BMC PATROL for Microsoft Windows Servers

Getting Started Guide

Supporting
BMC PATROL KM for Microsoft Windows Operating System 4.3 BMC PATROL KM for Microsoft Windows Active Directory 1.6 BMC PATROL KM for Microsoft Windows Active Directory Remote Monitoring 1.7 BMC PATROL KM for Microsoft Windows Domain Services 1.5 BMC PATROL KM for Microsoft Cluster Server 1.7 BMC PATROL Cluster Configuration Wizard 1.5 BMC PATROL KM for Microsoft COM+ 1.3 BMC PATROL KM for Microsoft Message Queue 1.4 BMC PATROL KM for Event Management 2.8 BMC PATROL KM for Log Management 2.6.10 BMC PATROL Wizard for Microsoft Performance Monitor and WMI 2.1 BMC PATROL Adapter for Microsoft Office 1.1 BMC PATROL Agent 3.8.50

October 2010

www.bmc.com

Contacting BMC Software
You can access the BMC Software website at http://www.bmc.com. From this website, you can obtain information about the company, its products, corporate offices, special events, and career opportunities.

United States and Canada
Address BMC SOFTWARE INC 2101 CITYWEST BLVD HOUSTON TX 77042-2827 USA Telephone 713 918 8800 or 800 841 2031 Fax 713 918 8000

Outside United States and Canada
Telephone (01) 713 918 8800 Fax (01) 713 918 8000

© Copyright 2007, 2009 - 2010 BMC Software, Inc. BMC, BMC Software, and the BMC Software logo are the exclusive properties of BMC Software, Inc., are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other BMC trademarks, service marks, and logos may be registered or pending registration in the U.S. or in other countries. All other trademarks or registered trademarks are the property of their respective owners. DB2 is the trademark or registered trademark of International Business Machines Corporation in the United States, other countries, or both. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. UNIX is the registered trademark of The Open Group in the US and other countries. All other trademarks belong to their respective companies. The information included in this documentation is the proprietary and confidential information of BMC Software, Inc., its affiliates, or licensors. Your use of this information is subject to the terms and conditions of the applicable End User License agreement for the product and to the proprietary and restricted rights notices included in the product documentation.

Restricted rights legend
U.S. Government Restricted Rights to Computer Software. UNPUBLISHED -- RIGHTS RESERVED UNDER THE COPYRIGHT LAWS OF THE UNITED STATES. Use, duplication, or disclosure of any data and computer software by the U.S. Government is subject to restrictions, as applicable, set forth in FAR Section 52.227-14, DFARS 252.227-7013, DFARS 252.227-7014, DFARS 252.227-7015, and DFARS 252.227-7025, as amended from time to time. Contractor/Manufacturer is BMC SOFTWARE INC, 2101 CITYWEST BLVD, HOUSTON TX 77042-2827, USA. Any contract notices should be sent to this address.

Customer support
You can obtain technical support by using the BMC Software Customer Support website or by contacting Customer Support by telephone or e-mail. To expedite your inquiry, see “Before contacting BMC.”

Support website
You can obtain technical support from BMC 24 hours a day, 7 days a week at http://www.bmc.com/support. From this website, you can
s s s s s s s s

read overviews about support services and programs that BMC offers find the most current information about BMC products search a database for issues similar to yours and possible solutions order or download product documentation download products and maintenance report an issue or ask a question subscribe to receive proactive e-mail alerts when new product notices are released find worldwide BMC support center locations and contact information, including e-mail addresses, fax numbers, and telephone numbers

Support by telephone or e-mail
In the United States and Canada, if you need technical support and do not have access to the web, call 800 537 1813 or send an e-mail message to customer_support@bmc.com. (In the subject line, enter SupID:<yourSupportContractID>, such as SupID:12345). Outside the United States and Canada, contact your local support center for assistance.

Before contacting BMC
Have the following information available so that Customer Support can begin working on your issue immediately:
s

product information — — — product name product version (release number) license number and password (trial or permanent)

s

operating system and environment information — — — — — machine type operating system type, version, and service pack or other maintenance level such as PUT or PTF system hardware configuration serial numbers related software (database, application, and communication) including type, version, and service pack or maintenance level

s s s

sequence of events leading to the issue commands and options that you used messages received (and the time and date that you received them) — — — product error messages messages from the operating system, such as file system full messages from related software

3

License key and password information
If you have questions about your license key or password, contact BMC as follows:
s

(USA or Canada) Contact the Order Services Password Team at 800 841 2031, or send an e-mail message to ContractsPasswordAdministration@bmc.com. (Europe, the Middle East, and Africa) Fax your questions to EMEA Contracts Administration at +31 20 354 8702, or send an e-mail message to password@bmc.com. (Asia-Pacific) Contact your BMC sales representative or your local BMC office.

s

s

4

BMC PATROL for Microsoft Windows Servers Getting Started

Contents
Chapter 1 Product components and capabilities 17 18 18 18 18 19 19 20 21 22 28 30 30 31 31 31 32 33 34 34 34 34 35 35 35 37 38 39 39 40 43 49 49 50 50 50 51
5

PATROL for Windows Servers features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Centralized event filtering and notification. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ability to deploy configuration settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Built-in recovery actions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Predefined rulesets for common server types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Virtualization with Hyper-V . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Product components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL KM for Microsoft Windows Operating System . . . . . . . . . . . . . . . . . . . . PATROL KM for Microsoft Windows Active Directory . . . . . . . . . . . . . . . . . . . . . PATROL KM for Microsoft Windows Active Directory Remote Monitoring . . . PATROL KM for Microsoft Windows Domain Services . . . . . . . . . . . . . . . . . . . . . PATROL KM for Microsoft Cluster Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL Cluster Configuration Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL KM for Microsoft Message Queue (MSMQ). . . . . . . . . . . . . . . . . . . . . . . PATROL KM for Microsoft COM+. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL KM for Log Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL KM for Event Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL Wizard for Microsoft Performance Monitor and WMI. . . . . . . . . . . . . . PATROL History Loader KM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL Adapter for Microsoft Office . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Related documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Where to go from here. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Chapter 2 Installing and migrating PATROL for Windows Servers

Installation overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Verifying installation requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . System requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Additional component-specific requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Preparing for installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Turning off pop-up blocking software before installing . . . . . . . . . . . . . . . . . . . . . Unsupported platform option in the installation utility user interface. . . . . . . . . Extraneous target platform options available in the installation utility user interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Checking for product patches or fixes before installing . . . . . . . . . . . . . . . . . . . . . Determining how to install products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents

Determining the version of the installation utility . . . . . . . . . . . . . . . . . . . . . . . . . . 51 Determining where to install the PATROL Agent . . . . . . . . . . . . . . . . . . . . . . . . . . 51 Installing the PATROL Agent over an existing installation . . . . . . . . . . . . . . . . . . 51 Extracting installation files after download . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 Determining where to install KMs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 PATROL Security levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 Checking security levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 Assessing and implementing a different security level . . . . . . . . . . . . . . . . . . . . . . 54 Default and custom installation types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 First-time installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 Installing for the first time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 First-time installation using Distribution Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 Distribution Server features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 Importing a CD or customized installation package into Distribution Server . . . 61 Installing with the Distribution Server (overview) . . . . . . . . . . . . . . . . . . . . . . . . . . 62 Upgrading from an earlier version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 Automatic migration of console and agent customizations . . . . . . . . . . . . . . . . . . 63 Determining whether you can migrate KM customizations . . . . . . . . . . . . . . . . . . 64 Conditions for upgrading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 Determining the location of PATROL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 PATROL for Windows Servers upgrade scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 Upgrading without saving KM customizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 Upgrading and preserving KM customizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 Preparing to upgrade. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 Migrating customizations with the PATROL Configuration Manager . . . . . . . . . 70 Creating an installation package of the migrated and merged KM . . . . . . . . . . . . 70 Moving files from the PATROL_CACHE directories. . . . . . . . . . . . . . . . . . . . . . . . 71 Migrating customizations manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72 Installing PATROL KM for Microsoft Cluster Server . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 External cluster-level agent architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74 Internal cluster-level agent architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 How to Install the PATROL KM for Microsoft Cluster Server . . . . . . . . . . . . . . . . 76 Considerations for using online Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77 Browser version required for viewing PATROL Console for UNIX Help . . . . . . 78 Additional considerations for using online Help for UNIX . . . . . . . . . . . . . . . . . . 78 Uninstalling PATROL for Windows Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 Determining the version of the installation utility . . . . . . . . . . . . . . . . . . . . . . . . . . 80 Uninstalling PATROL for Windows Servers on Windows . . . . . . . . . . . . . . . . . . . 81 Where to go from here . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 Chapter 3 Loading and configuring PATROL for Microsoft Windows Servers 87

Preparing to use PATROL for Windows Servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 Loading and preloading KMs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 Loading the PATROL for Microsoft Windows Servers KMs . . . . . . . . . . . . . . . . . 91 Preloading KMs on the PATROL Agent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 Requirements for configuring from the PATROL Console . . . . . . . . . . . . . . . . . . . 97 Configuring the PATROL KM for Microsoft Windows OS . . . . . . . . . . . . . . . . . . . . . 101 Enabling and disabling system monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 Configuring Windows events monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
6 BMC PATROL for Microsoft Windows Servers Getting Started

. . . . . . . . . . . . . . . . . . . . . Preparing to use the PCC Wizard . . . . . . . . . . . . . . . . . . . . . . . . . 124 Viewing event logs . . . . . . . . . . . . . . 128 Built-in native recovery actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136 Assigning notification servers for the remote agents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170 Unloading KMs from a PATROL console . . . . . . . . . . . . . 117 Creating custom parameters . . . . . . . . . . . . . . . . 126 Notifying when disks are not present . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149 Stop monitoring a log file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171 Stopping preloaded KMs from running on the PATROL Agent . . . . 114 Configuring process monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Install the application on each cluster node . . . . . . . . . . . . . . 160 Configure recovery actions for a log file . . . . . . . . . . . . . 149 Start monitoring a log file. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130 Configuring e-mail notification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Starting the PCC Wizard . . . Overview . . . . . . . . . . 125 Configuring Blue Screen monitoring . . . . . . . 168 Built-in report templates. . . . 166 Displaying PATROL data by using the PATROL Adapter for Microsoft Office 167 How to use the PATROL Adapter for Microsoft Office . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Access requirements for running the PCC Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138 Assigning notification targets for a PATROL alert. . . 143 Setting alarm thresholds. . . . . . . . . . . . . . . . . . . . . . 128 About recovery actions . . . . . . . . . . . . . . . . . 147 Stop and start monitoring all default log files. . . . . . . . . . . . . . . . . . . . . . . . . . . 142 Loading the PATROL Wizard for Microsoft Performance Monitor and WMI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129 Configuring built-in native recovery actions . . . . 141 Configuring PATROL Wizard for Microsoft Performance Monitor and WMI . . . . . . . 164 Configuring the PATROL KM for Microsoft Cluster Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126 Providing nonaggregate values for a drive instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157 Generate a custom event when a search string is identified . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173 Chapter 4 Using the PATROL Cluster Configuration Wizard 175 176 176 177 177 177 178 183 183 183 7 Using the PATROL Cluster Configuration Wizard . . . . . . . How to use the PCC Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140 Configuring the PATROL KM for Microsoft Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Post-PCC configuration. . . . . . 144 Configuring the PATROL KM for Log Management . . . . . . . . . . . . . . . . . . . . 132 Using notification scripts . . . . . . . . . . . . . . . . . 165 Using the PATROL Adapter for Microsoft Office to view reports . . . . . . . . . . . . . . . . . . . . 144 Creating WMI parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133 Defining notification servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127 Configuring recovery actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150 Change the setup of a monitored file . . . . . . . . . . . . . . . . . . . . .Configuring service monitoring . . . . . . . . . . . . . . 156 Filter log file messages (create a search string) . . . . . . 142 Creating performance monitor parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Manually configuring the PATROL Agent for clustering . . . . . . . . . . . . . . . . . . . . . . . . 168 Removing KMs from your console and agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . 207 Cannot add performance monitor counters with alarm ranges less than 1 . . . . . . . . . . . . . . . . 197 Supported tasks for remote monitoring . . . 184 Distribute license file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198 Chapter 6 Troubleshooting PATROL for Microsoft Windows Servers 199 PATROL KM for Microsoft Windows OS problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202 Windows event log does not work . . . . . 185 Define the PATROL Agent as a member of the group . . 208 Recovery action problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186 PATROL cluster-specific environment variables for history and configuration . . . . . . . . . . . . . . . 184 Assign a unique port number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184 Create and register a new service for the PATROL Agent . . . . . . . . . . . . . . . . 200 Process or job object data not displayed . . . . . . . . . . . . . . 203 PATROL KM for Event Management problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190 Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196 Object hierarchy for remote monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191 Chapter 5 Monitoring remote hosts 193 Introduction. . . . . . . . . . . . . 207 AdPerfCollector parameter display error message. . . . 195 Application classes to configure remote monitoring . . . . . . . . . . . . . . . . . . . . . . . 196 Parameters for remote monitoring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196 Supported application classes. . . . . . . . . . . . . . . . . . . . . . . . . . 202 Multiple processes are selected when you select a single process . . . . . . . . . . . . . . . . . . 205 PATROL KM for Event Management not working as expected. . . . . . . . . . . . . . . . . . . . . . . . . 206 Problems with all other KMs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189 Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195 Configuring PATROL KM for Windows for remote monitoring . . . . . . . . . . . . . . . . . 201 Event filter parameters not automatically acknowledged . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191 Unattended configuration of Cluster Configuration Wizard . . . . . . . . . . . . . . . 204 Too many e-mail alerts are being generated . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Install the PATROL Agent on each cluster node. . . . . . . . 203 Mount point monitoring and logical disk quotas does not work . . . 195 Authentication. . . . . . . . . . . . . . . . 193 Prerequisites for remote monitoring . . . . . . . . . . . . . . . . . 209 Gathering diagnostic information . . . . . . . . . . 210 Locations where you can find diagnostic information. . . . . . . . . . . . . . . . . . . . . . . . . . . 210 8 BMC PATROL for Microsoft Windows Servers Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201 Event log summary instance cannot be removed . . . . . . . . . 209 Even though I select “Do not ask me again” PATROL prompts before running recovery action. . . . . . . . . . . . . . . . . . 200 PATROL Generates Event 560 and 562 in the Windows security event log . . . . . . . . . . . . . . . . . 206 AS_AVAILABILITY application not displayed. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204 Parameters settings lost after agent restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203 PATROL Agent has DiscoveryStatus parameter in alarm. . . . . . . . . . . . . . . . . . . . . . . . . . . 189 Operation. . . . . . . 209 Recovery actions do not execute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184 Define the PATROL cluster-specific environment variables. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201 Newly installed protocols are not discovered . . . . . . . .

