LAN Watch

Monitor > LAN Watch

Agent > LAN Watch

• This page applies to the following products: On Premises, Kaseya Advanced, Kaseya Essentials, IT Center, IT Workbench

LAN Watch uses an existing VSA agent on a managed machine to periodically scan the local area network for any and all new devices connected to that LAN since the last time LAN Watch ran. These new devices can be workstations and servers without agents or SNMP devices. Optionally, the VSA can send an alert when a LAN Watch discovers any new device. LAN Watch effectively uses the agent as a proxy to scan a LAN behind a firewall that might not be accessible from a remote server.

Using Multiple Machines on the Same LAN

Typically, you do not have to run a LAN Watch on more than one machine in a scan range. Some reasons to do a LAN Watch on multiple machines within the same scan range include:

• There are multiple SNMP Communities within the same scan range and therefore there are multiple machines with different SNMP Community Read values.
• There are multiple vPro-enabled credentials required.
• There are different alert configurations required.
• The user wishes to have redundant SNMP monitoring.

Using the Same Operating System for Discovery and Agent Installs

Windows, Macintosh, and Linux agents can discover Windows, Macintosh, and Linux machines on the same LAN using LAN Watch. Agent > Install Agents can only install agents on:

• Windows machines if the LAN Watch discovery machine was a Windows machine.
• Macintosh machines if the LAN Watch discovery machine was a Macintosh machine.
• Linux machines if the LAN Watch discovery machine was a Linux machine.

Note: Macintosh agent install packages require a credential when using Agent > Install Agent, or when installing agents using the /s "silent install" switch.

Note: For Linux machines, the root username alone—without a hostname or domain—must be used.

LAN Watch and SNMP

The LAN Watch discovery machine issues the SNMP requests to the SNMP devices it discovers on the same LAN. So you must run LAN Watch first to have access to SNMP-enabled devices using the VSA.

To include SNMP devices in the discovery scan performed by LAN Watch:

1. Select a machine ID on the same LAN as the SNMP devices you want to discover.
2. Specify the IP range to scan using the Scan IP Range fields. The fields default to the first 1024 IP addresses your selected machine ID belongs to.
3. Check the Enable SNMP checkbox.
4. Enter a community name in the Read Community Name and Confirm fields.

   A community name is a credential for gaining access to an SNMP-enabled device. The default "read" community name is typically public, in all lower case, but each device may be configured differently. You may have to identify or reset the community name on the device directly if you're not sure what community name to use.

5. Click the Schedule button, select scheduling parameters, then click the Submit button. The Schedule dialog closes.
   • The Last Scan Started displays the time the LAN Watch started scanning, once it has begun.
   • The SNMP Active column confirms that SNMP-enabled devices are being scanned as part of the LAN Watch.
6. Review discovered SNMP-enabled devices using the Monitor > Assign SNMP page.

Schedule

Click Schedule to display the Scheduler window, which is used throughout the VSA to schedule a task. Schedule a task once or periodically. Each type of recurrence—Once, Hourly, Daily, Weekly, Monthly, Yearly—displays additional options appropriate for that type of recurrence. Periodic scheduling includes setting start and end dates for the recurrence. Not all options are available for each task scheduled. Options can include:

• Distribution Window - Reschedules the task to a randomly selected time no later than the number of periods specified, to spread network traffic and server loading.
• Skip if offline - If checked and the machine is offline, skip and run the next scheduled period and time. If blank and the machine is offline, run the task as soon as the machine is online again.
• Power up if offline - Windows only. If checked, powers up the machine if offline. Requires Wake-On-LAN or vPro and another managed system on the same LAN.
• Exclude the following time range - If checked, specifies a date/time range to not perform the task.

Cancel

Click Cancel to stop the scheduled scan. Cancel also deletes all records of the devices identified on a LAN from the VSA. If you re-schedule LAN Watch after clicking Cancel, each device on the LAN is re-identified as though for the first time.

Scan IP Range

Set the minimum and maximum IP addresses to scan here. Selecting a machine ID to scan, by checking the box next to that machine's name, automatically fills in the minimum and maximum IP range based on that machine's IP address and subnet mask.

