Professional Documents
Culture Documents
Supporting
BMC PATROL KM for Microsoft Windows Operating System 4.3 BMC PATROL KM for Microsoft Windows Active Directory 1.6 BMC PATROL KM for Microsoft Windows Active Directory Remote Monitoring 1.7 BMC PATROL KM for Microsoft Windows Domain Services 1.5 BMC PATROL KM for Microsoft Cluster Server 1.7 BMC PATROL Cluster Configuration Wizard 1.5 BMC PATROL KM for Microsoft COM+ 1.3 BMC PATROL KM for Microsoft Message Queue 1.4 BMC PATROL KM for Event Management 2.8 BMC PATROL KM for Log Management 2.6.10 BMC PATROL Wizard for Microsoft Performance Monitor and WMI 2.1 BMC PATROL Adapter for Microsoft Office 1.1 BMC PATROL Agent 3.8.50
October 2010
www.bmc.com
Copyright 2007, 2009 - 2010 BMC Software, Inc. BMC, BMC Software, and the BMC Software logo are the exclusive properties of BMC Software, Inc., are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other BMC trademarks, service marks, and logos may be registered or pending registration in the U.S. or in other countries. All other trademarks or registered trademarks are the property of their respective owners. DB2 is the trademark or registered trademark of International Business Machines Corporation in the United States, other countries, or both. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. UNIX is the registered trademark of The Open Group in the US and other countries. All other trademarks belong to their respective companies. The information included in this documentation is the proprietary and confidential information of BMC Software, Inc., its affiliates, or licensors. Your use of this information is subject to the terms and conditions of the applicable End User License agreement for the product and to the proprietary and restricted rights notices included in the product documentation.
Customer support
You can obtain technical support by using the BMC Software Customer Support website or by contacting Customer Support by telephone or e-mail. To expedite your inquiry, see Before contacting BMC.
Support website
You can obtain technical support from BMC 24 hours a day, 7 days a week at http://www.bmc.com/support. From this website, you can
s s s s s s s s
read overviews about support services and programs that BMC offers find the most current information about BMC products search a database for issues similar to yours and possible solutions order or download product documentation download products and maintenance report an issue or ask a question subscribe to receive proactive e-mail alerts when new product notices are released find worldwide BMC support center locations and contact information, including e-mail addresses, fax numbers, and telephone numbers
product information product name product version (release number) license number and password (trial or permanent)
operating system and environment information machine type operating system type, version, and service pack or other maintenance level such as PUT or PTF system hardware configuration serial numbers related software (database, application, and communication) including type, version, and service pack or maintenance level
s s s
sequence of events leading to the issue commands and options that you used messages received (and the time and date that you received them) product error messages messages from the operating system, such as file system full messages from related software
(USA or Canada) Contact the Order Services Password Team at 800 841 2031, or send an e-mail message to ContractsPasswordAdministration@bmc.com. (Europe, the Middle East, and Africa) Fax your questions to EMEA Contracts Administration at +31 20 354 8702, or send an e-mail message to password@bmc.com. (Asia-Pacific) Contact your BMC sales representative or your local BMC office.
Contents
Chapter 1 Product components and capabilities 17 18 18 18 18 19 19 20 21 22 28 30 30 31 31 31 32 33 34 34 34 34 35 35 35 37 38 39 39 40 43 49 49 50 50 50 51
5
PATROL for Windows Servers features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Centralized event filtering and notification. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ability to deploy configuration settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Built-in recovery actions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Predefined rulesets for common server types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Virtualization with Hyper-V . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Product components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL KM for Microsoft Windows Operating System . . . . . . . . . . . . . . . . . . . . PATROL KM for Microsoft Windows Active Directory . . . . . . . . . . . . . . . . . . . . . PATROL KM for Microsoft Windows Active Directory Remote Monitoring . . . PATROL KM for Microsoft Windows Domain Services . . . . . . . . . . . . . . . . . . . . . PATROL KM for Microsoft Cluster Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL Cluster Configuration Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL KM for Microsoft Message Queue (MSMQ). . . . . . . . . . . . . . . . . . . . . . . PATROL KM for Microsoft COM+. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL KM for Log Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL KM for Event Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL Wizard for Microsoft Performance Monitor and WMI. . . . . . . . . . . . . . PATROL History Loader KM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL Adapter for Microsoft Office . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Related documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Where to go from here. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Chapter 2 Installing and migrating PATROL for Windows Servers
Installation overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Verifying installation requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . System requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Additional component-specific requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Preparing for installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Turning off pop-up blocking software before installing . . . . . . . . . . . . . . . . . . . . . Unsupported platform option in the installation utility user interface. . . . . . . . . Extraneous target platform options available in the installation utility user interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Checking for product patches or fixes before installing . . . . . . . . . . . . . . . . . . . . . Determining how to install products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents
Determining the version of the installation utility . . . . . . . . . . . . . . . . . . . . . . . . . . 51 Determining where to install the PATROL Agent . . . . . . . . . . . . . . . . . . . . . . . . . . 51 Installing the PATROL Agent over an existing installation . . . . . . . . . . . . . . . . . . 51 Extracting installation files after download . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 Determining where to install KMs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 PATROL Security levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 Checking security levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 Assessing and implementing a different security level . . . . . . . . . . . . . . . . . . . . . . 54 Default and custom installation types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 First-time installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 Installing for the first time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 First-time installation using Distribution Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 Distribution Server features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 Importing a CD or customized installation package into Distribution Server . . . 61 Installing with the Distribution Server (overview) . . . . . . . . . . . . . . . . . . . . . . . . . . 62 Upgrading from an earlier version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 Automatic migration of console and agent customizations . . . . . . . . . . . . . . . . . . 63 Determining whether you can migrate KM customizations . . . . . . . . . . . . . . . . . . 64 Conditions for upgrading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 Determining the location of PATROL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 PATROL for Windows Servers upgrade scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 Upgrading without saving KM customizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 Upgrading and preserving KM customizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 Preparing to upgrade. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 Migrating customizations with the PATROL Configuration Manager . . . . . . . . . 70 Creating an installation package of the migrated and merged KM . . . . . . . . . . . . 70 Moving files from the PATROL_CACHE directories. . . . . . . . . . . . . . . . . . . . . . . . 71 Migrating customizations manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72 Installing PATROL KM for Microsoft Cluster Server . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 External cluster-level agent architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74 Internal cluster-level agent architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 How to Install the PATROL KM for Microsoft Cluster Server . . . . . . . . . . . . . . . . 76 Considerations for using online Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77 Browser version required for viewing PATROL Console for UNIX Help . . . . . . 78 Additional considerations for using online Help for UNIX . . . . . . . . . . . . . . . . . . 78 Uninstalling PATROL for Windows Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 Determining the version of the installation utility . . . . . . . . . . . . . . . . . . . . . . . . . . 80 Uninstalling PATROL for Windows Servers on Windows . . . . . . . . . . . . . . . . . . . 81 Where to go from here . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 Chapter 3 Loading and configuring PATROL for Microsoft Windows Servers 87
Preparing to use PATROL for Windows Servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 Loading and preloading KMs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 Loading the PATROL for Microsoft Windows Servers KMs . . . . . . . . . . . . . . . . . 91 Preloading KMs on the PATROL Agent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 Requirements for configuring from the PATROL Console . . . . . . . . . . . . . . . . . . . 97 Configuring the PATROL KM for Microsoft Windows OS . . . . . . . . . . . . . . . . . . . . . 101 Enabling and disabling system monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 Configuring Windows events monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
6 BMC PATROL for Microsoft Windows Servers Getting Started
Configuring service monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114 Configuring process monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117 Creating custom parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124 Viewing event logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125 Configuring Blue Screen monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126 Notifying when disks are not present . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126 Providing nonaggregate values for a drive instance . . . . . . . . . . . . . . . . . . . . . . . 127 Configuring recovery actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128 About recovery actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128 Built-in native recovery actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129 Configuring built-in native recovery actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130 Configuring e-mail notification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132 Using notification scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133 Defining notification servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136 Assigning notification servers for the remote agents. . . . . . . . . . . . . . . . . . . . . . . 138 Assigning notification targets for a PATROL alert. . . . . . . . . . . . . . . . . . . . . . . . . 140 Configuring the PATROL KM for Microsoft Active Directory . . . . . . . . . . . . . . . . . . 141 Configuring PATROL Wizard for Microsoft Performance Monitor and WMI . . . . 142 Loading the PATROL Wizard for Microsoft Performance Monitor and WMI . 142 Creating performance monitor parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143 Setting alarm thresholds. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144 Creating WMI parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144 Configuring the PATROL KM for Log Management . . . . . . . . . . . . . . . . . . . . . . . . . . 147 Stop and start monitoring all default log files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149 Stop monitoring a log file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149 Start monitoring a log file. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150 Change the setup of a monitored file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156 Filter log file messages (create a search string) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157 Generate a custom event when a search string is identified . . . . . . . . . . . . . . . . . 160 Configure recovery actions for a log file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164 Configuring the PATROL KM for Microsoft Cluster Server . . . . . . . . . . . . . . . . . . . . 165 Using the PATROL Adapter for Microsoft Office to view reports . . . . . . . . . . . . . . . 166 Displaying PATROL data by using the PATROL Adapter for Microsoft Office 167 How to use the PATROL Adapter for Microsoft Office . . . . . . . . . . . . . . . . . . . . 168 Built-in report templates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168 Removing KMs from your console and agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170 Unloading KMs from a PATROL console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171 Stopping preloaded KMs from running on the PATROL Agent . . . . . . . . . . . . . 173 Chapter 4 Using the PATROL Cluster Configuration Wizard 175 176 176 177 177 177 178 183 183 183
7
Using the PATROL Cluster Configuration Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Preparing to use the PCC Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Access requirements for running the PCC Wizard . . . . . . . . . . . . . . . . . . . . . . . . Starting the PCC Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . How to use the PCC Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Post-PCC configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Manually configuring the PATROL Agent for clustering . . . . . . . . . . . . . . . . . . . . . . Install the application on each cluster node . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents
Install the PATROL Agent on each cluster node. . . . . . . . . . . . . . . . . . . . . . . . . . . 184 Assign a unique port number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184 Distribute license file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184 Define the PATROL cluster-specific environment variables. . . . . . . . . . . . . . . . . 184 Create and register a new service for the PATROL Agent . . . . . . . . . . . . . . . . . . 185 Define the PATROL Agent as a member of the group . . . . . . . . . . . . . . . . . . . . . . 186 PATROL cluster-specific environment variables for history and configuration . . . 189 Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189 Operation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190 Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191 Unattended configuration of Cluster Configuration Wizard . . . . . . . . . . . . . . . . . . . 191 Chapter 5 Monitoring remote hosts 193
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193 Prerequisites for remote monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195 Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195 Configuring PATROL KM for Windows for remote monitoring . . . . . . . . . . . . . . . . 195 Application classes to configure remote monitoring . . . . . . . . . . . . . . . . . . . . . . . . . 196 Supported application classes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196 Object hierarchy for remote monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196 Parameters for remote monitoring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197 Supported tasks for remote monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198 Chapter 6 Troubleshooting PATROL for Microsoft Windows Servers 199
PATROL KM for Microsoft Windows OS problems . . . . . . . . . . . . . . . . . . . . . . . . . . . 200 Process or job object data not displayed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200 PATROL Generates Event 560 and 562 in the Windows security event log . . . . 201 Event filter parameters not automatically acknowledged . . . . . . . . . . . . . . . . . . . 201 Newly installed protocols are not discovered . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201 Event log summary instance cannot be removed . . . . . . . . . . . . . . . . . . . . . . . . . . 202 Windows event log does not work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202 Multiple processes are selected when you select a single process . . . . . . . . . . . . 203 PATROL Agent has DiscoveryStatus parameter in alarm. . . . . . . . . . . . . . . . . . . 203 Mount point monitoring and logical disk quotas does not work . . . . . . . . . . . . . 203 PATROL KM for Event Management problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204 Too many e-mail alerts are being generated . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204 Parameters settings lost after agent restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205 PATROL KM for Event Management not working as expected. . . . . . . . . . . . . . 206 AS_AVAILABILITY application not displayed. . . . . . . . . . . . . . . . . . . . . . . . . . . . 206 Problems with all other KMs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207 Cannot add performance monitor counters with alarm ranges less than 1 . . . . 207 AdPerfCollector parameter display error message. . . . . . . . . . . . . . . . . . . . . . . . . 208 Recovery action problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209 Recovery actions do not execute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209 Even though I select Do not ask me again PATROL prompts before running recovery action. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209 Gathering diagnostic information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210 Locations where you can find diagnostic information. . . . . . . . . . . . . . . . . . . . . . 210
8 BMC PATROL for Microsoft Windows Servers Getting Started
Installation logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210 Determining PATROL KM version number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211 Appendix A Accessing menu commands, InfoBoxes, and online Help 213
Accessing KM commands and InfoBoxes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214 Accessing online Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215 Appendix B Agent configuration variables and rulesets 217 218 218 218 241 244 248 253 254 255 256 257 257 257 258 260 269 269 270 281 282 282 285 286 286 287 287 288 288 289 289 289 290 295
Managing configuration variables. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL for Windows Servers configuration variables . . . . . . . . . . . . . . . . . . . . . . . PATROL KM for Microsoft Windows OS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL KM for Microsoft Windows Domain Services . . . . . . . . . . . . . . . . . . . . PATROL KM for Microsoft Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL KM for Microsoft Cluster Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL KM for Microsoft Windows Message Queue. . . . . . . . . . . . . . . . . . . . . PATROL KM for Microsoft COM+. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL Wizard for Microsoft Performance Monitor and WMI. . . . . . . . . . . . . PATROL for Microsoft Windows Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL for Microsoft Windows Servers rulesets . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL KM for Event Management required . . . . . . . . . . . . . . . . . . . . . . . . . . . Using PATROL Configuration Manager to apply rulesets . . . . . . . . . . . . . . . . . . Server roles with predefined rulesets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ruleset reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using PATROL Configuration Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using PCM to apply configurations changes to other agents. . . . . . . . . . . . . . . . Manually creating or changing configuration variables . . . . . . . . . . . . . . . . . . . . Appendix C PATROL for Windows .kml files
PATROL for Microsoft Windows Servers .kml files . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL KM for Microsoft Windows OS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL KM for Microsoft Windows Active Directory . . . . . . . . . . . . . . . . . . . . PATROL KM for Microsoft Windows Active Directory Remote Monitoring . . PATROL KM for Microsoft Windows Domain Services . . . . . . . . . . . . . . . . . . . . PATROL KM for Microsoft Cluster Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL KM for Microsoft COM+. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL KM for Microsoft Message Queue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL Wizard for Microsoft Performance Monitor and WMI. . . . . . . . . . . . . PATROL KM for Log Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL History Loader KM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL KM for Event Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL for Microsoft Windows Servers rulesets. . . . . . . . . . . . . . . . . . . . . . . . . Index
Contents
10
Figures
Upgrading overview for PATROL for Windows Servers . . . . . . . . . . . . . . . . . . . . . . . 67 PATROL KM for Microsoft Cluster Server with external CLA configuration . . . . . . 75 PATROL KM for Microsoft Cluster Server with internal CLA configuration . . . . . . 75 Collection architecture for remote monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194 Object hierarchy for remote monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197 Shipped rulesets in PATROL Configuration Manager . . . . . . . . . . . . . . . . . . . . . . . . 260 Using the child_list and variable_list variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
Figures
11
12
Tables
Monitored events - DNS name registration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Core Active Directory service monitored events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 File replication service/group policy monitored events . . . . . . . . . . . . . . . . . . . . . . . . 27 Time synchronization service monitored events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Kerberos monitored events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Netlogon monitored events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 PATROL for Microsoft Windows Servers Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 System requirements for installing and using PATROL for Windows Servers . . . . 39 Advanced user rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 Removing rights and admin group membership from the PATROL Agent . . . . . . . 45 Versions that you can migrate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 Choosing an upgrade procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 Default values for PATROL location variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 KM file naming patterns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71 Monitoring configuration options for PATROL KM for Microsoft Cluster Server . . 74 PATROL for Microsoft Windows Servers .kml files . . . . . . . . . . . . . . . . . . . . . . . . . . 90 Console functionality that requires local admin rights . . . . . . . . . . . . . . . . . . . . . . . . . 97 PATROL KM for Microsoft Windows OS configuration tasks . . . . . . . . . . . . . . . . . 101 Enabling and disabling system monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 Event filter events:example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 Event filter options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 Default service monitoring flags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114 Service monitoring options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115 Configuration variable and service restart: combinations . . . . . . . . . . . . . . . . . . . . . 116 Process monitoring options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117 Regular expression syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117 Process control options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122 Event details displayed in the Windows Event Viewer dialog box . . . . . . . . . . . . . 126 Built-in recovery actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129 Selecting a recovery action instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131 Recovery action configuration options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131 Notification script location on Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134 Requirements for notification server when using Windows e-mail clients . . . . . . . 134 Quick Config - Notification Server dialog box properties . . . . . . . . . . . . . . . . . . . . . 138 Notification server properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139 PATROL Wizard for Microsoft Performance Monitor and WMI Tasks . . . . . . . . . 142 Reports for PATROL KM for Microsoft Windows OS . . . . . . . . . . . . . . . . . . . . . . . . 168 Reports for PATROL KM for Microsoft Windows Domain Services . . . . . . . . . . . . 169 Reports for PATROL KM for Microsoft Message Queue . . . . . . . . . . . . . . . . . . . . . . 170 Reports for PATROL for Microsoft COM+ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
Tables 13
Information required by PCC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178 Cluster administration properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186 PATROL cluster-specific environment variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189 Operation of configuration and history environment variables . . . . . . . . . . . . . . . . . 190 Parameters for remote monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197 Accessing KM Commands and InfoBoxes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214 Accessing online Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215 PATROL KM for Microsoft Windows OS variables . . . . . . . . . . . . . . . . . . . . . . . . . . . 219 PATROL KM for Windows Domain Services variables . . . . . . . . . . . . . . . . . . . . . . . 241 PATROL KM for Microsoft Active Directory variables . . . . . . . . . . . . . . . . . . . . . . . . 244 PATROL KM for Microsoft Cluster Server variables . . . . . . . . . . . . . . . . . . . . . . . . . . 248 PATROL KM for Windows Message Queue variables . . . . . . . . . . . . . . . . . . . . . . . . 253 PATROL KM for Windows COM+ variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254 PATROL Wizard for Performance Monitor and WMI variables . . . . . . . . . . . . . . . . 255 PATROL for Microsoft Windows Servers variables . . . . . . . . . . . . . . . . . . . . . . . . . . 256 Server roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258 Configuration variable locations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260 Application server ruleset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261 Terminal server ruleset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262 Remote access / VPN server ruleset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263 Print server ruleset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263 Domain controller ruleset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263 File server ruleset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264 Mail server ruleset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264 DNS server ruleset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265 WINS server ruleset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265 DHCP server ruleset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266 Streaming media server ruleset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266 SMS primary site ruleset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267 SMS site ruleset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268 Special characters required for pconfig variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271 Example: adding a service to monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273 Example: adding a process to monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274 Example: adding an event filter to monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276 Example: changing parameter thresholds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278 Understanding the THRESHOLDS rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278 Example: Inactivating or deactivating a parameter . . . . . . . . . . . . . . . . . . . . . . . . . . . 279 PATROL KM for Microsoft Windows OS NT_LOAD.kml file . . . . . . . . . . . . . . . . . . 282 PATROL KM for Microsoft Windows OS NT_BASE.kml file . . . . . . . . . . . . . . . . . . 284 PATROL KM for Microsoft Windows OS NT_HYPER-V.kml file . . . . . . . . . . . . . . . 285 PATROL KM for Microsoft Windows Active Directory .kml file . . . . . . . . . . . . . . . 285 PATROL KM for Microsoft Windows Active Directory Remote Monitoring .kml file 286 PATROL KM for Microsoft Windows Domain Services .kml file . . . . . . . . . . . . . . . 286 PATROL KM for Microsoft Cluster Server .kml file . . . . . . . . . . . . . . . . . . . . . . . . . . 287 PATROL KM for Microsoft COM+ .kml file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287 PATROL KM for Microsoft Message Queue .kml file . . . . . . . . . . . . . . . . . . . . . . . . . 288 PATROL Wizard for Microsoft Performance Monitor and WMI .kml file . . . . . . . . 288 PATROL KM for Log Management .kml file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
14
PATROL History Loader KM .kml file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289 PATROL KM for Event Management .kml files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289 PATROL for Windows Ruleset .kml files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290
Tables
15
16
Chapter
1
18 18 18 18 19 19 20 21 22 28 30 30 31 31 31 32 33 34 34 34 34 35 35 35
17
terminating a run-away process clearing the temp directory backing-up and clearing event logs restarting processes restarting failed services increasing available DFS connections when utilization is high increasing share connections when utilization is high initiating WINS scavenging when replication fails
18
restarting the Windows Management Instrumentation (WINMGMT.exe) service to ensure that WMI data is available restarting a PATROL Agent on a remote server
For more information about specific recovery actions, see the online Help, which you can access from the PATROL console, or see Configuring recovery actions on page 128.
Hypervisor
The product reports information about the number of monitored notifications registered with a hypervisor, the bootstrap and deposited pages, and the partitions, virtual processors, logical processors, and the running partitions present.
19
Product components
NOTE
To discover Hyper-V partitions and the data for each partition, the BMC PATROL Agent default user must be added to the local administrator group.
Product components
The PATROL for Windows Servers product includes components and Knowledge Modules (KMs) that manage and monitor elements of your server environment. A KM is a set of instructions that the PATROL Agent uses to monitor objects in your enterprise. PATROL for Windows Servers includes the following components and KMs, which are described in the sections that follow.
20
Product components
s s s s s s s s s s s s s s
PATROL KM for Microsoft Windows Operating System PATROL KM for Microsoft Windows Active Directory PATROL KM for Microsoft Windows Active Directory Remote Monitoring PATROL KM for Microsoft Windows Domain Services PATROL Cluster Configuration Wizard PATROL KM for Microsoft Cluster Server PATROL KM for Microsoft COM+ PATROL KM for Microsoft Message Queue PATROL KM for Event Management PATROL KM for Log Management PATROL Wizard for Microsoft Performance Monitor and WMI PATROL Adapter for Microsoft Office PATROL Agent PATROL History Loader KM
21
Product components
s s s
monitor and manage services monitor system Stop errors and manage dump files create custom composite parameters that are based on existing parameters
For information about configuring these features, see Configuring the PATROL KM for Microsoft Windows OS on page 101.
s s s s s
detect and notify if Microsoft Windows Active Directory generates errors or performs slowly monitor performance of system resources plan for capacity and availability monitor all domain controllers within a site monitor all domain controllers between sites anticipate and eliminate problems before they become apparent to users of the monitored Active Directory environments
For a brief description of product features, see the sections that follow. For more detailed information about how to use the product and complete descriptions of the application classes and parameters, see the product online Help.
Managed systems
PATROL KM for Microsoft Windows Active Directory monitors the performance of managed systems in a Microsoft Windows Active Directory environment. A PATROL KM for Microsoft Windows Active Directory managed system is a Windows domain controller onto which PATROL for Windows Servers has been installed. A managed system provides a view of its Microsoft Windows Active Directory environment. Each managed system is responsible for monitoring Microsoft Windows Active Directorys key indicators that are required to ensure and maintain the consistency of the Directory data and the desired level of service throughout the Microsoft Windows Active Directory forest.
22
Product components
Replication monitoring
PATROL KM for Microsoft Windows Active Directory monitors the Microsoft Windows Active Directory replication for errors and latency (to verify that replication occurs within a reasonable time), both within a site (intrasite) and between sites (intersite) in the configuration naming context and/or the domain context of the current domain controller. Directory replication is monitored at each managed system (domain controller). This functionality includes monitoring basic replication by creating synthetic transactions and verifying the replication of those transactions.
23
Product components
FSMO monitoring
PATROL KM for Microsoft Windows Active Directory monitors the availability of the forest-wide and domain-wide flexible single master operations (FSMO) roles.
LDAP monitoring
PATROL KM for Microsoft Windows Active Directory monitors Lightweight Directory Access Protocol (LDAP) locally at each monitored system for connection availability and response time. The AD_AD_LDAP application class monitors the performance of these LDAP requests.
SAM monitoring
PATROL KM for Microsoft Windows Active Directory monitors the Security Account Manager (SAM). SAM provides legacy NT authentication support. The AD_AD_SAM application class monitors these security requests.
Authentication monitoring
PATROL KM for Microsoft Windows Active Directory monitors Kerberos and NTLM authentication requests made against the Microsoft Windows Active Directory server. The AD_AD_AUTHENTICATION application class monitors these requests.
24 BMC PATROL for Microsoft Windows Servers Getting Started
Product components
Event monitoring
To measure the overall health of the domain controllers, PATROL KM for Microsoft Windows Active Directory configures the PATROL KM for Microsoft Windows OS to monitor various events pertaining to
s s s s s s
DNS name registration Core Active Directory service File replication service and group policy Time synchronization service Kerberos Netlogon
25
Product components
System
NETLOGON
5774
Product components
Table 3
Event log FRS
Application
Application
SCECLI
Severity = error
Kerberos
To identify events that many indicate problems with Kerberos, the default authentication protocol, PATROL KM for Microsoft Windows Active Directory monitors the event shown in Table 5 Table 5
Event Log System
Net Logon
To identify events that may indicate problems with Net Logon service and protocol, which is required for proper domain controller functionality, PATROL KM for Microsoft Windows Active Directory monitors the events shown in Table 6 on page 28.
27
Product components
Table 6
Event log System
FSMO monitoring
PATROL KM for Microsoft Windows AD Remote Monitoring monitors both the forest-wide and domain-wide Flexible Single Master Operation (FSMO) roles. Active Directory supports multi-master replication of the directory data between all domain controllers in the domain. This model takes domain configuration changes made at any domain controller in the domain and automatically propagates those changes to each of the domain controllers in the domain. However some changes do not lend themselves to a multi-master environment. One domain controller, the operations master, accepts requests for such changes. The operations master roles can be moved between domain controllers within the domain and are referred to as Flexible Single Master Operation (FSMO) roles. In any Active Directory forest, there are five FSMO roles that are assigned to one or more domain controller. Some FSMO roles must appear in every forest, while other roles must appear in every domain within the forest. The following operations master roles must appear in every forest:
s s
28
Product components
NOTE
Domain controllers and the client must be able to locate and establish an LDAP connection with the FSMO role holders.
LDAP monitoring
Lightweight Directory Access Protocol (LDAP) is monitored locally at the managed node. LDAP response time is measured as the amount of time required to establish an LDAP connection to a domain controller. Longer connect times may indicate a heavily loaded domain controller. To eliminate network latency, response time for performing an LDAP bind operation is measured on the domain controller being tested.
A DNS address record (A record) that matches the IP address of the domain controller and is registered with the DNS server. A DNS LDAP service location (SRV) record that matches the host name of the domain controller and is registered with the DNS server. To obtain information about this record, the KM sends the following query to the default DNS server: _ldap._tcp.dc._msdcs.fullyQualifiedDomainName.
A global catalog LDAP SRV record that matches the host name of the global catalog for the domain controller and is registered with the domain controller. To obtain information about this record, the KM sends the following query to the default DNS server: _ldap._tcp.dc._msdcs.fullyQualifiedForestRootDomainName.
29
Product components
Distributed File System (DFS) Dynamic Host Configuration Protocol (DHCP) service availability and lease usage Domain Name Service (DNS) remote server connectivity replicated directories shared directories trust relationships Windows Internet Naming Service (WINS)
For instructions on how to monitor these features, see the PATROL KM for Microsoft Windows Domain Services online Help system.
all clusters in a domain (only available when the agent is outside of the cluster) individual clusters cluster communication networks cluster network interfaces cluster nodes cluster objects and resources cluster groups workload data group resources quorum device
30
Product components
For more information about specific functionality that supports these features see the PATROL KM for Microsoft Cluster Server online Help.
MSMQ service MSMQ queues MSMQ messages MSMQ roundtrip message time
For instructions on how to monitor these features, see the PATROL KM for Microsoft Message Queue KM online Help system.
monitors the COM+ run-time environment monitors the status of COM+ applications
31
Product components
s s s
manages the MS DTC service by providing the ability to start or stop the service monitors Windows COM+ log events monitors Windows log events related to the Microsoft Distributed Transaction Coordinator (MS DTC) service and monitors the MSDTC service status
For instructions on how to use these features, see the PATROL KM for Microsoft COM+ KM online Help system.
automatically monitors key log files monitors files that do not currently exist on the system monitors log files with dynamic names using wild card characters monitors the size of log files monitors the growth rate of log files monitors the content of log files monitors the state of log files monitors the age of the log files monitors log files using numeric comparisons
The PATROL KM for Log Management also provides the following management features:
s
triggers alerts when a log file exceeds a specified size triggers alerts when a text string or regular expression is discovered within a log file creates automated recovery actions when a log file exceeds an acceptable size or growth rate configures log searches to ignore subsequent alerts for a specified number of polling cycles if the search finds a matching string or regular expression in a log file override an ignored alert if the search finds a matching string or regular expression more than n times before the ignore setting is completed specify the number of log scan cycles after which a WARN or ALARM state is automatically changed to OK
32
Product components
creates robust searches by using NOT and AND statements with the text strings or regular expressions in the log search alerts for log file age sets multiple schedules for multiple polling cycles per log file disables/enables default log monitoring
You can set up the following predefined recovery actions to execute when monitored log files exceed a specified size or growth rate.
s s s
clear and back up log files delete files run in attended and unattended modes
To get started with the PATROL KM for Log Management, see Configuring the PATROL KM for Log Management on page 147. For detailed instructions, see the BMC PATROL KM for Log Management User Guide and the PATROL KM for Log Management online Help system.
configure notification (email, paging, trouble-ticket, or custom) for PATROL alerts configure PATROL to send notifications to an enterprise console configure recovery actions for alarm, warning, and information events reword notification messages and customize message content specify the maximum number of events displayed in the console use wildcards to represent instance names when setting up parameters configure PATROL to monitor the availability of hosts manage PATROL parameter thresholds and polling schedules configure blackout periods for notification and for availability monitoring integrate with the AlarmPoint notification software using provided scripts integrate with any command line email client, paging solution, compiled executable, or script. Sample scripts are provided.
To get started with the PATROL KM for Event Management, see Configuring e-mail notification on page 132. For more detailed instructions and reference information, see the PATROL KM for Event Management User Guide.
33
Product components
PATROL Agent
PATROL for Windows Servers includes the PATROL Agent. The PATROL Agent monitors a system according to the instructions provided by loaded PATROL KMs. You can display the information gathered by the PATROL Agent on the PATROL Console. For more information, see the PATROL Agent Reference Manual.
