bmc patrol getting started guide - 4.3

www.bmc.com

BMC PATROLfor Microsoft Windows ServersGetting Started Guide

Supporting

BMC PATROL KM for Microsoft Windows Operating System 4.3BMC PATROL KM for Microsoft Windows Active Directory 1.6BMC PATROL KM for Microsoft Windows Active Directory Remote Monitoring

1.7BMC PATROL KM for Microsoft Windows Domain Services 1.5BMC PATROL KM for Microsoft Cluster Server 1.7BMC PATROL Cluster Configuration Wizard 1.5BMC PATROL KM for Microsoft COM+ 1.3BMC PATROL KM for Microsoft Message Queue 1.4BMC PATROL KM for Event Management 2.8BMC PATROL KM for Log Management 2.6.10BMC PATROL Wizard for Microsoft Performance Monitor and WMI 2.1BMC PATROL Adapter for Microsoft Office 1.1BMC PATROL Agent 3.8.50

October 2010

Contacting BMC Software

You can access the BMC Software website at http://www.bmc.com. From this website, you can obtain information about the company, its products, corporate offices, special events, and career opportunities.

United States and Canada

Address BMC SOFTWARE INC2101 CITYWEST BLVDHOUSTON TX 77042-2827 USA

Telephone 713 918 8800 or800 841 2031

Fax 713 918 8000

Outside United States and Canada

Telephone (01) 713 918 8800 Fax (01) 713 918 8000

© Copyright 2007, 2009 - 2010 BMC Software, Inc.

BMC, BMC Software, and the BMC Software logo are the exclusive properties of BMC Software, Inc., are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other BMC trademarks, service marks, and logos may be registered or pending registration in the U.S. or in other countries. All other trademarks or registered trademarks are the property of their respective owners.

DB2 is the trademark or registered trademark of International Business Machines Corporation in the United States, other countries, or both.

Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.

UNIX is the registered trademark of The Open Group in the US and other countries.

All other trademarks belong to their respective companies.

The information included in this documentation is the proprietary and confidential information of BMC Software, Inc., its affiliates, or licensors. Your use of this information is subject to the terms and conditions of the applicable End User License agreement for the product and to the proprietary and restricted rights notices included in the product documentation.

Restricted rights legendU.S. Government Restricted Rights to Computer Software. UNPUBLISHED -- RIGHTS RESERVED UNDER THE COPYRIGHT LAWS OF THE UNITED STATES. Use, duplication, or disclosure of any data and computer software by the U.S. Government is subject to restrictions, as applicable, set forth in FAR Section 52.227-14, DFARS 252.227-7013, DFARS 252.227-7014, DFARS 252.227-7015, and DFARS 252.227-7025, as amended from time to time. Contractor/Manufacturer is BMC SOFTWARE INC, 2101 CITYWEST BLVD, HOUSTON TX 77042-2827, USA. Any contract notices should be sent to this address.

Customer support

You can obtain technical support by using the BMC Software Customer Support website or by contacting Customer Support by telephone or e-mail. To expedite your inquiry, see “Before contacting BMC.”

http://www.bmc.com

Support website

You can obtain technical support from BMC 24 hours a day, 7 days a week at http://www.bmc.com/support. From this website, you can

■ read overviews about support services and programs that BMC offers■ find the most current information about BMC products■ search a database for issues similar to yours and possible solutions■ order or download product documentation■ download products and maintenance■ report an issue or ask a question■ subscribe to receive proactive e-mail alerts when new product notices are released■ find worldwide BMC support center locations and contact information, including e-mail addresses, fax numbers, and

telephone numbers

Support by telephone or e-mail

In the United States and Canada, if you need technical support and do not have access to the web, call 800 537 1813 or send an e-mail message to [email protected]. (In the subject line, enter SupID:<yourSupportContractID>, such as SupID:12345). Outside the United States and Canada, contact your local support center for assistance.

Before contacting BMC

Have the following information available so that Customer Support can begin working on your issue immediately:

■ product information

— product name— product version (release number)— license number and password (trial or permanent)

■ operating system and environment information

— machine type— operating system type, version, and service pack or other maintenance level such as PUT or PTF— system hardware configuration— serial numbers— related software (database, application, and communication) including type, version, and service pack or

maintenance level

■ sequence of events leading to the issue

■ commands and options that you used

■ messages received (and the time and date that you received them)

— product error messages— messages from the operating system, such as file system full— messages from related software

3

http://www.bmc.com/support

mailto:[email protected]

License key and password information

If you have questions about your license key or password, contact BMC as follows:

■ (USA or Canada) Contact the Order Services Password Team at 800 841 2031, or send an e-mail message to [email protected].

■ (Europe, the Middle East, and Africa) Fax your questions to EMEA Contracts Administration at +31 20 354 8702, or send an e-mail message to [email protected].

■ (Asia-Pacific) Contact your BMC sales representative or your local BMC office.

4 BMC PATROL for Microsoft Windows Servers Getting Started



ContentsChapter 1 Product components and capabilities 17

PATROL for Windows Servers features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Centralized event filtering and notification. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Ability to deploy configuration settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Built-in recovery actions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Predefined rulesets for common server types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19Virtualization with Hyper-V . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Product components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20PATROL KM for Microsoft Windows Operating System . . . . . . . . . . . . . . . . . . . . 21PATROL KM for Microsoft Windows Active Directory . . . . . . . . . . . . . . . . . . . . . 22PATROL KM for Microsoft Windows Active Directory Remote Monitoring . . . 28PATROL KM for Microsoft Windows Domain Services . . . . . . . . . . . . . . . . . . . . . 30PATROL KM for Microsoft Cluster Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30PATROL Cluster Configuration Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31PATROL KM for Microsoft Message Queue (MSMQ). . . . . . . . . . . . . . . . . . . . . . . 31PATROL KM for Microsoft COM+. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31PATROL KM for Log Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32PATROL KM for Event Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33PATROL Wizard for Microsoft Performance Monitor and WMI. . . . . . . . . . . . . . 34PATROL History Loader KM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34PATROL Adapter for Microsoft Office . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34PATROL Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35Related documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35Where to go from here. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Chapter 2 Installing and migrating PATROL for Windows Servers 37

Installation overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38Verifying installation requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

System requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39Additional component-specific requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Preparing for installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49Turning off pop-up blocking software before installing . . . . . . . . . . . . . . . . . . . . . 49Unsupported platform option in the installation utility user interface. . . . . . . . . 50Extraneous target platform options available in the installation utility user

interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50Checking for product patches or fixes before installing . . . . . . . . . . . . . . . . . . . . . 50Determining how to install products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

Contents 5

Determining the version of the installation utility . . . . . . . . . . . . . . . . . . . . . . . . . . 51Determining where to install the PATROL Agent . . . . . . . . . . . . . . . . . . . . . . . . . . 51Installing the PATROL Agent over an existing installation . . . . . . . . . . . . . . . . . . 51Extracting installation files after download . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52Determining where to install KMs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

PATROL Security levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53Checking security levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54Assessing and implementing a different security level . . . . . . . . . . . . . . . . . . . . . . 54

Default and custom installation types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54First-time installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

Installing for the first time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55First-time installation using Distribution Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

Distribution Server features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60Importing a CD or customized installation package into Distribution Server . . . 61Installing with the Distribution Server (overview) . . . . . . . . . . . . . . . . . . . . . . . . . . 62

Upgrading from an earlier version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63Automatic migration of console and agent customizations . . . . . . . . . . . . . . . . . . 63Determining whether you can migrate KM customizations . . . . . . . . . . . . . . . . . . 64Conditions for upgrading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64Determining the location of PATROL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

PATROL for Windows Servers upgrade scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66Upgrading without saving KM customizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68Upgrading and preserving KM customizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68Preparing to upgrade. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69Migrating customizations with the PATROL Configuration Manager . . . . . . . . . 70Creating an installation package of the migrated and merged KM . . . . . . . . . . . . 70Moving files from the PATROL_CACHE directories. . . . . . . . . . . . . . . . . . . . . . . . 71Migrating customizations manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Installing PATROL KM for Microsoft Cluster Server . . . . . . . . . . . . . . . . . . . . . . . . . . . 73External cluster-level agent architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74Internal cluster-level agent architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75How to Install the PATROL KM for Microsoft Cluster Server . . . . . . . . . . . . . . . . 76

Considerations for using online Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77Browser version required for viewing PATROL Console for UNIX Help . . . . . . 78Additional considerations for using online Help for UNIX . . . . . . . . . . . . . . . . . . 78

Uninstalling PATROL for Windows Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80Determining the version of the installation utility . . . . . . . . . . . . . . . . . . . . . . . . . . 80Uninstalling PATROL for Windows Servers on Windows . . . . . . . . . . . . . . . . . . . 81

Where to go from here . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

Chapter 3 Loading and configuring PATROL for Microsoft Windows Servers 87

Preparing to use PATROL for Windows Servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89Loading and preloading KMs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90Loading the PATROL for Microsoft Windows Servers KMs . . . . . . . . . . . . . . . . . 91Preloading KMs on the PATROL Agent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94Requirements for configuring from the PATROL Console . . . . . . . . . . . . . . . . . . . 97

Configuring the PATROL KM for Microsoft Windows OS . . . . . . . . . . . . . . . . . . . . . 101Enabling and disabling system monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102Configuring Windows events monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103


Configuring service monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114Configuring process monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117Creating custom parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124Viewing event logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125Configuring Blue Screen monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126Notifying when disks are not present . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126Providing nonaggregate values for a drive instance . . . . . . . . . . . . . . . . . . . . . . . 127

Configuring recovery actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128About recovery actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128Built-in native recovery actions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129Configuring built-in native recovery actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130

Configuring e-mail notification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132Using notification scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133Defining notification servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136Assigning notification servers for the remote agents. . . . . . . . . . . . . . . . . . . . . . . 138Assigning notification targets for a PATROL alert. . . . . . . . . . . . . . . . . . . . . . . . . 140

Configuring the PATROL KM for Microsoft Active Directory . . . . . . . . . . . . . . . . . . 141Configuring PATROL Wizard for Microsoft Performance Monitor and WMI . . . . 142

Loading the PATROL Wizard for Microsoft Performance Monitor and WMI . 142Creating performance monitor parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143Setting alarm thresholds. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144Creating WMI parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144

Configuring the PATROL KM for Log Management . . . . . . . . . . . . . . . . . . . . . . . . . . 147Stop and start monitoring all default log files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149Stop monitoring a log file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149Start monitoring a log file. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150Change the setup of a monitored file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156Filter log file messages (create a search string) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157Generate a custom event when a search string is identified . . . . . . . . . . . . . . . . . 160Configure recovery actions for a log file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164

Configuring the PATROL KM for Microsoft Cluster Server . . . . . . . . . . . . . . . . . . . . 165Using the PATROL Adapter for Microsoft Office to view reports . . . . . . . . . . . . . . . 166

Displaying PATROL data by using the PATROL Adapter for Microsoft Office 167How to use the PATROL Adapter for Microsoft Office . . . . . . . . . . . . . . . . . . . . 168Built-in report templates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168

Removing KMs from your console and agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170Unloading KMs from a PATROL console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171Stopping preloaded KMs from running on the PATROL Agent . . . . . . . . . . . . . 173

Chapter 4 Using the PATROL Cluster Configuration Wizard 175

Using the PATROL Cluster Configuration Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . 176Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176Preparing to use the PCC Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177Access requirements for running the PCC Wizard . . . . . . . . . . . . . . . . . . . . . . . . 177Starting the PCC Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177How to use the PCC Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178

Post-PCC configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183Manually configuring the PATROL Agent for clustering . . . . . . . . . . . . . . . . . . . . . . 183

Install the application on each cluster node . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183

Contents 7

Install the PATROL Agent on each cluster node. . . . . . . . . . . . . . . . . . . . . . . . . . . 184Assign a unique port number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184Distribute license file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184Define the PATROL cluster-specific environment variables. . . . . . . . . . . . . . . . . 184Create and register a new service for the PATROL Agent . . . . . . . . . . . . . . . . . . 185Define the PATROL Agent as a member of the group. . . . . . . . . . . . . . . . . . . . . . 186

PATROL cluster-specific environment variables for history and configuration . . . 189Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189Operation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191

Unattended configuration of Cluster Configuration Wizard . . . . . . . . . . . . . . . . . . . 191

Chapter 5 Monitoring remote hosts 193

Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193Prerequisites for remote monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195Configuring PATROL KM for Windows for remote monitoring . . . . . . . . . . . . . . . . 195Application classes to configure remote monitoring . . . . . . . . . . . . . . . . . . . . . . . . . 196Supported application classes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196Object hierarchy for remote monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196Parameters for remote monitoring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197Supported tasks for remote monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198

Chapter 6 Troubleshooting PATROL for Microsoft Windows Servers 199

PATROL KM for Microsoft Windows OS problems . . . . . . . . . . . . . . . . . . . . . . . . . . . 200Process or job object data not displayed. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200PATROL Generates Event 560 and 562 in the Windows security event log . . . . 201Event filter parameters not automatically acknowledged . . . . . . . . . . . . . . . . . . . 201Newly installed protocols are not discovered . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201Event log summary instance cannot be removed . . . . . . . . . . . . . . . . . . . . . . . . . . 202Windows event log does not work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202Multiple processes are selected when you select a single process . . . . . . . . . . . . 203PATROL Agent has DiscoveryStatus parameter in alarm. . . . . . . . . . . . . . . . . . . 203Mount point monitoring and logical disk quotas does not work . . . . . . . . . . . . . 203

PATROL KM for Event Management problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204Too many e-mail alerts are being generated . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204Parameters settings lost after agent restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205PATROL KM for Event Management not working as expected. . . . . . . . . . . . . . 206AS_AVAILABILITY application not displayed. . . . . . . . . . . . . . . . . . . . . . . . . . . . 206

Problems with all other KMs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207Cannot add performance monitor counters with alarm ranges less than 1 . . . . 207AdPerfCollector parameter display error message. . . . . . . . . . . . . . . . . . . . . . . . . 208

Recovery action problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209Recovery actions do not execute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209Even though I select “Do not ask me again” PATROL prompts before running

recovery action. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209Gathering diagnostic information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210

Locations where you can find diagnostic information. . . . . . . . . . . . . . . . . . . . . . 210


Installation logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210Determining PATROL KM version number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211

Appendix A Accessing menu commands, InfoBoxes, and online Help 213

Accessing KM commands and InfoBoxes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214Accessing online Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215

Appendix B Agent configuration variables and rulesets 217

Managing configuration variables. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218PATROL for Windows Servers configuration variables . . . . . . . . . . . . . . . . . . . . . . . 218

PATROL KM for Microsoft Windows OS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218PATROL KM for Microsoft Windows Domain Services . . . . . . . . . . . . . . . . . . . . 241PATROL KM for Microsoft Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244PATROL KM for Microsoft Cluster Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248PATROL KM for Microsoft Windows Message Queue. . . . . . . . . . . . . . . . . . . . . 253PATROL KM for Microsoft COM+. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254PATROL Wizard for Microsoft Performance Monitor and WMI. . . . . . . . . . . . . 255PATROL for Microsoft Windows Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256

PATROL for Microsoft Windows Servers rulesets . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257PATROL KM for Event Management required . . . . . . . . . . . . . . . . . . . . . . . . . . . 257Using PATROL Configuration Manager to apply rulesets . . . . . . . . . . . . . . . . . . 257Server roles with predefined rulesets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258Ruleset reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260

Using PATROL Configuration Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269Using PCM to apply configurations changes to other agents. . . . . . . . . . . . . . . . 269Manually creating or changing configuration variables . . . . . . . . . . . . . . . . . . . . 270

Appendix C PATROL for Windows .kml files 281

PATROL for Microsoft Windows Servers .kml files . . . . . . . . . . . . . . . . . . . . . . . . . . . 282PATROL KM for Microsoft Windows OS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282PATROL KM for Microsoft Windows Active Directory . . . . . . . . . . . . . . . . . . . . 285PATROL KM for Microsoft Windows Active Directory Remote Monitoring . . 286PATROL KM for Microsoft Windows Domain Services . . . . . . . . . . . . . . . . . . . . 286PATROL KM for Microsoft Cluster Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287PATROL KM for Microsoft COM+. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287PATROL KM for Microsoft Message Queue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288PATROL Wizard for Microsoft Performance Monitor and WMI. . . . . . . . . . . . . 288PATROL KM for Log Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289PATROL History Loader KM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289PATROL KM for Event Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289PATROL for Microsoft Windows Servers rulesets. . . . . . . . . . . . . . . . . . . . . . . . . 290

Index 295

Contents 9

FiguresUpgrading overview for PATROL for Windows Servers . . . . . . . . . . . . . . . . . . . . . . . 67PATROL KM for Microsoft Cluster Server with external CLA configuration . . . . . . 75PATROL KM for Microsoft Cluster Server with internal CLA configuration . . . . . . 75Collection architecture for remote monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194Object hierarchy for remote monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197Shipped rulesets in PATROL Configuration Manager . . . . . . . . . . . . . . . . . . . . . . . . 260Using the child_list and variable_list variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272

Figures 11

TablesMonitored events - DNS name registration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26Core Active Directory service monitored events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26File replication service/group policy monitored events . . . . . . . . . . . . . . . . . . . . . . . . 27Time synchronization service monitored events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Kerberos monitored events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Netlogon monitored events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28PATROL for Microsoft Windows Servers Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35System requirements for installing and using PATROL for Windows Servers . . . . 39Advanced user rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44Removing rights and admin group membership from the PATROL Agent . . . . . . . 45Versions that you can migrate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64Choosing an upgrade procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65Default values for PATROL location variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65KM file naming patterns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71Monitoring configuration options for PATROL KM for Microsoft Cluster Server . . 74PATROL for Microsoft Windows Servers .kml files . . . . . . . . . . . . . . . . . . . . . . . . . . 90Console functionality that requires local admin rights . . . . . . . . . . . . . . . . . . . . . . . . . 97PATROL KM for Microsoft Windows OS configuration tasks . . . . . . . . . . . . . . . . . 101Enabling and disabling system monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102Event filter events:example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105Event filter options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106Default service monitoring flags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114Service monitoring options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115Configuration variable and service restart: combinations . . . . . . . . . . . . . . . . . . . . . 116Process monitoring options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117Regular expression syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117Process control options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122Event details displayed in the Windows Event Viewer dialog box . . . . . . . . . . . . . 126Built-in recovery actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129Selecting a recovery action instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131Recovery action configuration options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131Notification script location on Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134Requirements for notification server when using Windows e-mail clients . . . . . . . 134Quick Config - Notification Server dialog box properties . . . . . . . . . . . . . . . . . . . . . 138Notification server properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139PATROL Wizard for Microsoft Performance Monitor and WMI Tasks . . . . . . . . . 142Reports for PATROL KM for Microsoft Windows OS . . . . . . . . . . . . . . . . . . . . . . . . 168Reports for PATROL KM for Microsoft Windows Domain Services . . . . . . . . . . . . 169Reports for PATROL KM for Microsoft Message Queue . . . . . . . . . . . . . . . . . . . . . . 170Reports for PATROL for Microsoft COM+ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170

Tables 13

Information required by PCC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178Cluster administration properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186PATROL cluster-specific environment variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189Operation of configuration and history environment variables . . . . . . . . . . . . . . . . . 190Parameters for remote monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197Accessing KM Commands and InfoBoxes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214Accessing online Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215PATROL KM for Microsoft Windows OS variables . . . . . . . . . . . . . . . . . . . . . . . . . . . 219PATROL KM for Windows Domain Services variables . . . . . . . . . . . . . . . . . . . . . . . 241PATROL KM for Microsoft Active Directory variables . . . . . . . . . . . . . . . . . . . . . . . . 244PATROL KM for Microsoft Cluster Server variables . . . . . . . . . . . . . . . . . . . . . . . . . . 248 PATROL KM for Windows Message Queue variables . . . . . . . . . . . . . . . . . . . . . . . . 253 PATROL KM for Windows COM+ variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254 PATROL Wizard for Performance Monitor and WMI variables . . . . . . . . . . . . . . . . 255 PATROL for Microsoft Windows Servers variables . . . . . . . . . . . . . . . . . . . . . . . . . . 256Server roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258Configuration variable locations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260Application server ruleset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261Terminal server ruleset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262Remote access / VPN server ruleset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263Print server ruleset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263Domain controller ruleset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263File server ruleset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264Mail server ruleset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264DNS server ruleset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265WINS server ruleset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265DHCP server ruleset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266Streaming media server ruleset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266SMS primary site ruleset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267SMS site ruleset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268Special characters required for pconfig variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271Example: adding a service to monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273Example: adding a process to monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274Example: adding an event filter to monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276Example: changing parameter thresholds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278Understanding the THRESHOLDS rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278Example: Inactivating or deactivating a parameter . . . . . . . . . . . . . . . . . . . . . . . . . . . 279PATROL KM for Microsoft Windows OS NT_LOAD.kml file . . . . . . . . . . . . . . . . . . 282PATROL KM for Microsoft Windows OS NT_BASE.kml file . . . . . . . . . . . . . . . . . . 284PATROL KM for Microsoft Windows OS NT_HYPER-V.kml file . . . . . . . . . . . . . . . 285PATROL KM for Microsoft Windows Active Directory .kml file . . . . . . . . . . . . . . . 285PATROL KM for Microsoft Windows Active Directory Remote Monitoring .kml file

286PATROL KM for Microsoft Windows Domain Services .kml file . . . . . . . . . . . . . . . 286PATROL KM for Microsoft Cluster Server .kml file . . . . . . . . . . . . . . . . . . . . . . . . . . 287PATROL KM for Microsoft COM+ .kml file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287PATROL KM for Microsoft Message Queue .kml file . . . . . . . . . . . . . . . . . . . . . . . . . 288PATROL Wizard for Microsoft Performance Monitor and WMI .kml file . . . . . . . . 288PATROL KM for Log Management .kml file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289


PATROL History Loader KM .kml file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289PATROL KM for Event Management .kml files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289PATROL for Windows Ruleset .kml files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290

Tables 15

C h a p t e r 1
1 Product components and capabilities
BMC PATROL for Microsoft Windows Servers Getting Started provides the necessary information and instructions for installing and configuring the PATROL for Microsoft Windows Servers product (also referred to as PATROL for Windows Servers). This chapter provides a brief overview of PATROL for Windows Servers and covers the following topics:

PATROL for Windows Servers features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Centralized event filtering and notification. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Ability to deploy configuration settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Built-in recovery actions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Predefined rulesets for common server types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19Virtualization with Hyper-V . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Product components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20PATROL KM for Microsoft Windows Operating System . . . . . . . . . . . . . . . . . . . . 21PATROL KM for Microsoft Windows Active Directory . . . . . . . . . . . . . . . . . . . . . 22PATROL KM for Microsoft Windows Active Directory Remote Monitoring . . . 28PATROL KM for Microsoft Windows Domain Services . . . . . . . . . . . . . . . . . . . . . 30PATROL KM for Microsoft Cluster Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30PATROL Cluster Configuration Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31PATROL KM for Microsoft Message Queue (MSMQ). . . . . . . . . . . . . . . . . . . . . . . 31PATROL KM for Microsoft COM+. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31PATROL KM for Log Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32PATROL KM for Event Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33PATROL Wizard for Microsoft Performance Monitor and WMI. . . . . . . . . . . . . . 34PATROL History Loader KM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34PATROL Adapter for Microsoft Office . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34PATROL Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35Related documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35Where to go from here. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Chapter 1 Product components and capabilities 17

PATROL for Windows Servers features

PATROL for Windows Servers featuresThe PATROL for Windows Servers product allows you to monitor and manage Microsoft Windows servers. The versions of Microsoft Windows servers that are monitored depend upon the version of the PATROL for Microsoft Windows Servers that you are using. For a complete list of supported platforms and versions, see the PATROL for Microsoft Windows Servers Release Notes.

Centralized event filtering and notification

With PATROL, you can centralize and correlate events. This ability enables you to use paging and e-mail to bring issues to the experts' attention for quick resolution. For more information, see “Configuring e-mail notification” on page 132.

Ability to deploy configuration settings

PATROL for Microsoft Windows Servers supports the PATROL Configuration Manager, which allows you to configure and deploy KM configuration settings to other servers in your environment. To support the PATROL Configuration Manager, all PATROL for Microsoft Windows Servers configuration settings are stored as agent configuration variables. For a complete list of the agent configuration variables for PATROL for Microsoft Windows Servers, see Appendix B, “Managing configuration variables.”

Built-in recovery actions

PATROL for Microsoft Windows Servers provides the following automated, built-in recovery actions. Recovery actions are corrective actions taken by PATROL when a parameter reaches a set value. You can configure these recovery actions to run automatically or only with operator intervention.

■ terminating a run-away process■ clearing the temp directory■ backing-up and clearing event logs■ restarting processes■ restarting failed services■ increasing available DFS connections when utilization is high■ increasing share connections when utilization is high■ initiating WINS scavenging when replication fails


PATROL for Windows Servers features

■ restarting the Windows Management Instrumentation (WINMGMT.exe) service to ensure that WMI data is available

■ restarting a PATROL Agent on a remote server

For more information about specific recovery actions, see the online Help, which you can access from the PATROL console, or see “Configuring recovery actions” on page 128.

Predefined rulesets for common server types

PATROL for Microsoft Windows Servers provides rulesets that provide appropriate monitoring setups for common server types, such as a file server or an application server. Using the PATROL Configuration Manager, you can automatically configure the server monitoring by applying these provided rulesets to the appropriate server. If necessary, you can then adjust your configuration and save it in the ruleset, which you can then apply to other servers. For more information about the rulesets and using the PATROL Configuration Manager to manage your configuration, see “Using PATROL Configuration Manager to apply rulesets” on page 257.

Virtualization with Hyper-V

Microsoft Windows provides virtualization called Hyper-V. PATROL KM for Microsoft Windows allows you to monitor and gather information about of Hyper-V entities by using the application classes and their parameters. The new hypervisor platform works with Windows Server 2008 to create and manage a virtual infrastructure.

Hyper-V consists of a 64-bit hypervisor that can run 32-bit and 64-bit virtual machines concurrently. Hyper-V virtualization works with single and multi-processor virtual machines and includes tools such as snapshots, which capture the state of a running virtual machine.

The KM allows you to monitor the following Hyper-V entities:

Hypervisor

The product reports information about the number of monitored notifications registered with a hypervisor, the bootstrap and deposited pages, and the partitions, virtual processors, logical processors, and the running partitions present.


Product components

Logical processors of the system

The product reports information about the rate of the virtual processor context switches on a logical processor, the rate of hardware and hypervisor interrupts on a processor, and the percentage of time that a processor spends in the guest and hypervisor codes.

Partitions of the system

The product reports information about the partitions present in the system, and the summary and state of all the partitions. It reports the number of virtual processors associated with a partition, the total memory allocated to a partition, the qualified domain name, the operating system and its version, the service pack, and so on. It also displays the process ID of the worker process corresponding to the partitions, and the uptime of the partition.

Virtual processors of the partition

The product reports information about the virtual processors such as the resources available to a partition and the number of partitions that you can run at a time. It displays the allocation of resources by the hypervisor to a partition when partitions compete for resources. It reports the rate of hypervisor intercept messages. It also reports the percentage of time that a processor spends in the guest and hypervisor codes.

Virtual hard disks of a partition

The product reports information about virtual hard disks of a partition such as their type, size on the physical disk, maximum size as viewable by the partition, and the percentage of use of the types of virtual hard disks.

Product componentsThe PATROL for Windows Servers product includes components and Knowledge Modules (KMs) that manage and monitor elements of your server environment. A KM is a set of instructions that the PATROL Agent uses to monitor objects in your enterprise. PATROL for Windows Servers includes the following components and KMs, which are described in the sections that follow.

NOTE To discover Hyper-V partitions and the data for each partition, the BMC PATROL Agent default user must be added to the local administrator group.


Product components

■ PATROL KM for Microsoft Windows Operating System ■ PATROL KM for Microsoft Windows Active Directory■ PATROL KM for Microsoft Windows Active Directory Remote Monitoring■ PATROL KM for Microsoft Windows Domain Services■ PATROL Cluster Configuration Wizard■ PATROL KM for Microsoft Cluster Server■ PATROL KM for Microsoft COM+■ PATROL KM for Microsoft Message Queue■ PATROL KM for Event Management■ PATROL KM for Log Management■ PATROL Wizard for Microsoft Performance Monitor and WMI■ PATROL Adapter for Microsoft Office■ PATROL Agent■ PATROL History Loader KM

PATROL KM for Microsoft Windows Operating System

The PATROL KM for Microsoft Windows OS monitors the availability of your servers, which includes the following elements:■ disk space■ disk drive usage■ disk quotas and mount points■ cache■ CPU usage■ memory usage■ Windows event logs■ Windows services■ Window processes■ printer status■ registry values■ network usage■ hypervisor■ logical processors■ partitions■ virtual processors■ virtual hard disks

With the PATROL KM for Microsoft Windows OS you can also perform the following functions:


Product components

■ monitor and manage services■ monitor system Stop errors and manage dump files■ create custom composite parameters that are based on existing parameters

For information about configuring these features, see “Configuring the PATROL KM for Microsoft Windows OS” on page 101.

PATROL KM for Microsoft Windows Active Directory

The PATROL Knowledge Module for Microsoft Windows Active Directory lets you monitor and analyze your Microsoft Windows Active Directory environments. Whether you choose to monitor and analyze one environment or many, PATROL KM for Microsoft Windows Active Directory helps you

■ detect and notify if Microsoft Windows Active Directory generates errors or performs slowly

■ monitor performance of system resources■ plan for capacity and availability■ monitor all domain controllers within a site■ monitor all domain controllers between sites■ anticipate and eliminate problems before they become apparent to users of the

monitored Active Directory environments

For a brief description of product features, see the sections that follow. For more detailed information about how to use the product and complete descriptions of the application classes and parameters, see the product online Help.

Managed systems

PATROL KM for Microsoft Windows Active Directory monitors the performance of managed systems in a Microsoft Windows Active Directory environment. A PATROL KM for Microsoft Windows Active Directory managed system is a Windows domain controller onto which PATROL for Windows Servers has been installed.

A managed system provides a view of its Microsoft Windows Active Directory environment. Each managed system is responsible for monitoring Microsoft Windows Active Directory’s key indicators that are required to ensure and maintain the consistency of the Directory data and the desired level of service throughout the Microsoft Windows Active Directory forest.


Product components

Replication monitoring

PATROL KM for Microsoft Windows Active Directory monitors the Microsoft Windows Active Directory replication for errors and latency (to verify that replication occurs within a reasonable time), both within a site (intrasite) and between sites (intersite) in the configuration naming context and/or the domain context of the current domain controller.

Directory replication is monitored at each managed system (domain controller). This functionality includes monitoring basic replication by creating synthetic transactions and verifying the replication of those transactions.

Intrasite replication monitoring

PATROL KM for Microsoft Windows Active Directory monitors the replication status of the domain controller upon which it is installed. It determines whether updates from each domain controller within the site have been replicated successfully and in a timely manner.

Intersite replication monitoring

Intersite replication monitoring verifies that Microsoft Windows Active Directory updates are successfully distributed between sites. Each bridgehead server in a site is checked to determine if Microsoft Windows Active Directory updates from other sites have been successfully replicated to the bridgehead server. The intersite replication interval is automatically determined at each collection; it requires no configuration. However, if desired, you can override the automatic replication interval determination, on a site-by-site basis, by configuring the configuration database (pconfig) variable, /ActiveDirectory/Configuration/<site>/IntersiteReplicationSchedule. See the online Help for more information.

Replication collisions monitoring

PATROL KM for Microsoft Windows Active Directory enables users to configure the Active Directory object types that should be monitored for replication collisions. The AD_AD_CNF application class monitors replication collisions that occur during replication when an object with the same Relative Distinguished name is created in the same container on two or more different domain controllers.

Replication health monitoring

PATROL KM for Microsoft Windows Active Directory monitors the performance of Active Directory replication for the local server. The AD_AD_REPLICATION application class monitors this activity.


Product components

FSMO monitoring

PATROL KM for Microsoft Windows Active Directory monitors the availability of the forest-wide and domain-wide flexible single master operations (FSMO) roles.

FSMO role connectivity monitoring

PATROL KM for Microsoft Windows Active Directory monitors the connectivity status of each of the five FSMO role holders from a domain controller. The AD_AD_FSMO_ROLE_CONNECTIVITY application class monitors the domain controllers ability to locate and establish an LDAP connection with the FSMO role holder.

FSMO role placement monitoring

PATROL KM for Microsoft Windows Active Directory monitors the placement of Active Directory FSMO roles in the domain and forest. The AD_AD_FSMO_ROLE_PLACEMENT application class monitors the placement of these roles.

LDAP monitoring

PATROL KM for Microsoft Windows Active Directory monitors Lightweight Directory Access Protocol (LDAP) locally at each monitored system for connection availability and response time. The AD_AD_LDAP application class monitors the performance of these LDAP requests.

SAM monitoring

PATROL KM for Microsoft Windows Active Directory monitors the Security Account Manager (SAM). SAM provides legacy NT authentication support. The AD_AD_SAM application class monitors these security requests.

Address book monitoring

PATROL KM for Microsoft Windows Active Directory monitors the performance of Address Book requests made against the Microsoft Windows Active Directory server. The AD_AD_ADDRESS_BOOK application class monitors these requests.

Authentication monitoring

PATROL KM for Microsoft Windows Active Directory monitors Kerberos and NTLM authentication requests made against the Microsoft Windows Active Directory server. The AD_AD_AUTHENTICATION application class monitors these requests.


Product components

Domain Naming Service monitoring

PATROL KM for Microsoft Windows Active Directory verifies and monitors various DNS record data for the Microsoft Windows Active Directory server. The AD_AD_DNS application class monitors the DNS specific information.

File Replication Service monitoring

PATROL KM for Microsoft Windows Active Directory monitors various aspects of file replication service health. The AD_AD_FRS application class monitors the FRS specific information.

Group policy monitoring

PATROL KM for Microsoft Windows Active Directory detects when a user account in one or more Group Policy Objects (GPO) cannot be resolved to a security identifier (SID). The AD_AD_GPO application class reports this condition.

Lost and found objects monitoring

PATROL KM for Microsoft Windows Active Directory monitors for the presence of objects in the LostAndFound container in the domain naming context of the domain controller. The AD_AD_LOST_AND_FOUND_OBJECTS application class monitors for lost and found objects.

Event monitoring

To measure the overall health of the domain controllers, PATROL KM for Microsoft Windows Active Directory configures the PATROL KM for Microsoft Windows OS to monitor various events pertaining to

■ DNS name registration ■ Core Active Directory service■ File replication service and group policy■ Time synchronization service■ Kerberos■ Netlogon

Events monitored by parameters

Some parameters now monitor specific Active Directory events. See the Help for the PATROL KM for Window Active Directory for information about these parameters.


Product components

Events monitored for specific areas of failure

The following tables contain event information that is classified by specific areas of failure.

DNS name registration

To identify failures with the DNS name registration, PATROL KM for Windows Active Directory configures PATROL KM for Microsoft Windows OS to obtain event information, as shown in Table 1.

Core Active Directory service

To identify failures with the core Active Directory service, PATROL KM for Microsoft Windows Active Directory configures PATROL KM for Microsoft Windows OS to obtain event information, as shown in Table 2.

File replication service and group policy

To identify failures with the file replication service and group policy, PATROL KM for Microsoft Windows Active Directory configures PATROL KM for Microsoft Windows OS to obtain event information, as shown in Table 3.

Table 1 Monitored events - DNS name registration

Event Log Source Event Significance

System DNSAPI 11154, 11166 domain controller does not have rights to perform a secure dynamic update.

System DNSAPI 11150, 11162 DNS server timed out

System DNSAPI 11152, 11153, 11164, 11165

Zone or currently-connected DNS server does not support dynamic update.

System DNSAPI 11151,11155, 11163, 11167

A resource record for the domain controller is not registered in DNS.

System NETLOGON 5773 DNS locator record is not registered because the primary DNS server does not support dynamic update.

System NETLOGON 5774 A DNS domain controller locator record is not registered.

Table 2 Core Active Directory service monitored events


Directory Service

all sources Severity = error

primary error events for Active Directory

System LSASS Severity = error

Local security authority is the core security subsystem for Active Directory.


Product components

Time synchronization service

To identify events that may indicate problems maintaining uniform time in the Active Directory forest, PATROL KM for Microsoft Windows Active Directory monitors the events shown in Table 4.

Kerberos

To identify events that many indicate problems with Kerberos, the default authentication protocol, PATROL KM for Microsoft Windows Active Directory monitors the event shown in Table 5

Net Logon

To identify events that may indicate problems with Net Logon service and protocol, which is required for proper domain controller functionality, PATROL KM for Microsoft Windows Active Directory monitors the events shown in Table 6 on page 28.

Table 3 File replication service/group policy monitored events

Event log Source Event Significance

FRS all sources Severity = error

synchronizes policy between all domain controllers in the forest

Application USERENV Severity = error

User = System

applies group policy and profiles on domain controllers

Application SCECLI Severity = error

Security Configuration Engine error messages

Table 4 Time synchronization service monitored events


System W32TIME Severity = error

Severity = warning

problem maintaining uniform time throughout the Microsoft Windows Active Directory forest

Table 5 Kerberos monitored events


System KDC Severity = error

critical Kerberos Distribution Center service error messages


Product components

PATROL KM for Microsoft Windows Active Directory Remote Monitoring

The PATROL Knowledge Module (KM) for Microsoft Windows Active Directory Remote Monitoring product provides remote enterprise monitoring of Active Directory objects. The Active Directory is the core feature of distributed systems in Microsoft Windows Servers.

The primary focus of PATROL KM for Microsoft Windows AD Remote Monitoring is to monitor remote sites, domain controllers in those sites, and FSMO roles from member servers of a domain in the network.

For a brief description of product features, see the sections that follow. For more detailed information about how to use the product and complete descriptions of the application classes and parameters, see the product online Help.

FSMO monitoring

PATROL KM for Microsoft Windows AD Remote Monitoring monitors both the forest-wide and domain-wide Flexible Single Master Operation (FSMO) roles.

Active Directory supports multi-master replication of the directory data between all domain controllers in the domain. This model takes domain configuration changes made at any domain controller in the domain and automatically propagates those changes to each of the domain controllers in the domain.

However some changes do not lend themselves to a multi-master environment. One domain controller, the operations master, accepts requests for such changes. The operations master roles can be moved between domain controllers within the domain and are referred to as Flexible Single Master Operation (FSMO) roles. In any Active Directory forest, there are five FSMO roles that are assigned to one or more domain controller. Some FSMO roles must appear in every forest, while other roles must appear in every domain within the forest.

The following operations master roles must appear in every forest:

■ schema master■ domain naming master

Table 6 Netlogon monitored events


System NETLOGON Severity = error 5705, 5723

critical NETLOGON service errors


Product components

The following operations master roles must appear in every domain:

■ relative ID master■ infrastructure master■ primary domain controller (PDC) emulator

LDAP monitoring

Lightweight Directory Access Protocol (LDAP) is monitored locally at the managed node. LDAP response time is measured as the amount of time required to establish an LDAP connection to a domain controller. Longer connect times may indicate a heavily loaded domain controller. To eliminate network latency, response time for performing an LDAP bind operation is measured on the domain controller being tested.

DNS name registration

This product monitors the Domain Name System (DNS) for the following records:

■ A DNS address record (A record) that matches the IP address of the domain controller and is registered with the DNS server.

■ A DNS LDAP service location (SRV) record that matches the host name of the domain controller and is registered with the DNS server.

To obtain information about this record, the KM sends the following query to the default DNS server: _ldap._tcp.dc._msdcs.fullyQualifiedDomainName.

■ A global catalog LDAP SRV record that matches the host name of the global catalog for the domain controller and is registered with the domain controller.

To obtain information about this record, the KM sends the following query to the default DNS server: _ldap._tcp.dc._msdcs.fullyQualifiedForestRootDomainName.

Sites and domain controller

This product monitors sites and domain controllers from a member server machine of the domain in which it resides. It monitors all the sites of the domain or any specific site in the global catalog for the site. It also monitors values of site domain controllers. The domain controller monitoring checks the connectivity and the response time to the server using LDAP bind.

NOTE Domain controllers and the client must be able to locate and establish an LDAP connection with the FSMO role holders.


Product components

PATROL KM for Microsoft Windows Domain Services

The PATROL KM for Microsoft Windows Domain Services monitors the availability of the following Microsoft Windows domain controller resources:

■ domain controllers ■ member servers

PATROL KM for Microsoft Windows Domain Services monitors:

■ Distributed File System (DFS)■ Dynamic Host Configuration Protocol (DHCP) service availability and lease usage■ Domain Name Service (DNS) ■ remote server connectivity■ replicated directories ■ shared directories ■ trust relationships■ Windows Internet Naming Service (WINS)

For instructions on how to monitor these features, see the PATROL KM for Microsoft Windows Domain Services online Help system.

PATROL KM for Microsoft Cluster Server

The PATROL KM for Microsoft Cluster Server component monitors, analyzes, and manages activities of a Microsoft server cluster. The PATROL KM for Microsoft Cluster Server allows you to obtain the current status of all essential cluster objects and perform cluster operations using a cluster-level agent that is installed on a server that is outside of the cluster or on a node that is inside of the cluster. Using the PATROL KM for Microsoft Cluster Server, you can monitor the following cluster features:

■ all clusters in a domain (only available when the agent is outside of the cluster)■ individual clusters■ cluster communication networks■ cluster network interfaces■ cluster nodes■ cluster objects and resources■ cluster groups■ workload data■ group resources■ quorum device


Product components

For more information about specific functionality that supports these features see the PATROL KM for Microsoft Cluster Server online Help.

PATROL Cluster Configuration Wizard

The PATROL Cluster Configuration Wizard provides an easy-to-use interface with which you can configure the PATROL Agent for failover in a Microsoft Cluster Server environment. While guiding you through the process, the wizard collects the required configuration data and updates the system environment to integrate the PATROL Agent into the cluster.

Configuring the PATROL Agent for failover support allows you to record history data for a clustered application in the same history database. This feature prevents you from having to reconcile the two different history files that are normally created when an application is failed-over from one node to another. For more information, see “How to use the PCC Wizard” on page 178.

PATROL KM for Microsoft Message Queue (MSMQ)

The PATROL KM for Microsoft Message Queue monitors message activity and status, which includes monitoring of

■ MSMQ service■ MSMQ queues■ MSMQ messages■ MSMQ roundtrip message time

For instructions on how to monitor these features, see the PATROL KM for Microsoft Message Queue KM online Help system.

PATROL KM for Microsoft COM+

The PATROL KM for Microsoft COM+ provides functionality to monitor Microsoft COM+ (COM+) on a Windows Server.

The PATROL KM for Microsoft COM+ product monitors and manages the following functions for Windows servers:

■ monitors the COM+ run-time environment■ monitors the status of COM+ applications


Product components

■ manages the MS DTC service by providing the ability to start or stop the service■ monitors Windows COM+ log events■ monitors Windows log events related to the Microsoft Distributed Transaction

Coordinator (MS DTC) service and monitors the MSDTC service status

For instructions on how to use these features, see the PATROL KM for Microsoft COM+ KM online Help system.

PATROL KM for Log Management

The PATROL KM for Log Management monitors text, script, named pipe, and binary files in your environment. The KM provides the following monitoring features:

■ automatically monitors key log files ■ monitors files that do not currently exist on the system■ monitors log files with dynamic names using wild card characters ■ monitors the size of log files■ monitors the growth rate of log files■ monitors the content of log files■ monitors the state of log files■ monitors the age of the log files■ monitors log files using numeric comparisons

The PATROL KM for Log Management also provides the following management features:

■ triggers alerts when a log file exceeds a specified size

■ triggers alerts when a text string or regular expression is discovered within a log file

■ creates automated recovery actions when a log file exceeds an acceptable size or growth rate

■ configures log searches to

— ignore subsequent alerts for a specified number of polling cycles if the search finds a matching string or regular expression in a log file

— override an ignored alert if the search finds a matching string or regular expression more than n times before the ignore setting is completed

— specify the number of log scan cycles after which a WARN or ALARM state is automatically changed to OK


Product components

■ creates robust searches by using NOT and AND statements with the text strings or regular expressions in the log search

■ alerts for log file age

■ sets multiple schedules for multiple polling cycles per log file

■ disables/enables default log monitoring

You can set up the following predefined recovery actions to execute when monitored log files exceed a specified size or growth rate.

■ clear and back up log files ■ delete files■ run in attended and unattended modes

To get started with the PATROL KM for Log Management, see “Configuring the PATROL KM for Log Management” on page 147. For detailed instructions, see the BMC PATROL KM for Log Management User Guide and the PATROL KM for Log Management online Help system.

PATROL KM for Event Management

PATROL for Windows Servers provides event notification and centralized alert management features. With the PATROL KM for Event Management, you can perform the following tasks:

■ configure notification (email, paging, trouble-ticket, or custom) for PATROL alerts■ configure PATROL to send notifications to an enterprise console■ configure recovery actions for alarm, warning, and information events■ reword notification messages and customize message content■ specify the maximum number of events displayed in the console■ use wildcards to represent instance names when setting up parameters■ configure PATROL to monitor the availability of hosts■ manage PATROL parameter thresholds and polling schedules■ configure blackout periods for notification and for availability monitoring■ integrate with the AlarmPoint notification software using provided scripts■ integrate with any command line email client, paging solution, compiled

executable, or script. Sample scripts are provided.

To get started with the PATROL KM for Event Management, see “Configuring e-mail notification” on page 132. For more detailed instructions and reference information, see the PATROL KM for Event Management User Guide.


Product components

PATROL Wizard for Microsoft Performance Monitor and WMI

The PATROL Wizard for Microsoft Performance Monitor and WMI is a powerful but easy-to-use tool that allows you to create new, user-defined PATROL parameters based on Microsoft's Performance Monitor counters or Windows Management Instrumentation (WMI) data. You can also set alarm and warning thresholds for each parameter you create.

This functionality allows you to monitor performance counters and WMI data that are not typically monitored by PATROL. For more information, see “Configuring PATROL Wizard for Microsoft Performance Monitor and WMI” on page 142, or the PATROL Wizard for Microsoft Performance Monitor and WMI online Help.

PATROL History Loader KM

The PATROL History Loader KM extracts PATROL KM parameter history and loads it into your relational database management system (RDBMS). Once PATROL history data is stored in an RDBMS, you can perform complex analysis and statistical planning on all monitored activity. For more information, see the PATROL History Loader Knowledge Module User Guide.

PATROL Adapter for Microsoft Office

The PATROL Adapter for Microsoft Office component allows you to connect to a PATROL Agent and gather information without a PATROL Console.

With the PATROL Adapter for Microsoft Office, you can evaluate PATROL data by using Microsoft Excel. The PATROL Adapter for Microsoft Office collects data from PATROL parameters on local or remote hosts and displays the data as a Microsoft Excel chart or graph. You also can create HTML output for Web display.

For more information, see the PATROL Adapter for Microsoft Office User Guide. For a list of PATROL Adapter for Microsoft Office reports, see “Displaying PATROL data by using the PATROL Adapter for Microsoft Office” on page 167.

PATROL Agent

PATROL for Windows Servers includes the PATROL Agent. The PATROL Agent monitors a system according to the instructions provided by loaded PATROL KMs. You can display the information gathered by the PATROL Agent on the PATROL Console. For more information, see the PATROL Agent Reference Manual.


Services

ServicesThe PATROL for Microsoft Windows Servers product uses the following services:

Related documentationFor additional information about PATROL for Windows Servers, see the online Help for the component of interest and refer to the PATROL for Microsoft Windows Servers release notes. For information about the PATROL for Windows Servers parameters, see the product Help or the PATROL Parameter Reference Manual. For additional information about PATROL, see the following documentation:

■ Help for your PATROL Console■ PATROL Fundamentals Help

To view the complete PATROL documentation library, visit the support page on the BMC Software Web site at http://www.bmc.com/support. Log on and select a product to access the related documentation.