Note: LAN Watch does not scan more than 2048 IP addresses. If the subnet mask of the machine running LAN Watch specifies a larger IP range, LAN Watch limits it to 2048 addresses. LAN Watch only detects addresses on the local subnet to the machine you run LAN Watch from. For example, with a subnet mask of 255.255.255.0, there can be no more that 253 other devices on the local subnet.

Enable SNMP

If checked, scan for SNMP devices within the specified Scan IP Range.

Read Community Name / Confirm

LAN Watch can only identify SNMP devices that share the same SNMP Community Read value as the managed machine performing the LAN Watch. Enter the value in the Read Community Name and Confirm text boxes.

Note: Community names are case sensitive. Typically the default read community name value is public, but may be reset by an administrator to Public, PUBLIC, etc.

Enable vPro

Windows only. If checked, identify vPro-enabled machines within the specified Scan IP Range. A machine does not need to be a vPro machine to discover vPro machines using LAN Watch. If a vPro machine is used as the LAN Watch discovery machine, it cannot discover itself.

Note: vPro configuration is a prerequisite to using this feature. Refer to the latest Intel documentation for information on how to configure vPro. At the time of this writing, the following link leads to the Intel documentation: http://communities.intel.com/community/openportit/vproexpert.

Username / Password / Confirm

Enter the appropriate vPro credentials to return hardware asset details about vPro machines discovered during the LAN Watch. Typically the same credentials are defined for all vPro machines on the same LAN. The results are displayed using Agent > View vPro.

Note: vPro-enabled machines with a vPro credential can be powered up, powered-down or rebooted using Remote Control > Power Management.

Enable Alerts

If Enable Alerts is checked and a new device is discovered by LAN Watch, an alert is sent to all email addresses listed in Email Recipients. LAN Watch alerts and email recipients can also be specified using the Monitor > Alerts page.

Note: Machines that have not been connected to the LAN for more than 7 days and then connect are flagged as new devices and will generate an alert.

Email Recipients

If alerts are enabled, enter the email addresses where alert notifications are sent. You can specify a different email address for each managed machine, even if it is for the same event. The From email address is specified using System > Outbound Email.

Ignore devices seen in the last <N> days

Enter the number of days to suppress alerts for new devices. This prevents creating alerts for devices that are connected to the network temporarily.

Run Script

If checked and an alarm condition is encountered, an agent procedure is run. You must click the select agent procedure link to choose an agent procedure to run. You can optionally direct the agent procedure to run on a specified range of machine IDs by clicking this machine ID link. These specified machine IDs do not have to match the machine ID that encountered the alarm condition.

Skip alert if MAC address matches existing agent

Checking this box suppresses alerts if the scan identifies that the MAC address of a network device belongs to an existing managed machine with an agent on it. Otherwise a managed machine that was offline for several days and comes back online triggers an unnecessary alert during a LAN Watch.

Check-in status

These icons indicate the agent check-in status of each managed machine. Hovering the cursor over a check-in icon displays the agent quick view window.

Online but waiting for first audit to complete

Agent online

Agent online and user currently logged on.

Agent online and user currently logged on, but user not active for 10 minutes

Agent is currently offline

Agent has never checked in

Agent is online but remote control has been disabled

The agent has been suspended

Machine.Group ID

The list of Machine.Group IDs displayed is based on the Machine ID / Group ID filter and the machine groups the user is authorized to see using System > User Security > Scopes.

IP Range Scanned

The IP addresses that are scanned by the selected machine ID when LAN Watch runs.

Last Scan

This timestamp shows when the last scan occurred. When this date changes, new scan data is available to view.

Primary DC

Windows only. If a primary domain controller icon displays, this machine ID is a primary domain controller. If checked, performing a scan on a primary domain controller running Active Directory enables you to "harvest" the users and computers throughout a domain. You can subsequently install VSA agents automatically on computers listed in Active Directory and create VSA users and VSA users based on Active Directory administrator credentials. See View AD Computers and View AD Users.

SNMP Active

If the SNMP icon displays, SNMP devices are included in the scheduled scan.

vPro Active

Windows only. If the vPro icon displays, vPro machines are included in the schedule scan.

Alert Active

If checked LAN Watch alerts are enabled for this scan.

Topic 398: Send Feedback. Download a PDF of this online book from the first topic in the table of contents. Print this topic.