34 BMC PATROL for Microsoft Windows Servers Getting Started
Services
Services
The PATROL for Microsoft Windows Servers product uses the following services: Table 7
Service PATROL Agent The PATROL MCS Monitor Service
Related documentation
For additional information about PATROL for Windows Servers, see the online Help for the component of interest and refer to the PATROL for Microsoft Windows Servers release notes. For information about the PATROL for Windows Servers parameters, see the product Help or the PATROL Parameter Reference Manual. For additional information about PATROL, see the following documentation:
s s
To view the complete PATROL documentation library, visit the support page on the BMC Software Web site at http://www.bmc.com/support. Log on and select a product to access the related documentation. To log on if you are a first-time user and have purchased a product, you can request a permanent user name and password by registering at the Customer Support page. To log on if you are a first-time user and have not purchased a product, you can request a temporary user name and password from your BMC Software sales representative.
how to load and configure the components using a Chapter 3, Loading and configuring PATROL for PATROL console Microsoft Windows Servers
35
PATROL for Windows Servers agent configuration Appendix B, Agent configuration variables and variables and predefined rulesets rulesets KMs included in each PATROL for Windows Servers .KML file Appendix C, PATROL for Windows .kml files
36
Chapter
This chapter provides the information that you need to install PATROL for Windows Servers. For additional information about the PATROL installation process, see the PATROL Installation Reference Manual. The following topics are discussed in this chapter: Installation overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Verifying installation requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . System requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Additional component-specific requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Preparing for installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Turning off pop-up blocking software before installing . . . . . . . . . . . . . . . . . . . . . Unsupported platform option in the installation utility user interface. . . . . . . . . Extraneous target platform options available in the installation utility user interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Checking for product patches or fixes before installing . . . . . . . . . . . . . . . . . . . . . Determining how to install products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Determining the version of the installation utility . . . . . . . . . . . . . . . . . . . . . . . . . . Determining where to install the PATROL Agent . . . . . . . . . . . . . . . . . . . . . . . . . . Installing the PATROL Agent over an existing installation . . . . . . . . . . . . . . . . . . Extracting installation files after download. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Determining where to install KMs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL Security levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Checking security levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Assessing and implementing a different security level . . . . . . . . . . . . . . . . . . . . . . Default and custom installation types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . First-time installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Installing for the first time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . First-time installation using Distribution Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Distribution Server features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Importing a CD or customized installation package into Distribution Server. . . Installing with the Distribution Server (overview) . . . . . . . . . . . . . . . . . . . . . . . . . Upgrading from an earlier version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Chapter 2 Installing and migrating PATROL for Windows Servers
38 39 39 40 43 49 49 50 50 50 51 51 51 51 52 52 53 54 54 54 55 55 60 60 61 62 63
37
Installation overview
Automatic migration of console and agent customizations . . . . . . . . . . . . . . . . . . 63 Determining whether you can migrate KM customizations . . . . . . . . . . . . . . . . . . 64 Conditions for upgrading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 Determining the location of PATROL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 PATROL for Windows Servers upgrade scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 Upgrading without saving KM customizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 Upgrading and preserving KM customizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 Preparing to upgrade. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 Migrating customizations with the PATROL Configuration Manager . . . . . . . . . 70 Creating an installation package of the migrated and merged KM . . . . . . . . . . . . 70 Moving files from the PATROL_CACHE directories. . . . . . . . . . . . . . . . . . . . . . . . 71 Migrating customizations manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72 Installing PATROL KM for Microsoft Cluster Server . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 External cluster-level agent architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74 Internal cluster-level agent architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 How to Install the PATROL KM for Microsoft Cluster Server . . . . . . . . . . . . . . . . 76 Considerations for using online Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77 Browser version required for viewing PATROL Console for UNIX Help . . . . . . 78 Additional considerations for using online Help for UNIX . . . . . . . . . . . . . . . . . . 78 Uninstalling PATROL for Windows Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 Determining the version of the installation utility . . . . . . . . . . . . . . . . . . . . . . . . . . 80 Uninstalling PATROL for Windows Servers on Windows . . . . . . . . . . . . . . . . . . . 81 Where to go from here . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Installation overview
This chapter contains instructions for installing PATROL for Windows Servers. For additional installation instructions, see the following documents:
Component PATROL KM for Event Management PATROL KM for Log Management PATROL History Loader KM See PATROL KM for Event Management User Guide PATROL KM for Log Management User Guide PATROL History Loader Knowledge Module User Guide
PATROL Perform Agent for Microsoft Getting Started with PATROL for Microsoft Windows Windows Servers Servers Performance
38
system requirements requirements for specific PATROL for Microsoft Windows Servers components account requirements
System requirements
Verify that the target computer meets the installation requirements listed in Table 8 on page 39. These requirements apply to all PATROL for Windows Servers components. Table 8
Resource operating systems security levels
System requirements for installing and using PATROL for Windows Servers (Part 1 of 2)
Requirements For an updated list of supported operating systems, see the PATROL for Microsoft Windows Servers Release Notes. All security levels are supported. For more information about PATROL security, see PATROL Security levels on page 53. The PATROL Security Level is set during the installation of the PATROL infrastructure components. If your product contains the PATROL Agent, you are able to select the security level. Make sure that the level that you select is compatible with the rest of your enterprises PATROL installation. Comments
For an updated list of supported operating systems, see the PATROL for Microsoft Windows Servers Release Notes. You must have a valid demonstration license (typically good for 30 days) or a permanent license to run your PATROL products. If you are installing an agent or console with PATROL for Windows Servers, you must specify the port number to connect to all the agent computers. If you do not have a permanent license, contact your BMC Software sales representative or the BMC Software Contract Administration department. The default port number for agents is 3181. The default port number for the RTServer is 2059.
ports (UDP/TCP)
Chapter 2
39
Table 8
Resource
System requirements for installing and using PATROL for Windows Servers (Part 2 of 2)
Requirements Comments Use Netscape Navigator version 3.014.78 to use Browser version required for viewing online Help with PATROL for UNIX. PATROL Console for UNIX Help on page 78
(UNIX only) browser to support online Help for PATROL Console for UNIX browsers
This product uses an installation utility that requires a browser. For a list of supported browsers, see the PATROL Installation Reference Manual.
disk space 151 MB for an agent needed to install (without components and KMs) 151 MB for a console (without components and KMs) 242 MB for an agent (with all solution components and KMs) 116 MB for a console (with all solution components and KMs) Monitor (for Console) File system Network 256-color display 800 x 600 resolution FAT or NTFS TCP/IP network protocol
NT_DHCP parameters WpReplicationFailures parameter executing the WINS Database Scavenging menu command
40
As a default, the SNMP service is configured to accept SNMP packets from any host. If the service is configured to accept packets from hosts, then the local host IP address or hostname must be added to the list of hosts. It is not sufficient to add localhost or the loopback address 127.0.0.1. At a minimum, the SNMP community string must have READ permissions. To initiate the WINS Database Scavenging menu command, the community string must have WRITE permissions as well. On Windows 2000 servers, the community string must be an ASCII character string. Microsoft Windows 2000 does not support non-ASCII characters in community strings. For the NT_DHCP application class to work, the default PATROL Agent account must have full access to %PATROL_HOME% and all subdirectories. On Windows 2003 and later, the default PATROL Agent account must also be a member of the DHCP Users group.
Process monitoring
To monitor processes, the PATROL Agent must have access to the following hive and all sub-keys: HKLM\SOFTWARE\Microsoft\WindowsNT\perflib
PATROL KM for Windows Active Directory requires that the Event Log component of PATROL KM for Microsoft Windows Servers is active. By default the Event Log component is active. For more information, see Configuring Windows events monitoring on page 103. PATROL for Windows Servers monitors Microsoft Windows Active Directory only when Microsoft Windows Active Directory is running on domain controllers. PATROL KM for Microsoft Windows Active Directory supports the Read Only Domain Controller support on Microsoft Windows 2008.
42
BMC Software recommends that you preload NT_BASE.kml or NT_LOAD.kml on the cluster agent machine. For more information about preloading, see Preloading KMs on the PATROL Agent on page 94.
PATROL Agent 3.6.00 or later must be installed. Default account for the PATROL Agent must be a domain user account.
Accounts
This section describes how to set up a PATROL installation account for Windows.
Stand-alone workgroup servers must use a local user account as a PATROL Agent default account. Servers that are trusted members of a domain can use either a local or a domain account. Domain controllers must use a PATROL Agent default account that is also a domain account.
Chapter 2
43
NOTE
If you are not using the PATROL Agent default account as a Console connection account, you will need to have the Log on locally account rights for the connection account. PATROL Agent first tries to log on locally; if this fails, it tries to connect to the console by using the network login rights.
KM functions performed
The PATROL Agent uses the PATROL Agent default account to perform the following KM functions:
s s s s s s s
collect information from performance counters collect information from the Windows event log self-tune for peak performance and non-intrusive use of the processor access system-level information make debug-level output available from the PATROL KM applications access the command interpreter for operating-system-level commands create and remove processes in the process table for collecting performance data
Advanced User Right Act as part of operating system Debug programs Increase quotas Log on as a service Log on locally (Windows 2000) Allow log on locally (Windows 2003) Manage auditing and security log
44
Table 9
Advanced User Right Profile system performance Replace a process level token
Administrative rights
BMC Software recommends that you make the PATROL Agent default account a member of the local Administrators group of the computer where the agent will reside. On a domain controller, BMC Software recommends that you make the account a member of the domain Administrators group. However, you can choose to remove the PATROL Agent default account from the local or domain Administrators group. You could also remove the advanced user rights described in Table 9 on page 44. However, if you do so, the PATROL Agent cannot perform all of its tasks. Table 10 on page 45 shows the PATROL for Microsoft Windows Servers tasks that the Agent cannot perform when the following restrictions are placed on the PATROL Agent default account:
s
The account is in a domain user group or local user group, but is not in the domain or local administrators group. The account does not have all of the advanced user rights noted in Table 9 on page 44.
Table 10
KM
Removing rights and admin group membership from the PATROL Agent (Part 1 of 3)
Effect The cluster KM does not function. No authentication to the cluster can be performed. Workaround and notes To be fully functional, the agent outside of the cluster can be in the admin group and contain all of its rights, while the agents within the cluster are removed from the administrators group and do not have the seven advanced user rights. The monitoring user account does not have the Logon As Batch Job user right.
Chapter 2
45
Table 10
KM
Removing rights and admin group membership from the PATROL Agent (Part 2 of 3)
Effect Restart Service recovery action does not execute. Message in system output window indicates access denied and inability to restart service. If the PATROL Agent default account lacks the Debug Programs right, cannot monitor the status of processes. The Terminate Process and Restart Process recovery actions do not work. Backup Event Log and Clear Event Log recovery action does not work. Workaround and notes The PATROL Agent default account must be in the local or domain Admins group. Granting a specific user right is not a valid workaround. Add the Debug Programs right to the PATROL Agent default account. Membership in the Administrators group not needed. Add the Debug Programs right to the PATROL Agent default account. Add the user right Backup files and directories to the PATROL Agent default account. For the security event log, you must also add the user right Manage auditing and security log. The PATROL Agent default account must be in the local or domain Admins group. Assign read/write permissions on the temp directory to the PATROL Agent Default account. Add the user right Manage auditing and security log to the PATROL Agent default account. The PATROL Agent default account must be in the local or domain Admins group. Granting a specific user right is not a valid workaround. Add the PATROL Agent default account to the Account Operators, Print Operators, or Server Operators built-in group. Add the PATROL Agent default account to the Account Operators, Print Operators, or Server Operators built-in group. Grant the advanced user right log on locally to the PATROL Agent default account. Add the PATROL Agent default account to the DHCP Users group.
Logical disk quotas and mount points do not work. The Clean Temporary Directories recovery action does not execute. Unable to monitor the security event log. The NT_EVENTLOG application displays a message in the _DiscoveryStatus parameter. Blue Screen KM unable to detect a blue screen condition.
The Increase connections allowed o Share recovery action associated with the ShConnPercent parameter does not work. DFSRootReplica does not work when checking alternate domain controller. Parameters are unavailable and in alarm. On Windows 2003, the NT_DHCP application class does not work.
46
Table 10
KM
Removing rights and admin group membership from the PATROL Agent (Part 3 of 3)
Effect AD disk space used does not work. Workaround and notes Grant the PATROL Agent default account the following permission on the DSA Working Directory and its subdirectories: List Folder Contents/Read Data. The KM reads the registry to obtain the DSA Working Directory. It needs access to the following registry keys and subkeys: HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet\Services\NTDS Configuration NC replication checking does not work. Grant the PATROL Agent default account sufficient Active Directory permissions to create a container object and child container objects in the configuration naming context of the forest in which the domain controller resides. Grant the PATROL Agent defaultAccount permission to Create Container Objects in the Configuration NC and to give Full Control to the created container object and its children. Domain NC replication checking does not work. Grant the PATROL Agent default account sufficient Active Directory permissions to create a container object and child container objects in the domain naming context of the domain in which the domain controller resides. Grant the PATROL Agent defaultAccount permission to Create Container Objects in each Domain NC and to give Full Control to the created container object and its children.
Chapter 2
47
WARNING
Do not use a built-in Windows domain or local Administrator account as the PATROL default account. Such account usage causes files created by PATROL to be owned by the Administrator, which could result in security or file access problems.
cluster account must be a domain account cluster account must have access permission to the cluster all local agents in the cluster must use the same port number
An external CLA configuration requires a user-defined cluster account separate from the PATROL default account. This account must have cluster administrative privileges. The PATROL MCS Monitor Service (McsService.exe) also runs under this account. An internal CLA configuration can use either a separate user-defined cluster account (a domain account with cluster administrative privileges) or, when certain requirements are met, it can use the PATROL default account. When installed, if the PATROL KM for Microsoft Cluster Server does not discover a separate cluster account, it checks the PATROL agent default account for the following required characteristics:
s s
If these requirements are in place, the Cluster KM uses the PATROL agent default account to access the cluster and to communicate with the agents running on all other nodes in the cluster, and the PATROL MCS Service runs under this account. This account information is not replicated to other nodes so, if you want the Cluster KM to use the PATROL agent default account to monitor the cluster, these requirements must exist for every PATROL agent default account on every node in the cluster. To discover the PATROL KM for Microsoft Cluster Server you require the Logon as a
batch job privilege for cluster account and PATROL Default Account.
48
s s
s s s s s
ensure that pop-up blocking software is turned off before installation (see page 49) determine if you are using an unsupported platform option in the installation utility user interface (see page 50) determine the extraneous target platform options available in the installation utility user interface (see page 50) check for product patches or fixes before installing (see page 50) verify if you are installing PATROL Agent on top of an existing installation (see page 51) determine the order in which you must extract the installation files after download (see page 52) determine how to install products (see page 51) ensure you are using the appropriate version of the installation utility (see page 51) understand where to install the PATROL Agent and KMs (see page 51) understand PATROL security options (page 53) choose between Default and Custom installation options (see page 54)
Chapter 2
49
WARNING
Do not select the Windows NT 4.0 (Intel) platform when building an installable image.
Extraneous target platform options available in the installation utility user interface
If you use the installation utility to build an installable image, the following extraneous target platform options are displayed in the Select Platforms dialog box:
s s s s
Windows NT 4.0 (Intel) Above Windows 2003 (Intel) Above Windows 2003 (Itanium) Above Windows 2003 (Opteron/EM64T)
None of the preceding platforms are supported by the PATROL for Microsoft Windows Servers solution. Do not select these target platforms when building an installable image.
50
1 Open a command prompt. 2 Navigate to the directory where the installation utility is located. 3 Enter Setup.exe -v (Windows) or setup sh -v (UNIX).
Chapter 2
51
EXAMPLE
If you downloaded the following components, you must extract them in this order: 1. installation utility (extract first) 2. PATROL KM for Log Management 3. PATROL Agent for Microsoft Windows Servers 4. PATROL for Microsoft Windows Servers (extract last)
52
Computers hosting a PATROL Agent Each computer that you want to monitor should, at a minimum, have the PATROL Agent and the PATROL KM for Microsoft Windows OS. You might want to install other KMs to monitor specific server types such as Exchange Servers, Microsoft SQL Servers, Domain Controllers, Cluster Servers, Terminal Servers, and so on. When installing these KMs on the PATROL Agent computer, select Managed System as the system role during the installation.
Computers hosting a PATROL console Install every KM that you want to use on each PATROL console computer. When installing these KMs on a PATROL console computer, select Console Systems as the system role during the installation.
Computers hosting a PATROL Console Server If you use the PATROL Console Server, install every KM that you want to use on the PATROL Console Server computer. Install the same KM and the same version of the KM that is running on the PATROL Agents. When installing these KMs on a PATROL Console Server computer, select Common Services as the system role during the installation.
For more information about the PATROL consoles and PATROL Console Server or RTserver, see the products respective online help systems and the following documents:
s s s s s s
PATROL Central Operator - Web Edition Getting Started PATROL Central Operator - Microsoft Windows Edition Getting Started PATROL Console Server and RTserver Getting Started PATROL Configuration Manager User Guide PATROL Console for UNIX User Guide PATROL Console for Microsoft Windows User Guide - Understanding the Basics of PATROL, Volume 1, 2, and 3
Chapter 2
53
Agents, console servers, and consoles must operate at the same security level to communicate with each other. When you install agents, console servers, or consoles that need to communicate with previously installed versions of these components, check the security level of the previously installed components and be sure to install the new ones at the same level.
1 From the command line switch to the path on the computer that you want to check:
%BMC_ROOT%\common\security\bin\Windows-x86
2 Run the following command to display the security policy of the current machine:
esstool policy -a
The security level is displayed in the security level field of the output.
The Default installation type uses default values for all optional configuration information. It prompts you only for mandatory configuration information. This type is for any or all of the following situations: You are new to the PATROL product that you are installing and you have an agent or console already installed in the default directories. You are performing a first-time installation (you are not upgrading), and you are installing into the default product installation directories.
54
First-time installation
NOTE
If you are installing PATROL for Windows Servers to an existing PATROL Agent or Console environment that is not in the default installation directory, use Custom. Do not use Default. Default will automatically install the agent or console with PATROL for Windows Servers and overwrite your existing installation.
With the Custom installation type, you can install individual components of the product. It requires that you specify all configuration information. This type is for any or all of the following situations: You want to install individual components rather than the entire product. You want to specify the following settings: s the port numbers that components use to communicate with each other s a security level greater than basic security s any other product settings that a user might want to change You are upgrading PATROL for Windows Servers from a previously installed version. You are installing into an existing PATROL environment that is not in the default installation directory.
With each installation type, you can always deselect any components that you do not want to install.
First-time installation
The installation utility offers two types of installations: Default and Custom. For a description of the two types of installations, see Default and custom installation types on page 54.
NOTE
By default, the Default installation type configures the PATROL Agent to connect through port 3181. If you want to connect the agent from a different port, you must use the Custom installation type.
Chapter 2
55
First-time installation
You first should install on a limited number of computers in the test environment, test the installation thoroughly, and then install in your production environment. You must have created the PATROL default account. If you want to install PATROL for Windows Servers on a computer running Windows 2000 with Citrix Metaframe, you must have access to a second computer that runs a browser that is supported by the installation utility.
To install using the default installation type 1 Close the Service Control Manager window and the Control Panel window. 2 From the PATROL for Microsoft Windows Servers CD or from an installation
image that has been electronically downloaded from an EPD site and extracted, run setup.exe. When installing on a Windows Server in application mode or with Citrix Metaframe installed, perform the following steps to launch the installation utility:
A From a command line, change to the directory where the installation utility is
located and enter the following command to change to installation mode:
change user/install
A message box is displayed that shows the URL to use to connect to the installation Web server.
C On another computer with a browser, start the browser. D Connect to the installation Web server from the browser to start the installation
utility by using the URL that is displayed in the message box on the computer on which you are installing the product.
3 In the Welcome to the Installation Utility window, click Next to begin your
installation.
4 Review the license agreement, select Accept, and click Next to continue. 5 In the Select Installation Option window, select I want to install products on this
computer now and click Next to continue.
56
First-time installation
6 In the Select Type of Installation window, select Default and click Next to continue. 7 In the Specify Installation Directory window, accept the default directory and click
Next to continue.
8 In the Select System Roles window, select any or all of the following roles to
indicate the components that you want to install and click Next:
s
If you are installing to a computer that hosts or will host only a PATROL Console for Windows, select Console Systems. If you are installing to a computer that hosts or will host a PATROL Agent, select Managed Systems. If you are installing to a computer that hosts or will host the PATROL Central Operator Web Edition, or the PATROL Console Server select Common Services.
9 From the Select Products and Components to Install window, select components
that you want to install or accept the defaults and click Next.
10 In the PATROL Default Account Properties window, enter the user name and
password that you want to use for your PATROL default account and click Next. This window is displayed only when you are installing a product that requires a PATROL logon. You should have created this account manually before you began to install PATROL. (For more information, see Accounts on page 43.)
11 In the Review Selections and Install window, review your selections and, to make
changes, click Back or, to start installing, click Start Install. A status window opens that contains current messages, current milestones, and percentage complete.
12 When the status window reports that the installation is 100% complete, click Next
to view the results window. (Next does not appear until the installation is 100% complete.)
13 (Optional) In the results window, click View Log to review the details of the
installation.
Chapter 2
57
First-time installation
To install using the custom installation type 1 Close the Service Control Manager window and the Control Panel window. 2 From the PATROL for Microsoft Windows Servers CD or from an installation
image that has been electronically downloaded from an EPD site and extracted, run setup.exe. When installing on a Windows Server in application mode or with Citrix Metaframe installed, perform the following steps to launch the installation utility:
A From a command line, change to the directory where the installation utility is
located and enter the following command to change to installation mode:
change user/install
A message box is displayed that shows the URL to use to connect to the installation Web server.
C On another computer with a browser, start the browser. D Connect to the installation Web server from the browser to start the installation
utility by using the URL that is displayed in the message box on the computer on which you are installing the product.
3 In the Welcome to the Installation Utility window, click Next. 4 In the Review License Agreement window, review the license agreement, select
Accept and click Next.
5 In the Select Installation Option window, select I want to install products on this
computer now and click Next.
6 From the Select Type of Installation Window, select Custom and click Next. 7 In the Specify Installation Directory window, enter the directory where the
products that you select will be installed and click Next. The PATROL product directory is appended to the path that you enter in this step. You will specify the PATROL product directory in step 10 on page 59.
8 In the Select System Roles window, select any or all of the following roles to
indicate the components that you want to install and click Next:
58
First-time installation
If you are installing to a computer that hosts or will host a PATROL Console, select Console System. If you are installing to a computer that hosts or will host a PATROL Agent, select Managed System. If you are installing to a computer that hosts or will host the PATROL Central Operator Web Edition or the PATROL Console Server, select Common Services.
For more information about the PATROL consoles and PATROL Console Server or RTserver, see the following documents:
s s s
PATROL Central Operator Web Edition Getting Started PATROL Central Operator Microsoft Windows Edition Getting Started PATROL Console Server and RTserver Getting Started
9 From the Select Products and Components to Install window, select the items that
you want to install, and click Next.
10 In the Provide the PATROL 3.x Product Directory window, enter in the PATROL
3.x Product Directory field the directory in which you want to install PATROL for Windows Servers as appropriate for your installation. This directory is appended to the base directory path that is shown in the BMC Products Installation Directory field entered in step 7 on page 57.
11 If the PATROL Default Account Properties window appears, enter the user name
and password that you want to use for your PATROL default account and click Next. This window is displayed only when you are installing a product that requires a PATROL logon. You should have created this account manually before you started the installation process. (For more information, see Accounts on page 43.)
12 In the Complete the Confirm BMC Product Startup Information window, perform
the following steps (this window does not appear if you are not installing into a managed system):
A In the Specify the Current Agent Port Number field, enter the port number that
you want the PATROL Agent to use. The default is 3181.
NOTE
If your previous installation used a different port number, change the default to the current port number for the PATROL Agent.
B In the Restart the PATROL agent automatically? field, click Yes or No.
Chapter 2 Installing and migrating PATROL for Windows Servers 59
13 In the Review Selections and Start Install window, review the selections and, to
make changes, click Back or, to start installing, click Start Install.
14 When the status window reports that the installation is 100% complete, click Next
to view the results window. (Next does not appear until the installation is 100% complete.)
15 (Optional) In the results window, click View Log to review the details of the
installation.
Install, uninstall, upgrade, and reinstall products on remote systems from one central location. Create collections of products and system groups to distribute multiple products to multiple systems in one distribution. Schedule a distribution for a specific date and time. Maintain multiple product versions to be distributed.
60
View reports to check distribution status, gather distribution data, and diagnosis problems.
To import PATROL for Windows Servers into the Distribution Server, perform the following tasks: Importing a CD or customized installation package into Distribution Server on page 61.
The customized installation packages that resulted from Creating an installation package of the migrated and merged KM on page 70 must be accessible to the Distribution Server. Ensure that you use the Distribution Server version 7.1.01 or later.
To import components in to the Distribution Server 1 Using the Distribution Server Manager, connect to the Distribution Server. 2 In the Distribution Server tab area, click the Components tab. 3 In the list area, click the Import button. 4 Navigate to the location where the components are located and click Next. 5 Select the directory that contains the Products directory (do not select the Products
directory itself). If the components are not accessible on a local drive, you can specify them by using the NFS name and path.
EXAMPLE
Assuming that you copied the CD image into a directory called merged_CD and then, after migrating your customizations and creating a customized installation package, you copied the updated package to the directory containing the CD image, the resultant directory structure would resemble merged_CD\Products\pokchm. You would select the directory merged_CD.
Chapter 2
61
6 Select the check boxes for the components that you want to import and click OK. 7 Click Import to import the selected components. Where to go from here
To remotely install PATROL for Windows Servers throughout your enterprise, use the instructions in the Distribution Server Getting Started Guide. For an overview of that process, see Installing with the Distribution Server (overview).
To set up products 1 Import components into the Distribution Server repository on the Components tab
of the Distribution Manager.
3 Configure the collections on the Configurations tab of the Distribution Manager. To set up systems 1 Create accounts in the operating system of the computers to which you want to
distribute PATROL for Windows Servers.
2 Add accounts and create profiles for the systems on the Systems tab of the
Distribution Manager.
3 Add the systems and install the Distribution Client on the Systems tab of the
Distribution Manager.
4 Arrange systems in system groups on the Systems tab of the Distribution Manager.
62
To distribute products 1 Distribute configurations of collections to system groups on the Distributions tab of
the Distribution Manager.
2 Run reports to review distributions on the Reports tab of the Distribution Manager.
For detailed instructions about how to perform remote installations with the Distribution Server, see the Distribution Server Getting Started Guide.
Upgrading without saving KM customizations on page 68 Upgrading and preserving KM customizations on page 68
Figure 1 on page 67 describes the general process of upgrading to a new version of PATROL for Windows Servers and migrating any customizations.
agentsstored in the agent configuration file consolesstored in the console cache files
NOTE
Customized Knowledge Modules and PSL files are also stored in the cache but they are not automatically preserved and incorporated.
Chapter 2
63
PATROL KM for Windows Domain Services 1.1.00 and later 1.5.00a, 1.5.01 and later 1.5.02 and later 2.7.08 and later 1.1.00 and later 1.1.00 and later 1.2.00 and later 2.0.04 and later If you created .km files and parameters using an older version of this component, they will continue to work, even after loading the new KM.
a
When the PATROL KM for Microsoft Windows Active Directory is installed on a server that has PATROL KM for Windows Domain Services 1.3.00, 1.4.00, or 1.4.01 installed, the application classes that begin with NT_AD are automatically disabled. These disabled application classes are recorded in the configuration variable /AgentSetup/disabledKMs.
64
Table 12
have not made any customizations to the KM files in your previous version of PATROL for Windows Servers want to overwrite customizations you made to the KM files with the default values of the new version of PATROL for Windows Servers have a currently installed version of PATROL for Windows Servers that cannot be migrated (See Table 11 on page 64)
made customizations to the KM files in your previously installed version of PATROL for Windows Servers and want to save those customizations and migrate them to the new version of PATROL for Windows Servers
Chapter 2
65
Using the control panel 1 Select Control Panel using one of the following menu paths:
s s
Start => Settings => Control Panel. Start => Control Panel.
2 Open the System application. 3 Select the Advanced tab. 4 Click Environment Variables. 5 Scroll through the System Variable list box to view the variables.
The System application displays PATROL_CACHE only if it is set to a value other than its default value.
not migrating customizations migrating customizations manually migrating customizations then installing the product using one of the following tools: Common Installation Utility for local installations Distribution Server for remote installations
66
Figure 1
Saving customizations?
No
Yes
Yes No
No
Migrating customizations manually on page 72 Back up PATROL_HOME and PATROL_CACHE directories and note all customizations. Shut down agent and console, remove previous version of the product from PATROL_CACHE and PATROL_HOME directories on agent and console computers. Install PATROL for Windows Servers using instructions in on page 55. Manually change settings or PSL files to match your customizations for the previous version.
Chapter 2
67
NOTE
Customizations applied using PATROL Configuration Manager or operator overrides are automatically saved in the agent configuration database. They will take effect automatically unless the parameter name or application name has changed. In either of those cases, you must reapply the customizations.
When installing PATROL for Microsoft Windows Servers over an existing version, if you stop PATROL services manually (not normally required) before running the installation program, stop the PATROL Agent service (PatrolAgent.exe) first, followed by any other PATROL services.
NOTE
To upgrade and preserve customizations, you must either migrate your customizations manually or use the PATROL Migration Tools version 3.5 to create a customized installation package. If you are using the Distribution Server to install the merged customization package, ensure that you have the latest version of the product installed as well as any available patches.
68
Preparing to upgrade
Whether you are upgrading and migrating customizations or simply upgrading, you must first back up the current installation. If the .kml file or any of the .km files for the new version of PATROL for Windows Servers has a different file name from the previous version, you must remove those files from the list of KMs that are preloaded on the PATROL Agent.
1 Shut down any PATROL Agents, consoles, and related services that are currently
running.
2 Ensure that no one is accessing any PATROL files or directories. 3 Perform a full backup of the directories where PATROL files are typically stored.
These directories are listed in the following table:
File type executables and data console customizations Directory PATROL_HOME for agent and console installation directories PATROL_CACHE for the console working cache
Chapter 2
69
If you have localized parameters or global parameters that have customized poll times or thresholds, use the AS_CHANGESPRING KM to migrate these customizations into PATROL Configuration Manager rulesets as described in the PATROL Configuration Manager User Guide. If you have created custom recovery actions, follow these steps: 1. Ensure that you have made a record of your customizations and have backed up the customized files in the PATROL_HOME and PATROL_CACHE directories. 2. Uninstall the old version of PATROL for Microsoft Windows Servers. 3. Install the new version of PATROL for Microsoft Windows Servers as described in the section Installing for the first time on page 55. 4. Ensure that you have made a record of your custom recovery actions. 5. Use the Recovery Action Event Management commands as described in the PATROL Configuration Manager User Guide to migrate your custom recovery actions to the PATROL Configuration Manager.
1 Copy the entire contents of the PATROL for Windows Servers CD to a temporary
directory on a hard drive on a server. You can delete this temporary directory after you have successfully created an installable image.
2 Navigate to the packaged_results directory for the merged package and open the
.ppf file with a text editor. Write down the file name in the first line of the .ppf file. This file name is the name of the directory that you will look for in the Products
3 Rename the packaged_results directory with the file name that you found in the .ppf
file in the previous step.
EXAMPLE
If pokckm/8.5.00/030107-233044 was listed in the first line of the .ppf file, you would use pokckm as the directory name.
4 Copy the renamed directory to the Products directory of the temporary directory
that you used in Step 1. You will be replacing the files there with the merged files that contain your customizations.
5 Copy the PATROL for Windows Servers CD image to the server that you will use
to install PATROL for Windows Servers.
Remove the files in the PATROL_CACHE directory by following the instructions in Moving files from the PATROL_CACHE directories. Install PATROL for Windows Servers from the target server by following the instructions in Installing for the first time on page 55. Import the customized version of PATROL for Windows Servers into the Distribution Server by following the instructions in Importing a CD or customized installation package into Distribution Server on page 61.
Chapter 2
71
Table 14
Component
PATROL KM for Microsoft Message Queue PATROL KM for Microsoft Windows Domain Services
MQ* MSMQ* MSDM* NT_* NTD_* AD* MWD* MCS* AS* EVENT* LOG* PMG* H*.km H*.psl History-* History_Loader* Hist* COM_DEB_* COM_STAT_* NT_WMI* NT_PERFMON*
s s s
PATROL KM for Microsoft Windows Active Directory PATROL for Microsoft Cluster Server PATROL KM for Event Management PATROL KM for Log Management PATROL History Loader KM
s s s s s s s s s s s s s s
s s
To migrate customizations to KM files manually 1 Ensure that you have made a record of your customizations and have backed up
the customized files in the PATROL_HOME and PATROL_CACHE directories.
2 Uninstall the old version of PATROL for Windows Servers. 3 Install the new version of PATROL for Windows Servers as described in the
section Installing for the first time on page 55.
4 Identify and record the coding changes, which represent your customizations, in
PATROL for Windows Servers by comparing the content of the ASCII files in the newly installed PATROL for Windows Servers version with the content of the customized ASCII files with the same name that is saved in the directory to which you moved the old version.
72 BMC PATROL for Microsoft Windows Servers Getting Started
A Restart the PATROL console. B Load the newly installed PATROL for Windows Servers. C Using a PATROL developer console, enter the customizations that you
identified in step 4 on page 72, one by one.
