows machine.
• Macintosh machines if the LAN Watch discovery machine was a Macintosh machine.

Note: Macintosh agent install packages require a credential when using Agent > Install Agent, or when installing agents using the /s "silent install" switch.

Schedule

Click Schedule to schedule a recurring LAN Watch scan on each selected machine ID. The scan runs every interval that you set. The default is 1 day.

Date/Time

Enter the year, month, day, hour, and minute to schedule this task.

Cancel

Click Cancel to stop the scheduled scan. Cancel also deletes all records of the devices identified on a LAN from the VSA. If you re-schedule LAN Watch after clicking Cancel, each device on the LAN generates a new alert.

Run recurring every <N> <periods>

Check the box to make this task a recurring task. Enter the number of times to run this task each time period.

Scan IP Range

Set the minimum and maximum IP addresses to scan here. Selecting a machine ID to scan, by checking the box next to that machine's name, automatically fills in the minimum and maximum IP range based on that machine's IP address and subnet mask.

Note: LAN Watch does not scan more than 2048 IP addresses. If the subnet mask of the machine running LAN Watch specifies a larger IP range, LAN Watch truncates it to 2048 addresses. LAN Watch only detects addresses on the local subnet to the machine you run LAN Watch from. For example, with a subnet mask of 255.255.255.0, there can be no more that 253 other devices on the local subnet.

Enable SNMP

If checked, scan for SNMP devices within the specified Scan IP Range.

Read Community Name / Confirm

LAN Watch can only identify SNMP devices that share the same SNMP Community Read value as the managed machine performing the LAN Watch. Enter the value in the Read Community Name and Confirm text boxes.

Note: Community names are case sensitive. Typically the default read community name value is public, but may be reset by an administrator to Public, PUBLIC, etc.

Enable vPro

If checked, identify vPro-enabled machines within the specified Scan IP Range. A machine does not need to be a vPro machine to discover vPro machines using LAN Watch. If a vPro machine is used as the LAN Watch discovery machine, it cannot discover itself.

Note: vPro configuration is a prerequisite to using this feature. Refer to the latest Intel documentation for information on how to configure vPro. At the time of this writing, the following link leads to the Intel documentation: http://communities.intel.com/community/openportit/vproexpert.

Username / Password / Confirm

Enter the appropriate vPro credentials to return hardware asset details about vPro machines discovered during the LAN Watch. Typically the same credentials are defined for vPro machines on the same LAN. The results are displayed using Agent > View vPro.

If you don't know the credentials for the vPro machines you want to discover, enter arbitrary strings in the Username, Password and Confirm fields. This will allow you to discover the existence of the vPro machines, but not return any other hardware assets details.

Note: vPro-enabled machines with a vPro credential can be powered up, powered-down or rebooted using Remote Cntl > Power Mgmt.

Enable Alerts

If Enable Alerts is checked and a new device is discovered by LAN Watch, an alert is sent to all email addresses listed in Email Recipients. LAN Watch alerts and email recipients can also be specified using the Monitor > Alerts page.

Note: Machines that have not connected to the LAN for more than 7 days and then connect are flagged as new devices and will generate an alert.

Email Recipients

If alerts are enabled, enter the email addresses where alert notifications are sent. You can specify a different email address for each managed machine, even if it is for the same event. The From email address is specified using System > Configure.

Ignore devices seen in the last <N> days

Enter the number of days to suppress alerts for new devices. This prevents creating alerts for devices that are connected to the network temporarily.

After alert run select script on this machine ID

If checked and an alarm condition is encountered, a script is run. You must click the select script link to choose a script to run. You can optionally direct the script to run on a specified range of machine IDs by clicking this machine ID link. These specified machine IDs do not have to match the machine ID that triggered the alarm condition.

Skip alert if MAC address matches existing agent

Checking this box suppresses alerts if the scan identifies that the MAC address of a network device belongs to an existing managed machine with an agent on it. Otherwise a managed machine that was offline for several days and comes back online triggers an unnecessary alert during a LAN Watch.

Check-in status

These icons indicate the agent check-in status of each managed machine:

Agent has checked in

Agent has checked in and user is logged on. Tool tip lists the logon name.

Agent has not recently checked in

Agent has never checked in

Online but waiting for first audit to complete

The agent is online but remote control is disabled

The agent has been suspended

Machine.Group ID

The list of Machine ID.Group IDs displayed is based on the Machine ID / Group ID filter and the machine groups the administrator is authorized to see using System > Group Access.

IP Range Scanned

The IP addresses that are scanned by the selected machine ID when LAN Watch runs.

Last Scan

This timestamp shows when a machine ID was last scanned. When this date changes, new scan data is available to view.

Primary DC

If a primary domain controller icon displays, this machine ID is a primary domain controller. If checked, performing a scan on a primary domain controller running Active Directory enables you "harvest" the users and computers throughout a domain. You can subsequently install VSA agents automatically on computers listed in Active Directory and create VSA administrators and VSA users based on Active Directory user credentials. See View AD Computers and View AD Users.

SNMP Active

If the SNMP icon displays, SNMP devices are included in the scheduled scan.

vPro Active

If the vPro icon displays, vPro machines are included in the schedule scan.

Alert Active

If checked LAN Watch alerts are enabled for this scan.

Topic 398: Send Feedback. Download a PDF of this online book from the first topic in the table of contents.