To log on if you are a first-time user and have purchased a product, you can request a permanent user name and password by registering at the Customer Support page. To log on if you are a first-time user and have not purchased a product, you can request a temporary user name and password from your BMC Software sales representative.

Where to go from hereThe following table suggests topics that you should read next:

Table 7 PATROL for Microsoft Windows Servers Services

Service Component or KM Installed and Runs by Default?

PATROL Agent PATROL Agent yes

The PATROL MCS Monitor Service


no

If you want information about... See...

how to install the PATROL for Windows Servers product

Chapter 2, “Installing and migrating PATROL for Windows Servers”

how to load and configure the components using a PATROL console

Chapter 3, “Loading and configuring PATROL for Microsoft Windows Servers”


http://www.bmc.com/support

Where to go from here

troubleshooting configuration problems Chapter 6, “Troubleshooting PATROL for Microsoft Windows Servers”

PATROL for Windows Servers agent configuration variables and predefined rulesets

Appendix B, “Agent configuration variables and rulesets”

KMs included in each PATROL for Windows Servers .KML file

Appendix C, “PATROL for Windows .kml files”

If you want information about... See...


C h a p t e r 2
2 Installing and migrating PATROL for Windows Servers
This chapter provides the information that you need to install PATROL for Windows Servers. For additional information about the PATROL installation process, see the PATROL Installation Reference Manual. The following topics are discussed in this chapter:

Installation overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38Verifying installation requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

System requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39Additional component-specific requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Preparing for installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49Turning off pop-up blocking software before installing . . . . . . . . . . . . . . . . . . . . . 49Unsupported platform option in the installation utility user interface. . . . . . . . . 50Extraneous target platform options available in the installation utility user

interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50Checking for product patches or fixes before installing . . . . . . . . . . . . . . . . . . . . . 50Determining how to install products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51Determining the version of the installation utility . . . . . . . . . . . . . . . . . . . . . . . . . . 51Determining where to install the PATROL Agent . . . . . . . . . . . . . . . . . . . . . . . . . . 51Installing the PATROL Agent over an existing installation . . . . . . . . . . . . . . . . . . 51Extracting installation files after download. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52Determining where to install KMs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

PATROL Security levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53Checking security levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54Assessing and implementing a different security level . . . . . . . . . . . . . . . . . . . . . . 54

Default and custom installation types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54First-time installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

Installing for the first time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55First-time installation using Distribution Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

Distribution Server features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60Importing a CD or customized installation package into Distribution Server. . . 61Installing with the Distribution Server (overview) . . . . . . . . . . . . . . . . . . . . . . . . . 62

Upgrading from an earlier version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63


Installation overview

Automatic migration of console and agent customizations . . . . . . . . . . . . . . . . . . 63Determining whether you can migrate KM customizations . . . . . . . . . . . . . . . . . . 64Conditions for upgrading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64Determining the location of PATROL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

PATROL for Windows Servers upgrade scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66Upgrading without saving KM customizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68Upgrading and preserving KM customizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68Preparing to upgrade. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69Migrating customizations with the PATROL Configuration Manager . . . . . . . . . 70Creating an installation package of the migrated and merged KM . . . . . . . . . . . . 70Moving files from the PATROL_CACHE directories. . . . . . . . . . . . . . . . . . . . . . . . 71Migrating customizations manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Installing PATROL KM for Microsoft Cluster Server . . . . . . . . . . . . . . . . . . . . . . . . . . . 73External cluster-level agent architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74Internal cluster-level agent architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75How to Install the PATROL KM for Microsoft Cluster Server . . . . . . . . . . . . . . . . 76

Considerations for using online Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77Browser version required for viewing PATROL Console for UNIX Help . . . . . . 78Additional considerations for using online Help for UNIX . . . . . . . . . . . . . . . . . . 78

Uninstalling PATROL for Windows Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80Determining the version of the installation utility . . . . . . . . . . . . . . . . . . . . . . . . . . 80Uninstalling PATROL for Windows Servers on Windows . . . . . . . . . . . . . . . . . . . 81

Where to go from here . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

Installation overviewThis chapter contains instructions for installing PATROL for Windows Servers. For additional installation instructions, see the following documents:

Component See

PATROL KM for Event Management PATROL KM for Event Management User Guide

PATROL KM for Log Management PATROL KM for Log Management User Guide

PATROL History Loader KM PATROL History Loader Knowledge Module User Guide

PATROL Perform Agent for Microsoft Windows Servers

Getting Started with PATROL for Microsoft Windows Servers Performance


Verifying installation requirements

Verifying installation requirementsBefore installing PATROL for Windows Servers, verify that your environment meets the following types of requirements:

■ system requirements■ requirements for specific PATROL for Microsoft Windows Servers components■ account requirements

System requirements

Verify that the target computer meets the installation requirements listed in Table 8 on page 39. These requirements apply to all PATROL for Windows Servers components.

Table 8 System requirements for installing and using PATROL for Windows Servers (Part 1 of 2)

Resource Requirements Comments

operating systems

For an updated list of supported operating systems, see the PATROL for Microsoft Windows Servers Release Notes.

security levels All security levels are supported.

For more information about PATROL security, see “PATROL Security levels” on page 53.

The PATROL Security Level is set during the installation of the PATROL infrastructure components. If your product contains the PATROL Agent, you are able to select the security level. Make sure that the level that you select is compatible with the rest of your enterprise’s PATROL installation.

PATROL products

For an updated list of supported operating systems, see the PATROL for Microsoft Windows Servers Release Notes.

license You must have a valid demonstration license (typically good for 30 days) or a permanent license to run your PATROL products.

If you do not have a permanent license, contact your BMC Software sales representative or the BMC Software Contract Administration department.

ports (UDP/TCP)

If you are installing an agent or console with PATROL for Windows Servers, you must specify the port number to connect to all the agent computers.

The default port number for agents is 3181.

The default port number for the RTServer is 2059.



Additional component-specific requirements

The following requirements are specific to the PATROL for Microsoft Windows Servers components shown.


To monitor network protocols and to use the following domain monitoring parameters and management features, you must have the SNMP service installed:

■ NT_DHCP parameters ■ WpReplicationFailures parameter■ executing the WINS Database Scavenging menu command

(UNIX only)browser to support online Help for PATROL Console for UNIX

Use Netscape Navigator version 3.01–4.78 to use online Help with PATROL for UNIX.

“Browser version required for viewing PATROL Console for UNIX Help” on page 78

browsers This product uses an installation utility that requires a browser. For a list of supported browsers, see the PATROL Installation Reference Manual.

disk space needed to install

151 MB for an agent(without components and KMs)

151 MB for a console(without components and KMs)

242 MB for an agent (with all solution components and KMs)

116 MB for a console (with all solution components and KMs)

Monitor (for Console)

256-color display

800 x 600 resolution

File system FAT or NTFS

Network TCP/IP network protocol

Table 8 System requirements for installing and using PATROL for Windows Servers (Part 2 of 2)

Resource Requirements Comments



As a default, the SNMP service is configured to accept SNMP packets from any host. If the service is configured to accept packets from hosts, then the local host IP address or hostname must be added to the list of hosts. It is not sufficient to add “localhost” or the loopback address 127.0.0.1.

At a minimum, the SNMP community string must have READ permissions. To initiate the WINS Database Scavenging menu command, the community string must have WRITE permissions as well.

On Windows 2000 servers, the community string must be an ASCII character string. Microsoft Windows 2000 does not support non-ASCII characters in community strings.

For the NT_DHCP application class to work, the default PATROL Agent account must have full access to %PATROL_HOME% and all subdirectories. On Windows 2003 and later, the default PATROL Agent account must also be a member of the DHCP Users group.

PATROL KM for Microsoft Windows OS

This section contains additional requirements for using the PATROL KM for Microsoft Windows OS.

Process monitoring

To monitor processes, the PATROL Agent must have access to the following hive and all sub-keys:

HKLM\SOFTWARE\Microsoft\WindowsNT\perflib

Event log monitoring

To discover event logs, the PATROL Agent must have access to the following hive and all sub-keys:

HKLM\CurrentControlSet\Services\Eventlog\

PATROL Agent 3.6 or later has access. No additional configuration is needed.


PATROL KM for Microsoft Windows Active Directory now requires the PATROL KM for Microsoft Windows Operating System 3.9.20 or later for full support. If you are running a release earlier than 3.9.20, the KM fails prediscovery and writes a message to the mwd.log file, as well as to the system output window (SOW). If you are running 3.9.x, the KM is discovered, but the Event Log parameters are not available.



PATROL KM for Windows Active Directory requires that the Event Log component of PATROL KM for Microsoft Windows Servers is active. By default the Event Log component is active. For more information, see “Configuring Windows events monitoring” on page 103.

PATROL for Windows Servers monitors Microsoft Windows Active Directory only when Microsoft Windows Active Directory is running on domain controllers.

PATROL KM for Microsoft Windows Active Directory supports the Read Only Domain Controller support on Microsoft Windows 2008.

PATROL default account required permissions

Monitoring replication within the configuration naming context requires that the PATROL Agent defaultAccount have sufficient Active Directory permissions to create a container object and child container objects in the configuration naming context of the forest in which the domain controller resides. The account must have full control of the created objects.

The PATROL Agent defaultAccount must be granted permission to Create Container Objects in the Configuration NC and to give Full Control to the created container object and its children.

Monitoring replication within the domain naming context requires that the PATROL Agent defaultAccount have sufficient Active Directory permissions to create a container object and child container objects in the domain naming context of the domain in which the domain controller resides. The account must have full control of the created objects.

The PATROL Agent defaultAccount must be granted permission to Create Container Objects in each Domain NC and to give Full Control to the created container object and its children.


PATROL KM for Microsoft COM+ now requires the PATROL KM for Microsoft Windows Operating System 3.9.10 or later for full support. If you are running a release prior to 3.9.10 the KM is discovered, but the Event Log parameters are not available.


The PATROL KM for Microsoft Cluster Server requires that NT_BASE.kml or NT_LOAD.kml is loaded. These files are included with PATROL KM for Microsoft Windows OS.



BMC Software recommends that you preload NT_BASE.kml or NT_LOAD.kml on the cluster agent machine. For more information about preloading, see “Preloading KMs on the PATROL Agent” on page 94.


The local node (or member server) provides a client view of the Active Directory objects. The data provided for each managed node is collected within the context of the domain of which the managed node is a member.

To display information about Active Directory objects, the managed node must meet the following requirements:

■ PATROL Agent 3.6.00 or later must be installed.■ Default account for the PATROL Agent must be a domain user account.

PATROL Adapter for Microsoft Office

To use PATROL Adapter for Microsoft Office, you must load a supported version of Microsoft Excel. To see which versions of Microsoft Excel are supported, see the Release Notes for the version of PATROL Adapter for Microsoft Office that you are installing or have installed.

Accounts

This section describes how to set up a PATROL installation account for Windows.

PATROL Agent default account

PATROL requires a dedicated user account, known as the PATROL Agent default account, in the Windows environment. The PATROL Agent default account must exist in the Windows environment before you install PATROL. The PATROL Agent default account can be either a local or a domain account:

■ Stand-alone workgroup servers must use a local user account as a PATROL Agent default account.

■ Servers that are trusted members of a domain can use either a local or a domain account.

■ Domain controllers must use a PATROL Agent default account that is also a domain account.



KM functions performed

The PATROL Agent uses the PATROL Agent default account to perform the following KM functions:

■ collect information from performance counters■ collect information from the Windows event log■ self-tune for peak performance and non-intrusive use of the processor■ access system-level information■ make debug-level output available from the PATROL KM applications■ access the command interpreter for operating-system-level commands■ create and remove processes in the process table for collecting performance data

Advanced user rights

To enable the PATROL Agent to perform these advanced functions, the PATROL Agent default account might need the advanced user rights shown in Table 9. These rights are not used during installation, but the PATROL Agent requires these rights to operate and perform certain functions after installation. The installation utility automatically grants these rights to the PATROL Agent default account.

NOTE If you are not using the PATROL Agent default account as a Console connection account, you will need to have the Log on locally account rights for the connection account.

PATROL Agent first tries to log on locally; if this fails, it tries to connect to the console by using the network login rights.

Table 9 Advanced user rights (Part 1 of 2)

Advanced User Right Agent Dependency

Act as part of operating system enables PATROL to perform as a secure, trusted part of the operating system

Debug programs enables PATROL to debug low-level objects

Increase quotas enables PATROL to increase object quotas

Log on as a service allows the PATROL Agent to be started as a service so that it will start on system boot

Log on locally (Windows 2000)Allow log on locally (Windows 2003)

allows PATROL to log on at the computer

Manage auditing and security log allows PATROL to monitor the “Security” event log



Administrative rights

BMC Software recommends that you make the PATROL Agent default account a member of the local Administrators group of the computer where the agent will reside. On a domain controller, BMC Software recommends that you make the account a member of the domain Administrators group.

However, you can choose to remove the PATROL Agent default account from the local or domain Administrators group. You could also remove the advanced user rights described in Table 9 on page 44. However, if you do so, the PATROL Agent cannot perform all of its tasks. Table 10 on page 45 shows the PATROL for Microsoft Windows Servers tasks that the Agent cannot perform when the following restrictions are placed on the PATROL Agent default account:

■ The account is in a domain user group or local user group, but is not in the domain or local administrators group.

■ The account does not have all of the advanced user rights noted in Table 9 on page 44.

Profile system performance enables PATROL to use the Windows profiling capabilities

Replace a process level token enables PATROL to modify a security access token for a process

Table 10 Removing rights and admin group membership from the PATROL Agent (Part 1 of 3)

KM Effect Workaround and notes


The cluster KM does not function. No authentication to the cluster can be performed.

To be fully functional, the agent outside of the cluster can be in the admin group and contain all of its rights, while the agents within the cluster are removed from the administrators group and do not have the seven advanced user rights. The monitoring user account does not have the Logon As Batch Job user right.

Table 9 Advanced user rights (Part 2 of 2)

Advanced User Right Agent Dependency



PATROL KM for Windows Operating System

Restart Service recovery action does not execute. Message in system output window indicates access denied and inability to restart service.

The PATROL Agent default account must be in the local or domain Admins group. Granting a specific user right is not a valid workaround.

If the PATROL Agent default account lacks the Debug Programs right, cannot monitor the status of processes.

Add the Debug Programs right to the PATROL Agent default account. Membership in the Administrators group not needed.

The Terminate Process and Restart Process recovery actions do not work.

Add the Debug Programs right to the PATROL Agent default account.

Backup Event Log and Clear Event Log recovery action does not work.

Add the user right Backup files and directories to the PATROL Agent default account. For the security event log, you must also add the user right Manage auditing and security log.

Logical disk quotas and mount points do not work.

The PATROL Agent default account must be in the local or domain Admins group.

The Clean Temporary Directories recovery action does not execute.

Assign read/write permissions on the temp directory to the PATROL Agent Default account.

Unable to monitor the security event log. The NT_EVENTLOG application displays a message in the _DiscoveryStatus parameter.

Add the user right Manage auditing and security log to the PATROL Agent default account.

Blue Screen KM unable to detect a blue screen condition.

The PATROL Agent default account must be in the local or domain Admins group. Granting a specific user right is not a valid workaround.


Shares are not monitored. Parameters are not discovered.

Add the PATROL Agent default account to the Account Operators, Print Operators, or Server Operators built-in group.

The Increase connections allowed o Share recovery action associated with the ShConnPercent parameter does not work.

Add the PATROL Agent default account to the Account Operators, Print Operators, or Server Operators built-in group.

DFSRootReplica does not work when checking alternate domain controller. Parameters are unavailable and in alarm.

Grant the advanced user right log on locally to the PATROL Agent default account.

On Windows 2003, the NT_DHCP application class does not work.

Add the PATROL Agent default account to the DHCP Users group.





Creating a separate account

Although you can use an existing Windows user account, BMC Software recommends that you create a separate Windows user account for PATROL.


AD disk space used does not work. Grant the PATROL Agent default account the following permission on the DSA Working Directory and its subdirectories: List Folder Contents/Read Data.

The KM reads the registry to obtain the DSA Working Directory. It needs access to the following registry keys and subkeys:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS

Configuration NC replication checking does not work.

Grant the PATROL Agent default account sufficient Active Directory permissions to create a container object and child container objects in the configuration naming context of the forest in which the domain controller resides.

Grant the PATROL Agent defaultAccount permission to Create Container Objects in the Configuration NC and to give Full Control to the created container object and its children.

Domain NC replication checking does not work.

Grant the PATROL Agent default account sufficient Active Directory permissions to create a container object and child container objects in the domain naming context of the domain in which the domain controller resides.

Grant the PATROL Agent defaultAccount permission to Create Container Objects in each Domain NC and to give Full Control to the created container object and its children.





PATROL KM for Microsoft Cluster Server account

The PATROL KM for Microsoft Cluster Server can be configured to use an external cluster-level agent or an internal cluster-level agent (CLA). The account the KM uses to connect to and manage a cluster depends upon which configuration you use. Regardless of which configuration you use, however, the configuration must have the following characteristics:

■ cluster account must be a domain account ■ cluster account must have access permission to the cluster■ all local agents in the cluster must use the same port number

An external CLA configuration requires a user-defined cluster account separate from the PATROL default account. This account must have cluster administrative privileges. The PATROL MCS Monitor Service (McsService.exe) also runs under this account.

An internal CLA configuration can use either a separate user-defined cluster account (a domain account with cluster administrative privileges) or, when certain requirements are met, it can use the PATROL default account.

When installed, if the PATROL KM for Microsoft Cluster Server does not discover a separate cluster account, it checks the PATROL agent default account for the following required characteristics:

■ it must be a domain account■ it must have permission to access the cluster

If these requirements are in place, the Cluster KM uses the PATROL agent default account to access the cluster and to communicate with the agents running on all other nodes in the cluster, and the PATROL MCS Service runs under this account.

This account information is not replicated to other nodes so, if you want the Cluster KM to use the PATROL agent default account to monitor the cluster, these requirements must exist for every PATROL agent default account on every node in the cluster.

To discover the PATROL KM for Microsoft Cluster Server you require the Logon as a batch job privilege for cluster account and PATROL Default Account.

WARNING Do not use a built-in Windows domain or local Administrator account as the PATROL default account. Such account usage causes files created by PATROL to be owned by the Administrator, which could result in security or file access problems.


Preparing for installation

Console connection accounts

BMC Software recommends that you create a separate account, in addition to the PATROL default account, for PATROL console operators who do not need administrative privileges. Operators can use this account to connect the console to the agent. If you want to configure KMs from the console, however, the console connection account may need administrative rights. For more information, see “Requirements for configuring from the PATROL Console” on page 97.

Preparing for installationBMC Software recommends that you first install PATROL for Windows Servers on a limited number of development or test machines, then configure and test PATROL for Windows Servers before installing it onto production machines.

Before you install, you must

■ ensure that pop-up blocking software is turned off before installation (see page 49)■ determine if you are using an unsupported platform option in the installation

utility user interface (see page 50)■ determine the extraneous target platform options available in the installation

utility user interface (see page 50)■ check for product patches or fixes before installing (see page 50)■ verify if you are installing PATROL Agent on top of an existing installation (see

page 51)■ determine the order in which you must extract the installation files after download

(see page 52)■ determine how to install products (see page 51)■ ensure you are using the appropriate version of the installation utility (see page 51)■ understand where to install the PATROL Agent and KMs (see page 51)■ understand PATROL security options (page 53)■ choose between Default and Custom installation options (see page 54)

Turning off pop-up blocking software before installing

Before installing the PATROL for Microsoft Windows Servers solution or any of its components, you must turn off pop-up blocking software. Pop-up blocking software interferes with the functioning of the installation utility.



Unsupported platform option in the installation utility user interface

If you use the installation utility to build an installable image, the Windows NT 4.0 (Intel) platform option is also displayed in the Select Platforms dialog box. This platform is not supported by the PATROL for Microsoft Windows Servers solution.

Extraneous target platform options available in the installation utility user interface

If you use the installation utility to build an installable image, the following extraneous target platform options are displayed in the Select Platforms dialog box:

■ Windows NT 4.0 (Intel)■ Above Windows 2003 (Intel)■ Above Windows 2003 (Itanium)■ Above Windows 2003 (Opteron/EM64T)

None of the preceding platforms are supported by the PATROL for Microsoft Windows Servers solution. Do not select these target platforms when building an installable image.

Checking for product patches or fixes before installing

Product fixes or patches are often available through the BMC Software Web site. Patches correct problems that are found after a product is released. BMC Software recommends that you check the product page for PATROL for Windows Servers on the BMC Software Customer Support Web page to determine whether a patch is available before you begin installing a product.

WARNING Do not select the Windows NT 4.0 (Intel) platform when building an installable image.



Determining how to install products

You can install products on the computer on which you are running the installation utility (local installation), create an installable image of products, use the -serveronly option, or use the Distribution Server. An installable image is a fully configured product image that you can use to install products to multiple computers. With an installable image, you can create one product image with one pass through the installation utility and then use that image to install to remote computers in your environment.

For more information about creating, distributing, and installing installable images, and about using the ctltool, see the PATROL Installation Reference Manual.

Determining the version of the installation utility

The version of the installation utility included on the CD or Electronic Product Download (EPD) image you use to install this product might differ from a version included on another product CD or from a version that you downloaded from the BMC Software Electronic Product Download (EPD) website. You should use the version of the installation utility that comes with the product that you are installing.

To determine the version of an installation utility, perform the following steps:

1 Open a command prompt.

2 Navigate to the directory where the installation utility is located.

3 Enter Setup.exe -v (Windows) or setup sh -v (UNIX).

Determining where to install the PATROL Agent

Install the PATROL Agent on each computer that you want to monitor. When installing the PATROL Agent, select Managed System as the system role during the installation.

Installing the PATROL Agent over an existing installation

If you are installing the PATROL Agent over an existing installation, any manual modifications that you made to the agent.reg file are not applied to the new installation. You must manually reapply the modifications after the new installation.



Extracting installation files after download

This section is relevant only if you downloaded the PATROL for Microsoft Windows Servers solution from the BMC Electronic Product Download (EPD) website, http://www.bmc.com/ega/.

When extracting multiple components that you downloaded from the BMC EPD website, you must extract them in the order shown:

1. installation utility (always extract first)

2. PATROL KM for Event Management

3. PATROL History Loader KM

4. PATROL KM for Log Management

5. PATROL Perform Agent for Microsoft Windows Servers

6. PATROL Agent for Microsoft Windows Servers

7. PATROL for Microsoft Windows Servers (always extract last)

Determining where to install KMs

You install the KMs to multiple target computers in the PATROL environment. Each target computer requires different KM related files and information, depending on the computer’s system role in the PATROL architecture. When you run the installation utility on a target computer, you must select the appropriate system role for that computer. The installation utility then installs the appropriate files to that target computer based on the system role selected.

Install KMs that you want to use on

EXAMPLE If you downloaded the following components, you must extract them in this order:

1. installation utility (extract first)

2. PATROL KM for Log Management

3. PATROL Agent for Microsoft Windows Servers

4. PATROL for Microsoft Windows Servers (extract last)


http://www.bmc.com/ega/

PATROL Security levels

■ Computers hosting a PATROL Agent

Each computer that you want to monitor should, at a minimum, have the PATROL Agent and the PATROL KM for Microsoft Windows OS. You might want to install other KMs to monitor specific server types such as Exchange Servers, Microsoft SQL Servers, Domain Controllers, Cluster Servers, Terminal Servers, and so on.

When installing these KMs on the PATROL Agent computer, select Managed System as the system role during the installation.

■ Computers hosting a PATROL console

Install every KM that you want to use on each PATROL console computer.

When installing these KMs on a PATROL console computer, select Console Systems as the system role during the installation.

■ Computers hosting a PATROL Console Server

If you use the PATROL Console Server, install every KM that you want to use on the PATROL Console Server computer. Install the same KM and the same version of the KM that is running on the PATROL Agents.

When installing these KMs on a PATROL Console Server computer, select Common Services as the system role during the installation.

For more information about the PATROL consoles and PATROL Console Server or RTserver, see the product’s respective online help systems and the following documents:

■ PATROL Central Operator - Web Edition Getting Started■ PATROL Central Operator - Microsoft Windows Edition Getting Started■ PATROL Console Server and RTserver Getting Started■ PATROL Configuration Manager User Guide■ PATROL Console for UNIX User Guide■ PATROL Console for Microsoft Windows User Guide - Understanding the Basics of

PATROL, Volume 1, 2, and 3

PATROL Security levelsYou can secure the data passed between PATROL components and restrict unauthorized users from accessing your data by implementing PATROL security. You can select from five security levels when you install PATROL.


Default and custom installation types

Agents, console servers, and consoles must operate at the same security level to communicate with each other. When you install agents, console servers, or consoles that need to communicate with previously installed versions of these components, check the security level of the previously installed components and be sure to install the new ones at the same level.

Checking security levels

To check the security level of a previously installed agent, console server, or console, perform the following steps:

1 From the command line switch to the path on the computer that you want to check:

%BMC_ROOT%\common\security\bin\Windows-x86

2 Run the following command to display the security policy of the current machine:

The security level is displayed in the “security level” field of the output.

Assessing and implementing a different security level

Review the security level definitions in the PATROL Security User Guide before installing PATROL to determine the appropriate security level for your components. If you want to implement a new security level after having previously installed PATROL security, see the PATROL Security User Guide for instructions.

Default and custom installation typesThe installation utility prompts you to select one of the following installation types:

■ The Default installation type uses default values for all optional configuration information. It prompts you only for mandatory configuration information. This type is for any or all of the following situations:

— You are new to the PATROL product that you are installing and you have an agent or console already installed in the default directories.

— You are performing a first-time installation (you are not upgrading), and you are installing into the default product installation directories.

esstool policy -a


First-time installation

■ With the Custom installation type, you can install individual components of the product. It requires that you specify all configuration information. This type is for any or all of the following situations:

— You want to install individual components rather than the entire product.— You want to specify the following settings:

■ the port numbers that components use to communicate with each other■ a security level greater than basic security■ any other product settings that a user might want to change

— You are upgrading PATROL for Windows Servers from a previously installed version.

— You are installing into an existing PATROL environment that is not in the default installation directory.

With each installation type, you can always deselect any components that you do not want to install.

First-time installationThe installation utility offers two types of installations: Default and Custom. For a description of the two types of installations, see “Default and custom installation types” on page 54.

Installing for the first time

You can install PATROL for Windows Servers using either the Default or Custom installation type. Regardless of the type of installation you choose, you must repeat this installation process for each computer on which you want to install PATROL for Windows Servers.

NOTE If you are installing PATROL for Windows Servers to an existing PATROL Agent or Console environment that is not in the default installation directory, use Custom. Do not use Default. Default will automatically install the agent or console with PATROL for Windows Servers and overwrite your existing installation.

NOTE By default, the Default installation type configures the PATROL Agent to connect through port 3181. If you want to connect the agent from a different port, you must use the Custom installation type.



Before you begin

■ You first should install on a limited number of computers in the test environment, test the installation thoroughly, and then install in your production environment.

■ You must have created the PATROL default account.

■ If you want to install PATROL for Windows Servers on a computer running Windows 2000 with Citrix Metaframe, you must have access to a second computer that runs a browser that is supported by the installation utility.

To install using the default installation type

1 Close the Service Control Manager window and the Control Panel window.

2 From the PATROL for Microsoft Windows Servers CD or from an installation image that has been electronically downloaded from an EPD site and extracted, run setup.exe.

When installing on a Windows Server in application mode or with Citrix Metaframe installed, perform the following steps to launch the installation utility:

A From a command line, change to the directory where the installation utility is located and enter the following command to change to installation mode:

change user/install

B Enter the following command to start the installation Web server

setup.exe -serveronly

A message box is displayed that shows the URL to use to connect to the installation Web server.

C On another computer with a browser, start the browser.

D Connect to the installation Web server from the browser to start the installation utility by using the URL that is displayed in the message box on the computer on which you are installing the product.

3 In the Welcome to the Installation Utility window, click Next to begin your installation.

4 Review the license agreement, select Accept, and click Next to continue.

5 In the Select Installation Option window, select I want to install products on this computer now and click Next to continue.



6 In the Select Type of Installation window, select Default and click Next to continue.

7 In the Specify Installation Directory window, accept the default directory and click Next to continue.

8 In the Select System Roles window, select any or all of the following roles to indicate the components that you want to install and click Next:

■ If you are installing to a computer that hosts or will host only a PATROL Console for Windows, select Console Systems.

■ If you are installing to a computer that hosts or will host a PATROL Agent, select Managed Systems.

■ If you are installing to a computer that hosts or will host the PATROL Central Operator – Web Edition, or the PATROL Console Server select Common Services.

9 From the Select Products and Components to Install window, select components that you want to install or accept the defaults and click Next.

10 In the PATROL Default Account Properties window, enter the user name and password that you want to use for your PATROL default account and click Next. This window is displayed only when you are installing a product that requires a PATROL logon.

You should have created this account manually before you began to install PATROL. (For more information, see “Accounts” on page 43.)

11 In the Review Selections and Install window, review your selections and, to make changes, click Back or, to start installing, click Start Install.

A status window opens that contains current messages, current milestones, and percentage complete.

12 When the status window reports that the installation is 100% complete, click Next to view the results window. (Next does not appear until the installation is 100% complete.)

13 (Optional) In the results window, click View Log to review the details of the installation.

14 Click Finish to close the installation utility.



To install using the custom installation type

1 Close the Service Control Manager window and the Control Panel window.

2 From the PATROL for Microsoft Windows Servers CD or from an installation image that has been electronically downloaded from an EPD site and extracted, run setup.exe.

When installing on a Windows Server in application mode or with Citrix Metaframe installed, perform the following steps to launch the installation utility:


change user/install

B Enter the following commands to start the installation Web server:

setup.exe -serveronly


C On another computer with a browser, start the browser.

D Connect to the installation Web server from the browser to start the installation utility by using the URL that is displayed in the message box on the computer on which you are installing the product.

3 In the Welcome to the Installation Utility window, click Next.

4 In the Review License Agreement window, review the license agreement, select Accept and click Next.

5 In the Select Installation Option window, select I want to install products on this computer now and click Next.

6 From the Select Type of Installation Window, select Custom and click Next.

7 In the Specify Installation Directory window, enter the directory where the products that you select will be installed and click Next.

The PATROL product directory is appended to the path that you enter in this step. You will specify the PATROL product directory in step 10 on page 59.

8 In the Select System Roles window, select any or all of the following roles to indicate the components that you want to install and click Next:



■ If you are installing to a computer that hosts or will host a PATROL Console, select Console System.

■ If you are installing to a computer that hosts or will host a PATROL Agent, select Managed System.

■ If you are installing to a computer that hosts or will host the PATROL Central Operator – Web Edition or the PATROL Console Server, select Common Services.

For more information about the PATROL consoles and PATROL Console Server or RTserver, see the following documents:

■ PATROL Central Operator – Web Edition Getting Started■ PATROL Central Operator – Microsoft Windows Edition Getting Started■ PATROL Console Server and RTserver Getting Started

9 From the Select Products and Components to Install window, select the items that you want to install, and click Next.

10 In the Provide the PATROL 3.x Product Directory window, enter in the PATROL 3.x Product Directory field the directory in which you want to install PATROL for Windows Servers as appropriate for your installation.

This directory is appended to the base directory path that is shown in the BMC Products Installation Directory field entered in step 7 on page 57.

11 If the PATROL Default Account Properties window appears, enter the user name and password that you want to use for your PATROL default account and click Next. This window is displayed only when you are installing a product that requires a PATROL logon.

You should have created this account manually before you started the installation process. (For more information, see “Accounts” on page 43.)

12 In the Complete the Confirm BMC Product Startup Information window, perform the following steps (this window does not appear if you are not installing into a managed system):

A In the Specify the Current Agent Port Number field, enter the port number that you want the PATROL Agent to use. The default is 3181.

B In the Restart the PATROL agent automatically? field, click Yes or No.

NOTE If your previous installation used a different port number, change the default to the current port number for the PATROL Agent.


First-time installation using Distribution Server

13 In the Review Selections and Start Install window, review the selections and, to make changes, click Back or, to start installing, click Start Install.

14 When the status window reports that the installation is 100% complete, click Next to view the results window. (Next does not appear until the installation is 100% complete.)

15 (Optional) In the results window, click View Log to review the details of the installation.

16 Click Exit to close the installation utility.


The PATROL for Windows Servers can be installed locally to a single computer or remotely to multiple computers using the Distribution Server.

The details of how to install a product across an enterprise to multiple machines by using Distribution Server are beyond the scope of this book. However, this section does describe how to import the PATROL for Windows Servers product into the Distribution Server. It also provides a high-level overview of the enterprise installation process.

Distribution Server features

You use the Distribution Server to perform remote installations or uninstallations of BMC Software distributed systems products across multiple systems from a central location.

With the Distribution Server you can perform the following actions:

■ Install, uninstall, upgrade, and reinstall products on remote systems from one central location.

■ Create collections of products and system groups to distribute multiple products to multiple systems in one distribution.

■ Schedule a distribution for a specific date and time.

■ Maintain multiple product versions to be distributed.



■ View reports to check distribution status, gather distribution data, and diagnosis problems.

To import PATROL for Windows Servers into the Distribution Server, perform the following tasks: “Importing a CD or customized installation package into Distribution Server” on page 61.

Importing a CD or customized installation package into Distribution Server

This task describes how to import components into the Distribution Server for deployment to multiple locations.

Before you begin

■ The customized installation packages that resulted from “Creating an installation package of the migrated and merged KM” on page 70 must be accessible to the Distribution Server.

■ Ensure that you use the Distribution Server version 7.1.01 or later.

To import components in to the Distribution Server

1 Using the Distribution Server Manager, connect to the Distribution Server.

2 In the Distribution Server tab area, click the Components tab.

3 In the list area, click the Import button.

4 Navigate to the location where the components are located and click Next.

5 Select the directory that contains the Products directory (do not select the Products directory itself).

If the components are not accessible on a local drive, you can specify them by using the NFS name and path.

EXAMPLE Assuming that you copied the CD image into a directory called merged_CD and then, after migrating your customizations and creating a customized installation package, you copied the updated package to the directory containing the CD image, the resultant directory structure would resemble merged_CD\Products\pokchm. You would select the directory merged_CD.



6 Select the check boxes for the components that you want to import and click OK.

7 Click Import to import the selected components.


To remotely install PATROL for Windows Servers throughout your enterprise, use the instructions in the Distribution Server Getting Started Guide. For an overview of that process, see “Installing with the Distribution Server (overview).”

Installing with the Distribution Server (overview)

Once you have imported the PATROL for Windows Servers into the Distribution Server, you must perform the following tasks within the tool. The tasks can be grouped into three stages.

To set up products

1 Import components into the Distribution Server repository on the Components tab of the Distribution Manager.

2 Arrange components in collections on the Collections tab of the Distribution Manager.

3 Configure the collections on the Configurations tab of the Distribution Manager.

To set up systems

1 Create accounts in the operating system of the computers to which you want to distribute PATROL for Windows Servers.

2 Add accounts and create profiles for the systems on the Systems tab of the Distribution Manager.

3 Add the systems and install the Distribution Client on the Systems tab of the Distribution Manager.

4 Arrange systems in system groups on the Systems tab of the Distribution Manager.


Upgrading from an earlier version

To distribute products

1 Distribute configurations of collections to system groups on the Distributions tab of the Distribution Manager.

2 Run reports to review distributions on the Reports tab of the Distribution Manager.

For detailed instructions about how to perform remote installations with the Distribution Server, see the Distribution Server Getting Started Guide.

Upgrading from an earlier versionIf you have a previous version of PATROL for Windows Servers installed on the target computer, you have the following options for upgrading to the new version of PATROL for Windows Servers:

■ “Upgrading without saving KM customizations” on page 68■ “Upgrading and preserving KM customizations” on page 68

Figure 1 on page 67 describes the general process of upgrading to a new version of PATROL for Windows Servers and migrating any customizations.

Automatic migration of console and agent customizations

Only customizations to Knowledge Modules must be migrated.

Whether you choose to save and migrate your KM customizations or not, the customizations you have made to the following components are preserved and incorporated into the new version automatically:

■ agents—stored in the agent configuration file■ consoles—stored in the console cache files

NOTE Customized Knowledge Modules and PSL files are also stored in the cache but they are not automatically preserved and incorporated.



Determining whether you can migrate KM customizations

Before migrating customizations, you must determine whether or not your customizations to PATROL for Windows Servers can be migrated to the new version of PATROL for Windows Servers. See Table 11 to determine whether migration is supported for your current version of PATROL for Windows Servers.

Conditions for upgrading

Use Table 12 to help you choose an upgrade procedure.

Table 11 Versions that you can migrate

Component Version

PATROL for Windows Servers 2.1.01 and later

PATROL KM for Windows Operating System

3.7.00 and later

PATROL KM for Windows Domain Services 1.1.00 and later


1.5.00a, 1.5.01 and later

a When the PATROL KM for Microsoft Windows Active Directory is installed on a server that has PATROL KM for Windows Domain Services 1.3.00, 1.4.00, or 1.4.01 installed, the application classes that begin with NT_AD are automatically disabled. These disabled application classes are recorded in the configuration variable /AgentSetup/disabledKMs.

PATROL History Loader KM 1.5.02 and later

PATROL KM for Event Management 2.7.08 and later

PATROL KM for Microsoft Message Queue 1.1.00 and later

PATROL KM for Microsoft Cluster Server 1.1.00 and later

PATROL KM for Microsoft COM+ 1.2.00 and later


2.0.04 and later

If you created .km files and parameters using an older version of this component, they will continue to work, even after loading the new KM.



Determining the location of PATROL

During the installation process, the PATROL installation utility records where it installs PATROL components in environment variables. To function properly, various components of the PATROL product require the information stored in these variables. Two important variables are PATROL_HOME and PATROL_CACHE.

Throughout this section, all references to PATROL_HOME represent %PATROL_HOME% and all references to PATROL_CACHE represent %PATROL_CACHE%.

Default values for PATROL location variables

If you do not specify a location for the PATROL installation, the installer uses the following pre-programmed default locations and stores these locations in environment variables.

Viewing environment variables set by PATROL

To view the value of PATROL_HOME, PATROL_CACHE and other environment variables, perform the following procedure:

Table 12 Choosing an upgrade procedure

Use this procedure If you have this situation

Upgrading without saving KM customizations

■ have not made any customizations to the KM files in your previous version of PATROL for Windows Servers

■ want to overwrite customizations you made to the KM files with the default values of the new version of PATROL for Windows Servers

■ have a currently installed version of PATROL for Windows Servers that cannot be migrated (See Table 11 on page 64)

Upgrading and preserving KM customizations

made customizations to the KM files in your previously installed version of PATROL for Windows Servers and want to save those customizations and migrate them to the new version of PATROL for Windows Servers

Table 13 Default values for PATROL location variables

Variable Default value

PATROL_HOME C:\Program Files\BMC Software\<PATROL_directory>

PATROL_CACHE %HOMEDRIVE%\%HOMEPATH%\<PATROL_directory>


PATROL for Windows Servers upgrade scenarios

Using the control panel

1 Select Control Panel using one of the following menu paths:

■ Start => Settings => Control Panel.■ Start => Control Panel.

2 Open the System application.

3 Select the Advanced tab.

4 Click Environment Variables.

5 Scroll through the System Variable list box to view the variables.

The System application displays PATROL_CACHE only if it is set to a value other than its default value.


Figure 1 illustrates the following PATROL for Windows Servers upgrade scenarios.

■ not migrating customizations■ migrating customizations manually■ migrating customizations then installing the product using one of the following

tools:— Common Installation Utility for local installations— Distribution Server for remote installations



Figure 1 Upgrading overview for PATROL for Windows Servers

Saving customizations?

Install PATROL for Windows Servers using instructions in “Installing for the first time” on page 55

Shut down agent and console, remove previous version from PATROL_CACHE and PATROL_HOME directories on agent and console computer.

Yes

No

migrating

Back up PATROL_HOME and PATROL_CACHE directories and note all customizations.

Install PATROL for Windows Servers using instructions in on page 55.

Shut down agent and console, remove previous version of the product from PATROL_CACHE and PATROL_HOME directories on agent and console computers.

manually

Manually change settings or PSL files to match your customizations for the previous version.

Installing over an existing PATROL for

Windows Servers installation?

Yes

No

“Migrating customizations manually” on page 72

Import merged package into the Distribution Server and start installer using instructions in “Importing a CD or customized installation package into Distribution Server” on page 61.

“Upgrading without saving KM customizations” on page 68

Yes

NoCan you migrate?

“Determining whether you can migrate KM customizations” on page 64



Upgrading without saving KM customizations

If you do not want to save any customizations of .km files, PSL code, alarm thresholds, or events, you can simply install the new version of PATROL for Windows Servers over your previous version after moving or deleting PATROL for Windows Servers files from the PATROL_CACHE. See “First-time installation” on page 55 for instructions.

When installing PATROL for Microsoft Windows Servers over an existing version, if you stop PATROL services manually (not normally required) before running the installation program, stop the PATROL Agent service (PatrolAgent.exe) first, followed by any other PATROL services.

Upgrading and preserving KM customizations

Use the appropriate task in this section if you want to upgrade to the new version of PATROL for Windows Servers and you want to preserve any customizations you have made to the .km files in the previous version of PATROL for Windows Servers.

You must first migrate your customizations from the old version of PATROL for Windows Servers to the new version, and then install the result into your environment. You should complete this process on a limited number of computers in the test environment first, test the merged KMs thoroughly, and then deploy them to your production environment.

NOTE Customizations applied using PATROL Configuration Manager or operator overrides are automatically saved in the agent configuration database. They will take effect automatically unless the parameter name or application name has changed. In either of those cases, you must reapply the customizations.

NOTE To upgrade and preserve customizations, you must either migrate your customizations manually or use the PATROL Migration Tools version 3.5 to create a customized installation package. If you are using the Distribution Server to install the merged customization package, ensure that you have the latest version of the product installed as well as any available patches.



Preparing to upgrade

Whether you are upgrading and migrating customizations or simply upgrading, you must first back up the current installation. If the .kml file or any of the .km files for the new version of PATROL for Windows Servers has a different file name from the previous version, you must remove those files from the list of KMs that are preloaded on the PATROL Agent.

Before you begin

If you plan to migrate your customizations, determine whether you can migrate from a previous version of PATROL for Windows Servers. See Table 11 on page 64 to determine whether migration is supported for your current version of PATROL for Windows Servers.

To back up the current installation

Back up your customizations so that you can restore the current installation if you want to roll back your upgrade.

1 Shut down any PATROL Agents, consoles, and related services that are currently running.

2 Ensure that no one is accessing any PATROL files or directories.

3 Perform a full backup of the directories where PATROL files are typically stored. These directories are listed in the following table:


If you are migrating customizations manually, go to “Migrating customizations manually” on page 72.

File type Directory

executables and data PATROL_HOME for agent and console installation directories

console customizations PATROL_CACHE for the console working cache



Migrating customizations with the PATROL Configuration Manager

BMC Software recommends that if you have customized KMs that these customizations should be migrated to PATROL Configuration Manager rulesets. PATROL Configuration Manager rulesets allow you to manage customizations to KMs, depending on the type of customization.

■ If you have localized parameters or global parameters that have customized poll times or thresholds, use the AS_CHANGESPRING KM to migrate these customizations into PATROL Configuration Manager rulesets as described in the PATROL Configuration Manager User Guide.

■ If you have created custom recovery actions, follow these steps:

1. Ensure that you have made a record of your customizations and have backed up the customized files in the PATROL_HOME and PATROL_CACHE directories.

2. Uninstall the old version of PATROL for Microsoft Windows Servers.

3. Install the new version of PATROL for Microsoft Windows Servers as described in the section “Installing for the first time” on page 55.

4. Ensure that you have made a record of your custom recovery actions.

5. Use the Recovery Action Event Management commands as described in the PATROL Configuration Manager User Guide to migrate your custom recovery actions to the PATROL Configuration Manager.

Creating an installation package of the migrated and merged KM

After you have migrated and merged your customizations, you must create an installation package that can be used with the installation utility to install locally on one computer or with Distribution Server to install remotely on multiple computers.

1 Copy the entire contents of the PATROL for Windows Servers CD to a temporary directory on a hard drive on a server. You can delete this temporary directory after you have successfully created an installable image.

2 Navigate to the packaged_results directory for the merged package and open the .ppf file with a text editor. Write down the file name in the first line of the .ppf file. This file name is the name of the directory that you will look for in the Products directory of the CD image.



3 Rename the packaged_results directory with the file name that you found in the .ppf file in the previous step.

4 Copy the renamed directory to the Products directory of the temporary directory that you used in Step 1. You will be replacing the files there with the merged files that contain your customizations.

5 Copy the PATROL for Windows Servers CD image to the server that you will use to install PATROL for Windows Servers.


■ Remove the files in the PATROL_CACHE directory by following the instructions in “Moving files from the PATROL_CACHE directories.”

■ Install PATROL for Windows Servers from the target server by following the instructions in “Installing for the first time” on page 55.

■ Import the customized version of PATROL for Windows Servers into the Distribution Server by following the instructions in “Importing a CD or customized installation package into Distribution Server” on page 61.

Moving files from the PATROL_CACHE directories

Before you install, you must move the current PATROL for Windows Servers files from the PATROL_CACHE directory for the console. If you do not, old product files in PATROL_CACHE are loaded instead of the newly installed files from PATROL_HOME.

Copy the PATROL for Windows Servers files with the naming patterns shown in Table 14 to a directory outside the PATROL installation and delete them from PATROL_CACHE\knowledge and PATROL_CACHE\psl:

EXAMPLE If pokckm/8.5.00/030107-233044 was listed in the first line of the .ppf file, you would use pokckm as the directory name.

Table 14 KM file naming patterns (Part 1 of 2)

Component Naming pattern

PATROL KM for Microsoft Windows OS ■ NT_*■ PATROL*■ RECOVERY*

PATROL KM for COM+ ■ Com*



Migrating customizations manually

If you have made customizations to the PATROL Script Language (PSL) code, you must manually migrate those customizations. This task contains a procedure for manually migrating each kind of customization.

To migrate customizations to KM files manually

1 Ensure that you have made a record of your customizations and have backed up the customized files in the PATROL_HOME and PATROL_CACHE directories.

2 Uninstall the old version of PATROL for Windows Servers.

3 Install the new version of PATROL for Windows Servers as described in the section “Installing for the first time” on page 55.

4 Identify and record the coding changes, which represent your customizations, in PATROL for Windows Servers by comparing the content of the ASCII files in the newly installed PATROL for Windows Servers version with the content of the customized ASCII files with the same name that is saved in the directory to which you moved the old version.

PATROL KM for Microsoft Message Queue ■ MQ*■ MSMQ*

PATROL KM for Microsoft Windows Domain Services ■ MSDM*■ NT_*■ NTD_*

PATROL KM for Microsoft Windows Active Directory ■ AD*■ MWD*

PATROL for Microsoft Cluster Server ■ MCS*

PATROL KM for Event Management ■ AS*■ EVENT*

PATROL KM for Log Management ■ LOG*■ PMG*

PATROL History Loader KM ■ H*.km■ H*.psl■ History-*■ History_Loader*■ Hist*■ COM_DEB_*■ COM_STAT_*


■ NT_WMI*■ NT_PERFMON*

Table 14 KM file naming patterns (Part 2 of 2)

Component Naming pattern


Installing PATROL KM for Microsoft Cluster Server

5 Incorporate your customizations to the new PATROL for Windows Servers by performing the following steps:

A Restart the PATROL console.

B Load the newly installed PATROL for Windows Servers.

C Using a PATROL developer console, enter the customizations that you identified in step 4 on page 72, one by one.