If you modified .psl files that were shipped by BMC Software, you must manually re-edit the PSL code in the new KM by using a PATROL developer console to reapply your changes. If you modified PSL code embedded in a .km file, that code will be overwritten when you install a new version of the product. You must manually edit the new .km files by using a PATROL developer console to reapply your changes. If you created a new PSL file (not shipped by BMC Software) outside of a .km file, Installing PATROL for Microsoft Cluster Server
Chapter 2
73
Table 15
allows you to use the same CLA to monitor multiple clusters maintains both the configuration and history files outside of the cluster; history is not interrupted during a failover requires a CLA computer that resides outside of the cluster
internal CLA
s s s s
monitors only the underlying cluster does not provide an uninterrupted history; configuration and history files are stored on a local drive and, therefore, are not shared with the new quorum owner after a Cluster Group failover automatically replicates the configuration information to all the nodes in the cluster does not require a computer that resides outside of the cluster to run the CLA allows the KM to use the PATROL agent default account when certain requirements are satisfied easier to set up and configure
74
Figure 2
Cluster 1 Node 1
Install the PATROL KM for Microsoft Cluster Server and a PATROL Console here. Cluster 2 Node 1 Cluster-level agent computer
Install the PATROL KM for Microsoft Cluster Server, PATROL Agent, and OS KM here. Node 2
Install the PATROL KM for Microsoft Cluster Server, and PATROL Agent here.
Install the PATROL KM for Microsoft Cluster Server, PATROL Agent, and OS KM here. Node 2
Install the PATROL KM for Microsoft Cluster Server, PATROL Agent, and OS KM here.
Install the PATROL KM for Microsoft Cluster Server, PATROL Agent, and OS KM here.
Cluster 1
Node 1 - quorum owner Install the Agent, MCS KM, and Microsoft Windows OS KM on all nodes in the cluster
Node 2
While the PATROL KM for Microsoft Cluster Server (MCS KM) is loaded on all of the agents on all of the nodes in the cluster, only the MCS KM on the quorum-owning node actively monitors the cluster.
Chapter 2
75
know the user name and password of the cluster connection account installed the PATROL KM for Microsoft Windows OS and loaded the
NT_BASE.kml
NOTE
If you use Windows Server 2008 as an external CLA, you must install Failover Clustering tools from Server Manager. By default, the cluster.exe is not present in Windows 2008 non-cluster computer.
Node and File share Majority Node and Disk Majority Node Majority No Majority: Disk only
76
Installation process
The PATROL KM for Microsoft Cluster Server installation process consists of the following tasks:
WARNING
Do not load the PATROL KM for Microsoft Cluster Server on a virtual agent.
PATROL Agent PATROL KM for Microsoft Cluster Server PATROL KM for Microsoft Windows
2 This task is only required if you are using an external CLA. Install the following
components on each computer that contains an external cluster-level agent:
s s
3 Install the PATROL KM for Microsoft Cluster Server on the computer that has
your PATROL Console. This component can exist on the same computer as the external cluster-level agent or on a cluster node.
Chapter 2
77
Browser version required for viewing PATROL Console for UNIX Help
The appropriate one of the following browsers is required to view PATROL Help in PATROL version 3.x:
s s
UNIX: Netscape Navigator version 3.01 through 4.78 Red Hat Linux: Netscape Navigator version 4.x
Installation requirement
You must install Netscape Navigator on the computer where the PATROL console resides. You can install Netscape anywhere on your UNIX computer as long as the binary is in the path.
Download location
Netscape Navigator is supplied by Netscape Communications Corp. You can locate the browser at http://home.netscape.com/download.
Netscape Navigator displays warning messages when it is invoked multiple times within the same user account because of its file-locking mechanism. It will, however, continue functioning. By default, when Netscape Navigator starts, it uses a private color map. As a result, you might experience color flashing on your workstation. If so, you can set the value of PATROL_BROWSER so that the colormap option is not specified. However, some subsequent color requests might fail and the online Help will be improperly displayed. The Exceed for Windows product by Hummingbird Communication Ltd. may not always display the Help files properly.
78
Consult your Netscape Navigator documentation for specific platform requirements and restrictions.
LANG variable
The UNIX LANG environment variable must be set to C so that Netscape Navigator will work properly. Otherwise, you might experience product failures.
Type of shell Bourne Korn C Export command for LANG variable LANG=C export LANG export LANG=C setenv LANG=C
PATH variable
The PATROL user account PATH variable must contain the location of the directory containing the Netscape files. If the directory containing the Netscape files is not in the path, add the directory to the PATROL user account path. This requirement applies only to the PATROL user account on the PATROL console computer.
Type of shell Bourne Korn C Export command for PATH variable PATH=$PATH:/netscape_location export PATH export PATH=$PATH:/netscape_location setenv PATH=$PATH:/netscape_location
PATROL_BROWSER variable
When PATROL starts the Help browser, it uses the command in the PATROL_BROWSER environment variable. As a default, the PATROL_BROWSER environment variable contains the following command:
Chapter 2
79
Export command for PATROL_BROWSER variable PATROL_BROWSER=netscape -display $DISPLAY -install -iconic export LANG export PATROL_BROWSER=netscape -display $DISPLAY -install iconic setenv PATROL_BROWSER=netscape -display $DISPLAY -install iconic
To use different arguments, set the value of PATROL_BROWSER to the appropriate string.
EXAMPLE
For a Korn shell: export PATROL_BROWSER=/usr/local/bin/netscape -raise
WARNING
If you use a different version of the installation program to uninstall the product than the version that you used to install the product, you might remove files that are needed to perform uninstallation of other BMC Software products.
80
(UNIX) ./uninstall.sh -v
To uninstall individual products 1 From the Uninstall directory in your BMC Software product installation directory,
double-click uninstall.exe to launch the installation utility in uninstall mode.
NOTE
As an option, you can launch the installation utility in uninstall mode by choosing Start => Settings => Control Panel => Add/Remove Programs and double-clicking BMC Software Tools in the Add/Remove Programs Properties dialog box.
When installing on a Windows Server in application mode or with Citrix Metaframe installed, perform the following steps to launch the installation utility in uninstall mode:
A From a command line, change to the directory where the installation utility is
located and enter the following command to change to installation mode:
change user/install
B Change to the Uninstall directory and enter the following command to start the
installation Web server:
uninstall.exe -serveronly
A message box is displayed that shows the URL to use to connect to the installation Web server.
C On another machine with a browser, start the browser. D Connect to the installation Web server from the browser to start the installation
utility by using the URL that is displayed in the message box. The Welcome window is displayed. Click Next.
2 Select the installation directory from which you want to remove a product, and
click Next.
Chapter 2
81
3 Select the product or products that you want to uninstall, and click Next. 4 Review your selections and click Uninstall.
After the uninstallation is complete, a window is displayed that tells you whether the uninstallation was successful.
3 Open the uninstall.ctl file in a text editor, and edit the /BMC/Base variable to specify
the name of the directory from which you removed the products in step 1.
Use the following table to help determine the log file and output log file locations:
Option -log Description sends the log information to a standard log file This file contains all installation status information. -output sends the log information to an output log file Value any valid path and file name (with a .txt extension) If a space exists in the path, the entire path must be enclosed in quotation marks. any valid path and file name (with a .txt extension)
This file contains all messages about the If a space exists in the path, the entire path must be enclosed in quotation progress of the installation that are marks. normally sent to standard output.
82
Example
If C:\Program Files\BMC Software is your product installation directory, you would change to the C:\Program Files\BMC Software\Uninstall\ Install\instbin directory and enter the following command:
thorinst.exe -uninstall C:\Program Files\BMC Software\Uninstall\Install\instdata\uninstall.ctl -log Z:\NetworkLogs\MyLogs.txt -output Z:\NetworkLogs\MyLogs.out
This action would remove all installation files and directories except those that are used by the utility at the time the uninstallation was performed. Log files, configuration files, and user-modified files would also be retained.
3 Open the uninstall-all.ctl file in a text editor, and edit the /BMC/Base variable to
specify the name of the directory from which you removed the products in step 1.
Chapter 2
83
Use the following table to help determine the log file and output log file locations:
Option -log Description Value
sends the log information to a standard any valid path and file name (with a .txt extension) log file This file contains all installation status information. If a space exists in the path, the entire path must be enclosed in quotation marks. any valid path and file name (with a .txt extension)
-output
This file contains all messages about the If a space exists in the path, the entire progress of the installation that are path must be enclosed in quotation normally sent to standard output. marks.
Example
If C:\Program Files\BMC Software is your product installation directory, you would change to the C:\Program Files\BMC Software\Uninstall\Install\instbin directory and enter the following command:
thorinst.exe -uninstall C:\Program Files\BMC Software\Uninstall\Install\instdata\uninstall-all.ctl -log Z:\NetworkLogs\MyLogs.txt -output Z:\NetworkLogs\MyLogs.out
This action would remove all installation files and directories. The files that were used to perform the uninstallation will be marked for deletion and will be removed when the computer on which the products were uninstalled is rebooted.
84
setting up and configuring PATROL for Chapter 3, Loading and configuring PATROL for Windows Servers Microsoft Windows Servers, and PATROL for Windows Servers component online Help instructions about how to access the KM menu commands, InfoBoxes and online Help information about PATROL for Windows Servers configuration variables and predefined rulesets listing of the KM included with each PATROL for Windows Servers component step-by-step procedures and detailed descriptions of the applications, parameters, and InfoBoxes Appendix A, Accessing menu commands, InfoBoxes, and online Help Appendix B, Agent configuration variables and rulesets Appendix C, PATROL for Microsoft Windows Servers .kml files PATROL for Windows Servers component online Help
Chapter 2
85
86
Chapter
This chapter provides information about how to begin using and configuring the PATROL for Microsoft Windows Servers components. The following topics are discussed in this chapter: Preparing to use PATROL for Windows Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 Loading and preloading KMs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 Loading the PATROL for Microsoft Windows Servers KMs . . . . . . . . . . . . . . . . . 91 Preloading KMs on the PATROL Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 Requirements for configuring from the PATROL Console. . . . . . . . . . . . . . . . . . . 97 Configuring the PATROL KM for Microsoft Windows OS. . . . . . . . . . . . . . . . . . . . . 101 Enabling and disabling system monitoring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 Configuring Windows events monitoring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 Configuring service monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114 Configuring process monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117 Creating custom parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124 Viewing event logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125 Configuring Blue Screen monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126 Notifying when disks are not present . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126 Providing nonaggregate values for a drive instance . . . . . . . . . . . . . . . . . . . . . . . 127 Configuring recovery actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128 About recovery actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128 Built-in native recovery actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129 Configuring built-in native recovery actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130 Configuring e-mail notification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132 Using notification scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133 Defining notification servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136 Assigning notification servers for the remote agents. . . . . . . . . . . . . . . . . . . . . . . 138 Assigning notification targets for a PATROL alert. . . . . . . . . . . . . . . . . . . . . . . . . 140 Configuring the PATROL KM for Microsoft Active Directory . . . . . . . . . . . . . . . . . . 141 Configuring PATROL Wizard for Microsoft Performance Monitor and WMI . . . . 142 Loading the PATROL Wizard for Microsoft Performance Monitor and WMI . 142 Creating performance monitor parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143 Setting alarm thresholds. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Chapter 3 Loading and configuring PATROL for Microsoft Windows Servers 87
Creating WMI parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144 Configuring the PATROL KM for Log Management . . . . . . . . . . . . . . . . . . . . . . . . . . 147 Stop and start monitoring all default log files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149 Stop monitoring a log file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149 Start monitoring a log file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150 Change the setup of a monitored file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156 Filter log file messages (create a search string) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157 Generate a custom event when a search string is identified . . . . . . . . . . . . . . . . . 160 Configure recovery actions for a log file. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164 Configuring the PATROL KM for Microsoft Cluster Server . . . . . . . . . . . . . . . . . . . . 165 Using the PATROL Adapter for Microsoft Office to view reports . . . . . . . . . . . . . . . 166 Displaying PATROL data by using the PATROL Adapter for Microsoft Office 167 How to use the PATROL Adapter for Microsoft Office . . . . . . . . . . . . . . . . . . . . . 168 Built-in report templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168 Removing KMs from your console and agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170 Unloading KMs from a PATROL console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171 Stopping preloaded KMs from running on the PATROL Agent . . . . . . . . . . . . . 173
88
If PATROL for Windows Servers has not been installed, see Chapter 2, Installing and migrating PATROL for Windows Servers. After installing, return to this section for information about how to configure the components. Before configuring the PATROL for Windows Servers components, you should verify that the following software requirements are met:
s
A supported version of a PATROL Console version 3.x and PATROL for Windows Servers must be installed on the computer you want to use for the PATROL Console. A supported version of the PATROL Agent and PATROL for Windows Servers must be installed on the computer you want to monitor and manage. If you are using PATROL Central Operator Microsoft Windows Edition or PATROL Central Operator Web Edition, the KMs that you want to use must be installed on the computer hosting the PATROL Console Server.
NOTE
For supported versions of PATROL products, see the release notes for the version of PATROL for Microsoft Windows Servers that you are installing.
You should also verify that you have access to all required information about the monitored domain controllers or Windows servers.
EXAMPLE
If you want to monitor the operating system, ensure that you have the PATROL Console and the PATROL KM for Windows OS installed on the console machine and the PATROL Agent and the PATROL KM for Windows OS installed on the agent machine.
89
Loading the PATROL for Microsoft Windows Servers KMs on page 91 Preloading KMs on the PATROL Agent on page 94
Table 16
.kml file COM.kml
HISTORY.kml MSMQ.kml
90
Table 16
.kml file
MWD_ACTIVE_Dire PATROL KM for Windows Active ctory_MN.kml Directory NTD.kml MCS_Load.kml PATROL KM for Windows Domain Services
loads the application classes to monitor Active Directory loads application classes to monitor the domain controller resources
PATROL KM for Microsoft Cluster Server loads application classes that are used to monitor Microsoft server clusters loads application classes that are required to use the PATROL PerfMon and WMI Wizard loads application classes required to configure alerts, such as e-mail or paging notifications loads application classes required to configure log monitoring
NT_PERFMON_WIZ PATROL Wizard for Microsoft ARD.kml Performance Monitor and WMI EVENT_MANAGEM PATROL KM for Event Management ENT.kml LOG.kml PATROL KM for Log Management
s s
the components that you want to load on the agent and console computers are installed the agents to which you want to load components are running the PATROL Console is running
91
To load KMs on the PATROL Console for Windows Servers 1 Choose File => Load KM from the PATROL Console menu bar. 2 Select one or more of the .kml files in Table 16 on page 90 that correspond to the
components that you want to load. For detailed information about the application classes that are loaded with these .kml files, see PATROL for Microsoft Windows Servers .kml files on page 282.
NOTE
Unless you are an advanced PATROL user, use the .kml files to load product component files. Loading individual .km files can break the interdependencies between the .km files.
To load the KM on a PATROL Console for UNIX 1 Choose File => Load KM from the PATROL Console menu bar. 2 Select one or more of the .kml files in Table 16 on page 90 that correspond to the
components that you want to load. For detailed information about the application classes that are loaded with these .kml files, see PATROL for Microsoft Windows Servers .kml files on page 282.
NOTE
Unless you are an advanced PATROL user, use the .kml files to load product component files. Loading individual .km files can break the interdependencies between the .km files.
92
To load the KM on PATROL Central Operator - Windows Edition 1 In the Common Tasks tab of the Operator Console Module Taskpad, click the Load
Knowledge Module(s) icon.
2 To start the wizard, click Next. 3 From the Managed System screen, select the managed system that you want to
load KMs on.
4 From the Knowledge Modules screen, select the KMs that you want to load. For
detailed information about the application classes that are loaded with these .kml files, see PATROL for Microsoft Windows Servers .kml files on page 282.
5 Click Finish.
The KMs that you selected are loaded on the managed system, added to your management profile, and displayed in the PATROL Central Operator tab.
1 From the Monitored Systems page, click the Load/Unload KMs button.
The Load KMs page opens, listing each computer on which a PATROL Agent has been installed.
2 Select the computers on which you want to load KMs, and click Next.
The Load KMs page displays a list of available .km and .kml files. If you selected more than one computer, the only .km and .kml files that are listed are the ones that have been installed on all of the selected computers. If a particular .km or .kml file was installed only on one computer, you must choose that computer by itself to load the file.
3 Select the .km or .kml files that you want to load. 4 Click Finish.
PATROL loads the selected KMs on the selected computers.
93
NOTE
If you want to load a .km or .kml file that was not listed in Step 2, ensure that the KM is installed on the appropriate computer and select only that computer in Step 2.
use the PATROL Configuration Manager to apply one of the predefined rulesets to the PATROL Agent (see PATROL for Microsoft Windows Servers rulesets on page 257) using the wpconfig or xpconfig utility
The PATROL Agent must be running. The wpconfig utility must be installed on a computer that can access machines that are running the PATROL Agent over the network. You must have permission to modify the configuration change file (.cfg).
To use wpconfig to preload a KM from the PATROL Console for Microsoft Windows 1 From a Windows command window, type wpconfig.
The wpconfig window is displayed.
94
3 In the Host Name field, enter the name of a computer that is hosting the PATROL
Agent and click OK. The wpconfig utility gets the PATROL Agents configuration.
5 Scroll down the variable list and double-click the preloadedKMs variable.
The Modify Variable dialog box is displayed.
7 In the Type field, leave REPLACE. 8 In the Value field, use the comma-separated format without spaces to type the
names of the .kml files that you want to preload. See Appendix C, PATROL for Windows .kml files for a list of the KMs that are available in this product. For example, a valid and typical preloaded KMs list is as follows:
NT_BASE.kml,COM.kml,NT_PERFMON_WIZARD.kml
9 Click OK.
The Change Entry dialog box closes.
10 In the Modify Variable dialog box, click OK to close the box. 11 From the Tools menu, choose Apply Configuration.
The Apply Configuration dialog box is displayed, listing the PATROL Agent host name to which you are connected.
12 Click OK to apply your updated configuration to the PATROL Agent. 13 Save your changes to the configuration change file by clicking the Save button. 14 Close the wpconfig window.
95
The PATROL Agent must be running. The wpconfig utility must be installed on a computer that can access machines that are running the PATROL Agent over the network. You must have permission to modify the configuration change file (.cfg).
To use wpconfig to remove a KM from the preload list in the PATROL Console for Microsoft Windows 1 From a Windows command window, type wpconfig.
The wpconfig window is displayed.
3 In the Host Name field, enter the name of a computer hosting the PATROL Agent
and click OK. The wpconfig utility gets the PATROL Agents configuration.
5 Scroll down the variable list and double-click the preloadedKMs variable.
The Modify Variable dialog box is displayed.
96
8 In the Value field, delete the .kml file names that you want to remove from the
preload list. See Appendix C, PATROL for Windows .kml files for a list of the KMs that are available in this product.
9 Click OK to close the Change Entry dialog box. 10 Click OK to close the Modify Variable dialog box. 11 From the Tools menu, choose Apply Configuration.
The Apply Configuration dialog box is displayed.
12 Click OK to apply your updated configuration to the PATROL Agent. 13 Save your changes to the configuration change file by clicking the Save button. 14 Close the wpconfig window.
is a member of the local Administrators group on the agent computer has the right Log on as a Batch Job assigned
If the console connection account does not meet these requirements, the features described in Table 17 are not available. Table 17
KM PATROL KM for Microsoft Active Directory
97
Table 17
KM
PATROL KM for Running an Windows Domain availability report Services with the Remote Servers KM Running a Server Information report with the Remote Servers KM Displaying information about a user using the Users KM Stopping or Starting the WINS service
98
Table 17
KM
PATROL KM for Starting or stopping Windows Domain the DFS Replica Services, continued service Disconnecting DFS users
Viewing application properties PATROL KM for MSMQ Starting or stopping the MSMQ service
99
Table 17
KM
Configure BlueScreen You can use the three options provided Monitoring to configure the KM. The KM looks for the crash dump file as well as the event (ID 6008). The KM prompts you to supply an administrative account that includes the user right Log on as batch job on the PATROL Agent machine. For more information, see Supplying an impersonation account on page 100.
Managing Windows services, such as starting and stopping services or changing service startup properties
The KM prompts you to supply an administrative account that includes the user right Log on as batch job on the PATROL Agent machine. For more information, see Supplying an impersonation account on page 100. You can view event logs, other than the security event log, but you cannot change properties. Add the right Manage Auditing And Security Log to the agent account and the console connection account. The KM prompts you to supply an administrative account that includes the user right Log on as batch job on the PATROL Agent machine. For more information, see Supplying an impersonation account on page 100
OS Reports
100
configure service monitoring From the PATROL Console, access the Services application and choose the KM menu command Configure Service Monitoring. configure process monitoring configure built-in recovery actions create custom parameters From the PATROL Console, access the Processes application and choose the KM menu command Configure Manual Process Monitoring.
114
117
From the PATROL Console, access the host application and 130 choose the KM menu command Configure Recovery Actions. From the PATROL Console, access the CompositesColl application and choose the KM menu command Create Expressions. From the PATROL Console, access the Windows Event application and choose the KM menu command Windows Event Viewer. From the PATROL Console, access the NT_BSK application and choose the KM menu command Configure Blue Screen Monitoring. 124
125
configure blue screen monitoring notify when disks are not present
126
From the PATROL Console, access the NT_PHYSICAL_DISK_ 126 CONTAINER and the NT_LOGICAL_DISK_CONTAINER applications and choose the KM menu command Acknowledge.
Chapter 3
101
Monitored by default
all processors discovered on the From the PATROL Console, access the Processors application system and choose the KM menu command Enable-Disable Processor Monitoring. all physical disks discovered on From the PATROL Console, access the Physical Disks the system application and choose the KM menu command Enable-Disable Physical Disk Monitoring. all logical disks discovered on the system From the PATROL Console, access the Logical Disk application and choose the KM menu command Enable-Disable Logical Disk Monitoring. To monitor logical disks, PerfMon counters must be enabled. For more information, see Monitoring logical or physical disk drives.
pagefiles
all pagefiles discovered on the system all event logs listed in the registry
From the PATROL Console, access the Pagefiles application and choose the KM menu command Enable-Disable Pagefile Monitoring. From the PATROL Console, access the Windows Events application and choose the KM menu command Enable-Disable Windows Event Log Monitoring. To monitor the security event log, the PATROL Agent default account must have the user right Manage auditing and security log.
event logs
all network protocols that are installed on the system all network interfaces discovered on the system all printers discovered on the system
From the PATROL Console, access the Network Protocols application and choose the KM menu command Enable-Disable Protocol Monitoring. From the PATROL Console, access the Network Interfaces application and choose the KM menu command Enable-Disable Network Interface Monitoring. From the PATROL Console, access the Printers application and choose the KM menu command Enable-Disable Printer Monitoring.
job objects
all job objects discovered on the From the PATROL Console, access the Job Objects application system and choose the KM menu command Enable-Disable Job Object Monitoring.
102
diskperf -yv for Windows 2000 (restart required) diskperf -y for Windows Server 2003 (no restart required)
For the platforms shown above, Microsoft requires that you restart the system after running the diskperf command. For more information, see Microsoft Knowledge Base article Q262937, PRB: RegQueryValueEx() May Not Return Disk Performance Counters.
Enable and disable monitoring of Windows events on page 104 Display events with unregistered sources on page 104 Example: creating an event filter to monitor WinMgmt events on page 105 Event filter options on page 105 Turning off an event filter on page 114
Chapter 3
103
1 Using the Configure Windows Event Log Monitoring => Create Filter menu
command, create a new filter. In the Create Filter dialog box, select the Filter Property - Source, and deselect the option to Automatically include new sources. This sets the following agent configuration variable to 0:
/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config//EventLogMonitoring/eventlog/Ev entFilters/filtername/IncludeAllSources
2 Using PATROL Configuration Manager or the wpconfig utility, manually add the
unregistered event source to the following agent configuration variable.
/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config//EventLogMonitoring/eventlog/Ev entFilters/filtername/SourceList/list
104
Error
WinMgmt
None
41
Error
WinMgmt
None
61
You want to be notified immediately when these particular events occur. However, you want to be notified only when the event is related to the perfproc.dll performance library, not any other performance counter libraries. In addition, you do not want to be flooded with events, so if these events are generated multiple times within a short period, you want to be notified only once. Finally, if these events are detected, you want PATROL to remain in alarm until the alarm is acknowledged by an operator. Using the Event filter options presented in the Configuring Windows Event Monitoring => Create Filter dialog boxes, you can create a filter with all of the properties proposed in this example.
Chapter 3
105
Table 21
Option
Filter name
Description
A description of the event filter. You can change the description at any time.
Report the number If you select this option, PATROL monitors the number of of events.... events that match the filter criteria during each collection cycle. Depending on which event types the filter monitors, the following parameters are used to report this data:
s s s s s s s
EventReport
NA If you select this option, PATROL immediately updates the appropriate parameter when an event matches the filter criteria. Depending on which event types the filter monitors, the following parameters are displayed in an alarm state when an event matches the filter:
s s s
ELMErrorNotification ELMFailureAuditNotification ELMNotification (This parameter is active only when you have selected both of the following options: Notify immediately and consolidate event types. For more information, see the description in Event Type tab section of this table.) ELMWarningNotification
For more information about these parameters, see the PATROL KM for Microsoft Windows OS online Help. Source filter properties Source Select/Deselect source(s) for this filter Registered sources for which events can be monitored applications running on the server that PATROL is currently monitoring NA SourceList/list
106
Table 21
Option
Automatically Include New Sources Disable Case Sensitivity Select Event Types to monitor Consolidate event types...
If you select this option, this event filter automatically monitors IncludeAllSources any new applications that are added to the system If you select this option, the event filter makes filter comparisons FilterDisableCase in a case-independent manner the Windows event types monitored by this event filter If you select this option, events of different types (Warning, Information, and Error, for example) are reported using one parameter: ELMStatus (or ELMNotification if you have also chosen to be notified immediately when the event occurs). If you want to have separate parameters for each event type that can alarm independently, deselect this option. EventType ConsolidateEventTy pes
Event ID filter properties EventIdList/list Enter a Windows The Microsoft Windows event IDs that you want to monitor Event ID or a range with this filter. of IDs To specify a range of event IDs, separate the beginning and ending of the range with a dash. For example, to monitor events 100 through 200, enter 100-200. Include all specifies that all of the Windows event IDs in the list are Windows event IDs monitored by the event filter in the list IncludeAllEventIds
IncludeAllEventIds specifies that all of the Windows event IDs except those in the Include all Windows event IDs list are monitored by the event filter except those in the Select this option when there are certain event IDs that you are list not interested in monitoring and you want to exclude them from the event filter. Event Handling filter properties Annotate graph parameter... annotates the PATROL parameter graphs associated with this event filter with information about the event You can display the annotations by placing the cursor over the graph data points. Annotation
Chapter 3
107
Table 21
Option
EvRptOfError EvRptOfFailureAudit EvRptOfInformation EvRptOfStatus EvRptOfSuccessAudit EvRptOfWarning ELMRptOfOtherTypes ELMRptOfNotification (This parameter is active only when you have selected both of the following options: Notify immediately and consolidate event types. For more information, see the description in Event Type tab section of this table.)
For more information about these parameters, see the PATROL KM for Microsoft Windows OS online Help. Use event details... saves information about the event in the agent configuration variable RetainEventDescriptions so that you can use this information in recovery actions For example, if you create a recovery action that generates an e-mail when the event filter alarms, you could include the event description in the e-mail. If you do not use recovery actions or do not plan to use them, deselect this option to limit use of the agent database space. RetainEventDescripti ons
108
Table 21
Option
Chapter 3
109
Table 21
Option
Acknowledge Alarms
Automatically change state to OK ... If you select this option, PATROL returns the filter to an OK state if the events you are monitoring do not occur during the next collection cycle.
Remain in alarm until ... If you select this option, PATROL keeps the filter in alarm until an operator manually acknowledges the alarm.
Change state when the following event ... If you select this option, PATROL changes the filter state from an alarm state to an OK state when the criteria of a second event filter are met. Requirements for using: You must create an event filter that monitors for the required event and select that event filter from the drop-down list. In addition, the event filter must be configured to notify PATROL immediately when an event matches the filter criteria.
Advanced properties - Users UserList/list Enter the user the user ID of a user whose events you want to monitor associated with the event The user name cannot include commas. When entering a user whose name includes special characters that are used in regular expressions, such as a dollar sign ($), a period (.), a parenthesis (), or a slash (/), you must escape each special character with a slash. For example, if the user name is $Smith, you must enter the category as \$Smith. Include all users in specifies that all of the user IDs in the list are monitored by the the list event filter Include all users except those in the list specifies that all of the user IDs except those in the list are monitored by the event filter Select this option when there are certain user IDs that you are not interested in monitoring and you want to exclude them from the event filter. Disable Case Sensitivity If you select this option, the event filter makes filter comparisons FilterDisableCase in a case-independent manner IncludeAllUsers
110
Table 21
Option
Advanced properties -- Category Enter the category the event category that you want to monitor with this event associated with the filter event Categories are defined by the application that generates the event. The category name cannot include commas. When entering a category whose name includes special characters that are used in regular expressions, such as a dollar sign, a period, or a parenthesis, you must escape each special character with a slash. For example, if the category name is (100), you must enter the category as \(100\). Include all categories in the list Include all categories except those in the list specifies that all of the categories in the list are monitored by the IncludeAllCategories event filter specifies that all of the categories except those in the list are monitored by the event filter Select this option when there are certain categories that you are not interested in monitoring and you want to exclude them from the event filter. Disable Case Sensitivity Enter strings If you select this option, the event filter makes filter comparisons FilterDisableCase in a case-independent manner The text strings that you want to monitor with this event filter The text string cannot include commas. When entering strings which include special characters that are used in regular expressions, such as a dollar sign ($), a period (.), a parenthesis (), or a slash (/), you must escape each special character with a slash. For example, if the user name is $Smith, you must enter the category as \$Smith. Include all strings in the list Include all strings except those in the list specifies that all of the strings in the list are monitored by the event filter specifies that all of the strings except those in the list are monitored by the event filter Select this option when there are certain strings that you are not interested in monitoring and you want to exclude them from the event filter. Disable Case Sensitivity If you select this option, the event filter makes filter comparisons FilterDisableCase in a case-independent manner StringList/list IncludeAllStrings StringList/list IncludeAllCategories
Chapter 3
111
Table 21
Option
Advanced properties - Enter a Regular Expression for Source Enter a Regular Expression for Source
Advanced properties - Enter a Regular Expression for Event ID the regular expression that is used as a criteria for including or Enter a Regular Expression for Event excluding event IDs to be monitored with the Windows event ID filter. If you have configured the event IDs for the filter and an event occurs, the event is matched with the configured event ID list. If the event ID does not exist in the configured list, the event ID is compared with the specified regular expression. For more information about using regular expressions, see Using regular expressions on page 117. EventIdList/list
112
Table 21
Option
Advanced properties - Computer name Computer name enables you to create a filter that monitors events generated only ComputerNamesList /list by a specified computer. Enter the name of the computer that you want the event log filter to monitor. You can also use the following new pconfig variables to configure or to view the names of the computers that you want the event log filter to monitor:
s
/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/Event LogMonitoring/eventLog/EventFilters/filterName/Comput erNamesList/list lists the names of the computers you provided when creating the filter. /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/Event LogMonitoring/eventLog/EventFilters/filterName/Include AllCompList indicates whether all computers are monitored.
You can use the FilterDisableCase pconfig variable to disable case sensitivity for the computer names. The pconfig variable contains a field or bit for computer name.
To include and exclude strings from filtering while creating or modifying a Windows event filter 1 In the Strings dialog box, select the Include option. 2 Enter the string that you want to include for filtering. 3 Click Apply.
The string is added to the Include List.
Chapter 3
113
5 Enter the string that you want to exclude from filtering. 6 Click Apply.
The string is added to the Exclude List.