. . . 211 Appendix A Accessing menu commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL KM for Microsoft Windows Message Queue. . . . . . . . . and online Help 213 Accessing KM commands and InfoBoxes . . . . . . . . . . . . . . . . . PATROL KM for Microsoft Windows Active Directory Remote Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL KM for Microsoft COM+. . . . . . . . 210 Determining PATROL KM version number . . . . . . . . PATROL KM for Microsoft Windows OS . . . . . . . . . . 214 Accessing online Help . . . . . . . . . PATROL KM for Microsoft Windows Active Directory . . . . . . . . PATROL for Windows Servers configuration variables . . . . . . . . . . . . . . . . . . . . . . . . . . Using PATROL Configuration Manager to apply rulesets . . . . . . . . . . . . . . . . . . . Using PATROL Configuration Manager . PATROL KM for Log Management . . . . . . . . . . . . . . . . . PATROL KM for Event Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ruleset reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Manually creating or changing configuration variables . . . Server roles with predefined rulesets . . . . . . . . . . . . . . . . . . . . . . . . . . . .kml files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .kml files PATROL for Microsoft Windows Servers . PATROL KM for Microsoft Cluster Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL KM for Microsoft Windows Domain Services . . . . . 215 Appendix B Agent configuration variables and rulesets 217 218 218 218 241 244 248 253 254 255 256 257 257 257 258 260 269 269 270 281 282 282 285 286 286 287 287 288 288 289 289 289 290 295 Managing configuration variables. . PATROL KM for Microsoft Cluster Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL KM for Microsoft COM+. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . InfoBoxes. . . . . . . . . . . PATROL KM for Microsoft Message Queue . . . . . . . .Installation logs . . . . . . . . . . . . . . . . . . . PATROL Wizard for Microsoft Performance Monitor and WMI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Appendix C PATROL for Windows . . . . . . . . . . . . . . . . . . . PATROL Wizard for Microsoft Performance Monitor and WMI. . . . . . . . . . . . . PATROL KM for Microsoft Windows OS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL for Microsoft Windows Servers rulesets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL History Loader KM . . . . . . . . . . . . . . . . . . . . . . . . PATROL KM for Event Management required . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL KM for Microsoft Active Directory . Index Contents 9 . . . . PATROL for Microsoft Windows Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using PCM to apply configurations changes to other agents. . . . . . . . . . . PATROL KM for Microsoft Windows Domain Services . . . . . . . . PATROL for Microsoft Windows Servers rulesets . . . . . . . . . .

10 BMC PATROL for Microsoft Windows Servers Getting Started .

. . . . . . . . . . . . . . . . . . 197 Shipped rulesets in PATROL Configuration Manager . . . . 194 Object hierarchy for remote monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Figures Upgrading overview for PATROL for Windows Servers . . . . . . . . . . . . . . 272 Figures 11 . . . . . . . . . . . . . . . 75 PATROL KM for Microsoft Cluster Server with internal CLA configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260 Using the child_list and variable_list variables . . . . . . . . . . . . 75 Collection architecture for remote monitoring . . . . . . . 67 PATROL KM for Microsoft Cluster Server with external CLA configuration . . . . . . . .

12 BMC PATROL for Microsoft Windows Servers Getting Started .

. . . . . . . . . . . 64 Choosing an upgrade procedure . . . . 74 PATROL for Microsoft Windows Servers . . . . . . . . . . . . . . . . . . . . . . . 65 Default values for PATROL location variables . . . 27 Netlogon monitored events . . . 101 Enabling and disabling system monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Notification Server dialog box properties . . . . . . . . . . . 117 Process control options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Kerberos monitored events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 Event filter events:example . . . . . . . . . . . . . . . 138 Notification server properties . . . . . . . . . 44 Removing rights and admin group membership from the PATROL Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115 Configuration variable and service restart: combinations . . . . . . . . . . . . . . . . . . 106 Default service monitoring flags . . . . . . 168 Reports for PATROL KM for Microsoft Windows Domain Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Core Active Directory service monitored events . . . . . . . . . . . . . . . . 97 PATROL KM for Microsoft Windows OS configuration tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129 Selecting a recovery action instance . . . . . . . . . . . . . . . . . 35 System requirements for installing and using PATROL for Windows Servers . . . . . . . . . . . . . . . . . . . . . . 90 Console functionality that requires local admin rights . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 Event filter options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134 Quick Config . . 169 Reports for PATROL KM for Microsoft Message Queue . . . . . . . . . . . . . . . . . . . 122 Event details displayed in the Windows Event Viewer dialog box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117 Regular expression syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116 Process monitoring options . . . . . . . . . . 170 Reports for PATROL for Microsoft COM+ . . . . . . . 134 Requirements for notification server when using Windows e-mail clients . . . . . . . . . . . . . . . . 26 File replication service/group policy monitored events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170 Tables 13 . . . . . . . . . . 45 Versions that you can migrate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131 Recovery action configuration options . . . . . . . . . . . . . . . . 39 Advanced user rights . . . . . . . . . . . . . . . . . . . . . . . .DNS name registration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 PATROL for Microsoft Windows Servers Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142 Reports for PATROL KM for Microsoft Windows OS . . . . . . . 27 Time synchronization service monitored events . . . . . . . . . . . . . . . 126 Built-in recovery actions .Tables Monitored events . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 KM file naming patterns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139 PATROL Wizard for Microsoft Performance Monitor and WMI Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71 Monitoring configuration options for PATROL KM for Microsoft Cluster Server . . . . .kml files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114 Service monitoring options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131 Notification script location on Windows . . . . . . . . . . . . . . .

. . . . . . 286 PATROL KM for Microsoft Cluster Server . . . . . . . . . . . . . . . . . . . . . . . . . . . 263 File server ruleset . . . 264 Mail server ruleset . . . . . . . . . . . . . . 276 Example: changing parameter thresholds . . . . . . . . . . . . . . . . . . 265 WINS server ruleset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215 PATROL KM for Microsoft Windows OS variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219 PATROL KM for Windows Domain Services variables . . . . . . 189 Operation of configuration and history environment variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .kml file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268 Special characters required for pconfig variables . . . . . . . . . 271 Example: adding a service to monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178 Cluster administration properties . . . . . . .kml file .kml file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253 PATROL KM for Windows COM+ variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273 Example: adding a process to monitor . . . . . . . . . . . 285 PATROL KM for Microsoft Windows Active Directory Remote Monitoring . . . . . . . . . . . . . . . . . . . . . . . 287 PATROL KM for Microsoft COM+ . . . . . . . . . 288 PATROL Wizard for Microsoft Performance Monitor and WMI . . . 265 DHCP server ruleset . . . . . . . . . . . . . . . . . . . . . . 287 PATROL KM for Microsoft Message Queue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .kml file . . 274 Example: adding an event filter to monitor . . . . . . . . . 267 SMS site ruleset . . . . . . . . . . . . . . . 254 PATROL Wizard for Performance Monitor and WMI variables . . . 262 Remote access / VPN server ruleset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258 Configuration variable locations . . . . . . . . . . . . . . . . . . . . 186 PATROL cluster-specific environment variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284 PATROL KM for Microsoft Windows OS NT_HYPER-V. . . . . . . . . . . . . . . . . 285 PATROL KM for Microsoft Windows Active Directory . . . . . . . . . . . .kml file 286 PATROL KM for Microsoft Windows Domain Services . . . . . . . . . . . . . . . . 256 Server roles . . . . . . . . . . . . . 264 DNS server ruleset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .kml file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248 PATROL KM for Windows Message Queue variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197 Accessing KM Commands and InfoBoxes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289 14 BMC PATROL for Microsoft Windows Servers Getting Started . . . . .kml file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278 Understanding the THRESHOLDS rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260 Application server ruleset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .kml file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244 PATROL KM for Microsoft Cluster Server variables . . . . . . . . . . . . 279 PATROL KM for Microsoft Windows OS NT_LOAD. . . . 288 PATROL KM for Log Management . . . . . . . . . . . . . .Information required by PCC . . . . . . 241 PATROL KM for Microsoft Active Directory variables . 255 PATROL for Microsoft Windows Servers variables . . . . . . . 263 Domain controller ruleset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214 Accessing online Help . . . . .kml file . . . . . . . . . . . . . . 263 Print server ruleset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278 Example: Inactivating or deactivating a parameter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190 Parameters for remote monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261 Terminal server ruleset . . . . . .kml file . . . . . . . . . . 266 Streaming media server ruleset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266 SMS primary site ruleset . . . . . 282 PATROL KM for Microsoft Windows OS NT_BASE. . . . . . . . . . . . . . . . . . . . .kml file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .kml file . 289 PATROL for Windows Ruleset . . . . . . . . . . . . 290 Tables 15 . .PATROL History Loader KM . .kml files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289 PATROL KM for Event Management . . . . . . .kml files . . . . . . .

16 BMC PATROL for Microsoft Windows Servers Getting Started .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Related documentation . . . . PATROL KM for Microsoft Windows Active Directory Remote Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL Wizard for Microsoft Performance Monitor and WMI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Virtualization with Hyper-V . . . . . . . . . PATROL Cluster Configuration Wizard . . . . . . . . . . . . . . . . . . . . . . . . . PATROL Agent . . . . . . . . Centralized event filtering and notification. . . . . . . . . . . Chapter 1 Product components and capabilities 17 . . . . PATROL KM for Log Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL KM for Event Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL KM for Microsoft Windows Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL Adapter for Microsoft Office . . . . . . . . . . . . . . PATROL KM for Microsoft Windows Domain Services . . . . . . . . . . . . . . Services . . . . . Predefined rulesets for common server types. . . . . . . . . PATROL KM for Microsoft Windows Operating System . . . . . . . . . . PATROL KM for Microsoft Cluster Server . . . . . . . This chapter provides a brief overview of PATROL for Windows Servers and covers the following topics: PATROL for Windows Servers features . . . . . . . . . . . . . . . . . . Where to go from here. . . . . . . . . . PATROL KM for Microsoft Message Queue (MSMQ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Product components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL KM for Microsoft COM+. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Chapter 1 18 18 18 18 19 19 20 21 22 28 30 30 31 31 31 32 33 34 34 34 34 35 35 35 1 Product components and capabilities BMC PATROL for Microsoft Windows Servers Getting Started provides the necessary information and instructions for installing and configuring the PATROL for Microsoft Windows Servers product (also referred to as PATROL for Windows Servers). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL History Loader KM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Built-in recovery actions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ability to deploy configuration settings . . . . . . . . . . . . . .

built-in recovery actions. For more information. You can configure these recovery actions to run automatically or only with operator intervention.” Built-in recovery actions PATROL for Microsoft Windows Servers provides the following automated. Ability to deploy configuration settings PATROL for Microsoft Windows Servers supports the PATROL Configuration Manager. all PATROL for Microsoft Windows Servers configuration settings are stored as agent configuration variables. you can centralize and correlate events. To support the PATROL Configuration Manager. “Managing configuration variables. s s s s s s s s terminating a run-away process clearing the temp directory backing-up and clearing event logs restarting processes restarting failed services increasing available DFS connections when utilization is high increasing share connections when utilization is high initiating WINS scavenging when replication fails 18 BMC PATROL for Microsoft Windows Servers Getting Started . Recovery actions are corrective actions taken by PATROL when a parameter reaches a set value. which allows you to configure and deploy KM configuration settings to other servers in your environment. see Appendix B. This ability enables you to use paging and e-mail to bring issues to the experts' attention for quick resolution. The versions of Microsoft Windows servers that are monitored depend upon the version of the PATROL for Microsoft Windows Servers that you are using. For a complete list of the agent configuration variables for PATROL for Microsoft Windows Servers.PATROL for Windows Servers features PATROL for Windows Servers features The PATROL for Windows Servers product allows you to monitor and manage Microsoft Windows servers. For a complete list of supported platforms and versions. see “Configuring e-mail notification” on page 132. see the PATROL for Microsoft Windows Servers Release Notes. Centralized event filtering and notification With PATROL.

