15 Sep 2023 08:16 PM - edited 15 Sep 2023 08:35 PM
Team,
Has anybody else seen that Dynatrace started monitoring UNC shares and alerting on it? I looked through release notes and have not found anything (could have missed). Our Product Specialist noticed this also started for another customer he is supporting at same time as it did for me. Started around mid June.
I know how to filter out Unc shares by disk: \\* but just curious why Dynatrace started doing this. This hurting other people?
From DT Chat: now that you have mentioned it, one of my other customers had the same thing happening too.
Solved! Go to Solution.
26 Sep 2023 08:06 PM
From support:
Based on feedback from our lab, this was the timeline of changes, and indeed some changes would have affected your cluster version:
We hope this helps explain the situation. Going forward, if you do not want to have network drives monitoring, we can disable it by setting a debug flag. Alternatively, you can update OneAgent to a newer 1.267/1.271/1.273/1.275 version that just sets it by default. Please let us know which route you'd prefer to take, and if there are any questions.
11 Jan 2024 06:18 AM
I'm seeing this issue in our SaaS setup where OA agents are at 1.279.166
05 Mar 2024 10:54 AM
same problem this is creating problem
05 Mar 2024 11:15 AM
You can ask Dynatrace support to set below option globally. This approach worked for us.
'debugEnableWindowsNetworkDriveMonitoring' to false
I was told there would be fix available in oneagent version 1.285 so that user can do this themselves at host level
23 Apr 2024 06:23 AM
Hi Srikanth
debugEnableWindowsNetworkDriveMonitoring' to false - where we need to do this. Could you please share steps how to set this parameter to false
23 Apr 2024 11:39 AM
@sundarv1 - Hi, you can Dynatrace product support via a ticket to set this at the tenant level.
OR
1. You can add regex in disk exclusion filter. (Settings --> Preferences --> Disk options) for windows OS.
2. At the alerting profile, you can filter it using description filter. In my case, I've used one like below as a safety net measure (until product support enabled the flag)
Custom: Description not contains 'The total available space on filesystem or disk \\'
23 Apr 2024 02:29 PM
Srikanth
1. You can add regex in disk exclusion filter. (Settings --> Preferences --> Disk options) for windows OS. - What we need to set here?
Operating system - Windows ,
Disk or Mount path = \\*
Is this setting fine
23 Apr 2024 02:33 PM
Yes that should work i have also fixed it with
05 Mar 2024 10:56 AM
i am using 1.279.166 version and still we can see this problem
27 Aug 2024 10:29 AM
Hi.
Having had already excluded \\*\* and \\*, Windows network drive monitoring we upgraded recently :
Looking again on how to exclude Windows network disk monitoring...
27 Aug 2024 01:38 PM - edited 27 Aug 2024 01:39 PM
When we activate "Disable NFS Disc monitoring" we stop our spurious network user attempted logon : fine. Because we don't need the UNC / NFS / Network disk monitoring we *can* deactivate that. Though... it's a bit fishy. 🙂
On a sample host our attempts at filtering out on OS==Windows pattern==\\*\* or \\* with FS Type == * seams to not yield help. We did not find an other hack.
I will report issue to support through a new ticket.
03 Sep 2024 04:25 PM
Hmmm. Documented @ OneAgent 1.277 release notes : Windows - network disk monitoring enabled :
Note that this can create a security event log notifying that a process token was duplicated, but this is expected behavior and should not be interpreted as a security concern.
Support confirms works as designed.
Scary though. 😬🙂
Workaround indeed : "Disable NFS Disc monitoring" : makes OneAgent stop completely querying Windows perfmon API to get NFS discs infos. On the other hand, excluding UNC disc paths like \\* does not stop OA to query the API.
Regards.