To turn off an existing event filter 1 Using the PATROL Configuration Manager or the pconfig utility, access the
following agent configuration variable:
/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config//EventLogMonitoring/ event log/EventFilters/filter/FilterEnabled
Startup type
To change the default settings for services, choose the Configure Service Monitoring menu command from a Services application instance to perform the following tasks:
114
To add services to the list of monitored services, choose the Configure Service Monitoring => Add Service menu command. To remove services to the list of monitored services, choose the Configure Service Monitoring => Remove Service menu command. To configure monitored services, choose Configure Service Monitoring => Configure Service menu command.
By default, the Windows KM monitors all services with startup type as automatic or manual.
s
If you want to monitor a disabled service, add the service by using the Configure Service Monitoring => Add Service menu command. The Monitor pconfig variable for the service is set to 1. If you add a disabled service and later remove the service by using the Configure Service Monitoring => Remove Service menu command, the Monitor pconfig variable is not set to 0. However, the removedServiceList pconfig variable is updated to contain this particular service.
Thus, Windows KM monitors a service only if the Monitor pconfig variable for the service is set to 1 and the service is not included in the list of the removedServiceList pconfig variable.
Yes If you select this option, PATROL automatically attempts to restart the service when it is stopped (only for services with a startup type of Automatic). To use this option, you must also select the option Generate a PATROL Alarm/Warn when the service is stopped. Yes (Alarm) By default, when a service is stopped, PATROL generates an Alarm. However, for a particular service, you can specify a Warning instead. This feature is only for services with a startup type of Automatic.
WarningAlarm
Chapter 3
115
Table 23
Option
By default, PATROL monitors only whether services No are available. To monitor how much memory and CPU a service executable consumes, you must enable process monitoring for the service. When you enable process monitoring, PATROL monitors the service executable process and displays the monitored process beneath the NT_SERVICE application. This feature is available for advanced users who have No developed custom executables that can determine the status of a service. If you provide such an executable, the value returned by the executable is assigned to the SvcNotResponding parameter. To ensure that an alarm is generated when the service is not responding, you must set the alarm ranges for the SvcNotResponding parameter to correspond to the appropriate value returned by the executable. For example, if the executable returns the value 1 when the service is not responsive, enable the SvcNotResponding Alarm2 as an Alarm and set the alarm range as 1 to 1.
MonitorNotResp ond
Service configuration variable DisableServiceRestart (global) AutoRestart (local) OverrideGlobalServiceRestart (local) Service is restarted? (yes/no)
For more information about these configuration variables, see Appendix B, Agent configuration variables and rulesets.
116
literal character matching character repetition clause alternation clause sub pattern grouped with parenthesis
Chapter 3
117
Table 26
Symbol |
[]
delimits a set of characters; the range is specified as [x-y] If the first character in the set is ^, there is a match only when the remaining characters in the set are not present.
^ $
anchors the pattern to the beginning of the string; this character must be the first character in the set anchors the pattern to the end of the string; this character must be the last character in the set
To configure manual process monitoring 1 Access the NT_PROCESS application menu (labeled Processes) as described in
Accessing KM commands and InfoBoxes on page 214, and choose the KM menu command Configure Manual Process Monitoring => Add Process.
2 Select (highlight) the process that you want to monitor, or if the process is not
currently running, enter the process name and any appropriate command-line arguments. You can enter the process name using a regular expression. For more information about regular expressions, see Using regular expressions on page 117.
3 Select the Select the process(es) using a regular expression for monitoring check box.
PATROL KM for Microsoft Windows adds all the processes for monitoring that contain the name of the selected process. However, if you do not select this check box, PATROL KM for Microsoft Windows adds only the selected process instances for monitoring.
TIP
If you are specifying a process name and you want to ensure that only that specific process is monitored (and not other processes that have that process name as part of their name), use the ^ and the $ regular expression characters to enclose the process name, as shown below. ^processname$ For more information about using regular expression characters, see Using regular expressions on page 117.
118
NOTE
If you enter multiple regular expressions that match the same process, multiple process instances are created for that process.
WARNING
When entering the process name, omit the extension. For example, enter processname argument. Do not enter processname.exe. Example: svchost -k rpcss In addition, when entering a process whose name includes special characters that are used in regular expressions, such as a dollar sign ($), or a period (.), you must escape each special character with a slash. For example, if the process name is $abc.exe, you must enter the process name as \$abc.
monitor the process(es) only when it is running with the command line arguments shown monitor any occurrence of the selected process(es), regardless of the command-line arguments
5 Click on Next. 6 On the next dialog you can provide a label and following properties for the process
instance while adding the process for monitoring:
s s s
Minimum count: Set the minimum process count threshold. Maximum count: Set the maximum process count threshold. Acceptable Process Owners: Enter a regular expression for the users who can run the process, or enter the name of the user who can run the process. Use Owner Filter: Select this option if you want to monitor the process instances that are being run only by the users that are specified in the Acceptable Process Owners field.
NOTE
The PATROL Agent default account must have the Administrator rights to get the process owner information.
7 Click on Add.
For more details about adding a process, see the PATROL KM for Microsoft Windows online Help.
Chapter 3
119
The processes you selected are removed from the list of running processes and are added to the list of monitored processes that are shown on the left pane of the Configure Process Monitoring window. The processes you selected are added to the PATROL console, beneath the NT_PROCESS application (labeled Processes). The PATROL Agent begins monitoring the process.
To configure how the process is monitored and managed, see To configure process control on page 121. You can also perform the following functions using the Configure Manual Process
Monitoring menu command:
s
To modify a monitored process, select Configure Manual Process Monitoring => Process Settings.
To configure automatic process monitoring 1 Access the NT_PROCESS application menu (labeled Processes) as described in
Accessing KM commands and InfoBoxes on page 214, and choose the KM menu command Configure Automatic Process Monitoring.
3 Click Apply.
When any process consumes high CPU for a period longer than what you specified, PATROL begins monitoring the process and adds the process to the PATROL console, beneath the NT_PROCESS application (labeled Processes).
120
If a problem occurs
If the Processes folder is not displaying or it does not contain any processes, check the annotation of _DiscoveryStatus and _CollectionStatus parameters of the NT_OS application class.
2 For the length of time specified for high CPU utilization, enter any negative
number.
3 Click Apply. To configure process control 1 Access the NT_PROCESS application menu (labeled Processes) as described in
Accessing KM commands and InfoBoxes on page 214 and choose the KM menu command Configure Process Monitoring.
2 From the Configure Process Monitoring window, select the monitored process that
you want to configure.
3 Select the appropriate options, described in Table 27 on page 122, and then click
Apply.
Chapter 3
121
Table 27
Option
Restart the process using the specified command when the process is stopped Terminate the process when the process CPU% utilization exceeds the defined PATROL threshold
If you check this option, PATROL terminates the No process when it appears to be in a run away state. This state is defined by the following criteria:
s
TimeLimitForKillR unAwayProcess
the CPU% utilization exceeds the threshold specified by the agent configuration variable AlarmThreshold. For more information about this variable, see AlarmThreshold on page 219. the process exceeds this threshold for the specified length of time
When the process exceeds the threshold for the specified length of time, the process is terminated during the next collection cycle, whose scheduling is determined by the parameter PROCProcessColl. By default, PROCProcessColl collects data every 5 minutes. Generate a PATROL Alarm If you select this option, the PATROL Yes when the process is NT_PROCESS parameter PROCStatus enters an terminated alarm state when the process is terminated. Generate a PATROL Alarm If you select this option, the PATROL No when the process is started NT_PROCESS parameter PROCStatus enters an alarm state when the process is started. EnableAlarmIfProc essDown EnableAlarmIfProc essStarts
122
Example 1
If a process called Notepad was added without any arguments, the new process instance path will be created as NOTEPAD_NO_ARGUMENT. All the Notepad instances that were running without arguments will be monitored as a single instance and the instance parameters will display the consolidated values of all the instances.
Example 2
If a process called Notepad was added with any arguments, the new process instance path will be created as NOTEPAD_ANY_ARGUMENT_LIST. All the running Notepad instances on a managed node will be monitored as a single instance and the instance parameters will display consolidated values for all the instances.
Example 3
If a process Notepad was added with specific arguments, the new process instance path will be created as NOTEPAD_ARGUMENTS. All the instances that were running with the same arguments on a managed node will be monitored as a single instance and the instance parameters will display consolidated values for all the instances.
To view process details 1 From the NT_PROCESS application instance, right-click the process instance for
which you want to view details, and choose KM Commands => View Process Details. A new PSL task is created containing the process name.
2 Double-click the PSL task for the process to view process details.
Chapter 3
123
To modify a process instance 1 From the KM commands for the NT_PROCESS application instance, right-click the
process instance that you want to modify, and choose KM Commands => Modify Process Instance.
2 In the Modify Process Instance dialog box, modify the Minimum count field to
change the minimum process count threshold.
3 Modify the Maximum count field to change the maximum process count threshold. 4 In the Acceptable Process Owners field, perform one of the following actions:
s s
Enter a regular expression for the users who can run the process. Enter the name of the user who can run the process.
5 Modify the state of the Use Owner Filter check box if you want to change the filter
settings.
6 Click OK.
To create custom parameters using the expression entry wizard 1 Access the NT_CompositesColl application menu as described in Accessing KM
commands and InfoBoxes on page 214, and choose the KM menu command Create Expressions.
2 From the Create Expressions dialog box, enter a name for the expression
(parameter).
124
3 Follow the instructions provided in the wizard. For more information, click the
Help button.
After you complete the wizard, the new composite parameter is displayed on the console beneath the NT_Composites application (labeled Composites).
4 From the Select Event Range list, select the range for the number of events to
display. The details of the latest events are displayed in the Windows Event Viewer dialog box, as described in Table 28.
NOTE
For optimizing performance of event retrievals, the Windows Event Viewer dialog box displays a maximum of 100 events at a time. By default, the Windows Event Viewer dialog box retrieves the latest 100 events for the selected event type. If you select the range for the events, the Windows Event Viewer dialog box retrieves the latest events for the selected event type, based on the range.
5 To view details pertaining to a particular event, select the event in the Windows
Event Viewer dialog box and click View.
Chapter 3
125
Table 28
Field Type
date of the event time stamp of the event application that triggered the event ID for the event category of the event user account from which the event is generated computer from which the event is generated
To configure Blue Screen monitoring 1 Access the NT_BSK application menu as described in Accessing KM commands
and InfoBoxes on page 214, and choose the KM menu command Configure Blue
Screen Monitoring.
Event (ID 6008) to monitor only the 6008 event id. Crash Dump to monitor only the crash Dump. Default to monitor crash dump or event as per registry configuration.
126
The PDStatus parameter goes into an alarm state when a physical disk is removed, and it provides you the name of the removed disk. The LDStatus parameter goes into an alarm state when a logical disk is deleted, and it provides you the name of the deleted disk. The RemovedPDList variable provides a list of the removed physical disk instances. The DeletedLDList variable provides a list of the deleted logical disk instances.
To acknowledge the alarms 1 Access the NT_PHYSICAL_DISK_ CONTAINER and the NT_LOGICAL_DISK_
CONTAINER applications menu as described in Accessing KM commands and InfoBoxes on page 214.
You can use the NonAggregateParamValue variable to change these parameters, so that they do not consider the mount points on a particular drive instance. This variable is located at
PSX_P4WinSrvs/PWK_PKMforMSWinOS_config/LogicalDiskMonitoring/NonAggregate ParamValue.
1 = values shown for a particular drive instance do not consider the mount drives 0 = value shown is an aggregate of a particular drive instance and all of its mount drives
Chapter 3
127
128
Recovery action Backup and Clear Event Log (PATROL KM for Microsoft Windows OS) Start Windows Management Instrumentation Service Check (PATROL KM for Microsoft Windows OS) Clean Temporary Directories (PATROL KM for Microsoft Windows OS) Terminate Process (PATROL KM for Microsoft Windows OS) Restart Process (PATROL KM for Microsoft Windows OS)
NT_EVLOGFILES\ELMEvFileF Backs up the event log file reeSpacePercent and clears all events.
NT_HEALTH\WMIAvailability Restarts the WINMGMT service when PATROL determines that it is unavailable.
Yes
No
NT_PROCESS\PROCProcessor TimePercent
No
NT_PROCESS\PROCStatus
Attempts to restart the process. Note: The process is restarted under the PATROL Agent default account, even if the process was previously started under a different account.
Yes
NT_SERVICES\ServiceStatus
Yes
NT_REMOTE_SERVERS\MsPat Attempts to restart the Restarting a PATROL PATROL Agent on the Agent on a remote server rolAgentStatus remote machine after recovery action alarming for 2 collection cycles. (PATROL KM for Windows Domain)
No
Chapter 3
129
Table 29
Recovery action Increase connections to DFS root recovery action (PATROL KM for Windows Domain)
NT_DFS_ROOT\DfsConnection Increases the connection Percent share limit to DFS Root after alarming for 2 collection cycles.
NT_WINS_PARTNER\WpRepli Cleans up the WINS No Replication Failure: database after alarming for 2 Initiate WINS Scavenging cationFailures collection cycles. (PATROL KM for Windows Domain) Increase connections allowed to share (PATROL KM for Windows Domain) PAWorkRateExecsMin Recovery Action (PATROL KM for Microsoft Windows OS) NT_Shares\ShConnPercent Increases the share connection limit after the ShConnPercent parameter alarms for 2 consecutive collection cycles. No
PATROL_NT\PAWorkRateExec sets the scheduling policy sMin value to 9 (Schedule Force Delta and Schedule From End). When the parameter goes out of the alarm state, the scheduling policy value returns to the default value of 1.
Yes
130
To configure recovery actions 1 Access the host application menu as described in Accessing KM commands and
InfoBoxes on page 214 and choose the KM menu command Configure Recovery
Actions.
2 From the list of recovery actions, highlight the desired recovery action and click
Accept.
3 From the list of recovery action instances, highlight the instance and click Edit. For
information about which instance to select, see Table 30. Table 30
Purpose configure the recovery action for a specific instance (for example, a monitored process)
configure the recovery action for all instances (for the recovery action that displays an example, all monitored processes) asterisk (*) in the INSTANCE column
4 From the Edit Recovery Action dialog box, choose from the settings described in
Table 31 on page 131. Table 31
Setting Run automatically
Run only with If you select this mode, PATROL prompts you operator confirmation before running the recovery action. Note: If you select this option, be sure to keep a console connected to the PATROL Agent on the managed machine. If you have no console connection, PATROL is unable to prompt you. Do Not Execute If you select this mode, PATROL does not perform the recovery action.
Mode
Chapter 3
131
Table 31
Setting
If the recovery action is configured in Run Attended Wait mode, this setting specifies the amount of time PATROL waits for confirmation to run the recovery action. If you do not provide confirmation within the allotted time, PATROL does not run the recovery action.
NOTE
For more information about the recovery action and its configuration options, click the Help button.
NOTE
The PATROL KM for Event Management also provides you with the ability to configure other types of notification, such as trouble-tickets or other custom alerts. You can also use it to forward events to an enterprise console. For more detailed information about the functionality provided by the PATROL KM for Event Management, see the PATROL KM for Event Management User Guide.
132
1. Define the notification script and edit as necessary. 2. Define the notification servers. 3. Assign notification servers to the remote agents. 4. Define notification targets for PATROL alerts.
a Windows batch file that you must edit before use, which can send any of the following types of notification: SMTP e-mail message by means of a Visual Basic (VB) script (provided) MAPI e-mail message by means of a Visual Basic (VB) script (provided) SMTP e-mail message by means of Blat (not provided) Blat is a free command-line e-mail client, that you can download from the Web. You can also use any other SMTP-based, command-line e-mail client if you edit the batch file accordingly. For more information, see Editing scripts on page 135.
NOTE
The PATROL for Microsoft Windows Servers has been tested with Blat version 1.7.
Chapter 3
133
Table 32
Script
MAPI VB Script
send_mapi.vbs This VB script is called from AS_EVSLocalAlertNotify.bat. This script uses an ActiveX control.
Perl Script
AS_EVSLocalAlertNotify.pl
Script requirements
To use these Windows scripts, the server sending the notification must meet the requirements shown in Table 33 on page 134. Table 33
Script Batch File Script
Perl Script
134
Editing scripts
Before using the sample scripts, you must edit them.
If you use a third-party command-line e-mail client or if you want to use the script to perform other types of notification, such as paging or trouble tickets, you must add the code to the script that calls the e-mail client or appropriate notification utility.
Chapter 3
135
' Enter the Mail Server name [FQDN/IP Address] iConf.Fields("http://schemas.microsoft.com/cdo/configuration/smtpserver") ="mail.bmc.com" ' Enter the SMTP Server Port number iConf.Fields("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25
which servers will send notifications (act as notification servers) to whom e-mail or paging notifications are sent (targets) which servers will monitor the notification servers for availability which notification servers will be monitored for availability where to place notification rules (notification server or monitored agent)
Once you have configured a primary and backup notification server, you can use the PATROL Configuration Manager to copy the settings to the other notification servers. If you use this method, make sure that you use the same notification script file name and directory path on all notification servers.
Providing security
To improve security, create an operating system account on the notification server systems to be used specifically for remote notification. This configuration avoids having to use the PATROL login, which may be common throughout your environment. You can configure the notification server so that it is unable to fully login to the notification server system by using the operating system. For example, on UNIX, give the notification server login an invalid login shell, such as /bin/false.
To configure a notification server 1 From the PATROL console, access the managed system you are using as your
notification server and display the KM menu commands as described in Accessing KM commands and InfoBoxes on page 214.
3 Use the Quick Config - Notification Server dialog box to specify the notification
server properties. These properties are described in Table 34:
Chapter 3
137
Table 34
Property
the complete path and filename of the notification script or command used to send notifications specifies whether you want to perform an alert test after the changes are accepted If this is your first time using the PATROL for Microsoft Windows Servers, you should perform an alert test and verify that the notifications are received.
4 Define the notification server properties and click Accept. 5 Repeat this task for the server you are using as the backup notification server.
NOTE
Notification servers are not required. Remote agents can send their own notifications. However, there are considerable benefits to using notification servers. For more information, see Why use a notification server? on page 136.
138
NOTE
You must use the PATROL KM for Event Management to complete this task. This functionality is not available in PATROL Configuration Manager. However, once you configure one notification server, you can use the PATROL Configuration Manager to copy your configuration to other notification servers. The configuration settings are stored in the following variables:
s s s s
To assign notification servers to remote agents 1 From the PATROL console, access the remote agent menu commands, as described
in Accessing KM commands and InfoBoxes on page 214.
2 Choose the KM menu command Event Management => Quick Config => Remote
Agent.
4 Use the Primary Notification Server Settings dialog box to specify the properties of
the primary notification server for the managed system. The properties are described in Table 35 on page 139. Table 35
Property
Notification Server Hostname the hostname or IP address of the primary notification server for the selected managed system To avoid DNS resolution problems, use the IP address. Notification Server Agent Port Notification Server User Name the port number of the notification server that the selected managed system will use the user name that the selected managed system will use to connect to the notification server
Notification Server Password the password that the selected managed system will use to connect to the notification server
Chapter 3
139
Table 35
Property
5 Define the primary notification server properties, and click Accept. 6 Click BACKUP NOTIFICATION SERVER SETTINGS.
Use the Backup Notification Server Settings dialog box to specify the properties of the backup notification server for the managed system. The properties are described on Table 35.
7 Enter the backup notification server properties, and click Accept. 8 Repeat this task for each remote agent.
Use the PATROL Configuration Manager to quickly configure all remote agents at one time. See the PATROL Configuration Manager User Guide for more information about the PATROL Configuration Manager.
To assign notification targets 1 From the PATROL console, access the host KM menu commands, as described in
Accessing KM commands and InfoBoxes on page 214.
2 Choose the menu command Event Management => Alert Settings => Notification
Targets => Email => Local Targets ANY STATUS => Set For Parameters.
140
4 Select the application instance of the parameter and click Accept. 5 Select the parameter and click Accept. 6 Enter the e-mail address of the target for this alert and click Accept.
You can set other types of notification targets using the same procedure, but you choose a different menu command in Step 2. For example, Paging instead of Email.
If a problem occurs
If you have problems configuring e-mail notification, see the PATROL KM for Event Management User Guide. This document contains detailed configuration instructions, usage scenarios, and troubleshooting information.
replication context names of the domain controllers that failed to replicate or that did not replicate in a timely manner
For example:
Chapter 3 Loading and configuring PATROL for Microsoft Windows Servers 141
Replication Context: CN=Configuration,DC=cookies,DC=inc Domain controllers that failed to replicate data to the local domain controller: chocolate.factory.cookies.inc lemon.factory.cookies.inc pecan.cookies.inc
Replication Context: DC=factory,DC=cookies,DC=inc Domain controllers that failed to replicate data to the local domain controller: lemon.factory.cookies.inc
Loading the PATROL Wizard for Microsoft Performance Monitor and WMI
Before you can create new parameters by using the PATROL Wizard for Microsoft Performance Monitor and WMI, you must load the KM files on your PATROL console. Load the NT_PERFMON_WIZARD.kml file as described in the Loading the PATROL for Microsoft Windows Servers KMs on page 91.
142
The Performance Monitor Wizard and WMI Wizard application icons appear in the console.
NOTE
After you have created new parameters on a particular PATROL Agent, other PATROL console users will not be able to see the new parameters that you created until they load the NT_PERFMON_WIZARD.kml file.
2 Choose the Create Parameter menu command to display the Create Performance
Monitor Parameter dialog box.
3 From the Select Performance Object to monitor dialog box, choose a Performance
Object from the list, and click Next.
Counters and instances for the selected performance object display in the Available Counters and Available Instances tables.
4 Select the counters you want to monitor from the Available Counters table by
clicking the counter names. Selected counters appear highlighted.
5 Select the instances you want to monitor from the Available Instances table by
clicking the instance names. Selected instances appear highlighted.
6 Click Create to display the Select Performance Object to Monitor dialog box. 7 Click Done to create the parameters.
The dialog box closes and PATROL creates your new parameters. If you want to create new parameters over again, click Next. Continue with step 3.
Chapter 3
143
2 Set a border range for an alarm or warning in the following fields, for the
parameters that need thresholds:
s
Border Minimum
s s
Type the lower-bound warning value in the Warning Minimum field. Type the lower-bound alarm value in the Alarm Minimum field. Type the upper-bound warning value in the Warning Maximum field. Type the upper-bound alarm value in the Alarm Maximum field.
Border Maximum
s s
3 Click OK.
If a problem occurs
When monitoring a Performance Monitor counter whose value is normally less than 1, you cannot specify meaningful alarm ranges since alarm ranges must be integers. However, you can customize the parameter so that the value displayed in PATROL is an integer.
2 Choose the Create Parameter menu command. 3 In the WMI Wizard dialog box, type a name for the WMI-based parameter you
want to create in the Parameter Name field.
144
EXAMPLE
select NumberOfProcesses from Win32_OperatingSystem or select CurrentSize from Win32_Registry
For WMI classes that begin with Win32_PerfRawData, the query must return a number for a single WMI property. For more information, see WMI queries for the WMI classes that begin with Win32_PerfRawData on page 146.
EXAMPLE
select VirtualBytes from Win32_PerfRawData_PerfProc_Process where Name=Idle
5 Select the Formatted Data check box to normalize and display formatted
performance data.
NOTE
You can select this check box only for Win32_PerfRawData WMI classes. See Performance counters supported through Win32_PerfRawData WMI class on page 146.
6 In the Scaling Factor text box, enter a value between 0 and 2147483647 to scale down
values that cannot be directly set to parameters, such as WMI queries that return 64-bit integer values.
EXAMPLE
If you specify the Select CommittedBytes from Win32_PerfRawData_PerfOS_Memory WMI query for a parameter specific to memory, enter a scaling factor of 1024. Thus, the returned value is divided by the specified scaling factor. Similarly, if the parameter is specific to time, you can enter a scaling factor of 1000 to convert a return value in milliseconds to seconds.
NOTE
By default, the scaling factor is 1. For 64-bit performance counters, if the return value of the WMI query is greater than 32-bit, you must scale down the values to get appropriate results.
7 Click Next to set alarm thresholds for the parameter that you are creating.
The Set Alarm Thresholds dialog box is displayed.
Chapter 3
145
Type the lower-bound warning value in the Warning Minimum field. Type the upper-bound warning value in the Warning Maximum field. Type the lower-bound alarm value in the Alarm Minimum field. Type the upper-bound alarm value in the Alarm Maximum field.
9 Click Create to create the parameter according to the SQL Query that you entered
and close the dialog box.
s s s s s s
PERF_COUNTER_COUNTER PERF_COUNTER_BULK_COUNT PERF_COUNTER_LARGE_RAWCOUNT | PERF_COUNTER_LARGE_RAWCOUNT_HEX PERF_COUNTER_RAWCOUNT_HEX | PERF_COUNTER_RAWCOUNT PERF_100NSEC_TIMER PERF_100NSEC_TIMER_INV PERF_ELAPSED_TIME PERF_PRECISION_100NS_TIMER PERF_COUNTER_100NS_QUEUELEN_TYPE
WMI queries for the WMI classes that begin with Win32_PerfRawData
The KM enables you to execute the WQL queries for 64-bit counters and monitor the counters by using the wizard. It helps you verify whether the system on which the application is running is 32-bit or 64-bit, and correspondingly connect to a 32-bit or 64-bit WMI provider. You must enter a valid WMI query in the Enter a WQL query text box of the WMI Wizard dialog box. The query must return a number for a single WMI property.
146
EXAMPLE
Valid WMI Query: Select VirtualBytes from Win32_PerfRawData_PerfProc_Process where Name=Idle This returns the result for VirtualBytes for Idle process. Invalid WMI Queries:
s
Select * from Win32_PerfRawData_PerfProc_Process This returns the data for all the properties of Win32_PerfRawData_PerfProc_Process wmi class for all the instances. * indicates all the properties for a particular WMI class. Select VirtualBytes, PageFaultsPersec from Win32_PerfRawData_PerfProc_Process where Name=Idle You cannot add two WMI properties such as VirtualBytes and PageFaultsPersec in a WQL query. Comma separated queries are invalid.
To verify whether a particular query returns a single instance or multiple instances, use wbemtest provided by Microsoft as shown in the following steps:
1 Go to Start => Run => wbemtest 2 Click Connect. 3 Enter the Namespace such as \\root\cimv2. Click Connect. 4 Click Query. Enter a query, Select * from Win32_PerfRawData_PerfProc_Process.
Verify the record set returned by wbemtest. If there are multiple instances, you need to add the where clause appropriately.
If the PATROL KM for Microsoft Windows OS is loaded and the PATROL KM for Log Management is loaded, the PATROL KM for Log Management will begin collecting data immediately.
Chapter 3
147
file size - stored in the LOGFileSize parameter growth rate - stored in the LOGGrowthRate parameter content age
The default list of monitored files may be added to or removed completely depending on your needs. The PATROL KM for Log Management supports the following five types of files:
s
Text Files Text files are only read if they have been modified since the last scan. Command Scripts Command scripts are executed each scan cycle and the resulting output is treated as a log file. Named Pipe (or FIFO) Named pipes are opened and kept open for reading. Only blocking pipes are supported. The data is read from the pipe a line at a time and accumulated in a secondary log file. This secondary file is treated like a normal log file. Binary Files Binary files are read with the use of a user-specified filter program. Binary files are only read if they have been modified since the last scan. XML files XML files are only read if they have been modified since the last scan. XML files are always read from the beginning.
This section describes how to configure the PATROL KM for Log Management so you can begin monitoring log files in your environment. The following table lists the topics covered in this section.
Task Stop and start monitoring all default log files Stop monitoring a log file Start monitoring a log file Change the setup of a monitored file Filter log file messages (create a search string) Generate a custom event when a search string is identified Configure recovery actions for a log file Page 149 149 150 156 157 160 164
148
To stop or start monitoring this log file 1 Access the LOG application menu as described in Accessing KM commands and
InfoBoxes on page 214.
2 Select Enable/Disable Default Log Monitoring. 3 In the Default Log Monitoring dialog box, to stop monitoring the default log file,
clear the Enable Default Log File Monitoring check box.
NOTE
The Default Monitoring dialog box only enables and disables monitoring for the log files that the PATROL KM for Log Management monitors by default. This dialog box does not control monitoring for log files that you add to the list of monitored files. To add or remove log files to the list of monitored files, see Start monitoring a log file on page 150 and Stop monitoring a log file.
1 Access the LOGT application menu for the log file that you no longer want to
monitor, as described in Accessing KM commands and InfoBoxes on page 214.
Chapter 3
149
To monitor a text log file 1 Access the LOG application menu as described in Accessing KM commands and
InfoBoxes on page 214.
2 Select Add Instance. 3 In the Add Instance dialog box, select TEXT Instance and enter a label for the text
log file that you want to start monitoring. The log icon label must be 50 characters or less and cannot contain any spaces.
4 Click Accept. 5 In the Add File for Label: instanceName dialog box, enter the full path and file name
for the text file you want to monitor, in the File/Pipe Name text box.
NOTE
s
To monitor log files that have dynamic names, use the * and ? regular expressions to define the file name. For example, if a log file is named backup_date.log, where date changes each day, enter the log file name as backup_*.log.
6 Enter a logical name for the LOGMON instance that you want to monitor, which
appears in the event manager.
7 Select the Contains Environmental Variables check box to enter a path defined by an
environment variable that is resolved at runtime. If you select this check box, environment variables in the text file path are resolved. Otherwise, the text file is treated as a pure file name.
8 Select either of the File Type options: Text File, Script, Named Pipe, or Binary File. 9 In the Filter Program text box, enter the path and name of the filter program that is
reading the file specified in the File/Pipe Name field.
150
NOTE
In case of a Binary file type, PATROL KM for Log Management does not accept arguments.
10 (Optional) If you want to scan the entire text file on each scan, rather than scanning
only the new content, choose the Always Read at Beginning check box.
NOTE
The text file will only be scanned if the file changes.
11 (Optional) If you are monitoring a dynamically named file and you want to
monitor all of the files using the dynamic name specified in the File/Pipe Name field, rather than just the latest file, choose the All option.
12 (Optional) Select the Generate Alarm if File not modified in check box if you want
the LOGMON instance to ALARM if the monitored file is not modified periodically. Specify the time in minutes after which you want the KM to alarm if the file is not modified, in the Minutes text box.
13 Specify the default settings for a search criterion. In the Threshold # 1 text box,
specify the minimum number of text search string matches in a polling cycle required to produce a specified state. To search for a minimum number of text strings across a number of polling cycles, enter values in the x:y format; x represents the minimum number of text string matches, and y represents the total number of polling cycles.
14 In the Threshold # 2 text box, specify the minimum number of text search string
matches required to produce a specified state. You can specify a different state and a different number of matches from Threshold # 1. Threshold # 2 should be higher than Threshold # 1. To search for a minimum number of text strings across a number of polling cycles, enter values in the x:y format.
15 Select the state that you want the KM to exhibit when a threshold is
reachedNone, OK, Warn, or Alarm.
EXAMPLE
If you want the KM to go into Alarm when the search string is found 3 times in the monitored file, then you would set the value of Threshold # 1 to 3 and select Alarm from the State list.
Chapter 3
151
16 (Optional) In the Custom Event Message text box, specify the message that you want
displayed in the events when your search string conditions are satisfied.
17 In the Custom Event Origin text box, specify the customized origin for events. If you
do not specify the origin, the product uses the instance name as the default origin of events, which is APPCLASS.INSTANCE.textFileName. You can use built-in macros (except the %x[-%y] macro) as the customized origin for events.
18 In the Number of Lines in Log Entry text box, specify the number of lines that you
want to be displayed when a match is found.
EXAMPLE
If you want to determine when a disk is full and where the disk is mounted, you would enter Error: Disc Full as the search string and 2 as the value of Number of Lines in Log Entry so that when a disk is full, the product displays a message similar to the following one in LOGMatchString text parameter: Id=id1 031605: Error: Disc Full Id=;MatchedLines /hd001 mounted as /opt SUMMARY:id1=1;
NOTE
If either, the search string or the nullify string, occurs again within the number of lines selected to be displayed, the KM does not find the instances of the search strings for all the search identifiers.
19 In the Nullify Alarm/Warn String text box, specify the string that is used to nullify
the alarm for the dual search feature. You can configure dual search for an instance so that the KM goes into the alarm state when any of the search criteria is found in the monitored file and nullifies the alarm when the nullify string is found in the monitored file. You must specify the first string in the String1 text box (in the Configure Search Criterion: instanceName dialog box) and the nullify string in the Nullify Alarm/Warn String text box. For nullified customized events, the default custom event message is used (as provided in the Custom Event Message text box).