For more information about the rulesets and using the PATROL Configuration Manager to manage your configuration. Chapter 1 Product components and capabilities 19 . Hyper-V consists of a 64-bit hypervisor that can run 32-bit and 64-bit virtual machines concurrently. If necessary. Predefined rulesets for common server types PATROL for Microsoft Windows Servers provides rulesets that provide appropriate monitoring setups for common server types. Hyper-V virtualization works with single and multiprocessor virtual machines and includes tools such as snapshots. the bootstrap and deposited pages. The new hypervisor platform works with Windows Server 2008 to create and manage a virtual infrastructure. or see “Configuring recovery actions” on page 128. such as a file server or an application server. and the partitions. see “Using PATROL Configuration Manager to apply rulesets” on page 257. which you can access from the PATROL console. Using the PATROL Configuration Manager. which capture the state of a running virtual machine. Virtualization with Hyper-V Microsoft Windows provides virtualization called Hyper-V. logical processors. PATROL KM for Microsoft Windows allows you to monitor and gather information about of Hyper-V entities by using the application classes and their parameters. and the running partitions present.exe) service to ensure that WMI data is available restarting a PATROL Agent on a remote server For more information about specific recovery actions. you can then adjust your configuration and save it in the ruleset.PATROL for Windows Servers features s s restarting the Windows Management Instrumentation (WINMGMT. The KM allows you to monitor the following Hyper-V entities: Hypervisor The product reports information about the number of monitored notifications registered with a hypervisor. which you can then apply to other servers. virtual processors. see the online Help. you can automatically configure the server monitoring by applying these provided rulesets to the appropriate server.

It reports the rate of hypervisor intercept messages. Product components The PATROL for Windows Servers product includes components and Knowledge Modules (KMs) that manage and monitor elements of your server environment. PATROL for Windows Servers includes the following components and KMs. which are described in the sections that follow. the operating system and its version. It displays the allocation of resources by the hypervisor to a partition when partitions compete for resources. the service pack. It also displays the process ID of the worker process corresponding to the partitions.Product components Logical processors of the system The product reports information about the rate of the virtual processor context switches on a logical processor. maximum size as viewable by the partition. size on the physical disk. the total memory allocated to a partition. Partitions of the system The product reports information about the partitions present in the system. and the percentage of time that a processor spends in the guest and hypervisor codes. and so on. and the summary and state of all the partitions. the rate of hardware and hypervisor interrupts on a processor. and the percentage of use of the types of virtual hard disks. 20 BMC PATROL for Microsoft Windows Servers Getting Started . NOTE To discover Hyper-V partitions and the data for each partition. It reports the number of virtual processors associated with a partition. Virtual hard disks of a partition The product reports information about virtual hard disks of a partition such as their type. the BMC PATROL Agent default user must be added to the local administrator group. Virtual processors of the partition The product reports information about the virtual processors such as the resources available to a partition and the number of partitions that you can run at a time. the qualified domain name. and the uptime of the partition. A KM is a set of instructions that the PATROL Agent uses to monitor objects in your enterprise. It also reports the percentage of time that a processor spends in the guest and hypervisor codes.

Product components s s s s s s s s s s s s s s PATROL KM for Microsoft Windows Operating System PATROL KM for Microsoft Windows Active Directory PATROL KM for Microsoft Windows Active Directory Remote Monitoring PATROL KM for Microsoft Windows Domain Services PATROL Cluster Configuration Wizard PATROL KM for Microsoft Cluster Server PATROL KM for Microsoft COM+ PATROL KM for Microsoft Message Queue PATROL KM for Event Management PATROL KM for Log Management PATROL Wizard for Microsoft Performance Monitor and WMI PATROL Adapter for Microsoft Office PATROL Agent PATROL History Loader KM PATROL KM for Microsoft Windows Operating System The PATROL KM for Microsoft Windows OS monitors the availability of your servers. which includes the following elements: s disk space s disk drive usage s disk quotas and mount points s cache s CPU usage s memory usage s Windows event logs s Windows services s Window processes s printer status s registry values s network usage s hypervisor s logical processors s partitions s virtual processors s virtual hard disks With the PATROL KM for Microsoft Windows OS you can also perform the following functions: Chapter 1 Product components and capabilities 21 .

A PATROL KM for Microsoft Windows Active Directory managed system is a Windows domain controller onto which PATROL for Windows Servers has been installed. Managed systems PATROL KM for Microsoft Windows Active Directory monitors the performance of managed systems in a Microsoft Windows Active Directory environment. Each managed system is responsible for monitoring Microsoft Windows Active Directory’s key indicators that are required to ensure and maintain the consistency of the Directory data and the desired level of service throughout the Microsoft Windows Active Directory forest. Whether you choose to monitor and analyze one environment or many. A managed system provides a view of its Microsoft Windows Active Directory environment. see the product online Help. see “Configuring the PATROL KM for Microsoft Windows OS” on page 101.Product components s s s monitor and manage services monitor system Stop errors and manage dump files create custom composite parameters that are based on existing parameters For information about configuring these features. PATROL KM for Microsoft Windows Active Directory helps you s s s s s s detect and notify if Microsoft Windows Active Directory generates errors or performs slowly monitor performance of system resources plan for capacity and availability monitor all domain controllers within a site monitor all domain controllers between sites anticipate and eliminate problems before they become apparent to users of the monitored Active Directory environments For a brief description of product features. see the sections that follow. For more detailed information about how to use the product and complete descriptions of the application classes and parameters. PATROL KM for Microsoft Windows Active Directory The PATROL Knowledge Module for Microsoft Windows Active Directory lets you monitor and analyze your Microsoft Windows Active Directory environments. 22 BMC PATROL for Microsoft Windows Servers Getting Started .

Chapter 1 Product components and capabilities 23 . See the online Help for more information. Intrasite replication monitoring PATROL KM for Microsoft Windows Active Directory monitors the replication status of the domain controller upon which it is installed. Each bridgehead server in a site is checked to determine if Microsoft Windows Active Directory updates from other sites have been successfully replicated to the bridgehead server. The AD_AD_CNF application class monitors replication collisions that occur during replication when an object with the same Relative Distinguished name is created in the same container on two or more different domain controllers. However. it requires no configuration. This functionality includes monitoring basic replication by creating synthetic transactions and verifying the replication of those transactions. The AD_AD_REPLICATION application class monitors this activity. Directory replication is monitored at each managed system (domain controller). both within a site (intrasite) and between sites (intersite) in the configuration naming context and/or the domain context of the current domain controller. Replication health monitoring PATROL KM for Microsoft Windows Active Directory monitors the performance of Active Directory replication for the local server. Replication collisions monitoring PATROL KM for Microsoft Windows Active Directory enables users to configure the Active Directory object types that should be monitored for replication collisions. The intersite replication interval is automatically determined at each collection. if desired. you can override the automatic replication interval determination. Intersite replication monitoring Intersite replication monitoring verifies that Microsoft Windows Active Directory updates are successfully distributed between sites. by configuring the configuration database (pconfig) variable. /ActiveDirectory/Configuration/<site>/IntersiteReplicationSchedule.Product components Replication monitoring PATROL KM for Microsoft Windows Active Directory monitors the Microsoft Windows Active Directory replication for errors and latency (to verify that replication occurs within a reasonable time). on a site-by-site basis. It determines whether updates from each domain controller within the site have been replicated successfully and in a timely manner.

SAM monitoring PATROL KM for Microsoft Windows Active Directory monitors the Security Account Manager (SAM). Authentication monitoring PATROL KM for Microsoft Windows Active Directory monitors Kerberos and NTLM authentication requests made against the Microsoft Windows Active Directory server. The AD_AD_LDAP application class monitors the performance of these LDAP requests. The AD_AD_SAM application class monitors these security requests.Product components FSMO monitoring PATROL KM for Microsoft Windows Active Directory monitors the availability of the forest-wide and domain-wide flexible single master operations (FSMO) roles. FSMO role placement monitoring PATROL KM for Microsoft Windows Active Directory monitors the placement of Active Directory FSMO roles in the domain and forest. SAM provides legacy NT authentication support. 24 BMC PATROL for Microsoft Windows Servers Getting Started . LDAP monitoring PATROL KM for Microsoft Windows Active Directory monitors Lightweight Directory Access Protocol (LDAP) locally at each monitored system for connection availability and response time. The AD_AD_ADDRESS_BOOK application class monitors these requests. The AD_AD_FSMO_ROLE_CONNECTIVITY application class monitors the domain controllers ability to locate and establish an LDAP connection with the FSMO role holder. The AD_AD_FSMO_ROLE_PLACEMENT application class monitors the placement of these roles. Address book monitoring PATROL KM for Microsoft Windows Active Directory monitors the performance of Address Book requests made against the Microsoft Windows Active Directory server. The AD_AD_AUTHENTICATION application class monitors these requests. FSMO role connectivity monitoring PATROL KM for Microsoft Windows Active Directory monitors the connectivity status of each of the five FSMO role holders from a domain controller.

Product components Domain Naming Service monitoring PATROL KM for Microsoft Windows Active Directory verifies and monitors various DNS record data for the Microsoft Windows Active Directory server. Chapter 1 Product components and capabilities 25 . File Replication Service monitoring PATROL KM for Microsoft Windows Active Directory monitors various aspects of file replication service health. PATROL KM for Microsoft Windows Active Directory configures the PATROL KM for Microsoft Windows OS to monitor various events pertaining to s s s s s s DNS name registration Core Active Directory service File replication service and group policy Time synchronization service Kerberos Netlogon Events monitored by parameters Some parameters now monitor specific Active Directory events. Group policy monitoring PATROL KM for Microsoft Windows Active Directory detects when a user account in one or more Group Policy Objects (GPO) cannot be resolved to a security identifier (SID). See the Help for the PATROL KM for Window Active Directory for information about these parameters. The AD_AD_FRS application class monitors the FRS specific information. Lost and found objects monitoring PATROL KM for Microsoft Windows Active Directory monitors for the presence of objects in the LostAndFound container in the domain naming context of the domain controller. The AD_AD_DNS application class monitors the DNS specific information. Event monitoring To measure the overall health of the domain controllers. The AD_AD_GPO application class reports this condition. The AD_AD_LOST_AND_FOUND_OBJECTS application class monitors for lost and found objects.

as shown in Table 2. as shown in Table 3.DNS name registration Event Significance DNSAPI DNSAPI DNSAPI DNSAPI NETLOGON 11154. 11151. 11165 support dynamic update. DNS name registration To identify failures with the DNS name registration.11155. Event Log Source System NETLOGON 5774 Core Active Directory service To identify failures with the core Active Directory service. 11153. 26 BMC PATROL for Microsoft Windows Servers Getting Started . PATROL KM for Microsoft Windows Active Directory configures PATROL KM for Microsoft Windows OS to obtain event information. A resource record for the domain controller is not 11163. 11150.Product components Events monitored for specific areas of failure The following tables contain event information that is classified by specific areas of failure. File replication service and group policy To identify failures with the file replication service and group policy. Table 1 System System System System System Monitored events . 5773 DNS locator record is not registered because the primary DNS server does not support dynamic update. PATROL KM for Microsoft Windows Active Directory configures PATROL KM for Microsoft Windows OS to obtain event information. Table 2 Event Log Directory Service System Core Active Directory service monitored events Source all sources LSASS Event Severity = error Severity = error Significance primary error events for Active Directory Local security authority is the core security subsystem for Active Directory. PATROL KM for Windows Active Directory configures PATROL KM for Microsoft Windows OS to obtain event information. 11167 registered in DNS. A DNS domain controller locator record is not registered. as shown in Table 1. Zone or currently-connected DNS server does not 11164. 11162 DNS server timed out 11152. 11166 domain controller does not have rights to perform a secure dynamic update.

