What We Collect

The following list outlines the specific information sets gathered by the RISC Networks RN150 collecting appliance during an engagement. Data is collected in two distinct phases by the RN150, inventory and performance.

Network Equipment
Windows Servers
Linux/Unix Servers
VMware
Databases

Note:For documentation on access requirements please see How We Collect.

Network Equipment

For network equipment, the following information is collected:

Information Collected for Network Equipment

Type

Category

Information Collected

Inventory

Hardware
Serial Number
Line Cards
Flash Size
Memory Size
Interface Information
ENTITY-MIB information

Software
Software version
Flash file list

Operational
Routing Table
ARP Table
L2 Forwarding Table
Neighbor Information (CDP, FDP, LLDP, etc)
Spanning Tree Topology
SAN Switch Forwarding Information (WWN Names, etc)
SCSI Lun Information (FC Switches only)
Quality of Service Configuration

Performance

Statistical
Interface Utilization and Error Statistics
CPU and Memory Utilization Statistics
Cisco MQC Statistics

Windows Servers

For Windows Servers, the following information is collected:

Information Collected for Windows Servers

Type

Category

Information Collected

Inventory

Hardware
Serial Number (Dell Service Tag, etc)
Physical Memory
Physical CPU
Physical Hard Drive
HBA Information
Network Card information

Software
OS Version
Installed Applications and versions with process ID information
Windows Services and status
Logical Disks
Windows Shares
HTTP get on port 80

Operational
Windows Event Log information (3 days of Errors and Warnings)
Citrix Metaframe Server Inventory

Performance

Statistical
CPU Performance
Process specific Performance metrics (CPU, Swap, etc)
Memory Performance (bytes used / % used )
Disk (Logical and Physical) performance (I/O per sec, I/O bytes, latency, etc)
Windows Network Interface Utilization (I/O bytes, etc)
Windows Process Information
Windows Netstat Connectivity Information (opt-in only)
DNS A records and C names where applicable

Linux/Unix Servers

For Linux/Unix Servers, the following information is collected:

Information Collected for Linux/Unix Servers

Type

Category

Information Collected

Inventory via SNMP and SSH

Hardware
Physical Memory
Physical CPU
Physical Hard Drive
Network Interfaces

Software
OS Description
Installed Applications and versions with process ID information
Logical Disks
Filesystems
HTTP get on port 80

Inventory via SSH

Software
Operating System
OS Version
OS Distribution
OS Distribution Version
CPU Architecture

Performance vis SNMP and SSH

Statistical
CPU Performance
Memory Performance (bytes used / % used)
Physical Disk I/O
Running Processes
Socket Connectivity Information (uses TCP-MIB via SNMP / prefers RFC 4022 version)
Network Interface Utilization

VMware

For VMware Servers, the following information is collected:

Information Collected for VMware Servers

Type

Category

Information Collected

Inventory

Hardware
Server Model
Network Connectivity
Physical Memory
CPU
Disk Information (size and configuration)

Software
Guest Inventory
OS Version
ESX Location
Host Inventory
OS Version
DataStore mapping to hosts and guests

Operational
Virtual Switch configuration

Performance

Statistical
CPU Utilization (wait time, ready time, etc)
Memory Utilization (usage MB, etc)
Disk Utilization (I/O / sec, bytes/sec, etc)
Network Utilization (bytes in/out)

Databases

For databases, the following information is collected:

Information Collected for Databases

Type

Category

Information Collected

Inventory

Database
Hostname
Version
Schemas Names (sometimes referred to as database names)
Connectivity
Table Metadata
Table Names

Performance

Statistical
Connectivity
Table Names