EXAMPLE
If you specify Alarm up in the String1 text box and Alarm down in the Nullify Alarm/Warn String text box, the KM goes into an alarm state when Alarm up is found in the monitored file and the alarm is nullified when Alarm down is found in the monitored file.
152
20 If the KM goes into an alarm or a warning state because the search string is found
and you want the KM state to return to OK if the search string is not found on the next scan, select the Return to OK if no match found on next scan check box.
21 From the Scan Priority list, select a scan priority: Normal, Medium, or Low. 22 Click Continue. 23 (Optional) In the Configure Search Criterion: instanceName dialog box, in the Search
Criterion area, define a search criterion, specify a unique label in the Search Identifier text box, and configure a search string to define what type of messages
the KM should search for. The Search Identifier label appears in the search list and helps you identify the search criterion.
24 In the String text boxes, enter the regular expression for the first search string that
you want to search in the text instance (4096-byte limit).
25 (Optional) If you want the KM to alarm if a string is not present in the file, select
the Not check box.
NOTE
This option displays all the lines in the file that do not match the search string.
26 In the First Number text box, specify a number to specify a starting position of a
search range in the matched file.
27 Select an operator from the Op list. 28 In the Begin token text box, specify a valid beginning token value. 29 In the End token text box, specify a valid ending token value. 30 Select an operator from the Op list. 31 In the Second Number text box, specify a number to specify an ending position of a
search range in the matched file line.
32 You can custom-define a search criterion with settings that are different from the
default settings in the Add File for Label: instanceName dialog box. To do so, select the Override default setting check box and custom-define the settings for each search criterion as described in step 13 through step 17 on page 152.
Chapter 3
153
33 Select the Add option and click Update for the KM to populate the search criteria in
the Search list.
34 Click Done.
Once the search string is found in the file, the KM generates an alarm.
NOTE
If you do not specify a search string, the LOGErrorLvl parameter will not be set. When the LOGErrorLvl parameter is not set for a period of time, no data for specified range messages are displayed in BMC PATROL history. If you did not specify a search string, this message is benign.
35 PATROL adds the new log file name to the list of monitored files and displays the
new log instance in the Desktop tree tab.
36 (Optional) If you want to further configure the log file, access the LOGT
application menu as described in Accessing KM commands and InfoBoxes on page 214.
38 (Optional) Select Advanced Features => Schedule Log Scan to configure the KM to
scan the file at different schedules.
NOTE
This option is not available if you are monitoring an XML file.
154
42 Click Accept.
PATROL adds the new log file name to the list of monitored files and displays the new log instance in the Desktop tree tab. For more information about monitoring text log files, see the BMC PATROL Knowledge Module for Log Management User Guide.
To monitor an XML file 1 Access the LOG application menu as described in Accessing KM commands and
InfoBoxes on page 214.
2 Select Add Instance. 3 In the Add Instance dialog box, select XML Instance and enter a label for the XML
file that you want to start monitoring. The log icon label must be 50 characters or less and cannot contain any spaces.
4 Click Accept. 5 In the Add File for XML Monitoring dialog box, enter the full path and file name
for the XML file you want to monitor against XML elements that you provide, in the XML File text box.
NOTE
To monitor log files that have dynamic names, use the * and ? regular expressions to define the file name. For example, if a log file is named backup_date.log, where date changes each day, enter the log file name as backup_*.log.
6 Optional) If you are monitoring a dynamically named file and you want to monitor
all of the files using the dynamic name specified in the XML File field, rather than just the latest file, choose the All file disposition option to monitor all of the files.
7 (Optional) In the Search Criteria area, enter an identification label for the XML
search criterion in the Search Identifier text box. This must be unique for an XML instance. You can use the same search identifier in other XML instances, but not in the same XML instance.
9 Define thresholds and states for each search XML search string.
Chapter 3
155
Once the search string is found in the file, and the match count is greater than or equal to the threshold, the KM generates an alarm. For more information about configuring search strings, see Filter log file messages (create a search string) on page 157.
10 In the Custom Event Message text box, define how you want the product to respond
when the specified search criterion is satisfied. The custom event must consist of string literals and the elements in the XML search string.
13 (Optional) Select Advanced Features => Schedule Log Scan to configure the KM to
scan the file at different schedules.
14 From the Scan Priority drop-down list, select a scan priority: Normal, Medium, or
Low.
156
1 Access the LOGT application menu for a text or XML instance, as described in
Accessing KM commands and InfoBoxes on page 214.
2 Select Modify Instance. 3 Depending on the type of log instance, on the Change file for Label: instanceName
or Change file for XML Monitoring, make any desired changes to the setup options for the selected log file.
4 Click Update.
text or XML string, or pattern multiple strings or patterns numeric values number of string matches per scan of the log file corresponding alert severity (OK, WARN, or ALARM) when the specified string or pattern is found
String attributes
The search string can consist of one or two regular expressions and/or a numeric comparison. The results of these criteria are combined to determine a match. The maximum length for a string is 400 characters.
Chapter 3
157
If you are adding a new log file to be monitored, follow the steps in Start monitoring a log file on page 150. If you want to define a search string for an existing log file, follow the steps in Change the setup of a monitored file on page 156.
1 On the Add File for Label: instanceName dialog box or the Change File for Label:
instanceName dialog box, click Continue to go to the Configure Search Criterion: instanceName dialog box.
2 Enter a unique identification label for a search criterion in the Search Identifier text
box.
3 Enter a search string or regular expression in the String 1 text box. Select the NOT
check box next to the String 1 field if you want to identify file entries in which the string is not found. You can search for a literal word or phrase or you can use regular expressions to search for a type of message that has an identifiable format or pattern.
4 If desired, in the String 2 text box, enter a search string or regular expression. Select
the NOT check box next to the field if you want to identify files in which the string is not found.
158
The first number encountered is used. If no numbers are found, the numeric portion of the search string is ignored. The converted number is used as variable X in this mathematical statement: A op1 X op2 B A and B are fixed, user-supplied base 10 numbers. A is required, B is optional. 'op2' only applies when B is supplied. 'op1' and 'op2' can be one of these operators:
s s s s s s
less than, < greater than, > equal, = less than or equal, <= greater than or equal, >= not equal to, !=
6 Fill out or modify the rest of the dialog box fields as described in To monitor a text
log file on page 150.
1 In the Add File for XML Monitoring dialog box or the Change File for XML
Monitoring dialog box, enter an identification label for the XML search criterion in the Search Identifier text box. This label appears in the search list and helps you identify the search criterion. The label must be unique for an XML instance. You can use the same search identifier in other XML instances, but not in the same XML instance. You can only use aplha-numeric characters such as a-z, A-Z, 0-9, and up to a maximum of 20 characters.
2 In the XML Search String text box, enter the combination of XML elements and
values that you want to find in the monitored file.
3 Fill out or modify the rest of the dialog box fields as described in To monitor an
XML file on page 155.
Chapter 3
159
1 On the Add File for Label: instanceName dialog box, click Continue to navigate to
the Configure Search Criterion: instanceName dialog box.
2 In the First number field, enter 500. 3 From the Op drop-down list to the right of the First number field, select <. 4 In the Begin token field, enter 5. 5 In the End token field, enter 7.
The completed Search String section appears.
Event class LOGGeneral Event type WARN Event severity 3 Event origin LOGMON.inst.fname, where inst is the user-defined label of the log file and fname is the log file name.
Text entered in the Custom Event Message field can also be included in the event. Part or all of the matching log entries can be included in the custom event message.
160
The words of the message (represented by tokens separated by white space) will be identified by their ordinal position in the matched log file line, numbered left to right starting with 1. Word substitution will be identified in the custom event message text by using the % character. Ranges of words can be included, and are entered following a single % (for example, %2-5 would identify tokens 2 through 5 inclusive).
NOTE
If you want to have the % character appear in the message, enter %%. For example, entering Disk %3 is %5 %% full displays the 3rd and 5th strings in the match line, such as Disk /dev/sd0 is 45 % full.
For example, you might want to create a custom event message that would display when a service fails to initialize. To see how you would set up a custom event message for this example, see Example: defining a search string for print queue length on page 160.
NOTE
If you do not create a custom event message, you will still receive the standard event generated by the LOGErrorLvl parameter when your search string is found.
Specify a custom origin for the events in the Custom Event Origin text box. If you do not specify an origin, the KM uses the default origin, which is APPCLASS.INSTANCE.textFileName. You can use built-in macros (except the %x[-%y] macro) as the customized origin for events.
If you are adding a new log file to be monitored, follow the steps in Start monitoring a log file on page 150. If you want to set up a custom message for an existing log file, follow the steps in Change the setup of a monitored file on page 156.
Chapter 3
161
1 Depending on whether you are adding a new log file to be monitored or changing
an existing log file, access the either of the following:
s
Add File for Label: instanceName dialog box or the Change File for Label: instanceName dialog box Add File for XML Monitoring dialog box or the Change File for XML Monitoring dialog box
2 In the Custom Event Message text box, enter the text that you want to display when
your search string conditions are satisfied.
3 In the Custom Event Origin text box, enter the origin for the events. 4 (Optional) For a text instance, in the Number of Lines in Log Entry text box, enter the
number of lines to include from the log file in the message returned when a search string is found.
EXAMPLE
If you were searching for Disc Full errors, you could configure the KM to return two lines so that when the string Error: Disc Full is found, the KM returns the line matching that string and the next line, in the LOGMatchString parameter: Id=id1 031605: Error: Disc Full Id=;MatchedLines /hd001 mounted as /opt SUMMARY:id1=1;
NOTE
s
If either, the search string or the nullify string, occurs again within the number of lines selected to be displayed, the KM does not find the instances of the search strings for all the search identifiers. For example, if you specify that the KM returns four lines when it finds the search string Disc Full, and Disc full occurs in the first and third lines of the file, the KM counts only the first instance of Disc Full as a match.
If you want to ensure that all matches are found, leave the Number of Lines in Log Entry field blank.
5 In case of a text instance, if you want to define custom messages specific to a search
criterion, on the Add file for Label: instanceName dialog box, click Continue.
162
7 Select the Override default setting check box. 8 Specify a custom event message for the search criterion in the Custom Event
Message text box.
9 Specify an origin for the events in the Custom Event Origin text box. 10 Complete the remaining fields as described in Start monitoring a log file on
page 150.
Example: creating a custom event message that displays when a service fails to initialize
This example shows you how to create a custom event message to display the following event message when a service fails to initialize:
GX6 component <ITD> failed initializing service it_execd,. See logfile \var\opt\GX6\log\it_execd.log, for details.
The sample log file entry looks similar to this (with the exception that a real log file entry would fit on one line):
"20030508_124352 <ITD> ExecInitialize failed (szServicesEntry: it_execd, szAccessControlList:\opt\GX6\etc\it_execd.acl, szLogFile: \var\opt\GX6\log\it_execd.log, usllSrv: 7)"
To create the custom event message, in the Custom Event Message Field, enter:
GX6 component %2 failed initializing service %6. See logfile %10 for details.
Example: Creating a custom event origin that displays the event origin according to Macros specified in the configuration
This example shows you how to create a custom event origin to display the event origin according to macros specified in the configuration. If you create an instance such as inst1 with a search identifier, id1:
%APPCLASS%.%INSTANCE%.%SEARCHID%
Chapter 3
163
The LOGGeneral and NOTIFY_EVENT Event Class will display the following Event Origin:
LOGMON.inst1PN0.id1
reduce the log file to 0 MB by deleting all the messages in the log file when the file reaches the size limit backup the file into the pmg_backup subdirectory located in the same directory as the monitored log file and reduce the log file to 0 MB
Each time the file is backed up, the backup file is written to the same directory with an incremental number appended to the log file name. For example, the first time that the error_log.txt reaches its size limit, PATROL creates a backup file named error_log.txt1. The next time that it reaches its limit, PATROL creates a backup file named error_log.txt2 and so on.
NOTE
BMC Software recommends that you periodically move the backup files to another location. The PATROL recovery action checks to make sure that the backup file name is not already in use. If hundreds or even thousands of backup files exist in the log directory, PATROL may take some time to complete this recovery action.
Recovery actions run automatically by default; however, you can configure them to require user confirmation if the Run Attended option button is set to Yes.
If you are adding a new log file to be monitored, follow the steps in Start monitoring a log file on page 150. If you want to configure a recovery action for an existing log file, follow the steps in Change the setup of a monitored file on page 156.
164
1 Access the LOGT application menu for a text or XML instance, as described in
Accessing KM commands and InfoBoxes on page 214.
2 Select Advanced Features => Configure Size Actions. 3 In the Configure Size Actions dialog box, in the Size Limit text box, enter the
number of bytes that the monitored file must exceed before PATROL executes the recovery action. For example, if the limit is 100 bytes, enter 100 in the Size Limit text box.
4 Select an Action option to specify a recovery action for PATROL to take when the
log file reaches the specified size limit:
s
NothingPATROL continues monitoring the log file but does not attempt to reduce its size. DeletePATROL reduces the log file to 0 MB by deleting all the messages in the log file when the file reaches the size limit. Backup and Delete PATROL backs up the existing log file and reduces the log
file to 0 MB
5 Click the Yes or No button to indicate whether PATROL runs attended (prompt an
operator for confirmation before performing a recovery action). For more information about the features and functionalities in PATROL KM for Log Management, see the BMC PATROL Knowledge Module for Log Management User Guide.
Chapter 3
165
These configurations each offer advantages and disadvantages. To decide which configuration best suits your environment, see Table 15 on page 74. Before configuring the PATROL for Microsoft Cluster Server components, you should verify that the software products are installed correctly. To verify that you have installed the appropriate software on the appropriate computers, see Installing PATROL KM for Microsoft Cluster Server on page 73.
1 From the PATROL Console, add the managed system that corresponds to your
cluster by choosing Host => Add.
2 From the PATROL Console, load MCS_Load.kml. For instructions on how to load
KMs, see Loading the PATROL for Microsoft Windows Servers KMs on page 91.
3 If the KM is not already configured, Microsoft Clusters - Setup appears as the label
under the MCS_Clusters application instance icon.
5 In the Authorized Account dialog box, enter an account that is a member of the
Administrators group on the local computer or cluster node. This account allows the cluster-level agent and external executables to access the cluster nodes you want to monitor. For internal cluster-level agents configurations, when requirements are met, the KM can use the PATROL agent default account. For more information about setting up the Cluster account, see PATROL KM for Microsoft Cluster Server account on page 48.
166
Task Displaying PATROL data by using the PATROL Adapter for Microsoft Office How to use the PATROL Adapter for Microsoft Office Built-in report templates
Displaying PATROL data by using the PATROL Adapter for Microsoft Office
This task describes how to start the PATROL Adapter for Microsoft Excel so that you can view server-based PATROL reports.
Microsoft Excel 97 (SR1, SR2, and SR2b) Microsoft Excel 2000 (SR1a, SP2, and SP3) Microsoft Excel Office XP (SP1, SP2, and SP3) Microsoft Excel Office 2003 (SP1)
To start the PATROL Adapter for Microsoft Office from Microsoft Excel 1 Start Microsoft Excel. 2 Choose File => New. 3 Choose the Spreadsheet Solutions tab. 4 Choose the Patrol Report.xlt template. 5 Click OK.
The New dialog box is dismissed and the Microsoft Excel macros message appears.
Chapter 3
167
7 See the PATROL Adapter for Microsoft Office User Guide for instructions on
generating a report.
NOTE
History reports are not available for PATROL Agents that are version 3.2.09. Please see the PATROL Adapter for Microsoft Office User Guide for more information regarding requirements and limitations of PATROL Adapter for Microsoft Office.
Report Name CPU Util - Weekly History CPU Util - Daily History
s s s s
Logical Disk - Weekly History percentage of free space available on the selected logical disk drive (the Logical Disk - Daily History value reported by the parameter LDldFreeSpacePercent) Memory - Weekly History Memory - Daily History number of megabytes of physical memory currently available to processes (the value reported by the parameter MEMmemAvailableBytes)
Table 38
s s s s s s s s s s s s s s s
Report name DHCP Lease Availability Daily History Report DHCP Lease Availability Monthly History Report DHCP Lease Availability Weekly History Report DHCP Server Utilization Daily History Report DHCP Server Utilization Monthly History Report DHCP Server Utilization Weekly History Report DNS Server Response Time Daily History Report DNS Server Response Time Monthly History Report DNS Server Response Time Weekly History Report DNS Server Utilization Daily History Report DNS Server Utilization Monthly History Report DNS Server Utilization Weekly History Report
NT_REMOTE_SERVERS reports regarding Remote Servers Connect Response Time Daily History daily, weekly, or monthly connection response Report times of remote domain servers Remote Servers Connect Response Time Monthly History Report Remote Servers Connect Response Time Weekly History Report Remote Servers Connection Status Daily Outage Report Remote Servers Connection Status Monthly Outage Report Remote Servers Connection Status Weekly Outage Report Shares Disk Usage Daily History Report Shares Disk Usage Monthly History Report Shares Disk Usage Weekly History Report Trust Domain Connectivity Daily Outage Report Trust Domain Connectivity Monthly Outage Report Trust Domain Connectivity Weekly Outage Report WINS Server Utilization Daily History Report WINS Server Utilization Monthly History Report WINS Server Utilization Weekly History Report NT_REMOTE_SERVERS reports regarding daily, weekly, or monthly connection outages of remote domain servers
s s s
s s s s s s s s s
NT_SHARES reports regarding daily, weekly, or monthly usage of network shares on the managed server NT_TRUST reports regarding daily, weekly, and monthly connection outages between trusted and trusting domains NT_WINS reports regarding daily, weekly, and monthly utilization of the Windows Internet Naming Service (WINS) on Windows servers
Chapter 3
169
Table 39
Report name MSMQ Message Rate - Daily History Report MSMQ Service Availability - Weekly History Report MSMQ Sessions - Daily History Report MSMQ Sessions - Weekly History Report MSMQ Total Msgs. Waiting - Weekly History Report
Report name Process Count Daily Summary Package Status Daily Summary Package Status 30-Day Summary Active Packages Daily Summary Aborted Transaction Daily Summary Aborted Transaction 30-Day Summary
170
If a .km file was preloaded (whether as part of a .kml file or not), unloading it does not stop the PATROL Agent from collecting data for that .km file. However, if the .km file was not preloaded, then unloading it does stop the file from running and collecting data on the PATROL Agent. If you no longer want the PATROL Agent to run a KM that was preloaded, you can remove its corresponding .kml file or .km files from the PATROL Agent preload list as described in Using wpconfig to remove KMs from the Agent preload list on page 96. When you remove a KM from the PATROL Agent preload list, the agent does not run the KM unless you load it with a running console. KMs that are not preloaded do not run unless a console is running.
To unload KMs with the PATROL Console for Microsoft Windows Servers 1 From the KM tab of the tree view, right-click the application class name that you
want to delete and choose Delete from the pop-up menu.
3 Repeat Step 1 and Step 2 until you have deleted all of the application classes
associated with the KM that you want to delete.
4 From the console menu bar, choose File => Save KM to save your changes. To unload KMs with the PATROL Console for UNIX 1 From the PATROL Main window, choose Attributes => Application Classes. 2 From the Lists of Application Classes window, click the name of the application
class that you want to delete.
3 From the List of Application Classes menu bar, choose Edit => Delete.
Chapter 3
171
The application class is removed from your cache directory and your console session file. The PATROL Console removes the application class name from the List of Application Classes.
4 Repeat Step 2 and Step 3 until you have deleted all of the application classes
associated with the KM that you want to delete.
5 From the List of Application Classes menu bar, choose File => Save KM to save
your changes.
To Unload KMs with PATROL Central Operator - Windows Edition 1 In the Common Tasks tab of the Operator Console Module Taskpad, click the
Unload Knowledge Module(s) icon.
2 To start the wizard, click Next. 3 From the Managed System screen, select the managed system. 4 From the Knowledge Modules screen, select the KMs that you want to unload. For
a description of the PATROL for Microsoft Windows Servers KMs, see Table 16PATROL for Microsoft Windows Servers .kml files on page 90.
1 From the Managed Systems page, click the Load/Unload KMs button.
The Load KMs page opens, listing each computer on which a PATROL Agent has been installed.
2 Select the computers from which you want to unload .km files, and click Next.
The Load KMs page displays a list of .km files. Currently loaded .km files are highlighted in the list.
3 Cancel the selection of the .km files that you want to unload. 4 Click Finish.
172
The console removes the .km files that you specified. These .km files will no longer be in the current management profile.
Chapter 3
173
174
Chapter
4
176 176 177 177 177 178 183 183 183 184 184 184 184 185 186 189 189 190 191 191
This chapter provides you with information that you will need to use the PATROL Cluster Configuration Wizard (also referred to as PCC). The following topics are discussed: Using the PATROL Cluster Configuration Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Preparing to use the PCC Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Access requirements for running the PCC Wizard . . . . . . . . . . . . . . . . . . . . . . . . Starting the PCC Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . How to use the PCC Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Post-PCC configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Manually configuring the PATROL Agent for clustering . . . . . . . . . . . . . . . . . . . . . . Install the application on each cluster node . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Install the PATROL Agent on each cluster node . . . . . . . . . . . . . . . . . . . . . . . . . . Assign a unique port number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Distribute license file. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Define the PATROL cluster-specific environment variables . . . . . . . . . . . . . . . . Create and register a new service for the PATROL Agent . . . . . . . . . . . . . . . . . . Define the PATROL Agent as a member of the group . . . . . . . . . . . . . . . . . . . . . PATROL cluster-specific environment variables for history and configuration . . . Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Unattended configuration of Cluster Configuration Wizard . . . . . . . . . . . . . . . . . . .
175
Overview
The PCC Wizard allows you to easily configure the PATROL Agent to monitor cluster-aware applications such as Microsoft Exchange Server. It does this by
s
configuring the agent to operate on a virtual server name and separate port storing the agent history and configuration data on cluster-shared media
Thus, in the event of a node failure, the agent will failover to another node with the monitored application, while providing a consistent view of the data being collected. For example, the history data is kept intact. The Wizard does not enable the monitoring of clustered resources. That functionality is handled by the PATROL Agent and the PATROL KM for Microsoft Cluster Server. The Wizard automates and simplifies cluster configuration of the PATROL Agent, and eliminates configuring the agent manually.
176
install PCC on any computer in the cluster domain install PATROL Agent on all nodes in the cluster know the user name and password of a cluster administrator account identify a group to install the PATROL virtual Agent into; this group will need to contain the following (at a minimum): Physical disk The PATROL virtual Agent stores history and configuration data on a standard cluster-shared disk which, if possible, should not be the quorum disk. Network name A network name resource provides an identity to the group in the form of a unique network name and IP address. This identity makes the group or the PATROL virtual agent accessible from the PATROL Console.
NOTE
The node that you run the PCC Wizard from should be the current owner of the group you select. This recommendation prevents some caution pop-up windows from appearing.
For information about how the PATROL Agent supports an application in a cluster environment and what type of failover tolerance it provides, see the PATROL Agent Reference Manual.
From Windows Start menu, choosing Start => Programs => BMC PATROL => PATROL Cluster Configuration Wizard. typing pcc from the Run command.
177
Service Name
Network Name
Port Number
Shared Drive
History Path
178
Table 41
RTSERVERS variable
Node(s)
creates a registry entry for the PATROL Agent service on each cluster node you select.
179
If you are installing the first resource, select Add one or multiple PATROL Agent resource(s). Adding a PATROL Agent as a cluster resource performs the following actions:
s s
Sets the required environment variables Registers the PATROL Agent with a new service name Adds the PATROL Agent to the cluster as a Generic Service resource type and sets the resource properties
3. Select the groups to which you want to add the agent and click Next.
You can select multiple groups. In most cases, the groups will correspond to the applications you want to monitor.
180
Dialog box
Notes If you do not know what names to use, accept the defaults. The port number must be a port that is not in use by any other process.
5. Verify that all nodes that you want to configure are selected and click OK. You are returned to the PATROL Agent configuration screen. Click Next.
You can select a node by clicking the node. All nodes are selected by default.
181
Dialog box
Notes
Your configuration of the PATROL Agent using PCC performs the following actions:
s
s s s s
s s s s
Registers the PATROL Agent service with a new service name within the Service Control Manager. Sets the registry parameters and port number. Sets the service startup to manual. Creates the resource of type Generic Service in the cluster. Sets the Generic Service resource properties to restart without affecting the cluster group; remaining properties have default values. Sets the service name parameter of the Generic Service and enables use Network Name for computer name. Creates PATROL Agent history and configuration files on shared disk. Creates environment variables for cluster nodes. Brings the newly created resource online if the selection box is checked. Sets resource dependencies on the specified Physical Disk and Network Name.
182
Post-PCC configuration
Post-PCC configuration
Now that you have finished using PCC to configure multiple PATROL Agents, you must perform some post-wizard configuration. Each of the group agents in the cluster need to monitor resources that are a only part of that group. The node agents should not monitor group resources. This generally requires using wpconfig to modify the disabledKMs list for each group agent, and configuring the remaining KMs to monitor only resources that are instances of that group. This also means that you only need to modify the preloadedKMs list using wpconfig to preload KMs that are appropriate for that node or group agent.
The information in this section provides a general idea of the processes involved in setting up a Windows cluster environment and integrating PATROL into that environment. Procedures and steps describing how to set up third-party software are intended as a general outline of the process for that product and are not intended as step-by-step instructions. Setting up PATROL to run in a Windows cluster environment consists of several standard tasks. The standard cluster administration tasks and the PATROL-specific tasks are described in general terms. This section provides a high-level overview of building a Windows cluster and integrating PATROL into that environment. The manual process defined in this chapter requires you to run multiple PATROL Agent executables on your CPU to monitor more than one application on the cluster.
183
one to monitor the nodes operating system one to monitor the cluster application
Install the agent once. Include only those Knowledge Modules that support the application and the operating system. Then see Create and register a new service for the PATROL Agent on page 185 for information about setting up a second agent to monitor the cluster application.
184
1 From the Windows Taskbar, select Start => Settings => Control Panel. 2 Double-click the System icon and select the Environment tab. 3 Enter the variable name and value in the appropriate fields and click Set. The
variables and their values are listed below. Repeat this step for the remaining variables. PATROL_VIRTUALNAME_PORT=VirtualServerName PATROL_HISTORY_PORT=Drive:\History_Directory PATROL_CONFIG_PORT=Drive:\Config_Directory For more information about specific variables, see PATROL cluster-specific environment variables for history and configuration on page 189.
1 Copy the PatrolAgent.exe in %PATROL_HOME%\bin directory. 2 Rename the executable. Use a name that indicates that the agent is an executable
dedicated to monitoring an application.
PatrolAgent-application_name.exe
Tue MON DD HH:MM:SS CCYY PatrolAgent-application_name PID 318 Success 1000: The PatrolAgent Service was successfully installed. The PatrolAgent COM Server registered sucessfully
NOTE
The PATROL Agent COM Server can be registered only once. Additional attempts to register it will fail; however, the multiple agent processes will run.
5 From the Windows Taskbar, select Start => Settings => Control Panel. 6 Double-click the Services icon and select application_name service from the list box.
Click Startup.
7 In the Startup Type pane, select the Manual radio button and click OK. The service
displays Manual in the Startup column.
NOTE
This task description uses Windows Cluster Management Software as an example. The steps describing how to set up the software are intended as a general outline of the process and are not intended as step-by-step instructions.
Perform the following task on only the master node of the cluster. The cluster software provides two methods for binding a service to a cluster: GUI or command line. Regardless of the method you choose, you must provide the information listed in Table 42. Table 42
Arguments cluster.exe clusterName RES "PatrolAgent for MyApplication"
186
Table 42
Arguments /ADDEP
NOTE
For each command, you must reenter the name of the cluster executable, the name of the cluster, the resource option, and the service name.
1 From the command line, issue the following command to name the service,
designate it as a resource of the cluster, create a group, and assign it a resource type of Generic Service.
cluster.exe clusterName RES "PatrolAgent for MyApplication" /CREATE /Group:MyGroup /TYPE:"Generic Service"
2 Add the disk that stores the PATROL Agent configuration and history information
as a dependency. This command instructs the cluster software to bring up the disk with configuration information before it attempts to start the PATROL Agent.
cluster.exe clusterName RES "PatrolAgent for MyApplication" /ADDDEP:"Disk MyGroupDisk"
187
3 Set the restart action. This command determines what the cluster does if an
application fails and is unable to restart. A value of one (1) indicates that if the application is unable to restart, the cluster will continue to run.
cluster.exe clusterName RES "PatrolAgent for MyApplication" /Prop:RestartAction=1
4 Identify the service name to the cluster software. The service name must be
identical to the service name assigned to the PATROL Agent executable on each cluster node.
cluster.exe clusterName RES "PatrolAgent for MyApplication" /Priv ServiceName="PatrolAgent-application_name"
5 Set the port number for the PATROL Agent bound to the cluster application. This
number must be the same as the number assigned as a suffix to the PATROL cluster-specific environment variables. For details about the PATROL cluster-specific environment variables, see Define the PATROL cluster-specific environment variables on page 184.
cluster.exe clusterName RES "PatrolAgent for MyApplication" /Priv StartupParameters="-p Port#"
188
Variables
Table 43 describes the purpose of PATROL cluster-specific environment variables. Table 43 PATROL cluster-specific environment variables
Description the location of history files If this variable is empty or doesnt exist, the agent writes the history files to PATROL_HOME\log\history\ host\portnumber. PATROL_VIRTUALNAME PATROL_VIRTUALNAME_PORTa an alias for the host name If this variable is empty or doesnt exist, the agent uses the host name to identify history data within the history files. PATROL_CONFIG PATROL_CONFIG_PORTa the location of the configuration files If this variable is empty or doesnt exist, the agent stores the configuration file in PATROL_HOME\config.
a
To manage multiple PATROL Agents running on separate ports, append the port number to the variable name. This situation occurs when PATROL Agents are bound to individual applications such as Oracle, Exchange, Sybase, etc. Each agent uses a separate port number.
189
Operation
When searching for configuration information and creating and writing to the history database, the PATROL Agent uses the following logic to check for the existence of PATROL cluster-specific variables. Table 44 Operation of configuration and history environment variables
Exists? Description yes PATROL_VIRTUALNAME_8888 exists, the agent writes history using the virtual name as the host name. Using the virtual name provides continuous history for an application regardless of which host the application is running on. The agent also uses the virtual host name to identify the configuration file changes and the history database. Configuration file changes are written to PATROL_HOME\config\config_virtualname_port.cfg. The history database is written to the subdirectory structure history\virtualname\port, which will be located in the directory pointed to by PATROL_HISTORY_PORT. no The agent writes history using the actual host name. If the application fails over, the agent writes history using the new agents name. Using the actual hostname creates gaps in the results of any dump_hist commands because the command does not recognize that the same application ran on different hosts. PATROL_CONFIG_8888 exists, then the agent reads configuration information from the location specified by this variable. The agent reads from the default directory, PATROL_HOME\config\config_virtualname or hostname-port PATROL_HISTORY_8888 exists, then the agent writes history to the location specified by this variable the agent writes to the default directory, PATROL_HOME\log\history\virtualname or hostname\port\
Configuration File
yes no
History Database
yes no
190
Example
The following example illustrates how the environment variables would be named for a host using port 8888. It also depicts the directory structure and file location.
Environment variables
PATROL_HISTORY=K:\doc\work\histdir PATROL_VIRTUALNAME=AliasHostName PATROL_CONFIG=K:\doc\work\config
Directory structure
For the values provided in the Environment Variables section of this example, the PATROL Agent stores configuration information and records the history data in the following directory structure:
K:\doc\work\histdir\AliasHostName\8888\annotate.dat K:\doc\work\histdir\AliasHostName\8888\param.hist K:\doc\work\config\config_AliasHostName-8888
If these variables do not exist or they are empty, the PATROL Agent stores configuration information and records the history data in the following directory structure:
%PATROL_HOME%\log\history\HostName\8888\annotate.dat %PATROL_HOME%\log\history\HostName\8888\param.hist %PATROL_HOME%\config\config_HostName-8888
191
You can edit the pcc.cfg file for the different cluster groups that you want to configure, for example:
s s
However, you need to specify the full path of the pcc.cfg file in the above commands.