PATROL KM for Microsoft Windows Active Directory monitors the events shown in Table 6 on page 28. the default authentication protocol. which is required for proper domain controller functionality. PATROL KM for Microsoft Windows Active Directory monitors the events shown in Table 4.Product components Table 3 Event log FRS File replication service/group policy monitored events Source all sources USERENV Event Severity = error Severity = error User = System Significance synchronizes policy between all domain controllers in the forest applies group policy and profiles on domain controllers Application Application SCECLI Severity = error Security Configuration Engine error messages Time synchronization service To identify events that may indicate problems maintaining uniform time in the Active Directory forest. Table 4 Event log System Time synchronization service monitored events Source W32TIME Event Severity = error Severity = warning Significance problem maintaining uniform time throughout the Microsoft Windows Active Directory forest Kerberos To identify events that many indicate problems with Kerberos. Chapter 1 Product components and capabilities 27 . PATROL KM for Microsoft Windows Active Directory monitors the event shown in Table 5 Table 5 Event Log System Kerberos monitored events Source KDC Event Severity = error Significance critical Kerberos Distribution Center service error messages Net Logon To identify events that may indicate problems with Net Logon service and protocol.

Some FSMO roles must appear in every forest. domain controllers in those sites. However some changes do not lend themselves to a multi-master environment.Product components Table 6 Event log System Netlogon monitored events Source Event Significance critical NETLOGON service errors NETLOGON Severity = error 5705. For more detailed information about how to use the product and complete descriptions of the application classes and parameters. 5723 PATROL KM for Microsoft Windows Active Directory Remote Monitoring The PATROL Knowledge Module (KM) for Microsoft Windows Active Directory Remote Monitoring product provides remote enterprise monitoring of Active Directory objects. see the sections that follow. For a brief description of product features. The operations master roles can be moved between domain controllers within the domain and are referred to as Flexible Single Master Operation (FSMO) roles. accepts requests for such changes. while other roles must appear in every domain within the forest. see the product online Help. One domain controller. The Active Directory is the core feature of distributed systems in Microsoft Windows Servers. FSMO monitoring PATROL KM for Microsoft Windows AD Remote Monitoring monitors both the forest-wide and domain-wide Flexible Single Master Operation (FSMO) roles. The following operations master roles must appear in every forest: s s schema master domain naming master 28 BMC PATROL for Microsoft Windows Servers Getting Started . there are five FSMO roles that are assigned to one or more domain controller. the operations master. and FSMO roles from member servers of a domain in the network. The primary focus of PATROL KM for Microsoft Windows AD Remote Monitoring is to monitor remote sites. This model takes domain configuration changes made at any domain controller in the domain and automatically propagates those changes to each of the domain controllers in the domain. In any Active Directory forest. Active Directory supports multi-master replication of the directory data between all domain controllers in the domain.

dc._msdcs. Longer connect times may indicate a heavily loaded domain controller.fullyQualifiedForestRootDomainName. To eliminate network latency. response time for performing an LDAP bind operation is measured on the domain controller being tested. The domain controller monitoring checks the connectivity and the response time to the server using LDAP bind. DNS name registration This product monitors the Domain Name System (DNS) for the following records: s A DNS address record (A record) that matches the IP address of the domain controller and is registered with the DNS server._msdcs._tcp. LDAP monitoring Lightweight Directory Access Protocol (LDAP) is monitored locally at the managed node._tcp. Chapter 1 Product components and capabilities 29 . Sites and domain controller This product monitors sites and domain controllers from a member server machine of the domain in which it resides. It monitors all the sites of the domain or any specific site in the global catalog for the site. the KM sends the following query to the default DNS server: _ldap. To obtain information about this record.Product components The following operations master roles must appear in every domain: s s s relative ID master infrastructure master primary domain controller (PDC) emulator NOTE Domain controllers and the client must be able to locate and establish an LDAP connection with the FSMO role holders. the KM sends the following query to the default DNS server: _ldap. LDAP response time is measured as the amount of time required to establish an LDAP connection to a domain controller.fullyQualifiedDomainName. It also monitors values of site domain controllers.dc. A DNS LDAP service location (SRV) record that matches the host name of the domain controller and is registered with the DNS server. s s A global catalog LDAP SRV record that matches the host name of the global catalog for the domain controller and is registered with the domain controller. To obtain information about this record.

Product components PATROL KM for Microsoft Windows Domain Services The PATROL KM for Microsoft Windows Domain Services monitors the availability of the following Microsoft Windows domain controller resources: s s domain controllers member servers PATROL KM for Microsoft Windows Domain Services monitors: s s s s s s s s Distributed File System (DFS) Dynamic Host Configuration Protocol (DHCP) service availability and lease usage Domain Name Service (DNS) remote server connectivity replicated directories shared directories trust relationships Windows Internet Naming Service (WINS) For instructions on how to monitor these features. The PATROL KM for Microsoft Cluster Server allows you to obtain the current status of all essential cluster objects and perform cluster operations using a cluster-level agent that is installed on a server that is outside of the cluster or on a node that is inside of the cluster. Using the PATROL KM for Microsoft Cluster Server. see the PATROL KM for Microsoft Windows Domain Services online Help system. analyzes. you can monitor the following cluster features: s s s s s s s s s s all clusters in a domain (only available when the agent is outside of the cluster) individual clusters cluster communication networks cluster network interfaces cluster nodes cluster objects and resources cluster groups workload data group resources quorum device 30 BMC PATROL for Microsoft Windows Servers Getting Started . and manages activities of a Microsoft server cluster. PATROL KM for Microsoft Cluster Server The PATROL KM for Microsoft Cluster Server component monitors.

Product components

For more information about specific functionality that supports these features see the PATROL KM for Microsoft Cluster Server online Help.

PATROL Cluster Configuration Wizard
The PATROL Cluster Configuration Wizard provides an easy-to-use interface with which you can configure the PATROL Agent for failover in a Microsoft Cluster Server environment. While guiding you through the process, the wizard collects the required configuration data and updates the system environment to integrate the PATROL Agent into the cluster. Configuring the PATROL Agent for failover support allows you to record history data for a clustered application in the same history database. This feature prevents you from having to reconcile the two different history files that are normally created when an application is failed-over from one node to another. For more information, see “How to use the PCC Wizard” on page 178.

PATROL KM for Microsoft Message Queue (MSMQ)
The PATROL KM for Microsoft Message Queue monitors message activity and status, which includes monitoring of
s s s s

MSMQ service MSMQ queues MSMQ messages MSMQ roundtrip message time

For instructions on how to monitor these features, see the PATROL KM for Microsoft Message Queue KM online Help system.

PATROL KM for Microsoft COM+
The PATROL KM for Microsoft COM+ provides functionality to monitor Microsoft COM+ (COM+) on a Windows Server. The PATROL KM for Microsoft COM+ product monitors and manages the following functions for Windows servers:
s s

monitors the COM+ run-time environment monitors the status of COM+ applications

Chapter 1 Product components and capabilities

31

Product components

s s s

manages the MS DTC service by providing the ability to start or stop the service monitors Windows COM+ log events monitors Windows log events related to the Microsoft Distributed Transaction Coordinator (MS DTC) service and monitors the MSDTC service status

For instructions on how to use these features, see the PATROL KM for Microsoft COM+ KM online Help system.

PATROL KM for Log Management
The PATROL KM for Log Management monitors text, script, named pipe, and binary files in your environment. The KM provides the following monitoring features:
s s s s s s s s s

automatically monitors key log files monitors files that do not currently exist on the system monitors log files with dynamic names using wild card characters monitors the size of log files monitors the growth rate of log files monitors the content of log files monitors the state of log files monitors the age of the log files monitors log files using numeric comparisons

The PATROL KM for Log Management also provides the following management features:
s

triggers alerts when a log file exceeds a specified size triggers alerts when a text string or regular expression is discovered within a log file creates automated recovery actions when a log file exceeds an acceptable size or growth rate configures log searches to — ignore subsequent alerts for a specified number of polling cycles if the search finds a matching string or regular expression in a log file — override an ignored alert if the search finds a matching string or regular expression more than n times before the ignore setting is completed — specify the number of log scan cycles after which a WARN or ALARM state is automatically changed to OK

s

s

s

32

BMC PATROL for Microsoft Windows Servers Getting Started

Product components

s

creates robust searches by using NOT and AND statements with the text strings or regular expressions in the log search alerts for log file age sets multiple schedules for multiple polling cycles per log file disables/enables default log monitoring

s

s

s

You can set up the following predefined recovery actions to execute when monitored log files exceed a specified size or growth rate.
s s s

clear and back up log files delete files run in attended and unattended modes

To get started with the PATROL KM for Log Management, see “Configuring the PATROL KM for Log Management” on page 147. For detailed instructions, see the BMC PATROL KM for Log Management User Guide and the PATROL KM for Log Management online Help system.

PATROL KM for Event Management
PATROL for Windows Servers provides event notification and centralized alert management features. With the PATROL KM for Event Management, you can perform the following tasks:
s s s s s s s s s s s

configure notification (email, paging, trouble-ticket, or custom) for PATROL alerts configure PATROL to send notifications to an enterprise console configure recovery actions for alarm, warning, and information events reword notification messages and customize message content specify the maximum number of events displayed in the console use wildcards to represent instance names when setting up parameters configure PATROL to monitor the availability of hosts manage PATROL parameter thresholds and polling schedules configure blackout periods for notification and for availability monitoring integrate with the AlarmPoint notification software using provided scripts integrate with any command line email client, paging solution, compiled executable, or script. Sample scripts are provided.

To get started with the PATROL KM for Event Management, see “Configuring e-mail notification” on page 132. For more detailed instructions and reference information, see the PATROL KM for Event Management User Guide.

Chapter 1 Product components and capabilities

33

Product components

PATROL Wizard for Microsoft Performance Monitor and WMI
The PATROL Wizard for Microsoft Performance Monitor and WMI is a powerful but easy-to-use tool that allows you to create new, user-defined PATROL parameters based on Microsoft's Performance Monitor counters or Windows Management Instrumentation (WMI) data. You can also set alarm and warning thresholds for each parameter you create. This functionality allows you to monitor performance counters and WMI data that are not typically monitored by PATROL. For more information, see “Configuring PATROL Wizard for Microsoft Performance Monitor and WMI” on page 142, or the PATROL Wizard for Microsoft Performance Monitor and WMI online Help.

PATROL History Loader KM
The PATROL History Loader KM extracts PATROL KM parameter history and loads it into your relational database management system (RDBMS). Once PATROL history data is stored in an RDBMS, you can perform complex analysis and statistical planning on all monitored activity. For more information, see the PATROL History Loader Knowledge Module User Guide.

PATROL Adapter for Microsoft Office
The PATROL Adapter for Microsoft Office component allows you to connect to a PATROL Agent and gather information without a PATROL Console. With the PATROL Adapter for Microsoft Office, you can evaluate PATROL data by using Microsoft Excel. The PATROL Adapter for Microsoft Office collects data from PATROL parameters on local or remote hosts and displays the data as a Microsoft Excel chart or graph. You also can create HTML output for Web display. For more information, see the PATROL Adapter for Microsoft Office User Guide. For a list of PATROL Adapter for Microsoft Office reports, see “Displaying PATROL data by using the PATROL Adapter for Microsoft Office” on page 167.

PATROL Agent
PATROL for Windows Servers includes the PATROL Agent. The PATROL Agent monitors a system according to the instructions provided by loaded PATROL KMs. You can display the information gathered by the PATROL Agent on the PATROL Console. For more information, see the PATROL Agent Reference Manual.
34 BMC PATROL for Microsoft Windows Servers Getting Started

Services

Services
The PATROL for Microsoft Windows Servers product uses the following services: Table 7
Service PATROL Agent The PATROL MCS Monitor Service

PATROL for Microsoft Windows Servers Services
Component or KM PATROL Agent PATROL KM for Microsoft Cluster Server Installed and Runs by Default? yes no

Related documentation
For additional information about PATROL for Windows Servers, see the online Help for the component of interest and refer to the PATROL for Microsoft Windows Servers release notes. For information about the PATROL for Windows Servers parameters, see the product Help or the PATROL Parameter Reference Manual. For additional information about PATROL, see the following documentation:
s s

Help for your PATROL Console PATROL Fundamentals Help

To view the complete PATROL documentation library, visit the support page on the BMC Software Web site at http://www.bmc.com/support. Log on and select a product to access the related documentation. To log on if you are a first-time user and have purchased a product, you can request a permanent user name and password by registering at the Customer Support page. To log on if you are a first-time user and have not purchased a product, you can request a temporary user name and password from your BMC Software sales representative.

