cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Dynatrace now monitoring UNC Shares?

Kenny_Gillette
DynaMight Leader
DynaMight Leader

Team,

Has anybody else seen that Dynatrace started monitoring UNC shares and alerting on it?  I looked through release notes and have not found anything (could have missed).  Our Product Specialist noticed this also started for another customer he is supporting at same time as it did for me.  Started around mid June.

Kenny_Gillette_0-1694805134387.png

 

I know how to filter out Unc shares by disk: \\* but just curious why Dynatrace started doing this.  This hurting other people?

 

From DT Chat: now that you have mentioned it, one of my other customers had the same thing happening too. 

Dynatrace Certified Professional
13 REPLIES 13

Kenny_Gillette
DynaMight Leader
DynaMight Leader

From support:

Based on feedback from our lab, this was the timeline of changes, and indeed some changes would have affected your cluster version:
 

  1. Before OA 1.267, network drives were not monitored on Windows.
  2. In OA 1.267, Windows network disk monitoring has been introduced. That's why the network share metrics are showing up.
  3. As soon as that version was rolled out to our customers, we discovered that the implementation was causing multiple problems, so we decided to disable it again with a debug flag temporarily.
  4. We made multiple improvements, and the whole feature will be reenabled in OA 1.277.

 
We hope this helps explain the situation. Going forward, if you do not want to have network drives monitoring, we can disable it by setting a debug flag. Alternatively, you can update OneAgent to a newer 1.267/1.271/1.273/1.275 version that just sets it by default. Please let us know which route you'd prefer to take, and if there are any questions.

Dynatrace Certified Professional

I'm seeing this issue in our SaaS setup where OA agents are at 1.279.166

Same here.

same problem this is creating problem

You can ask Dynatrace support to set below option globally. This approach worked for us.

'debugEnableWindowsNetworkDriveMonitoring' to false

I was told there would be fix available in oneagent version 1.285 so that user can do this themselves at host level

Hi Srikanth

debugEnableWindowsNetworkDriveMonitoring' to false - where we need to do this. Could you please share steps how to set this parameter to false

 

@sundarv1 - Hi, you can Dynatrace product support via a ticket to set this at the tenant level.

OR

1. You can add regex in disk exclusion filter. (Settings --> Preferences --> Disk options) for windows OS.

2. At the alerting profile, you can filter it using description filter. In my case, I've used one like below as a safety net measure (until product support enabled the flag)

Custom: Description not contains 'The total available space on filesystem or disk \\'

Srikanth

1. You can add regex in disk exclusion filter. (Settings --> Preferences --> Disk options) for windows OS. - What we need to set here?

Operating system - Windows , 

Disk or Mount path = \\*

Is this setting fine

 

Yes that should work i have also fixed it with

Manas_Dholakiya_0-1713879175048.png

 

Manas_Dholakiya
Frequent Guest

i am using 1.279.166 version and still we can see this problem

gilles_tabary
Mentor

Hi.

Having had already excluded \\*\* and \\*,  Windows network drive monitoring we upgraded recently : 

  • from 1.275
  • to 1.293 => blam : issue : spurious user remote logins attempt detected, even some users get locked
  • pinpointing...

Looking again on how to exclude Windows network disk monitoring...

When we activate "Disable NFS Disc monitoring" we stop our spurious network user attempted logon : fine. Because we don't need the UNC / NFS / Network disk monitoring we *can* deactivate that. Though... it's a bit fishy. 🙂

On a sample host our attempts at filtering out on OS==Windows pattern==\\*\* or \\* with FS Type == * seams to not yield help. We did not find an other hack.

I will report issue to support through a new ticket.

Hmmm. Documented @ OneAgent 1.277 release notes : Windows - network disk monitoring enabled :

Note that this can create a security event log notifying that a process token was duplicated, but this is expected behavior and should not be interpreted as a security concern.

Support confirms works as designed.

Scary though. 😬🙂

Workaround indeed : "Disable NFS Disc monitoring" : makes OneAgent stop completely querying Windows perfmon API to get NFS discs infos. On the other hand, excluding UNC disc paths like \\* does not stop OA to query the API.

Regards.

Featured Posts