To migrate customized PSL code

Customizations made to PATROL Script Language (PSL) code are not automatically migrated. These customizations may be embedded in .km files or stored in separate .psl files. Migrate these customizations manually, using the following guidelines:

■ If you modified .psl files that were shipped by BMC Software, you must manually re-edit the PSL code in the new KM by using a PATROL developer console to reapply your changes.

■ If you modified PSL code embedded in a .km file, that code will be overwritten when you install a new version of the product. You must manually edit the new .km files by using a PATROL developer console to reapply your changes.

■ If you created a new PSL file (not shipped by BMC Software) outside of a .km file, Installing PATROL for Microsoft Cluster Server


Install the PATROL KM for Microsoft Cluster Server component only if you plan to monitor and manage a Microsoft server cluster.

The PATROL KM for Microsoft Cluster Server can monitor your Microsoft Cluster Server environment using an external cluster-level agent or an internal cluster-level agent (CLA). To help you decide which of these options is best for your environment, Table 15 on page 74 provides you with the characteristics of each of these options.



External cluster-level agent architecture

The external CLA uses a three-tier architecture, as shown in Figure 2 on page 75, and has components that you install inside and outside of a cluster. The external CLA uses a cluster-level agent machine that resides outside the cluster to collect data from the cluster nodes in all of the clusters you monitor.

Although the external cluster-level agent can monitor one or more clusters, BMC Software recommends that you monitor no more than ten clusters from one cluster-level agent for performance reasons. A cluster can be monitored by only one cluster-level agent.

Table 15 Monitoring configuration options for PATROL KM for Microsoft Cluster Server

Monitoring configuration Characteristics

external CLA The following statements apply to an external CLA configuration:

■ allows you to use the same CLA to monitor multiple clusters■ maintains both the configuration and history files outside of the

cluster; history is not interrupted during a failover■ requires a CLA computer that resides outside of the cluster

internal CLA The following statements apply to an internal CLA configuration:

■ monitors only the underlying cluster■ does not provide an uninterrupted history; configuration and history

files are stored on a local drive and, therefore, are not shared with the new quorum owner after a Cluster Group failover

■ automatically replicates the configuration information to all the nodes in the cluster

■ does not require a computer that resides outside of the cluster to run the CLA

■ allows the KM to use the PATROL agent default account when certain requirements are satisfied

■ easier to set up and configure



Figure 2 PATROL KM for Microsoft Cluster Server with external CLA configuration

Internal cluster-level agent architecture

The internal CLA uses a two-tier architecture, as shown in Figure 3.

Figure 3 PATROL KM for Microsoft Cluster Server with internal CLA configuration

While the PATROL KM for Microsoft Cluster Server (MCS KM) is loaded on all of the agents on all of the nodes in the cluster, only the MCS KM on the quorum-owning node actively monitors the cluster.

Node 1

Node 2

Cluster 2

Node 1

Node 2

Cluster 1

Install the PATROL KM for Microsoft Cluster Server and a

Install the PATROL KM for

Cluster-levelagent computer

Microsoft Cluster Server, and

Install the PATROLKM for Microsoft Cluster Server, PATROL

PATROL Agent here.Agent, and OS KM here.

Install the PATROL KM for MicrosoftCluster Server, PATROLAgent, and OS KM here.

Install the PATROLKM for MicrosoftCluster Server, PATROLAgent, and OS KM here.

Install the PATROLKM for MicrosoftCluster Server, PATROLAgent, and OS KM here.

PATROL Console here.

Node 1 - quorum ownerNode 2

Cluster 1

Install the PATROL Console here.

Install the Agent, MCS KM, and Microsoft Windows OS KM on all nodes in the cluster



How to Install the PATROL KM for Microsoft Cluster Server

Before you begin installing the PATROL KM for Microsoft Cluster Server, you must have the following completed:

■ know the user name and password of the cluster connection account■ installed the PATROL KM for Microsoft Windows OS and loaded the

NT_BASE.kml

■ installed the PATROL Agent

Cluster connection account

For each cluster, the cluster connection account (specified in the cluster administrator) must have the appropriate permissions and trusts to establish a session with the cluster. For more information about the cluster account, see “PATROL KM for Microsoft Cluster Server account” on page 48.

You can verify that the cluster connection account has the appropriate permissions by logging into the cluster-level agent with the selected account and connecting to the cluster with either the Microsoft Cluster Administrator GUI or the cluster.exe command-line tool.

For information about how the PATROL Agent supports an application in a cluster environment and what type of failover tolerance the agent provides, see the PATROL Agent Reference Manual.

Support for Quorum Configurations in a failover cluster

PATROL KM for Microsoft Cluster Server has added support for the Microsoft Windows server 2008 cluster.

Support for external CLA

■ Node and File share Majority■ Node and Disk Majority■ Node Majority■ No Majority: Disk only

NOTE If you use Windows Server 2008 as an external CLA, you must install Failover Clustering tools from Server Manager. By default, the cluster.exe is not present in Windows 2008 non-cluster computer.


Considerations for using online Help

Support for internal CLA

■ No Majority: Disk only

Installation process

The PATROL KM for Microsoft Cluster Server installation process consists of the following tasks:

1 Install the following components on each cluster node:

■ PATROL Agent■ PATROL KM for Microsoft Cluster Server■ PATROL KM for Microsoft Windows

2 This task is only required if you are using an external CLA. Install the following components on each computer that contains an external cluster-level agent:

■ PATROL Agent■ PATROL KM for Microsoft Cluster Server

3 Install the PATROL KM for Microsoft Cluster Server on the computer that has your PATROL Console. This component can exist on the same computer as the external cluster-level agent or on a cluster node.

Considerations for using online HelpIf you plan to install the UNIX version of PATROL for Windows Servers on a PATROL Console for UNIX, you must install the supported version of the Help browser separately if it is not already installed.

WARNING Do not load the PATROL KM for Microsoft Cluster Server on a virtual agent.



Browser version required for viewing PATROL Console for UNIX Help

The appropriate one of the following browsers is required to view PATROL Help in PATROL version 3.x:

■ UNIX: Netscape Navigator version 3.01 through 4.78■ Red Hat Linux: Netscape Navigator version 4.x

PATROL Help does not support Netscape Navigator 6.0.

Installation requirement

You must install Netscape Navigator on the computer where the PATROL console resides. You can install Netscape anywhere on your UNIX computer as long as the binary is in the path.

Download location

Netscape Navigator is supplied by Netscape Communications Corp. You can locate the browser at http://home.netscape.com/download.

Additional considerations for using online Help for UNIX

When you select Help from the PATROL Console for UNIX, it may take a few seconds for the Help browser to launch. Two windows will be displayed. First, the Netscape Navigator window is displayed as an icon, and then a browser window that contains the Help is displayed.

In addition, you must be aware of the following restrictions:

■ Netscape Navigator displays warning messages when it is invoked multiple times within the same user account because of its file-locking mechanism. It will, however, continue functioning.

■ By default, when Netscape Navigator starts, it uses a private color map. As a result, you might experience color flashing on your workstation. If so, you can set the value of PATROL_BROWSER so that the colormap option is not specified. However, some subsequent color requests might fail and the online Help will be improperly displayed.

■ The Exceed for Windows product by Hummingbird Communication Ltd. may not always display the Help files properly.



Consult your Netscape Navigator documentation for specific platform requirements and restrictions.

Required environment variables settings for the browser

The LANG, PATH, and PATROL_BROWSER environment variables must be set for the Help browser to run properly. The following sections describe these variables.

LANG variable

The UNIX LANG environment variable must be set to C so that Netscape Navigator will work properly. Otherwise, you might experience product failures.

PATH variable

The PATROL user account PATH variable must contain the location of the directory containing the Netscape files. If the directory containing the Netscape files is not in the path, add the directory to the PATROL user account path.

This requirement applies only to the PATROL user account on the PATROL console computer.

PATROL_BROWSER variable

When PATROL starts the Help browser, it uses the command in the PATROL_BROWSER environment variable. As a default, the PATROL_BROWSER environment variable contains the following command:

Type of shell Export command for LANG variable

Bourne LANG=Cexport LANG

Korn export LANG=C

C setenv LANG=C

Type of shell Export command for PATH variable

Bourne PATH=$PATH:/netscape_locationexport PATH

Korn export PATH=$PATH:/netscape_location

C setenv PATH=$PATH:/netscape_location


Uninstalling PATROL for Windows Servers

To use different arguments, set the value of PATROL_BROWSER to the appropriate string.

Uninstalling PATROL for Windows ServersTo uninstall PATROL for Windows Servers, you can use the Windows Add/Remove Programs functionality or the installation utility that you used to install the product.

Determining the version of the installation utility

To determine the version of the installer, perform the following procedure.

1 Access a command prompt and navigate to the appropriate location:

(Windows) <BMC_ROOT>\Uninstall

(UNIX) <BMC_ROOT>/Uninstall

2 Type the following command and press ENTER.

(Windows) uninstall.exe -v

Type of shell Export command for PATROL_BROWSER variable

Bourne PATROL_BROWSER=netscape -display $DISPLAY -install -iconicexport LANG

Korn export PATROL_BROWSER=netscape -display $DISPLAY -install -iconic

C setenv PATROL_BROWSER=netscape -display $DISPLAY -install -iconic

EXAMPLE For a Korn shell:

export PATROL_BROWSER=/usr/local/bin/netscape -raise

WARNING If you use a different version of the installation program to uninstall the product than the version that you used to install the product, you might remove files that are needed to perform uninstallation of other BMC Software products.



(UNIX) ./uninstall.sh -v

Uninstalling PATROL for Windows Servers on Windows

You can use the option that is appropriate for what you want to uninstall to uninstall PATROL for Windows Servers. The following procedures describe how to uninstall products from a Windows environment and all related log files.

To uninstall individual products

1 From the Uninstall directory in your BMC Software product installation directory, double-click uninstall.exe to launch the installation utility in uninstall mode.

When installing on a Windows Server in application mode or with Citrix Metaframe installed, perform the following steps to launch the installation utility in uninstall mode:


change user/install

B Change to the Uninstall directory and enter the following command to start the installation Web server:

uninstall.exe -serveronly


C On another machine with a browser, start the browser.

D Connect to the installation Web server from the browser to start the installation utility by using the URL that is displayed in the message box.

The Welcome window is displayed. Click Next.

2 Select the installation directory from which you want to remove a product, and click Next.

NOTE As an option, you can launch the installation utility in uninstall mode by choosing Start => Settings => Control Panel => Add/Remove Programs and double-clicking BMC Software Tools in the Add/Remove Programs Properties dialog box.



3 Select the product or products that you want to uninstall, and click Next.

4 Review your selections and click Uninstall.

After the uninstallation is complete, a window is displayed that tells you whether the uninstallation was successful.

To retain log files and configuration files

This task describes how to uninstall the PATROL product but retain log files, which contain history for future analysis, and configuration files for redeployment.

1 Uninstall all products as described in “To uninstall individual products” on page 81.

2 Locate the uninstall.ctl file in the following directory.

%PATROL_HOME%\Uninstall\Install\instdata

3 Open the uninstall.ctl file in a text editor, and edit the /BMC/Base variable to specify the name of the directory from which you removed the products in step 1.

4 Open a command line prompt.

5 Change to the following directory.

%PATROL_HOME%\Uninstall\Install\ instbin

6 Enter the following command.

thorinst.exe -uninstall path to control file -log path to log file -output path to output log file

Use the following table to help determine the log file and output log file locations:

Option Description Value

-log sends the log information to a standard log file

This file contains all installation status information.

any valid path and file name (with a .txt extension)

If a space exists in the path, the entire path must be enclosed in quotation marks.

-output sends the log information to an output log file

This file contains all messages about the progress of the installation that are normally sent to standard output.





Example

If C:\Program Files\BMC Software is your product installation directory, you would change to the C:\Program Files\BMC Software\Uninstall\ Install\instbin directory and enter the following command:

This action would remove all installation files and directories except those that are used by the utility at the time the uninstallation was performed. Log files, configuration files, and user-modified files would also be retained.

To uninstall all log files and configuration files

This task describes how to remove all PATROL products and related log files and configuration files from your Windows computer. Once these files have been removed, you cannot recover them unless you have made a back-up copy of the installation.

1 Uninstall all products as described in “To uninstall individual products” on page 81.

2 Locate the uninstall-all.ctl file in the following directory.

%PATROL_HOME%\Uninstall\Install\instdata

3 Open the uninstall-all.ctl file in a text editor, and edit the /BMC/Base variable to specify the name of the directory from which you removed the products in step 1.

4 Open a command line prompt.

5 Change to the following directory.

%PATROL_HOME%\Uninstall\Install\instbin

6 Enter the following command.

thorinst.exe -uninstall path to control file -log path to log file -output path to output log file

thorinst.exe -uninstall “C:\Program Files\BMC Software\Uninstall\Install\instdata\uninstall.ctl” -log Z:\NetworkLogs\MyLogs.txt -output Z:\NetworkLogs\MyLogs.out



Use the following table to help determine the log file and output log file locations:

Example

If C:\Program Files\BMC Software is your product installation directory, you would change to the C:\Program Files\BMC Software\Uninstall\Install\instbin directory and enter the following command:

This action would remove all installation files and directories. The files that were used to perform the uninstallation will be marked for deletion and will be removed when the computer on which the products were uninstalled is rebooted.

Option Description Value

-log sends the log information to a standard log file

This file contains all installation status information.



-output sends the log information to an output log file

This file contains all messages about the progress of the installation that are normally sent to standard output.



thorinst.exe -uninstall “C:\Program Files\BMC Software\Uninstall\Install\instdata\uninstall-all.ctl” -log Z:\NetworkLogs\MyLogs.txt -output Z:\NetworkLogs\MyLogs.out



Where to go from hereThe following table lists other topics and where you can find them:

Topic Source of Information

overview of the PATROL for Windows Servers features

Chapter 1, “Product components and capabilities”

setting up and configuring PATROL for Windows Servers

Chapter 3, “Loading and configuring PATROL for Microsoft Windows Servers,” and PATROL for Windows Servers component online Help

instructions about how to access the KM menu commands, InfoBoxes and online Help

Appendix A, “Accessing menu commands, InfoBoxes, and online Help”

information about PATROL for Windows Servers configuration variables and predefined rulesets

Appendix B, “Agent configuration variables and rulesets”

listing of the KM included with each PATROL for Windows Servers component

Appendix C, “PATROL for Microsoft Windows Servers .kml files”

step-by-step procedures and detailed descriptions of the applications, parameters, and InfoBoxes

PATROL for Windows Servers component online Help


C h a p t e r 3
3 Loading and configuring PATROL for Microsoft Windows Servers
This chapter provides information about how to begin using and configuring the PATROL for Microsoft Windows Servers components. The following topics are discussed in this chapter:

Preparing to use PATROL for Windows Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89Loading and preloading KMs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90Loading the PATROL for Microsoft Windows Servers KMs . . . . . . . . . . . . . . . . . 91Preloading KMs on the PATROL Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94Requirements for configuring from the PATROL Console. . . . . . . . . . . . . . . . . . . 97

Configuring the PATROL KM for Microsoft Windows OS. . . . . . . . . . . . . . . . . . . . . 101Enabling and disabling system monitoring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102Configuring Windows events monitoring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103Configuring service monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114Configuring process monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117Creating custom parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124Viewing event logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125Configuring Blue Screen monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126Notifying when disks are not present . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126Providing nonaggregate values for a drive instance . . . . . . . . . . . . . . . . . . . . . . . 127

Configuring recovery actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128About recovery actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128Built-in native recovery actions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129Configuring built-in native recovery actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130

Configuring e-mail notification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132Using notification scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133Defining notification servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136Assigning notification servers for the remote agents. . . . . . . . . . . . . . . . . . . . . . . 138Assigning notification targets for a PATROL alert. . . . . . . . . . . . . . . . . . . . . . . . . 140

Configuring the PATROL KM for Microsoft Active Directory . . . . . . . . . . . . . . . . . . 141Configuring PATROL Wizard for Microsoft Performance Monitor and WMI . . . . 142

Loading the PATROL Wizard for Microsoft Performance Monitor and WMI . 142Creating performance monitor parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143Setting alarm thresholds. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144


Creating WMI parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144Configuring the PATROL KM for Log Management . . . . . . . . . . . . . . . . . . . . . . . . . . 147

Stop and start monitoring all default log files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149Stop monitoring a log file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149Start monitoring a log file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150Change the setup of a monitored file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156Filter log file messages (create a search string) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157Generate a custom event when a search string is identified . . . . . . . . . . . . . . . . . 160Configure recovery actions for a log file. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164

Configuring the PATROL KM for Microsoft Cluster Server . . . . . . . . . . . . . . . . . . . . 165Using the PATROL Adapter for Microsoft Office to view reports . . . . . . . . . . . . . . . 166

Displaying PATROL data by using the PATROL Adapter for Microsoft Office 167How to use the PATROL Adapter for Microsoft Office . . . . . . . . . . . . . . . . . . . . . 168Built-in report templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168

Removing KMs from your console and agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170Unloading KMs from a PATROL console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171Stopping preloaded KMs from running on the PATROL Agent . . . . . . . . . . . . . 173


Preparing to use PATROL for Windows Servers


If PATROL for Windows Servers has not been installed, see Chapter 2, “Installing and migrating PATROL for Windows Servers.” After installing, return to this section for information about how to configure the components.

Before configuring the PATROL for Windows Servers components, you should verify that the following software requirements are met:

■ A supported version of a PATROL Console version 3.x and PATROL for Windows Servers must be installed on the computer you want to use for the PATROL Console.

■ A supported version of the PATROL Agent and PATROL for Windows Servers must be installed on the computer you want to monitor and manage.

■ If you are using PATROL Central Operator – Microsoft Windows Edition or PATROL Central Operator – Web Edition, the KMs that you want to use must be installed on the computer hosting the PATROL Console Server.

You should also verify that you have access to all required information about the monitored domain controllers or Windows servers.

NOTE In this chapter, the term Knowledge Module (KM) is usually equivalent to a .kml file. A .km file is equivalent to an application class, which is a subset of a KM or .kml file.

NOTE For supported versions of PATROL products, see the release notes for the version of PATROL for Microsoft Windows Servers that you are installing.

EXAMPLE If you want to monitor the operating system, ensure that you have the PATROL Console and the PATROL KM for Windows OS installed on the console machine and the PATROL Agent and the PATROL KM for Windows OS installed on the agent machine.



Loading and preloading KMs

When you load a KM from the PATROL Console for Windows or the PATROL Console for UNIX, the KM files are loaded on all the PATROL Agents to which the console is connected. The KM icons appear in the console, usually under each agent icon, during discovery. Each PATROL Agent then collects data based on the instructions defined in the KM.

Preloading KMs is a PATROL Agent feature that causes KM files to continue to run on the agent when no consoles are connected. KMs that are not preloaded collect data only while a PATROL console is connected to the PATROL Agent.

Determining which KMs to load

Before you can use the KMs that you have installed, the KM files must be loaded into the PATROL console so that the product’s applications, commands, and parameters appear in the PATROL console. Table 16 lists the KM files in this product that you can load. You can find the steps for loading KM files in “Loading the PATROL for Microsoft Windows Servers KMs” on page 91.

Determining which KMs to preload

Preloaded KMs collect data as long as the PATROL Agent runs, even when no PATROL console is connected. When you view a preloaded KM’s data collection history, you will not see any gaps that would otherwise occur (because of the console’s absence).

By default, no .kml files are preloaded on the PATROL Agent. To use the .kml files described in Table 16, add them to the preload list for the appropriate PATROL Agents and load them on the console. You can find the steps for loading and preloading KMs in the following sections:

■ “Loading the PATROL for Microsoft Windows Servers KMs” on page 91■ “Preloading KMs on the PATROL Agent” on page 94

Table 16 PATROL for Microsoft Windows Servers .kml files (Part 1 of 2)

.kml file Component Description

COM.kml PATROL KM for Microsoft COM+ loads application classes to monitor COM+ packages

HISTORY.kml PATROL History Loader KM loads application classes to monitor PATROL KM parameter history

MSMQ.kml PATROL KM for Microsoft Message Queue

loads application classes to monitor Microsoft Message Queue (MSMQ)



Loading the PATROL for Microsoft Windows Servers KMs

This section provides instructions for loading the PATROL for Microsoft Windows Servers KMs on each of the PATROL consoles.

Before you begin

Make sure you have met the following requirements:

■ the components that you want to load on the agent and console computers are installed

■ the agents to which you want to load components are running■ the PATROL Console is running

NT_LOAD.kml

NT_BASE.kml

NT_HYPER-V.kml

PATROL KM for Windows OS loads application classes to monitor the operating system

MWD_ACTIVE_Directory_MN.kml

PATROL KM for Windows Active Directory

loads the application classes to monitor Active Directory

NTD.kml PATROL KM for Windows Domain Services

loads application classes to monitor the domain controller resources

MCS_Load.kml PATROL KM for Microsoft Cluster Server loads application classes that are used to monitor Microsoft server clusters

NT_PERFMON_WIZARD.kml


loads application classes that are required to use the PATROL PerfMon and WMI Wizard

EVENT_MANAGEMENT.kml

PATROL KM for Event Management loads application classes required to configure alerts, such as e-mail or paging notifications

LOG.kml PATROL KM for Log Management loads application classes required to configure log monitoring

Table 16 PATROL for Microsoft Windows Servers .kml files (Part 2 of 2)

.kml file Component Description



To load KMs on the PATROL Console for Windows Servers

1 Choose File => Load KM from the PATROL Console menu bar.

2 Select one or more of the .kml files in Table 16 on page 90 that correspond to the components that you want to load. For detailed information about the application classes that are loaded with these .kml files, see “PATROL for Microsoft Windows Servers .kml files” on page 282.

3 Click OK.

To load the KM on a PATROL Console for UNIX

1 Choose File => Load KM from the PATROL Console menu bar.

2 Select one or more of the .kml files in Table 16 on page 90 that correspond to the components that you want to load. For detailed information about the application classes that are loaded with these .kml files, see “PATROL for Microsoft Windows Servers .kml files” on page 282.

3 Click Open.

NOTE If you have installed PATROL KM for Microsoft Windows OS over a previous version, the first time you load the KM, several minutes may be required to migrate forward existing configuration settings. If the KM icons do not appear within 10 minutes, open and read the information in the PATROL system output window.

NOTE Unless you are an advanced PATROL user, use the .kml files to load product component files. Loading individual .km files can break the interdependencies between the .km files.

NOTE If you have installed PATROL KM for Microsoft Windows OS over a previous version, the first time you load the KM, several minutes may be required to migrate forward existing configuration settings. If the KM icons do not appear within 10 minutes, open and read the information in the PATROL system output window.

NOTE Unless you are an advanced PATROL user, use the .kml files to load product component files. Loading individual .km files can break the interdependencies between the .km files.



To load the KM on PATROL Central Operator - Windows Edition

1 In the Common Tasks tab of the Operator Console Module Taskpad, click the Load Knowledge Module(s) icon.

PATROL Displays the Load Knowledge Module(s) Wizard.

2 To start the wizard, click Next.

3 From the Managed System screen, select the managed system that you want to load KMs on.

4 From the Knowledge Modules screen, select the KMs that you want to load. For detailed information about the application classes that are loaded with these .kml files, see “PATROL for Microsoft Windows Servers .kml files” on page 282.

5 Click Finish.

The KMs that you selected are loaded on the managed system, added to your management profile, and displayed in the PATROL Central Operator tab.

To load the KM on PATROL Central - Web Edition

PATROL Central - Web Edition has a Loading KMs feature that enables you to control which KMs are loaded on which computers.

1 From the Monitored Systems page, click the Load/Unload KMs button.

The Load KMs page opens, listing each computer on which a PATROL Agent has been installed.

2 Select the computers on which you want to load KMs, and click Next.

The Load KMs page displays a list of available .km and .kml files.

If you selected more than one computer, the only .km and .kml files that are listed are the ones that have been installed on all of the selected computers. If a particular .km or .kml file was installed only on one computer, you must choose that computer by itself to load the file.

3 Select the .km or .kml files that you want to load.

4 Click Finish.

PATROL loads the selected KMs on the selected computers.



Preloading KMs on the PATROL Agent

If you want your KMs to continue collecting data even when no console is running, you must preload your KMs on the PATROL Agent. A preloaded KM is a KM that is loaded by the PATROL Agent at startup and runs as long as the PATROL Agent runs. To preload a KM, add it to the agent’s preload list. You can update the preload list by using one of these methods:

■ use the PATROL Configuration Manager to apply one of the predefined rulesets to the PATROL Agent (see “PATROL for Microsoft Windows Servers rulesets” on page 257)

■ using the wpconfig or xpconfig utility

Preloading using the wpconfig utility

This section describes how to use the wpconfig utility to preload KMs on the PATROL Agent. For information about the wpconfig ir xpconfig utility, see the PATROL Agent Reference Manual.

Before you begin

■ The PATROL Agent must be running.

■ The wpconfig utility must be installed on a computer that can access machines that are running the PATROL Agent over the network.

■ You must have permission to modify the configuration change file (.cfg).

To use wpconfig to preload a KM from the PATROL Console for Microsoft Windows

1 From a Windows command window, type wpconfig.

The wpconfig window is displayed.

2 From the menu bar, choose Tools => Get Configuration.

NOTE If you want to load a .km or .kml file that was not listed in Step 2, ensure that the KM is installed on the appropriate computer and select only that computer in Step 2.



The Get Configuration dialog box is displayed.

3 In the Host Name field, enter the name of a computer that is hosting the PATROL Agent and click OK.

The wpconfig utility gets the PATROL Agent’s configuration.

4 In the left pane, click the AgentSetup folder.

The variables in the AgentSetup folder are displayed in the right pane.

5 Scroll down the variable list and double-click the preloadedKMs variable.

The Modify Variable dialog box is displayed.

6 In the Change Entries field, double-click the highlighted REPLACE line.

The Change Entry dialog box is displayed.

7 In the Type field, leave REPLACE.

8 In the Value field, use the comma-separated format without spaces to type the names of the .kml files that you want to preload. See Appendix C, “PATROL for Windows .kml files” for a list of the KMs that are available in this product.

For example, a valid and typical preloaded KMs list is as follows:

NT_BASE.kml,COM.kml,NT_PERFMON_WIZARD.kml

9 Click OK.

The Change Entry dialog box closes.

10 In the Modify Variable dialog box, click OK to close the box.

11 From the Tools menu, choose Apply Configuration.

The Apply Configuration dialog box is displayed, listing the PATROL Agent host name to which you are connected.

12 Click OK to apply your updated configuration to the PATROL Agent.

13 Save your changes to the configuration change file by clicking the Save button.

14 Close the wpconfig window.



Using wpconfig to remove KMs from the Agent preload list

If you want to remove a KM or application class so that it no longer runs on the PATROL Agent, remove the corresponding .kml or .km file from the agent preload list, as described in this task.

Before you begin

■ The PATROL Agent must be running.

■ The wpconfig utility must be installed on a computer that can access machines that are running the PATROL Agent over the network.

■ You must have permission to modify the configuration change file (.cfg).

To use wpconfig to remove a KM from the preload list in the PATROL Console for Microsoft Windows

1 From a Windows command window, type wpconfig.

The wpconfig window is displayed.

2 From the menu bar, choose Tools => Get Configuration.

The Get Configuration dialog box is displayed.

3 In the Host Name field, enter the name of a computer hosting the PATROL Agent and click OK.

The wpconfig utility gets the PATROL Agent’s configuration.

4 In the left pane, click the AgentSetup folder.

The variables in the AgentSetup folder are displayed in the right pane.

5 Scroll down the variable list and double-click the preloadedKMs variable.

The Modify Variable dialog box is displayed.

6 In the Change Entries field, double-click the highlighted REPLACE line.

The Change Entry dialog box is displayed.

7 In the Type field, leave REPLACE.



8 In the Value field, delete the .kml file names that you want to remove from the preload list. See Appendix C, “PATROL for Windows .kml files” for a list of the KMs that are available in this product.

9 Click OK to close the Change Entry dialog box.

10 Click OK to close the Modify Variable dialog box.

11 From the Tools menu, choose Apply Configuration.

The Apply Configuration dialog box is displayed.

12 Click OK to apply your updated configuration to the PATROL Agent.

13 Save your changes to the configuration change file by clicking the Save button.

14 Close the wpconfig window.

Requirements for configuring from the PATROL Console

When using the PATROL Console to configure or manage the PATROL KM for Microsoft Windows OS, verify that the console connection account, the account that you use to connect to the agent, meets the following requirements:

■ is a member of the local Administrators group on the agent computer■ has the right Log on as a Batch Job assigned

If the console connection account does not meet these requirements, the features described in Table 17 are not available.

Table 17 Console functionality that requires local admin rights (Part 1 of 4)

KM Functionality Menu command Behavior

PATROL KM for Microsoft Active Directory

Running the AD Operations report

AD Operations Report

System Output details the need for a sufficient connection account. One can grant read/write permission to the connection account to %PATROL_HOME%\Patrol\tmp for this to work or add the connecting user to the Server Operators group on the agent machine.


Deleting account information

Delete Access Information

Message is displayed with failure to remove account information.



PATROL KM for Windows Domain Services

Running an availability report with the Remote Servers KM

Availability Report A blank report is displayed. This report uses Agent history data. Give the connecting account full access to the %PATROL_HOME%\tmp directory structure

Running a Server Information report with the Remote Servers KM

Server Information Report

A blank report is displayed. Give full access to the %PATROL_HOME%\tmp directory structure to the connecting account.

Displaying information about a user using the Users KM

Display User Information

A blank report is displayed. Give the connecting account full access to the %PATROL_HOME%\tmp directory structure

Stopping or Starting the WINS service

Start/Stop WINS Service

A message is displayed detailing the inability to access the resource. Add the connecting account to the built-in Administrators group on the Agent machine.

Starting or stopping the DFS service

Start/Stop DFS Service

Message is displayed indicating inability to access service. Add the connecting account to the built-in Administrators group on the Agent machine.

Running the DFS Operations report

DFS Operations Report

Report is blank. Give the connecting account full access to the %PATROL_HOME%\tmp directory structure, or add the account to the Server Operators group on the Agent machine.





PATROL KM for Windows Domain Services, continued

Starting or stopping the DFS Replica service

Start/Stop Replica DFS Service


Disconnecting DFS users

View/Disc. Connected Users

Users are not disconnected. Add the PATROL Agent default account to the Account Operators, Print Operators or Server Operators built-in group.

Compressing the DHCP database

Compress DHCP Database

Message is displayed indicating inability to access database. Add the connecting account to the built-in Administrators group on the Agent machine.

Starting or stopping the DHCP service

Start/Stop DHCP Service


Stopping or Starting the DNS service

Start/Stop DNS Server Service

A message is displayed detailing the inability to access the resource. Add the connecting account to the built-in Administrators group.

PATROL KM for COM+

Starting or Stopping the DTC

Start/Stop DTC Service

Access Denied message is displayed. Add the connecting account to the built-in Administrators group on the Agent machine.

Viewing application properties

View application properties

An unable to view message is displayed. Add the connecting account to the built-in Administrators group.

PATROL KM for MSMQ

Starting or stopping the MSMQ service

Start/Stop MSMQ Service

Access Denied message is displayed. Add the connecting account to the built-in Administrators group on the Agent machine.





Supplying an impersonation account

On Windows 2000, the user right Act as part of the operating system is also required by the PATROL Agent when it impersonates an account. That is, when it uses an account that you enter to perform the requested action. If the agent default account has this right and it has the user right Log on as batch job, but PATROL still cannot perform the request, you may need to also assign the user right Bypass traverse checking to the PATROL Agent default account.


Configuring Blue Screen KM (NT_BSK) system recovery actions

Set System Recovery Actions

A pop-up window displays a message stating that the connecting user must have administrator privileges.

Configuring Blue Screen monitoring (NT_BSK)

Configure BlueScreen Monitoring

You can use the three options provided to configure the KM. The KM looks for the crash dump file as well as the event (ID 6008).

Configuring Windows operating system quotas

Configure Operating System Quotas

The KM prompts you to supply an administrative account that includes the user right Log on as batch job on the PATROL Agent machine.

For more information, see “Supplying an impersonation account” on page 100.

Managing Windows services, such as starting and stopping services or changing service startup properties

Manage Windows Operating System Services


For more information, see “Supplying an impersonation account” on page 100.

Viewing the Windows security event log

Windows Event Viewer

You can view event logs, other than the security event log, but you cannot change properties. Add the right Manage Auditing And Security Log to the agent account and the console connection account.

Managing Windows event logs

Windows Event Viewer


For more information, see “Supplying an impersonation account” on page 100

Viewing server-based reports

OS Reports Blank Microsoft Excel spreadsheets are displayed.




Configuring the PATROL KM for Microsoft Windows OS


The following section describes how to configure key features of the PATROL KM for Microsoft Windows OS. For more detailed step-by-step configuration instructions, see the PATROL KM for Microsoft Windows OS online Help.

For information about PATROL KM for Microsoft Windows OS configuration tasks, see the referenced sections in Table 18 on page 101. For more information about accessing KM menu commands, see “Accessing KM commands and InfoBoxes” on page 214.

Table 18 PATROL KM for Microsoft Windows OS configuration tasks

Tasks Menu command Page

configure Windows event monitoring

From the PATROL Console, access the Windows Event application and choose the KM menu command Configure Windows Event Monitoring.

103

configure service monitoring From the PATROL Console, access the Services application and choose the KM menu command Configure Service Monitoring.

114

configure process monitoring

From the PATROL Console, access the Processes application and choose the KM menu command Configure Manual Process Monitoring.

117

configure built-in recovery actions

From the PATROL Console, access the host application and choose the KM menu command Configure Recovery Actions.

130

create custom parameters From the PATROL Console, access the CompositesColl application and choose the KM menu command Create Expressions.

124

view event logs From the PATROL Console, access the Windows Event application and choose the KM menu command Windows Event Viewer.

125

configure blue screen monitoring

From the PATROL Console, access the NT_BSK application and choose the KM menu command Configure Blue Screen Monitoring.

126

notify when disks are not present

From the PATROL Console, access the NT_PHYSICAL_DISK_ CONTAINER and the NT_LOGICAL_DISK_CONTAINER applications and choose the KM menu command Acknowledge.

126



Enabling and disabling system monitoring

This section describes how to enable and disable the monitoring of basic server systems. By default, the monitoring for all discovered systems is enabled. To disable or enable monitoring, use the menu command shown in Table 19. The menu command displays a dialog that allows you to exclude or include systems from monitoring. For additional instructions, click the Help button available on the dialog.

Table 19 Enabling and disabling system monitoring

System Monitored by default To enable or disable

processors all processors discovered on the system

From the PATROL Console, access the Processors application and choose the KM menu command Enable-Disable Processor Monitoring.

physical disks

all physical disks discovered on the system

From the PATROL Console, access the Physical Disks application and choose the KM menu command Enable-Disable Physical Disk Monitoring.

logical disks

all logical disks discovered on the system

From the PATROL Console, access the Logical Disk application and choose the KM menu command Enable-Disable Logical Disk Monitoring.

To monitor logical disks, PerfMon counters must be enabled. For more information, see “Monitoring logical or physical disk drives.”

pagefiles all pagefiles discovered on the system

From the PATROL Console, access the Pagefiles application and choose the KM menu command Enable-Disable Pagefile Monitoring.

event logs all event logs listed in the registry

From the PATROL Console, access the Windows Events application and choose the KM menu command Enable-Disable Windows Event Log Monitoring.

To monitor the security event log, the PATROL Agent default account must have the user right Manage auditing and security log.

network protocols

all network protocols that are installed on the system

From the PATROL Console, access the Network Protocols application and choose the KM menu command Enable-Disable Protocol Monitoring.

network interfaces

all network interfaces discovered on the system

From the PATROL Console, access the Network Interfaces application and choose the KM menu command Enable-Disable Network Interface Monitoring.

printers all printers discovered on the system

From the PATROL Console, access the Printers application and choose the KM menu command Enable-Disable Printer Monitoring.

job objects all job objects discovered on the system

From the PATROL Console, access the Job Objects application and choose the KM menu command Enable-Disable Job Object Monitoring.



Monitoring logical or physical disk drives

If no data appears for the NT_LOGICAL_DISK application class, run one of the following diskperf commands from a command-line window to ensure that the Microsoft diskperf counters are enabled:

■ diskperf -yv for Windows 2000 (restart required)■ diskperf -y for Windows Server 2003 (no restart required)

For the platforms shown above, Microsoft requires that you restart the system after running the diskperf command. For more information, see Microsoft Knowledge Base article Q262937, “PRB: RegQueryValueEx() May Not Return Disk Performance Counters.”

Configuring Windows events monitoring

To monitor for specific Windows events, PATROL allows you to create event filters. Event filters specify the type of events to monitor and how to monitor them. You can create event filters by specifying the types of events that you want to monitor based on the event’s source, ID, type, and content. However, before you can create a filter for a Windows event, you must enable the monitoring of that Windows event log. If the events you want to monitor have unregistered sources, but you can manually add those events.

Once you have enabled the monitoring of the Windows Events, you can set up a filter to scan the event log for specific events. For example, you might want to monitor the WinMgmt events. The event filter options provided using the Configure Windows Event Monitoring => Create Filter or => Modify Filter menu commands from a Windows Event instance enable you to set up the monitoring of an event in many different ways.

You can remove a Windows event filter at any time, and you can turn off an event filter.

See the following topics for more information:

■ “Enable and disable monitoring of Windows events” on page 104■ “Display events with unregistered sources” on page 104■ “Example: creating an event filter to monitor WinMgmt events” on page 105■ “Event filter options” on page 105■ “Turning off an event filter” on page 114



Enable and disable monitoring of Windows events

Before you can create an event filter, you must enable the monitoring of the Windows event log. By default, all Windows event logs are monitored if they are registered in the Windows registry at the following location:

HKLM\SYSTEM\CurrentControlSet\Services\Eventlog

To enable or disable Windows event log monitoring, access the Windows Events application and choose the KM menu command Enable-Disable Windows Event Log Monitoring.

Display events with unregistered sources

When using the PATROL KM for Microsoft Windows OS graphical interface to create an event filter, the events that you choose to monitor must have registered event sources. Unregistered sources do not appear in the interface. To work around this problem, follow these steps to display an unregistered source in the interface so that it can be selected.

1 Using the Configure Windows Event Log Monitoring => Create Filter menu command, create a new filter. In the Create Filter dialog box, select the Filter Property - Source, and deselect the option to Automatically include new sources. This sets the following agent configuration variable to 0:

/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config//EventLogMonitoring/eventlog/EventFilters/filtername/IncludeAllSources

2 Using PATROL Configuration Manager or the wpconfig utility, manually add the unregistered event source to the following agent configuration variable.

/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config//EventLogMonitoring/eventlog/EventFilters/filtername/SourceList/list

3 Apply the change to the PATROL Agent.



Example: creating an event filter to monitor WinMgmt events

Assume that you want to create an event filter that monitors for the following events:

You want to be notified immediately when these particular events occur. However, you want to be notified only when the event is related to the perfproc.dll performance library, not any other performance counter libraries.

In addition, you do not want to be flooded with events, so if these events are generated multiple times within a short period, you want to be notified only once.

Finally, if these events are detected, you want PATROL to remain in alarm until the alarm is acknowledged by an operator.

Using the Event filter options presented in the Configuring Windows Event Monitoring => Create Filter dialog boxes, you can create a filter with all of the properties proposed in this example.

Event filter options

When you choose the Configure Windows Event Monitoring => Create Filter or => Modify Filter menu commands from a Windows Event instance, you are presented with several filter options. Table 21 on page 106 provides you with the name, description, and associated configuration variables for the event filter options you can select.

Table 20 Event filter events:example

Event type Event source

Event category

Event ID Description

Error WinMgmt None 37 WMI ADAP was unable to load the perfproc.dll performance library due to an unknown problem within the library: 0x0

Error WinMgmt None 41 ADAP was unable to process the perfproc.dll performance library due to a time violation in the collect function

Error WinMgmt None 61 WMI ADAP was unable to process the perfproc.dll performance library due to a time violation in the open function



Table 21 Event filter options (Part 1 of 8)

Option DescriptionConfiguration variables

Filter name A unique name that represents the event filter.

If you change the filter name, you will lose the historical data stored under the old name.

The filter name must contain fewer than 127 characters.

child_list

For more information, see “Using the child_list variable” on page 271.

Description A description of the event filter.

You can change the description at any time.

FilterDescription

Report the number of events....

If you select this option, PATROL monitors the number of events that match the filter criteria during each collection cycle.

Depending on which event types the filter monitors, the following parameters are used to report this data:

■ ELMError■ ELMWarning■ ELMInformation■ ELMStatus■ ELMSuccessAudit■ ELMFailureAudit■ ELMOtherTypes

EventReport

Notify PATROL immediately....

If you select this option, PATROL immediately updates the appropriate parameter when an event matches the filter criteria.

Depending on which event types the filter monitors, the following parameters are displayed in an alarm state when an event matches the filter:

■ ELMErrorNotification ■ ELMFailureAuditNotification ■ ELMNotification (This parameter is active only when you

have selected both of the following options: Notify immediately and consolidate event types. For more information, see the description in Event Type tab section of this table.)

■ ELMWarningNotification

For more information about these parameters, see the PATROL KM for Microsoft Windows OS online Help.

NA

Source filter properties

Source Registered sources for which events can be monitored NA

Select/Deselect source(s) for this filter

applications running on the server that PATROL is currently monitoring

SourceList/list



Automatically Include New Sources

If you select this option, this event filter automatically monitors any new applications that are added to the system

IncludeAllSources

Disable Case Sensitivity

If you select this option, the event filter makes filter comparisons in a case-independent manner

FilterDisableCase

Event Type filter properties

Select Event Types to monitor

the Windows event types monitored by this event filter EventType

Consolidate event types...

If you select this option, events of different types (Warning, Information, and Error, for example) are reported using one parameter: ELMStatus (or ELMNotification if you have also chosen to be notified immediately when the event occurs).

If you want to have separate parameters for each event type that can alarm independently, deselect this option.

ConsolidateEventTypes

Event ID filter properties

Enter a Windows Event ID or a range of IDs

The Microsoft Windows event IDs that you want to monitor with this filter.

To specify a range of event IDs, separate the beginning and ending of the range with a dash. For example, to monitor events 100 through 200, enter 100-200.

EventIdList/list

Include all Windows event IDs in the list

specifies that all of the Windows event IDs in the list are monitored by the event filter

IncludeAllEventIds

Include all Windows event IDs except those in the list

specifies that all of the Windows event IDs except those in the list are monitored by the event filter

Select this option when there are certain event IDs that you are not interested in monitoring and you want to exclude them from the event filter.

IncludeAllEventIds

Event Handling filter properties

Annotate graph parameter...

annotates the PATROL parameter graphs associated with this event filter with information about the event

You can display the annotations by placing the cursor over the graph data points.

Annotation





Write event details...

writes details about the events that occur to a parameter

Depending on which event types the filter monitors, the following parameters are used to report this data:

■ EvRptOfError ■ EvRptOfFailureAudit ■ EvRptOfInformation ■ EvRptOfStatus ■ EvRptOfSuccessAudit ■ EvRptOfWarning■ ELMRptOfOtherTypes■ ELMRptOfNotification (This parameter is active only when

you have selected both of the following options: Notify immediately and consolidate event types. For more information, see the description in Event Type tab section of this table.)

For more information about these parameters, see the PATROL KM for Microsoft Windows OS online Help.

EventReport

Use event details... saves information about the event in the agent configuration variable RetainEventDescriptions so that you can use this information in recovery actions

For example, if you create a recovery action that generates an e-mail when the event filter alarms, you could include the event description in the e-mail.

If you do not use recovery actions or do not plan to use them, deselect this option to limit use of the agent database space.

RetainEventDescriptions





Report multiple events...

When you select this option, PATROL reports a single event when the event occurs many times within a short period.

Example

For example, if you select to report multiple events as one event if 10 events occur within 3 seconds, then if 20 events occur in 2 seconds, the event filter generates an alarm. However, if only 5 events occur in 2 seconds, the event filter does not alarm.

Consolidating event types

If you select this option, event consolidation is also enabled. This means that events of different types (Warning, Information, and Error, for example) are reported using one parameter, ELMStatus (or ELMNotification if you have also chosen to be notified immediately when the event occurs).

Annotation details

Even though one data point may represent multiple events of different types, the data point annotation contains information about each of the events that occurred. For more information about event consolidation, see the description for the Event Type tab in this table.

Resetting to default setting

To return to the default setting, which is not reporting multiple events as one event and not consolidating events, enter 0 as the number of times that the event occurs.

ConsolidationNumber and ConsolidationTime





Acknowledge Alarms

■ Automatically change state to ‘OK’ ...

If you select this option, PATROL returns the filter to an OK state if the events you are monitoring do not occur during the next collection cycle.

■ Remain in alarm until ...

If you select this option, PATROL keeps the filter in alarm until an operator manually acknowledges the alarm.

■ Change state when the following event ...

If you select this option, PATROL changes the filter state from an alarm state to an OK state when the criteria of a second event filter are met.

Requirements for using: You must create an event filter that monitors for the required event and select that event filter from the drop-down list. In addition, the event filter must be configured to notify PATROL immediately when an event matches the filter criteria.

AcknowledgeBy

Advanced properties - Users

Enter the user associated with the event

the user ID of a user whose events you want to monitor

The user name cannot include commas. When entering a user whose name includes special characters that are used in regular expressions, such as a dollar sign ($), a period (.), a parenthesis (), or a slash (/), you must escape each special character with a slash. For example, if the user name is $Smith, you must enter the category as \$Smith.

UserList/list

Include all users in the list

specifies that all of the user IDs in the list are monitored by the event filter

IncludeAllUsers

Include all users except those in the list

specifies that all of the user IDs except those in the list are monitored by the event filter

Select this option when there are certain user IDs that you are not interested in monitoring and you want to exclude them from the event filter.



FilterDisableCase





Advanced properties -- Category

Enter the category associated with the event

the event category that you want to monitor with this event filter

Categories are defined by the application that generates the event.

The category name cannot include commas. When entering a category whose name includes special characters that are used in regular expressions, such as a dollar sign, a period, or a parenthesis, you must escape each special character with a slash. For example, if the category name is (100), you must enter the category as $100$.

CategoryList/list

Include all categories in the list

specifies that all of the categories in the list are monitored by the event filter

IncludeAllCategories

Include all categories except those in the list

specifies that all of the categories except those in the list are monitored by the event filter

Select this option when there are certain categories that you are not interested in monitoring and you want to exclude them from the event filter.

IncludeAllCategories



FilterDisableCase

Advanced properties - Strings

Enter strings The text strings that you want to monitor with this event filter

The text string cannot include commas. When entering strings which include special characters that are used in regular expressions, such as a dollar sign ($), a period (.), a parenthesis (), or a slash (/), you must escape each special character with a slash. For example, if the user name is $Smith, you must enter the category as \$Smith.

StringList/list

Include all strings in the list

specifies that all of the strings in the list are monitored by the event filter

StringList/list

Include all strings except those in the list

specifies that all of the strings except those in the list are monitored by the event filter

Select this option when there are certain strings that you are not interested in monitoring and you want to exclude them from the event filter.

IncludeAllStrings



FilterDisableCase





Advanced properties - Enter a Regular Expression for Source

Enter a Regular Expression for Source

the regular expression that is used as a criteria for including or excluding sources to be monitored with the Windows event filter.

If you have configured the sources for the filter and an event occurs, the event is matched with the configured source list. If the source generating the event does not exist in the configured source list, the source generating the event is compared with the specified regular expression.

For example, if the sources are Norton AntiVirus Client or Symantec AntiVirus Client, the regular expression should be configured as ‘^(Norton|Symantec) AntiVirus Client’.

For more information about using regular expressions, see “Using regular expressions” on page 117.

SourceList/list

Advanced properties - Enter a Regular Expression for Event ID

Enter a Regular Expression for Event ID

the regular expression that is used as a criteria for including or excluding event IDs to be monitored with the Windows event filter.