192
Chapter
5
193 195 195 195 196 196 196 197 198
Introduction
PATROL KM for Windows supports monitoring of remote hosts using the Windows Remote Management (WinRM) functionality. The same set of parameters are used to collect information for the local host as well as the remote host. Figure 4 shows the collection architecture for remote monitoring.
Chapter 5
193
Introduction
Figure 4
The Windows Remote Management (WinRM) is the Microsoft implementation of WS-Management Protocol, a standard Simple Object Access Protocol (SOAP)-based, firewall-friendly protocol that allows hardware and operating systems, from different vendors, to interoperate. WinRM establishes a session with a remote computer through the SOAP-based WS-Management protocol. Data returned to WS-Management protocol are formatted in XML.
194
WinRM version 1.1 or 2.0 should be installed and running. WinRM should be configured with listener either on HTTP or HTTPS. Valid domain or local user who is a member of the Administrators group.
Authentication
Patrol KM for Windows client supports password based authentication for local and domain users. It uses the following network authentication protocols:
s
Kerberos authentication-The client and server mutually authenticate using Kerberos tickets. Kerberos is selected to authenticate a domain account. The user name should be specified as domain\username for a domain user. Negotiate authentication(NTLM)-The client sends a request to the server to authenticate. NTLM is selected for local computer accounts. The user name should be specified as username for a local user on a server computer.
Starting with Windows Vista, User Account Control (UAC) affects access to the WinRM service. When Negotiate authentication is used in a workgroup or domain, only the built-in Administrator account can access the service. To allow all accounts in the Administrators group to access the service, set the
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\LocalAccou ntTokenFilterPolicy registry key to 1.
Chapter 5
195
NT_REMOTE_CONTAINER => Is a container KM and hosts instances of all remote hosts. This container application class provides all the menu commands and tasks required to configure remote hosts for monitoring. The NT_REMOTE_CONTAINER application class is represented by Remote Monitoring in the PATROL console. NT_REMOTE_HOST => Contains application instances for each remote host. Each remote host contains the NT_OS container. The NT_REMOTE_HOST application class is represented by Host Name in the PATROL console.
NT_CACHE NT_CPU NT_CPU_CONTAINER NT_LOGICAL_DISKS NT_LOGICAL_DISKS_CONTAINER NT_MEMORY NT_OS NT_PAGEFILE NT_PAGEFILE_CONTAINER NT_SERVICES NT_SERVICES_CONTAINER
196
Figure 5 shows the object hierarchy for remote monitoring. Figure 5 Object hierarchy for remote monitoring
Chapter 5
197
Adding remote hosts: To add a remote host, from the Remote Monitoring container, choose KM Commands => Configure Remote Hosts, enter the details for the host, and choose the Add option. When you add a remote host with local computer account using Configure Remote Hosts menu command, the remote host gets added to the TrustedHosts list of WinRM. Modifying remote hosts: After you add a remote host, you can modify its details such as the assigned profile, username and password. To modify a remote host, from the Remote Monitoring container, choose KM Commands => Configure Remote Hosts, select the host and choose the Modify option. Removing remote hosts: After you add a remote host, you can remove the host to stop monitoring. To remove a remote host, from the Remote Monitoring container, choose KM Commands => Configure Remote Hosts, select the host and choose the Remove option. When you remove a host using Configure Remote Hosts menu command, it gets deleted from the TrustedHosts list only if the host was added with local compueter account. However, if you uninstall the KM, the remote host does not get deleted from the TrustedHosts list. In this case, you need to remove the host using the following winrm commands:
winrm set winrm/config/client @{TrustedHosts=host1host2host3..}
where host1, host2, and host3 are the remote hosts that you want to keep in the TrustedHosts list.
winrm set winrm/config/client @{TrustedHosts=}
s
Creating profile: You can create profiles that can be shared across different remote hosts. To add a profile, from the Remote Monitoring container, choose KM Commands => Configure Profiles, enter username and password, and choose the Add option. Modifying profiles: You can modify user name and password for a profile. To modify a profile, from the Remote Monitoring container, choose KM Commands => Configure Profiles, select the profile and choose the Modify option. Removing profiles: You can remove a profile as required. To remove a profile, from the Remote Monitoring container, choose KM Commands => Configure Profiles, select the profile and choose the Remove option.
For information about these tasks, see the PATROL KM for Windows online Help.
198
Chapter
This chapter contains information for troubleshooting PATROL for Microsoft Windows Servers. This chapter contains the following topics: PATROL KM for Microsoft Windows OS problems. . . . . . . . . . . . . . . . . . . . . . . . . . . 200 Process or job object data not displayed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200 PATROL Generates Event 560 and 562 in the Windows security event log. . . . 201 Event filter parameters not automatically acknowledged . . . . . . . . . . . . . . . . . . 201 Newly installed protocols are not discovered. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201 Event log summary instance cannot be removed . . . . . . . . . . . . . . . . . . . . . . . . . . 202 Windows event log does not work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202 Multiple processes are selected when you select a single process . . . . . . . . . . . . 203 PATROL Agent has DiscoveryStatus parameter in alarm . . . . . . . . . . . . . . . . . . 203 Mount point monitoring and logical disk quotas does not work . . . . . . . . . . . . 203 PATROL KM for Event Management problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204 Too many e-mail alerts are being generated . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204 Parameters settings lost after agent restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205 PATROL KM for Event Management not working as expected . . . . . . . . . . . . . 206 AS_AVAILABILITY application not displayed . . . . . . . . . . . . . . . . . . . . . . . . . . . 206 Problems with all other KMs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207 Cannot add performance monitor counters with alarm ranges less than 1 . . . . 207 AdPerfCollector parameter display error message . . . . . . . . . . . . . . . . . . . . . . . . 208 Recovery action problems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209 Recovery actions do not execute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209 Even though I select Do not ask me again PATROL prompts before running recovery action . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209 Gathering diagnostic information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210 Locations where you can find diagnostic information . . . . . . . . . . . . . . . . . . . . . 210 Installation logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210 Determining PATROL KM version number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
Chapter 6
199
200
PATROL Generates Event 560 and 562 in the Windows security event log
PATROL generates the following events in the Windows security event log:
s s
Explanation PATROL generates these events during normal data collection if success auditing is enabled for object access.
Explanation
These parameters cannot be Deselect the option to notify PATROL immediately when an event that automatically acknowledged. matches the filter occurs. You cannot use the auto-acknowledge feature if the event filter is configured to notify immediately. For more information about this setting, see Configuring Windows events monitoring on page 103.
Chapter 6
201
Explanation The PATROL Agent does not detect the new performance objects.
202
EXAMPLE
If you select the ABC process, 123ABCxyz, ABC2, 2ABC, and any other process with a name that contains ABC are also selected.
Explanation Multiple process are selected even if you select only one process.
Solution If you want the product to add all the processes for monitoring, for which you have the name of the process selected, select the Process(es) using a regular expression for monitoring check box. If you do not select this check box, the product only adds the process instances for monitoring.
Mount point monitoring and logical disk quotas does not work
The PATROL Agent default account must be in the local or domain Admins group. In case, the mount drive has security restriction, you must provide an explicit access right to the Agent account for monitoring.
Chapter 6
203
The rule Set the rule /AS/EVENTSPRING/ALERT/arsAction to 0. /AS/EVENTSPRING/ALERT/a rsAction is set to 4. If the arsAction rule is set to 4 for all PATROL objects, notifications are sent for all events. Instead, you may want to disable notification for all PATROL objects, by setting /AS/EVENTSPRING/arsAction to 0 at the remote agent. Then, enable notification only for the desired applications, instances, or parameters. When you enable notification for a specific PATROL object, the following configuration variable is created: /AS/EVENTSPRING/ALERT/object/arsAction
204
The allowsendparamonly variable exists in Remove the allowsendparamonly variable.For %PATROL_HOME%\common\patrol.d\PATROL.conf instructions, see Removing the file and is set to true. allowsendparamonly variable. If this variable exists and is set to True, then state change events for applications and instances are not generated. This reduces network traffic, but it also prevents the PATROL KM for Event Management from detecting when parameters become active after an agent restart. Thus, the PATROL KM or Event Management threshold and poll time settings are not applied. etc/patrol.d/PATROL.conf does not exist. If Patrol.conf file doesn't exist then all the agent variables get set to TRUE. To resolve this problem, obtain a copy of the file Patrol.conf and remove the allowsendparamonly variable, if it exists, as described in Removing the allowsendparamonly variable. To obtain the Patrol.conf file, copy it from another computer or contact BMC Software Support.
Removing the allowsendparamonly variable 1 Move patrol.conf from %PATROL_HOME%\common\patrol.d to a secure location. 2 Using the PACFG (PATROL Agent Configuration) utility, specify that secured
location.
3 Using Notepad (with word wrap disabled) or Wordpad, open patrol.conf. 4 Underneath the [AGENT] stanza, remove the following line:
allowsendparamonly=true
Chapter 6
205
It does not send events. The NotifiedEvents parameter is offline. Errors are displayed in the console system output window Parameter thresholds are not applied.
Solution On Windows platforms, if the PATROL Agent is installed after the PATROL KM for Event Management, a PATROL KM for Event Management catalog file is overwritten. The PATROL KM for Event Management must be installed after the PATROL Agent for the PATROL KM for Event Management to function. If you are running PATROL KM for Event Management 2.5.x and you do not want to upgrade to version 2.6.00, you must ensure that you are using the correct event catalog file. For more information, see To Ensure the PATROL KM for Event Management 2.5x uses Correct Event Catalog File.
Explanation The PATROL KM for Event Management catalog file has been overwritten.
To Ensure the PATROL KM for Event Management 2.5x uses Correct Event Catalog File 1 Stop the PATROL Agent service. 2 Rename %PATROL_HOME%\lib\knowledge\StdEvents.ctg to
%PATROL_HOME%\lib\knowledge\StdEvents.ctg.bak
3 Rename %PATROL_HOME%\lib\knowledge\StdEvents.ctg.date_PID to
%PATROL_HOME%\lib\knowledge\StdEvents.ctg ensuring that the correct backup file that corresponds to the PATROL Agent installation is renamed.
Availability targets have Add availability targets. For more information, see the PATROL KM for Event not been added. Management User Guide. The AS_AVAILABILITY application class instantiates only when availability targets have been defined.
206
Cannot add performance monitor counters with alarm ranges less than 1
The PATROL Wizard for Performance Monitor and WMI does not allow decimal alarm ranges that are less than one, yet the Performance Monitor counters values are normally in this range.
Explanation This problem is due to a PATROL limitation. See the suggested solution. Solution To resolve this problem, you can manually multiply or divide the PerfMon counter to get appropriate values for display so that you can set appropriate alarm ranges. For more information, see Customizing performance monitor counters.
To customize performance counters 1 Use the PATROL Wizard for Performance Monitor and WMI to create parameters
for a Performance Monitor counter, as described in Creating performance monitor parameters on page 143.
Chapter 6
207
3 Edit the configuration variable value by adding, after the counter name, *multiplier,
where multiplier is the numerical value by which you want to multiply the reported value. For example, to multiple the reported value of the counter Active Threads by 100, add *100 to the variable, as shown: Active Threads*100. If you are monitoring multiple counters for the object, you can also multiple the other counters by a multiplier. For example: counter1*100,counter2,counter3*0.1
WARNING
When entering a multiplier that is less than 1, you must include a leading zero. For example, you must enter 0.1, and not .1.
The required Microsoft Follow the instructions in Microsoft Knowledge Base Article 266416 to dredge Performance Counters are not the performance counters from the registry and make them available in WMI. available in WMI.
208
Even though I select Do not ask me again PATROL prompts before running recovery action
Even though you select the option Do not ask me again, PATROL prompts you again before running a recovery action. For example, you configure the recovery action that terminates a runaway process and specify that the recovery action runs only with operator confirmation. When the recovery action is triggered, PATROL prompts you whether to terminate the process. You enable the recovery action and select the option Do not ask me again. The next time that the process is triggered to be terminated, it runs with a different PID and, therefore, PATROL prompts you again before terminating the process.
Explanation The process runs with a different PID (process identification) number and appears to PATROL as a different process. Solution This is a known issue. As a workaround, you can configure the recovery action to run automatically instead of with operator confirmation. For more information about configuring recovery actions, see Configuring recovery actions on page 128.
Chapter 6
209
System Output See the documentation for your PATROL The system output window contains messages Window console. relating to the operation of KMs, including error messages. PATROL From the PATROL console, right-click Event Manager the host and select Event Manager. The PATROL Event Manager shows all of the PATROL related events for the host. You can check here to determine if NOTIFY_EVENTS are being generated. PATROL Diags provides a variety of information about your environment that support requires.
PATROL Diags
From the PATROL console, load KM PSX_APPLICATION_DEBUG and right-click Application Trace icon => KM Commands => Create Diagnostic Report
Installation logs
One log file is created each time the installer is run. The name of the log file is a combination of the computer name and a time stamp. The log file is located in the %USERPROFILE%\Application Data\BMCINSTALL\ directory. For example, a log file for user bhunter on a Windows Server computer BHUNT_1 could be:
C:\WINNT\Profiles\bhunter\Application Data\BMCinstall\BHUNT_1-1005340189.log.
210
To determine the PATROL KM version 1 From the PATROL console, access the top-level KM application. 2 Right-click the application and select the menu command InfoBox and described in
Accessing KM commands and InfoBoxes on page 214. The PATROL KM version is displayed next to KM Version.
Chapter 6
211
212
Appendix
BMC Software offers several PATROL consoles from which you can view a PATROL Knowledge Module (KM). Because of the different environments in which these consoles run, each one uses a different method to display and access information in the KM. This appendix provides instructions for accessing the KM menu commands, InfoBoxes, and online Help on each of the PATROL consoles. See the PATROL for Windows Servers online Help for more detailed information about navigation in the PATROL Consoles. Accessing KM commands and InfoBoxes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214 Accessing online Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
Appendix A
213
In the navigation pane, right-click a In the navigation pane, right-click a PATROL object and choose managed system or application InfoBox from the pop-up menu. icon and choose Knowledge Module Commands from the pop-up menu. In the tree view area, right-click an In the tree view area, right-click a PATROL object and choose application icon and choose Infobox from the pop-up menu. Knowledge Module Commands from the pop-up menu.
214
NOTE
If you are trying to access Help from a UNIX console, see the PATROL Installation Reference Manual for specific instructions about installing and setting up a browser in the UNIX environment.
Table 47
Console
Right-click a parameter icon and choose Help On from the pop-up menu. Double-click a parameter icon; click the ? icon or Help button in the parameter display window. Double-click a parameter in the KM tab of the console; from the properties dialog box, click the Help tab; then click Show Help.
From the console menu bar, choose Help On => Knowledge Modules.
Choose Attributes => Application Classes and double-click the application name. Click Show Help in the Application Definition dialog box. In the Operator tab of the navigation pane, select an application icon and press F1.
From the console menu bar, choose Help => Help Topics. In the Contents tab, click the name of your product.
In the Operator tab of the navigation pane, select a parameter icon and press F1.
In the upper right corner of In the tree view, right-click In the tree view, right-click an application class and a parameter and choose PATROL Central, click Help. Help and choose PATROL choose Help. KM Help.
Appendix A
215
NOTE
In PATROL Central Operator Microsoft Windows Edition on a Microsoft Windows Vista operating system, the online Help does not work. The Windows Help program (WinHlp32.exe) is used to display 32-bit Help files that have the .hlp extension. Microsoft did not include the WinHlp32.exe program with Microsoft Windows Vista. Workaround: To view the online Help on Windows Vista, you must download the WinHlp32.exe program from the following Microsoft Windows support website and install it onto your computer: http://go.microsoft.com/fwlink/?LinkID=82148
216
Appendix
The variables described in this appendix are PATROL for Windows Servers agent configuration variables that are set in the PATROL Agent. To view these variables, use the PATROL Configuration Manager or the wpconfig utility. Information about using PATROL Configuration Manager is included in this appendix. This appendix also describes the PATROL Configuration Manager rulesets that are provided for PATROL for Microsoft Windows Servers.
WARNING
Changing any of these agent configuration variables can prevent some functions from working properly and can affect your entire installation. Before you change a variable, make a record of the original setting.
Managing configuration variables. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL for Windows Servers configuration variables . . . . . . . . . . . . . . . . . . . . . . . PATROL KM for Microsoft Windows OS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL KM for Microsoft Windows Domain Services . . . . . . . . . . . . . . . . . . . . PATROL KM for Microsoft Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL KM for Microsoft Cluster Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL KM for Microsoft Windows Message Queue. . . . . . . . . . . . . . . . . . . . . PATROL KM for Microsoft COM+. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL Wizard for Microsoft Performance Monitor and WMI. . . . . . . . . . . . . PATROL for Microsoft Windows Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL for Microsoft Windows Servers rulesets . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL KM for Event Management required . . . . . . . . . . . . . . . . . . . . . . . . . . . Using PATROL Configuration Manager to apply rulesets . . . . . . . . . . . . . . . . . . Server roles with predefined rulesets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ruleset reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using PATROL Configuration Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using PCM to apply configurations changes to other agents. . . . . . . . . . . . . . . . Manually creating or changing configuration variables . . . . . . . . . . . . . . . . . . . .
218 218 218 241 244 248 253 254 255 256 257 257 257 258 260 269 269 270
Appendix B
217
NOTE
For information about the PATROL KM for Event Management agent configuration variables, see the PATROL KM for Event Management User Guide.
218
Table 48
Migrate37
specifies whether the KM migrates the configurations from the registry at every discovery cycle the alarm threshold used when automatic monitoring is enabled the length of time that a process can exceed the AlarmThreshold before the KM automatically monitors the process
0, 1
NA
CollectionCount
the number of processes that the KM integer greater collects performance data for at one than 0 time specifies whether the KM automatically creates instances for the PATROL group Note: You must also remove the instances from the list of monitored instances using the Configure Manual Process Monitoring => Remove Processes menu command.
s s
DisablePatrolGroup
DisablePatrolRestart
specifies whether the PATROL agent 0, 1 restarts if it exceeds the processor% threshold
s s
empty
StatusNumberofProcessesToDisplay specifies how many processes the KM displays in the View Process Status dialog box StatusSortKey StatusSelectedColumns/list the column that is used for sorting the View Process Status dialog box
All
NA comma-separated list of columns the User%,Memory KM displays in the View Process Usage,VM Status dialog box size,Page Faults/sec,Handle s,Threads,Argume nts
Appendix B
219
Table 48
/ProcessMonitoring/ProcessConfigurationList/instance
TimeLimitForKillRunAwayProcess
empty
list of the groups to which the process belongs list of arguments for the configured process specifies whether the process is a user-defined process Contains the display name of the process instance Contains the user name or regular expression for the acceptable owners Contains the comma-separated values of minimum and maximum threshold count for a process instance
NA NA Yes
220
Table 48
Default
The second property indicates Valid values are: whether to display the annotation for the PROCOwnerCheck parameter. s 0: annotation on s 1: annotation off
Appendix B
221
Table 48
Default empty
DisableAnnotation
DisableServiceRestart
DisableServiceMonitoring
MonitorManualServices
0 = disabled, manual services are not monitored 1 = enabled, manual services are monitored NULL
removedServiceList
contains a list of services that have been removed by the PATROL user Note: The default value NULL indicates that no services are removed.
222
Table 48
Appendix B
223
Table 48
/ServiceMonitoring/ServiceList/service name
224
Table 48
Alarm
Default NA
AutoRestart
IgnoreAutoResetConfig
specifies whether the global auto reset feature applies to this service This variable can be set only through PATROL Configuration Manager.
Monitor
specifies whether to monitor the service By default, only automatic and running manual services are monitored.
MonitorProcess
specifies whether the process associated with the service is monitored specifies whether the KM runs the command specified by the NotRespondCmd variable
0 = no 1 = yes 0 = no 1 = yes 0
MonitorNotRespond
s s
NotRespondCmd
the path to an executable that the KM path to an runs if the variable executable MonitorNotRespond has a value of 1 specifies whether the AutoRestart variable for the monitored service overrides the global DisableServiceRestart variable You can set this variable only by using PATROL Configuration Manager. Valid values are:
s s
NA
OverrideGlobalServiceRestart
NA
OverrideGlobalServiceMonitoring
specifies whether the MonitorProcess Valid values are: variable for the monitored service overrides the global s 0 = do not DisableServiceMonitoring variable override s 1 = override You can set this variable only by using PATROL Configuration Manager.
NA
WarningAlarm
0 specifies whether the service triggers Valid values are: a warning instead of an alarm Appendix B Agent configuration variables and rulesets s 0 = alarm s 1 = warning
225
Table 48
226
Table 48
IncludeAll
specifies whether all event logs are discovered or only those configured to be monitored
OverrideParameterAutoActivate
Valid values are: 0 specifies whether to automatically activate and automatically inactivate event log parameters based on the s 0 = use auto current configuration configure s 1 = do not use You can also use this variable to auto configure inactivate or activate other parameters. For example, you could use the following variable to inactivate the NT_HEALTH parameters: .../HealthMonitoring/OverridePara meterAutoActivate
OverrideParameterFileFreeSpacePct specifies whether the parameter AutoActivate ELMEvFileFreeSpacePercent automatically activates and inactivates based on the current configuration This variables applies to all event logs. You can also apply this variable to specific event logs. UseCheckPoint
specifies whether the event log uses a Valid values are: checkpoint value to guarantee that no events are missed if the PATROL s 0 = do not use Agent is not running or the KM is not s 1 = use loaded for a period of time This is a global setting that can be overridden by individual event log configurations.
MaxResourceIdleRetainPeriod
the maximum amount of time, since last accessed, that an event description resource DLL is held in cache list of event logs that are monitored Appendix B
greater than 0
300 seconds
InclusionList/list
NA 227
Table 48
Default NA 0
TogglePEMOriginData
Valid values are: determines whether the event is displayed in the event log name format or the detailed format in PEM s 0 = event log (PATROL Event Manager) name format s 1 = detailed format specifies whether all occurring events are sent to PEM (PATROL Event Manager) Valid values are:
s s
ForwardFilteredNTEventstoPEM
Valid values are: specifies whether all events that match the configured event filters for the event log are sent to PEM s 0 = do not (PATROL Event Manager) send s 1 = send specifies whether the default behavior to automatically create the Summary instance is overridden Valid values are:
s
OverrideSummaryAutoCreate
OverrideParameterFileFreeSpacePct specifies whether the parameter AutoActivate ELMEvFileFreeSpacePercent automatically activates and inactivates based on the current configuration This variable applies to a specific event log. You can also apply this variable globally to all event logs.
228
Table 48
CheckPoint EventFilters/child_list
0 Summar y 1
CreateInstance
Valid values are: 1 specifies whether an application instance is created for the event filter s 0 = not created An application instance is not s 1 = created required to collect data. However, if an instance is not created, the only way to retrieve the data collected by the event filter is too subscribe to the event filter data. allows the parent application instance of an event filter to be changed. If this value is set, the event filter instance is created with the specified parent instance. path to valid PATROL application instance NA
ParentInstance
AcknowledgeBy
specifies how the event filter is acknowledged If the value of this variable is the name of another event filter, the event filter is automatically acknowledged when the referenced event filter criteria is satisfied.
automatic
Annotation
specifies whether the parameter data Valid values are: point is annotated with event text s 0 = do not annotate s 1 = annotate
Appendix B
229
Table 48
Default 0
ConsolidationNumber
number of events that occur within a integer less than specified time and are reported as 35791394 one event the time period in which events must integer less than occur to satisfy the consolidation 35791394 criteria specifies whether event descriptions are reported by means of a text parameter Valid values are:
s s
ConsolidationTime
EventReport
0 = do not report 1 = report For security event log: 25 All other event logs: 1
EventType
specifies the type of events that are filtered 1 = Error 2 = Warning 4 = Information 8 = AuditSuccess 16 = AuditFailure 32= OtherType A valid value is any summation of these types. For example, to monitor both Warning and AuditFailure events, use a value of 18 (2 +16).
FilterDescription
no restrictions
NA
230
Table 48
CategoryList/list
a list of event categories that are included or excluded from monitoring, depending on the value of the variable IncludeAllCategories specifies whether all event IDs are monitored If all event IDs are monitored (1), then the EventIdList variable represents an exclusion list. Otherwise, it represents an inclusion list.
NA
IncludeAllEventIds
EventIdList/list
a list of event categories that are included or excluded from monitoring, depending on the value of the variable IncludeAllEventIds specifies whether all sources are monitored If all sources are monitored (1), then the SourceList variable represents an exclusion list. Otherwise, it represents an inclusion list.
NA
IncludeAllSources
SourceList/list
a list of sources that are included or excluded from monitoring, depending on the value of the variable IncludeAllSources specifies whether all text strings are monitored If all text strings are monitored (1), then the StringList variable represents an exclusion list. Otherwise, it represents an inclusion list.
NA
IncludeAllStrings
Appendix B
231
Table 48
IncludeAllUsers
UserList/list
a list of users that are included or excluded from monitoring, depending on the value of the variable IncludeAllUsers specifies whether event descriptions are stored in the PATROL Agent namespace for retrieval
NA
RetainEventDescriptions
Scheduling
MaxRecords
the maximum number of records that greater than 0 are held in psx_server.xpc memory for the filter
232
Table 48
specifies the label that the KM places label for filter under the filter instance Note: You must manually enter this variable; the KM does not create it. Setting this variable does not change the instance name/namespace. This variable is read only at initial filter creation or parent instance change.
FilterDisableCase
specifies whether the filter comparisons are made in a caseindependent manner This variable has five bit values, depending upon case sensitivity, one bit corresponding to each of Source, User, Category, String, and Computer name, respectively. If any bit value is 1, a case-independent filter comparison is made for the corresponding field.
0000
00000 = none checked (default) 11111 = all 5 categories checked a combination of 0s and 1s, depending on which of the 5 categories were checked
Appendix B
233
Table 48
/EventLogMonitoring/event log/EventFilters/filterName lists the computers that are included list of computers for monitoring or the computers that are excluded from monitoring, depending on the value of the IncludeAllCompList variable indicates whether all computers are monitored Valid values are:
s
IncludeAllCompList
0 = none of the computers are monitored by default, and the ComputerNa mesList variable is an inclusion list 1 = all of the computers are monitored, and the ComputerNa mesList variable is an exclusion list 1 empty
/EventLogMonitoring/eventlog/Subscribers/subscriber Enabled Filter specifies whether the subscriber (subscription) is enabled specifies the name of the filter that notifies the subscriber when monitored events are detected specifies the function that the Subscriber calls when notified of events specifies the location of the library that contains the function that the Subscriber calls 0, 1 filter name
Function
function name
empty
Library
library name
empty
/EventLogMonitoring/_TUNING_/
234
Table 48
EventForwardingRetries
specifies the number of times the KM number that is attempts to send an event calculated using valid values: 2 <= x <= 10 specifies the timeout configuration that is passed to the PEM API number that is calculated using valid values: 5000 <= x <= 1800000 number > 0
EventForwardingTimeout
30000
MaxFilterRecords
specifies the maximum number of records that the KM holds in XPC (psx_server.xpc) memory for any filter specifies whether the KM obtains account names from the SID whether job object parameters are automatically activated or inactivated based on the current configuration
3010
0, 1
ManualAcknowledge
MonitorProcess
IncludeAll
whether all job objects are discovered Valid values are: or only the job objects specifically configured to be monitored s 0 = only configured objects s 1 = all the job objects that are monitored list of job objects the job objects that are excluded from list of job objects monitoring Appendix B
InclusionList/list ExclusionList/list
NA NA
235
Table 48
AnnotateProcStatus
0 = no 1 = yes 1
DestroyAcknowledgeProcess
0 = no 1 = yes 1
/ProcessorMonitoring/ AnnotateTopProcs Valid values are: specifies whether the parameter NT_CPU/CPUprcrProcessorTimePe rcent for the _Total instance is s 0 = no annotated with the top N CPUs 1 = yes consuming processes integer greater number of top processes to include than 0 when annotating the NT_CPU/CPUprcrProcessorTimePe rcent parameter Valid values are: specifies whether annotations are enabled or disabled for the NT_CPU (icon labled Processor) application s 0 or blank = parameters enabled s 1 = disabled the processors that are excluded from list of processors monitoring specifies whether all processors are monitored (except for the ones specifically excluded) the processors that are monitored This variable is ignored unless the /ProcessorMonitoring/IncludeAll variable is set to 0. CPUprcrStatus /PagefileMonitoring/ the last count of the processors that are monitored integer 0 Valid values are:
s s
AnnotateProcCount
10
DisableAnnotation
ExclusionList/list IncludeAll
NA 1
0 = no 1 = yes NA
InclusionList/list
list of processors
236
Table 48
Default 1
0 = no 1 = yes NA
InclusionList/list
the pagefiles that are monitored This variable is ignored unless the /PagefileMonitoring/IncludeAll variable is set to 0.
list of pagefiles
the pagefiles that are excluded from monitoring whether all network interfaces (less those excluded) are monitored
list of pagefiles
NA
0 = no 1 = yes NA
InclusionList/list
the network interfaces that are monitored This variable is ignored unless the /NetworkInterfaceMonitoring/Inclu deAll variable is set to 0.
NA
the physical disks that are monitored list of device numbers the physical disks that are excluded from monitoring whether all physical disks are discovered list of device numbers Valid values are:
s s
NA NA 1
MaxReloadCounters
specifies the maximum number of times that the KM can issue the %RELOAD_COUNTERS command
integer > 0
RemovedPDList
stores the physical disk instances that list of deleted instances have been removed under the NT_PHYSICAL_DISKS_CONTAINE R application class whether the NT_FTP KM is activated Valid values are:
s s
/NetworkProtocolMonitoring/ FTP/Active 1
0 = no 1 = yes
Appendix B
237
Table 48
Default 1
0 = no 1 = yes 1
IP/Active
0 = no 1 = yes 1
IPX/Active
0 = no 1 = yes 1
NETBEUI/Active
0 = no 1 = yes 1
NETBIOS/Active
0 = no 1 = yes 1
TCP/Active
specifies whether the NT_TCP KM is Valid values are: activated s 0 = no s 1 = yes specifies whether the NT_UDP KM is Valid values are: activated s 0 = no s 1 = yes the logical disks that are monitored
UDP/Active
238
Table 48
MaxReloadCounters
specifies the maximum number of times that the KM can issue the %RELOAD_COUNTERS command
integer > 0
DeletedLDList NonAggregateParamValue
stores a list of the deleted logical disk list of logical disk instances instances changes the values generated by the following parameters:
s s s
1 = values shown for a particular drive instance do not consider the mount drives 0 = value shown is an aggregate of a particular drive instance and all of its mount drives
/RegistryMonitoring/ InclusionList/list AnnotateValueChange list of registry keys that are monitored whether the RegValueChanged parameter is annotated list of registry keys NA Valid values are:
s s
0 = no 1 = yes NA
/PrinterMonitoring/ DisableAnnotation specifies whether annotations are enabled (0 or blank) or disabled (1) for the NT_PRINTER application parameters the printers that are monitored the printers that are excluded from monitoring Valid values are:
s s
InclusionList/list ExclusionList/list
Appendix B
239
Table 48
Default 1
0 = no 1 = yes 0
TestConnectivity
0 = no 1 = yes 30 80
/HealthMonitoring/ ProcessorContentionThreshold MemoryContentionThreshold OverrideParameterAutoActivate threshold for resource contention threshold for memory contention 0 to 100 0 to 100
Valid values are: 0 whether the WMIAvailability parameter is automatically activated or inactivated based on the current s 0 = auto configuration on Windows NT 4 configure s 1 = do not auto configure Valid values are: 0 whether the Win32_WMISetting.HighThreshold OnEvents property is auto-corrected s 0 = auto using the HighThresholdOnEvents correct configuration variable s 1 = do not auto correct minimum required value for the WIN32_WMISetting allows you to configure the KM by using three options. The KM looks for a crash dump file as well as the event (ID 6008). greater than 0 2000000
OverrideAutoConfigUpdate
1 = Event (ID 6008) only monitors the event id, 6008. 2 = Crash Dump only monitors the crash, Dump. 3 = Default monitors crash dump or event as per registry configuration.