Where to go from here
The following table suggests topics that you should read next:
If you want information about... how to install the PATROL for Windows Servers product See... Chapter 2, “Installing and migrating PATROL for Windows Servers”

how to load and configure the components using a Chapter 3, “Loading and configuring PATROL for PATROL console Microsoft Windows Servers”

Chapter 1 Product components and capabilities

35

Where to go from here

If you want information about... troubleshooting configuration problems

See... Chapter 6, “Troubleshooting PATROL for Microsoft Windows Servers”

PATROL for Windows Servers agent configuration Appendix B, “Agent configuration variables and variables and predefined rulesets rulesets” KMs included in each PATROL for Windows Servers .KML file Appendix C, “PATROL for Windows .kml files”

36

BMC PATROL for Microsoft Windows Servers Getting Started

. . . . . . Upgrading from an earlier version . . . . . . . . . . . . Checking security levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Determining where to install the PATROL Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . First-time installation using Distribution Server. . . . . . . . . . . . . . . Additional component-specific requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . For additional information about the PATROL installation process. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Determining how to install products . . . . . Assessing and implementing a different security level . . . . . . . . . . Unsupported platform option in the installation utility user interface. . . . Chapter 2 Installing and migrating PATROL for Windows Servers 38 39 39 40 43 49 49 50 50 50 51 51 51 51 52 52 53 54 54 54 55 55 60 60 61 62 63 37 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Preparing for installation . . . . . . . . . . . . . . . . . . . . . . . Determining where to install KMs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Installing for the first time . . . . . . . . . . . . . . . . Verifying installation requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Chapter 2 Installing and migrating PATROL for Windows Servers 2 This chapter provides the information that you need to install PATROL for Windows Servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . First-time installation. . . . . . . . . . . . . . . Checking for product patches or fixes before installing . . . . Importing a CD or customized installation package into Distribution Server. . . see the PATROL Installation Reference Manual. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . The following topics are discussed in this chapter: Installation overview . . . . Default and custom installation types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Turning off pop-up blocking software before installing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Distribution Server features . . . . . . . . . . . . . . . . . . . . . . . . . . . . Installing the PATROL Agent over an existing installation . . . . . . . . . . . . . . . . . . . . . . . . . Extracting installation files after download. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Installing with the Distribution Server (overview) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Determining the version of the installation utility . . . . . . . . Extraneous target platform options available in the installation utility user interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL Security levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Accounts . . . . . . . . . System requirements. . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 Upgrading and preserving KM customizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Installation overview Automatic migration of console and agent customizations . . . . . . . . . . . . . . . . . . . . . . 65 PATROL for Windows Servers upgrade scenarios . . . . . . For additional installation instructions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 Determining the version of the installation utility . . . . . . . . . . . . . . . . . . . 74 Internal cluster-level agent architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 Upgrading without saving KM customizations . . . . . . . . . . . . . . . . . . . . . . . . . 64 Determining the location of PATROL. . . . . 70 Moving files from the PATROL_CACHE directories. . . . . . . . . . . . . . . . 76 Considerations for using online Help . . . . . . . see the following documents: Component PATROL KM for Event Management PATROL KM for Log Management PATROL History Loader KM See PATROL KM for Event Management User Guide PATROL KM for Log Management User Guide PATROL History Loader Knowledge Module User Guide PATROL Perform Agent for Microsoft Getting Started with PATROL for Microsoft Windows Windows Servers Servers Performance 38 BMC PATROL for Microsoft Windows Servers Getting Started . . . . . . . 81 Where to go from here . . . . . . . . . . . 80 Uninstalling PATROL for Windows Servers on Windows . . . . 70 Creating an installation package of the migrated and merged KM . . . . 77 Browser version required for viewing PATROL Console for UNIX Help . . . . . . . . . . . . . . . . . . . . . . 78 Additional considerations for using online Help for UNIX . . . . . . . 68 Preparing to upgrade. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 External cluster-level agent architecture . . . . . . . . . . . . . . . . 69 Migrating customizations with the PATROL Configuration Manager . . 72 Installing PATROL KM for Microsoft Cluster Server . . . . . . . . . . 71 Migrating customizations manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 Determining whether you can migrate KM customizations . . . . . . . . . . . . 75 How to Install the PATROL KM for Microsoft Cluster Server . . . . . . . . . . . . . . . . . . . . 85 Installation overview This chapter contains instructions for installing PATROL for Windows Servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 Conditions for upgrading . . . . . . 78 Uninstalling PATROL for Windows Servers . . . . . . .

you are able to select the security level. see the PATROL for Microsoft Windows Servers Release Notes. see “PATROL Security levels” on page 53. contact your BMC Software sales representative or the BMC Software Contract Administration department. The default port number for the RTServer is 2059. verify that your environment meets the following types of requirements: s s s system requirements requirements for specific PATROL for Microsoft Windows Servers components account requirements System requirements Verify that the target computer meets the installation requirements listed in Table 8 on page 39. you must specify the port number to connect to all the agent computers. The default port number for agents is 3181. Make sure that the level that you select is compatible with the rest of your enterprise’s PATROL installation. If your product contains the PATROL Agent. The PATROL Security Level is set during the installation of the PATROL infrastructure components. Comments PATROL products license For an updated list of supported operating systems.Verifying installation requirements Verifying installation requirements Before installing PATROL for Windows Servers. You must have a valid demonstration license (typically good for 30 days) or a permanent license to run your PATROL products. These requirements apply to all PATROL for Windows Servers components. Table 8 Resource operating systems security levels System requirements for installing and using PATROL for Windows Servers (Part 1 of 2) Requirements For an updated list of supported operating systems. All security levels are supported. If you do not have a permanent license. If you are installing an agent or console with PATROL for Windows Servers. see the PATROL for Microsoft Windows Servers Release Notes. For more information about PATROL security. ports (UDP/TCP) Chapter 2 Installing and migrating PATROL for Windows Servers 39 .

you must have the SNMP service installed: s s s NT_DHCP parameters WpReplicationFailures parameter executing the WINS Database Scavenging menu command 40 BMC PATROL for Microsoft Windows Servers Getting Started .01–4.78 to use “Browser version required for viewing online Help with PATROL for UNIX. PATROL Console for UNIX Help” on page 78 (UNIX only) browser to support online Help for PATROL Console for UNIX browsers This product uses an installation utility that requires a browser. see the PATROL Installation Reference Manual.Verifying installation requirements Table 8 Resource System requirements for installing and using PATROL for Windows Servers (Part 2 of 2) Requirements Comments Use Netscape Navigator version 3. PATROL KM for Microsoft Windows Domain Services To monitor network protocols and to use the following domain monitoring parameters and management features. For a list of supported browsers. disk space 151 MB for an agent needed to install (without components and KMs) 151 MB for a console (without components and KMs) 242 MB for an agent (with all solution components and KMs) 116 MB for a console (with all solution components and KMs) Monitor (for Console) File system Network 256-color display 800 x 600 resolution FAT or NTFS TCP/IP network protocol Additional component-specific requirements The following requirements are specific to the PATROL for Microsoft Windows Servers components shown.

0. the SNMP service is configured to accept SNMP packets from any host. On Windows 2003 and later.20 or later for full support. If you are running a release earlier than 3.1.log file. If you are running 3.9.6 or later has access.Verifying installation requirements As a default. For the NT_DHCP application class to work. the KM fails prediscovery and writes a message to the mwd. the KM is discovered.x. At a minimum. It is not sufficient to add “localhost” or the loopback address 127. the default PATROL Agent account must have full access to %PATROL_HOME% and all subdirectories. the SNMP community string must have READ permissions. the PATROL Agent must have access to the following hive and all sub-keys: HKLM\SOFTWARE\Microsoft\WindowsNT\perflib Event log monitoring To discover event logs. the PATROL Agent must have access to the following hive and all sub-keys: HKLM\CurrentControlSet\Services\Eventlog\ PATROL Agent 3. but the Event Log parameters are not available. No additional configuration is needed. then the local host IP address or hostname must be added to the list of hosts. the community string must have WRITE permissions as well.20. On Windows 2000 servers. PATROL KM for Microsoft Windows Active Directory PATROL KM for Microsoft Windows Active Directory now requires the PATROL KM for Microsoft Windows Operating System 3. Chapter 2 Installing and migrating PATROL for Windows Servers 41 .9.9. the community string must be an ASCII character string. as well as to the system output window (SOW). PATROL KM for Microsoft Windows OS This section contains additional requirements for using the PATROL KM for Microsoft Windows OS. If the service is configured to accept packets from hosts. Process monitoring To monitor processes. To initiate the WINS Database Scavenging menu command.0. the default PATROL Agent account must also be a member of the DHCP Users group. Microsoft Windows 2000 does not support non-ASCII characters in community strings.

PATROL default account required permissions Monitoring replication within the configuration naming context requires that the PATROL Agent defaultAccount have sufficient Active Directory permissions to create a container object and child container objects in the configuration naming context of the forest in which the domain controller resides. but the Event Log parameters are not available. The account must have full control of the created objects.10 or later for full support. The PATROL Agent defaultAccount must be granted permission to Create Container Objects in each Domain NC and to give Full Control to the created container object and its children. see “Configuring Windows events monitoring” on page 103. PATROL KM for Microsoft Windows Active Directory supports the Read Only Domain Controller support on Microsoft Windows 2008. 42 BMC PATROL for Microsoft Windows Servers Getting Started . By default the Event Log component is active. For more information.10 the KM is discovered. PATROL for Windows Servers monitors Microsoft Windows Active Directory only when Microsoft Windows Active Directory is running on domain controllers. The PATROL Agent defaultAccount must be granted permission to Create Container Objects in the Configuration NC and to give Full Control to the created container object and its children. If you are running a release prior to 3. PATROL KM for Microsoft COM+ PATROL KM for Microsoft COM+ now requires the PATROL KM for Microsoft Windows Operating System 3. These files are included with PATROL KM for Microsoft Windows OS.9.kml is loaded.Verifying installation requirements PATROL KM for Windows Active Directory requires that the Event Log component of PATROL KM for Microsoft Windows Servers is active.9.kml or NT_LOAD. PATROL KM for Microsoft Cluster Server The PATROL KM for Microsoft Cluster Server requires that NT_BASE. The account must have full control of the created objects. Monitoring replication within the domain naming context requires that the PATROL Agent defaultAccount have sufficient Active Directory permissions to create a container object and child container objects in the domain naming context of the domain in which the domain controller resides.

see the Release Notes for the version of PATROL Adapter for Microsoft Office that you are installing or have installed. PATROL Agent default account PATROL requires a dedicated user account. The data provided for each managed node is collected within the context of the domain of which the managed node is a member. you must load a supported version of Microsoft Excel. see “Preloading KMs on the PATROL Agent” on page 94. Servers that are trusted members of a domain can use either a local or a domain account. PATROL Adapter for Microsoft Office To use PATROL Adapter for Microsoft Office. in the Windows environment. known as the PATROL Agent default account. To see which versions of Microsoft Excel are supported. Chapter 2 Installing and migrating PATROL for Windows Servers 43 . Default account for the PATROL Agent must be a domain user account. PATROL KM for Microsoft Windows Active Directory Remote Monitoring The local node (or member server) provides a client view of the Active Directory objects. The PATROL Agent default account can be either a local or a domain account: s s s Stand-alone workgroup servers must use a local user account as a PATROL Agent default account.00 or later must be installed.kml or NT_LOAD. For more information about preloading. Accounts This section describes how to set up a PATROL installation account for Windows. Domain controllers must use a PATROL Agent default account that is also a domain account. the managed node must meet the following requirements: s s PATROL Agent 3.6.Verifying installation requirements BMC Software recommends that you preload NT_BASE. The PATROL Agent default account must exist in the Windows environment before you install PATROL. To display information about Active Directory objects.kml on the cluster agent machine.