If you have configured the event IDs for the filter and an event occurs, the event is matched with the configured event ID list. If the event ID does not exist in the configured list, the event ID is compared with the specified regular expression.

For more information about using regular expressions, see “Using regular expressions” on page 117.

EventIdList/list





Creating a Windows event filter

While specifying the advanced options for a Windows event filter, you can now include and exclude strings from filtering simultaneously. For example, if you want to filter a string that contains the word alarm but not the word warn, include the word alarm and exclude the word warn.

To include and exclude strings from filtering while creating or modifying a Windows event filter

1 In the Strings dialog box, select the Include option.

2 Enter the string that you want to include for filtering.

3 Click Apply.

The string is added to the Include List.

4 Select the Exclude option.

Advanced properties - Computer name

Computer name enables you to create a filter that monitors events generated only by a specified computer.

Enter the name of the computer that you want the event log filter to monitor.

You can also use the following new pconfig variables to configure or to view the names of the computers that you want the event log filter to monitor:

■ /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonitoring/eventLog/EventFilters/filterName/ComputerNamesList/list – lists the names of the computers you provided when creating the filter.

■ /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonitoring/eventLog/EventFilters/filterName/IncludeAllCompList – indicates whether all computers are monitored.

You can use the FilterDisableCase pconfig variable to disable case sensitivity for the computer names. The pconfig variable contains a field or bit for computer name.

ComputerNamesList/list





5 Enter the string that you want to exclude from filtering.

6 Click Apply.

The string is added to the Exclude List.

Turning off an event filter

You can temporarily turn off an event filter and then turn it back on at a later time. To turn an event filter on or off, edit the agent configuration variable FilterEnabled.

To turn off an existing event filter

1 Using the PATROL Configuration Manager or the pconfig utility, access the following agent configuration variable:

/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config//EventLogMonitoring/ event log/EventFilters/filter/FilterEnabled

where filter represents the name of the event filter

2 Change the value of the FilterEnabled variable to 0.

The event filter is disabled. It is no longer discovered and does not collect events. To turn the filter back on, change the value of the FilterEnabled to 1.

Configuring service monitoring

By default, PATROL monitors the availability of all system services except those whose startup type is disabled. You can change the monitoring properties of the monitored services or add other services to monitor. Table 22 shows you how the KM monitors each startup type by default.

To change the default settings for services, choose the Configure Service Monitoring menu command from a Services application instance to perform the following tasks:

Table 22 Default service monitoring flags

Startup type Auto restart Alarm

Automatic 1 1

Manual 0 0

Disabled 0 0



■ To add services to the list of monitored services, choose the Configure Service Monitoring => Add Service menu command.

■ To remove services to the list of monitored services, choose the Configure Service Monitoring => Remove Service menu command.

■ To configure monitored services, choose Configure Service Monitoring => Configure Service menu command.

By default, the Windows KM monitors all services with startup type as ‘automatic’ or ‘manual’.

■ If you want to monitor a disabled service, add the service by using the Configure Service Monitoring => Add Service menu command. The Monitor pconfig variable for the service is set to ‘1’.

■ If you add a disabled service and later remove the service by using the Configure Service Monitoring => Remove Service menu command, the Monitor pconfig variable is not set to ‘0’. However, the removedServiceList pconfig variable is updated to contain this particular service.

Thus, Windows KM monitors a service only if the Monitor pconfig variable for the service is set to ‘1’ and the service is not included in the list of the removedServiceList pconfig variable.

Service monitoring options

When you select the Configure Service Monitoring => Configure Service menu command, after you select the service you want to configure, you are presented with the monitoring options. Table 23 provides you with names, descriptions, and default values for these options, and the configuration variable associated with each option.

Table 23 Service monitoring options (Part 1 of 2)

Option DescriptionDefault (yes/no)

Configuration variable

Restart service when stopped

If you select this option, PATROL automatically attempts to restart the service when it is stopped (only for services with a startup type of Automatic). To use this option, you must also select the option “Generate a PATROL Alarm/Warn when the service is stopped.”

Yes AutoRestart

Generate a PATROL Alarm/Warn when the service is stopped

By default, when a service is stopped, PATROL generates an Alarm. However, for a particular service, you can specify a Warning instead. This feature is only for services with a startup type of Automatic.

Yes (Alarm) WarningAlarm



Ensuring that services are restarted as desired

If the services that you are monitoring are not restarted by PATROL as desired, determine the values of the agent configuration variables that affect whether a service is restarted when it goes down. Table 24 shows the possible combinations of values for these variables and how each combination causes PATROL to restart (yes) or not restart (no) a monitored service when it goes down.

.

For more information about these configuration variables, see Appendix B, “Agent configuration variables and rulesets.”

Enable process monitoring for this service

By default, PATROL monitors only whether services are available. To monitor how much memory and CPU a service executable consumes, you must enable process monitoring for the service. When you enable process monitoring, PATROL monitors the service executable process and displays the monitored process beneath the NT_SERVICE application.

No MonitorProcess

Use specified command to check status of non responsive service

This feature is available for advanced users who have developed custom executables that can determine the status of a service.

If you provide such an executable, the value returned by the executable is assigned to the SvcNotResponding parameter. To ensure that an alarm is generated when the service is not responding, you must set the alarm ranges for the SvcNotResponding parameter to correspond to the appropriate value returned by the executable. For example, if the executable returns the value 1 when the service is not responsive, enable the SvcNotResponding Alarm2 as an Alarm and set the alarm range as 1 to 1.

No MonitorNotRespond

Table 24 Configuration variable and service restart: combinations

Service configuration variable Possible values

DisableServiceRestart (global) 0 0 0 0 1 1 1 1

AutoRestart (local) 0 0 1 1 0 0 1 1

OverrideGlobalServiceRestart (local) 0 1 0 1 0 1 0 1

Service is restarted? (yes/no) No No Yes Yes No No No Yes

Table 23 Service monitoring options (Part 2 of 2)





Configuring process monitoring

This procedure describes how to configure PATROL to monitor processes. By default, PATROL does not monitor any processes. With new implementation of process monitoring the name of a process instance does not depend on a process ID. The name of the new process instance depends on the label specified by the user. All the matching processes on a managed node are now monitored as a single instance and the instance parameters display consolidated values for all the matching processes. When configuring monitoring for a specific process, you can use the methods shown in Table 25.

Using regular expressions

When configuring the monitoring of processes, you can use regular expressions to specify the process name only. A regular expression is a sequence of any of the following items:

■ literal character■ matching character■ repetition clause■ alternation clause■ sub pattern grouped with parenthesis

Table 26 provides an overview of the regular expression syntax.

Table 25 Process monitoring options

Method When to use

Manual process monitoring You want to select or specify the processes to monitor and you want to customize how PATROL monitors them.

Automatic process monitoring You want to monitor a process only if it exceeds a specified CPU utilization percentage.

Table 26 Regular expression syntax (Part 1 of 2)

Symbol Description

. matches any character; used as a wildcard when creating a search string

* matches zero or more instances of the previous pattern item

+ matches one or more instances of the previous pattern item

? matches zero or one instances of the previous pattern item

( ) groups sub pattern; repetition and alternation operators apply to the entire preceding sub pattern



To configure manual process monitoring

1 Access the NT_PROCESS application menu (labeled Processes) as described in “Accessing KM commands and InfoBoxes” on page 214, and choose the KM menu command Configure Manual Process Monitoring => Add Process.

2 Select (highlight) the process that you want to monitor, or if the process is not currently running, enter the process name and any appropriate command-line arguments.

You can enter the process name using a regular expression. For more information about regular expressions, see “Using regular expressions” on page 117.

3 Select the Select the process(es) using a regular expression for monitoring check box. PATROL KM for Microsoft Windows adds all the processes for monitoring that contain the name of the selected process.

However, if you do not select this check box, PATROL KM for Microsoft Windows adds only the selected process instances for monitoring.

| allows for alternation of a pattern

For example, to match Hello or hello in a string, the regular expression should read: Hello|hello.

[ ] delimits a set of characters; the range is specified as [x-y]

If the first character in the set is ^, there is a match only when the remaining characters in the set are not present.

^ anchors the pattern to the beginning of the string; this character must be the first character in the set

$ anchors the pattern to the end of the string; this character must be the last character in the set

TIP If you are specifying a process name and you want to ensure that only that specific process is monitored (and not other processes that have that process name as part of their name), use the ^ and the $ regular expression characters to enclose the process name, as shown below.

^processname$

For more information about using regular expression characters, see “Using regular expressions” on page 117.

Table 26 Regular expression syntax (Part 2 of 2)

Symbol Description



4 Select one of the following options:

■ monitor the process(es) only when it is running with the command line arguments shown

■ monitor any occurrence of the selected process(es), regardless of the command-line arguments

5 Click on Next.

6 On the next dialog you can provide a label and following properties for the process instance while adding the process for monitoring:

■ Minimum count: Set the minimum process count threshold.■ Maximum count: Set the maximum process count threshold.■ Acceptable Process Owners: Enter a regular expression for the users who can

run the process, or enter the name of the user who can run the process.■ Use Owner Filter: Select this option if you want to monitor the process instances

that are being run only by the users that are specified in the Acceptable Process Owners field.

7 Click on Add.

For more details about adding a process, see the PATROL KM for Microsoft Windows online Help.

NOTE If you enter multiple regular expressions that match the same process, multiple process instances are created for that process.

WARNING When entering the process name, omit the extension. For example, enter processname argument. Do not enter processname.exe.

Example: svchost -k rpcss

In addition, when entering a process whose name includes special characters that are used in regular expressions, such as a dollar sign ($), or a period (.), you must escape each special character with a slash. For example, if the process name is $abc.exe, you must enter the process name as \$abc.

NOTE The PATROL Agent default account must have the Administrator rights to get the process owner information.



PATROL performs the following actions:

■ The processes you selected are removed from the list of running processes and are added to the list of monitored processes that are shown on the left pane of the Configure Process Monitoring window.

■ The processes you selected are added to the PATROL console, beneath the NT_PROCESS application (labeled Processes).

■ The PATROL Agent begins monitoring the process.

To configure how the process is monitored and managed, see “To configure process control” on page 121.

You can also perform the following functions using the Configure Manual Process Monitoring menu command:

■ To stop monitoring a process, select Configure Manual Process Monitoring => Remove.

■ To modify a monitored process, select Configure Manual Process Monitoring => Process Settings.

To configure automatic process monitoring

1 Access the NT_PROCESS application menu (labeled Processes) as described in “Accessing KM commands and InfoBoxes” on page 214, and choose the KM menu command Configure Automatic Process Monitoring.

2 Change the length of time specified for high CPU utilization.

PATROL defines high CPU utilization as a value higher than 90% or the value specified by the agent configuration variable AlarmThreshold. To use a different threshold percentage, you must create or update the AlarmThreshold agent configuration variable.

To disable this feature, enter any negative number in this dialog box.

3 Click Apply.

When any process consumes high CPU for a period longer than what you specified, PATROL begins monitoring the process and adds the process to the PATROL console, beneath the NT_PROCESS application (labeled Processes).



If a problem occurs

If the Processes folder is not displaying or it does not contain any processes, check the annotation of _DiscoveryStatus and _CollectionStatus parameters of the NT_OS application class.

To disable automatic process monitoring

To disable automatic process monitoring and monitor only the processes you specifically select, follow this procedure.

1 Access the NT_PROCESS application menu (labeled Processes) as described in “Accessing KM commands and InfoBoxes” on page 214, and choose the KM menu command Configure Automatic Process Monitoring.

2 For the length of time specified for high CPU utilization, enter any negative number.

3 Click Apply.

To configure process control

1 Access the NT_PROCESS application menu (labeled Processes) as described in “Accessing KM commands and InfoBoxes” on page 214 and choose the KM menu command Configure Process Monitoring.

2 From the Configure Process Monitoring window, select the monitored process that you want to configure.

3 Select the appropriate options, described in Table 27 on page 122, and then click Apply.



Process monitoring design for the migrated instances

For all the instances of a process that were created with a process ID prior to version 4.2.20 of PATROL KM for Microsoft Windows, a single instance will be created without the process ID in the process instance path. The process instance path will depend upon the method by using which the process was configured in a prior version.

The following examples show the dependency of process instance path on the method of process configuration.

Table 27 Process control options



Restart the process using the specified command when the process is stopped

If you check this option, you must supply the path to an executable that restarts the process and you must include any appropriate command-line arguments.

No StartupCommand

Terminate the process when the process CPU% utilization exceeds the defined PATROL threshold

If you check this option, PATROL terminates the process when it appears to be in a “run away” state. This state is defined by the following criteria:

■ the CPU% utilization exceeds the threshold specified by the agent configuration variable AlarmThreshold. For more information about this variable, see “AlarmThreshold” on page 219.

■ the process exceeds this threshold for the specified length of time

When the process exceeds the threshold for the specified length of time, the process is terminated during the next collection cycle, whose scheduling is determined by the parameter PROCProcessColl. By default, PROCProcessColl collects data every 5 minutes.

No TimeLimitForKillRunAwayProcess

Generate a PATROL Alarm when the process is terminated

If you select this option, the PATROL NT_PROCESS parameter PROCStatus enters an alarm state when the process is terminated.

Yes EnableAlarmIfProcessDown

Generate a PATROL Alarm when the process is started

If you select this option, the PATROL NT_PROCESS parameter PROCStatus enters an alarm state when the process is started.

No EnableAlarmIfProcessStarts



Example 1

If a process called Notepad was added without any arguments, the new process instance path will be created as NOTEPAD_NO_ARGUMENT. All the Notepad instances that were running without arguments will be monitored as a single instance and the instance parameters will display the consolidated values of all the instances.

Example 2

If a process called Notepad was added with any arguments, the new process instance path will be created as NOTEPAD_ANY_ARGUMENT_LIST. All the running Notepad instances on a managed node will be monitored as a single instance and the instance parameters will display consolidated values for all the instances.

Example 3

If a process Notepad was added with specific arguments, the new process instance path will be created as NOTEPAD_ARGUMENTS. All the instances that were running with the same arguments on a managed node will be monitored as a single instance and the instance parameters will display consolidated values for all the instances.

Viewing process details

After you add a process for monitoring, you can view its details such as name, ID, owner, and command-line arguments.

To view process details

1 From the NT_PROCESS application instance, right-click the process instance for which you want to view details, and choose KM Commands => View Process Details.

A new PSL task is created containing the process name.

2 Double-click the PSL task for the process to view process details.

Modifying a process instance

With this release, you can modify a process instance after you create it. You can modify the number of minimum and maximum process instances that can be running.



To modify a process instance

1 From the KM commands for the NT_PROCESS application instance, right-click the process instance that you want to modify, and choose KM Commands => Modify Process Instance.

2 In the Modify Process Instance dialog box, modify the Minimum count field to change the minimum process count threshold.

3 Modify the Maximum count field to change the maximum process count threshold.

4 In the Acceptable Process Owners field, perform one of the following actions:

■ Enter a regular expression for the users who can run the process. ■ Enter the name of the user who can run the process.

5 Modify the state of the Use Owner Filter check box if you want to change the filter settings.

6 Click OK.

Creating custom parameters

This topic describes how to create composite parameters, which are parameters whose values are dependent on one or more existing PATROL parameters.

Before you begin

Composite parameters give you the capability to create parameters whose values are dependent on one or more existing PATROL parameters. You can then use PATROL alarm settings and recovery actions on the newly created parameters in the same way that you use alarm settings and recovery actions on other parameters.

You can enter and edit composite parameter expressions manually or by using the expression entry wizard.

To create custom parameters using the expression entry wizard

1 Access the NT_CompositesColl application menu as described in “Accessing KM commands and InfoBoxes” on page 214, and choose the KM menu command Create Expressions.

2 From the Create Expressions dialog box, enter a name for the expression (parameter).



3 Follow the instructions provided in the wizard. For more information, click the Help button.

After you complete the wizard, the new composite parameter is displayed on the console beneath the NT_Composites application (labeled Composites).

Viewing event logs

1 Access the NT_EVENTLOG application menu (labeled Windows Events) as described in “Accessing KM commands and InfoBoxes” on page 214, and choose the KM menu command Windows Event Viewer.

The Windows Event Viewer dialog box is displayed.

2 Select the type of event log to be viewed.

3 Click View.

The Windows Event Viewer dialog box displays the latest 100 events associated with the selected event log type.

4 From the Select Event Range list, select the range for the number of events to display.

The details of the latest events are displayed in the Windows Event Viewer dialog box, as described in Table 28.

5 To view details pertaining to a particular event, select the event in the Windows Event Viewer dialog box and click View.

NOTE For optimizing performance of event retrievals, the Windows Event Viewer dialog box displays a maximum of 100 events at a time. By default, the Windows Event Viewer dialog box retrieves the latest 100 events for the selected event type. If you select the range for the events, the Windows Event Viewer dialog box retrieves the latest events for the selected event type, based on the range.



Configuring Blue Screen monitoring

You can configure the KM for blue screen monitoring. The product looks for the crash Dump file as well as the event (ID 6008) for detecting Blue Screen.

To configure Blue Screen monitoring

1 Access the NT_BSK application menu as described in “Accessing KM commands and InfoBoxes” on page 214, and choose the KM menu command Configure Blue Screen Monitoring.

2 Select either of the three options:

■ Event (ID 6008) to monitor only the 6008 event id.■ Crash Dump to monitor only the crash Dump.■ Default to monitor crash dump or event as per registry configuration.

Notifying when disks are not present

PATROL KM for Microsoft Windows provides information about physical and logical disks that are no longer present.

Table 28 Event details displayed in the Windows Event Viewer dialog box

Field Description

Type type of the event

■ Warning■ Information■ Error■ Success audit■ Failure audit■ Other

Date date of the event

Time time stamp of the event

Source application that triggered the event

Event ID for the event

Category category of the event

User user account from which the event is generated

Computer computer from which the event is generated



■ The PDStatus parameter goes into an alarm state when a physical disk is removed, and it provides you the name of the removed disk.

■ The LDStatus parameter goes into an alarm state when a logical disk is deleted, and it provides you the name of the deleted disk.

■ The RemovedPDList variable provides a list of the removed physical disk instances.

■ The DeletedLDList variable provides a list of the deleted logical disk instances.

To acknowledge the alarms

1 Access the NT_PHYSICAL_DISK_ CONTAINER and the NT_LOGICAL_DISK_ CONTAINER applications menu as described in “Accessing KM commands and InfoBoxes” on page 214.

2 Choose the Acknowledge KM menu command.

This allows you to acknowledge the alarms issued by the PDStatus and LDStatus parameters.

Providing nonaggregate values for a drive instance

The following parameters under the NT_LOGICAL_DISKS application class by default provide the aggregate values of a particular drive and all of its mount drives:

■ LDldFreeSpacePercent■ LDldFreeMegabytes■ LDldDiskSpaceUsed

You can use the NonAggregateParamValue variable to change these parameters, so that they do not consider the mount points on a particular drive instance. This variable is located at PSX_P4WinSrvs/PWK_PKMforMSWinOS_config/LogicalDiskMonitoring/NonAggregateParamValue.

The following values are valid:

■ 1 = values shown for a particular drive instance do not consider the mount drives■ 0 = value shown is an aggregate of a particular drive instance and all of its mount

drives


Configuring recovery actions

Configuring recovery actionsThis task describes how to configure the PATROL for Windows Servers built-in recovery actions, which are corrective actions taken by PATROL when a parameter reaches a set value or is in a warning or alarm state.

About recovery actions

For the sake of discussion, the recovery actions that you define in the KM using the PATROL console are referred to as PATROL native recovery actions. The following sections explain the differences between PATROL native recovery actions and PATROL KM for Event Management recovery actions.

PATROL native recovery actions

When you define PATROL native recovery actions in the PATROL console, you associate the recovery actions with alarm and border ranges. These recovery actions run when the PATROL parameter value enters the specified range. The parameter may be in an OK, WARN, or ALARM state when the recovery action runs, depending on how you configure the parameter.

PATROL KM for Event Management recovery actions

Unlike PATROL native recovery actions, the PATROL KM for Event Management Recovery actions run only when a parameter changes status. For example, when a parameter goes from an OK state to a WARN or ALARM state, or even when a parameter goes from an ALARM to an OK state.

If you do not want the parameter to alarm until recovery actions have been attempted, you must use PATROL native recovery actions, rather than PATROL KM for Event Management recovery actions. However, you can use both types. For example, you could define PATROL native recovery actions and specify that the parameter enters a WARN or ALARM state only after all recovery actions fail. Then you could create a PATROL KM for Event Management recovery action that runs only if the PATROL native recovery actions fail.

For more information about using PATROL KM for Event Management recovery actions, see the PATROL KM for Event Management User Guide.



Built-in native recovery actions

The following built-in recovery actions, associated with the specified parameter, are provided by default with PATROL for Microsoft Windows Servers.

Table 29 Built-in recovery actions (Part 1 of 2)

Recovery action Parameter DescriptionRuns automatically?

Backup and Clear Event Log

(PATROL KM for Microsoft Windows OS)

NT_EVLOGFILES\ELMEvFileFreeSpacePercent

Backs up the event log file and clears all events.

Yes

Start Windows Management Instrumentation Service Check


NT_HEALTH\WMIAvailability Restarts the WINMGMT service when PATROL determines that it is unavailable.

Yes

Clean Temporary Directories


NT_LOGICAL_DISKS\LDldFreeSpacePercent

Clears the temp directory. No

Terminate Process


NT_PROCESS\PROCProcessorTimePercent

Attempts to stop a runaway process.

No

Restart Process


NT_PROCESS\PROCStatus Attempts to restart the process.

Note: The process is restarted under the PATROL Agent default account, even if the process was previously started under a different account.

Yes

Restart Service


NT_SERVICES\ServiceStatus Attempts to restart the service.

Yes

Restarting a PATROL Agent on a remote server recovery action

(PATROL KM for Windows Domain)

NT_REMOTE_SERVERS\MsPatrolAgentStatus

Attempts to restart the PATROL Agent on the remote machine after alarming for 2 collection cycles.

No



Configuring built-in native recovery actions

This section describes how to configure the built-in native recovery actions.

Before you begin

The recovery actions that are available to be configured depend on the KMs that you have loaded.

Increase connections to DFS root recovery action


NT_DFS_ROOT\DfsConnectionPercent

Increases the connection share limit to DFS Root after alarming for 2 collection cycles.

No

Replication Failure: Initiate WINS Scavenging


NT_WINS_PARTNER\WpReplicationFailures

Cleans up the WINS database after alarming for 2 collection cycles.

No

Increase connections allowed to share


NT_Shares\ShConnPercent Increases the share connection limit after the ShConnPercent parameter alarms for 2 consecutive collection cycles.

No

PAWorkRateExecsMin Recovery Action


PATROL_NT\PAWorkRateExecsMin

sets the scheduling policy value to 9 (Schedule Force Delta and Schedule From End).

When the parameter goes out of the alarm state, the scheduling policy value returns to the default value of 1.

Yes

Table 29 Built-in recovery actions (Part 2 of 2)

Recovery action Parameter DescriptionRuns automatically?



To configure recovery actions

1 Access the host application menu as described in “Accessing KM commands and InfoBoxes” on page 214 and choose the KM menu command Configure Recovery Actions.

2 From the list of recovery actions, highlight the desired recovery action and click Accept.

3 From the list of recovery action instances, highlight the instance and click Edit. For information about which instance to select, see Table 30.

4 From the Edit Recovery Action dialog box, choose from the settings described in Table 31 on page 131.

Table 30 Selecting a recovery action instance

Purpose Recovery action to select

configure the recovery action for a specific instance (for example, a monitored process)

the recovery action instance that displays the name of the application instance in the INSTANCE column

configure the recovery action for all instances (for example, all monitored processes)

the recovery action that displays an asterisk (*) in the INSTANCE column

Table 31 Recovery action configuration options (Part 1 of 2)

Setting DescriptionConfiguration variable

Run automatically If you select this mode, PATROL runs the recovery action automatically, without prompting you.

Mode

Run only with operator confirmation

If you select this mode, PATROL prompts you before running the recovery action.

Note: If you select this option, be sure to keep a console connected to the PATROL Agent on the managed machine. If you have no console connection, PATROL is unable to prompt you.

Mode

Do Not Execute If you select this mode, PATROL does not perform the recovery action.

Mode


Configuring e-mail notification

5 To save your changes, click Accept.

If a problem occurs

If you experience a problem when configuring recovery actions, see “Recovery action problems” on page 209.

Configuring e-mail notificationWith the PATROL KM for Event Management, you can configure PATROL to send e-mail or pages when a PATROL parameter enters an alarm state. This section describes how to configure the PATROL KM for Event Management to send an e-mail notification.

The e-mail notification configuration steps are shown below:

Suspend Recovery Action

If you select this option, PATROL temporarily pauses the recovery action. When you resume the recovery action (by deselecting this check box), the previous settings take effect.

Suspend

Attended Mode Dialog Timeout

If the recovery action is configured in Run Attended mode, this setting specifies the amount of time PATROL waits for confirmation to run the recovery action. If you do not provide confirmation within the allotted time, PATROL does not run the recovery action.

Wait

NOTE For more information about the recovery action and its configuration options, click the Help button.

NOTE The PATROL KM for Event Management also provides you with the ability to configure other types of notification, such as trouble-tickets or other custom alerts. You can also use it to forward events to an enterprise console. For more detailed information about the functionality provided by the PATROL KM for Event Management, see the PATROL KM for Event Management User Guide.

Table 31 Recovery action configuration options (Part 2 of 2)

Setting DescriptionConfiguration variable



1. Define the notification script and edit as necessary.

2. Define the notification servers.

3. Assign notification servers to the remote agents.

4. Define notification targets for PATROL alerts.

Using notification scripts

The PATROL KM for Event Management provides sample notification scripts that call command-line utilities to initiate notification (such as e-mail and page). This section describes the Windows sample scripts, their locations, requirements for use, and editing requirements. On Windows, the following script options are available:

■ a Windows batch file that you must edit before use, which can send any of the following types of notification:

— SMTP e-mail message by means of a Visual Basic (VB) script (provided)— MAPI e-mail message by means of a Visual Basic (VB) script (provided)— SMTP e-mail message by means of Blat (not provided)

Blat is a free command-line e-mail client, that you can download from the Web. You can also use any other SMTP-based, command-line e-mail client if you edit the batch file accordingly. For more information, see “Editing scripts” on page 135.

■ Perl script that sends e-mail notification by means of Blat

Default script location on Windows

The Windows scripts are located in the %PATROL_HOME%\lib\psl\ directory and are named as shown in Table 32.

NOTE The PATROL for Microsoft Windows Servers has been tested with Blat version 1.7.



Script requirements

To use these Windows scripts, the server sending the notification must meet the requirements shown in Table 33 on page 134.

Table 32 Notification script location on Windows

Script Name

Batch File Script AS_EVSLocalAlertNotify.bat

SMTP VB Script sendmail.vbs

This VB script is called from AS_EVSLocalAlertNotify.bat. This script uses an ActiveX control.

MAPI VB Script send_mapi.vbs

This VB script is called from AS_EVSLocalAlertNotify.bat. This script uses an ActiveX control.

Perl Script AS_EVSLocalAlertNotify.pl

Table 33 Requirements for notification server when using Windows e-mail clients

Script Requirement

Batch File Script If Blat is installed in a directory other than C:\Blat, you must move Blat to this directory or edit AS_EVSLocalAlertNotify.bat to execute Blat from the directory where it is installed.

Perl Script The Perl script assumes the use of Blat. If Blat is installed in a directory other than C:\Blat, you must move Blat to this directory or edit the Perl script, AS_EVSLocalAlertNotify.pl, to execute Blat from the directory where it is installed.

Associate the .pl extension with Perl. Otherwise, you must call the script using the following syntax:

perl C:\PATROL3-4\lib\psl\AS_EVSLocalAlertNotify.pl

SMTP VB Script The SMTP service must be running.

MAPI VB Script Microsoft Outlook must be installed.



Editing scripts

Before using the sample scripts, you must edit them.

Editing the Windows batch file

If you use AS_EVSLocalAlertNotify.bat, remove the REM comments from the mail client that you want to use. The script provides sections for MAPI-based e-mail, SMTP-based e-mail, and Blat. For example, to use Blat, in the script shown below, remove the REM comments beginning with the line that starts with set and ending with the line that reads goto BYE.

If you use a third-party command-line e-mail client or if you want to use the script to perform other types of notification, such as paging or trouble tickets, you must add the code to the script that calls the e-mail client or appropriate notification utility.

Editing Perl script for use on Windows

On Windows, you must edit the Perl script before you can use it to send e-mail notifications with Blat. Find the following line in the Perl script and remove the comment (# ):

Editing the SMTP VB script

To use the SMTP VB Script (sendmail.vbs), you must edit the script to add the following information:

■ name of the e-mail server■ the SMTP server port

Add this information in the script as shown below.

:EMAILrem --rem -- BLAT based eMailrem --rem set email_file=c:\blat\mtext%AS_PARAMETER_NAME%_%AS_SSTIME%.txtrem if ."%AS_USERDEFINED%"==."" echo "%nmsg%" > %email_file%rem if not ."%AS_USERDEFINED%"==."" echo "%AS_USERDEFINED%" > %email_file%rem if .%email_file%==. set email_file=c:\blat\default.txtrem if exist c:\blat\blat.exe c:\blat\blat %email_file% -t %ntargets% -s %nmsg%rem goto BYE

#system("c:\\blat\\blat.exe $email_file -t \"$ntargets\" -s \"$nmsg\"");



Editing scripts when using Blat

If you use Blat and Blat is not installed in the C:\Blat directory, you must edit the script to indicate the appropriate path.

Before you can use PATROL for Microsoft Windows Servers, you must gather information and plan your configuration. You should gather the following information:

■ which servers will send notifications (act as notification servers)■ to whom e-mail or paging notifications are sent (targets)■ which servers will monitor the notification servers for availability■ which notification servers will be monitored for availability■ where to place notification rules (notification server or monitored agent)

Defining notification servers

A notification server is the managed system that performs notification and event collection on behalf of other PATROL Agents.

Why use a notification server?

With a notification server, you can centrally manage your event filtering and notification rules. For example, if you need to modify a notification script or change notification rules, you make the change only on the notification servers and not on each agent.

Notification servers also provide redundancy when you use a primary and backup notification server.

Using primary and backup notification servers

To ensure availability, you should assign both a primary and a backup notification for each remote agent. A notification server could be a primary notification server for some remote agents and a backup notification server for other remote agents. Hence, a server that acts as a backup notification server does not need to be idle.

To assure availability in critical environments, the backup notification server should be on a separate machine and network segment.

' Enter the Mail Server name [FQDN/IP Address] iConf.Fields("http://schemas.microsoft.com/cdo/configuration/smtpserver") ="mail.bmc.com"' Enter the SMTP Server Port numberiConf.Fields("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25



Notification server connectivity

When identifying a notification server, make certain that there are no connectivity problems between the notification server and the agents that it serves.

Providing security

To improve security, create an operating system account on the notification server systems to be used specifically for remote notification. This configuration avoids having to use the PATROL login, which may be common throughout your environment. You can configure the notification server so that it is unable to fully login to the notification server system by using the operating system. For example, on UNIX, give the notification server login an invalid login shell, such as /bin/false.

Configuring a notification server

This section describes how to configure a server as a notification server.

To configure a notification server

1 From the PATROL console, access the managed system you are using as your notification server and display the KM menu commands as described in “Accessing KM commands and InfoBoxes” on page 214.

2 Choose the KM menu command Event Management => Quick Config => Notification Server.

The Quick Config - Notification Server dialog box opens.

3 Use the Quick Config - Notification Server dialog box to specify the notification server properties. These properties are described in Table 34:

Once you have configured a primary and backup notification server, you can use the PATROL Configuration Manager to copy the settings to the other notification servers. If you use this method, make sure that you use the same notification script file name and directory path on all notification servers.



4 Define the notification server properties and click Accept.

5 Repeat this task for the server you are using as the backup notification server.

Assigning notification servers for the remote agents

You should assign a notification server for each remote agent that will generate notifications. Assign both a primary and a backup notification server.

Before you begin

You should configure and test the notification servers before configuring the remote PATROL Agents served by the notification servers.

Table 34 Quick Config - Notification Server dialog box properties

Property Description

Default Email Account the default e-mail address (notification target) that receives e-mails when an object goes into an alarm or warning state

All events for PATROL objects that do not have defined notification targets are sent to this e-mail address.

If you do not want any notifications sent until you configure notification for specific PATROL applications or parameters, enter NONE as your default e-mail account or leave this field empty.

Notification Command the complete path and filename of the notification script or command used to send notifications

Perform Alert Test specifies whether you want to perform an alert test after the changes are accepted

If this is your first time using the PATROL for Microsoft Windows Servers, you should perform an alert test and verify that the notifications are received.

NOTE Notification servers are not required. Remote agents can send their own notifications. However, there are considerable benefits to using notification servers. For more information, see “Why use a notification server?” on page 136.



To assign notification servers to remote agents

1 From the PATROL console, access the remote agent menu commands, as described in “Accessing KM commands and InfoBoxes” on page 214.

2 Choose the KM menu command Event Management => Quick Config => Remote Agent.

The Notification Server Settings dialog box opens.

3 Click PRIMARY NOTIFICATION SERVER SETTINGS.

The Primary Notification Server Settings is displayed.

4 Use the Primary Notification Server Settings dialog box to specify the properties of the primary notification server for the managed system. The properties are described in Table 35 on page 139.

NOTE You must use the PATROL KM for Event Management to complete this task. This functionality is not available in PATROL Configuration Manager. However, once you configure one notification server, you can use the PATROL Configuration Manager to copy your configuration to other notification servers. The configuration settings are stored in the following variables:

■ AS/EVENTSPRING/NOTIFICATION_SERVER1.defaultAccount (primary)■ AS/EVENTSPRING/NOTIFICATION_SERVER2.defaultAccount (backup)■ AS/EVENTSPRING/NOTIFICATION_SERVER1 (primary)■ AS/EVENTSPRING/NOTIFICATION_SERVER2 (backup)

Table 35 Notification server properties (Part 1 of 2)


Notification Server Hostname the hostname or IP address of the primary notification server for the selected managed system

To avoid DNS resolution problems, use the IP address.

Notification Server Agent Port

the port number of the notification server that the selected managed system will use

Notification Server User Name

the user name that the selected managed system will use to connect to the notification server

Notification Server Password the password that the selected managed system will use to connect to the notification server



5 Define the primary notification server properties, and click Accept.

6 Click BACKUP NOTIFICATION SERVER SETTINGS.

Use the Backup Notification Server Settings dialog box to specify the properties of the backup notification server for the managed system. The properties are described on Table 35.

7 Enter the backup notification server properties, and click Accept.

8 Repeat this task for each remote agent.

Assigning notification targets for a PATROL alert

You should set up specific targets for the PATROL for Microsoft Windows Servers notifications to ensure that the proper people are notified when alerts occur. The following procedure describes how to set the notification target for a parameter alert.

To assign notification targets

1 From the PATROL console, access the host KM menu commands, as described in “Accessing KM commands and InfoBoxes” on page 214.

2 Choose the menu command Event Management => Alert Settings => Notification Targets => Email => Local Targets ANY STATUS => Set For Parameters.

3 Select the application class of the parameter and click Accept.

Verify Password verify the password that the selected managed system will use to connect to the notification server

Make Connection Persistent indicates that the remote agent maintains a persistent connection with the notification server agent so that the remote agent does not need to create a new connection each time it sends an event to the notification server

Use the PATROL Configuration Manager to quickly configure all remote agents at one time. See the PATROL Configuration Manager User Guide for more information about the PATROL Configuration Manager.

Table 35 Notification server properties (Part 2 of 2)



Configuring the PATROL KM for Microsoft Active Directory

4 Select the application instance of the parameter and click Accept.

5 Select the parameter and click Accept.

6 Enter the e-mail address of the target for this alert and click Accept.

You can set other types of notification targets using the same procedure, but you choose a different menu command in Step 2. For example, Paging instead of Email.

If a problem occurs

If you have problems configuring e-mail notification, see the PATROL KM for Event Management User Guide. This document contains detailed configuration instructions, usage scenarios, and troubleshooting information.

Configuring the PATROL KM for Microsoft Active Directory

Replication monitoring within the configuration naming context is not enabled by default.

To enable replication monitoring within the configuration naming context, create and set the /ActiveDirectory/Configuration/ReplMonConfigNC configuration (pconfig) variable.

Simultaneous replication monitoring of both the configuration and domain naming context is supported, but not required.

To disable replication monitoring of the domain naming context, create and set the /ActiveDirectory/Configuration/ReplMonDomainNC configuration (pconfig) variable.

For inter operability with previous releases of the KM, replication monitoring of the domain naming context must be enabled (the default).

PATROL uses the same parameters to monitor configuration naming context replication as it uses to monitor domain naming context replication. The alarm annotations report the following:

■ replication context ■ names of the domain controllers that failed to replicate or that did not replicate in a

timely manner

For example:


Configuring PATROL Wizard for Microsoft Performance Monitor and WMI


The PATROL Wizard for Microsoft Performance Monitor and WMI allows you to quickly create your own parameters based on Microsoft’s Performance Monitor (PerfMon) counters or Windows Management Instrumentation (WMI) data. You may want to create a new parameter if you are interested in monitoring something for which no PATROL parameter currently exists.

The tasks associated with the PATROL Wizard for Microsoft Performance Monitor and WMI are listed in Table 33 on page 134.

Loading the PATROL Wizard for Microsoft Performance Monitor and WMI

Before you can create new parameters by using the PATROL Wizard for Microsoft Performance Monitor and WMI, you must load the KM files on your PATROL console.

Load the NT_PERFMON_WIZARD.kml file as described in the “Loading the PATROL for Microsoft Windows Servers KMs” on page 91.

Replication Context: CN=Configuration,DC=cookies,DC=incDomain controllers that failed to replicate data to the local domain controller:

chocolate.factory.cookies.inclemon.factory.cookies.incpecan.cookies.inc

Replication Context: DC=factory,DC=cookies,DC=incDomain controllers that failed to replicate data to the local domain controller:

lemon.factory.cookies.inc

Table 36 PATROL Wizard for Microsoft Performance Monitor and WMI Tasks

Task Page

Loading the PATROL Wizard for Microsoft Performance Monitor and WMI 142

Creating performance monitor parameters 143

Setting alarm thresholds 144

Creating WMI parameters 144



The Performance Monitor Wizard and WMI Wizard application icons appear in the console.

Creating performance monitor parameters

With the Performance Monitor Wizard, you can create new, user-defined parameters based on Microsoft Performance Monitor counters.

1 Access the Performance Monitor Wizard application menu as described in “Accessing KM commands and InfoBoxes” on page 214.

2 Choose the Create Parameter menu command to display the Create Performance Monitor Parameter dialog box.

3 From the Select Performance Object to monitor dialog box, choose a Performance Object from the list, and click Next.

Counters and instances for the selected performance object display in the Available Counters and Available Instances tables.

4 Select the counters you want to monitor from the Available Counters table by clicking the counter names.

Selected counters appear highlighted.

5 Select the instances you want to monitor from the Available Instances table by clicking the instance names.

Selected instances appear highlighted.

6 Click Create to display the Select Performance Object to Monitor dialog box.

7 Click Done to create the parameters.

The dialog box closes and PATROL creates your new parameters.

If you want to create new parameters over again, click Next. Continue with step 3.

NOTE After you have created new parameters on a particular PATROL Agent, other PATROL console users will not be able to see the new parameters that you created until they load the NT_PERFMON_WIZARD.kml file.



Setting alarm thresholds

1 From the created parameters, choose the Set Alarm Thresholds menu command to display the Set Alarm Thresholds dialog box.

2 Set a border range for an alarm or warning in the following fields, for the parameters that need thresholds:

■ Border Minimum

■ Type the lower-bound warning value in the Warning Minimum field.■ Type the lower-bound alarm value in the Alarm Minimum field.

■ Border Maximum

■ Type the upper-bound warning value in the Warning Maximum field.■ Type the upper-bound alarm value in the Alarm Maximum field.

3 Click OK.

If a problem occurs

When monitoring a Performance Monitor counter whose value is normally less than 1, you cannot specify meaningful alarm ranges since alarm ranges must be integers. However, you can customize the parameter so that the value displayed in PATROL is an integer.

Creating WMI parameters

With the WMI Wizard, you can create new, user-defined parameters based on WMI data.

1 Access the WMI Wizard application menu as described in “Accessing KM commands and InfoBoxes” on page 214.

2 Choose the Create Parameter menu command.

3 In the WMI Wizard dialog box, type a name for the WMI-based parameter you want to create in the Parameter Name field.

4 Type a valid statement in the Enter a WQL Query field.

The query must return a numerical value.



For WMI classes that begin with Win32_PerfRawData, the query must return a number for a single WMI property. For more information, see “WMI queries for the WMI classes that begin with Win32_PerfRawData” on page 146.

5 Select the Formatted Data check box to normalize and display formatted performance data.

6 In the Scaling Factor text box, enter a value between 0 and 2147483647 to scale down values that cannot be directly set to parameters, such as WMI queries that return 64-bit integer values.

7 Click Next to set alarm thresholds for the parameter that you are creating.

The Set Alarm Thresholds dialog box is displayed.

EXAMPLE select NumberOfProcesses from Win32_OperatingSystemor select CurrentSize from Win32_Registry

EXAMPLE select VirtualBytes from Win32_PerfRawData_PerfProc_Process where Name=“Idle”

NOTE You can select this check box only for Win32_PerfRawData WMI classes. See “Performance counters supported through Win32_PerfRawData WMI class” on page 146.

EXAMPLE If you specify the Select CommittedBytes from Win32_PerfRawData_PerfOS_Memory WMI query for a parameter specific to memory, enter a scaling factor of 1024. Thus, the returned value is divided by the specified scaling factor.

Similarly, if the parameter is specific to time, you can enter a scaling factor of 1000 to convert a return value in milliseconds to seconds.

NOTE By default, the scaling factor is 1. For 64-bit performance counters, if the return value of the WMI query is greater than 32-bit, you must scale down the values to get appropriate results.



8 For the parameter that needs warning and alarm thresholds:

■ Type the lower-bound warning value in the Warning Minimum field.■ Type the upper-bound warning value in the Warning Maximum field.■ Type the lower-bound alarm value in the Alarm Minimum field.■ Type the upper-bound alarm value in the Alarm Maximum field.

9 Click Create to create the parameter according to the SQL Query that you entered and close the dialog box.

10 Click Done to create the parameters.

The dialog box closes and PATROL creates your new parameters.

If you want to create new parameters over again, click Next. Continue with step 7.

Performance counters supported through Win32_PerfRawData WMI class

The Win32_PerfRawData WMI class supports the following performance counters:

■ PERF_COUNTER_COUNTER■ PERF_COUNTER_BULK_COUNT■ PERF_COUNTER_LARGE_RAWCOUNT |

PERF_COUNTER_LARGE_RAWCOUNT_HEX■ PERF_COUNTER_RAWCOUNT_HEX | PERF_COUNTER_RAWCOUNT■ PERF_100NSEC_TIMER■ PERF_100NSEC_TIMER_INV■ PERF_ELAPSED_TIME■ PERF_PRECISION_100NS_TIMER■ PERF_COUNTER_100NS_QUEUELEN_TYPE

WMI queries for the WMI classes that begin with Win32_PerfRawData

The KM enables you to execute the WQL queries for 64-bit counters and monitor the counters by using the wizard. It helps you verify whether the system on which the application is running is 32-bit or 64-bit, and correspondingly connect to a 32-bit or 64-bit WMI provider.

You must enter a valid WMI query in the Enter a WQL query text box of the WMI Wizard dialog box. The query must return a number for a single WMI property.


Configuring the PATROL KM for Log Management

To verify whether a particular query returns a single instance or multiple instances, use wbemtest provided by Microsoft as shown in the following steps:

1 Go to Start => Run => wbemtest

2 Click Connect.

3 Enter the Namespace such as \\root\cimv2. Click Connect.

4 Click Query. Enter a query, Select * from Win32_PerfRawData_PerfProc_Process.

Verify the record set returned by wbemtest. If there are multiple instances, you need to add the where clause appropriately.


If the PATROL KM for Microsoft Windows OS is loaded and the PATROL KM for Log Management is loaded, the PATROL KM for Log Management will begin collecting data immediately.

EXAMPLE Valid WMI Query:

Select VirtualBytes from Win32_PerfRawData_PerfProc_Process where Name=“Idle”This returns the result for VirtualBytes for Idle process.

Invalid WMI Queries:

■ Select * from Win32_PerfRawData_PerfProc_ProcessThis returns the data for all the properties of Win32_PerfRawData_PerfProc_Process wmi class for all the instances. * indicates all the properties for a particular WMI class.

■ Select VirtualBytes, PageFaultsPersec from Win32_PerfRawData_PerfProc_Process where Name=“Idle” You cannot add two WMI properties such as VirtualBytes and PageFaultsPersec in a WQL query. Comma separated queries are invalid.

NOTE The PATROL KM for Log Management application classes appear under the PATROL KM for Microsoft Windows OS. The PATROL KM for Microsoft Windows OS must be loaded or the PATROL KM for Log Management application classes will not be visible.



For each log file, the KM monitors the following attributes:

■ file size - stored in the LOGFileSize parameter ■ growth rate - stored in the LOGGrowthRate parameter ■ content■ age

The default list of monitored files may be added to or removed completely depending on your needs. The PATROL KM for Log Management supports the following five types of files:

■ Text Files — Text files are only read if they have been modified since the last scan.

■ Command Scripts — Command scripts are executed each scan cycle and the resulting output is treated as a log file.

■ Named Pipe (or FIFO) — Named pipes are opened and kept open for reading. Only blocking pipes are supported. The data is read from the pipe a line at a time and accumulated in a secondary log file. This secondary file is treated like a normal log file.

■ Binary Files — Binary files are read with the use of a user-specified filter program. Binary files are only read if they have been modified since the last scan.

■ XML files — XML files are only read if they have been modified since the last scan. XML files are always read from the beginning.

This section describes how to configure the PATROL KM for Log Management so you can begin monitoring log files in your environment. The following table lists the topics covered in this section.

Task Page

Stop and start monitoring all default log files 149

Stop monitoring a log file 149

Start monitoring a log file 150

Change the setup of a monitored file 156

Filter log file messages (create a search string) 157

Generate a custom event when a search string is identified 160

Configure recovery actions for a log file 164



Stop and start monitoring all default log files

By default, the PATROL KM for Log Management monitors the PATROL Agent error log.

To stop or start monitoring this log file

1 Access the LOG application menu as described in “Accessing KM commands and InfoBoxes” on page 214.

2 Select Enable/Disable Default Log Monitoring.

3 In the Default Log Monitoring dialog box, to stop monitoring the default log file, clear the Enable Default Log File Monitoring check box.

Stop monitoring a log file

To stop monitoring a log file, you must remove the undesired log files from the list of monitored files by following these steps:

1 Access the LOGT application menu for the log file that you no longer want to monitor, as described in “Accessing KM commands and InfoBoxes” on page 214.

2 Select Delete Instance.

3 In the confirmation dialog box, click Yes.

PATROL stops monitoring the log file, but does not delete the file from your system. The LOGMON instance icon for this log file disappears from the LOGS container window during the next polling cycle.

NOTE The Default Monitoring dialog box only enables and disables monitoring for the log files that the PATROL KM for Log Management monitors by default. This dialog box does not control monitoring for log files that you add to the list of monitored files. To add or remove log files to the list of monitored files, see “Start monitoring a log file” on page 150 and “Stop monitoring a log file.”



Start monitoring a log file

To start monitoring a log file that the PATROL KM for Log Management is not monitoring, you must add that file to the list of monitored files. The product allows you to monitor a text file or an XML file.

To monitor a text log file


2 Select Add Instance.

3 In the Add Instance dialog box, select TEXT Instance and enter a label for the text log file that you want to start monitoring.

The log icon label must be 50 characters or less and cannot contain any spaces.