240
Table 48
NT_EVENTLOG.OSdefaultAccount allows you to provide a valid user name and password for the PATROL Agent default account. The KM functions without specifying the PATROL Agent default account. Except for the Windows event log KM, the PATROL KM for Microsoft Windows works with a blank user name and password for the PATROL Agent default account. When you enter a blank user name and password for the PATROL Agent default account, XPC (psx_server.xpc) runs under the local system account. The Windows event log KM requires a valid user name and password to connect to the PATROL Agent using PEMAPI.
ServerIPAddress
text string
ServerPortNumber TCPorUDP
Appendix B
241
Table 49
ServerIPAddress
text string
text string 1 = TCP 0 = UDP 0 = no 1 = yes 0 = no 1 = yes 0 = no 1 = yes 0 = no 1 = yes 0 = no 1 = yes 0 = no 1 = yes
raises a PATROL event when a DHCP Scope is added raises a PATROL event when a DHCP Scope is removed raises a PATROL event when the DHCP database is backed up raises a PATROL event when a new master browser is elected raises a PATROL event when a member server is added to the domain raises a PATROL event when a member server is removed from the domain
0 0 0
0 0
MBRDEL
raises a PATROL event when a BDC 0 = no server is added to the domain 1 = yes raises a PATROL event when a BDC 0 = no server is removed from the domain 1 = yes raises a PATROL event when a 0 = no DHCP server is added to the domain 1 = yes raises a PATROL event when a DHCP server is removed from the domain 0 = no 1 = yes
0 0 0 0
WINSADD WINSDEL
raises a PATROL event when a 0 = no WINS server is added to the domain 1 = yes raises a PATROL event when a WINS server is removed from the domain 0 = no 1 = yes
0 0
/DomainKM/Server/ 242 BMC PATROL for Microsoft Windows Servers Getting Started
Table 49
string
NA
/DomainKM/Shares/ MaxShares the maximum number of shares that string can be discovered by NT_SHARES Note: Increasing this value above 300 may affect PATROL Agent performance. ShareExcludeList comma-separated list of shared directories that should not be discovered by NT_SHARES comma-separated list of trust relationships that should not be discovered by NT_TRUST maximum number of user accounts that can be discovered by NT_USERS Note: Increasing this value above 300 may affect PATROL Agent performance. UserExcludeList comma-separated list of user accounts that should not be discovered by NT_USERS string NA string NA 300
Appendix B
243
minimum percentage of size for the number > 0 < 100 20 (percentage) percent Active Directory database if the database and log files reside on separate logical drives This value is used by the AdDiskSpaceAvailable parameter.
DbRequiredSpace
minimum amount of free space required in kilobytes for the logical drive that holds the database file enables/disables parameter annotation. By default annotation is enabled. To disable annotation for all PATROL KM for Active Directory parameters, add this variable to pconfig and set the value to 1. controls the creation of the old format (1.5.x) Active Directory event filters
500000 kilobytes 0
DisableAnnotations
DisableEventConfig
s s
DisableObsoleteEventFilters
s s
number of hours 12 hours DomainNamingMasterConnStatus interval for checking LDAP greater than 0 Sched connectivity to the domain controller that is the FSMO Domain Naming Master EnableRA determines whether the KM executes the Restart File Replication Service recovery action that is associated with the AdFrsSidResolution parameter determines the Active Directory object types that the KM monitors for replication collisions
s s
IncludedCNFObjectTypes
244
Table 50
LdapGcConnStatusSched
number of 3600 seconds between seconds collections (1 hour) percentage > 0 but < 100 20 percent
LogRequiredPercent
LogRequiredSpace
minimum amount of space required number of in kilobytes for the Active Directory kilobytes > 0 log files if the log files and the database reside on the same logical drive This value is used by the AdDiskSpaceAvailable parameter
200000 kilobytes
PDCEmulatorConnStatusSched
interval for checking LDAP connectivity to the domain controller that is the FSMO PDC Emulator
number of hours 1 hour RelativeIDMasterConnStatusSched interval for checking LDAP greater than 0 connectivity to the domain controller that is the FSMO Relative ID Master ReplMonConfigNC determines whether configuration naming context replication monitoring is enabled determines whether domain naming context replication monitoring is enabled interval for checking LDAP connectivity to the domain controller that is the FSMO Schema Master
s s
ReplMonDomainNC
s s
SchemaMasterConnStatusSched
Appendix B
245
Table 50
Default 0
enables you to include the AlarmPoint annotation text in the alert message of the AdReplicationCollector parameter
/ActiveDirectory/Configuration/fully-qualified-server-name_ PingTimeout provides a way to configure (on a per-server basis) the timeout that is used when a server is pinged for availability - servers that are connected through a slower link may need this value increased time out in milliseconds 5,000
PingCount
number of pings 3 provides a way to configure (on a greater than 0 per-server basis) the number of times that a server is pinged to test its availability - servers that are connected through a slower link may need this value increased (a server is considered available if any one ping is successful) indicates whether the KM overrides the check point enabling for the FRS event log This value is used by the AdFrsRpcConnectivity parameter.
s s
MaxWaitTime
number > 0 indicates the maximum amount of time the KM waits in seconds for a 13509 FRS event to occur after a 13508 FRS occurs before considering the 13508 FRS event an issue This value is used by the AdFrsRpcConnectivity parameter
14400 seconds
Do not manually change the values of the following variables. These variables contain state information that is used internally by the product. If you change these variables manually, the product cannot operate correctly. /ActiveDirectory/AgentSiteInfo
246
Table 50
prevDCSiteName
contains the name of the last known Do not manually change the site where the domain controller value of this variable. resided contains information that specifies a ConfigNC DomainNC configuration naming context or a domain naming context, for example, /ActiveDirectory/ReplConfig/Con figNCwaternoose.monsters.inc/first NonResponse contains the UTC time when the KM Do not manually change the determined that the replication source value of this variable. was non-responsive contains the UTC time when the replication source last updated its replication object Do not manually change the value of this variable.
firstNonResponse
lastChangeTime
origChangeTime
contains the UTC time when the KM Do not manually change the determined that the replication source value of this variable. might have failed to replicate contains the last known version of an object; the KM uses this information to determine whether or not a change was replicated Specifies a comma separated list of the remote hosts that have been added for monitoring Specifies the protocol (HTTP or Valid values are: HTTPS) that is used for remote host s 1: HTTP connection s 2: HTTPS Specifies the user account which is used to connect to the remote host Specifies the shared credential, if it has been used for remote host connection Specifies a comma separated list of the profiles (shared credentials) Do not manually change the value of this variable.
prevObjectVersion
/REMOTE/HOSTS/ hosts
userAccount accountProfile
Appendix B
247
Table 50
userAccount
ClaInsideCluster DisableServiceAutoRestart
1 0
indicates whether the McsService is 0, 1 automatically started and stopped by the KM indicates whether the MCS_Clusters parameters, McsGwConAvailable, McsGatewayStatus, and McsServiceStatus, are automatically activated and inactivated by the KM 0, 1
DisableParmOverrides
PingIpTimeout
specifies the amount of time the KM integer > 0 waits before timing out when pinging an IP resource integer > 0 but specifies the amount of time in =< 300 seconds that the McsServiceStatus parameter waits for the McsService to start before generating an alarm
5000
ServiceCollWaitTime
60
248
Table 51
The annotation mode is set through the PATROL Admin => Configure Annotation Mode menu command. clusterInstance_CluDBBackupPath stores backup path for the Cluster database. The path is not set by default, and therefore the BackupClusterDatabase parameter is offline. The path is set through the Quorum Admin (MCS_Quorum) => Set Backup Path menu command. list of file clusterInstance_FileShareExclusion stores excluded file shares. If a file List share has been excluded, then it will shares not be monitored by the FileShareUnAvailable parameter. Excluded file shares are displayed in the Desktop tree and data is collected from them by the ResourceStatus parameter. You can exclude file shares through the PATROL Admin (MCS_Groups) => Maintain Exclusion List => Exclude File Shares menu command. clusterInstance_IPExclusionList stores excluded IP addresses If an IP address has been excluded, then it will not be monitored by the CheckIPResourceColl parameter. Excluded IP addresses are displayed in the Desktop tree and data is collected from them by the ResourceStatus parameter. You can exclude IP addresses through the PATROL Admin (MCS_Groups) => Maintain Exclusion List => Exclude IP Address menu command. list of IP addresses NA directory path NA
NA
Appendix B
249
Table 51
clusterInstance_ResourceExclusion stores excluded resources. If a List resource has been excluded, then the resource is not monitored and an instance is not created. You can exclude resources through the PATROL Admin (MCS_Groups) => Maintain Exclusion List => Exclude Resources menu command. clusterInstance_UpTimeBaseLine stores the start date and time for the ClusterAvailability parameter. You can set the start date and time through the PATROL Admin (MCS_Cluster) => Set Available Start Date menu command.
time in seconds NA
clusterName_NetworkNameForFileS determine whether a network name hares has been designated for the file share resources of the cluster. If a name has been entered in the /MCS/clusterName_NetworkNameFor FileShares variable, the KM attempts to map the file shares using that network name. The FileShareUnAvailable parameter has been modified to read this pconfig variable. You can provide the network name for the file shares through the PATROL Admin (MCS_Group) => Assign Network Name menu command. Enter the network name in the dialog box. The network name is stored in the variable, /MCS/clusterName_NetworkNameFor FileShares.
s s
the name of a network null (the KM maps the file share resources to a default network)
250
Table 51
hostName_LogMonKeyAlarm
stores keywords that the KM searches list of for in the cluster log file. If any of the keywords keywords are found, the ClusterLogFileError parameter sends an alarm. Define the keywords through the PATROL Admin (MCS_Nodes) => Maintain Keywords menu command. By default, no keywords are defined, and the parameter is offline.
NA
hostName_LogMonKeyDate
time in seconds NA stores the date from which the KM searches for defined keywords in the cluster log file. If any of the keywords are found, the ClusterLogFileError parameter sends an alarm or warning. Define the date and keywords through the PATROL Admin (MCS_Nodes) => Maintain Keywords menu command. By default, no date or keywords are defined, and the parameter is offline.
Appendix B
251
Table 51
MenuCmdROMode
NA
MonitoredClusterList
NA
UptimeCollWaitTime
300
252
ScheduledServers
/MQ_QUEUES/ JournalMsgCountThreshold JournalMsgSizeThreshold QueueMsgCountThreshold QueueMsgSizeThreshold the number of messages currently in 0-999999 the queue the number of kilobytes used by all messages in the queue the number of messages in the journal queue the size in kilobytes of all messages in the journal queue 0-2000000 0-999999 0-2000000 450000 1600000 450000 1600000
Appendix B
253
254
/Perfmon/NT_PERFMON_WIZARD/object/counter AlarmMax AlarmMin WarnMax WarnMin /Perfmon/NT_WMI/ Parameters ConnectAs32Bit comma-separated list of NT_WMI parameters allows you to connect a 64-bit Windows environment to a 32-bit WMI provider. By default, this pconfig variable is not present at the time of installation. You need to manually add the /Perfmon/NT_WMI /ConnectAs32Bit pconfig variable and set it to a value of 1. /Perfmon/NT_WMI/name comma separated list NA the upper-level alarm threshold for a any integer specific counter instance the lower-level alarm threshold for a any integer specific counter instance the upper-level warning threshold for a specific counter instance the lower-level warning threshold for a specific counter instance any integer any integer NA NA NA NA
Appendix B
255
Table 54
the upper-level alarm threshold for a any integer specific NT_WMI parameter the lower-level alarm threshold for a any integer specific NT_WMI parameter the upper-level warning threshold for a specific NT_WMI parameter the lower-level warning threshold for a specific NT_WMI parameter any integer any integer
/RecoveryActions/application class/instance/parameter/ text description NA NA NA Help topic ID associated with the recovery integer action. This variable is used internally. The mode under which the recovery action 1, 2, 3 runs:
s s s
Run automatically (1) Run only with operator confirmation (2) Do not execute (3)
For more information about these modes, see Configuring built-in native recovery actions on page 130. Suspend whether to temporarily pause the recovery 0 = no action 1 = yes the amount of time PATROL waits for confirmation to run the recovery action. If you do not provide confirmation within the allotted time, PATROL does not run the recovery action. number of seconds NA
Wait
NA
256
preloaded KMs services whose process monitoring is enabled processes that are monitored Windows events that are monitored additional Windows Performance Monitor counters that are monitored (added as parameters beneath the NT_PERFMON_WIZARD application class)
NOTE
PATROL automatically monitors services whose startup property is automatic. However, PATROL monitors only whether the service is available. When process monitoring is enabled for the service, PATROL also monitors how much memory and CPU a service executable consumes. In the ruleset descriptions in this chapter, the services whose process monitoring is enabled are noted.
Appendix B
257
For more information about applying rulesets, see Using PATROL Configuration Manager on page 269. For more information about the PATROL Configuration Manager, see the PATROL Configuration Manager User Guide.
To edit SMS rulesets before applying 1 In a text editor, open the files Primary_Site_Role.cfg and Site_Role.cfg. 2 Replace all occurrences of %SITECODE% with the uppercase 3-character SMS site
code.
For SMS 2.x Servers cimv2\\sms For SMS 2003 Servers sms
Rulesets are provided for the server roles shown in Table 56. Figure 6 on page 260 shows these rulesets as they appear in the PATROL Configuration Manager interface. Table 56
Role File server ruleset Print server ruleset Application server ruleset
258
Table 56
Role
Remote access/VPN PRU_RasVpnServer.cfg server ruleset DNS server ruleset Streaming media server ruleset PRU_DNSServer.cfg PRU_MediaServer.cfg
Appendix B
259
Figure 6
Ruleset reference
The following section describes the ruleset configuration settings. The rulesets define monitoring that is enabled beyond what is enabled by default in the KM. The configuration variables (rules) for each type of ruleset are stored in the agent configuration database in the location shown in Table 57. For more information about the specific configuration variables associated with each type of configuration setting, see the page referenced in Table 57. Table 57 Configuration variable locations (Part 1 of 2)
Location of configuration variable(s) (rules) \AgentSetup\preloadedKMs See also NA
.
260
Table 57
Configuration setting Processes monitored Windows events monitored Additional Windows PerfMon counters or WMI objects monitored
NT NT_OS NT_CACHE NT_CPU* NT_MEMORY NT_PAGEFILE* NT_SYSTEM NT_LOGICAL_DISK* PATROL_NT NT_SERVICES* NT_PROCESS* NT_HEALTH
NOTE
An asterisk indicates that all KMs that start with the stem are included. For example, NT_CPU* indicates both NT_CPU and NT_CPU_CONTAINER.
Appendix B
261
Table 58
Services with Process Monitoring Enabled Processes Monitored Windows Events Monitored
s s s s s s s s s s s s s s s
World Wide Web Publishing Service (process monitoring enabled) IIS Admin Service Simple Mail Transport Protocol (SMTP) Service FTP Publishing Service Network News Transfer Protocol (NNTP) Service Distributed Transaction Coordinator COM+ System Application (process monitoring enabled) COM+ Event Service (process monitoring enabled) Remote Services (COM and RPC) inetinfo.exex Error events from .NET Runtime source (application event log) Error and warning events from ASP.NET (application event log) Active Server Pages Errors/Sec ASP.NET Requests Rejected ASP.NET Requests Queued ASP.NET Application Errors Unhandled During Execution/Sec ASP.NET Application Errors Total/Sec .NET CLR Data Sqlclient: Total # failed commands .NET CLR Exceptions # of Exceps Thrown/sec .NET CLR Jit Standard Jit Failures .NET CLR Loading Rate of Load Failures Web Service Current Blocked Async I/O Requests Web Service Locked Errors/sec Web Service Not Found Errors/sec
s s
Preloaded KMs (PRU_TerminalServe r.kml) Services with Process Monitoring Enabled Processes Monitored Windows Events Monitored Additional Perfmon Counters Monitored
NT_EV* NT_PERFMON* Terminal Services (process monitoring enabled) Terminal Services Session Directory (process monitoring enabled)
s s
None
s s s s s s s
Error and warning events from TermService (system event log) Error and warning events from TermServLicensing (system event log) Error and warning events from TermServDevices (system event log) Terminal Services Active Sessions Terminal Services Inactive Sessions Terminal Services Total Sessions System Processes
262
Preloaded KMs (PRU_RasVpnServer.kml) Services with Process Monitoring Enabled Processes Monitored Windows Events Monitored Additional Perfmon Counters Monitored
NT_EV* NT_PERFMON*
Remote Access Service (process monitoring enabled) None Error and warning events from Remote Access (system event log)
s s
Preloaded KMs (PRU_PrintServer.kml) Services with Process Monitoring Enabled Processes Monitored Windows Events Monitored Additional Perfmon Counters Monitored
NT_EV* NT_PRINT*
Spooler spoolsv.exe Error and warning events from Print source (system event log) None
Preloaded KMs (PRU_DomainServer.kml) Services with Process Monitoring Enabled Processes Monitored
s s
Appendix B
263
Table 62
Error and warning events from NT File Replication Service (file replication service event log) Error and warning events from source LSASERV (system event log) Error and warning events from source SAM (system event log) Error and warning events from source NetLogon (system event log) Error and warning events from source Windows Time (system event log) Error and warning events from source KDC (system event log) Error and warning events from source UserEnv (application event log) Error and warning events from DNS API (system event log)
None
s s s s s s
NT_DFS* NT_EV* NT_DOMAIN NT_MEMBER_SERVER NT_PHYSICAL_DISKS* Netlogon dmserver services.exe lsass.exe svchost.exe (with any argument) Error and Warning events from DfsSvc (system event log) Error and Warning events from NtFrs (file replication service event log)
Processes Monitored
s s s
None
NT_EV* NT_PERFMON* NntpSvc Pop3Svc (process monitoring enabled) RpcSs (process monitoring enabled) SMTPSVC (process monitoring enabled)
s s
None
264
Table 64
Error and warning events from Pop3Svc (application event log) Error and warning events from SMTPSvc (system event log) POP3 Service Messages delivered/sec POP3 Service Sockets in use SMTP NTFS Store Driver Messages in the queue directory SMTP Server Connection Errors/sec SMTP Server Outbound Connections Refused
s s
Preloaded KMs (PRU_DNSServer.kml) Additional Active Parameters Services with Process Monitoring Enabled Processes Monitored
s s
s s s s
Error and warning events from source DNS (DNS event log) Error and warning events from source DNS API (system event log) Error and warning events from source DNS Cache (system event log) DNS Caching memory DNS Dynamic Update Received/sec DNS Total Query Received/sec DNS Database Node Memory DNS Dynamic Update Written to Database/sec
s s
Preloaded KMs (PRU_WinsServer.kml) Additional Active Parameters Services with Process Monitoring Enabled
s s
None WINS
Appendix B
265
Table 66
Preloaded KMs (PRU_DhcpServer.kml) Additional Active Parameters Services with Process Monitoring Enabled Processes Monitored Windows Events Monitored Additional Perfmon Counters Monitored
s s
None DHCPServer None Error and Warning from DHCPServer (system event log) None
NT_EV* NT_PERFMON*
None
Services with Process Monitoring WMServer Enabled Processes Monitored Windows Events Monitored None Error and Warning from WMServer (Application Event log)
s s s s
Windows Media Services Current Streaming Players Windows Media Service Current Connected Players Windows Media Services Current Connection Queue Length Windows Media Services Current Stream Error Rate
266
MSSQLSERVER SMS Executive SMS Site Backup Services with Process Monitoring SMS Site Component Manager SMS SQL Monitor Enabled sitecomp.exe (with any argument) smsdbmon.exe (with any argument) smsexec.exe (with any argument) sqlservr.exe (with any argument) Error, warning, and information events from source SMS (application event log)
Appendix B
267
Table 69
SMS Discovery Data Manager Total DDRs Enqueued SMS Discovery Data Manager Total DDRs Processed SMS Discovery Data Manager DDRs Processed/minute SMS In-Memory Queues Total Objects Dequeued SMS In-Memory Queues Total Objects Enqueued SMS Inventory Data Loader Total MIFs Enqueued SMS Inventory Data Loadaer Total MIFs Processed SMS Inventory Data Loader MIFs Processed/minute SMS Software Inventory Processor Total SINVs Enqueued SMS Software Inventory Processor Total SINVs Processed SMS Software Inventory Processor SINVs Processed/minute SMS Standard Sender Average Bytes/sec SMS Standard Sender Sending Thread Count SMS Standard Sender Total Bytes Attempted SMS Status Messages Written to SMS Database SMS Status Messages Reported to Application Event Log SMS Status Messages Replicated at Normal Priority SMS Status Messages Replicated at Low Priority SMS Status Messages Replicated at High Priority SMS Status Messages Received SMS Status Messages Processed/sec SMS Status Messages Corrupt
s s
SMS Advertisements Failed SMS Advertisements Total SMS Errors SMS Informationals SMS Machines Total SMS Packages Failed SMS Programs Failed SMS Warnings
SMS Executive Services with Process Monitoring SMS Site Backup Enabled SMS Site Component Manager
268
Table 70
SMS Discovery Data Manager Total DDRs Enqueued SMS Discovery Data Manager Total DDRs Processed SMS Discovery Data Manager DDRs Processed/minute SMS In-Memory Queues Total Objects Dequeued SMS In-Memory Queues Total Objects Enqueued SMS Standard Sender Average Bytes/sec SMS Standard Sender Sending Thread Count SMS Standard Sender Total Bytes Attempted SMS Status Messages Written to SMS Database SMS Status Messages Reported to Application Event Log SMS Status Messages Replicated at Normal Priority SMS Status Messages Replicated at Low Priority SMS Status Messages Replicated at High Priority SMS Status Messages Received SMS Status Messages Processed/sec SMS Status Messages Corrupt
NOTE
To use the PATROL Configuration Manager to view or manage a PATROL agent configuration, the PATROL KM for Event Management must be loaded on the PATROL Agent machine. For more information about loading KMs, see Loading the PATROL for Microsoft Windows Servers KMs on page 91.
To copy configuration changes using PCM 1 Using the PATROL Configuration Manager, perform a get on the PATROL Agent. 2 Configure the PATROL Agent as desired. 3 Using the PATROL Configuration Manager, perform a get to obtain the new
PATROL Agent configuration.
4 In PATROL Configuration Manager, compare the last 2 configurations. 5 Save the differences between the 2 agent configuration as a new rule set. 6 Apply this rule set to the other PATROL Agents.
For more detailed information about using the PATROL Configuration Manager, see the PATROL Configuration Manager User Guide or the PATROL KM for Event Management User Guide.
WARNING
When creating rules manually within PATROL Configuration Manager, you must follow the syntax guidelines discussed here and avoid typos. Failure to do so could result in unpredictable behavior.
270
Syntax guidelines
When manually creating rules, you must substitute special codes for certain characters when those characters are part of a configuration variable name or value. These characters are used for specific purposes within pconfig. For example, the comma is used to separate values. For more information, see Table 71. Table 71
Character comma (,)
slash (/)
(SL)
(EQ)
double quote ()
(QU)
Appendix B
271
Figure 7
272
1 Right-click the folder where you want to add the rule and select New => Ruleset.
A new ruleset is created called NewRuleSet.
2 Rename the ruleset. 3 Right-click the new ruleset and select New Rule. 4 From the Ruleset dialog, enter the ruleset, operation, and variable. For more
information about what to enter, see the examples that follow.
monitor the DHCP Client service restart the start the service when it stops generate a PATROL Warning when the service is stopped enable the monitoring of the process associated with this service
To manually create this configuration, you would create the rules shown in Table 72. For more information about the configuration variable specified in these rules, see PATROL for Windows Servers configuration variables on page 218. Table 72
Rule
/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/ProcessMonitoring/ Replace ParentDefinedProcessList/child_list /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/ProcessMonitoring/ Replace child_list /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/ServiceMonitoring/ Replace ServiceList/Dhcp/Alarm /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/ServiceMonitoring/ Replace ServiceList/Dhcp/Monitor /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/ServiceMonitoring/ Replace ServiceList/Dhcp/variable_list
monitor rtserver process with argument -service terminate the process when the process CPU% exceeds a threshold value (defined by the AlarmThreshold variable) for 15 minutes
Appendix B Agent configuration variables and rulesets 273
generate a PATROL alarm when the process is not running do not generate a PATROL alarm when the process is running
To manually create this configuration, you would create the rules shown in Table 73. For more information about the configuration variable specified in these rules, see PATROL for Windows Servers configuration variables on page 218 Table 73
Rule
/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/ProcessMonito Replace ring/ProcessConfigurationList/RTSERVER_SERVICE/ArgumentList /list /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/ProcessMonito Replace ring/ProcessConfigurationList/RTSERVER_SERVICE/ArgumentList /variable_list /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/ProcessMonito Replace ring/ProcessConfigurationList/RTSERVER_SERVICE/ProcessName /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/ProcessMonito Replace ring/ProcessConfigurationList/RTSERVER_SERVICE/child_list /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/ProcessMonito Replace ring/ProcessConfigurationList/RTSERVER_SERVICE/variable_list
list
/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/ProcessMonito Replace ring/ProcessConfigurationList/child_list /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/ProcessMonito Replace ring/ProcessConfigurationList/RTSERVER_SERVICE/EnableAlarmI fProcessDown /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/ProcessMonito Replace ring/ProcessConfigurationList/RTSERVER_SERVICE/EnableAlarmI fProcessStarts /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/ProcessMonito Replace ring/ProcessConfigurationList/RTSERVER_SERVICE/TimeLimitFor KillRunAwayProcess
15
274
create an event filter named Example with the description Event Filter Example monitor only Warning and Error event types; do not consolidate event types when reporting. Report Warning and Error events separately. monitor events from application sources PerfDisk and PerfProc monitor event IDs 100 through 154 monitor events generated under the username of bhunter monitor events that have the test string missing in the event text monitor events in any event category choose the option to write event details to a text parameter choose the option to report multiple events as one event when 5 or more events occur within 30 seconds choose the option to notify PATROL immediately when an event filter matches the filter criteria when in alarm, remain in alarm until acknowledged by an operator
Appendix B
275
To manually create this configuration, you would create the rules shown in Table 74. For more information about the configuration variable specified in these rules, see PATROL for Windows Servers configuration variables on page 218. Table 74
Rule
/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonit Replace oring/Application/EventFilters/Example/AcknowledgeBy /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonit Replace oring/Application/EventFilters/Example/Annotation /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonit Replace oring/Application/EventFilters/Example/ConsolidateEventTypes /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonit Replace oring/Application/EventFilters/Example/ConsolidationNumber /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonit Replace oring/Application/EventFilters/Example/ConsolidationTime /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonit Replace oring/Application/EventFilters/Example/CreateInstance /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonit Replace oring/Application/EventFilters/Example/EventIdList/list /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonit Replace oring/Application/EventFilters/Example/EventIdList/variable_list /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonit Replace oring/Application/EventFilters/Example/EventReport /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonit Replace oring/Application/EventFilters/Example/EventType /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonit Replace oring/Application/EventFilters/Example/FilterDescription /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonit Replace oring/Application/EventFilters/Example/FilterEnabled /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonit Replace oring/Application/EventFilters/Example/IncludeAllCategories /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonit Replace oring/Application/EventFilters/Example/IncludeAllEventIds /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonit Replace oring/Application/EventFilters/Example/IncludeAllSources /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonit Replace oring/Application/EventFilters/Example/IncludeAllStrings /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonit Replace oring/Application/EventFilters/Example/IncludeAllUsers /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonit Replace oring/Application/EventFilters/Example/RetainEventDescriptions /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonit Replace oring/Application/EventFilters/Example/Scheduling /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonit Replace oring/Application/EventFilters/Example/SourceList/variable_list 276 BMC PATROL for Microsoft Windows Servers Getting Started
Table 74
Rule
/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonit Replace oring/Application/EventFilters/Example/StringList/list /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonit Replace oring/Application/EventFilters/Example/StringList/variable_list /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonit Replace oring/Application/EventFilters/Example/UserList/list /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonit Replace oring/Application/EventFilters/Example/UserList/variable_list /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonit Replace oring/Application/EventFilters/Example/child_list /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonit Replace oring/Application/EventFilters/Example/variable_list
To manually create this configuration, you would create the rules shown in Table 75.
NOTE
When you change parameter thresholds through the PATROL Configuration Manager or through PATROL KM for Event Management, the changes are stored externally in the pconfig database, not in the KM. To change parameter thresholds or poll times in this manner, you must have the PATROL KM for Event Management loaded on the PATROL Agent. For more information about loading KMs, see Loading the PATROL for Microsoft Windows Servers KMs on page 91.
Appendix B
277
For more information about the this rule, see the detailed description in Table 76. Table 75
Rule /AS/EVENTSPRING/PARAM_SETTINGS/THRESHOLDS/ NT_CPU/__ANYINST__/CPUprcrProcessorTimePercent
The following table provides a detailed description of the THRESHOLDS configuration rule. Table 76
Item /AS/EVENTSPRING /PARAM_SETTINGS /THRESHOLDS /NT_CPU /__ANYINST__
CPUprcrProcessorTime parameter name Percent 1 0 0 0 0 0 0 1 80 85 0 0 1 1 85 indicates that the parameter is active Border settings indicates that the border range is inactive the border begin range the border end range specifies when to trigger alarm; 0 means immediately on the first occurrence if the trigger value is non zero, this value specifies the number of occurrences before triggering an alarm specifies that the state is OK Alarm1 settings indicates that the Alarm 1 alarm is active the Alarm 1 begin range the Alarm 1 end range specifies when to trigger alarm; 0 means immediately on the first occurrence if the trigger value is non zero, this value specifies the number of occurrences before triggering an alarm specifies that the state is WARN Alarm 2 settings indicates that the Alarm 2 alarm is active the Alarm 2 begin range
278
Table 76
Item 100 0 0 2
Appendix B
279
280
Appendix
C
282 282 285 286 286 287 287 288 288 289 289 289 290
Appendix C
281
NT_LOAD.kml
The PATROL KM for Microsoft Windows OS uses the NT_LOAD.kml file, which loads the application classes shown in Table 78. Table 78 PATROL KM for Microsoft Windows OS NT_LOAD.kml file (Part 1 of 2)
Application classes NT_BASE.kml (see Table 79 on page 284) NT_BSK NT_Composites NT_CompositesColl NT_EVENTLOG NT_EVINSTS NT_EVLOGFILES NT_FTP NT_FTP_CONTAINER
Component and .kml PATROL KM for Microsoft Windows OS NT_LOAD.kml Note: NT_LOAD.kml includes NT_BASE.kml
282
Table 78
Appendix C
283
NT_BASE.kml
The NT_LOAD.kml file includes the NT_BASE.kml file, which loads the application classes shown in Table 79. Table 79 PATROL KM for Microsoft Windows OS NT_BASE.kml file
Application classes NT NT_OS NT_CACHE NT_CPU NT_CPU_CONTAINER NT_HEALTH NT_LOGICAL_DISKS NT_LOGICAL_DISKS_CONTAINER NT_MEMORY NT_NTFS_MOUNT NT_NTFS_MOUNT_CONTAINER NT_NTFS_QUOTA NT_NTFS_QUOTA_CONTAINER NT_PAGEFILE NT_PAGEFILE_CONTAINER NT_SYSTEM PATROL_NT
NT_HYPER-V.kml
The PATROL KM for Microsoft Windows OS uses the NT_HYPER-V.kml file, which loads the application classes shown in Table 80.
NOTE
Ensure that the Hyper-V server role is installed on the computer.
284
Table 80
Appendix C
285
Component and .kml PATROL KM for Microsoft Windows Domain Services (uses NTD.kml)
286
Component and .kml PATROL KM for Microsoft Cluster Server (uses MCS_Load.kml)
Appendix C
287
Component and .kml PATROL KM for Microsoft Message Queue (uses MSMQ.kml)
Component and .kml PATROL Wizard for Microsoft Performance Monitor and WMI (NT_PERFMON_WIZARD.kml)
288
Appendix C
289
NOTE
An asterisk indicates that all KMs that start with the stem are included. For example, NT_CPU* indicates both NT_CPU and NT_CPU_CONTAINER.
