What We Collect
The following list outlines the specific information sets gathered by the RISC Networks RN150 collecting appliance during an engagement. Data is collected in two distinct phases by the RN150, inventory and performance.
For documentation on access requirements please see How We Collect.
Network Equipment
For network equipment, the following information is collected:
Information Collected for Network Equipment
| Type | Category | Information Collected |
|---|---|---|
| Inventory | Hardware | Serial Number Line Cards Flash Size Memory Size Interface Information ENTITY-MIB information |
| Software | Software version Flash file list | |
| Operational | Routing Table ARP Table L2 Forwarding Table Neighbor Information (CDP, FDP, LLDP, etc) Spanning Tree Topology SAN Switch Forwarding Information (WWN Names, etc) SCSI Lun Information (FC Switches only) Quality of Service Configuration | |
| Performance | Statistical | Interface Utilization and Error Statistics CPU and Memory Utilization Statistics Cisco MQC Statistics |
Windows Servers
For Windows Servers, the following information is collected:
Information Collected for Windows Servers
| Type | Category | Information Collected |
|---|---|---|
| Inventory | Hardware | Serial Number (Dell Service Tag, etc) Physical Memory Physical CPU Physical Hard Drive HBA Information Network Card information |
| Software | OS Version Installed Applications and versions with process ID information Windows Services and status Logical Disks Windows Shares HTTP get on port 80 | |
| Operational | Windows Event Log information (3 days of Errors and Warnings) Citrix Metaframe Server Inventory | |
| Performance | Statistical | CPU Performance Process specific Performance metrics (CPU, Swap, etc) Memory Performance (bytes used / % used ) Disk (Logical and Physical) performance (I/O per sec, I/O bytes, latency, etc) Windows Network Interface Utilization (I/O bytes, etc) Windows Process Information Windows Netstat Connectivity Information (opt-in only) DNS A records and C names where applicable |
Linux/Unix Servers
For Linux/Unix Servers, the following information is collected:
Information Collected for Linux/Unix Servers
| Type | Category | Information Collected |
|---|---|---|
| Inventory via SNMP and SSH | Hardware | Physical Memory Physical CPU Physical Hard Drive Network Interfaces |
| Software | OS Description Installed Applications and versions with process ID information Logical Disks Filesystems HTTP get on port 80 | |
| Inventory via SSH | Software | Operating System OS Version OS Distribution OS Distribution Version CPU Architecture |
| Performance vis SNMP and SSH | Statistical | CPU Performance Memory Performance (bytes used / % used) Physical Disk I/O Running Processes Socket Connectivity Information (uses TCP-MIB via SNMP / prefers RFC 4022 version) Network Interface Utilization |
VMware
For VMware Servers, the following information is collected:
Information Collected for VMware Servers
| Type | Category | Information Collected |
|---|---|---|
| Inventory | Hardware | Server Model Network Connectivity Physical Memory CPU Disk Information (size and configuration) |
| Software | Guest Inventory OS Version ESX Location Host Inventory OS Version DataStore mapping to hosts and guests | |
| Operational | Virtual Switch configuration | |
| Performance | Statistical | CPU Utilization (wait time, ready time, etc) Memory Utilization (usage MB, etc) Disk Utilization (I/O / sec, bytes/sec, etc) Network Utilization (bytes in/out) |
Databases
For databases, the following information is collected:
Information Collected for Databases
| Type | Category | Information Collected |
|---|---|---|
| Inventory | Database | Hostname Version Schemas Names (sometimes referred to as database names) Connectivity Table Metadata Table Names |
| Performance | Statistical | Connectivity Table Names |