PATROL Agent first tries to log on locally. Table 9 Advanced user rights (Part 1 of 2) Agent Dependency enables PATROL to perform as a secure. The installation utility automatically grants these rights to the PATROL Agent default account. if this fails. KM functions performed The PATROL Agent uses the PATROL Agent default account to perform the following KM functions: s s s s s s s collect information from performance counters collect information from the Windows event log self-tune for peak performance and non-intrusive use of the processor access system-level information make debug-level output available from the PATROL KM applications access the command interpreter for operating-system-level commands create and remove processes in the process table for collecting performance data Advanced user rights To enable the PATROL Agent to perform these advanced functions. the PATROL Agent default account might need the advanced user rights shown in Table 9. These rights are not used during installation. but the PATROL Agent requires these rights to operate and perform certain functions after installation. you will need to have the Log on locally account rights for the connection account. it tries to connect to the console by using the network login rights.Verifying installation requirements NOTE If you are not using the PATROL Agent default account as a Console connection account. trusted part of the operating system enables PATROL to debug low-level objects enables PATROL to increase object quotas allows the PATROL Agent to be started as a service so that it will start on system boot allows PATROL to log on at the computer allows PATROL to monitor the “Security” event log Advanced User Right Act as part of operating system Debug programs Increase quotas Log on as a service Log on locally (Windows 2000) Allow log on locally (Windows 2003) Manage auditing and security log 44 BMC PATROL for Microsoft Windows Servers Getting Started .

The account does not have all of the advanced user rights noted in Table 9 on page 44. On a domain controller. No authentication to the cluster can be performed. Table 10 on page 45 shows the PATROL for Microsoft Windows Servers tasks that the Agent cannot perform when the following restrictions are placed on the PATROL Agent default account: s s The account is in a domain user group or local user group. if you do so. Table 10 KM Removing rights and admin group membership from the PATROL Agent (Part 1 of 3) Effect The cluster KM does not function. Workaround and notes To be fully functional. the PATROL Agent cannot perform all of its tasks. PATROL KM for Microsoft Cluster Server Chapter 2 Installing and migrating PATROL for Windows Servers 45 . The monitoring user account does not have the Logon As Batch Job user right. You could also remove the advanced user rights described in Table 9 on page 44. the agent outside of the cluster can be in the admin group and contain all of its rights. while the agents within the cluster are removed from the administrators group and do not have the seven advanced user rights. but is not in the domain or local administrators group. However. However.Verifying installation requirements Table 9 Advanced user rights (Part 2 of 2) Agent Dependency enables PATROL to use the Windows profiling capabilities enables PATROL to modify a security access token for a process Advanced User Right Profile system performance Replace a process level token Administrative rights BMC Software recommends that you make the PATROL Agent default account a member of the local Administrators group of the computer where the agent will reside. BMC Software recommends that you make the account a member of the domain Administrators group. you can choose to remove the PATROL Agent default account from the local or domain Administrators group.

If the PATROL Agent default account lacks the Debug Programs right. Add the Debug Programs right to the PATROL Agent default account. The Terminate Process and Restart Process recovery actions do not work. you must also add the user right Manage auditing and security log. 46 BMC PATROL for Microsoft Windows Servers Getting Started . Add the PATROL Agent default account to the DHCP Users group. The PATROL Agent default account must be in the local or domain Admins group. Add the user right Manage auditing and security log to the PATROL Agent default account. Add the PATROL Agent default account to the Account Operators. On Windows 2003. Blue Screen KM unable to detect a blue screen condition.Verifying installation requirements Table 10 KM Removing rights and admin group membership from the PATROL Agent (Part 2 of 3) Effect Restart Service recovery action does not execute. Add the Debug Programs right to the PATROL Agent default account. PATROL KM for Windows Operating System Logical disk quotas and mount points do not work. Print Operators. Print Operators. Granting a specific user right is not a valid workaround. Add the user right Backup files and directories to the PATROL Agent default account. Unable to monitor the security event log. Assign read/write permissions on the temp directory to the PATROL Agent Default account. The Increase connections allowed o Share recovery action associated with the ShConnPercent parameter does not work. Message in system output window indicates access denied and inability to restart service. cannot monitor the status of processes. or Server Operators built-in group. DFSRootReplica does not work when checking alternate domain controller. Add the PATROL Agent default account to the Account Operators. For the security event log. The PATROL Agent default account must be in the local or domain Admins group. Granting a specific user right is not a valid workaround. Workaround and notes The PATROL Agent default account must be in the local or domain Admins group. Grant the advanced user right log on locally to the PATROL Agent default account. The NT_EVENTLOG application displays a message in the _DiscoveryStatus parameter. Parameters are unavailable and in alarm. or Server Operators built-in group. the NT_DHCP application class does not work. The Clean Temporary Directories recovery action does not execute. Membership in the Administrators group not needed. PATROL KM for Microsoft Windows Domain Services Shares are not monitored. Backup Event Log and Clear Event Log recovery action does not work. Parameters are not discovered.

Verifying installation requirements

Table 10
KM

Removing rights and admin group membership from the PATROL Agent (Part 3 of 3)
Effect AD disk space used does not work. Workaround and notes Grant the PATROL Agent default account the following permission on the DSA Working Directory and its subdirectories: List Folder Contents/Read Data. The KM reads the registry to obtain the DSA Working Directory. It needs access to the following registry keys and subkeys: HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet\Services\NTDS Configuration NC replication checking does not work. Grant the PATROL Agent default account sufficient Active Directory permissions to create a container object and child container objects in the configuration naming context of the forest in which the domain controller resides. Grant the PATROL Agent defaultAccount permission to Create Container Objects in the Configuration NC and to give Full Control to the created container object and its children. Domain NC replication checking does not work. Grant the PATROL Agent default account sufficient Active Directory permissions to create a container object and child container objects in the domain naming context of the domain in which the domain controller resides. Grant the PATROL Agent defaultAccount permission to Create Container Objects in each Domain NC and to give Full Control to the created container object and its children.

PATROL KM for Microsoft Windows Active Directory

Creating a separate account
Although you can use an existing Windows user account, BMC Software recommends that you create a separate Windows user account for PATROL.

Chapter 2

Installing and migrating PATROL for Windows Servers

47

Verifying installation requirements

WARNING
Do not use a built-in Windows domain or local Administrator account as the PATROL default account. Such account usage causes files created by PATROL to be owned by the Administrator, which could result in security or file access problems.

PATROL KM for Microsoft Cluster Server account
The PATROL KM for Microsoft Cluster Server can be configured to use an external cluster-level agent or an internal cluster-level agent (CLA). The account the KM uses to connect to and manage a cluster depends upon which configuration you use. Regardless of which configuration you use, however, the configuration must have the following characteristics:
s s s

cluster account must be a domain account cluster account must have access permission to the cluster all local agents in the cluster must use the same port number

An external CLA configuration requires a user-defined cluster account separate from the PATROL default account. This account must have cluster administrative privileges. The PATROL MCS Monitor Service (McsService.exe) also runs under this account. An internal CLA configuration can use either a separate user-defined cluster account (a domain account with cluster administrative privileges) or, when certain requirements are met, it can use the PATROL default account. When installed, if the PATROL KM for Microsoft Cluster Server does not discover a separate cluster account, it checks the PATROL agent default account for the following required characteristics:
s s

it must be a domain account it must have permission to access the cluster

If these requirements are in place, the Cluster KM uses the PATROL agent default account to access the cluster and to communicate with the agents running on all other nodes in the cluster, and the PATROL MCS Service runs under this account. This account information is not replicated to other nodes so, if you want the Cluster KM to use the PATROL agent default account to monitor the cluster, these requirements must exist for every PATROL agent default account on every node in the cluster. To discover the PATROL KM for Microsoft Cluster Server you require the Logon as a
batch job privilege for cluster account and PATROL Default Account.

48

BMC PATROL for Microsoft Windows Servers Getting Started

Preparing for installation

Console connection accounts
BMC Software recommends that you create a separate account, in addition to the PATROL default account, for PATROL console operators who do not need administrative privileges. Operators can use this account to connect the console to the agent. If you want to configure KMs from the console, however, the console connection account may need administrative rights. For more information, see “Requirements for configuring from the PATROL Console” on page 97.

Preparing for installation
BMC Software recommends that you first install PATROL for Windows Servers on a limited number of development or test machines, then configure and test PATROL for Windows Servers before installing it onto production machines. Before you install, you must
s s

s

s s

s

s s s s s

ensure that pop-up blocking software is turned off before installation (see page 49) determine if you are using an unsupported platform option in the installation utility user interface (see page 50) determine the extraneous target platform options available in the installation utility user interface (see page 50) check for product patches or fixes before installing (see page 50) verify if you are installing PATROL Agent on top of an existing installation (see page 51) determine the order in which you must extract the installation files after download (see page 52) determine how to install products (see page 51) ensure you are using the appropriate version of the installation utility (see page 51) understand where to install the PATROL Agent and KMs (see page 51) understand PATROL security options (page 53) choose between Default and Custom installation options (see page 54)

Turning off pop-up blocking software before installing
Before installing the PATROL for Microsoft Windows Servers solution or any of its components, you must turn off pop-up blocking software. Pop-up blocking software interferes with the functioning of the installation utility.

Chapter 2

Installing and migrating PATROL for Windows Servers

49

Preparing for installation

Unsupported platform option in the installation utility user interface
If you use the installation utility to build an installable image, the Windows NT 4.0 (Intel) platform option is also displayed in the Select Platforms dialog box. This platform is not supported by the PATROL for Microsoft Windows Servers solution.

WARNING
Do not select the Windows NT 4.0 (Intel) platform when building an installable image.

Extraneous target platform options available in the installation utility user interface
If you use the installation utility to build an installable image, the following extraneous target platform options are displayed in the Select Platforms dialog box:
s s s s

Windows NT 4.0 (Intel) Above Windows 2003 (Intel) Above Windows 2003 (Itanium) Above Windows 2003 (Opteron/EM64T)

None of the preceding platforms are supported by the PATROL for Microsoft Windows Servers solution. Do not select these target platforms when building an installable image.

Checking for product patches or fixes before installing
Product fixes or patches are often available through the BMC Software Web site. Patches correct problems that are found after a product is released. BMC Software recommends that you check the product page for PATROL for Windows Servers on the BMC Software Customer Support Web page to determine whether a patch is available before you begin installing a product.

50

BMC PATROL for Microsoft Windows Servers Getting Started

Preparing for installation

Determining how to install products
You can install products on the computer on which you are running the installation utility (local installation), create an installable image of products, use the -serveronly option, or use the Distribution Server. An installable image is a fully configured product image that you can use to install products to multiple computers. With an installable image, you can create one product image with one pass through the installation utility and then use that image to install to remote computers in your environment. For more information about creating, distributing, and installing installable images, and about using the ctltool, see the PATROL Installation Reference Manual.

Determining the version of the installation utility
The version of the installation utility included on the CD or Electronic Product Download (EPD) image you use to install this product might differ from a version included on another product CD or from a version that you downloaded from the BMC Software Electronic Product Download (EPD) website. You should use the version of the installation utility that comes with the product that you are installing. To determine the version of an installation utility, perform the following steps:

1 Open a command prompt. 2 Navigate to the directory where the installation utility is located. 3 Enter Setup.exe -v (Windows) or setup sh -v (UNIX).

Determining where to install the PATROL Agent
Install the PATROL Agent on each computer that you want to monitor. When installing the PATROL Agent, select Managed System as the system role during the installation.

Installing the PATROL Agent over an existing installation
If you are installing the PATROL Agent over an existing installation, any manual modifications that you made to the agent.reg file are not applied to the new installation. You must manually reapply the modifications after the new installation.

Chapter 2

Installing and migrating PATROL for Windows Servers

51

Preparing for installation

Extracting installation files after download
This section is relevant only if you downloaded the PATROL for Microsoft Windows Servers solution from the BMC Electronic Product Download (EPD) website, http://www.bmc.com/ega/. When extracting multiple components that you downloaded from the BMC EPD website, you must extract them in the order shown: 1. installation utility (always extract first) 2. PATROL KM for Event Management 3. PATROL History Loader KM 4. PATROL KM for Log Management 5. PATROL Perform Agent for Microsoft Windows Servers 6. PATROL Agent for Microsoft Windows Servers 7. PATROL for Microsoft Windows Servers (always extract last)

EXAMPLE
If you downloaded the following components, you must extract them in this order: 1. installation utility (extract first) 2. PATROL KM for Log Management 3. PATROL Agent for Microsoft Windows Servers 4. PATROL for Microsoft Windows Servers (extract last)

Determining where to install KMs
You install the KMs to multiple target computers in the PATROL environment. Each target computer requires different KM related files and information, depending on the computer’s system role in the PATROL architecture. When you run the installation utility on a target computer, you must select the appropriate system role for that computer. The installation utility then installs the appropriate files to that target computer based on the system role selected. Install KMs that you want to use on

52

BMC PATROL for Microsoft Windows Servers Getting Started

s Computers hosting a PATROL console Install every KM that you want to use on each PATROL console computer. select Console Systems as the system role during the installation.PATROL Security levels s Computers hosting a PATROL Agent Each computer that you want to monitor should. When installing these KMs on a PATROL Console Server computer. and so on.Microsoft Windows Edition Getting Started PATROL Console Server and RTserver Getting Started PATROL Configuration Manager User Guide PATROL Console for UNIX User Guide PATROL Console for Microsoft Windows User Guide . When installing these KMs on a PATROL console computer. select Managed System as the system role during the installation. Cluster Servers. s Computers hosting a PATROL Console Server If you use the PATROL Console Server. select Common Services as the system role during the installation.Understanding the Basics of PATROL. You can select from five security levels when you install PATROL. When installing these KMs on the PATROL Agent computer. 2. Terminal Servers. and 3 PATROL Security levels You can secure the data passed between PATROL components and restrict unauthorized users from accessing your data by implementing PATROL security.Web Edition Getting Started PATROL Central Operator . Chapter 2 Installing and migrating PATROL for Windows Servers 53 . For more information about the PATROL consoles and PATROL Console Server or RTserver. Install the same KM and the same version of the KM that is running on the PATROL Agents. see the product’s respective online help systems and the following documents: s s s s s s PATROL Central Operator . You might want to install other KMs to monitor specific server types such as Exchange Servers. Microsoft SQL Servers. Volume 1. install every KM that you want to use on the PATROL Console Server computer. have the PATROL Agent and the PATROL KM for Microsoft Windows OS. Domain Controllers. at a minimum.