4 Click Accept.

5 In the Add File for Label: instanceName dialog box, enter the full path and file name for the text file you want to monitor, in the File/Pipe Name text box.

6 Enter a logical name for the LOGMON instance that you want to monitor, which appears in the event manager.

7 Select the Contains Environmental Variables check box to enter a path defined by an environment variable that is resolved at runtime. If you select this check box, environment variables in the text file path are resolved. Otherwise, the text file is treated as a pure file name.

8 Select either of the File Type options: Text File, Script, Named Pipe, or Binary File.

9 In the Filter Program text box, enter the path and name of the filter program that is reading the file specified in the File/Pipe Name field.

NOTE ■ To monitor log files that have dynamic names, use the * and ? regular expressions to

define the file name.

For example, if a log file is named backup_date.log, where date changes each day, enter the log file name as backup_*.log.

■ Regular expression characters are not accepted for named pipes.



10 (Optional) If you want to scan the entire text file on each scan, rather than scanning only the new content, choose the Always Read at Beginning check box.

11 (Optional) If you are monitoring a dynamically named file and you want to monitor all of the files using the dynamic name specified in the File/Pipe Name field, rather than just the latest file, choose the All option.

12 (Optional) Select the Generate Alarm if File not modified in check box if you want the LOGMON instance to ALARM if the monitored file is not modified periodically. Specify the time in minutes after which you want the KM to alarm if the file is not modified, in the Minutes text box.

13 Specify the default settings for a search criterion. In the Threshold #1 text box, specify the minimum number of text search string matches in a polling cycle required to produce a specified state.

To search for a minimum number of text strings across a number of polling cycles, enter values in the x:y format; x represents the minimum number of text string matches, and y represents the total number of polling cycles.

14 In the Threshold #2 text box, specify the minimum number of text search string matches required to produce a specified state. You can specify a different state and a different number of matches from Threshold #1. Threshold #2 should be higher than Threshold #1. To search for a minimum number of text strings across a number of polling cycles, enter values in the x:y format.

15 Select the state that you want the KM to exhibit when a threshold is reached—None, OK, Warn, or Alarm.

NOTE In case of a Binary file type, PATROL KM for Log Management does not accept arguments.

NOTE The text file will only be scanned if the file changes.

EXAMPLE If you want the KM to go into Alarm when the search string is found 3 times in the monitored file, then you would set the value of Threshold #1 to 3 and select Alarm from the State list.



16 (Optional) In the Custom Event Message text box, specify the message that you want displayed in the events when your search string conditions are satisfied.

17 In the Custom Event Origin text box, specify the customized origin for events. If you do not specify the origin, the product uses the instance name as the default origin of events, which is APPCLASS.INSTANCE.textFileName.

You can use built-in macros (except the %x[-%y] macro) as the customized origin for events.

18 In the Number of Lines in Log Entry text box, specify the number of lines that you want to be displayed when a match is found.

19 In the Nullify Alarm/Warn String text box, specify the string that is used to nullify the alarm for the dual search feature. You can configure dual search for an instance so that the KM goes into the alarm state when any of the search criteria is found in the monitored file and nullifies the alarm when the nullify string is found in the monitored file.

You must specify the first string in the String1 text box (in the Configure Search Criterion: instanceName dialog box) and the nullify string in the Nullify Alarm/Warn String text box. For nullified customized events, the default custom event message is used (as provided in the Custom Event Message text box).

EXAMPLE If you want to determine when a disk is full and where the disk is mounted, you would enter Error: Disc Full as the search string and 2 as the value of Number of Lines in Log Entry so that when a disk is full, the product displays a message similar to the following one in LOGMatchString text parameter:

Id=id1031605: Error: Disc FullId=;MatchedLines/hd001 mounted as /optSUMMARY:id1=1;

NOTE If either, the search string or the nullify string, occurs again within the number of lines selected to be displayed, the KM does not find the instances of the search strings for all the search identifiers.

EXAMPLE If you specify Alarm up in the String1 text box and Alarm down in the Nullify Alarm/Warn String text box, the KM goes into an alarm state when Alarm up is found in the monitored file and the alarm is nullified when Alarm down is found in the monitored file.



20 If the KM goes into an alarm or a warning state because the search string is found and you want the KM state to return to OK if the search string is not found on the next scan, select the Return to OK if no match found on next scan check box.

21 From the Scan Priority list, select a scan priority: Normal, Medium, or Low.

22 Click Continue.

23 (Optional) In the Configure Search Criterion: instanceName dialog box, in the Search Criterion area, define a search criterion, specify a unique label in the Search Identifier text box, and configure a search string to define what type of messages the KM should search for.

The Search Identifier label appears in the search list and helps you identify the search criterion.

24 In the String text boxes, enter the regular expression for the first search string that you want to search in the text instance (4096-byte limit).

25 (Optional) If you want the KM to alarm if a string is not present in the file, select the Not check box.

26 In the First Number text box, specify a number to specify a starting position of a search range in the matched file.

27 Select an operator from the Op list.

28 In the Begin token text box, specify a valid beginning token value.

29 In the End token text box, specify a valid ending token value.

30 Select an operator from the Op list.

31 In the Second Number text box, specify a number to specify an ending position of a search range in the matched file line.

32 You can custom-define a search criterion with settings that are different from the default settings in the Add File for Label: instanceName dialog box. To do so, select the Override default setting check box and custom-define the settings for each search criterion as described in step 13 through step 17 on page 152.

NOTE This option displays all the lines in the file that do not match the search string.



33 Select the Add option and click Update for the KM to populate the search criteria in the Search list.

34 Click Done.

Once the search string is found in the file, the KM generates an alarm.

35 PATROL adds the new log file name to the list of monitored files and displays the new log instance in the Desktop tree tab.

36 (Optional) If you want to further configure the log file, access the LOGT application menu as described in “Accessing KM commands and InfoBoxes” on page 214.

37 (Optional) Select Advanced Features => Configure Size Actions to configure automatic recovery actions to determine how the KM should respond when the file reaches a defined size.

For more information about configuring recovery actions for a log file, see “Configure recovery actions for a log file” on page 164.

38 (Optional) Select Advanced Features => Schedule Log Scan to configure the KM to scan the file at different schedules.

39 (Optional) Select Advanced Features => Configure Log Monitoring Blackout to prevent the KM from generating events for a file for a specified period of time

40 (Optional) Select Advanced Features => Configure Alarm to configure an alarm when the size of the monitored file exceeds a specified threshold

41 (Optional) Select Advanced Features => Multiline Search to configure limits to search a block of lines containing a match string.

NOTE If you do not specify a search string, the LOGErrorLvl parameter will not be set. When the LOGErrorLvl parameter is not set for a period of time, “no data for specified range” messages are displayed in BMC PATROL history. If you did not specify a search string, this message is benign.

NOTE This option is not available if you are monitoring an XML file.



42 Click Accept.

PATROL adds the new log file name to the list of monitored files and displays the new log instance in the Desktop tree tab.

For more information about monitoring text log files, see the BMC PATROL Knowledge Module for Log Management User Guide.

To monitor an XML file


2 Select Add Instance.

3 In the Add Instance dialog box, select XML Instance and enter a label for the XML file that you want to start monitoring.

The log icon label must be 50 characters or less and cannot contain any spaces.

4 Click Accept.

5 In the Add File for XML Monitoring dialog box, enter the full path and file name for the XML file you want to monitor against XML elements that you provide, in the XML File text box.

6 Optional) If you are monitoring a dynamically named file and you want to monitor all of the files using the dynamic name specified in the XML File field, rather than just the latest file, choose the All file disposition option to monitor all of the files.

7 (Optional) In the Search Criteria area, enter an identification label for the XML search criterion in the Search Identifier text box. This must be unique for an XML instance. You can use the same search identifier in other XML instances, but not in the same XML instance.

8 Configure a search string by specifying the combination of XML elements and values that you want to find in the monitored file.

9 Define thresholds and states for each search XML search string.

NOTE To monitor log files that have dynamic names, use the * and ? regular expressions to define the file name.

For example, if a log file is named backup_date.log, where date changes each day, enter the log file name as backup_*.log.



Once the search string is found in the file, and the match count is greater than or equal to the threshold, the KM generates an alarm. For more information about configuring search strings, see “Filter log file messages (create a search string)” on page 157.

10 In the Custom Event Message text box, define how you want the product to respond when the specified search criterion is satisfied.

The custom event must consist of string literals and the elements in the XML search string.

11 (Optional) Access the LOGT application menu as described in “Accessing KM commands and InfoBoxes” on page 214.

12 (Optional) Select Advanced Features => Configure Size Actions to configure automatic recovery actions to determine how the KM should respond when the file reaches a defined size.

For more information about configuring recovery actions for a log file, see “Configure recovery actions for a log file” on page 164.

13 (Optional) Select Advanced Features => Schedule Log Scan to configure the KM to scan the file at different schedules.

14 From the Scan Priority drop-down list, select a scan priority: Normal, Medium, or Low.

15 Select the Add option.

16 Click Update.

PATROL adds the new XML file name to the list of monitored files and displays the new log instance in the Desktop tree tab.

For more information about monitoring XML files and the rules for configuring an XML log instance, see the BMC PATROL Knowledge Module for Log Management User Guide.

Change the setup of a monitored file

To change any of the log monitoring options that you have entered, follow these steps:



1 Access the LOGT application menu for a text or XML instance, as described in “Accessing KM commands and InfoBoxes” on page 214.

2 Select Modify Instance.

3 Depending on the type of log instance, on the Change file for Label: instanceName or Change file for XML Monitoring, make any desired changes to the setup options for the selected log file.

4 Click Update.

Filter log file messages (create a search string)

The PATROL KM for Log Management allows you to define what type of messages the KM should search for. To filter the log file for a particular type of message, you must define a search string for the monitored log file. When you define a search string and associate it with a log file, the KM monitors the log for the following:

■ text or XML string, or pattern■ multiple strings or patterns■ numeric values■ number of string matches per scan of the log file■ corresponding alert severity (OK, WARN, or ALARM) when the specified string or

pattern is found

String attributes

The search string can consist of one or two regular expressions and/or a numeric comparison. The results of these criteria are combined to determine a match. The maximum length for a string is 400 characters.

What happens when the string is found

Once the search string has been defined, PATROL begins monitoring the log file for the search string or regular expression that you specified. If the text string or regular expression is found, PATROL sets the icon for the log instance to the alert state that you specify and sets the values of the LOGSearchString parameter and LOGErrorLvl parameter. In addition, the LOGMatchString parameter displays the text string or regular expression that was returned by the log search.



Before you begin

■ If you are adding a new log file to be monitored, follow the steps in “Start monitoring a log file” on page 150.

■ If you want to define a search string for an existing log file, follow the steps in “Change the setup of a monitored file” on page 156.

Define a search string for a text file

To define a search string for a new or existing monitored log file, follow these steps:

1 On the Add File for Label: instanceName dialog box or the Change File for Label: instanceName dialog box, click Continue to go to the Configure Search Criterion: instanceName dialog box.

2 Enter a unique identification label for a search criterion in the Search Identifier text box.

3 Enter a search string or regular expression in the String 1 text box. Select the NOT check box next to the String 1 field if you want to identify file entries in which the string is not found.

You can search for a literal word or phrase or you can use regular expressions to search for a type of message that has an identifiable format or pattern.

4 If desired, in the String 2 text box, enter a search string or regular expression. Select the NOT check box next to the field if you want to identify files in which the string is not found.

5 If desired, define a numeric comparison by specifying the starting and ending positions of a search range in the matched file line, entering position numbers in the First Number and Second Number text boxes, along with operators in the Op text boxes. Enter valid Begin Token and End Token values.

The numeric comparison is used to determine if a file entry exceeds a threshold or fits in a range. For example, you would use a numeric comparison to determine if the number of jobs in a print queue exceeds 500. To see how you would define a search string for this example, see “Example: defining a search string for print queue length” on page 160.

Tokens specify beginning and ending locations of the search within a matched log file line. Valid values start at 1 and run from left to right. Multiple adjacent white spaces are treated as one position. Each white space-separated token in this search range is examined to determine if it is a base 10 number. This number must be a real number, not a percent.



The first number encountered is used. If no numbers are found, the numeric portion of the search string is ignored. The converted number is used as variable X in this mathematical statement:

A op1 X op2 B

A and B are fixed, user-supplied base 10 numbers. A is required, B is optional. 'op2' only applies when B is supplied. 'op1' and 'op2' can be one of these operators:

■ less than, <■ greater than, >■ equal, =■ less than or equal, <=■ greater than or equal, >=■ not equal to, !=

6 Fill out or modify the rest of the dialog box fields as described in “To monitor a text log file” on page 150.

Define a search string for an XML file

To define a search string for a new XML file or an existing XML file that is being monitored, follow these steps:

1 In the Add File for XML Monitoring dialog box or the Change File for XML Monitoring dialog box, enter an identification label for the XML search criterion in the Search Identifier text box. This label appears in the search list and helps you identify the search criterion.

The label must be unique for an XML instance. You can use the same search identifier in other XML instances, but not in the same XML instance. You can only use aplha-numeric characters such as a-z, A-Z, 0-9, and up to a maximum of 20 characters.

2 In the XML Search String text box, enter the combination of XML elements and values that you want to find in the monitored file.

3 Fill out or modify the rest of the dialog box fields as described in “To monitor an XML file” on page 155.



Example: defining a search string for print queue length

This example shows you how to define a search string that will monitor the print queue length in a log file to identify print queues with more that 500 jobs.

The sample log file contains entries like the following:

Print Queue HOU7 contains 323 jobs Print Queue HOU19 contains 605 jobs Print Queue HOU1 contains less than 10 jobs

To identify log entries that contain print queues with more that 500 jobs, you would define the search string as follows:

1 On the Add File for Label: instanceName dialog box, click Continue to navigate to the Configure Search Criterion: instanceName dialog box.

2 In the First number field, enter 500.

3 From the Op drop-down list to the right of the First number field, select <.

4 In the Begin token field, enter 5.

5 In the End token field, enter 7.

The completed Search String section appears.

6 Complete the remaining fields as described in “Start monitoring a log file” on page 150.

Generate a custom event when a search string is identified

The PATROL KM for Log Management allows you to generate a custom event when the search string that you defined matches a log file entry. It also allows you to specify a custom event origin. The custom event has the following characteristics:

■ Event class — LOGGeneral■ Event type — WARN■ Event severity — 3■ Event origin — LOGMON.inst.fname, where inst is the user-defined label of the log

file and fname is the log file name.

Text entered in the Custom Event Message field can also be included in the event. Part or all of the matching log entries can be included in the custom event message.



The words of the message (represented by tokens separated by white space) will be identified by their ordinal position in the matched log file line, numbered left to right starting with 1. Word substitution will be identified in the custom event message text by using the % character. Ranges of words can be included, and are entered following a single % (for example, %2-5 would identify tokens 2 through 5 inclusive).

For example, you might want to create a custom event message that would display when a service fails to initialize. To see how you would set up a custom event message for this example, see “Example: defining a search string for print queue length” on page 160.

Specify a custom origin for the events in the Custom Event Origin text box. If you do not specify an origin, the KM uses the default origin, which is APPCLASS.INSTANCE.textFileName. You can use built-in macros (except the %x[-%y] macro) as the customized origin for events.

Before you begin


■ If you want to set up a custom message for an existing log file, follow the steps in “Change the setup of a monitored file” on page 156.

NOTE If you want to have the % character appear in the message, enter %%. For example, entering Disk %3 is %5 %% full displays the 3rd and 5th strings in the match line, such as Disk /dev/sd0 is 45 % full.

NOTE If you do not create a custom event message, you will still receive the standard event generated by the LOGErrorLvl parameter when your search string is found.



Create a custom event message

To create a customized event message, follow these steps:

1 Depending on whether you are adding a new log file to be monitored or changing an existing log file, access the either of the following:

■ Add File for Label: instanceName dialog box or the Change File for Label: instanceName dialog box

■ Add File for XML Monitoring dialog box or the Change File for XML Monitoring dialog box

2 In the Custom Event Message text box, enter the text that you want to display when your search string conditions are satisfied.

3 In the Custom Event Origin text box, enter the origin for the events.

4 (Optional) For a text instance, in the Number of Lines in Log Entry text box, enter the number of lines to include from the log file in the message returned when a search string is found.

5 In case of a text instance, if you want to define custom messages specific to a search criterion, on the Add file for Label: instanceName dialog box, click Continue.

EXAMPLE If you were searching for Disc Full errors, you could configure the KM to return two lines so that when the string Error: Disc Full is found, the KM returns the line matching that string and the next line, in the LOGMatchString parameter:

Id=id1031605: Error: Disc FullId=;MatchedLines/hd001 mounted as /optSUMMARY:id1=1;

NOTE ■ If either, the search string or the nullify string, occurs again within the number of lines

selected to be displayed, the KM does not find the instances of the search strings for all the search identifiers.

For example, if you specify that the KM returns four lines when it finds the search string Disc Full, and Disc full occurs in the first and third lines of the file, the KM counts only the first instance of Disc Full as a match.

■ If you want to ensure that all matches are found, leave the Number of Lines in Log Entry field blank.



6 On the Configure Search Criterion: instanceName dialog box, add a unique identification label in the Search Identifier text box.

7 Select the Override default setting check box.

8 Specify a custom event message for the search criterion in the Custom Event Message text box.

9 Specify an origin for the events in the Custom Event Origin text box.

10 Complete the remaining fields as described in “Start monitoring a log file” on page 150.

Example: creating a custom event message that displays when a service fails to initialize

This example shows you how to create a custom event message to display the following event message when a service fails to initialize:

GX6 component <ITD> failed initializing service it_execd,. See logfile \var\opt\GX6\log\it_execd.log, for details.

The sample log file entry looks similar to this (with the exception that a real log file entry would fit on one line):

"20030508_124352 <ITD> ExecInitialize failed (szServicesEntry: it_execd, szAccessControlList:\opt\GX6\etc\it_execd.acl, szLogFile: \var\opt\GX6\log\it_execd.log, usllSrv: 7)"

To create the custom event message, in the Custom Event Message Field, enter:

GX6 component %2 failed initializing service %6. See logfile %10 for details.

Example: Creating a custom event origin that displays the event origin according to Macros specified in the configuration

This example shows you how to create a custom event origin to display the event origin according to macros specified in the configuration.

If you create an instance such as inst1 with a search identifier, id1:

%APPCLASS%.%INSTANCE%.%SEARCHID%



The LOGGeneral and NOTIFY_EVENT Event Class will display the following Event Origin:

LOGMON.inst1PN0.id1

Configure recovery actions for a log file

The PATROL KM for Log Management allows you to define recovery actions when a log file reaches a specified size. The available recovery actions for log files are:

■ reduce the log file to 0 MB by deleting all the messages in the log file when the file reaches the size limit

■ backup the file into the pmg_backup subdirectory located in the same directory as the monitored log file and reduce the log file to 0 MB

Each time the file is backed up, the backup file is written to the same directory with an incremental number appended to the log file name. For example, the first time that the error_log.txt reaches its size limit, PATROL creates a backup file named error_log.txt1. The next time that it reaches its limit, PATROL creates a backup file named error_log.txt2 and so on.

Recovery actions run automatically by default; however, you can configure them to require user confirmation if the Run Attended option button is set to Yes.

Before you begin


■ If you want to configure a recovery action for an existing log file, follow the steps in “Change the setup of a monitored file” on page 156.

NOTE BMC Software recommends that you periodically move the backup files to another location. The PATROL recovery action checks to make sure that the backup file name is not already in use. If hundreds or even thousands of backup files exist in the log directory, PATROL may take some time to complete this recovery action.


Configuring the PATROL KM for Microsoft Cluster Server

Configure a log file recovery action based on file size

To define a recovery action that runs when the log file exceeds a defined file size, follow these steps:

1 Access the LOGT application menu for a text or XML instance, as described in “Accessing KM commands and InfoBoxes” on page 214.

2 Select Advanced Features => Configure Size Actions.

3 In the Configure Size Actions dialog box, in the Size Limit text box, enter the number of bytes that the monitored file must exceed before PATROL executes the recovery action. For example, if the limit is 100 bytes, enter 100 in the Size Limit text box.

4 Select an Action option to specify a recovery action for PATROL to take when the log file reaches the specified size limit:

■ Nothing—PATROL continues monitoring the log file but does not attempt to reduce its size.

■ Delete—PATROL reduces the log file to 0 MB by deleting all the messages in the log file when the file reaches the size limit.

■ Backup and Delete— PATROL backs up the existing log file and reduces the log file to 0 MB

5 Click the Yes or No button to indicate whether PATROL runs attended (prompt an operator for confirmation before performing a recovery action).

For more information about the features and functionalities in PATROL KM for Log Management, see the BMC PATROL Knowledge Module for Log Management User Guide.

Configuring the PATROL KM for Microsoft Cluster Server

You can set up the PATROL KM for Microsoft Cluster Server to use one of the following configurations:

■ internal cluster-level agent (CLA)■ external cluster-level agent


Using the PATROL Adapter for Microsoft Office to view reports

These configurations each offer advantages and disadvantages. To decide which configuration best suits your environment, see Table 15 on page 74.

Before configuring the PATROL for Microsoft Cluster Server components, you should verify that the software products are installed correctly. To verify that you have installed the appropriate software on the appropriate computers, see “Installing PATROL KM for Microsoft Cluster Server” on page 73.

To configure the PATROL KM for Microsoft Cluster Server

Follow the following process to configure PATROL KM for Microsoft Cluster Server:

1 From the PATROL Console, add the managed system that corresponds to your cluster by choosing Host => Add.

2 From the PATROL Console, load MCS_Load.kml. For instructions on how to load KMs, see “Loading the PATROL for Microsoft Windows Servers KMs” on page 91.

3 If the KM is not already configured, Microsoft Clusters - Setup appears as the label under the MCS_Clusters application instance icon.

4 From the Microsoft Clusters - Setup instance, choose PATROL Admin=>Maintain Account Info.

5 In the Authorized Account dialog box, enter an account that is a member of the Administrators group on the local computer or cluster node. This account allows the cluster-level agent and external executables to access the cluster nodes you want to monitor. For internal cluster-level agents configurations, when requirements are met, the KM can use the PATROL agent default account.

For more information about setting up the Cluster account, see “PATROL KM for Microsoft Cluster Server account” on page 48.


If you install the PATROL Adapter for Microsoft Office, you can display PATROL data in Microsoft Excel through the PATROL Adapter for Microsoft Office wizard. For more information, see the following topics:



Displaying PATROL data by using the PATROL Adapter for Microsoft Office

This task describes how to start the PATROL Adapter for Microsoft Excel so that you can view server-based PATROL reports.

Before you begin

To use PATROL Adapter for Microsoft Office, you must have one of the following versions of Microsoft Excel loaded on the console machine:

■ Microsoft Excel 97 (SR1, SR2, and SR2b)■ Microsoft Excel 2000 (SR1a, SP2, and SP3)■ Microsoft Excel Office XP (SP1, SP2, and SP3)■ Microsoft Excel Office 2003 (SP1)

To start the PATROL Adapter for Microsoft Office from Microsoft Excel

1 Start Microsoft Excel.

2 Choose File => New.

3 Choose the Spreadsheet Solutions tab.

4 Choose the Patrol Report.xlt template.

5 Click OK.

The New dialog box is dismissed and the Microsoft Excel macros message appears.

6 Click Enable Macros.

To run the wizard, the Microsoft Excel security level must be either Low or Medium. If the security level is High, the wizard does not run and displays no error messages. To change the Microsoft Excel security level, start Excel and choose Tools => Macro => Security.

Task Page

Displaying PATROL data by using the PATROL Adapter for Microsoft Office

167

How to use the PATROL Adapter for Microsoft Office 168

Built-in report templates 168



7 See the PATROL Adapter for Microsoft Office User Guide for instructions on generating a report.

How to use the PATROL Adapter for Microsoft Office

For more information about how to use the PATROL Adapter for Microsoft Office, see the PATROL Adapter for Microsoft Office User Guide.

Built-in report templates

Several products have predefined reports that you can use immediately. For a list of these predefined reports, see the following sections.

PATROL KM for Microsoft Windows Operating System

If you are using the PATROL KM for Microsoft Windows OS, the predefined report templates in Table 38 on page 169 are available when you use the PATROL Adapter for Microsoft Office.


If you are using the PATROL KM for Microsoft Windows Domain Services, the predefined report templates in Table 38 are available when you use the PATROL Adapter for Microsoft Office.

NOTE History reports are not available for PATROL Agents that are version 3.2.09. Please see the PATROL Adapter for Microsoft Office User Guide for more information regarding requirements and limitations of PATROL Adapter for Microsoft Office.

Table 37 Reports for PATROL KM for Microsoft Windows OS

Report Name Description

■ CPU Util - Weekly History■ CPU Util - Daily History

percentage of time that a processor is busy executing the threads of a process (the value reported by the parameter CPUprcrProcessorTimePercent)

■ Logical Disk - Weekly History■ Logical Disk - Daily History

percentage of free space available on the selected logical disk drive (the value reported by the parameter LDldFreeSpacePercent)

■ Memory - Weekly History■ Memory - Daily History

number of megabytes of physical memory currently available to processes (the value reported by the parameter MEMmemAvailableBytes)



PATROL KM for Microsoft Message Queue

If you are using the PATROL KM for Microsoft Message Queue, the predefined report templates in Table 39 are available when you use the PATROL Adapter for Microsoft Office.

Table 38 Reports for PATROL KM for Microsoft Windows Domain Services

Report name Description

■ DHCP Lease Availability Daily History Report ■ DHCP Lease Availability Monthly History Report■ DHCP Lease Availability Weekly History Report

NT_DHCP reports regarding the percent of DHCP leases available each day, week, or month

■ DHCP Server Utilization Daily History Report ■ DHCP Server Utilization Monthly History Report■ DHCP Server Utilization Weekly History Report

NT_DHCP reports regarding the daily, weekly, or monthly server utilization of the DHCP service

■ DNS Server Response Time Daily History Report ■ DNS Server Response Time Monthly History Report■ DNS Server Response Time Weekly History Report

NT_DNS reports regarding daily, weekly, or monthly server response times for the Domain Name Service (DNS)

■ DNS Server Utilization Daily History Report ■ DNS Server Utilization Monthly History Report■ DNS Server Utilization Weekly History Report

NT_DNS reports regarding daily, weekly, or monthly server utilization of the DNS service

■ Remote Servers Connect Response Time Daily History Report

■ Remote Servers Connect Response Time Monthly History Report

■ Remote Servers Connect Response Time Weekly History Report

NT_REMOTE_SERVERS reports regarding daily, weekly, or monthly connection response times of remote domain servers

■ Remote Servers Connection Status Daily Outage Report ■ Remote Servers Connection Status Monthly Outage

Report■ Remote Servers Connection Status Weekly Outage

Report

NT_REMOTE_SERVERS reports regarding daily, weekly, or monthly connection outages of remote domain servers

■ Shares Disk Usage Daily History Report ■ Shares Disk Usage Monthly History Report■ Shares Disk Usage Weekly History Report

NT_SHARES reports regarding daily, weekly, or monthly usage of network shares on the managed server

■ Trust Domain Connectivity Daily Outage Report ■ Trust Domain Connectivity Monthly Outage Report■ Trust Domain Connectivity Weekly Outage Report

NT_TRUST reports regarding daily, weekly, and monthly connection outages between trusted and trusting domains

■ WINS Server Utilization Daily History Report■ WINS Server Utilization Monthly History Report■ WINS Server Utilization Weekly History Report

NT_WINS reports regarding daily, weekly, and monthly utilization of the Windows Internet Naming Service (WINS) on Windows servers


Removing KMs from your console and agent


If you are using the PATROL KM for Microsoft COM+, the predefined report templates in Table 40 are available when you use the PATROL Adapter for Microsoft Office.

Removing KMs from your console and agentIf you want to remove a KM from being displayed in your PATROL console, you can unload its corresponding application classes (.km files) as described in “Unloading KMs from a PATROL console.”

When you unload a .km file, its corresponding application class no longer appears in your console. Unloading a .km file does not delete the file from the lib\knowledge or psl directories on the PATROL console or PATROL Agent computer. If you want to delete a KM completely from your system, you must uninstall the KM.

Table 39 Reports for PATROL KM for Microsoft Message Queue


MSMQ Message Rate - Daily History Report current rate that messages are received during a 24-hour period

MSMQ Service Availability - Weekly History Report

current rate that messages are received during a 7-day period

MSMQ Sessions - Daily History Report number of MSMQ sessions that occur during a 24-hour period

MSMQ Sessions - Weekly History Report number of MSMQ sessions that occur during a 7-day period

MSMQ Total Msgs. Waiting - Weekly History Report

total number of messages that waited for processing during a 7-day period

Table 40 Reports for PATROL for Microsoft COM+


Process Count Daily Summary total number of processes run during a 24-hour period

Package Status Daily Summary line graph of the current status of a package (active or in-active) during a 24-hour period

Package Status 30-Day Summary line graph of the current status of a package (active or inactive) during a 30-day period

Active Packages Daily Summary total number of packages active during a 24-hour period

Aborted Transaction Daily Summary total number of transactions aborted during a 24-hour period

Aborted Transaction 30-Day Summary total number of transactions aborted during a 30-day period



If a .km file was preloaded (whether as part of a .kml file or not), unloading it does not stop the PATROL Agent from collecting data for that .km file. However, if the .km file was not preloaded, then unloading it does stop the file from running and collecting data on the PATROL Agent.

If you no longer want the PATROL Agent to run a KM that was preloaded, you can remove its corresponding .kml file or .km files from the PATROL Agent preload list as described in “Using wpconfig to remove KMs from the Agent preload list” on page 96.

When you remove a KM from the PATROL Agent preload list, the agent does not run the KM unless you load it with a running console. KMs that are not preloaded do not run unless a console is running.

Unloading KMs from a PATROL console

If you no longer want to view a KM that currently appears in your console, you can unload the corresponding application classes (.km files) that make up the KM.

To unload KMs with the PATROL Console for Microsoft Windows Servers

1 From the KM tab of the tree view, right-click the application class name that you want to delete and choose Delete from the pop-up menu.

2 Click Yes to delete the application class.

The application class is removed from your cache directory and your console session file.

3 Repeat Step 1 and Step 2 until you have deleted all of the application classes associated with the KM that you want to delete.

4 From the console menu bar, choose File => Save KM to save your changes.

To unload KMs with the PATROL Console for UNIX

1 From the PATROL Main window, choose Attributes => Application Classes.

2 From the Lists of Application Classes window, click the name of the application class that you want to delete.

3 From the List of Application Classes menu bar, choose Edit => Delete.



The application class is removed from your cache directory and your console session file. The PATROL Console removes the application class name from the List of Application Classes.

4 Repeat Step 2 and Step 3 until you have deleted all of the application classes associated with the KM that you want to delete.

5 From the List of Application Classes menu bar, choose File => Save KM to save your changes.

To Unload KMs with PATROL Central Operator - Windows Edition

1 In the Common Tasks tab of the Operator Console Module Taskpad, click the Unload Knowledge Module(s) icon.

PATROL displays the Unload Knowledge Module(s) Wizard.

2 To start the wizard, click Next.

3 From the Managed System screen, select the managed system.

4 From the Knowledge Modules screen, select the KMs that you want to unload. For a description of the PATROL for Microsoft Windows Servers KMs, see “Table 16PATROL for Microsoft Windows Servers .kml files” on page 90.

5 Click Finish.

To unload KMs with PATROL Central - Web Edition

PATROL Central - Web Edition has a feature that enables you to unload specified .km files from specified computers.

1 From the Managed Systems page, click the Load/Unload KMs button.

The Load KMs page opens, listing each computer on which a PATROL Agent has been installed.

2 Select the computers from which you want to unload .km files, and click Next.

The Load KMs page displays a list of .km files. Currently loaded .km files are highlighted in the list.

3 Cancel the selection of the .km files that you want to unload.

4 Click Finish.



The console removes the .km files that you specified. These .km files will no longer be in the current management profile.

Stopping preloaded KMs from running on the PATROL Agent

If you want to stop a KM or application class so that it no longer runs on the PATROL Agent, remove the corresponding .kml or .km file from the agent preload list, as described in “Using wpconfig to remove KMs from the Agent preload list” on page 96.


C h a p t e r 4
4 Using the PATROL Cluster Configuration Wizard
This chapter provides you with information that you will need to use the PATROL Cluster Configuration Wizard (also referred to as PCC). The following topics are discussed:

Using the PATROL Cluster Configuration Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . 176Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176Preparing to use the PCC Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177Access requirements for running the PCC Wizard . . . . . . . . . . . . . . . . . . . . . . . . 177Starting the PCC Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177How to use the PCC Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178

Post-PCC configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183Manually configuring the PATROL Agent for clustering . . . . . . . . . . . . . . . . . . . . . . 183

Install the application on each cluster node . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183Install the PATROL Agent on each cluster node . . . . . . . . . . . . . . . . . . . . . . . . . . 184Assign a unique port number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184Distribute license file. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184Define the PATROL cluster-specific environment variables . . . . . . . . . . . . . . . . 184Create and register a new service for the PATROL Agent . . . . . . . . . . . . . . . . . . 185Define the PATROL Agent as a member of the group . . . . . . . . . . . . . . . . . . . . . 186

PATROL cluster-specific environment variables for history and configuration . . . 189Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191

Unattended configuration of Cluster Configuration Wizard . . . . . . . . . . . . . . . . . . . 191


Using the PATROL Cluster Configuration Wizard


Install the PATROL Cluster Configuration (PCC) Wizard to help you configure the PATROL Agent for failover in a Microsoft server cluster environment.

Overview

The PCC Wizard allows you to easily configure the PATROL Agent to monitor cluster-aware applications such as Microsoft Exchange Server. It does this by

■ configuring the agent to operate on a virtual server name and separate port

■ storing the agent history and configuration data on cluster-shared media

Thus, in the event of a node failure, the agent will failover to another node with the monitored application, while providing a consistent view of the data being collected. For example, the history data is kept intact.

The Wizard does not enable the monitoring of clustered resources. That functionality is handled by the PATROL Agent and the PATROL KM for Microsoft Cluster Server. The Wizard automates and simplifies cluster configuration of the PATROL Agent, and eliminates configuring the agent manually.



Preparing to use the PCC Wizard

Before you begin using the PCC Wizard, you must

■ install PCC on any computer in the cluster domain■ install PATROL Agent on all nodes in the cluster■ know the user name and password of a cluster administrator account■ identify a group to install the PATROL virtual Agent into; this group will need to

contain the following (at a minimum):

— Physical diskThe PATROL virtual Agent stores history and configuration data on a standard cluster-shared disk which, if possible, should not be the quorum disk.

— Network nameA network name resource provides an identity to the group in the form of a unique network name and IP address. This identity makes the group or the PATROL virtual agent accessible from the PATROL Console.

For information about how the PATROL Agent supports an application in a cluster environment and what type of failover tolerance it provides, see the PATROL Agent Reference Manual.

Access requirements for running the PCC Wizard

The account you use to run the PCC Wizard must be a member of the local administrator group.

Starting the PCC Wizard

You can start the wizard by

■ From Windows Start menu, choosing Start => Programs => BMC PATROL => PATROL Cluster Configuration Wizard.

■ typing pcc from the Run command.

NOTE The node that you run the PCC Wizard from should be the current owner of the group you select. This recommendation prevents some caution pop-up windows from appearing.



How to use the PCC Wizard

Once you have installed PCC Wizard on all nodes, use the following instructions to use the PCC Wizard to configure the PATROL Agent resources. To configure all nodes, you need to run the PCC Wizard just once, from a single node.

Information required by PCC

Use the table below to plan your configuration of each PATROL Agent resource.

Table 41 Information required by PCC (Part 1 of 2)

Required information Your information PCC

Cluster Name adds the PATROL Agent resource to the cluster you select or enter.

Group Name(s) adds the PATROL Agent resource to one or more cluster groups.

Resource Name adds the PATROL Agent service as a Generic Service resource type with this name. The resource name must be unique for this cluster.

Service Name creates registry entries for this PATROL Agent service name on each node you select. The service name must be unique for this system and comply with the rules for a service name.Note: PATROL does not rename the PatrolAgent.exe.

Network Name sets the PATROL_VIRTUALNAME_PORT# environment variable to this network name, which the PATROL Agent uses instead of the host name to store the PATROL configuration and history data. For easy identification, this name should be the virtual server name of the cluster group with which the agent is bundled. For example, the network name for an agent on port 3182 is PATROL_VIRTUALNAME_3182=BMC_ExchangeHou.

Port Number sets the port number that the PATROL Agent is using and that is referenced by all environment variables. Each PATROL virtual Agent must have a unique port number.

Shared Drive sets the drive shared by a cluster on which the configuration and history data will be stored. The PATROL Agent must be able to access this shared drive at agent startup, and the shared drive should belong to the cluster group with which the PATROL Agent is bundled.

History Path sets the PATROL_HISTORY_PORT# environment variable to this path on the shared drive, which stores the agent history files. For example, the history data location for an agent on port 3182 is PATROL_HISTORY_3182=X:\patrol\history.



Config DB Path sets the PATROL_CONFIG_PORT# environment variable to this path on the shared drive, which stores the PATROL Agent configuration database. For example, the configuration database location for an agent on port 3182 is PATROL_CONFIG_3182=X:\patrol\config.

RTSERVERS variable sets the RTSERVERS environment variable associated with the PATROL Agent. If you have not configured an RTserver for your PATROL environment, you can leave this field blank.

You may enter one or more known RTservers. Each entry is separated by a comma and has the format of protocol:hostname:port. For example, tcp:tbrady3w2k.bmc.com:2059.

Node(s) creates a registry entry for the PATROL Agent service on each cluster node you select.

Table 41 Information required by PCC (Part 2 of 2)

Required information Your information PCC



Configuring the PATROL Agent

Action Dialog box Notes

1. Click Next.

2. Select the appropriate option and click Next.

If you are installing the first resource, select Add one or multiple PATROL Agent resource(s). Adding a PATROL Agent as a cluster resource performs the following actions:

■ Sets the required environment variables

■ Registers the PATROL Agent with a new service name

■ Adds the PATROL Agent to the cluster as a Generic Service resource type and sets the resource properties

3. Select the groups to which you want to add the agent and click Next.

You can select multiple groups.

In most cases, the groups will correspond to the applications you want to monitor.



4. Enter the appropriate information and click Node List.

If you do not know what names to use, accept the defaults.

The port number must be a port that is not in use by any other process.

5. Verify that all nodes that you want to configure are selected and click OK.

You are returned to the PATROL Agent configuration screen.

Click Next.

You can select a node by clicking the node. All nodes are selected by default.




Your configuration of the PATROL Agent using PCC performs the following actions:

■ Registers the PATROL Agent service with a new service name within the Service Control Manager.

■ Sets the registry parameters and port number.■ Sets the service startup to manual.■ Creates the resource of type Generic Service in the cluster.■ Sets the Generic Service resource properties to restart without affecting the cluster

group; remaining properties have default values.■ Sets the service name parameter of the Generic Service and enables use Network

Name for computer name.■ Creates PATROL Agent history and configuration files on shared disk.■ Creates environment variables for cluster nodes.■ Brings the newly created resource online if the selection box is checked.■ Sets resource dependencies on the specified Physical Disk and Network Name.

6. Verify the configuration information and click Configure.

7. Click View Log or Finish.

You have finished configuring the agent.



Post-PCC configuration

Post-PCC configurationNow that you have finished using PCC to configure multiple PATROL Agents, you must perform some post-wizard configuration.

Each of the group agents in the cluster need to monitor resources that are a only part of that group. The node agents should not monitor group resources. This generally requires using wpconfig to modify the disabledKMs list for each group agent, and configuring the remaining KMs to monitor only resources that are instances of that group. This also means that you only need to modify the preloadedKMs list using wpconfig to preload KMs that are appropriate for that node or group agent.

Manually configuring the PATROL Agent for clustering

The information in this section provides a general idea of the processes involved in setting up a Windows cluster environment and integrating PATROL into that environment. Procedures and steps describing how to set up third-party software are intended as a general outline of the process for that product and are not intended as step-by-step instructions.

Setting up PATROL to run in a Windows cluster environment consists of several standard tasks. The standard cluster administration tasks and the PATROL-specific tasks are described in general terms. This section provides a high-level overview of building a Windows cluster and integrating PATROL into that environment.

The manual process defined in this chapter requires you to run multiple PATROL Agent executables on your CPU to monitor more than one application on the cluster.

Install the application on each cluster node

Install the cluster application on the local disk. In the Windows environment, the executable must be installed on the local disk.

NOTE BMC Software recommends that you use the PCC Wizard to cluster your PATROL Agent. PCC simplifies the configuration process. However, the manual instructions have been included in case you prefer manual configuration or want to know what the PCC Wizard is configuring.



Install the PATROL Agent on each cluster node

Install the PATROL Agent on the local disk of the node. You should have at least two separate agent executables installed on the node:

■ one to monitor the node’s operating system■ one to monitor the cluster application

Install the agent once. Include only those Knowledge Modules that support the application and the operating system. Then see “Create and register a new service for the PATROL Agent” on page 185 for information about setting up a second agent to monitor the cluster application.

Assign a unique port number

During installation of the agent on each node, assign a unique, listening port number to the PATROL Agent bound to the cluster application. This port must be the same across all nodes within the cluster.

Distribute license file

Duplicate the license file on each node. Use the naming convention “license” without the host name as an extension. During startup, the PATROL Agent searches for “license.hostname,” using its own host name. If it can’t find the file, it searches for “license” without an extension.

If you duplicate a license file and do not delete or change the file’s host name extension, the agent cannot find the license and will not start.

Define the PATROL cluster-specific environment variables

In this task, you will define the PATROL cluster-specific environment variables on each node. This action ensures that all the agents in a cluster read their configuration information and write their history information to the same set of files.

Perform the following tasks on each node in the cluster, then reboot each node. Rebooting enables each system to read the new variables and store them in memory.



1 From the Windows Taskbar, select Start => Settings => Control Panel.

2 Double-click the System icon and select the Environment tab.

3 Enter the variable name and value in the appropriate fields and click Set. The variables and their values are listed below. Repeat this step for the remaining variables.

PATROL_VIRTUALNAME_PORT=VirtualServerNamePATROL_HISTORY_PORT=Drive:\History_DirectoryPATROL_CONFIG_PORT=Drive:\Config_Directory

For more information about specific variables, see “PATROL cluster-specific environment variables for history and configuration” on page 189.

Create and register a new service for the PATROL Agent

In this task, you will create a PATROL Agent executable and register it as a service so that you can dedicate it to monitoring a cluster application. This task involves copying and renaming the agent’s executable and then registering the service in the Windows Services Applet.

Perform the following task on each node in the cluster.

1 Copy the PatrolAgent.exe in %PATROL_HOME%\bin directory.

2 Rename the executable. Use a name that indicates that the agent is an executable dedicated to monitoring an application.

3 Paste the executable into the %PATROL_HOME%\bin directory.

4 Install the executable at the command line, navigate to the %PATROL_HOME%\bin directory, and enter the following command:

The system acknowledges that the service installed successfully.

NOTE Name the executable the same on every node in the cluster.

PatrolAgent-application_name.exe

PatrolAgent-application_name -install



5 From the Windows Taskbar, select Start => Settings => Control Panel.

6 Double-click the Services icon and select application_name service from the list box. Click Startup.

7 In the Startup Type pane, select the Manual radio button and click OK. The service displays Manual in the Startup column.

Define the PATROL Agent as a member of the group

In this task, you will add the new PATROL Agent service as a resource of type “Generic Service” to the cluster. This task is commonly referred to as binding the agent to the cluster application.

Perform the following task on only the master node of the cluster. The cluster software provides two methods for binding a service to a cluster: GUI or command line. Regardless of the method you choose, you must provide the information listed in Table 42.

Tue MON DD HH:MM:SS CCYY PatrolAgent-application_name PID 318 Success 1000:The PatrolAgent Service was successfully installed.The PatrolAgent COM Server registered sucessfully

NOTE The PATROL Agent COM Server can be registered only once. Additional attempts to register it will fail; however, the multiple agent processes will run.

NOTE This task description uses Windows Cluster Management Software as an example. The steps describing how to set up the software are intended as a general outline of the process and are not intended as step-by-step instructions.

Table 42 Cluster administration properties (Part 1 of 2)

Arguments Description

cluster.exe Cluster Administration Executable (command line only)

clusterName User-defined name of the cluster

RES Specifies the service as a resource of the cluster

"PatrolAgent for MyApplication"

Description of the service

/CREATE /Group: /TYPE: Create a group and assign it a resource type.



Using Cluster Administration GUI

Add the new PATROL Agent service as a resource of type “Generic Service” to the cluster using the Cluster Administrator GUI.

Using the command line

To bind a PATROL Agent service to the cluster application, you must issue several commands. Each command contains the name of the cluster registration executable, the name of the cluster, RES, description of the service, and various attributes.

1 From the command line, issue the following command to name the service, designate it as a resource of the cluster, create a group, and assign it a resource type of “Generic Service”.

2 Add the disk that stores the PATROL Agent configuration and history information as a dependency. This command instructs the cluster software to bring up the disk with configuration information before it attempts to start the PATROL Agent.

/ADDEP Establish a dependency between the service and the cluster.

/Prop:RestartAction Determines what the cluster does (shut down, wait, etc.) if PATROL Agent service fails and is unable to restart.

/Priv: ServiceName Identify the service name of the PATROL Agent service bound to the cluster application.

/Priv: StartupParameters Specify startup characteristics such as port number.

/ON Make the PATROL Agent service available (online) to the cluster.

NOTE For each command, you must reenter the name of the cluster executable, the name of the cluster, the resource option, and the service name.

cluster.exe clusterName RES "PatrolAgent for MyApplication" /CREATE /Group:MyGroup /TYPE:"Generic Service"

cluster.exe clusterName RES "PatrolAgent for MyApplication" /ADDDEP:"Disk MyGroupDisk"

Table 42 Cluster administration properties (Part 2 of 2)

Arguments Description



3 Set the restart action. This command determines what the cluster does if an application fails and is unable to restart. A value of one (1) indicates that if the application is unable to restart, the cluster will continue to run.

4 Identify the service name to the cluster software. The service name must be identical to the service name assigned to the PATROL Agent executable on each cluster node.

5 Set the port number for the PATROL Agent bound to the cluster application. This number must be the same as the number assigned as a suffix to the PATROL cluster-specific environment variables.

For details about the PATROL cluster-specific environment variables, see “Define the PATROL cluster-specific environment variables” on page 184.

6 Set the service to be available (online) when the cluster is running.

cluster.exe clusterName RES "PatrolAgent for MyApplication" /Prop:RestartAction=1

cluster.exe clusterName RES "PatrolAgent for MyApplication" /Priv ServiceName="PatrolAgent-application_name"

cluster.exe clusterName RES "PatrolAgent for MyApplication" /Priv StartupParameters="-p Port#"

cluster.exe clusterName RES "PatrolAgent for MyApplication" /ON


PATROL cluster-specific environment variables for history and configuration


To take advantage of failover tolerance for history files, you must create and set the value of three environment variables. When creating and writing to history files, the PATROL Agent searches for information in these files.

Variables

Table 43 describes the purpose of PATROL cluster-specific environment variables.

Table 43 PATROL cluster-specific environment variables

Environment variable Description

PATROL_HISTORYPATROL_HISTORY_PORTa

aTo manage multiple PATROL Agents running on separate ports, append the port number to the variable name. This situation occurs when PATROL Agents are bound to individual applications such as Oracle, Exchange, Sybase, etc. Each agent uses a separate port number.

the location of history files

If this variable is empty or doesn’t exist, the agent writes the history files to PATROL_HOME\log\history\ host\portnumber.

PATROL_VIRTUALNAMEPATROL_VIRTUALNAME_PORTa

an alias for the host name

If this variable is empty or doesn’t exist, the agent uses the host name to identify history data within the history files.