Table 91
.kml
PRU_ApplicationServer.kml
NT NT_OS NT_CACHE NT_CPU* NT_MEMORY NT_PAGEFILE* NT_SYSTEM NT_LOGICAL_DISK* PATROL_NT NT_SERVICES* NT_PROCESS* NT_HEALTH COM_* NT_EV* NT_PERFMON* NT NT_OS NT_CACHE NT_CPU* NT_MEMORY NT_PAGEFILE* NT_SYSTEM NT_LOGICAL_DISK* PATROL_NT NT_SERVICES* NT_PROCESS* NT_HEALTH NT_EV* NT_PERFMON*
PRU_TerminalServer.kml
s s s s s s s s s s s s s s
290
Table 91
.kml
PRU_RasVpnServer.kml
NT NT_OS NT_CACHE NT_CPU* NT_MEMORY NT_PAGEFILE* NT_SYSTEM NT_LOGICAL_DISK* PATROL_NT NT_SERVICES* NT_PROCESS* NT_HEALTH NT_EV* NT_PERFMON* NT NT_OS NT_CACHE NT_CPU* NT_MEMORY NT_PAGEFILE* NT_SYSTEM NT_LOGICAL_DISK* PATROL_NT NT_SERVICES* NT_PROCESS* NT_HEALTH NT_EV* NT_PRINT* NT NT_OS NT_CACHE NT_CPU* NT_MEMORY NT_PAGEFILE* NT_SYSTEM NT_LOGICAL_DISK* PATROL_NT NT_SERVICES* NT_PROCESS* NT_HEALTH NT_EV* NT_DOMAIN NT_MEMBER_SERVER AD_AD*
PRU_PrintServer.kml
s s s s s s s s s s s s s s
PRU_DomainServer.kml
s s s s s s s s s s s s s s s s
Appendix C
291
Table 91
.kml
PRU_FileServer.kml
NT NT_OS NT_CACHE NT_CPU* NT_MEMORY NT_PAGEFILE* NT_SYSTEM NT_LOGICAL_DISK* PATROL_NT NT_SERVICES* NT_PROCESS* NT_HEALTH NT_DFS* NT_EV* NT_DOMAIN NT_MEMBER_SERVER NT_PHYSICAL_DISKS* NT NT_OS NT_CACHE NT_CPU* NT_MEMORY NT_PAGEFILE* NT_SYSTEM NT_LOGICAL_DISK* PATROL_NT NT_SERVICES* NT_PROCESS* NT_HEALTH NT_EV* NT_PERFMON* NT NT_OS NT_CACHE NT_CPU* NT_MEMORY NT_PAGEFILE* NT_SYSTEM NT_LOGICAL_DISK* PATROL_NT NT_SERVICES* NT_PROCESS* NT_HEALTH NT_DNS_2000 NT_DOMAIN NT_MEMBER_SERVER NT_EV* NT_PERFMON*
PRU_MailServer.kml
s s s s s s s s s s s s s s s
PRU_DNSServer.kml
s s s s s s s s s s s s s s s s s
292
Table 91
.kml
PRU_WinsServer.kml
NT NT_OS NT_CACHE NT_CPU* NT_MEMORY NT_PAGEFILE* NT_SYSTEM NT_LOGICAL_DISK* PATROL_NT NT_SERVICES* NT_PROCESS* NT_HEALTH NT_DOMAIN NT_MEMBER_SERVER NT_EV* NT_WINS* NT NT_OS NT_CACHE NT_CPU* NT_MEMORY NT_PAGEFILE* NT_SYSTEM NT_LOGICAL_DISK* PATROL_NT NT_SERVICES* NT_PROCESS* NT_HEALTH NT_DOMAIN NT_MEMBER_SERVER NT_EV* NT_DHCP* NT NT_OS NT_CACHE NT_CPU* NT_MEMORY NT_PAGEFILE* NT_SYSTEM NT_LOGICAL_DISK* PATROL_NT NT_SERVICES* NT_PROCESS* NT_HEALTH NT_EV* NT_PERFMON*
PRU_DhcpServer.kml
s s s s s s s s s s s s s s s s
PRU_MediaServer.kml
s s s s s s s s s s s s s s
Appendix C
293
294
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Index
Symbols
%PATROL_CACHE% 65 %PATROL_HOME% 65 .kml COM.kml 90, 287 EVENT_MANAGEMENT.kml 91 HISTORY.kml 90, 289 LOG.kml 91 MSMQ.kml 90, 288 MWD_ACTIVE_Directory_MN.kml 91 NT_BASE 284 NT_HYPER-V 285 NT_LOAD.kml 91, 282 NT_PERFMON_WIZARD.kml 91 NTD.kml 91, 286 REM_ACTIVE_DIRECTORY.kml 286 .kml files list of 90 vs. .km files 89 __ANYINST__ variable 278, 279 _CollectionStatus parameter 200 _DiscoveryStatus parameter 46 Performance Monitor (PerfMon) counters 143 processes to monitor 118, 273 rules 272 services to monitor 273 WMI parameters 144 address book monitoring 24 addresses default 138 email, specifying 141 administrator rights 100 AdPerfCollector parameter 208 advanced user rights, required 44 agents assigning notification servers to 139 configuration variables 217257 configuring 138140 configuring in a cluster 176 PATROL 34 persistent connection to 140 Alarm variable 225 AlarmMax variable 255, 256 AlarmMin variable 255, 256 alarms acknowledging 201 generating 115, 122 tuning 204 AlarmThreshold variable 122, 219 AlertMSGForRepliCollector variable 246 alerts reducing number of 200 troubleshooting 204 allow log on locally (user right) 44 allowsendparamonly variable 205 AnnotateProcCount variable 236 AnnotateProcStatus variable 236 AnnotateTopProcs variable 236 AnnotateValueChange variable 239 Annotation variable 229, 276 AnnotationMode variable 249 application classes NT_CompositeColl 124 NT_DHCP 40, 41, 169 NT_DNS 169 NT_FTP 237 NT_ICMP 238 NT_IP 238
Numerics
560/562 events 201
A
account requirements PATROL KM for Cluster Server 48, 76 PCC 177 AccountInfo variables 248 accounts requirements 97 setting up for installation 43 Windows 43 AcknowledgeBy variable 229, 276 acknowledging alarms 201 Act as part of operating system (user right) 44, 100 activating parameters 279 Active Directory 22 ActiveX control 134 adding event filters 275
295
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
NT_IPX 238 NT_LOGICAL_DISK 100 NT_NETBEUI 238 NT_NETBIOS 238 NT_PROCESS 118 NT_REMOTE_SERVERS 169 NT_SERVICES 100 NT_SHARES 169 NT_TCP 238 NT_TRUST 169 NT_UDP 238 NT_WINS 169 application server, rulesets for monitoring 258 arguments, process 122 arsAction variable 204 AS_AVAILABILITY application 206 AS_CHANGESPRING.kml 70 AS_EVSLocalAlertNotify.bat editing 135 requirements for using 134 AS_EVSLocalAlertNotify.pl 134 Attended Mode Dialog Timeout field 131 auditing, disabling 201 authentication support 24 AutoDiscoveryTimeLimit variable 219 automatic process monitoring 117 AutoRestart variable 116, 225 availability, monitoring 206 changing account rights 45 security levels 54 system monitoring 102 thresholds and poll times 277 characters, special 271 charting PATROL data 166 CheckIPResourceColl parameter 249 CheckPoint variable 229 child_list variable 271 CluDBBackupPath variable 249 cluster administrator account 48, 76, 177 cluster.exe 76 ClusterLogFileError parameter 251 clusterName_NetworkNameForFileShares variable 250 CollectionCount variable 219, 236 colormap option 78 COM.kml 90, 287 command-line arguments 122 commas, escaping 271 components KM files 282289 PATROL Adapter for Microsoft Office 34 PATROL Agent for Microsoft Windows Servers 34 PATROL Cluster Configuration Wizard 31 PATROL Cluster Configuration Wizard (PCC) 31 PATROL History Loader KM 34 PATROL KM for Cluster Server 30 PATROL KM for Event Management 33 PATROL KM for Log Management 32 PATROL KM for Microsoft Cluster Server 30 PATROL KM for Microsoft COM+ 31 PATROL KM for Microsoft Message Queue 31 PATROL KM for Microsoft Windows Active Directory 22 PATROL KM for Microsoft Windows Domain Services 30 PATROL KM for Microsoft Windows OS 21 composite parameters, creating 124 compressing the DHCP database 99 ComputerNamesList/list variable 234 configuration variables 217257 configurations, component-based PATROL KM for History Loader 289 PATROL KM for Microsoft COM+ 287 PATROL KM for Microsoft Message Queue (MSMQ) 288 PATROL KM for Microsoft Windows Domain Services 286 PATROL KM for Microsoft Windows OS 282 PATROL KM for MS Windows Active Directory Remote Monitoring 286 ConfigureOptionUsed variable 240 configuring blue screen monitoring 100, 126 composite parameters 124 custom parameters 124
B
backing up before migration 69 backup domain controllers, monitoring 30 backup notification servers 136 BackupClusterDatabase parameter 249 BackupDir variable 227 batch file 134 BDCADD variable 242 BDCDEL variable 242 blackouts 204 Blat defined 133 version tested with 133 blue screen monitoring crash dump 126 default 126 event id 6008 126 BMC Software, contacting 2 Bourne shell 79 Bypass traverse checking user right 100
C
C shell 79 catalog, event 206
296
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
e-mail notification 132 event log monitoring 114 event monitoring 103 in PCM, event monitoring 275 in PCM, process monitoring 273 in PCM, service monitoring 273 KM to look for crash dump file 100 monitoring of text files 148 PATROL in a cluster 176 PATROL KM for Microsoft Windows OS 101125 process control 121 process monitoring 117122 quotas 100 remote agents 138140 service monitoring 114?? Windows event monitoring 103 ConnectAs32Bit variable 255 connection, persistent 140 ConsolidateEventTypes variable 107, 230, 276 ConsolidationNumber variable 230, 276 ConsolidationTime variable 230, 276 Core Active Directory service 25 core Active Directory service 26 Counters variable 255 counters, Performance Monitor 207 CreateInstance variable 229 creating custom parameters 124 event filter to monitor events generated only by a specified computer 113 rules 272 WMI parameters 34 custom installation option 55 customer support 2 customizations migrating manually 72 customized PSL, migrating 73 customizing monitoring of counters 142 scripts 135 text log monitoring 147 thresholds 207 DFS (Distributed File System) 30 DFS users, disconnecting 99 DfsConnectionPercent parameter 130 DHCP (Dynamic Host Configuration Protocol) 30 DHCP reports 169 DHCPADD variable 242 DHCPBAK variable 242 DHCPDEL variable 242 diagnosing problems 199211 directory replication 23 DisableAnnotation variable 222, 236, 239 DisableAnnotations variable 244 DisableEventConfig variable 244 DisableServiceRestart variable 116, 222 disabling event filters 114 event log monitoring 104 KMs 170 parameters 279 process monitoring 121 disconnecting DFS users 99 discovery, problems with 200 diskperf 103 disks, monitoring 102 Distributed File System (DFS) 30 DNS name registration 25 DNS reports 169 DNS server, monitoring 26 dns.exe 265 domain controllers rulesets for monitoring 259 domain controllers, monitoring 30 Domain Name Service (DNS) monitoring 30 rulesets 259 DomainInclusionList variable 251 DomainNamingMasterConnStatusSched variable 244 double quotes, escaping 271 dynamic file names, monitoring 150, 155 Dynamic Host Configuration Protocol (DHCP) 30 dynamic update 26
D
database, parameter history 34 deactivating parameters 279 debug programs (user right) 44 default email account 138 defining notification servers 136 remote agents 136 DeletedLDList variable 239 dependencies 92 deploying settings 137 DestroyAcknowledgeProcess variable 236
E
editing notification scripts 135 rulesets 258 ELMError parameter 106 ELMErrorNotification parameter 106, 201 ELMEvFileFreeSpacePercent parameter 129 ELMFailureAudit parameter 106 ELMFailureAuditNotification parameter 106, 201 ELMInformation parameter 106 ELMInformationNotification parameter 201 ELMNotification parameter 106, 201 ELMOtherTypes parameter 106
297
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
ELMOtherTypesNotification parameter 201 ELMRptOfNotification parameter 108 ELMRptOfOtherTypes parameter 108 ELMStatus parameter 106, 107 ELMSuccessAudit parameter 106 ELMSuccessAuditNotification parameter 201 ELMWarning parameter 106 ELMWarningNotification parameter 106, 201 e-mail notification 132 EnableAlarmIfProcessDown variable 220 EnableAlarmIfProcessStarts variable 220 enabling event filters 114 event log monitoring 104 parameters 279 environment variables LANG 79 PATH 79 PATROL_BROWSER 79 PATROL_CACHE 65 PATROL_HOME 65 setting for Help browser 79 setting for the browser 79 equal sign, escaping 271 error messages 210 escaping special characters 271 event catalog 206 event log windows event log 202 event logs monitoring, enabling 102 troubleshooting 201 viewing 125 event monitoring configuring in PCM 275 Core Active Directory service 25 domain controller health 25 file replication service and group policy 25 Kerberos 25 Netlogon 25 time synchronization service 25 EVENT_MANAGEMENT.kml 289 EventLogMonitoring BackupDir variable 227 ExclusionList/list variable 228 IncludeAll variable 227 InclusionList/list variable 227 EventReport variable 230, 276 events monitoring 103 reducing 200 EventType variable 107, 230, 276 EvRptOfError parameter 108 EvRptOfFailureAudit variable 108 EvRptOfInformation parameters 108 EvRptOfStatus parameters 108 EvRptOfSuccessAudit parameters 108 EvRptOfWarning parameter 108 eXceed 78 Excel, Microsoft 100 ExclusionList/list variable 228, 235, 236, 237, 239 expressions, regular 117 extracting downloaded installation files 52 order 52
F
failover, cluster 31 FAT file system 40 file replication service and group policy 26 file server, rulesets for monitoring 258 file systems, supported 40 FileShareExclusionList variable 249 filter, event monitoring 103 FilterDescription variable 230, 276 FilterDisableCase variable 233 FilterEnabled variable 114 first time installation 55 Flexible Single Master Operations (FSMO) 24 ForwardAllNTEventstoPEM variable 228 ForwardFilteredNTEventstoPEM variable 228 FSMO monitoring 24 FTP/Active variable 237
G
graphing PATROL data 166 group policy monitoring 25
H
HighThresholdOnEvents variable 240 history reports 168 HISTORY.kml 90, 289 HPFS file system 40
I
ICMP/Active variable 238 IdleServerTime variable 243 InactiveonMissingPerfObj variable 219 IncludeAll variable 227, 235, 236, 237, 239, 240 IncludeAllCompList variable 234 InclusionList list/variable 237 InclusionList/list variable 227, 235, 236, 237, 238, 239 increase quotas (user right) 44 inetinfo.exe 262 InfrastructureMasterConnStatusSched variable 245 installation backing up before migration 69
298
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
custom option 55 log files 210 PATROL KM for Cluster Server account requirements 48, 76 PATROL KM for Cluster Server overview 73 preparing for 49 setting up installation accounts 43 system requirements 39 typical option 54 verifying requirements 39 Windows account requirements 43 Installation logs 210 installing checking for product patches or fixes 50 clearing cache 71 determining the version of the installation utility 51 extracting downloaded files 52 extraction order 52 extraneous target platforms in the installation utility user interface 50 for the first time 55 installing PATROL Agent over an existing installation 51 turning off pop-up blocking software 49 unsupported platform in the installation utility user interface 50 upgrading from an earlier version 63 where to install KMs 52 where to install PATROL Agent 51 Instances variable 255 integration with Blat 133 intrasite/intersite monitoring 23 IP/Active variable 238 IPExclusionList variable 249 IPX/Active variable 238 IterationCount variable 241, 242 migrating manually 72 KMs deploying 18 determining if migratable 64 determining versions of 211 included with product 281289 installing individual 55 installing QuickStart packages 54 loading 9193 preloading 90 unloading 170 upgrading from an earlier version 63 where to install 52 Korn shell 79
L
LANG environment variable 79 LDAP monitoring 24 LDldFreeSpacePercent parameter 129 license, required 39 loading KMs 9193 log files, monitored by default 149 Log on as a service (user right) 44 Log on as batch job user right 100 LOG.kml 91 LOGErrorLvl not set if search string is not defined 154 logical disks, monitoring 102 LogicalDiskMonitoring ExclusionList/list variable 239 IncludeAll variable 239 InclusionList/list variable 238 login accounts requirements 43 Windows 43 logs event, monitoring 102 installation 210 lsass.exe 264
J
job objects missing 200 monitoring 102 JobObjectMonitoring CollectionCount variable 236 ExclusionList/list variable 235 IncludeAll variable 235 InclusionList/list variable 235 JournalMsgCountThreshold variable 253 JournalMsgSizeThreshold variable 253
M
mail servers, rulesets for monitoring 259 Make Connection Persistent option 140 managed system 22 manual migration of KM customizations 72 process monitoring 117 ManualAcknowledge variable 235 MAPI scripts 134 MaxRecords variable 232 MaxResourceIdleRetainPeriod variable 227 MaxShares variable 243 MaxUsers variable 243
K
Kerberos 25, 27 KM configuration variables 217257 KM customizations
299
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
MBRADD variable 242 MBRDEL variable 242 MBREL variable 242 media, streaming 259 MemoryContentionThreshold variable 240 MenuCmdROMode variable 252 messages, error log 210 Microsoft Excel 100, 167 Microsoft Message Queue (MSMQ) 31 Microsoft Transaction Server COM+ 31 migrating customized PSL 73 determining if KM is migratable 64 from an earlier version of the KM 63 KM customizations manually 72 Mode variable 256 monitor requirements 40 Monitor variable 225 MonitoredClusterList variable 252 monitoring Active Directory 22 availability of agents 206 backup domain controllers 30 clusters 31 domain controllers 30 enabling and disabling 102 event logs 102 events 103, 114 files 114 files with dynamic names 150, 155 job objects 102 logical disks 102 logical or physical disk drives 103 logs 114 network interfaces 102 network protocols 102 pagefiles 102 physical disks 102 printers 102 processes 117 processors 102 service executables 116 services 114 strings 114 text files 148 MonitorManualServices variable 222 MonitorNotRespond variable 225 MonitorProcess 225 MonitorProcess variable 235 MSMQ.kml 90, 288 MsPatrolAgentStatus parameter 129 MWD_ACTIVE_Directory_MN.kml 91 Net Logon 25, 27 NETBEUI/Active variable 238 NETBIOS/Active variable 238 Netscape Navigator 78 network interfaces, monitoring 102 network protocols, monitoring 102, 201 NetworkInterfaceMonitoring ExclusionList/list variable 237 IncludeAll variable 237 InclusionList/list variable 237 new PATROL users easy install option 54 installing for the first time 55 nonaggregate values for drive instance 127 NonAggregateParamValue variable 239 notification scripts, using 133136 server 136 notification scripts customizing 135 editing 135 specifying 138 notification servers benefits of 136 configuring 136138 defining 136 primary and backup 136 providing security for 137 notification targets, defining 138 notification, e-mail 132 NOTIFICATION_SERVER1 variable 139 NOTIFICATION_SERVER1.defaultAccount variable 139 NOTIFICATION_SERVER2 variable 139 NotifiedEvents parameter 206 notifying disks are not present 126 NotRespondCmd variable 225 NT authentication support 24 NT_BASE.kml 42, 284 NT_CompositesColl application class 124 NT_DHCP application class 40, 41 NT_EVENTLOG.OSdefaultAccount variable 241 NT_FTP application class 237 NT_HYPER-V.kml 284, 285 NT_ICMP application class 238 NT_IP application class 238 NT_IPX application class 238 NT_LOAD.kml 42, 91, 282 NT_LOGICAL_DISK application class 100 NT_NETBEUI application class 238 NT_NETBIOS application class 238 NT_PERFMON application class 91 NT_PROCESS application class 118, 200 NT_SERVICES application class 100 NT_TCP application class 238 NT_UDP application class 238 NTD.kml 91, 286
N
Name variable 255
300
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
NTFS file system 40 EvRptOfError 108 EvRptOfFailureAudit 108 EvRptOfInformation 108 EvRptOfSuccessAudit 108 EvRptOfWarning 108 history, viewing 90 LDldFreeSpacePercent 129 MsPatrolAgentStatus 129 NotifiedEvents 206 PAWorkRateExecsMin 130 PROCDown 122 PROCProcessColl 122 PROCProcessorTimePercent 129 PROCStatus 122, 129, 235 RegValueChanged 239 ServiceStatus 115, 129 ShConnPercent 46, 130 SvcNotResponding 116 SvcStatus 116 troubleshooting 205 tuning 200 WMIAvailability 129, 240 WpReplicationFailures 130 Parameters variable 255 ParentInstance variable 229 PATH environment variable 79 PATROL account, creating 43 PATROL Adapter for Microsoft Office description 34 installation requirements 167 PATROL Agent configuring in a cluster 176 description 34 installing KMs to 53 installing over an existing installation 51 where to install 51 PATROL Central - Web Edition loading KMs on 93 PATROL Central - Windows Edition 172 PATROL Configuration Manager description 18 using 269277 PATROL consoles and Netscape Navigator 78 installing KMs to 53 PATROL for Microsoft Windows Servers rulesets 290 PATROL for Windows Operating System Monitor service 35 PATROL History Loader KM description 34 PATROL KM for Cluster Server account requirements 48, 76 architecture 74 description 30 installation overview 73 installation requirements 76
O
Objects variable 255 operating system, monitoring 101 output window, system 210 OverrideAutoConfigUpdate variable 240 OverrideGlobalServiceMonitoring variable 225 OverrideGlobalServiceRestart variable 116, 225 OverrideParameterAutoActivate variable 227, 235, 240 OverrideParameterFileFreeSpacePctAutoActivate variable 228 OverrideSummaryAutoCreate variable 202, 228
P
PACFG (PATROL Agent Configuration) utility 205 PagefileMonitoring ExclusionList/list variable 237 IncludeAll variable 237 InclusionList/list variable 237 pagefiles, monitoring 102 parameters 205 _DiscoveryStatus 46 activating and deactivating 279 AdPerfCollector 208 BackupClusterDatabase 249 CheckIPResourceColl 249 ClusterLogFileError 251 composite 124 creating 34 creating e-mail notifications for 132 creating PerfMon-based 143 creating WMI 144 customizing 124 data, storing and analyzing 34 DfsConnectionPercent 130 ELMError 106 ELMErrorNotification 106, 201 ELMEvFileFreeSpacePercent 129 ELMFailureAudit 106 ELMFailureAuditNotification 106, 201 ELMInformation 106 ELMInformationNotification 106, 201 ELMNotification 201 ELMOtherTypes 106 ELMOtherTypesNotification 201 ELMRptOfNotification 108 ELMRptOfOtherTypes 108 ELMStatus 106 ELMSuccessAudit 106 ELMSuccessAuditNotification 201 ELMWarning 106 ELMWarningNotification 106, 201
301
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
monitoring features 30 overview 73 PATROL KM for Event Management .kml files 289 configuring 132141 PATROL KM for History Loader KMs 289 PATROL KM for Log Management .kml file 289 PATROL KM for Microsoft COM+ report options 170 troubleshooting 99 Windows configuration 287 PATROL KM for Microsoft Message Queue KMs 288 report options 169 troubleshooting 99 PATROL KM for Microsoft Windows Active Directory description 22 installation requirements 41, 42 requirements 41, 42 troubleshooting 97 PATROL KM for Microsoft Windows Domain Services KMs 286 requirements 40 troubleshooting 98 PATROL KM for Microsoft Windows OS configuring 101125 KMs 282 requirements 40 PATROL KM for MS Windows Active Directory Remote Monitoring KMs 286 REM_ACTIVE_DIRECTORY.kml 286 PATROL KM for Windows Active Directory required defaultAccount permissions 47 PATROL Perform Agent 38 PATROL security overview of levels 53 requirements 39 PATROL Wizard for Performance Monitor and WMI .kml file 288 configuring 142 creating Performance Monitor parameters 143 creating WMI parameters 144 description 34 loading 142 migration 64 performance counters supported 146 queries that begin with Win32_PerfRawData 146 setting alarm thresholds 144 Win32_PerfRawData WMI class 146 PATROL.conf 205 PATROL_BROWSER environment variable 79 PATROL_CACHE 65, 71 PATROL_HOME 65 PatrolAgent service 35 PAWorkRateExecsMin parameter 130 PCC (PATROL Cluster Configuration Wizard) account requirements 177 description 31 installation requirements 177 overview 176 unattended configuration 191 using 178 pconfig syntax rules for 271 variables 218257 PDCEmulatorConnStatusSched variable 245 Performance Counter (PerfMon) Wizard 34 Performance Monitor counters, customizing 207 perfproc.dll 200 persistent agent connection 140 physical disks, monitoring 102 PhysicalDiskMonitoring ExclusionList/list variable 237 IncludeAll variable 237 InclusionList/list variable 237 PingCount variable 246 PingTimeout variable 246 planning installation 49 notification 136 platforms, supported 39 poll times, changing 205, 277 preloading KMs 90, 94 preparing for installation 49 Primary_Site_Role.cfg 258, 259 print server, rulesets for monitoring 258 PrinterMonitoring DisableAnnotation variable 239 ExclusionList/list variable 239 IncludeAll variable 240 InclusionList/list variable 239 printers, monitoring 102 problem resolution 199211 PROCDown parameter 122 process control, configuring 121 processes _DiscoveryStatus and _CollectionStatus parameters 121 configuring in PCM 273 disabling monitoring of 121 missing 200 monitoring 117 multiple processes selected 203 restarting 46, 122 run-away 220 stopping 122 troubleshooting 200 ProcessMonitoring StatusSelectedColumns/list variable 219 ProcessName variable 220 ProcessorContentionThreshold variable 240
302
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
ProcessorMonitoring DisableAnnotation variable 236 ExclusionList/list variable 236 IncludeAll variable 236 InclusionList/list variable 236 processors, monitoring 102 PROCProcessColl parameter 122 PROCProcessorTimePercent parameter 129 PROCStatus parameter 122, 129, 235 product components 20 configuration tasks 101 product support 2 profile system performance (user right) 45 protocols monitoring 102 troubleshooting 201 PRU_FileServer.cfg 258 PSL, migrating 73 psx_server.xpc 232 replication monitoring 23 reports 100, 168170 requirements overview 39 PATROL KM for Cluster Server 76 PATROL KM for Cluster Server account 48, 76 PATROL KM for Microsoft Windows Active Directory 41, 42 PCC 177 software 89 system 39 user right 44 Windows account 43 Windows script 134 ResolveTestList variable 241, 242 ResourceExclusionList variable 250 restarting agent 205 processes 46, 122 RetainEventDescriptions variable 276 rights, required 44, 100 rules, adding 272 rulesets applying 257 editing 258 PATROL for Microsoft Windows Servers 290 shipped 257269 run-away processes 220
Q
Query variable 256 QueueMsgCountThreshold variable 253 QueueMsgSizeThreshold variable 253 quorum configurations support in a failover cluster 76 quotas, configuring 100 quotes, escaping 271
S
SAM monitoring 24 SAM NT authentication support 24 ScheduledServers variable 253 Scheduling variable 232 SchemaMasterConnStatusSched variable 245 SCOPEADD variable 242 SCOPEDEL variable 242 scripts batch file 134 customizing 135 editing 135 using 133136 search string 154 security event log 100 notification server 137 overview of levels 53 Security Account Manager (SAM) 24 send_mapi.vbs 134 sendmail.vbs 134 ServerExcludeList variable 243 ServerIPAddress variable 241, 242 ServerPortNumber variable 241, 242 servers, deploying settings to 137 ServiceMonitoring
R
RAS (Remote Access Service) 263 recovery actions about 128 configuring 128132 troubleshooting 46 variables used for 256 redundancy 136 RegistryMonitoring InclusionList/list variable 239 regular expressions 117 using to monitor dynamic file names 150, 155 RegValueChanged parameter 239 RelativeIDMasterConnStatusSched variable 245 Remote Access Service (RAS) 263 remote agents, assigning notification servers to 139 remote monitoring tasks 198 RemovedPDList variable 237 removedServiceList variable 222 removing KMs 171 replace a process level (user right) 45
303
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
DisableAnnotation variable 222 MonitorManualServices variable 222 removedServiceList variable 222 services checking status of 116 configuring in PCM 273 monitoring 114 monitoring executables for 116 PATROL for Windows Servers 35 restarting 46, 115 services.exe 264 ServiceStatus parameter 115, 129 setting environment variables for Help browser 79 ShareExcludeList variable 243 ShConnPercent parameter 46, 130 shells Bourne 79 C 79 Korn 79 Site_Role.cfg 258, 259 sitecomp.exe 267, 269 slashes, escaping 271 SMS (Systems Management Server), rulesets for 258 smsdbmon.exe 267 smsexec.exe 267, 269 SMTP scripts 134 SNMP service 41 SNMP, requirements 40 spoolsv.exe 263 sqlservr.exe 267 starting services 99, 115 startup properties, service 100 StatusNumberofProcessesToDisplay variable 219 StatusSelectedColumns/list variable 219 StatusSortKey variable 219 StdEvents.ctg 206 stopping event log monitoring 104 monitoring 102 processes 122 services 99 streaming media servers, rulesets for monitoring 259 success auditing 201 Summary instance 202 support, customer 2 Suspend Recovery Action field 131 Suspend variable 256 svchost.exe 264 SvcNotResponding parameter 116 SvcStatus parameter 116 syntax pconfig 271 system output window 210 system requirements 39 system roles 52
T
TCP/Active variable 238 TCPorUDP variable 241, 242 technical support 2 templates, PATROL Adapter for Microsoft Office 168 terminal server 259 terminating processes 46, 122 text files, monitoring 148 thresholds changing in PCM 277 customizing 207 rule for 278 tuning 200, 204 time synchronization service 25, 27 TimeLimitForKillRunAwayProcess variable 220 TotalMessageSizeThreshold variable 253 troubleshooting 199211 DiscoveryStatus parameter in alarm 203 multiple processes selected 203 windows event log 202 TrustExcludeList variable 243 typical installation option 54
U
UDP protocol 241, 242 UDP/Active variable 238 uninstalling products 81 unloading KMs 172 unresponsive services 116 upgrading 63 backing up current installation before 69 choosing a procedure 65 from an earlier version of the KM 63 UpTimeBaseLine variable 250 UseCheckPoint variable 227, 229 user account 79 user rights, required 44 UserExcludeList variable 243 using PCC 178
V
variable_list variable 272 variables __ANYINST__ 278 child_list 271 FilterEnabled 114 NOTIFICATION_SERVER1 139 NOTIFICATION_SERVER2 139 PATROL KM for Microsoft Active Directory 244248 PATROL KM for Microsoft Cluster Server 248253 PATROL KM for Microsoft COM+ 254 PATROL KM for Windows Domain Services 241244
304
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
PATROL KM for Windows Message Queue 253 PATROL KM for Windows OS 218241 PATROL Wizard for Performance Monitor and WMI 255256 PATROL_BROWSER 79 variable_list 272 wpconfig 18 VB (Visual Basic) 133 version, determining 211 View Process Status dialog box 219 viewing event logs 125 Visual Basic (VB) 133 VPN (virtual private network) 259
W
Wait variable 256 warnings, generating 115, 122 WarnMax variable 255, 256 WarnMin variable 255, 256 WBEM_E_INVALID_CLASS error message 208 Win32_PerfRawData performance counters supported 146 WMI queries for WMI class 146 WIN32_WMISetting 240 Windows 30 Windows account requirements 43 Windows Management Instrumentation (WMI) 34 Windows NT Workstation 134 WINS (Windows Internet Naming Service) recovery actions 130 reports 169 rulesets for monitoring 259 WINSADD variable 242 WINSDEL variable 242 WMI parameters, creating 144 WMI Wizard 34 WMIAvailability parameter 129, 240 WMServer service 266 wpconfig utility 94 wpconfig variables 18 WpReplicationFailures parameter 40, 130
X
xpconfig utility 94
305
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
306
Notes
175335