Default and custom installation types The installation utility prompts you to select one of the following installation types: s The Default installation type uses default values for all optional configuration information. and consoles must operate at the same security level to communicate with each other. and you are installing into the default product installation directories.Default and custom installation types Agents. — You are performing a first-time installation (you are not upgrading). see the PATROL Security User Guide for instructions. 54 BMC PATROL for Microsoft Windows Servers Getting Started . Assessing and implementing a different security level Review the security level definitions in the PATROL Security User Guide before installing PATROL to determine the appropriate security level for your components. check the security level of the previously installed components and be sure to install the new ones at the same level. console server. When you install agents. This type is for any or all of the following situations: — You are new to the PATROL product that you are installing and you have an agent or console already installed in the default directories. console servers. or console. Checking security levels To check the security level of a previously installed agent. console servers. or consoles that need to communicate with previously installed versions of these components. perform the following steps: 1 From the command line switch to the path on the computer that you want to check: %BMC_ROOT%\common\security\bin\Windows-x86 2 Run the following command to display the security policy of the current machine: esstool policy -a The security level is displayed in the “security level” field of the output. It prompts you only for mandatory configuration information. If you want to implement a new security level after having previously installed PATROL security.

First-time installation NOTE If you are installing PATROL for Windows Servers to an existing PATROL Agent or Console environment that is not in the default installation directory. Do not use Default. s With the Custom installation type. Default will automatically install the agent or console with PATROL for Windows Servers and overwrite your existing installation. you can install individual components of the product. — You want to specify the following settings: s the port numbers that components use to communicate with each other s a security level greater than basic security s any other product settings that a user might want to change — You are upgrading PATROL for Windows Servers from a previously installed version. Regardless of the type of installation you choose. It requires that you specify all configuration information. First-time installation The installation utility offers two types of installations: Default and Custom. the Default installation type configures the PATROL Agent to connect through port 3181. see “Default and custom installation types” on page 54. Chapter 2 Installing and migrating PATROL for Windows Servers 55 . If you want to connect the agent from a different port. — You are installing into an existing PATROL environment that is not in the default installation directory. With each installation type. you must use the Custom installation type. you must repeat this installation process for each computer on which you want to install PATROL for Windows Servers. use Custom. NOTE By default. This type is for any or all of the following situations: — You want to install individual components rather than the entire product. you can always deselect any components that you do not want to install. Installing for the first time You can install PATROL for Windows Servers using either the Default or Custom installation type. For a description of the two types of installations.

4 Review the license agreement. 56 BMC PATROL for Microsoft Windows Servers Getting Started . 2 From the PATROL for Microsoft Windows Servers CD or from an installation image that has been electronically downloaded from an EPD site and extracted. and then install in your production environment. If you want to install PATROL for Windows Servers on a computer running Windows 2000 with Citrix Metaframe. select I want to install products on this computer now and click Next to continue. You must have created the PATROL default account. s s To install using the default installation type 1 Close the Service Control Manager window and the Control Panel window. change to the directory where the installation utility is located and enter the following command to change to installation mode: change user/install B Enter the following command to start the installation Web server setup. test the installation thoroughly. When installing on a Windows Server in application mode or with Citrix Metaframe installed.First-time installation Before you begin s You first should install on a limited number of computers in the test environment. 5 In the Select Installation Option window. D Connect to the installation Web server from the browser to start the installation utility by using the URL that is displayed in the message box on the computer on which you are installing the product. start the browser. you must have access to a second computer that runs a browser that is supported by the installation utility. select Accept. perform the following steps to launch the installation utility: A From a command line. and click Next to continue.exe -serveronly A message box is displayed that shows the URL to use to connect to the installation Web server.exe. 3 In the Welcome to the Installation Utility window. C On another computer with a browser. run setup. click Next to begin your installation.

If you are installing to a computer that hosts or will host a PATROL Agent. click View Log to review the details of the installation. (Next does not appear until the installation is 100% complete. select Console Systems. This window is displayed only when you are installing a product that requires a PATROL logon. enter the user name and password that you want to use for your PATROL default account and click Next. If you are installing to a computer that hosts or will host the PATROL Central Operator – Web Edition. click Start Install. s s 9 From the Select Products and Components to Install window.First-time installation 6 In the Select Type of Installation window. select Managed Systems. 14 Click Finish to close the installation utility. to make changes. click Next to view the results window. select any or all of the following roles to indicate the components that you want to install and click Next: s If you are installing to a computer that hosts or will host only a PATROL Console for Windows. current milestones. and percentage complete. review your selections and. see “Accounts” on page 43. A status window opens that contains current messages. 7 In the Specify Installation Directory window.) 11 In the Review Selections and Install window. select components that you want to install or accept the defaults and click Next. Chapter 2 Installing and migrating PATROL for Windows Servers 57 . 8 In the Select System Roles window. You should have created this account manually before you began to install PATROL. to start installing. click Back or. accept the default directory and click Next to continue. 12 When the status window reports that the installation is 100% complete. or the PATROL Console Server select Common Services. (For more information. 10 In the PATROL Default Account Properties window. select Default and click Next to continue.) 13 (Optional) In the results window.

review the license agreement. select Accept and click Next. 6 From the Select Type of Installation Window. 4 In the Review License Agreement window. 8 In the Select System Roles window. You will specify the PATROL product directory in step 10 on page 59. click Next. select I want to install products on this computer now and click Next.exe. 7 In the Specify Installation Directory window. select Custom and click Next. perform the following steps to launch the installation utility: A From a command line. enter the directory where the products that you select will be installed and click Next. 5 In the Select Installation Option window. select any or all of the following roles to indicate the components that you want to install and click Next: 58 BMC PATROL for Microsoft Windows Servers Getting Started . run setup. change to the directory where the installation utility is located and enter the following command to change to installation mode: change user/install B Enter the following commands to start the installation Web server: setup. D Connect to the installation Web server from the browser to start the installation utility by using the URL that is displayed in the message box on the computer on which you are installing the product. 3 In the Welcome to the Installation Utility window.exe -serveronly A message box is displayed that shows the URL to use to connect to the installation Web server. The PATROL product directory is appended to the path that you enter in this step. 2 From the PATROL for Microsoft Windows Servers CD or from an installation image that has been electronically downloaded from an EPD site and extracted. start the browser. C On another computer with a browser. When installing on a Windows Server in application mode or with Citrix Metaframe installed.First-time installation To install using the custom installation type 1 Close the Service Control Manager window and the Control Panel window.

(For more information. The default is 3181. select Common Services. change the default to the current port number for the PATROL Agent. B In the Restart the PATROL agent automatically? field. enter in the PATROL 3. click Yes or No.First-time installation s If you are installing to a computer that hosts or will host a PATROL Console. select Managed System. select the items that you want to install.x Product Directory field the directory in which you want to install PATROL for Windows Servers as appropriate for your installation. and click Next. s s For more information about the PATROL consoles and PATROL Console Server or RTserver. 10 In the Provide the PATROL 3. If you are installing to a computer that hosts or will host the PATROL Central Operator – Web Edition or the PATROL Console Server. This window is displayed only when you are installing a product that requires a PATROL logon.x Product Directory window. Chapter 2 Installing and migrating PATROL for Windows Servers 59 . enter the user name and password that you want to use for your PATROL default account and click Next. NOTE If your previous installation used a different port number. If you are installing to a computer that hosts or will host a PATROL Agent. enter the port number that you want the PATROL Agent to use. 11 If the PATROL Default Account Properties window appears. see the following documents: s s s PATROL Central Operator – Web Edition Getting Started PATROL Central Operator – Microsoft Windows Edition Getting Started PATROL Console Server and RTserver Getting Started 9 From the Select Products and Components to Install window. select Console System. This directory is appended to the base directory path that is shown in the BMC Products Installation Directory field entered in step 7 on page 57.) 12 In the Complete the Confirm BMC Product Startup Information window. perform the following steps (this window does not appear if you are not installing into a managed system): A In the Specify the Current Agent Port Number field. see “Accounts” on page 43. You should have created this account manually before you started the installation process.

It also provides a high-level overview of the enterprise installation process.) 15 (Optional) In the results window. this section does describe how to import the PATROL for Windows Servers product into the Distribution Server. The details of how to install a product across an enterprise to multiple machines by using Distribution Server are beyond the scope of this book. click Back or. review the selections and. 14 When the status window reports that the installation is 100% complete.First-time installation using Distribution Server 13 In the Review Selections and Start Install window. uninstall. However. s s s 60 BMC PATROL for Microsoft Windows Servers Getting Started . to start installing. click View Log to review the details of the installation. click Start Install. Distribution Server features You use the Distribution Server to perform remote installations or uninstallations of BMC Software distributed systems products across multiple systems from a central location. With the Distribution Server you can perform the following actions: s Install. 16 Click Exit to close the installation utility. and reinstall products on remote systems from one central location. click Next to view the results window. to make changes. First-time installation using Distribution Server The PATROL for Windows Servers can be installed locally to a single computer or remotely to multiple computers using the Distribution Server. (Next does not appear until the installation is 100% complete. Schedule a distribution for a specific date and time. Maintain multiple product versions to be distributed. Create collections of products and system groups to distribute multiple products to multiple systems in one distribution. upgrade.

EXAMPLE Assuming that you copied the CD image into a directory called merged_CD and then.1. perform the following tasks: “Importing a CD or customized installation package into Distribution Server” on page 61. and diagnosis problems. 5 Select the directory that contains the Products directory (do not select the Products directory itself).First-time installation using Distribution Server s View reports to check distribution status. the resultant directory structure would resemble merged_CD\Products\pokchm. 4 Navigate to the location where the components are located and click Next. 3 In the list area. you copied the updated package to the directory containing the CD image. Chapter 2 Installing and migrating PATROL for Windows Servers 61 . Ensure that you use the Distribution Server version 7. gather distribution data. s To import components in to the Distribution Server 1 Using the Distribution Server Manager. Before you begin s The customized installation packages that resulted from “Creating an installation package of the migrated and merged KM” on page 70 must be accessible to the Distribution Server. You would select the directory merged_CD. after migrating your customizations and creating a customized installation package. To import PATROL for Windows Servers into the Distribution Server. click the Components tab. Importing a CD or customized installation package into Distribution Server This task describes how to import components into the Distribution Server for deployment to multiple locations.01 or later. connect to the Distribution Server. you can specify them by using the NFS name and path. click the Import button. If the components are not accessible on a local drive. 2 In the Distribution Server tab area.