PATROL_CONFIGPATROL_CONFIG_PORTa

the location of the configuration files

If this variable is empty or doesn’t exist, the agent stores the configuration file in PATROL_HOME\config.



Operation

When searching for configuration information and creating and writing to the history database, the PATROL Agent uses the following logic to check for the existence of PATROL cluster-specific variables.

Table 44 Operation of configuration and history environment variables

Variable type Exists? Description

Virtual Name yes PATROL_VIRTUALNAME_8888 exists, the agent writes history using the virtual name as the host name. Using the virtual name provides continuous history for an application regardless of which host the application is running on.

The agent also uses the virtual host name to identify the configuration file changes and the history database. Configuration file changes are written to PATROL_HOME\config\config_virtualname_port.cfg. The history database is written to the subdirectory structure history\virtualname\port, which will be located in the directory pointed to by PATROL_HISTORY_PORT.

no The agent writes history using the actual host name. If the application fails over, the agent writes history using the new agent’s name. Using the actual hostname creates gaps in the results of any dump_hist commands because the command does not recognize that the same application ran on different hosts.

Configuration File

yes PATROL_CONFIG_8888 exists, then the agent reads configuration information from the location specified by this variable.

no The agent reads from the default directory, PATROL_HOME\config\config_virtualname or hostname-port

History Database

yes PATROL_HISTORY_8888 exists, then the agent writes history to the location specified by this variable

no the agent writes to the default directory, PATROL_HOME\log\history\virtualname or hostname\port\


Unattended configuration of Cluster Configuration Wizard

Example

The following example illustrates how the environment variables would be named for a host using port 8888. It also depicts the directory structure and file location.

Environment variables

Directory structure

For the values provided in the “Environment Variables” section of this example, the PATROL Agent stores configuration information and records the history data in the following directory structure:

If these variables do not exist or they are empty, the PATROL Agent stores configuration information and records the history data in the following directory structure:


The Cluster Configuration Wizard file, pcc.exe, enables you to specify the installation values in the pcc.cfg file. This configuration process is separate from the setup wizard installation.

In the Cluster Configuration Wizard, the CreateCfgFile button enables you to create the configuration file, pcc.cfg, for silent installation. You can use this file as a command line argument for the pcc.exe file for silent installation and uninstallation.

PATROL_HISTORY=K:\doc\work\histdirPATROL_VIRTUALNAME=AliasHostNamePATROL_CONFIG=K:\doc\work\config

K:\doc\work\histdir\AliasHostName\8888\annotate.datK:\doc\work\histdir\AliasHostName\8888\param.histK:\doc\work\config\config_AliasHostName-8888

%PATROL_HOME%\log\history\HostName\8888\annotate.dat%PATROL_HOME%\log\history\HostName\8888\param.hist%PATROL_HOME%\config\config_HostName-8888



You can edit the pcc.cfg file for the different cluster groups that you want to configure, for example:

■ pcc.exe –apply pcc.cfg

■ pcc.exe –remove pcc.cfg

However, you need to specify the full path of the pcc.cfg file in the above commands.


C h a p t e r 5
5 Monitoring remote hosts
This chapter provides you with information that you will need to monitor remote hosts. The following topics are discussed:

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193Prerequisites for remote monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195Configuring PATROL KM for Windows for remote monitoring . . . . . . . . . . . . . . . . 195Application classes to configure remote monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . 196Supported application classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196Object hierarchy for remote monitoring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196Parameters for remote monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197Supported tasks for remote monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198

IntroductionPATROL KM for Windows supports monitoring of remote hosts using the Windows Remote Management (WinRM) functionality. The same set of parameters are used to collect information for the local host as well as the remote host.

Figure 4 shows the collection architecture for remote monitoring.


Introduction

Figure 4 Collection architecture for remote monitoring

The Windows Remote Management (WinRM) is the Microsoft implementation of WS-Management Protocol, a standard Simple Object Access Protocol (SOAP)-based, firewall-friendly protocol that allows hardware and operating systems, from different vendors, to interoperate. WinRM establishes a session with a remote computer through the SOAP-based WS-Management protocol. Data returned to WS-Management protocol are formatted in XML.


Prerequisites for remote monitoring

Prerequisites for remote monitoringBefore you can use the remote monitoring feature successfully, you must meet all the requirements mentioned in this section:

■ Requirements for host machines (PATROL Agent):

■ WinRM version 1.1 or 2.0 should be installed.

■ Requirements for remote host:

■ WinRM version 1.1 or 2.0 should be installed and running.■ WinRM should be configured with listener either on HTTP or HTTPS.■ Valid domain or local user who is a member of the Administrators group.

AuthenticationPatrol KM for Windows client supports password based authentication for local and domain users. It uses the following network authentication protocols:

■ Kerberos authentication-The client and server mutually authenticate using Kerberos tickets. Kerberos is selected to authenticate a domain account. The user name should be specified as domain\username for a domain user.

■ Negotiate authentication(NTLM)-The client sends a request to the server to authenticate. NTLM is selected for local computer accounts. The user name should be specified as username for a local user on a server computer.

Starting with Windows Vista, User Account Control (UAC) affects access to the WinRM service. When Negotiate authentication is used in a workgroup or domain, only the built-in Administrator account can access the service. To allow all accounts in the Administrators group to access the service, set the HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\LocalAccountTokenFilterPolicy registry key to 1.

Configuring PATROL KM for Windows for remote monitoring

To configure PATROL KM for Windows for remote monitoring, load the NT_REMOTE.kml file. For loading the .kml file, see “Loading the PATROL for Microsoft Windows Servers KMs” on page 91.


Application classes to configure remote monitoring

Application classes to configure remote monitoring

PATROL KM for Windows uses the following application classes to configure remote monitoring:

■ NT_REMOTE_CONTAINER => Is a container KM and hosts instances of all remote hosts. This container application class provides all the menu commands and tasks required to configure remote hosts for monitoring. The NT_REMOTE_CONTAINER application class is represented by Remote Monitoring in the PATROL console.

■ NT_REMOTE_HOST => Contains application instances for each remote host. Each remote host contains the NT_OS container. The NT_REMOTE_HOST application class is represented by Host Name in the PATROL console.

Supported application classesPATROL KM for Windows supports monitoring of the following application classes for a remote host:

■ NT_CACHE■ NT_CPU■ NT_CPU_CONTAINER■ NT_LOGICAL_DISKS ■ NT_LOGICAL_DISKS_CONTAINER ■ NT_MEMORY ■ NT_OS■ NT_PAGEFILE■ NT_PAGEFILE_CONTAINER■ NT_SERVICES■ NT_SERVICES_CONTAINER

Object hierarchy for remote monitoringThe Remote Monitoring container contains all the remote hosts discovered. Each remote host container contains the WINDOWS Operating System container, which displays all the supported application classes and its parameters.


Parameters for remote monitoring

Figure 5 shows the object hierarchy for remote monitoring.

Figure 5 Object hierarchy for remote monitoring

Parameters for remote monitoringTable 45 lists the parameters that are used to discover application classes for remote monitoring.

Table 45 Parameters for remote monitoring

Collector Consumer Application

RMPageFileDiscovery NT_PAGEFILERMCpuDiscovery NT_CPURMMemoryDiscovery NT_MEMORYRMCacheDiscovery NT_CACHERMLogicalDiskDiscovery NT_LOGICAL_DISKSRMOSDiscovery NT_OSRMServiceDiscovery NT_SERVICES


Supported tasks for remote monitoring

Supported tasks for remote monitoringYou can perform the following tasks to monitor remote hosts:

■ Adding remote hosts: To add a remote host, from the Remote Monitoring container, choose KM Commands => Configure Remote Hosts, enter the details for the host, and choose the Add option. When you add a remote host with local computer account using Configure Remote Hosts menu command, the remote host gets added to the TrustedHosts list of WinRM.

■ Modifying remote hosts: After you add a remote host, you can modify its details such as the assigned profile, username and password. To modify a remote host, from the Remote Monitoring container, choose KM Commands => Configure Remote Hosts, select the host and choose the Modify option.

■ Removing remote hosts: After you add a remote host, you can remove the host to stop monitoring. To remove a remote host, from the Remote Monitoring container, choose KM Commands => Configure Remote Hosts, select the host and choose the Remove option. When you remove a host using Configure Remote Hosts menu command, it gets deleted from the TrustedHosts list only if the host was added with local compueter account. However, if you uninstall the KM, the remote host does not get deleted from the TrustedHosts list. In this case, you need to remove the host using the following winrm commands:

winrm set winrm/config/client @{TrustedHosts=”host1host2host3..”}

where host1, host2, and host3 are the remote hosts that you want to keep in the TrustedHosts list.

winrm set winrm/config/client @{TrustedHosts=””}

■ Creating profile: You can create profiles that can be shared across different remote hosts. To add a profile, from the Remote Monitoring container, choose KM Commands => Configure Profiles, enter username and password, and choose the Add option.

■ Modifying profiles: You can modify user name and password for a profile. To modify a profile, from the Remote Monitoring container, choose KM Commands => Configure Profiles, select the profile and choose the Modify option.

■ Removing profiles: You can remove a profile as required. To remove a profile, from the Remote Monitoring container, choose KM Commands => Configure Profiles, select the profile and choose the Remove option.

For information about these tasks, see the PATROL KM for Windows online Help.


C h a p t e r 6
6 Troubleshooting PATROL for Microsoft Windows Servers
This chapter contains information for troubleshooting PATROL for Microsoft Windows Servers.

This chapter contains the following topics:

PATROL KM for Microsoft Windows OS problems. . . . . . . . . . . . . . . . . . . . . . . . . . . 200Process or job object data not displayed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200PATROL Generates Event 560 and 562 in the Windows security event log. . . . 201Event filter parameters not automatically acknowledged . . . . . . . . . . . . . . . . . . 201Newly installed protocols are not discovered. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201Event log summary instance cannot be removed. . . . . . . . . . . . . . . . . . . . . . . . . . 202Windows event log does not work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202Multiple processes are selected when you select a single process . . . . . . . . . . . . 203PATROL Agent has DiscoveryStatus parameter in alarm . . . . . . . . . . . . . . . . . . 203Mount point monitoring and logical disk quotas does not work . . . . . . . . . . . . 203

PATROL KM for Event Management problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204Too many e-mail alerts are being generated . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204Parameters settings lost after agent restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205PATROL KM for Event Management not working as expected . . . . . . . . . . . . . 206AS_AVAILABILITY application not displayed . . . . . . . . . . . . . . . . . . . . . . . . . . . 206

Problems with all other KMs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207Cannot add performance monitor counters with alarm ranges less than 1 . . . . 207AdPerfCollector parameter display error message . . . . . . . . . . . . . . . . . . . . . . . . 208

Recovery action problems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209Recovery actions do not execute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209Even though I select “Do not ask me again” PATROL prompts before running

recovery action . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209Gathering diagnostic information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210

Locations where you can find diagnostic information . . . . . . . . . . . . . . . . . . . . . 210Installation logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210Determining PATROL KM version number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211


PATROL KM for Microsoft Windows OS problems


This section contains troubleshooting information for PATROL KM for Microsoft Windows OS.

Process or job object data not displayed

In the PATROL console, the Processes or Job Objects containers are offline, do not display any instances, are not discovered, or do not collect data. The _CollectionStatus parameter displays a message stating that a performance object is not loaded or enabled.

In addition, if service executables are being monitored, the instances for those service executables are not displayed.

Problem type Page

Process or job object data not displayed 200

PATROL Generates Event 560 and 562 in the Windows security event log

201

Event filter parameters not automatically acknowledged 201

Newly installed protocols are not discovered 201

Event log summary instance cannot be removed 202

Windows event log does not work 202

Multiple processes are selected when you select a single process 203

PATROL Agent has DiscoveryStatus parameter in alarm 203

Mount point monitoring and logical disk quotas does not work 203

Explanation Solution

The Microsoft Performance counter collector perfproc.dll is disabled.

To resolve this problem, enable perfproc.dll.

After you enable perfproc.dll, you may need to restart the PATROL Agent.

The PATROL Agent default account cannot read a registry key.

The following registry may be locked and cannot be read by the PATROL Agent default account.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009

To resolve this problem, grant read access for this registry key to the PATROL Agent default account.



PATROL Generates Event 560 and 562 in the Windows security event log

PATROL generates the following events in the Windows security event log:

■ Event ID 560 - Object Open■ Event ID 562 - Handle Closed

Event filter parameters not automatically acknowledged

Event filter parameters are not automatically acknowledged even though the event filter is configured to do so, as specified on the Event Handling tab of the Configure Windows Event Monitoring window. This behavior occurs for the following parameters:

■ ELMErrorNotification ■ ELMFailureAuditNotification ■ ELMInformationNotification ■ ELMNotification ■ ELMOtherTypesNotification ■ ELMSuccessAuditNotification ■ ELMWarningNotification

Newly installed protocols are not discovered

Protocols that are installed on the server are not discovered by PATROL even though counters for the protocols are displayed in Microsoft Performance Monitor.


PATROL generates these events during normal data collection if success auditing is enabled for object access.

To prevent PATROL from generating these events, you can turn off success auditing for object access. This setting determines whether to audit user access to an object. An object could be a file, folder, registry key, printer, or other system object. For more information, see Microsoft KB article 149401.


These parameters cannot be automatically acknowledged.

Deselect the option to notify PATROL immediately when an event that matches the filter occurs. You cannot use the auto-acknowledge feature if the event filter is configured to notify immediately. For more information about this setting, see “Configuring Windows events monitoring” on page 103.



Event log summary instance cannot be removed

Each Windows event log application contains an instance named Summary that cannot be removed.

Windows event log does not work

The Windows event log does not work correctly.


The PATROL Agent does not detect the new performance objects.

Restart the agent or refresh the performance counters.


Configuration variable setting needs to be changed.

To permanently remove Summary instances from the event log applications, set the value of the agent configuration variable OverrideSummaryAutoCreate to 1. For more information, see “OverrideSummaryAutoCreate” on page 228.

Alternatively, you can also permanently remove the Summary instance by following these steps:

1. Executing the KM menu command Configure Windows Event Monitoring.

2. From the Configure Windows Event Monitoring window, right-click the Summary instance and select Delete.


Windows event log does not work correctly.

The BMC PATROL Agent default account credentials are stored in the /AgentSetup/defaultAccount agent pconfig variable.

Set the BMC PATROL default account so that the /AgentSetup/defaultAccount agent pconfig variable is not blank.

Alternatively, you can also set the account for event log by adding the /AgentSetup/NT_EVENTLOG.OSdefaultAccount pconfig variable, and setting the username and password required for the event log KM in the pconfig variable.



Multiple processes are selected when you select a single process

Processes with names that contain the same string are all selected when you select any one of those processes.

PATROL Agent has DiscoveryStatus parameter in alarm

PATROL Agent displays the DiscoveryStatus parameter in an alarm state, and the Services, Event log and Logical disks application class are not visible.

Mount point monitoring and logical disk quotas does not work

The PATROL Agent default account must be in the local or domain Admins group. In case, the mount drive has security restriction, you must provide an explicit access right to the Agent account for monitoring.

EXAMPLE If you select the ABC process, 123ABCxyz, ABC2, 2ABC, and any other process with a name that contains ABC are also selected.


Multiple process are selected even if you select only one process.

If you want the product to add all the processes for monitoring, for which you have the name of the process selected, select the Process(es) using a regular expression for monitoring check box.

If you do not select this check box, the product only adds the process instances for monitoring.


Patrol Agent has the DiscoveryStatus parameter in alarm.

Verify that the Microsoft Visual C++ 2005 Redistributable Package (x86), which is part of BPM for Servers installation, is installed correctly.

If it is missing, you can install it fromhttp://www.microsoft.com/downloads/details.aspx?familyid=32bc1bee-a3f9-4c13-9c99-220b62a191ee&displaylang=en


http://www.microsoft.com/downloads/details.aspx?familyid=32bc1bee-a3f9-4c13-9c99-220b62a191ee&displaylang=en

http://www.microsoft.com/downloads/details.aspx?familyid=32bc1bee-a3f9-4c13-9c99-220b62a191ee&displaylang=en

PATROL KM for Event Management problems

PATROL KM for Event Management problemsThis section contains troubleshooting information for the PATROL KM for Event Management:

Too many e-mail alerts are being generated

PATROL is generating too many e-mail messages, or too many notifications in general or you are receiving notifications for events that are not important to you.

Problem type Page

Too many e-mail alerts are being generated 204

Parameters settings lost after agent restart 205

PATROL KM for Event Management not working as expected 206

AS_AVAILABILITY application not displayed 206


Parameters and thresholds need tuning.

Begin baselining and adjusting parameter thresholds.

Review the e-mail alerts to determine which parameters are generating alerts. Then adjust the parameter thresholds, deactivate threshold ranges, or deactivate parameters, as necessary. You can make these changes on one remote agent and then use the PATROL Configuration Manager to deploy these changes to other agents.

Blackout periods are needed. If you are receiving alerts because systems are down for maintenance, you should configure blackout periods that specify when alerts are not generated. For more information, see the PATROL KM for Event Management User Guide.

The rule /AS/EVENTSPRING/ALERT/arsAction is set to 4.

Set the rule /AS/EVENTSPRING/ALERT/arsAction to 0.

If the arsAction rule is set to 4 for all PATROL objects, notifications are sent for all events. Instead, you may want to disable notification for all PATROL objects, by setting /AS/EVENTSPRING/arsAction to 0 at the remote agent. Then, enable notification only for the desired applications, instances, or parameters.

When you enable notification for a specific PATROL object, the following configuration variable is created:

/AS/EVENTSPRING/ALERT/object/arsAction



Parameters settings lost after agent restart

Parameter poll times that are set using the PATROL KM for Event Management are not retained upon agent restart.

Removing the allowsendparamonly variable

1 Move patrol.conf from %PATROL_HOME%\common\patrol.d to a secure location.

2 Using the PACFG (PATROL Agent Configuration) utility, specify that secured location.

3 Using Notepad (with word wrap disabled) or Wordpad, open patrol.conf.

4 Underneath the [AGENT] stanza, remove the following line:

allowsendparamonly=true

5 Save and close the file.

6 Reinitialize the agent.


The allowsendparamonly variable exists in %PATROL_HOME%\common\patrol.d\PATROL.conf file and is set to true.

Remove the allowsendparamonly variable.For instructions, see “Removing the allowsendparamonly variable.”

If this variable exists and is set to True, then state change events for applications and instances are not generated. This reduces network traffic, but it also prevents the PATROL KM for Event Management from detecting when parameters become active after an agent restart. Thus, the PATROL KM or Event Management threshold and poll time settings are not applied.

etc/patrol.d/PATROL.conf does not exist. If Patrol.conf file doesn't exist then all the agent variables get set to TRUE. To resolve this problem, obtain a copy of the file Patrol.conf and remove the allowsendparamonly variable, if it exists, as described in “Removing the allowsendparamonly variable.”

To obtain the Patrol.conf file, copy it from another computer or contact BMC Software Support.



PATROL KM for Event Management not working as expected

The PATROL KM for Event Management shows any of the following problems:

■ It does not send events. ■ The NotifiedEvents parameter is offline.■ Errors are displayed in the console system output window■ Parameter thresholds are not applied.

To Ensure the PATROL KM for Event Management 2.5x uses Correct Event Catalog File

1 Stop the PATROL Agent service.

2 Rename %PATROL_HOME%\lib\knowledge\StdEvents.ctg to %PATROL_HOME%\lib\knowledge\StdEvents.ctg.bak

3 Rename %PATROL_HOME%\lib\knowledge\StdEvents.ctg.date_PID to %PATROL_HOME%\lib\knowledge\StdEvents.ctg ensuring that the correct backup file that corresponds to the PATROL Agent installation is renamed.

4 Restart the PATROL Agent service.

AS_AVAILABILITY application not displayed

The AS_AVAILABILITY application icon is not displayed in the PATROL Console.


The PATROL KM for Event Management catalog file has been overwritten.

On Windows platforms, if the PATROL Agent is installed after the PATROL KM for Event Management, a PATROL KM for Event Management catalog file is overwritten. The PATROL KM for Event Management must be installed after the PATROL Agent for the PATROL KM for Event Management to function.

If you are running PATROL KM for Event Management 2.5.x and you do not want to upgrade to version 2.6.00, you must ensure that you are using the correct event catalog file. For more information, see “To Ensure the PATROL KM for Event Management 2.5x uses Correct Event Catalog File”.


Availability targets have not been added.

Add availability targets. For more information, see the PATROL KM for Event Management User Guide. The AS_AVAILABILITY application class instantiates only when availability targets have been defined.


Problems with all other KMs

Problems with all other KMsThis section contains troubleshooting information for all other KMs in the PATROL for Windows product:

Cannot add performance monitor counters with alarm ranges less than 1

The PATROL Wizard for Performance Monitor and WMI does not allow decimal alarm ranges that are less than one, yet the Performance Monitor counters values are normally in this range.

Customizing performance monitor counters

Since PATROL alarm ranges must be integer values, you can’t create useful alarm ranges if the Microsoft performance monitor counter values are normally less than 1. However, by following this procedure, you can multiply the reported value by a specified amount. This allows you to create meaningful alarm ranges. You can also use this approach if the value reported by the counter is too large. In that case, you would multiply the reported value by a a number less than 1.

To customize performance counters

1 Use the PATROL Wizard for Performance Monitor and WMI to create parameters for a Performance Monitor counter, as described in “Creating performance monitor parameters” on page 143.

2 Using PATROL Configuration Manager or the pconfig utility, display the following configuration variable:

Problem type Page

Cannot add performance monitor counters with alarm ranges less than 1 207

Cannot add performance monitor counters with alarm ranges less than 1 207

AdPerfCollector parameter display error message 208


This problem is due to a PATROL limitation. See the suggested solution.

To resolve this problem, you can manually multiply or divide the PerfMon counter to get appropriate values for display so that you can set appropriate alarm ranges. For more information, see “Customizing performance monitor counters.”


Problems with all other KMs

/Perfmon/NT_PERFMON_WIZARD/object/Counters

where object is the Microsoft Performance Monitor object.

3 Edit the configuration variable value by adding, after the counter name, *multiplier, where multiplier is the numerical value by which you want to multiply the reported value.

For example, to multiple the reported value of the counter Active Threads by 100, add *100 to the variable, as shown: Active Threads*100.

If you are monitoring multiple counters for the object, you can also multiple the other counters by a multiplier. For example:

counter1*100,counter2,counter3*0.1

4 Apply the configuration change to the agent.

The value reported by PATROL for the selected counter is adjusted by the multiplier that you entered.

AdPerfCollector parameter display error message

When a Windows Server 2003 or Windows 2000 Server machine is promoted to a domain controller (DC), the annotated data point for the AdPerfCollector parameter may display the following error message:

ERROR- Error: WBEM_E_INVALID_CLASS

WARNING When entering a multiplier that is less than 1, you must include a leading zero. For example, you must enter 0.1, and not .1.


The required Microsoft Performance Counters are not available in WMI.

Follow the instructions in Microsoft Knowledge Base Article 266416 to dredge the performance counters from the registry and make them available in WMI.


Recovery action problems

Recovery action problemsThis section contains troubleshooting information about PATROL for Microsoft Windows Servers recovery actions:

Recovery actions do not execute

The built-in recovery actions are enabled but they do not execute. A message indicating that access is denied may be displayed in the PATROL console system output window.

Even though I select “Do not ask me again” PATROL prompts before running recovery action

Even though you select the option Do not ask me again, PATROL prompts you again before running a recovery action.

For example, you configure the recovery action that terminates a runaway process and specify that the recovery action runs only with operator confirmation. When the recovery action is triggered, PATROL prompts you whether to terminate the process. You enable the recovery action and select the option Do not ask me again. The next time that the process is triggered to be terminated, it runs with a different PID and, therefore, PATROL prompts you again before terminating the process.

Problem type Page

Recovery actions do not execute 209

Even though I select “Do not ask me again” PATROL prompts before running recovery action

209


The PATROL Agent default account lacks the rights to execute the recovery action.

Assign local administrator rights to the PATROL Agent default account on the host where you want to execute the recovery action. For more information about the account rights required, see “Accounts” on page 43.


The process runs with a different PID (process identification) number and appears to PATROL as a different process.

This is a known issue. As a workaround, you can configure the recovery action to run automatically instead of with operator confirmation. For more information about configuring recovery actions, see “Configuring recovery actions” on page 128.


Gathering diagnostic information

Gathering diagnostic informationThe following section provides information about where you can obtain diagnostic information.

Locations where you can find diagnostic information

The following table lists locations where you can find diagnostic information for problems with PATROL for Microsoft Windows Servers.

Installation logs

One log file is created each time the installer is run. The name of the log file is a combination of the computer name and a time stamp. The log file is located in the %USERPROFILE%\Application Data\BMCINSTALL\ directory.

For example, a log file for user bhunter on a Windows Server computer BHUNT_1 could be:

C:\WINNT\Profiles\bhunter\Application Data\BMCinstall\BHUNT_1-1005340189.log.

Type Location Description

Installation logs

%USERPROFILE%\Application Data\BMCINSTALL\

See “Installation logs.”

System Output Window

See the documentation for your PATROL console.

The system output window contains messages relating to the operation of KMs, including error messages.

PATROL Event Manager

From the PATROL console, right-click the host and select Event Manager.

The PATROL Event Manager shows all of the PATROL related events for the host. You can check here to determine if NOTIFY_EVENTS are being generated.

PATROL Diags

From the PATROL console, load KM PSX_APPLICATION_DEBUG and right-click Application Trace icon => KM Commands => Create Diagnostic Report

PATROL Diags provides a variety of information about your environment that support requires.



Determining PATROL KM version number

Follow these steps to determine the PATROL KM version that is installed on the host machine.

To determine the PATROL KM version

1 From the PATROL console, access the top-level KM application.

2 Right-click the application and select the menu command InfoBox and described in “Accessing KM commands and InfoBoxes” on page 214.

The PATROL KM version is displayed next to KM Version.


A p p e n d i x A
A Accessing menu commands, InfoBoxes, and online Help
BMC Software offers several PATROL consoles from which you can view a PATROL Knowledge Module (KM). Because of the different environments in which these consoles run, each one uses a different method to display and access information in the KM. This appendix provides instructions for accessing the KM menu commands, InfoBoxes, and online Help on each of the PATROL consoles. See the PATROL for Windows Servers online Help for more detailed information about navigation in the PATROL Consoles.

Accessing KM commands and InfoBoxes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214Accessing online Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215


Accessing KM commands and InfoBoxes

Accessing KM commands and InfoBoxesTable 46 provides information about how to access KM commands and InfoBoxes from the various PATROL consoles.

Table 46 Accessing KM Commands and InfoBoxes

ConsoleTo access menu commands

To accessInfoBoxes

PATROL Console for Microsoft Windows Servers

In either the Desktop tree tab or work area, right-click a computer or application icon and choose KM Commands from the pop-up menu.

In either the Desktop tree tab or the work area, right-click an application class or parameter icon and choose InfoBox from the pop-up menu.

PATROL Console for UNIX In the work area, right-click a computer or application icon to display a pop-up menu that contains KM-specific commands.

With the middle mouse button, click an application class or parameter icon.

PATROL Central Operator - Windows Edition

In the navigation pane, right-click a managed system or application icon and choose Knowledge Module Commands from the pop-up menu.

In the navigation pane, right-click a PATROL object and choose InfoBox from the pop-up menu.

PATROL Central Operator - Web Edition

In the tree view area, right-click an application icon and choose Knowledge Module Commands from the pop-up menu.

In the tree view area, right-click a PATROL object and choose Infobox from the pop-up menu.


Accessing online Help

Accessing online HelpTable 47 provides information about how to access Help from each console.

NOTE If you are trying to access Help from a UNIX console, see the PATROL Installation Reference Manual for specific instructions about installing and setting up a browser in the UNIX environment.

Table 47 Accessing online Help

ConsoleTo access product help

To access application class help To access parameter help

PATROL Console for Microsoft Windows Servers

From the console menu bar, choose Help => Help Topics => PATROL Knowledge Modules.

Double-click an application class in the KM tab of the console. From the Application Properties dialog box, click the Help tab. Then click Show Help.

■ Right-click a parameter icon and choose Help On from the pop-up menu.

■ Double-click a parameter icon; click the ? icon or Help button in the parameter display window.

■ Double-click a parameter in the KM tab of the console; from the properties dialog box, click the Help tab; then click Show Help.

PATROL Console for UNIX

From the console menu bar, choose Help On => Knowledge Modules.

Choose Attributes => Application Classes and double-click the application name. Click Show Help in the Application Definition dialog box.

Right-click a parameter icon and click Help On.

PATROL Central Operator - Windows Edition

From the console menu bar, choose Help => Help Topics. In the Contents tab, click the name of your product.

In the Operator tab of the navigation pane, select an application icon and press F1.

In the Operator tab of the navigation pane, select a parameter icon and press F1.

PATROL Central Operator - Web Edition

In the upper right corner of PATROL Central, click Help and choose PATROL KM Help.

In the tree view, right-click an application class and choose Help.

In the tree view, right-click a parameter and choose Help.


Accessing online Help

NOTE In PATROL Central Operator – Microsoft Windows Edition on a Microsoft Windows Vista operating system, the online Help does not work. The Windows Help program (WinHlp32.exe) is used to display 32-bit Help files that have the .hlp extension. Microsoft did not include the WinHlp32.exe program with Microsoft Windows Vista.

Workaround: To view the online Help on Windows Vista, you must download the WinHlp32.exe program from the following Microsoft Windows support website and install it onto your computer: http://go.microsoft.com/fwlink/?LinkID=82148


A p p e n d i x B
B Agent configuration variables and rulesets
The variables described in this appendix are PATROL for Windows Servers agent configuration variables that are set in the PATROL Agent. To view these variables, use the PATROL Configuration Manager or the wpconfig utility. Information about using PATROL Configuration Manager is included in this appendix.

This appendix also describes the PATROL Configuration Manager rulesets that are provided for PATROL for Microsoft Windows Servers.

Managing configuration variables. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218PATROL for Windows Servers configuration variables . . . . . . . . . . . . . . . . . . . . . . . 218

PATROL KM for Microsoft Windows OS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218PATROL KM for Microsoft Windows Domain Services . . . . . . . . . . . . . . . . . . . . 241PATROL KM for Microsoft Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244PATROL KM for Microsoft Cluster Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248PATROL KM for Microsoft Windows Message Queue. . . . . . . . . . . . . . . . . . . . . 253PATROL KM for Microsoft COM+. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254PATROL Wizard for Microsoft Performance Monitor and WMI. . . . . . . . . . . . . 255PATROL for Microsoft Windows Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256

PATROL for Microsoft Windows Servers rulesets . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257PATROL KM for Event Management required . . . . . . . . . . . . . . . . . . . . . . . . . . . 257Using PATROL Configuration Manager to apply rulesets . . . . . . . . . . . . . . . . . . 257Server roles with predefined rulesets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258Ruleset reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260

Using PATROL Configuration Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269Using PCM to apply configurations changes to other agents. . . . . . . . . . . . . . . . 269Manually creating or changing configuration variables . . . . . . . . . . . . . . . . . . . . 270

WARNING Changing any of these agent configuration variables can prevent some functions from working properly and can affect your entire installation. Before you change a variable, make a record of the original setting.


Managing configuration variables

Managing configuration variablesBMC Software recommends that you set agent configuration variables by using a console to configure PATROL for Windows Servers KMs. Use the PATROL Configuration Manager or the wpconfig utility only to view variable settings or deploy them to others machines.

PATROL for Windows Servers configuration variables

The following sections lists the agent configuration variables associated with each PATROL for Windows Servers component.


Table 48 on page 219 lists the PATROL KM for Microsoft Windows OS (the KM) component variable settings. All PATROL KM for Microsoft Windows OS variables are located in the following pconfig directory:

/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config

In Table 48 on page 219, if the default value is shown as NA, the configuration variable has no applicable default value because the variable is created only when the product is configured.

NOTE For information about the PATROL KM for Event Management agent configuration variables, see the PATROL KM for Event Management User Guide.



Table 48 PATROL KM for Microsoft Windows OS variables (Part 1 of 23)

Directory path and variable Description Values Default

InactiveonMissingPerfObj specifies whether the KM inactivates itself when a Microsoft performance object is disabled

This configuration variable can also be associated with any other KM.

0, 1 empty (0)

Migrate37 specifies whether the KM migrates the configurations from the registry at every discovery cycle

0, 1 0

/ProcessMonitoring

AlarmThreshold the alarm threshold used when automatic monitoring is enabled

greater than 0 NA

AutoDiscoveryTimeLimit the length of time that a process can exceed the AlarmThreshold before the KM automatically monitors the process

■ integer > = 0■ -1 turns off this

feature

NA

CollectionCount the number of processes that the KM collects performance data for at one time

integer greater than 0

NA

DisablePatrolGroup specifies whether the KM automatically creates instances for the PATROL group

Note: You must also remove the instances from the list of monitored instances using the Configure Manual Process Monitoring => Remove Processes menu command.

■ 0 = instances are created

■ 1 = instances are not created

empty

DisablePatrolRestart specifies whether the PATROL agent restarts if it exceeds the processor% threshold

0, 1 empty

StatusNumberofProcessesToDisplay specifies how many processes the KM displays in the View Process Status dialog box

■ integer > = 0■ All

All

StatusSortKey the column that is used for sorting the View Process Status dialog box

an existing column Pid

StatusSelectedColumns/list comma-separated list of columns the KM displays in the View Process Status dialog box

User%,Memory Usage,VM size,Page Faults/sec,Handles,Threads,Arguments

NA



/ProcessMonitoring/ProcessConfigurationList/instance

EnableAlarmIfProcessDown specifies whether the KM generates an alarm when a process terminates

Yes, No Yes

EnableAlarmIfProcessStarts specifies whether the KM generates an alarm when the process starts

Yes, No No

ProcessName the name of the monitored process process name process name

StartupCommand path to an executable command, including any appropriate command-line arguments that the KM uses to start the process when the process goes down

directory path empty

TimeLimitForKillRunAwayProcess length of time (in minutes) that the process can remain in a run-away state before the KM terminates the process

A run-away process is defined as a process that exceeds the PROCProcessorTimePercent parameter alarm threshold for the length of time specified by this variable.

integer > = 0; a number of minutes

empty

GroupList/list list of the groups to which the process belongs

group names NA

ArgumentList/list list of arguments for the configured process

arguments NA

UserDefinedProcess specifies whether the process is a user-defined process

Yes, No Yes

DisplayName Contains the display name of the process instance

ProcessOwner Contains the user name or regular expression for the acceptable owners

ProcessSettings Contains the comma-separated values of minimum and maximum threshold count for a process instance





UseOwnerFilter Contains a list of two comma-separated properties

The first property indicates whether the process owner filtering is on or off.

Valid values of the this property are:

■ 1: process owner filtering on

■ 0: process owner filtering off

The second property indicates whether to display the annotation for the PROCOwnerCheck parameter.

Valid values are:

■ 0: annotation on

■ 1: annotation off





/ServiceMonitoring

AutoResetServiceConfig enables and disables the automatic resetting of specific service monitoring flags

Valid values are:

■ 0 = disabled■ 1 = enabled

empty

DisableAnnotation specifies whether annotations are enabled or disabled for the NT_SERVICES application parameters

Valid values are:

■ 0 or blank = enabled

■ 1 = disabled

empty

DisableServiceRestart global setting that specifies restart properties for all services.

For more information about using this variable, see “Ensuring that services are restarted as desired” on page 116.

Valid values are:

■ 0 = yes, automatic restart

■ 1 = no automatic restart

0

DisableServiceMonitoring global setting that specifies whether services are monitored

Valid values are:

■ 0 = by default all services are monitored

■ 1 = disables service monitoring

empty

MonitorManualServices specifies whether manual services are monitored

Valid values are:

■ 0 = disabled, manual services are not monitored

■ 1 = enabled, manual services are monitored

empty

removedServiceList contains a list of services that have been removed by the PATROL user

Note: The default value ‘NULL’ indicates that no services are removed.

NULL





UseBackwardCompatibleName enables you to remove the SERVICES prefix from NT_SERVICES instance names

Note: You must enter this variable manually; the KM does not create it.

In version 3.9.00 of PATROL KM for Microsoft Windows OS, the NT_SERVICES instance names were changed; they were prefixed with SERVICES. This naming convention is not fully backward compatible.

Valid values are:

■ 0 or blank = prefix

■ 1 = no prefix

NA





/ServiceMonitoring/ServiceList/service name





Alarm specifies whether to alarm when the service goes down

Valid values are:

■ 0 = no alarm■ 1 = yes, alarm

NA

AutoRestart specifies whether to restart the monitored service

Valid values are:

■ 0 = no restart■ 1 = yes, restart

NA

IgnoreAutoResetConfig specifies whether the global auto reset feature applies to this service

This variable can be set only through PATROL Configuration Manager.

Valid values are:

■ 0 = yes, automatic reset

■ 1 = no automatic reset

0

Monitor specifies whether to monitor the service

By default, only automatic and running manual services are monitored.

Valid values are:

■ 0 = no monitoring

■ 1 = yes, monitor

NA

MonitorProcess specifies whether the process associated with the service is monitored

Valid values are:

■ 0 = no■ 1 = yes

0

MonitorNotRespond specifies whether the KM runs the command specified by the NotRespondCmd variable

■ 0 = no■ 1 = yes

0

NotRespondCmd the path to an executable that the KM runs if the variable MonitorNotRespond has a value of 1

path to an executable

NA

OverrideGlobalServiceRestart specifies whether the AutoRestart variable for the monitored service overrides the global DisableServiceRestart variable

You can set this variable only by using PATROL Configuration Manager.

Valid values are:

■ 0 = do not override

■ 1 = override

NA

OverrideGlobalServiceMonitoring specifies whether the MonitorProcess variable for the monitored service overrides the global DisableServiceMonitoring variable

You can set this variable only by using PATROL Configuration Manager.

Valid values are:

■ 0 = do not override

■ 1 = override

NA




WarningAlarm specifies whether the service triggers a warning instead of an alarm

Valid values are:

■ 0 = alarm■ 1 = warning

0


/EventLogMonitoring





BackupDir specifies the location of the backup directory for the event log

Note: If the directory entered for the backup directory does not exist, the Backup and Clear Eventlog recovery action fails.

directory path

Example: D:\temp

NA

IncludeAll specifies whether all event logs are discovered or only those configured to be monitored

Valid values are:

■ 0 = only configured

■ 1 = all

1

OverrideParameterAutoActivate specifies whether to automatically activate and automatically inactivate event log parameters based on the current configuration

You can also use this variable to inactivate or activate other parameters. For example, you could use the following variable to inactivate the NT_HEALTH parameters:

.../HealthMonitoring/OverrideParameterAutoActivate

Valid values are:

■ 0 = use auto configure

■ 1 = do not use auto configure

0

OverrideParameterFileFreeSpacePctAutoActivate

specifies whether the parameter ELMEvFileFreeSpacePercent automatically activates and inactivates based on the current configuration

This variables applies to all event logs. You can also apply this variable to specific event logs.

Valid values are:



0

UseCheckPoint specifies whether the event log uses a checkpoint value to guarantee that no events are missed if the PATROL Agent is not running or the KM is not loaded for a period of time

This is a global setting that can be overridden by individual event log configurations.

Valid values are:

■ 0 = do not use■ 1 = use

0

MaxResourceIdleRetainPeriod the maximum amount of time, since last accessed, that an event description resource DLL is held in cache

greater than 0 300 seconds

InclusionList/list list of event logs that are monitored list of event logs NA





ExclusionList/list list of event logs that are not monitored

list of event logs NA

DisablePEMInfoEvents specifies whether to disable information events generated by XPC (psx_server.xpc).

Valid values are:

■ 0 = do not disable information events

■ 1 = disable information events

0

TogglePEMOriginData determines whether the event is displayed in the event log name format or the detailed format in PEM (PATROL Event Manager)

Valid values are:

■ 0 = event log name format

■ 1 = detailed format

0

/EventLogMonitoring/event log/

ForwardAllNTEventstoPEM specifies whether all occurring events are sent to PEM (PATROL Event Manager)

Valid values are:

■ 0 = do not send

■ 1 = send

0

ForwardFilteredNTEventstoPEM specifies whether all events that match the configured event filters for the event log are sent to PEM (PATROL Event Manager)

Valid values are:

■ 0 = do not send

■ 1 = send

0

OverrideSummaryAutoCreate specifies whether the default behavior to automatically create the Summary instance is overridden

Valid values are:

■ 0 = do not override (create)

■ 1 = yes, override (do not create)

0

OverrideParameterFileFreeSpacePctAutoActivate

specifies whether the parameter ELMEvFileFreeSpacePercent automatically activates and inactivates based on the current configuration

This variable applies to a specific event log. You can also apply this variable globally to all event logs.

Valid values are:



0





UseCheckPoint specifies whether the event log uses a checkpoint value to guarantee that no events are missed if the PATROL Agent is not running or the KM is not loaded for a period of time

Valid values are:

■ 0 = do not use■ 1 = use

0

CheckPoint the last event log record that was successfully recorded

greater than 0 0

EventFilters/child_list a list that details the defined event filters

list of event filters Summary

/EventLogMonitoring/eventlog/EventFilters/filter

FilterEnabled specifies whether the event filter is enabled

Disabled event filters are not discovered and do not collect events.

Valid values are:

■ 0 = not enabled

■ 1 = enabled

1

CreateInstance specifies whether an application instance is created for the event filter

An application instance is not required to collect data. However, if an instance is not created, the only way to retrieve the data collected by the event filter is too subscribe to the event filter data.

Valid values are:

■ 0 = not created■ 1 = created

1

ParentInstance allows the parent application instance of an event filter to be changed.

If this value is set, the event filter instance is created with the specified parent instance.

path to valid PATROL application instance

NA

AcknowledgeBy specifies how the event filter is acknowledged

If the value of this variable is the name of another event filter, the event filter is automatically acknowledged when the referenced event filter criteria is satisfied.

manual, automatic, or filtername

auto-matic

Annotation specifies whether the parameter data point is annotated with event text

Valid values are:

■ 0 = do not annotate

■ 1 = annotate

0





ConsolidateEventTypes specifies whether event types are consolidated

Valid values are:

■ 0 = do not consolidate

■ 1 = consolidate

0

ConsolidationNumber number of events that occur within a specified time and are reported as one event

integer less than 35791394

1

ConsolidationTime the time period in which events must occur to satisfy the consolidation criteria

integer less than 35791394

0

EventReport specifies whether event descriptions are reported by means of a text parameter

Valid values are:

■ 0 = do not report

■ 1 = report

0

EventType specifies the type of events that are filtered

1 = Error2 = Warning4 = Information8 = AuditSuccess16 = AuditFailure32= OtherType

A valid value is any summation of these types. For example, to monitor both Warning and AuditFailure events, use a value of 18 (2 +16).

1, 2, 4, 8, 16, 32, and the sums of any or all of these numbers

For security event log: 25

All other event logs: 1

FilterDescription text that describes the event filter no restrictions NA





IncludeAllCategories specifies whether all event categories are monitored

If all categories are monitored (1), then the CategoryList variable represents an exclusion list. Otherwise, it represents an inclusion list.

1

CategoryList/list a list of event categories that are included or excluded from monitoring, depending on the value of the variable IncludeAllCategories

list of event categories

NA

IncludeAllEventIds specifies whether all event IDs are monitored

If all event IDs are monitored (1), then the EventIdList variable represents an exclusion list. Otherwise, it represents an inclusion list.

Valid values are:

■ 0 = not monitored

■ 1 = monitored

1

EventIdList/list a list of event categories that are included or excluded from monitoring, depending on the value of the variable IncludeAllEventIds

list of event IDs NA

IncludeAllSources specifies whether all sources are monitored

If all sources are monitored (1), then the SourceList variable represents an exclusion list. Otherwise, it represents an inclusion list.

Valid values are:


■ 1 = monitored

1

SourceList/list a list of sources that are included or excluded from monitoring, depending on the value of the variable IncludeAllSources

list of event sources

NA

IncludeAllStrings specifies whether all text strings are monitored

If all text strings are monitored (1), then the StringList variable represents an exclusion list. Otherwise, it represents an inclusion list.

Valid values are:


■ 1 = monitored

1





StringList/list a list of text strings that are included or excluded from monitoring, depending on the value of the variable IncludeAllStrings

list of text strings NA

IncludeAllUsers specifies whether all users are monitored

If all users are monitored (1), then the UserList variable represents an exclusion list. Otherwise, it represents an inclusion list.

Valid values are:


■ 1 = monitored

1

UserList/list a list of users that are included or excluded from monitoring, depending on the value of the variable IncludeAllUsers

list of text strings NA

RetainEventDescriptions specifies whether event descriptions are stored in the PATROL Agent namespace for retrieval

Valid values are:

■ 0 = do not retain

■ 1= retain

0

Scheduling the type of collection used for collecting event data

Valid values are:

■ 0 = Notification

■ 1 = Polling■ 2 = Both

1

MaxRecords the maximum number of records that are held in psx_server.xpc memory for the filter

greater than 0 3010





SubscriberList/list lists the subscriptions that exist for the parent event log and filter

subscribers empty

DisplayName specifies the label that the KM places under the filter instance

Note: You must manually enter this variable; the KM does not create it.

Setting this variable does not change the instance name/namespace. This variable is read only at initial filter creation or parent instance change.

label for filter NA

FilterDisableCase specifies whether the filter comparisons are made in a case-independent manner

This variable has five bit values, depending upon case sensitivity, one bit corresponding to each of Source, User, Category, String, and Computer name, respectively. If any bit value is 1, a case-independent filter comparison is made for the corresponding field.

Valid values are:

■ 00000 = none checked (default)

■ 11111 = all 5 categories checked

■ a combination of 0s and 1s, depending on which of the 5 categories were checked

0000





/EventLogMonitoring/event log/EventFilters/filterName

ComputerNamesList/list lists the computers that are included for monitoring or the computers that are excluded from monitoring, depending on the value of the IncludeAllCompList variable

list of computers empty

IncludeAllCompList indicates whether all computers are monitored

Valid values are:

■ 0 = none of the computers are monitored by default, and the ComputerNamesList variable is an inclusion list

■ 1 = all of the computers are monitored, and the ComputerNamesList variable is an exclusion list

/EventLogMonitoring/eventlog/Subscribers/subscriber

Enabled specifies whether the subscriber (subscription) is enabled

0, 1 1

Filter specifies the name of the filter that notifies the subscriber when monitored events are detected

filter name empty

Function specifies the function that the Subscriber calls when notified of events

function name empty

Library specifies the location of the library that contains the function that the Subscriber calls

library name empty

/EventLogMonitoring/_TUNING_/





EventForwardingHeartbeat specifies the heartbeat configuration that is passed to the PEM API

number that is calculated using valid values: 5000 <= x <= 1800000

30000

EventForwardingRetries specifies the number of times the KM attempts to send an event


4

EventForwardingTimeout specifies the timeout configuration that is passed to the PEM API


30000

MaxFilterRecords specifies the maximum number of records that the KM holds in XPC (psx_server.xpc) memory for any filter

number > 0 3010

ReportAccountName specifies whether the KM obtains account names from the SID

0, 1 0

/JobObjectMonitoring/

OverrideParameterAutoActivate whether job object parameters are automatically activated or inactivated based on the current configuration

Valid values are:

■ 0 = auto configure

■ 1 = do not auto configure

0

ManualAcknowledge whether the PROCStatus parameter is manually acknowledged

Valid values are:

■ 0 = auto acknowledge

■ 1 = manually acknowledge

0

MonitorProcess whether job object assigned processes are monitored

Valid values are:

■ 0 = do not monitor

■ 1 = monitor

1

IncludeAll whether all job objects are discovered or only the job objects specifically configured to be monitored

Valid values are:

■ 0 = only configured objects

■ 1 = all

1

InclusionList/list the job objects that are monitored list of job objects NA

ExclusionList/list the job objects that are excluded from monitoring

list of job objects NA





CollectionCount number of processes for which performance data is collected at one time

greater than 0 NA

AnnotateProcStatus whether the PROCStatus parameter is annotated

Valid values are:

■ 0 = no■ 1 = yes

1

DestroyAcknowledgeProcess specifies whether to destroy acknowledged process instances

Valid values are:

■ 0 = no■ 1 = yes

1

/ProcessorMonitoring/

AnnotateTopProcs specifies whether the parameter NT_CPU/CPUprcrProcessorTimePercent for the _Total instance is annotated with the top N CPU-consuming processes

Valid values are:

■ 0 = no■ 1 = yes

1

AnnotateProcCount number of top processes to include when annotating the NT_CPU/CPUprcrProcessorTimePercent parameter

integer greater than 0

10

DisableAnnotation specifies whether annotations are enabled or disabled for the NT_CPU (icon labled Processor) application parameters

Valid values are:


■ 1 = disabled

ExclusionList/list the processors that are excluded from monitoring

list of processors NA

IncludeAll specifies whether all processors are monitored (except for the ones specifically excluded)

Valid values are:

■ 0 = no■ 1 = yes

1

InclusionList/list the processors that are monitored

This variable is ignored unless the /ProcessorMonitoring/IncludeAll variable is set to 0.

list of processors NA

CPUprcrStatus the last count of the processors that are monitored

integer 0

/PagefileMonitoring/





IncludeAll whether all network interfaces (less those excluded) are monitored

Valid values are:

■ 0 = no■ 1 = yes

1

InclusionList/list the pagefiles that are monitored

This variable is ignored unless the /PagefileMonitoring/IncludeAll variable is set to 0.

list of pagefiles NA

ExclusionList/list the pagefiles that are excluded from monitoring

list of pagefiles NA

/NetworkInterfaceMonitoring/

IncludeAll whether all network interfaces (less those excluded) are monitored

Valid values are:

■ 0 = no■ 1 = yes

1

InclusionList/list the network interfaces that are monitored

This variable is ignored unless the /NetworkInterfaceMonitoring/IncludeAll variable is set to 0.

list of network interfaces

NA

ExclusionList/list the network interfaces that are excluded from monitoring

list of network interfaces

NA

/PhysicalDiskMonitoring/

InclusionList/list the physical disks that are monitored list of device numbers

NA

ExclusionList/list the physical disks that are excluded from monitoring

list of device numbers

NA

IncludeAll whether all physical disks are discovered

Valid values are:

■ 0 = no■ 1 = yes

1

MaxReloadCounters specifies the maximum number of times that the KM can issue the %RELOAD_COUNTERS command

integer > 0 empty (no limit)

RemovedPDList stores the physical disk instances that have been removed under the NT_PHYSICAL_DISKS_CONTAINER application class

list of deleted instances

NA

/NetworkProtocolMonitoring/

FTP/Active whether the NT_FTP KM is activated Valid values are:

■ 0 = no■ 1 = yes

1





ICMP/Active specifies whether the NT_ICMP KM is activated

Valid values are:

■ 0 = no■ 1 = yes

1

IP/Active specifies whether the NT_IP KM is activated

Valid values are:

■ 0 = no■ 1 = yes

1

IPX/Active specifies whether the NT_IPX KM is activated

Valid values are:

■ 0 = no■ 1 = yes

1

NETBEUI/Active specifies whether the NT_NETBEUI KM is activated

Valid values are:

■ 0 = no■ 1 = yes

1

NETBIOS/Active specifies whether the NT_NETBIOS KM is activated

Valid values are:

■ 0 = no■ 1 = yes

1

TCP/Active specifies whether the NT_TCP KM is activated

Valid values are:

■ 0 = no■ 1 = yes

1

UDP/Active specifies whether the NT_UDP KM is activated

Valid values are:

■ 0 = no■ 1 = yes

1

/LogicalDiskMonitoring/

InclusionList/list the logical disks that are monitored list of logical disks NA





ExclusionList/list the logical disks that are excluded from monitoring

list of logical disks NA

IncludeAll whether all logical disks are discovered

Valid values are:

■ 0 = no■ 1 = yes

1

MaxReloadCounters specifies the maximum number of times that the KM can issue the %RELOAD_COUNTERS command

integer > 0 empty (no limit)

DeletedLDList stores a list of the deleted logical disk instances

list of logical disk instances

NonAggregateParamValue changes the values generated by the following parameters:

■ LDldFreeSpacePercent■ LDldFreeMegabytes■ LDldDiskSpaceUsed

Valid values are:

■ 1 = values shown for a particular drive instance do not consider the mount drives

■ 0 = value shown is an aggregate of a particular drive instance and all of its mount drives

/RegistryMonitoring/

InclusionList/list list of registry keys that are monitored

list of registry keys NA

AnnotateValueChange whether the RegValueChanged parameter is annotated

Valid values are:

■ 0 = no■ 1 = yes

1

/PrinterMonitoring/

DisableAnnotation specifies whether annotations are enabled (0 or blank) or disabled (1) for the NT_PRINTER application parameters

Valid values are:


■ 1 = disabled

NA

InclusionList/list the printers that are monitored list of printers NA

ExclusionList/list the printers that are excluded from monitoring

list of printers NA





IncludeAll whether all printers are discovered Valid values are:

■ 0 = no■ 1 = yes

1

TestConnectivity specifies whether the KM pings the printer to test connectivity

Valid values are:

■ 0 = no■ 1 = yes

0

/HealthMonitoring/

ProcessorContentionThreshold threshold for resource contention 0 to 100 30

MemoryContentionThreshold threshold for memory contention 0 to 100 80

OverrideParameterAutoActivate whether the WMIAvailability parameter is automatically activated or inactivated based on the current configuration on Windows NT 4

Valid values are:



0

OverrideAutoConfigUpdate whether the Win32_WMISetting.HighThresholdOnEvents property is auto-corrected using the HighThresholdOnEvents configuration variable

Valid values are:

■ 0 = auto correct

■ 1 = do not auto correct

0

HighThresholdOnEvents minimum required value for the WIN32_WMISetting

greater than 0 2000000

/BlueScreenKM/

ConfigureOptionUsed allows you to configure the KM by using three options. The KM looks for a crash dump file as well as the event (ID 6008).

Valid values are:

■ 1 = Event (ID 6008) – only monitors the event id, 6008.

■ 2 = Crash Dump – only monitors the crash, Dump.

■ 3 = Default – monitors crash dump or event as per registry configuration.

3






Table 49 lists PATROL KM for Microsoft Windows Domain Services component variable settings.

/AgentSetup/

NT_EVENTLOG.OSdefaultAccount allows you to provide a valid user name and password for the PATROL Agent default account.

The KM functions without specifying the PATROL Agent default account.

Except for the Windows event log KM, the PATROL KM for Microsoft Windows works with a blank user name and password for the PATROL Agent default account.

When you enter a blank user name and password for the PATROL Agent default account, XPC (psx_server.xpc) runs under the local system account. The Windows event log KM requires a valid user name and password to connect to the PATROL Agent using PEMAPI.

Table 49 PATROL KM for Windows Domain Services variables (Part 1 of 3)


/DomainKM/DNS/

IterationCount the number of times to perform a DNS test

text string 10

ResolveTestList comma-separated list of IP addresses to attempt during DNS test

text string NA

ServerIPAddress IP address for DNS Server text string <Local PATROL Agent IP Address>

ServerPortNumber port of DNS Server text string 53

TCPorUDP protocol for DNS Test 1 = TCP0 = UDP

0





/DomainKM/DNS2000/

IterationCount the number of times to perform a DNS test

text string 10

ResolveTestList comma-separated list of IP addresses to attempt during DNS test

text string NA

ServerIPAddress IP address for DNS Server text string <Local PATROL Agent IP Address>

ServerPortNumber port of DNS Server text string 53

TCPorUDP protocol for DNS Test 1 = TCP0 = UDP

0

/DomainKM/DHCP/Events/

SCOPEADD raises a PATROL event when a DHCP Scope is added

0 = no1 = yes

0

SCOPEDEL raises a PATROL event when a DHCP Scope is removed

0 = no1 = yes

0

DHCPBAK raises a PATROL event when the DHCP database is backed up

0 = no1 = yes

0

/DomainKM/Domain/

MBREL raises a PATROL event when a new master browser is elected

0 = no1 = yes

0

MBRADD raises a PATROL event when a member server is added to the domain

0 = no1 = yes

0

MBRDEL raises a PATROL event when a member server is removed from the domain

0 = no1 = yes

0

BDCADD raises a PATROL event when a BDC server is added to the domain

0 = no1 = yes

0

BDCDEL raises a PATROL event when a BDC server is removed from the domain

0 = no1 = yes

0

DHCPADD raises a PATROL event when a DHCP server is added to the domain

0 = no1 = yes

0

DHCPDEL raises a PATROL event when a DHCP server is removed from the domain

0 = no1 = yes

0

WINSADD raises a PATROL event when a WINS server is added to the domain

0 = no1 = yes

0

WINSDEL raises a PATROL event when a WINS server is removed from the domain

0 = no1 = yes

0

/DomainKM/Server/





IdleServerTime the number of minutes a server is inactive before it is considered idle

string 0

/DomainKM/RemoteServer/

ServerExcludeList comma-separated list of domain servers that should not be discovered by NT_REMOTE_SERVERS

string NA

/DomainKM/Shares/

MaxShares the maximum number of shares that can be discovered by NT_SHARES

Note: Increasing this value above 300 may affect PATROL Agent performance.

string 300

ShareExcludeList comma-separated list of shared directories that should not be discovered by NT_SHARES

string NA

/DomainKM/Trust/

TrustExcludeList comma-separated list of trust relationships that should not be discovered by NT_TRUST

string NA

/DomainKM/Users/

MaxUsers maximum number of user accounts that can be discovered by NT_USERS

Note: Increasing this value above 300 may affect PATROL Agent performance.

string 300

UserExcludeList comma-separated list of user accounts that should not be discovered by NT_USERS

string NA





PATROL KM for Microsoft Active Directory

Table 50 provides PATROL KM for Microsoft Windows Active Directory variable settings.

Table 50 PATROL KM for Microsoft Active Directory variables (Part 1 of 5)


/ActiveDirectory/Configuration/

DbRequiredPercent minimum percentage of size for the Active Directory database if the database and log files reside on separate logical drives

This value is used by the AdDiskSpaceAvailable parameter.

number > 0 < 100 (percentage)

20 percent

DbRequiredSpace minimum amount of free space required in kilobytes for the logical drive that holds the database file

number > 0 (kilobytes)

500000 kilobytes

DisableAnnotations enables/disables parameter annotation. By default annotation is enabled. To disable annotation for all PATROL KM for Active Directory parameters, add this variable to pconfig and set the value to 1.

■ 0=annotate■ 1=do not

annotate

0

DisableEventConfig controls the creation of the old format (1.5.x) Active Directory event filters



1

DisableObsoleteEventFilters determines whether the KM deletes the obsolete AD 1.5.x event filters

■ 0 = do not delete

■ 1 = delete

1

DomainNamingMasterConnStatusSched

interval for checking LDAP connectivity to the domain controller that is the FSMO Domain Naming Master

number of hours greater than 0

12 hours

EnableRA determines whether the KM executes the Restart File Replication Service recovery action that is associated with the AdFrsSidResolution parameter

■ 0 = do not execute

■ 1 = execute

0

IncludedCNFObjectTypes determines the Active Directory object types that the KM monitors for replication collisions

text string (object types)

empty



InfrastructureMasterConnStatusSched

interval for checking LDAP connectivity to the domain controller that is the FSMO Infrastructure Master


1 hour

LdapGcConnStatusSched determines the collection schedule for the AdLdGcConnectStatus and AdLdGcResponseTime parameters

number of seconds between collections

3600 seconds (1 hour)

LogRequiredPercent minimum percentage required of the Active Directory size if the database and the log files reside on separate logical drives

This percentage is used by the AdDiskSpaceAvailable parameter

percentage > 0 but < 100

20 percent

LogRequiredSpace minimum amount of space required in kilobytes for the Active Directory log files if the log files and the database reside on the same logical drive

This value is used by the AdDiskSpaceAvailable parameter

number of kilobytes > 0

200000 kilobytes

PDCEmulatorConnStatusSched interval for checking LDAP connectivity to the domain controller that is the FSMO PDC Emulator


1 hour

RelativeIDMasterConnStatusSched interval for checking LDAP connectivity to the domain controller that is the FSMO Relative ID Master


1 hour

ReplMonConfigNC determines whether configuration naming context replication monitoring is enabled


0

ReplMonDomainNC determines whether domain naming context replication monitoring is enabled


1

SchemaMasterConnStatusSched interval for checking LDAP connectivity to the domain controller that is the FSMO Schema Master


12 hours





AlertMSGForRepliCollector enables you to include the AlarmPoint annotation text in the alert message of the AdReplicationCollector parameter

■ 0 = default value

■ 1 = include AlarmPoint annotation text in the alert message

0

/ActiveDirectory/Configuration/fully-qualified-server-name_

PingTimeout provides a way to configure (on a per-server basis) the timeout that is used when a server is pinged for availability - servers that are connected through a slower link may need this value increased

time out in milliseconds

5,000

PingCount provides a way to configure (on a per-server basis) the number of times that a server is pinged to test its availability - servers that are connected through a slower link may need this value increased (a server is considered available if any one ping is successful)

number of pings greater than 0

3

/ActiveDirectory/RpcConnection/

DisableCheckPointOverrides indicates whether the KM overrides the check point enabling for the FRS event log

This value is used by the AdFrsRpcConnectivity parameter.

■ 0 = override■ do not

override

0

MaxWaitTime indicates the maximum amount of time the KM waits in seconds for a 13509 FRS event to occur after a 13508 FRS occurs before considering the 13508 FRS event an issue

This value is used by the AdFrsRpcConnectivity parameter

number > 0 14400 seconds

Do not manually change the values of the following variables. These variables contain state information that is used internally by the product. If you change these variables manually, the product cannot operate correctly.

/ActiveDirectory/AgentSiteInfo





prevDCName contains the last known qualified domain name of the domain controller

Do not manually change the value of this variable.

prevDCSiteName contains the name of the last known site where the domain controller resided


/ActiveDirectory/ReplConfig/replication context replication source/

replication context contains information that specifies a configuration naming context or a domain naming context, for example,/ActiveDirectory/ReplConfig/ConfigNCwaternoose.monsters.inc/firstNonResponse

ConfigNCDomainNC

firstNonResponse contains the UTC time when the KM determined that the replication source was non-responsive


lastChangeTime contains the UTC time when the replication source last updated its replication object


origChangeTime contains the UTC time when the KM determined that the replication source might have failed to replicate


prevObjectVersion contains the last known version of an object; the KM uses this information to determine whether or not a change was replicated


/REMOTE/HOSTS/

hosts Specifies a comma separated list of the remote hosts that have been added for monitoring

/REMOTE/HOSTS/Remote Host/

connectionProtocol Specifies the protocol (HTTP or HTTPS) that is used for remote host connection

Valid values are:■ 1: HTTP■ 2: HTTPS

userAccount Specifies the user account which is used to connect to the remote host

accountProfile Specifies the shared credential, if it has been used for remote host connection

/REMOTE/PROFILE/

profileList Specifies a comma separated list of the profiles (shared credentials)

/REMOTE/PROFILE/Profile Name/






Table 51 provides PATROL KM for Microsoft Cluster Server variable settings.

hostList Specifies a comma separated list of the monitored remote hosts with the respective profile

userAccount Specifies the user name for each profile

Table 51 PATROL KM for Microsoft Cluster Server variables (Part 1 of 5)


/MCS/

AccountInfo stores the Cluster account information

username/encrypted password

NA

ClaInsideCluster indicates whether the cluster level agent can run on a cluster node

0, 1 1

DisableServiceAutoRestart indicates whether the McsService is automatically started and stopped by the KM

0, 1 0

DisableParmOverrides indicates whether the MCS_Clusters parameters, McsGwConAvailable, McsGatewayStatus, and McsServiceStatus, are automatically activated and inactivated by the KM

0, 1 0

PingIpTimeout specifies the amount of time the KM waits before timing out when pinging an IP resource

integer > 0 5000

ServiceCollWaitTime specifies the amount of time in seconds that the McsServiceStatus parameter waits for the McsService to start before generating an alarm

integer > 0 but =< 300

60





applicationClass_AnnotationMode stores the annotation mode setting for the following application classes:

■ MCS_Groups■ MCS_Group_Resources■ MCS_Nodes■ MCS_Performance

The annotation mode is set through the PATROL Admin => Configure Annotation Mode menu command.

On, Off, or Error

NA

clusterInstance_CluDBBackupPath stores backup path for the Cluster database.

The path is not set by default, and therefore the BackupClusterDatabase parameter is offline. The path is set through the Quorum Admin (MCS_Quorum) => Set Backup Path menu command.

directory path NA

clusterInstance_FileShareExclusionList

stores excluded file shares. If a file share has been excluded, then it will not be monitored by the FileShareUnAvailable parameter. Excluded file shares are displayed in the Desktop tree and data is collected from them by the ResourceStatus parameter. You can exclude file shares through the PATROL Admin (MCS_Groups) => Maintain Exclusion List => Exclude File Shares menu command.

list of file shares

NA

clusterInstance_IPExclusionList stores excluded IP addresses

If an IP address has been excluded, then it will not be monitored by the CheckIPResourceColl parameter. Excluded IP addresses are displayed in the Desktop tree and data is collected from them by the ResourceStatus parameter. You can exclude IP addresses through the PATROL Admin (MCS_Groups) => Maintain Exclusion List => Exclude IP Address menu command.

list of IP addresses

NA





clusterInstance_ResourceExclusionList

stores excluded resources. If a resource has been excluded, then the resource is not monitored and an instance is not created. You can exclude resources through the PATROL Admin (MCS_Groups) => Maintain Exclusion List => Exclude Resources menu command.

list of resources NA

clusterInstance_UpTimeBaseLine stores the start date and time for the ClusterAvailability parameter. You can set the start date and time through the PATROL Admin (MCS_Cluster) => Set Available Start Date menu command.

time in seconds NA

clusterName_NetworkNameForFileShares

determine whether a network name has been designated for the file share resources of the cluster. If a name has been entered in the /MCS/clusterName_NetworkNameForFileShares variable, the KM attempts to map the file shares using that network name.

The FileShareUnAvailable parameter has been modified to read this pconfig variable.

You can provide the network name for the file shares through the PATROL Admin (MCS_Group) => Assign Network Name menu command.

Enter the network name in the dialog box. The network name is stored in the variable, /MCS/clusterName_NetworkNameForFileShares.

■ the name of a network

■ null (the KM maps the file share resources to a default network)





DomainInclusionList stores the domain name being monitored.

To monitor an additional domain, you must add a variable to the agent configuration database. Before loading and configuring the KM, verify that the domain with the cluster nodes trusts the domain with the cluster-level agent.

Adding a domain:

1. Create a change file as a plain text file using any text editor with the following content:

Note: wpconfig command options are case sensitive.

PATROL_CONFIG

“/MCS/DomainInclusionList” = { REPLACE = “DomainName” }

2. Execute on the command line:

wpconfig +Reload your-filename

domain name NA

hostName_LogMonKeyAlarm stores keywords that the KM searches for in the cluster log file. If any of the keywords are found, the ClusterLogFileError parameter sends an alarm. Define the keywords through the PATROL Admin (MCS_Nodes) => Maintain Keywords menu command. By default, no keywords are defined, and the parameter is offline.

list of keywords

NA

hostName_LogMonKeyDate stores the date from which the KM searches for defined keywords in the cluster log file. If any of the keywords are found, the ClusterLogFileError parameter sends an alarm or warning. Define the date and keywords through the PATROL Admin (MCS_Nodes) => Maintain Keywords menu command. By default, no date or keywords are defined, and the parameter is offline.

time in seconds NA





hostName_LogMonKeyWarn stores keywords that the KM searches for in the cluster log file. If any of the keywords are found, the ClusterLogFileError parameter sends a warning. Define the keywords through the PATROL Admin (MCS_Nodes) => Maintain Keywords menu command. By default, no keywords are defined, and the parameter is offline.

list of keywords

NA

MenuCmdROMode stores the read-only setting for the Cluster Admin Commands. Change the read-only setting through the PATROL Admin (MCS_Clusters) => Configure Menu Cmd RO Mode menu command. Read-only is disabled by default.

True, Fales NA

MonitoredClusterList stores the clusters you are monitoring. Change the list through the PATROL Admin (MCS_Clusters) => Select Cluster to Monitor menu command.

list of clusters NA

UptimeCollWaitTime specifies in seconds the amount of time that the Uptime Collector spends waiting for the PATROL Uptime resource to send data

number >0 300





PATROL KM for Microsoft Windows Message Queue

Table 52 provides PATROL KM for Microsoft Message Queue variable settings.

Table 52 PATROL KM for Windows Message Queue variables


/MQ_SERVER/

QueueMsgCountThreshold the number of messages currently managed by the MSMQ service

0-999999 450000

QueueMsgSizeThreshold the size, in kilobytes, of all message queues managed by the MSMQ service

0-2000000 1600000

ScheduledServers a text string that specifies the scheduled servers and their respective scheduled interval (in minutes)

Valid time intervals are 0-60 minutes. A value of 0 turns off round-trip scheduling for the specified server.

ServerName1,TimeInterval|ServerName2,TimeInterval2...

NA

/MQ_QUEUES/

JournalMsgCountThreshold the number of messages currently in the queue

0-999999 450000

JournalMsgSizeThreshold the number of kilobytes used by all messages in the queue

0-2000000 1600000

QueueMsgCountThreshold the number of messages in the journal queue

0-999999 450000

QueueMsgSizeThreshold the size in kilobytes of all messages in the journal queue

0-2000000 1600000




Table 53 provides PATROL KM for Microsoft COM+ variable settings.

Table 53 PATROL KM for Windows COM+ variables


/COM_PLUS/Applications/ApplicationName

specifies the monitoring properties for the COM+ application

X:Y:Z: <List>where,

X = 0; Do not monitor.

X = 1; Monitor.

Y = 0; Do not restart if the COM+ application is stopped.

Y= 1; Restart the COM+ application if it is stopped.

Z = The number of times the COM+ application is restarted that causes an alarm. Z is used only if Y =1.

<List> Represents a comma separated list of the methods being monitored for this application in format <MethodName>\<InterfaceName>\<ComponentName>

1:1:5




Table 54 provides the PATROL Wizard for Microsoft Performance Monitor and WMI variable settings.

Table 54 PATROL Wizard for Performance Monitor and WMI variables (Part 1 of 2)


/Perfmon/NT_PERFMON_WIZARD

Name lists the NT_PERFMON_WIZARD application class name

comma separated list

NA

Objects comma-separated list of objects to monitor


NA

/Perfmon/NT_PERFMON_WIZARD/object/

Counters comma-separated list of counters monitored for the object


NA

Instances comma-separated list of instance of the object to monitor


NA

/Perfmon/NT_PERFMON_WIZARD/object/counter

AlarmMax the upper-level alarm threshold for a specific counter instance

any integer NA

AlarmMin the lower-level alarm threshold for a specific counter instance

any integer NA

WarnMax the upper-level warning threshold for a specific counter instance

any integer NA

WarnMin the lower-level warning threshold for a specific counter instance

any integer NA

/Perfmon/NT_WMI/

Parameters comma-separated list of NT_WMI parameters


NA

ConnectAs32Bit allows you to connect a 64-bit Windows environment to a 32-bit WMI provider.

By default, this pconfig variable is not present at the time of installation.

You need to manually add the /Perfmon/NT_WMI/ConnectAs32Bit pconfig variable and set it to a value of 1.

/Perfmon/NT_WMI/name



PATROL for Microsoft Windows Servers

Table 55 provides the PATROL for Microsoft Windows Servers variable settings. These variables are applicable to any KM in the PATROL for Microsoft Windows Servers solution.

Query WQL query used in the created NT_WMI parameter

string NA

AlarmMax the upper-level alarm threshold for a specific NT_WMI parameter

any integer NA

AlarmMin the lower-level alarm threshold for a specific NT_WMI parameter

any integer NA

WarnMax the upper-level warning threshold for a specific NT_WMI parameter

any integer NA

WarnMin the lower-level warning threshold for a specific NT_WMI parameter

any integer NA

Table 55 PATROL for Microsoft Windows Servers variables


/RecoveryActions/application class/instance/parameter/

Description The name of the recovery action. text description NA

HelpID Help topic ID associated with the recovery action. This variable is used internally.

integer NA

Mode The mode under which the recovery action runs:

■ Run automatically (1)■ Run only with operator confirmation

(2)■ Do not execute (3)

For more information about these modes, see “Configuring built-in native recovery actions” on page 130.

1, 2, 3 NA

Suspend whether to temporarily pause the recovery action

0 = no

1 = yes

NA

Wait the amount of time PATROL waits for confirmation to run the recovery action. If you do not provide confirmation within the allotted time, PATROL does not run the recovery action.

number of seconds

NA

Table 54 PATROL Wizard for Performance Monitor and WMI variables (Part 2 of 2)



PATROL for Microsoft Windows Servers rulesets


PATROL for Microsoft Windows Servers provides pre-configured rules that are organized into rulesets for the major Microsoft server roles, such as the file server and print server roles. A rule is an instruction applied to a PATROL Agent that instructs the agent to change a variable in its agent configuration database. A ruleset is a collection of rules, which are stored as text files with .cfg extension.

These PATROL for Microsoft Windows Servers predefined rulesets include the following configuration settings:

■ preloaded KMs■ services whose process monitoring is enabled■ processes that are monitored■ Windows events that are monitored■ additional Windows Performance Monitor counters that are monitored (added as

parameters beneath the NT_PERFMON_WIZARD application class)

PATROL KM for Event Management required

To use the PATROL Configuration Manager to view or manage a PATROL agent configuration or to apply rulesets, the PATROL KM for Event Management must be loaded on the PATROL Agent machine. For more information about loading KMs, see .

Using PATROL Configuration Manager to apply rulesets

Instead of manually configuring the monitoring of each server, you can use the PATROL Configuration Manager to apply these predefined rulesets to a server. If you need to change a ruleset, you can do so on one server, save the ruleset, and then apply the new ruleset to other like servers.

NOTE PATROL automatically monitors services whose startup property is automatic. However, PATROL monitors only whether the service is available. When process monitoring is enabled for the service, PATROL also monitors how much memory and CPU a service executable consumes. In the ruleset descriptions in this chapter, the services whose process monitoring is enabled are noted.



For more information about applying rulesets, see “Using PATROL Configuration Manager” on page 269.

For more information about the PATROL Configuration Manager, see the PATROL Configuration Manager User Guide.

Editing predefined rulesets prior to applying

With the exception of the SMS rulesets, you can apply the predefined rulesets directly to any Windows server. For the SMS rulesets, you must first perform the following minor edits and then apply the rulesets.

To edit SMS rulesets before applying

1 In a text editor, open the files Primary_Site_Role.cfg and Site_Role.cfg.

2 Replace all occurrences of %SITECODE% with the uppercase 3-character SMS site code.

3 Replace all occurrences of %WMIPATH% as follows:

■ For SMS 2.x Servers — cimv2\\sms

■ For SMS 2003 Servers — sms

4 Save the files.

Server roles with predefined rulesets

The PATROL for Microsoft Windows Servers predefined rulesets are installed in the following directory:

%PATROL_HOME%\pconfmgr\rulesets\Shipped\Operating_System_KMs\Windows_KM

Rulesets are provided for the server roles shown in Table 56. Figure 6 on page 260 shows these rulesets as they appear in the PATROL Configuration Manager interface.

Table 56 Server roles (Part 1 of 2)

Role Ruleset file Description

File server ruleset PRU_FileServer.cfg provide and manage access to files

Print server ruleset PRU_PrintServer.cfg provide and manage access to printers

Application server ruleset

PRU_ApplicationServer.cfg provides key infrastructure and services to applications hosted on a system



Mail server ruleset PRU_MailServer.cfg provide e-mail services to users

Terminal server ruleset

PRU_TerminalServer.cfg can provide a single point of installation that gives multiple users access to any computer that is running a Windows Server 2003 operating system

Remote access/VPN server ruleset

PRU_RasVpnServer.cfg provides a full-featured software router and both dial-up and virtual private network (VPN) connectivity for remote computers

DNS server ruleset PRU_DNSServer.cfg enables client computers on your network to register and resolve user-friendly DNS names

Streaming media server ruleset

PRU_MediaServer.cfg provides Windows Media Services to your organization

WINS server ruleset PRU_WINSServer.cfg maps NetBIOS names to IP addresses and centrally manages the name-to-address database

Domain controller ruleset

PRU_DomainServer.cfg stores directory data and manages communication between users and domains, including user logon processes, authentication, and directory searches

SMS — primary site ruleset

Primary_Site_Role.cfg stores SMS data for the primary site and all the sites beneath it in a SQL Server database

SMS — site ruleset Site_Role.cfg attaches to and reports to a primary site

Table 56 Server roles (Part 2 of 2)

Role Ruleset file Description



Figure 6 Shipped rulesets in PATROL Configuration Manager

Ruleset reference

The following section describes the ruleset configuration settings. The rulesets define monitoring that is enabled beyond what is enabled by default in the KM.

The configuration variables (rules) for each type of ruleset are stored in the agent configuration database in the location shown in Table 57. For more information about the specific configuration variables associated with each type of configuration setting, see the page referenced in Table 57.

.

Table 57 Configuration variable locations (Part 1 of 2)

Configuration setting Location of configuration variable(s) (rules) See also

Preloaded KMs \AgentSetup\preloadedKMs NA

Services with process monitoring enabled

\PSX_P4WinSrvs\PWK_PKMforMSWinOS_config\ServiceMonitoring\ServiceList\servicename

page 222



Preloaded KMs for all rulesets

The following KMs are preloaded for all of the rulesets. The ruleset descriptions that follow list any additional KMs that are preloaded for the respective ruleset.

■ NT■ NT_OS■ NT_CACHE■ NT_CPU*■ NT_MEMORY■ NT_PAGEFILE*■ NT_SYSTEM■ NT_LOGICAL_DISK*■ PATROL_NT■ NT_SERVICES*■ NT_PROCESS*■ NT_HEALTH

Application server ruleset

Table 58 shows the application server ruleset properties.

Processes monitored \PSX_P4WinSrvs\PWK_PKMforMSWinOS_config\ProcessMonitoring\ProcessConfigurationList\processname

page 219

Windows events monitored

\PSX_P4WinSrvs\PWK_PKMforMSWinOS_config\EventLogMonitoring\eventlog\EventFilters\filtername

page 226

Additional Windows PerfMon counters or WMI objects monitored

\PerfMon\NT_PERFMON_WIZARD\countername

(The default polling interval for all added PerfMon or WMI parameters is 10 minutes, unless otherwise noted.)

page 255

NOTE An asterisk indicates that all KMs that start with the stem are included. For example, NT_CPU* indicates both NT_CPU and NT_CPU_CONTAINER.

Table 58 Application server ruleset (Part 1 of 2)

Preloaded KMs(PRU_ApplicationServer.kml)

■ COM_*■ NT_EV*■ NT_PERFMON*

Table 57 Configuration variable locations (Part 2 of 2)

Configuration setting Location of configuration variable(s) (rules) See also



Terminal server ruleset

Table 59 shows the terminal server ruleset properties.

Services with Process Monitoring Enabled

■ World Wide Web Publishing Service (process monitoring enabled)■ IIS Admin Service■ Simple Mail Transport Protocol (SMTP) Service■ FTP Publishing Service■ Network News Transfer Protocol (NNTP) Service■ Distributed Transaction Coordinator■ COM+ System Application (process monitoring enabled)■ COM+ Event Service (process monitoring enabled)■ Remote Services (COM and RPC)

Processes Monitored ■ inetinfo.exex

Windows Events Monitored■ Error events from .NET Runtime source (application event log)■ Error and warning events from ASP.NET (application event log)

Additional Perfmon Counters Monitored

■ Active Server Pages — Errors/Sec■ ASP.NET — Requests Rejected■ ASP.NET— Requests Queued■ ASP.NET Application — Errors Unhandled During Execution/Sec■ ASP.NET Application — Errors Total/Sec■ .NET CLR Data — Sqlclient: Total # failed commands■ .NET CLR Exceptions — # of Exceps Thrown/sec■ .NET CLR Jit — Standard Jit Failures■ .NET CLR Loading —Rate of Load Failures■ Web Service — Current Blocked Async I/O Requests■ Web Service — Locked Errors/sec■ Web Service — Not Found Errors/sec

Table 59 Terminal server ruleset

Preloaded KMs(PRU_TerminalServer.kml)

■ NT_EV*■ NT_PERFMON*


■ Terminal Services (process monitoring enabled)■ Terminal Services Session Directory (process monitoring enabled)

Processes Monitored

None

Windows Events Monitored

■ Error and warning events from TermService (system event log)■ Error and warning events from TermServLicensing (system event log)■ Error and warning events from TermServDevices (system event log)


■ Terminal Services —Active Sessions■ Terminal Services — Inactive Sessions■ Terminal Services — Total Sessions■ System — Processes

Table 58 Application server ruleset (Part 2 of 2)



Remote access/VPN server ruleset

Table 60 shows the Remote Access/VPN Server ruleset properties.

Print server ruleset

Table 61 shows the Print Server ruleset properties.

Domain controller ruleset

Table 62 shows the Domain Controller ruleset properties.

Table 60 Remote access / VPN server ruleset

Preloaded KMs(PRU_RasVpnServer.kml)



Remote Access Service (process monitoring enabled)

Processes Monitored None

Windows Events Monitored Error and warning events from Remote Access (system event log)


■ RAS Total —Total Connections■ RAS Total — Total Errors\Sec

Table 61 Print server ruleset

Preloaded KMs(PRU_PrintServer.kml)

■ NT_EV*■ NT_PRINT*


Spooler

Processes Monitored spoolsv.exe

Windows Events Monitored Error and warning events from Print source (system event log)


None

Table 62 Domain controller ruleset (Part 1 of 2)

Preloaded KMs(PRU_DomainServer.kml)

■ NT_EV*■ NT_DOMAIN■ NT_MEMBER_SERVER■ AD_AD*


Windows Time (process monitoring enabled)




File server ruleset

Table 63 shows the File Server ruleset properties.

Mail server ruleset

Table 64 shows the Mail Server ruleset properties.


■ Error and warning events from NT File Replication Service (file replication service event log)

■ Error and warning events from source LSASERV (system event log)■ Error and warning events from source SAM (system event log)■ Error and warning events from source NetLogon (system event log)■ Error and warning events from source Windows Time (system event log)■ Error and warning events from source KDC (system event log)■ Error and warning events from source UserEnv (application event log)■ Error and warning events from DNS API (system event log)


None

Table 63 File server ruleset

Preloaded KMs(PRU_FileServer.kml)

■ NT_DFS*■ NT_EV*■ NT_DOMAIN■ NT_MEMBER_SERVER■ NT_PHYSICAL_DISKS*


■ Netlogon ■ dmserver

Processes Monitored

■ services.exe■ lsass.exe■ svchost.exe (with any argument)


■ Error and Warning events from DfsSvc (system event log)■ Error and Warning events from NtFrs (file replication service

event log)

Additional Perfmon Counters Monitored None

Table 64 Mail server ruleset (Part 1 of 2)

Preloaded KMs(PRU_MailServer.kml)



■ NntpSvc■ Pop3Svc (process monitoring enabled)■ RpcSs (process monitoring enabled)■ SMTPSVC (process monitoring enabled)


Table 62 Domain controller ruleset (Part 2 of 2)



DNS server ruleset

Table 65 shows the DNS Server ruleset properties.

WINS server ruleset

Table 66 shows the WINS Server ruleset properties.

Windows Events Monitored■ Error and warning events from Pop3Svc (application event log)■ Error and warning events from SMTPSvc (system event log)


■ POP3 Service — Messages delivered/sec■ POP3 Service — Sockets in use■ SMTP NTFS Store Driver — Messages in the queue directory■ SMTP Server — Connection Errors/sec■ SMTP Server — Outbound Connections Refused

Table 65 DNS server ruleset

Preloaded KMs(PRU_DNSServer.kml)

■ NT_DNS_2000■ NT_DOMAIN■ NT_MEMBER_SERVER■ NT_EV*■ NT_PERFMON*

Additional Active Parameters

None


None

Processes Monitored dns.exe


■ Error and warning events from source DNS (DNS event log)■ Error and warning events from source DNS API (system event log)■ Error and warning events from source DNS Cache (system event log)


■ DNS — Caching memory■ DNS — Dynamic Update Received/sec■ DNS — Total Query Received/sec ■ DNS — Database Node Memory■ DNS — Dynamic Update Written to Database/sec

Table 66 WINS server ruleset (Part 1 of 2)

Preloaded KMs(PRU_WinsServer.kml)

■ NT_DOMAIN■ NT_MEMBER_SERVER■ NT_EV*■ NT_WINS*

Additional Active Parameters None

Services with Process Monitoring Enabled WINS

Table 64 Mail server ruleset (Part 2 of 2)



DHCP server ruleset

Table 67 shows the DHCP Server ruleset properties.

Streaming media server ruleset

Table 68 shows the streaming media server ruleset properties.


Windows Events Monitored Error and warning events from WINS (system event log)


Table 67 DHCP server ruleset

Preloaded KMs(PRU_DhcpServer.kml)

■ NT_DOMAIN■ NT_MEMBER_SERVER■ NT_EV*■ NT_DHCP*


Services with Process Monitoring Enabled DHCPServer


Windows Events Monitored Error and Warning from DHCPServer (system event log)


Table 68 Streaming media server ruleset

Preloaded KMs(PRU_MediaServer.kml)




WMServer


Windows Events Monitored Error and Warning from WMServer (Application Event log)


■ Windows Media Services — Current Streaming Players■ Windows Media Service — Current Connected Players■ Windows Media Services — Current Connection Queue Length■ Windows Media Services — Current Stream Error Rate

The default polling time for each of these parameters is 5 minutes.

Table 66 WINS server ruleset (Part 2 of 2)



SMS — primary site ruleset

Table 69 on page 267 shows the SMS primary site ruleset properties. These rulesets apply to SMS 2.0 and SMS 2003 Primary Servers. Before applying this default ruleset to an agent , you must edit the rulesets. For more information, see “To edit SMS rulesets before applying” on page 258.

Table 69 SMS primary site ruleset (Part 1 of 2)

Preloaded KMsNT_EV*NT_PERFMON*



MSSQLSERVERSMS ExecutiveSMS Site BackupSMS Site Component ManagerSMS SQL Monitor

Processes Monitored

sitecomp.exe (with any argument)smsdbmon.exe (with any argument)smsexec.exe (with any argument)sqlservr.exe (with any argument)

Windows Events MonitoredError, warning, and information events from source SMS (application event log)



SMS — site ruleset

Table 70 shows the SMS site ruleset properties. These rulesets apply to SMS 2.0 and SMS 2003 Site Servers. Before applying this default ruleset to an agent, you must edit the rulesets. For more information, see “To edit SMS rulesets before applying” on page 258.


■ SMS Discovery Data Manager —Total DDRs Enqueued■ SMS Discovery Data Manager —Total DDRs Processed■ SMS Discovery Data Manager —DDRs Processed/minute■ SMS In-Memory Queues — Total Objects Dequeued■ SMS In-Memory Queues — Total Objects Enqueued■ SMS Inventory Data Loader — Total MIFs Enqueued■ SMS Inventory Data Loadaer — Total MIFs Processed■ SMS Inventory Data Loader — MIFs Processed/minute■ SMS Software Inventory Processor — Total SINVs Enqueued■ SMS Software Inventory Processor — Total SINVs Processed■ SMS Software Inventory Processor — SINVs Processed/minute■ SMS Standard Sender — Average Bytes/sec■ SMS Standard Sender — Sending Thread Count■ SMS Standard Sender —Total Bytes Attempted■ SMS Status Messages — Written to SMS Database■ SMS Status Messages — Reported to Application Event Log■ SMS Status Messages — Replicated at Normal Priority■ SMS Status Messages — Replicated at Low Priority■ SMS Status Messages — Replicated at High Priority■ SMS Status Messages — Received■ SMS Status Messages — Processed/sec■ SMS Status Messages — Corrupt


Additional WMI Objects Monitored

■ SMS Advertisements Failed■ SMS Advertisements Total■ SMS Errors■ SMS Informationals■ SMS Machines Total■ SMS Packages Failed■ SMS Programs Failed■ SMS Warnings

Table 70 SMS site ruleset (Part 1 of 2)

Preloaded KMsNT_EV*NT_PERFMON*



SMS ExecutiveSMS Site BackupSMS Site Component Manager

Table 69 SMS primary site ruleset (Part 2 of 2)


Using PATROL Configuration Manager

Using PATROL Configuration ManagerThis section describes how to use the PATROL Configuration Manager (PCM) to manage PATROL for Microsoft Windows Servers KM configuration settings.

Using PCM to apply configurations changes to other agents

BMC Software recommends that you configure multiple agents using the following method:

1. Using a PATROL console, configure monitoring on one agent.

2. Use the PATROL Configuration Manager to copy the agent configuration to the other similar agents, using the procedure described below.

Processes Monitoredsitecomp.exe (with any argument)smsexec.exe (with any argument)

Windows Events MonitoredError, warning, and information events from source SMS (application event log)


■ SMS Discovery Data Manager —Total DDRs Enqueued■ SMS Discovery Data Manager —Total DDRs Processed■ SMS Discovery Data Manager —DDRs Processed/minute■ SMS In-Memory Queues — Total Objects Dequeued■ SMS In-Memory Queues — Total Objects Enqueued■ SMS Standard Sender — Average Bytes/sec■ SMS Standard Sender — Sending Thread Count■ SMS Standard Sender —Total Bytes Attempted■ SMS Status Messages — Written to SMS Database■ SMS Status Messages — Reported to Application Event Log■ SMS Status Messages — Replicated at Normal Priority■ SMS Status Messages — Replicated at Low Priority■ SMS Status Messages — Replicated at High Priority■ SMS Status Messages — Received■ SMS Status Messages — Processed/sec■ SMS Status Messages — Corrupt


NOTE To use the PATROL Configuration Manager to view or manage a PATROL agent configuration, the PATROL KM for Event Management must be loaded on the PATROL Agent machine. For more information about loading KMs, see “Loading the PATROL for Microsoft Windows Servers KMs” on page 91.

Table 70 SMS site ruleset (Part 2 of 2)



To copy configuration changes using PCM

1 Using the PATROL Configuration Manager, perform a get on the PATROL Agent.

2 Configure the PATROL Agent as desired.

3 Using the PATROL Configuration Manager, perform a get to obtain the new PATROL Agent configuration.

4 In PATROL Configuration Manager, compare the last 2 configurations.

5 Save the differences between the 2 agent configuration as a new rule set.

6 Apply this rule set to the other PATROL Agents.

For more detailed information about using the PATROL Configuration Manager, see the PATROL Configuration Manager User Guide or the PATROL KM for Event Management User Guide.

Manually creating or changing configuration variables

Although not recommended, you can also use the PATROL Configuration Manager, instead of the PATROL console, to directly update the agent configuration database by manually entering rules or changing existing rules. However, you must be careful to avoid typos and you must use the following syntax guidelines. For more information, see the examples in the following sections, which show how to manually configure several PATROL KM for Microsoft Windows OS features.

WARNING When creating rules manually within PATROL Configuration Manager, you must follow the syntax guidelines discussed here and avoid typos. Failure to do so could result in unpredictable behavior.



Syntax guidelines

When manually creating rules, you must substitute special codes for certain characters when those characters are part of a configuration variable name or value. These characters are used for specific purposes within pconfig. For example, the comma is used to separate values. For more information, see Table 71.

Using the child_list variable

When manually creating rules, you may need to include the child_list variable. The child_list variable specifies the configuration variables that apply to the configured object. In the pconfig hierarchy, the child_list variable is placed one level higher up than the configuration variables that it references. For example, as shown in Figure 7, the child_list variable in the Example folder lists the configuration variables beneath it in the hierarchy. Thus, in Figure 7, the child_list variable has the following value:

child_list = “SourceList,EventIdList,UserList,StringList”

If you are unsure how or when to use the child_list variable, use a PATROL console to configure monitoring and then examine the child_list rules that are created.

Table 71 Special characters required for pconfig variables

Character Replace with Example

comma (,) (CO) If the value of a variable is 142,156 you must express the value as 142(CO)156. Otherwise, the value is interpreted as two separate values, 142 and 156.

slash (/) (SL) If part of a configuration variable name includes the text server1/outlook, where server1/outlook is the actual name of an object, you must replace server1/outlook with server1(SL)outlook.

equal sign (=) (EQ) If part of a configuration variable name includes the text hostname=test, where hostname=test is the actual name of an object, you must replace hostname=test with hostname(EQ)test.

double quote (““)

(QU) If part of a configuration variable name includes the text example””text, you must replace example””text with example(QU)text.



Figure 7 Using the child_list and variable_list variables

Using the variable_list variable

When manually creating rules, you may also need to include the variable_list variable. The variable_list variable lists the variables that are associated with the configured object. In the pconfig hierarchy, the variable_list variable is placed at the same level as the variables that is references. For example, in Figure 7, the variable_list variable has the following value:

variable_list = “FilterEnabled,FilterDescription,EventType,Annotation,EventReport, RetainEventDescriptions,Scheduling,AcknowledgeBy,ConsolidationNumber,ConsolidationTime,ConsolidateEventTypes,IncludeAllSources,IncludeAllEventIds,IncludeAllUsers,IncludeAllCategories,IncludeAllStrings,CreateInstance”

If you are unsure how or when to use the variable_list variable, use a PATROL console to configure monitoring and then examine the variable_list rules that are created.

Adding a rule in PCM

When manually adding rules within PATROL Configuration Manager, follow this general procedure.



1 Right-click the folder where you want to add the rule and select New => Ruleset.

A new ruleset is created called NewRuleSet.

2 Rename the ruleset.

3 Right-click the new ruleset and select New Rule.

4 From the Ruleset dialog, enter the ruleset, operation, and variable. For more information about what to enter, see the examples that follow.

Adding a service to monitor: example

Assume that you want to set up the following service monitoring configuration:

■ monitor the DHCP Client service ■ restart the start the service when it stops■ generate a PATROL Warning when the service is stopped■ enable the monitoring of the process associated with this service

To manually create this configuration, you would create the rules shown in Table 72. For more information about the configuration variable specified in these rules, see “PATROL for Windows Servers configuration variables” on page 218.

Adding a processes to monitor: example

Assume that you want to set up the following process monitoring configuration:

■ monitor rtserver process with argument -service

■ terminate the process when the process CPU% exceeds a threshold value (defined by the AlarmThreshold variable) for 15 minutes

Table 72 Example: adding a service to monitor

Rule Operation Value

/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/ProcessMonitoring/ParentDefinedProcessList/child_list

Replace empty

/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/ProcessMonitoring/child_list

Replace ProcessConfigurationList

/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/ServiceMonitoring/ServiceList/Dhcp/Alarm

Replace Enabled

/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/ServiceMonitoring/ServiceList/Dhcp/Monitor

Replace 0

/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/ServiceMonitoring/ServiceList/Dhcp/variable_list

Replace Alarm,AutoRestart,Monitor



■ generate a PATROL alarm when the process is not running

■ do not generate a PATROL alarm when the process is running

To manually create this configuration, you would create the rules shown in Table 73. For more information about the configuration variable specified in these rules, see “PATROL for Windows Servers configuration variables” on page 218

Table 73 Example: adding a process to monitor


/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/ProcessMonitoring/ProcessConfigurationList/RTSERVER_SERVICE/ArgumentList/list

Replace -service

/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/ProcessMonitoring/ProcessConfigurationList/RTSERVER_SERVICE/ArgumentList/variable_list

Replace list

/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/ProcessMonitoring/ProcessConfigurationList/RTSERVER_SERVICE/ProcessName

Replace rtserver

/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/ProcessMonitoring/ProcessConfigurationList/RTSERVER_SERVICE/child_list

Replace ArgumentList

/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/ProcessMonitoring/ProcessConfigurationList/RTSERVER_SERVICE/variable_list

Replace ProcessName,TimeLimitForKillRunAwayProcess,EnableAlarmIfProcessDown,EnableAlarmIfProcessStarts

/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/ProcessMonitoring/ProcessConfigurationList/child_list

Replace RTSERVER_SERVICE

/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/ProcessMonitoring/ProcessConfigurationList/RTSERVER_SERVICE/EnableAlarmIfProcessDown

Replace 1

/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/ProcessMonitoring/ProcessConfigurationList/RTSERVER_SERVICE/EnableAlarmIfProcessStarts

Replace 0

/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/ProcessMonitoring/ProcessConfigurationList/RTSERVER_SERVICE/TimeLimitForKillRunAwayProcess

Replace 15



Creating an event filter: example

Assume that you want to set up the following event monitoring filter:

■ create an event filter named Example with the description Event Filter Example

■ monitor only Warning and Error event types; do not consolidate event types when reporting. Report Warning and Error events separately.

■ monitor events from application sources PerfDisk and PerfProc

■ monitor event IDs 100 through 154

■ monitor events generated under the username of bhunter

■ monitor events that have the test string missing in the event text

■ monitor events in any event category

■ choose the option to write event details to a text parameter

■ choose the option to report multiple events as one event when 5 or more events occur within 30 seconds

■ choose the option to notify PATROL immediately when an event filter matches the filter criteria

■ when in alarm, remain in alarm until acknowledged by an operator



To manually create this configuration, you would create the rules shown in Table 74. For more information about the configuration variable specified in these rules, see “PATROL for Windows Servers configuration variables” on page 218.

Table 74 Example: adding an event filter to monitor (Part 1 of 2)


/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonitoring/Application/EventFilters/Example/AcknowledgeBy

Replace Manual

/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonitoring/Application/EventFilters/Example/Annotation

Replace 0

/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonitoring/Application/EventFilters/Example/ConsolidateEventTypes

Replace 0

/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonitoring/Application/EventFilters/Example/ConsolidationNumber

Replace 5

/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonitoring/Application/EventFilters/Example/ConsolidationTime

Replace 30

/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonitoring/Application/EventFilters/Example/CreateInstance

Replace 1

/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonitoring/Application/EventFilters/Example/EventIdList/list

Replace 100-154

/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonitoring/Application/EventFilters/Example/EventIdList/variable_list

Replace list

/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonitoring/Application/EventFilters/Example/EventReport

Replace 1

/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonitoring/Application/EventFilters/Example/EventType

Replace 3

/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonitoring/Application/EventFilters/Example/FilterDescription

Replace EventFilterExample

/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonitoring/Application/EventFilters/Example/FilterEnabled

Replace 1

/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonitoring/Application/EventFilters/Example/IncludeAllCategories

Replace 1

/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonitoring/Application/EventFilters/Example/IncludeAllEventIds

Replace 0

/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonitoring/Application/EventFilters/Example/IncludeAllSources

Replace 1

/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonitoring/Application/EventFilters/Example/IncludeAllStrings

Replace 0

/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonitoring/Application/EventFilters/Example/IncludeAllUsers

Replace 0

/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonitoring/Application/EventFilters/Example/RetainEventDescriptions

Replace 0

/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonitoring/Application/EventFilters/Example/Scheduling

Replace 0

/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonitoring/Application/EventFilters/Example/SourceList/variable_list

Replace list



Updating parameter thresholds or poll times: example

Assume that you want to change the alarm thresholds for any instance of the parameter NT_CPU/CPUprcrProcessorTimePercent to the following values:

■ Alarm Range 1: 80—85

■ Alarm Range 2: 85—100

To manually create this configuration, you would create the rules shown in Table 75.

/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonitoring/Application/EventFilters/Example/StringList/list

Replace missing

/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonitoring/Application/EventFilters/Example/StringList/variable_list

Replace list

/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonitoring/Application/EventFilters/Example/UserList/list

Replace bhunter

/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonitoring/Application/EventFilters/Example/UserList/variable_list

Replace list

/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonitoring/Application/EventFilters/Example/child_list

Replace SourceList,EventIdList,UserList,StringList

/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonitoring/Application/EventFilters/Example/variable_list

Replace FilterEnabled,FilterDescription,EventType,Annotation,EventReport,RetainEventDescriptions,Scheduling,AcknowledgeBy,ConsolidationNumber,ConsolidationTime,ConsolidateEventTypes,IncludeAllSources,IncludeAllEventIds,IncludeAllUsers,IncludeAllCategories,IncludeAllStrings,CreateInstance

/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonitoring/Application/EventFilters/child_list

Replace Example

NOTE When you change parameter thresholds through the PATROL Configuration Manager or through PATROL KM for Event Management, the changes are stored externally in the pconfig database, not in the KM. To change parameter thresholds or poll times in this manner, you must have the PATROL KM for Event Management loaded on the PATROL Agent. For more information about loading KMs, see “Loading the PATROL for Microsoft Windows Servers KMs” on page 91.

Table 74 Example: adding an event filter to monitor (Part 2 of 2)




For more information about the this rule, see the detailed description in Table 76.

The following table provides a detailed description of the THRESHOLDS configuration rule.

Table 75 Example: changing parameter thresholds


/AS/EVENTSPRING/PARAM_SETTINGS/THRESHOLDS/NT_CPU/__ANYINST__/CPUprcrProcessorTimePercent

Replace 1,0 0 0 0 0 0,1 80 85 0 0 1,1 85 100 0 0 2

Table 76 Understanding the THRESHOLDS rule (Part 1 of 2)

Item Description

/AS/EVENTSPRING variable folder

/PARAM_SETTINGS variable folder

/THRESHOLDS variable folder

/NT_CPU application class

/__ANYINST__ a variable that indicates any instance of the application class. You could also specify a specific instance instead.

CPUprcrProcessorTimePercent

parameter name

1 indicates that the parameter is active

Border settings

0 indicates that the border range is inactive

0 the border begin range

0 the border end range

0 specifies when to trigger alarm; 0 means immediately on the first occurrence

0 if the trigger value is non zero, this value specifies the number of occurrences before triggering an alarm

0 specifies that the state is OK

Alarm1 settings

1 indicates that the Alarm 1 alarm is active

80 the Alarm 1 begin range

85 the Alarm 1 end range



1 specifies that the state is WARN

Alarm 2 settings

1 indicates that the Alarm 2 alarm is active

85 the Alarm 2 begin range



Inactivating or deactivating a parameter: example

Assume that you want to deactivate any instance of the parameter NT_LOGICAL_DISKS/LDldFreeSpacePercent. To manually create this configuration, you would create the rules shown in Table 77.

100 the Alarm 2 end range



2 specifies that the state is ALARM

Table 77 Example: Inactivating or deactivating a parameter


/AS/EVENTSPRING/PARAM_SETTINGS/THRESHOLDS/NT_LOGICAL_DISKS/__ANYINST__/LDldFreeSpacePercent

Replace 0,1 0 100 0 0 2,1 0 5 0 0 2,1 5 10 0 0 1

Table 76 Understanding the THRESHOLDS rule (Part 2 of 2)

Item Description


A p p e n d i x C
C PATROL for Windows .kml files
This section contains a list of the KM files that are included in each of the PATROL for Windows Servers .kml files.

PATROL for Microsoft Windows Servers .kml files . . . . . . . . . . . . . . . . . . . . . . . . . . . 282PATROL KM for Microsoft Windows OS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282PATROL KM for Microsoft Windows Active Directory . . . . . . . . . . . . . . . . . . . . 285PATROL KM for Microsoft Windows Active Directory Remote Monitoring . . 286PATROL KM for Microsoft Windows Domain Services . . . . . . . . . . . . . . . . . . . . 286PATROL KM for Microsoft Cluster Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287PATROL KM for Microsoft COM+. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287PATROL KM for Microsoft Message Queue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288PATROL Wizard for Microsoft Performance Monitor and WMI. . . . . . . . . . . . . 288PATROL KM for Log Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289PATROL History Loader KM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289PATROL KM for Event Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289PATROL for Microsoft Windows Servers rulesets. . . . . . . . . . . . . . . . . . . . . . . . . 290


PATROL for Microsoft Windows Servers .kml files


PATROL for Windows Servers uses several .kml files, which load specific application classes. For detailed instructions, see “Loading the PATROL for Microsoft Windows Servers KMs” on page 91.


The PATROL KM for Microsoft Windows OS uses the following .kml files to load the application classes provide in the KM:

■ NT_LOAD.kml■ NT_BASE.kml■ NT_HYPER-V.kml

NT_LOAD.kml

The PATROL KM for Microsoft Windows OS uses the NT_LOAD.kml file, which loads the application classes shown in Table 78.

Table 78 PATROL KM for Microsoft Windows OS NT_LOAD.kml file (Part 1 of 2)

Component and .kml Application classes

PATROL KM for Microsoft Windows OS NT_LOAD.kml

Note: NT_LOAD.kml includes NT_BASE.kml

NT_BASE.kml (see Table 79 on page 284)NT_BSKNT_CompositesNT_CompositesCollNT_EVENTLOGNT_EVINSTSNT_EVLOGFILESNT_FTPNT_FTP_CONTAINER



NT_ICMPNT_IPNT_IPXNT_IPX_CONTAINERNT_JOBSNT_JOBS_CONTAINERNT_JOBS_PROCESS_GROUPNT_JOBS_PROCESSNT_NETBEUINT_NETBEUI_CONTAINERNT_NETBIOSNT_NETBIOS_CONTAINERNT_NET_PROTOCOLSNT_NETWORKNT_NETWORK_CONTAINERNT_PHYSICAL_DISKS_CONTAINERNT_PHYSICAL_DISKSNT_PRINTERNT_PRINTER_CONTAINERNT_PRINTERJOBNT_PRINTERJOBSNT_PROCESS_CONTAINERNT_PROCESS_GROUPNT_PROCESSNT_REGISTRYNT_REGISTRY_KEYINSTNT_SECURITYNT_SERVERNT_SERVICESNT_SERVICES_CONTAINERNT_TCPNT_UDP

Table 78 PATROL KM for Microsoft Windows OS NT_LOAD.kml file (Part 2 of 2)




NT_BASE.kml

The NT_LOAD.kml file includes the NT_BASE.kml file, which loads the application classes shown in Table 79.

NT_HYPER-V.kml

The PATROL KM for Microsoft Windows OS uses the NT_HYPER-V.kml file, which loads the application classes shown in Table 80.

Table 79 PATROL KM for Microsoft Windows OS NT_BASE.kml file


PATROL KM for Microsoft Windows OS NT_BASE.kml NTNT_OSNT_CACHENT_CPUNT_CPU_CONTAINERNT_HEALTHNT_LOGICAL_DISKSNT_LOGICAL_DISKS_CONTAINERNT_MEMORYNT_NTFS_MOUNTNT_NTFS_MOUNT_CONTAINERNT_NTFS_QUOTANT_NTFS_QUOTA_CONTAINERNT_PAGEFILENT_PAGEFILE_CONTAINERNT_SYSTEMPATROL_NT

NOTE Ensure that the Hyper-V server role is installed on the computer.




The PATROL KM for Microsoft Windows Active Directory uses the MWD_ACTIVE_Directory_MN.kml file, which loads the application classes shown in Table 81.

Table 80 PATROL KM for Microsoft Windows OS NT_HYPER-V.kml file


PATROL KM for Microsoft Windows OS NT_HYPER-V.kml

NT_HYPER-VNT_HYPERV_HYPERVISORNT_HYPERV_LOGICAL_PROCESSOR_CONTNT_HYPERV_LOGICAL_PROCESSORNT_HYPERV_PARTITION_CONTNT_HYPERV_PARTITIONNT_HYPERV_PART_VIRTUAL_PRCR_CONTNT_HYPERV_PART_VIRTUAL_PRCRNT_HYPERV_PARTITION_VHD_CONTNT_HYPERV_PARTITION_VHD

Table 81 PATROL KM for Microsoft Windows Active Directory .kml file


MWD_ACTIVE_Directory_MN.kml AD_AD_SERVER.kmAD_AD_ADDRESS_BOOK.kmAD_AD_AUTHENTICATION.kmAD_AD_CNF.kmAD_AD_CNF_CONT.kmAD_AD_COLLECTOR.kmAD_AD_DNS.kmAD_AD_FRS.kmAD_AD_FSMO_ROLE_CONECTIVITY.kmAD_AD_FSMO_ROLE_CONECTIVITY_CONT.kmAD_AD_FSMO_ROLE_PLACEMENT.kmAD_AD_GPO.kmAD_AD_LDAP.kmAD_AD_LOST_FOUND_OBJECTS.kmAD_AD_REPLICATION.kmAD_AD_SAM.km




The PATROL KM for Microsoft Windows Active Directory Remote Monitoring uses the REM_ACTIVE_DIRECTORY.kml file, which loads the application classes shown in Table 82.


The PATROL KM for Microsoft Windows Domain Services uses the NTD.kml file, which loads the application classes shown in Table 83.

Table 82 PATROL KM for Microsoft Windows Active Directory Remote Monitoring .kml file


REM_ACTIVE_DIRECTORY.kml AD_RMT_SERVER_CONT.kmAD_RMT_FSMO_ROLE_CONNECTIVITY_CONT.kmAD_RMT_FSMO_ROLE_CONNECTIVITY.kmAD_RMT_DOMAINSITE.kmAD_RMT_DOMAINCONTROLER.km

Table 83 PATROL KM for Microsoft Windows Domain Services .kml file


PATROL KM for Microsoft Windows Domain Services (uses NTD.kml)

NT_DOMAINNT_MEMBER_SERVERNT_DFS_LINKNT_DFS_LINK_REPLICANT_DFS_ROOTNT_DFS_ROOT_REPLICANT_DHCPNT_DHCP_SCOPENT_DNSNT_DNS_2000NT_RASNT_RAS_DEVICENT_REMOTE_SERVERSNT_REPLICATIONNT_REPL_DIRNT_REPL_SVRNT_SHARESNT_TRUSTNT_USERSNT_USER_ACCOUNTSNT_WINSNT_WINS_PARTNER




PATROL KM for Microsoft Cluster Server uses the MCS_Load.kml file, which loads the application classes shown in Table 84.


PATROL KM for Microsoft COM+ uses the COM.kml file, which loads the application classes shown in Table 85.

Table 84 PATROL KM for Microsoft Cluster Server .kml file



(uses MCS_Load.kml)

MCS_ClustersMCS_ClusterMCS_CollectorsMCS_GroupsMCS_GroupMCS_Group_ResourcesMCS_NetworksMCS_Network_InterfacesMCS_NodesMCS_QuorumMCS_PerformanceMCS_Shares

Table 85 PATROL KM for Microsoft COM+ .kml file



(uses COM.kml)

COM_PLUSCOM_APPLICATIONCOM_APPLICATIONCCOM_DTCCOM_APP_COMPONENTCOM_APP_INTERFACECOM_APP_METHOD




The PATROL KM for Microsoft Message Queue uses the MSMQ.kml file, which loads the application classes shown in Table 86.


The PATROL Wizard for Microsoft Performance Monitor and WMI uses the NT_PERFMON_WIZARD.kml file, which loads the application classes shown in Table 87.

Table 86 PATROL KM for Microsoft Message Queue .kml file



(uses MSMQ.kml)

MQ_CONTAINERMQ_SERVERMQ_QUEUESMQ_QUEUESCMQ_ISMQ_ROUNDTRIPMQ_SESSIONSCMQ_SESSIONS

Table 87 PATROL Wizard for Microsoft Performance Monitor and WMI .kml file



(NT_PERFMON_WIZARD.kml)

NT_PERFMON_WIZARD (Performance Counter Wizard)NT_PERFMON_OBJECTNT_PERFMON_INSTANCENT_PERFMON_COUNTERNT_WMI (WMI Wizard)NT_WMI_PARAMETER



PATROL KM for Log Management

The PATROL KM for Log Management uses the LOG.kml file, which loads the application classes shown in Table 88.


The PATROL History Loader KM uses the HISTORY.kml file, which loads the application classes shown in Table 89.


The PATROL KM for Event Management uses the AS_EVENTSPRING.kml file, which loads the application classes in Table 90.

Table 88 PATROL KM for Log Management .kml file


PATROL KM for Log Management LOGT.kmLOGMON.kmLOGTEMP.kmPMGCONVERT.kmPMGDEBUG.km

Table 89 PATROL History Loader KM .kml file



(HISTORY.kml)

HISTORY_ComputerHISTORY_PropagatorMSSQLSERVER_History_LoaderORACLE_History_LoaderSYBASE_History_LoaderDB2UDB_History_Loader

Table 90 PATROL KM for Event Management .kml files



(AS_EVENTSPRING.kml)

EVENT_MANAGEMENTAS_AVAILABILITYAS_EVENTSPRING_ALL_COMPUTERS




The server role rulesets provided with PATROL for Microsoft Windows Servers use the .kml files shown in Table 91 on page 290 to specify which KMs are preloaded. For more information about the rulesets, see “PATROL for Microsoft Windows Servers rulesets” on page 257.

NOTE An asterisk indicates that all KMs that start with the stem are included. For example, NT_CPU* indicates both NT_CPU and NT_CPU_CONTAINER.

Table 91 PATROL for Windows Ruleset .kml files (Part 1 of 4)

.kml Application classes

PRU_ApplicationServer.kml ■ NT■ NT_OS■ NT_CACHE■ NT_CPU*■ NT_MEMORY■ NT_PAGEFILE*■ NT_SYSTEM■ NT_LOGICAL_DISK*■ PATROL_NT■ NT_SERVICES*■ NT_PROCESS*■ NT_HEALTH■ COM_*■ NT_EV*■ NT_PERFMON*

PRU_TerminalServer.kml ■ NT■ NT_OS■ NT_CACHE■ NT_CPU*■ NT_MEMORY■ NT_PAGEFILE*■ NT_SYSTEM■ NT_LOGICAL_DISK*■ PATROL_NT■ NT_SERVICES*■ NT_PROCESS*■ NT_HEALTH■ NT_EV*■ NT_PERFMON*



PRU_RasVpnServer.kml ■ NT■ NT_OS■ NT_CACHE■ NT_CPU*■ NT_MEMORY■ NT_PAGEFILE*■ NT_SYSTEM■ NT_LOGICAL_DISK*■ PATROL_NT■ NT_SERVICES*■ NT_PROCESS*■ NT_HEALTH■ NT_EV*■ NT_PERFMON*

PRU_PrintServer.kml ■ NT■ NT_OS■ NT_CACHE■ NT_CPU*■ NT_MEMORY■ NT_PAGEFILE*■ NT_SYSTEM■ NT_LOGICAL_DISK*■ PATROL_NT■ NT_SERVICES*■ NT_PROCESS*■ NT_HEALTH■ NT_EV*■ NT_PRINT*

PRU_DomainServer.kml ■ NT■ NT_OS■ NT_CACHE■ NT_CPU*■ NT_MEMORY■ NT_PAGEFILE*■ NT_SYSTEM■ NT_LOGICAL_DISK*■ PATROL_NT■ NT_SERVICES*■ NT_PROCESS*■ NT_HEALTH■ NT_EV*■ NT_DOMAIN■ NT_MEMBER_SERVER■ AD_AD*





PRU_FileServer.kml ■ NT■ NT_OS■ NT_CACHE■ NT_CPU*■ NT_MEMORY■ NT_PAGEFILE*■ NT_SYSTEM■ NT_LOGICAL_DISK*■ PATROL_NT■ NT_SERVICES*■ NT_PROCESS*■ NT_HEALTH■ NT_DFS*■ NT_EV*■ NT_DOMAIN■ NT_MEMBER_SERVER■ NT_PHYSICAL_DISKS*

PRU_MailServer.kml ■ NT■ NT_OS■ NT_CACHE■ NT_CPU*■ NT_MEMORY■ NT_PAGEFILE*■ NT_SYSTEM■ NT_LOGICAL_DISK*■ PATROL_NT■ NT_SERVICES*■ NT_PROCESS*■ NT_HEALTH■ NT_EV*■ NT_PERFMON*■

PRU_DNSServer.kml ■ NT■ NT_OS■ NT_CACHE■ NT_CPU*■ NT_MEMORY■ NT_PAGEFILE*■ NT_SYSTEM■ NT_LOGICAL_DISK*■ PATROL_NT■ NT_SERVICES*■ NT_PROCESS*■ NT_HEALTH■ NT_DNS_2000■ NT_DOMAIN■ NT_MEMBER_SERVER■ NT_EV*■ NT_PERFMON*





PRU_WinsServer.kml ■ NT■ NT_OS■ NT_CACHE■ NT_CPU*■ NT_MEMORY■ NT_PAGEFILE*■ NT_SYSTEM■ NT_LOGICAL_DISK*■ PATROL_NT■ NT_SERVICES*■ NT_PROCESS*■ NT_HEALTH■ NT_DOMAIN■ NT_MEMBER_SERVER■ NT_EV*■ NT_WINS*

PRU_DhcpServer.kml ■ NT■ NT_OS■ NT_CACHE■ NT_CPU*■ NT_MEMORY■ NT_PAGEFILE*■ NT_SYSTEM■ NT_LOGICAL_DISK*■ PATROL_NT■ NT_SERVICES*■ NT_PROCESS*■ NT_HEALTH■ NT_DOMAIN■ NT_MEMBER_SERVER■ NT_EV*■ NT_DHCP*

PRU_MediaServer.kml ■ NT■ NT_OS■ NT_CACHE■ NT_CPU*■ NT_MEMORY■ NT_PAGEFILE*■ NT_SYSTEM■ NT_LOGICAL_DISK*■ PATROL_NT■ NT_SERVICES*■ NT_PROCESS*■ NT_HEALTH■ NT_EV*■ NT_PERFMON*




A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Index

Symbols%PATROL_CACHE% 65%PATROL_HOME% 65.kml

COM.kml 90, 287EVENT_MANAGEMENT.kml 91HISTORY.kml 90, 289LOG.kml 91MSMQ.kml 90, 288MWD_ACTIVE_Directory_MN.kml 91NT_BASE 284NT_HYPER-V 285NT_LOAD.kml 91, 282NT_PERFMON_WIZARD.kml 91NTD.kml 91, 286REM_ACTIVE_DIRECTORY.kml 286

.kml fileslist of 90vs. .km files 89

__ANYINST__ variable 278, 279_CollectionStatus parameter 200_DiscoveryStatus parameter 46

Numerics560/562 events 201

Aaccount requirements

PATROL KM for Cluster Server 48, 76PCC 177

AccountInfo variables 248accounts

requirements 97setting up for installation 43Windows 43

AcknowledgeBy variable 229, 276acknowledging alarms 201Act as part of operating system (user right) 44, 100activating parameters 279Active Directory 22ActiveX control 134adding

event filters 275

Performance Monitor (PerfMon) counters 143processes to monitor 118, 273rules 272services to monitor 273WMI parameters 144

address book monitoring 24addresses

default 138email, specifying 141

administrator rights 100AdPerfCollector parameter 208advanced user rights, required 44agents

assigning notification servers to 139configuration variables 217–257configuring 138–140configuring in a cluster 176PATROL 34persistent connection to 140

Alarm variable 225AlarmMax variable 255, 256AlarmMin variable 255, 256alarms

acknowledging 201generating 115, 122tuning 204

AlarmThreshold variable 122, 219AlertMSGForRepliCollector variable 246alerts

reducing number of 200troubleshooting 204

allow log on locally (user right) 44allowsendparamonly variable 205AnnotateProcCount variable 236AnnotateProcStatus variable 236AnnotateTopProcs variable 236AnnotateValueChange variable 239Annotation variable 229, 276AnnotationMode variable 249application classes

NT_CompositeColl 124NT_DHCP 40, 41, 169NT_DNS 169NT_FTP 237NT_ICMP 238NT_IP 238

295


NT_IPX 238NT_LOGICAL_DISK 100NT_NETBEUI 238NT_NETBIOS 238NT_PROCESS 118NT_REMOTE_SERVERS 169NT_SERVICES 100NT_SHARES 169NT_TCP 238NT_TRUST 169NT_UDP 238NT_WINS 169

application server, rulesets for monitoring 258arguments, process 122arsAction variable 204AS_AVAILABILITY application 206AS_CHANGESPRING.kml 70AS_EVSLocalAlertNotify.bat

editing 135requirements for using 134

AS_EVSLocalAlertNotify.pl 134Attended Mode Dialog Timeout field 131auditing, disabling 201authentication support 24AutoDiscoveryTimeLimit variable 219automatic process monitoring 117AutoRestart variable 116, 225availability, monitoring 206

Bbacking up before migration 69backup domain controllers, monitoring 30backup notification servers 136BackupClusterDatabase parameter 249BackupDir variable 227batch file 134BDCADD variable 242BDCDEL variable 242blackouts 204Blat

defined 133version tested with 133

blue screen monitoringcrash dump 126default 126event id 6008 126

BMC Software, contacting 2Bourne shell 79Bypass traverse checking user right 100

CC shell 79catalog, event 206

296 BMC PATROL for Microsoft Windows Servers Getti

changingaccount rights 45security levels 54system monitoring 102thresholds and poll times 277

characters, special 271charting PATROL data 166CheckIPResourceColl parameter 249CheckPoint variable 229child_list variable 271CluDBBackupPath variable 249cluster administrator account 48, 76, 177cluster.exe 76ClusterLogFileError parameter 251clusterName_NetworkNameForFileShares variable 250CollectionCount variable 219, 236colormap option 78COM.kml 90, 287command-line arguments 122commas, escaping 271components

KM files 282–289PATROL Adapter for Microsoft Office 34PATROL Agent for Microsoft Windows Servers 34PATROL Cluster Configuration Wizard 31PATROL Cluster Configuration Wizard (PCC) 31PATROL History Loader KM 34PATROL KM for Cluster Server 30PATROL KM for Event Management 33PATROL KM for Log Management 32PATROL KM for Microsoft Cluster Server 30PATROL KM for Microsoft COM+ 31PATROL KM for Microsoft Message Queue 31PATROL KM for Microsoft Windows Active

Directory 22PATROL KM for Microsoft Windows Domain

Services 30PATROL KM for Microsoft Windows OS 21

composite parameters, creating 124compressing the DHCP database 99ComputerNamesList/list variable 234configuration variables 217–257configurations, component-based

PATROL KM for History Loader 289PATROL KM for Microsoft COM+ 287PATROL KM for Microsoft Message Queue (MSMQ)

288PATROL KM for Microsoft Windows Domain

Services 286PATROL KM for Microsoft Windows OS 282PATROL KM for MS Windows Active Directory

Remote Monitoring 286ConfigureOptionUsed variable 240configuring

blue screen monitoring 100, 126composite parameters 124custom parameters 124

ng Started


e-mail notification 132event log monitoring 114event monitoring 103in PCM, event monitoring 275in PCM, process monitoring 273in PCM, service monitoring 273KM to look for crash dump file 100monitoring of text files 148PATROL in a cluster 176PATROL KM for Microsoft Windows OS 101–125process control 121process monitoring 117–122quotas 100remote agents 138–140service monitoring 114–??Windows event monitoring 103

ConnectAs32Bit variable 255connection, persistent 140ConsolidateEventTypes variable 107, 230, 276ConsolidationNumber variable 230, 276ConsolidationTime variable 230, 276Core Active Directory service 25core Active Directory service 26Counters variable 255counters, Performance Monitor 207CreateInstance variable 229creating

custom parameters 124event filter to monitor events generated only by a

specified computer 113rules 272WMI parameters 34

custom installation option 55customer support 2customizations

migrating manually 72customized PSL, migrating 73customizing

monitoring of counters 142scripts 135text log monitoring 147thresholds 207

Ddatabase, parameter history 34deactivating parameters 279debug programs (user right) 44default email account 138defining

notification servers 136remote agents 136

DeletedLDList variable 239dependencies 92deploying settings 137DestroyAcknowledgeProcess variable 236

DFS (Distributed File System) 30DFS users, disconnecting 99DfsConnectionPercent parameter 130DHCP (Dynamic Host Configuration Protocol) 30DHCP reports 169DHCPADD variable 242DHCPBAK variable 242DHCPDEL variable 242diagnosing problems 199–211directory replication 23DisableAnnotation variable 222, 236, 239DisableAnnotations variable 244DisableEventConfig variable 244DisableServiceRestart variable 116, 222disabling

event filters 114event log monitoring 104KMs 170parameters 279process monitoring 121

disconnecting DFS users 99discovery, problems with 200diskperf 103disks, monitoring 102Distributed File System (DFS) 30DNS name registration 25DNS reports 169DNS server, monitoring 26dns.exe 265domain controllers

rulesets for monitoring 259domain controllers, monitoring 30Domain Name Service (DNS)

monitoring 30rulesets 259

DomainInclusionList variable 251DomainNamingMasterConnStatusSched variable 244double quotes, escaping 271dynamic file names, monitoring 150, 155Dynamic Host Configuration Protocol (DHCP) 30dynamic update 26

Eediting

notification scripts 135rulesets 258

ELMError parameter 106ELMErrorNotification parameter 106, 201ELMEvFileFreeSpacePercent parameter 129ELMFailureAudit parameter 106ELMFailureAuditNotification parameter 106, 201ELMInformation parameter 106ELMInformationNotification parameter 201ELMNotification parameter 106, 201ELMOtherTypes parameter 106

297


ELMOtherTypesNotification parameter 201ELMRptOfNotification parameter 108ELMRptOfOtherTypes parameter 108ELMStatus parameter 106, 107ELMSuccessAudit parameter 106ELMSuccessAuditNotification parameter 201ELMWarning parameter 106ELMWarningNotification parameter 106, 201e-mail notification 132EnableAlarmIfProcessDown variable 220EnableAlarmIfProcessStarts variable 220enabling

event filters 114event log monitoring 104parameters 279

environment variablesLANG 79PATH 79PATROL_BROWSER 79PATROL_CACHE 65PATROL_HOME 65setting for Help browser 79setting for the browser 79

equal sign, escaping 271error messages 210escaping special characters 271event catalog 206event log

windows event log 202event logs

monitoring, enabling 102troubleshooting 201viewing 125

event monitoringconfiguring in PCM 275Core Active Directory service 25domain controller health 25file replication service and group policy 25Kerberos 25Netlogon 25time synchronization service 25

EVENT_MANAGEMENT.kml 289EventLogMonitoring

BackupDir variable 227ExclusionList/list variable 228IncludeAll variable 227InclusionList/list variable 227

EventReport variable 230, 276events

monitoring 103reducing 200

EventType variable 107, 230, 276EvRptOfError parameter 108EvRptOfFailureAudit variable 108EvRptOfInformation parameters 108EvRptOfStatus parameters 108EvRptOfSuccessAudit parameters 108


EvRptOfWarning parameter 108eXceed 78Excel, Microsoft 100ExclusionList/list variable 228, 235, 236, 237, 239expressions, regular 117extracting

downloaded installation files 52order 52

Ffailover, cluster 31FAT file system 40file replication service and group policy 26file server, rulesets for monitoring 258file systems, supported 40FileShareExclusionList variable 249filter, event monitoring 103FilterDescription variable 230, 276FilterDisableCase variable 233FilterEnabled variable 114first time installation 55Flexible Single Master Operations (FSMO) 24ForwardAllNTEventstoPEM variable 228ForwardFilteredNTEventstoPEM variable 228FSMO monitoring 24FTP/Active variable 237

Ggraphing PATROL data 166group policy monitoring 25

HHighThresholdOnEvents variable 240history reports 168HISTORY.kml 90, 289HPFS file system 40

IICMP/Active variable 238IdleServerTime variable 243InactiveonMissingPerfObj variable 219IncludeAll variable 227, 235, 236, 237, 239, 240IncludeAllCompList variable 234InclusionList list/variable 237InclusionList/list variable 227, 235, 236, 237, 238, 239increase quotas (user right) 44inetinfo.exe 262InfrastructureMasterConnStatusSched variable 245installation

backing up before migration 69

ng Started


custom option 55log files 210PATROL KM for Cluster Server account requirements

48, 76PATROL KM for Cluster Server overview 73preparing for 49setting up installation accounts 43system requirements 39typical option 54verifying requirements 39Windows account requirements 43

Installation logs 210installing

checking for product patches or fixes 50clearing cache 71determining the version of the installation utility 51extracting downloaded files 52extraction order 52extraneous target platforms in the installation utility

user interface 50for the first time 55installing PATROL Agent over an existing installation

51turning off pop-up blocking software 49unsupported platform in the installation utility user

interface 50upgrading from an earlier version 63where to install KMs 52where to install PATROL Agent 51

Instances variable 255integration with Blat 133intrasite/intersite monitoring 23IP/Active variable 238IPExclusionList variable 249IPX/Active variable 238IterationCount variable 241, 242

Jjob objects

missing 200monitoring 102

JobObjectMonitoringCollectionCount variable 236ExclusionList/list variable 235IncludeAll variable 235InclusionList/list variable 235

JournalMsgCountThreshold variable 253JournalMsgSizeThreshold variable 253

KKerberos 25, 27KM configuration variables 217–257KM customizations

migrating manually 72KMs

deploying 18determining if migratable 64determining versions of 211included with product 281–289installing individual 55installing QuickStart packages 54loading 91–93preloading 90unloading 170upgrading from an earlier version 63where to install 52

Korn shell 79

LLANG environment variable 79LDAP monitoring 24LDldFreeSpacePercent parameter 129license, required 39loading KMs 91–93log files, monitored by default 149Log on as a service (user right) 44Log on as batch job user right 100LOG.kml 91LOGErrorLvl

not set if search string is not defined 154logical disks, monitoring 102LogicalDiskMonitoring

ExclusionList/list variable 239IncludeAll variable 239InclusionList/list variable 238

login accountsrequirements 43Windows 43

logsevent, monitoring 102installation 210

lsass.exe 264

Mmail servers, rulesets for monitoring 259Make Connection Persistent option 140managed system 22manual

migration of KM customizations 72process monitoring 117

ManualAcknowledge variable 235MAPI scripts 134MaxRecords variable 232MaxResourceIdleRetainPeriod variable 227MaxShares variable 243MaxUsers variable 243

299


MBRADD variable 242MBRDEL variable 242MBREL variable 242media, streaming 259MemoryContentionThreshold variable 240MenuCmdROMode variable 252messages, error log 210Microsoft Excel 100, 167Microsoft Message Queue (MSMQ) 31Microsoft Transaction Server COM+ 31migrating

customized PSL 73determining if KM is migratable 64from an earlier version of the KM 63KM customizations manually 72

Mode variable 256monitor requirements 40Monitor variable 225MonitoredClusterList variable 252monitoring

Active Directory 22availability of agents 206backup domain controllers 30clusters 31domain controllers 30enabling and disabling 102event logs 102events 103, 114files 114files with dynamic names 150, 155job objects 102logical disks 102logical or physical disk drives 103logs 114network interfaces 102network protocols 102pagefiles 102physical disks 102printers 102processes 117processors 102service executables 116services 114strings 114text files 148

MonitorManualServices variable 222MonitorNotRespond variable 225MonitorProcess 225MonitorProcess variable 235MSMQ.kml 90, 288MsPatrolAgentStatus parameter 129MWD_ACTIVE_Directory_MN.kml 91

NName variable 255


Net Logon 25, 27NETBEUI/Active variable 238NETBIOS/Active variable 238Netscape Navigator 78network interfaces, monitoring 102network protocols, monitoring 102, 201NetworkInterfaceMonitoring


new PATROL userseasy install option 54installing for the first time 55

nonaggregate values for drive instance 127NonAggregateParamValue variable 239notification

scripts, using 133–136server 136

notification scriptscustomizing 135editing 135specifying 138

notification serversbenefits of 136configuring 136–138defining 136primary and backup 136providing security for 137

notification targets, defining 138notification, e-mail 132NOTIFICATION_SERVER1 variable 139NOTIFICATION_SERVER1.defaultAccount variable 139NOTIFICATION_SERVER2 variable 139NotifiedEvents parameter 206notifying

disks are not present 126NotRespondCmd variable 225NT authentication support 24NT_BASE.kml 42, 284NT_CompositesColl application class 124NT_DHCP application class 40, 41NT_EVENTLOG.OSdefaultAccount variable 241NT_FTP application class 237NT_HYPER-V.kml 284, 285NT_ICMP application class 238NT_IP application class 238NT_IPX application class 238NT_LOAD.kml 42, 91, 282NT_LOGICAL_DISK application class 100NT_NETBEUI application class 238NT_NETBIOS application class 238NT_PERFMON application class 91NT_PROCESS application class 118, 200NT_SERVICES application class 100NT_TCP application class 238NT_UDP application class 238NTD.kml 91, 286

ng Started


NTFS file system 40

OObjects variable 255operating system, monitoring 101output window, system 210OverrideAutoConfigUpdate variable 240OverrideGlobalServiceMonitoring variable 225OverrideGlobalServiceRestart variable 116, 225OverrideParameterAutoActivate variable 227, 235, 240OverrideParameterFileFreeSpacePctAutoActivate variable

228OverrideSummaryAutoCreate variable 202, 228

PPACFG (PATROL Agent Configuration) utility 205PagefileMonitoring


pagefiles, monitoring 102parameters 205

_DiscoveryStatus 46activating and deactivating 279AdPerfCollector 208BackupClusterDatabase 249CheckIPResourceColl 249ClusterLogFileError 251composite 124creating 34creating e-mail notifications for 132creating PerfMon-based 143creating WMI 144customizing 124data, storing and analyzing 34DfsConnectionPercent 130ELMError 106ELMErrorNotification 106, 201ELMEvFileFreeSpacePercent 129ELMFailureAudit 106ELMFailureAuditNotification 106, 201ELMInformation 106ELMInformationNotification 106, 201ELMNotification 201ELMOtherTypes 106ELMOtherTypesNotification 201ELMRptOfNotification 108ELMRptOfOtherTypes 108ELMStatus 106ELMSuccessAudit 106ELMSuccessAuditNotification 201ELMWarning 106ELMWarningNotification 106, 201

EvRptOfError 108EvRptOfFailureAudit 108EvRptOfInformation 108EvRptOfSuccessAudit 108EvRptOfWarning 108history, viewing 90LDldFreeSpacePercent 129MsPatrolAgentStatus 129NotifiedEvents 206PAWorkRateExecsMin 130PROCDown 122PROCProcessColl 122PROCProcessorTimePercent 129PROCStatus 122, 129, 235RegValueChanged 239ServiceStatus 115, 129ShConnPercent 46, 130SvcNotResponding 116SvcStatus 116troubleshooting 205tuning 200WMIAvailability 129, 240WpReplicationFailures 130

Parameters variable 255ParentInstance variable 229PATH environment variable 79PATROL account, creating 43PATROL Adapter for Microsoft Office

description 34installation requirements 167

PATROL Agentconfiguring in a cluster 176description 34installing KMs to 53installing over an existing installation 51where to install 51

PATROL Central - Web Editionloading KMs on 93

PATROL Central - Windows Edition 172PATROL Configuration Manager

description 18using 269–277

PATROL consolesand Netscape Navigator 78installing KMs to 53

PATROL for Microsoft Windows Serversrulesets 290

PATROL for Windows Operating System Monitor service 35

PATROL History Loader KMdescription 34

PATROL KM for Cluster Serveraccount requirements 48, 76architecture 74description 30installation overview 73installation requirements 76

301


monitoring features 30overview 73

PATROL KM for Event Management.kml files 289configuring 132–141

PATROL KM for History LoaderKMs 289

PATROL KM for Log Management.kml file 289

PATROL KM for Microsoft COM+report options 170troubleshooting 99Windows configuration 287

PATROL KM for Microsoft Message QueueKMs 288report options 169troubleshooting 99

PATROL KM for Microsoft Windows Active Directorydescription 22installation requirements 41, 42requirements 41, 42troubleshooting 97

PATROL KM for Microsoft Windows Domain ServicesKMs 286requirements 40troubleshooting 98

PATROL KM for Microsoft Windows OSconfiguring 101–125KMs 282requirements 40

PATROL KM for MS Windows Active Directory Remote Monitoring

KMs 286REM_ACTIVE_DIRECTORY.kml 286

PATROL KM for Windows Active Directoryrequired defaultAccount permissions 47

PATROL Perform Agent 38PATROL security

overview of levels 53requirements 39

PATROL Wizard for Performance Monitor and WMI.kml file 288configuring 142creating Performance Monitor parameters 143creating WMI parameters 144description 34loading 142migration 64performance counters supported 146queries that begin with Win32_PerfRawData 146setting alarm thresholds 144Win32_PerfRawData WMI class 146

PATROL.conf 205PATROL_BROWSER environment variable 79PATROL_CACHE 65, 71PATROL_HOME 65PatrolAgent service 35


PAWorkRateExecsMin parameter 130PCC (PATROL Cluster Configuration Wizard)

account requirements 177description 31installation requirements 177overview 176unattended configuration 191using 178

pconfigsyntax rules for 271variables 218–257

PDCEmulatorConnStatusSched variable 245Performance Counter (PerfMon) Wizard 34Performance Monitor counters, customizing 207perfproc.dll 200persistent agent connection 140physical disks, monitoring 102PhysicalDiskMonitoring


PingCount variable 246PingTimeout variable 246planning

installation 49notification 136

platforms, supported 39poll times, changing 205, 277preloading KMs 90, 94preparing for installation 49Primary_Site_Role.cfg 258, 259print server, rulesets for monitoring 258PrinterMonitoring

DisableAnnotation variable 239ExclusionList/list variable 239IncludeAll variable 240InclusionList/list variable 239

printers, monitoring 102problem resolution 199–211PROCDown parameter 122process control, configuring 121processes

_DiscoveryStatus and _CollectionStatus parameters 121

configuring in PCM 273disabling monitoring of 121missing 200monitoring 117multiple processes selected 203restarting 46, 122run-away 220stopping 122troubleshooting 200

ProcessMonitoringStatusSelectedColumns/list variable 219

ProcessName variable 220ProcessorContentionThreshold variable 240

ng Started


ProcessorMonitoringDisableAnnotation variable 236ExclusionList/list variable 236IncludeAll variable 236InclusionList/list variable 236

processors, monitoring 102PROCProcessColl parameter 122PROCProcessorTimePercent parameter 129PROCStatus parameter 122, 129, 235product

components 20configuration tasks 101

product support 2profile system performance (user right) 45protocols

monitoring 102troubleshooting 201

PRU_FileServer.cfg 258PSL, migrating 73psx_server.xpc 232

QQuery variable 256QueueMsgCountThreshold variable 253QueueMsgSizeThreshold variable 253quorum configurations

support in a failover cluster 76quotas, configuring 100quotes, escaping 271

RRAS (Remote Access Service) 263recovery actions

about 128configuring 128–132troubleshooting 46variables used for 256

redundancy 136RegistryMonitoring

InclusionList/list variable 239regular expressions 117

using to monitor dynamic file names 150, 155RegValueChanged parameter 239RelativeIDMasterConnStatusSched variable 245Remote Access Service (RAS) 263remote agents, assigning notification servers to 139remote monitoring

tasks 198RemovedPDList variable 237removedServiceList variable 222removing

KMs 171replace a process level (user right) 45

replication monitoring 23reports 100, 168–170requirements

overview 39PATROL KM for Cluster Server 76PATROL KM for Cluster Server account 48, 76PATROL KM for Microsoft Windows Active

Directory 41, 42PCC 177software 89system 39user right 44Windows account 43Windows script 134

ResolveTestList variable 241, 242ResourceExclusionList variable 250restarting

agent 205processes 46, 122

RetainEventDescriptions variable 276rights, required 44, 100rules, adding 272rulesets

applying 257editing 258PATROL for Microsoft Windows Servers 290shipped 257–269

run-away processes 220

SSAM monitoring 24SAM NT authentication support 24ScheduledServers variable 253Scheduling variable 232SchemaMasterConnStatusSched variable 245SCOPEADD variable 242SCOPEDEL variable 242scripts

batch file 134customizing 135editing 135using 133–136

search string 154security

event log 100notification server 137overview of levels 53

Security Account Manager (SAM) 24send_mapi.vbs 134sendmail.vbs 134ServerExcludeList variable 243ServerIPAddress variable 241, 242ServerPortNumber variable 241, 242servers, deploying settings to 137ServiceMonitoring

303


DisableAnnotation variable 222MonitorManualServices variable 222removedServiceList variable 222

serviceschecking status of 116configuring in PCM 273monitoring 114monitoring executables for 116PATROL for Windows Servers 35restarting 46, 115

services.exe 264ServiceStatus parameter 115, 129setting environment variables for Help browser 79ShareExcludeList variable 243ShConnPercent parameter 46, 130shells

Bourne 79C 79Korn 79

Site_Role.cfg 258, 259sitecomp.exe 267, 269slashes, escaping 271SMS (Systems Management Server), rulesets for 258smsdbmon.exe 267smsexec.exe 267, 269SMTP scripts 134SNMP service 41SNMP, requirements 40spoolsv.exe 263sqlservr.exe 267starting services 99, 115startup properties, service 100StatusNumberofProcessesToDisplay variable 219StatusSelectedColumns/list variable 219StatusSortKey variable 219StdEvents.ctg 206stopping

event log monitoring 104monitoring 102processes 122services 99

streaming media servers, rulesets for monitoring 259success auditing 201Summary instance 202support, customer 2Suspend Recovery Action field 131Suspend variable 256svchost.exe 264SvcNotResponding parameter 116SvcStatus parameter 116syntax

pconfig 271system output window 210system requirements 39system roles 52


TTCP/Active variable 238TCPorUDP variable 241, 242technical support 2templates, PATROL Adapter for Microsoft Office 168terminal server 259terminating processes 46, 122text files, monitoring 148thresholds

changing in PCM 277customizing 207rule for 278tuning 200, 204

time synchronization service 25, 27TimeLimitForKillRunAwayProcess variable 220TotalMessageSizeThreshold variable 253troubleshooting 199–211

DiscoveryStatus parameter in alarm 203multiple processes selected 203windows event log 202

TrustExcludeList variable 243typical installation option 54

UUDP protocol 241, 242UDP/Active variable 238uninstalling products 81unloading KMs 172unresponsive services 116upgrading 63

backing up current installation before 69choosing a procedure 65from an earlier version of the KM 63

UpTimeBaseLine variable 250UseCheckPoint variable 227, 229user account 79user rights, required 44UserExcludeList variable 243using PCC 178

Vvariable_list variable 272variables

__ANYINST__ 278child_list 271FilterEnabled 114NOTIFICATION_SERVER1 139NOTIFICATION_SERVER2 139PATROL KM for Microsoft Active Directory 244–248PATROL KM for Microsoft Cluster Server 248–253PATROL KM for Microsoft COM+ 254PATROL KM for Windows Domain Services 241–244

ng Started


PATROL KM for Windows Message Queue 253PATROL KM for Windows OS 218–241PATROL Wizard for Performance Monitor and WMI

255–256PATROL_BROWSER 79variable_list 272wpconfig 18

VB (Visual Basic) 133version, determining 211View Process Status dialog box 219viewing

event logs 125Visual Basic (VB) 133VPN (virtual private network) 259

WWait variable 256warnings, generating 115, 122WarnMax variable 255, 256WarnMin variable 255, 256WBEM_E_INVALID_CLASS error message 208Win32_PerfRawData

performance counters supported 146WMI queries for WMI class 146

WIN32_WMISetting 240Windows 30Windows account requirements 43Windows Management Instrumentation (WMI) 34Windows NT Workstation 134WINS (Windows Internet Naming Service)

recovery actions 130reports 169rulesets for monitoring 259

WINSADD variable 242WINSDEL variable 242WMI parameters, creating 144WMI Wizard 34WMIAvailability parameter 129, 240WMServer service 266wpconfig utility 94wpconfig variables 18WpReplicationFailures parameter 40, 130

Xxpconfig utility 94

305


ng Started

*175335**175335**175335**175335*

175335

bmc patrol getting started guide - 4.3

Documents