The tasks can be grouped into three stages. To set up products 1 Import components into the Distribution Server repository on the Components tab of the Distribution Manager. you must perform the following tasks within the tool. Where to go from here To remotely install PATROL for Windows Servers throughout your enterprise. see “Installing with the Distribution Server (overview). 7 Click Import to import the selected components. 2 Add accounts and create profiles for the systems on the Systems tab of the Distribution Manager. 4 Arrange systems in system groups on the Systems tab of the Distribution Manager. 62 BMC PATROL for Microsoft Windows Servers Getting Started . use the instructions in the Distribution Server Getting Started Guide. 3 Configure the collections on the Configurations tab of the Distribution Manager. 2 Arrange components in collections on the Collections tab of the Distribution Manager. 3 Add the systems and install the Distribution Client on the Systems tab of the Distribution Manager.” Installing with the Distribution Server (overview) Once you have imported the PATROL for Windows Servers into the Distribution Server.First-time installation using Distribution Server 6 Select the check boxes for the components that you want to import and click OK. For an overview of that process. To set up systems 1 Create accounts in the operating system of the computers to which you want to distribute PATROL for Windows Servers.

see the Distribution Server Getting Started Guide. 2 Run reports to review distributions on the Reports tab of the Distribution Manager.Upgrading from an earlier version To distribute products 1 Distribute configurations of collections to system groups on the Distributions tab of the Distribution Manager. Chapter 2 Installing and migrating PATROL for Windows Servers 63 . Upgrading from an earlier version If you have a previous version of PATROL for Windows Servers installed on the target computer. Automatic migration of console and agent customizations Only customizations to Knowledge Modules must be migrated. Whether you choose to save and migrate your KM customizations or not. you have the following options for upgrading to the new version of PATROL for Windows Servers: s s “Upgrading without saving KM customizations” on page 68 “Upgrading and preserving KM customizations” on page 68 Figure 1 on page 67 describes the general process of upgrading to a new version of PATROL for Windows Servers and migrating any customizations. For detailed instructions about how to perform remote installations with the Distribution Server. the customizations you have made to the following components are preserved and incorporated into the new version automatically: s s agents—stored in the agent configuration file consoles—stored in the console cache files NOTE Customized Knowledge Modules and PSL files are also stored in the cache but they are not automatically preserved and incorporated.

00.0.00 and later PATROL KM for Windows Domain Services 1.3.7.00 and later 1. or 1.1.00 and later 1.1.00 and later 1.km files and parameters using an older version of this component. you must determine whether or not your customizations to PATROL for Windows Servers can be migrated to the new version of PATROL for Windows Servers. Table 11 Component PATROL for Windows Servers PATROL KM for Windows Operating System PATROL KM for Microsoft Windows Active Directory PATROL History Loader KM PATROL KM for Event Management PATROL KM for Microsoft Message Queue PATROL KM for Microsoft Cluster Server PATROL KM for Microsoft COM+ PATROL Wizard for Microsoft Performance Monitor and WMI Versions that you can migrate Version 2.00.4. even after loading the new KM. These disabled application classes are recorded in the configuration variable /AgentSetup/disabledKMs.08 and later 1. 1.5.01 and later 3.7. a When the PATROL KM for Microsoft Windows Active Directory is installed on a server that has PATROL KM for Windows Domain Services 1. See Table 11 to determine whether migration is supported for your current version of PATROL for Windows Servers. 1.5. they will continue to work.04 and later If you created .00 and later 2.01 and later 1.1.02 and later 2.00a. 64 BMC PATROL for Microsoft Windows Servers Getting Started . the application classes that begin with NT_AD are automatically disabled.5.1.Upgrading from an earlier version Determining whether you can migrate KM customizations Before migrating customizations.2.4. Conditions for upgrading Use Table 12 to help you choose an upgrade procedure.01 installed.

Default values for PATROL location variables If you do not specify a location for the PATROL installation. To function properly. perform the following procedure: Chapter 2 Installing and migrating PATROL for Windows Servers 65 . Table 13 Variable PATROL_HOME PATROL_CACHE Default values for PATROL location variables Default value C:\Program Files\BMC Software\<PATROL_directory> %HOMEDRIVE%\%HOMEPATH%\<PATROL_directory> Viewing environment variables set by PATROL To view the value of PATROL_HOME. the installer uses the following pre-programmed default locations and stores these locations in environment variables.Upgrading from an earlier version Table 12 Choosing an upgrade procedure If you have this situation s Use this procedure Upgrading without saving KM customizations have not made any customizations to the KM files in your previous version of PATROL for Windows Servers want to overwrite customizations you made to the KM files with the default values of the new version of PATROL for Windows Servers have a currently installed version of PATROL for Windows Servers that cannot be migrated (See Table 11 on page 64) s s Upgrading and preserving KM customizations made customizations to the KM files in your previously installed version of PATROL for Windows Servers and want to save those customizations and migrate them to the new version of PATROL for Windows Servers Determining the location of PATROL During the installation process. the PATROL installation utility records where it installs PATROL components in environment variables. Throughout this section. PATROL_CACHE and other environment variables. all references to PATROL_HOME represent %PATROL_HOME% and all references to PATROL_CACHE represent %PATROL_CACHE%. Two important variables are PATROL_HOME and PATROL_CACHE. various components of the PATROL product require the information stored in these variables.

The System application displays PATROL_CACHE only if it is set to a value other than its default value. 4 Click Environment Variables. PATROL for Windows Servers upgrade scenarios Figure 1 illustrates the following PATROL for Windows Servers upgrade scenarios. 5 Scroll through the System Variable list box to view the variables. 2 Open the System application.PATROL for Windows Servers upgrade scenarios Using the control panel 1 Select Control Panel using one of the following menu paths: s s Start => Settings => Control Panel. s s s not migrating customizations migrating customizations manually migrating customizations then installing the product using one of the following tools: — Common Installation Utility for local installations — Distribution Server for remote installations 66 BMC PATROL for Microsoft Windows Servers Getting Started . 3 Select the Advanced tab. Start => Control Panel.

Install PATROL for Windows Servers using instructions in “Installing for the first time” on page 55 Saving customizations? No Yes Yes No Can you migrate? No “Determining whether you can migrate KM customizations” on page 64 Yes migrating manually Import merged package into the Distribution Server and start installer using instructions in “Importing a CD or customized installation package into Distribution Server” on page 61. “Migrating customizations manually” on page 72 Back up PATROL_HOME and PATROL_CACHE directories and note all customizations. remove previous version of the product from PATROL_CACHE and PATROL_HOME directories on agent and console computers. remove previous version from PATROL_CACHE and PATROL_HOME directories on agent and console computer. Install PATROL for Windows Servers using instructions in on page 55. Shut down agent and console.PATROL for Windows Servers upgrade scenarios Figure 1 Upgrading overview for PATROL for Windows Servers “Upgrading without saving KM customizations” on page 68 Installing over an existing PATROL for Windows Servers installation? Shut down agent and console. Chapter 2 Installing and migrating PATROL for Windows Servers 67 . Manually change settings or PSL files to match your customizations for the previous version.

ensure that you have the latest version of the product installed as well as any available patches. PSL code. and then install the result into your environment. In either of those cases. stop the PATROL Agent service (PatrolAgent. alarm thresholds. When installing PATROL for Microsoft Windows Servers over an existing version.km files in the previous version of PATROL for Windows Servers.PATROL for Windows Servers upgrade scenarios Upgrading without saving KM customizations If you do not want to save any customizations of . They will take effect automatically unless the parameter name or application name has changed. or events. you must reapply the customizations. test the merged KMs thoroughly. you must either migrate your customizations manually or use the PATROL Migration Tools version 3.km files.exe) first.5 to create a customized installation package. you can simply install the new version of PATROL for Windows Servers over your previous version after moving or deleting PATROL for Windows Servers files from the PATROL_CACHE. followed by any other PATROL services. You should complete this process on a limited number of computers in the test environment first. See “First-time installation” on page 55 for instructions. and then deploy them to your production environment. if you stop PATROL services manually (not normally required) before running the installation program. You must first migrate your customizations from the old version of PATROL for Windows Servers to the new version. If you are using the Distribution Server to install the merged customization package. NOTE To upgrade and preserve customizations. 68 BMC PATROL for Microsoft Windows Servers Getting Started . NOTE Customizations applied using PATROL Configuration Manager or operator overrides are automatically saved in the agent configuration database. Upgrading and preserving KM customizations Use the appropriate task in this section if you want to upgrade to the new version of PATROL for Windows Servers and you want to preserve any customizations you have made to the .

2 Ensure that no one is accessing any PATROL files or directories. See Table 11 on page 64 to determine whether migration is supported for your current version of PATROL for Windows Servers. If the . consoles. 3 Perform a full backup of the directories where PATROL files are typically stored.kml file or any of the .km files for the new version of PATROL for Windows Servers has a different file name from the previous version. go to “Migrating customizations manually” on page 72. you must remove those files from the list of KMs that are preloaded on the PATROL Agent. To back up the current installation Back up your customizations so that you can restore the current installation if you want to roll back your upgrade.PATROL for Windows Servers upgrade scenarios Preparing to upgrade Whether you are upgrading and migrating customizations or simply upgrading. and related services that are currently running. These directories are listed in the following table: File type executables and data console customizations Directory PATROL_HOME for agent and console installation directories PATROL_CACHE for the console working cache Where to go from here If you are migrating customizations manually. Before you begin If you plan to migrate your customizations. you must first back up the current installation. Chapter 2 Installing and migrating PATROL for Windows Servers 69 . determine whether you can migrate from a previous version of PATROL for Windows Servers. 1 Shut down any PATROL Agents.

Ensure that you have made a record of your customizations and have backed up the customized files in the PATROL_HOME and PATROL_CACHE directories.PATROL for Windows Servers upgrade scenarios Migrating customizations with the PATROL Configuration Manager BMC Software recommends that if you have customized KMs that these customizations should be migrated to PATROL Configuration Manager rulesets.ppf file with a text editor. Use the Recovery Action Event Management commands as described in the PATROL Configuration Manager User Guide to migrate your custom recovery actions to the PATROL Configuration Manager. 2 Navigate to the packaged_results directory for the merged package and open the . 1 Copy the entire contents of the PATROL for Windows Servers CD to a temporary directory on a hard drive on a server. This file name is the name of the directory that you will look for in the Products directory of the CD image. follow these steps: 1. PATROL Configuration Manager rulesets allow you to manage customizations to KMs. Ensure that you have made a record of your custom recovery actions. If you have created custom recovery actions. Write down the file name in the first line of the . s If you have localized parameters or global parameters that have customized poll times or thresholds. 3. 5. 4.ppf file. depending on the type of customization. use the AS_CHANGESPRING KM to migrate these customizations into PATROL Configuration Manager rulesets as described in the PATROL Configuration Manager User Guide. you must create an installation package that can be used with the installation utility to install locally on one computer or with Distribution Server to install remotely on multiple computers. Uninstall the old version of PATROL for Microsoft Windows Servers. You can delete this temporary directory after you have successfully created an installable image. s Creating an installation package of the migrated and merged KM After you have migrated and merged your customizations. Install the new version of PATROL for Microsoft Windows Servers as described in the section “Installing for the first time” on page 55. 2. 70 BMC PATROL for Microsoft Windows Servers Getting Started .

5 Copy the PATROL for Windows Servers CD image to the server that you will use to install PATROL for Windows Servers. You will be replacing the files there with the merged files that contain your customizations. 4 Copy the renamed directory to the Products directory of the temporary directory that you used in Step 1. Import the customized version of PATROL for Windows Servers into the Distribution Server by following the instructions in “Importing a CD or customized installation package into Distribution Server” on page 61. you must move the current PATROL for Windows Servers files from the PATROL_CACHE directory for the console.ppf file. If you do not.ppf file in the previous step.” Install PATROL for Windows Servers from the target server by following the instructions in “Installing for the first time” on page 55.00/030107-233044 was listed in the first line of the . EXAMPLE If pokckm/8. old product files in PATROL_CACHE are loaded instead of the newly installed files from PATROL_HOME. s s Moving files from the PATROL_CACHE directories Before you install.PATROL for Windows Servers upgrade scenarios 3 Rename the packaged_results directory with the file name that you found in the . you would use pokckm as the directory name. Copy the PATROL for Windows Servers files with the naming patterns shown in Table 14 to a directory outside the PATROL installation and delete them from PATROL_CACHE\knowledge and PATROL_CACHE\psl: Table 14 Component PATROL KM for Microsoft Windows OS KM file naming patterns (Part 1 of 2) Naming pattern s s s NT_* PATROL* RECOVERY* Com* PATROL KM for COM+ s Chapter 2 Installing and migrating PATROL for Windows Servers 71 . Where to go from here s Remove the files in the PATROL_CACHE directory by following the instructions in “Moving files from the PATROL_CACHE directories.5.

km H*. 72 BMC PATROL for Microsoft Windows Servers Getting Started .psl History-* History_Loader* Hist* COM_DEB_* COM_STAT_* NT_WMI* NT_PERFMON* s s s PATROL KM for Microsoft Windows Active Directory PATROL for Microsoft Cluster Server PATROL KM for Event Management PATROL KM for Log Management PATROL History Loader KM s s s s s s s s s s s s s s PATROL Wizard for Microsoft Performance Monitor and WMI s s Migrating customizations manually If you have made customizations to the PATROL Script Language (PSL) code. 4 Identify and record the coding changes. 3 Install the new version of PATROL for Windows Servers as described in the section “Installing for the first time” on page 55. 2 Uninstall the old version of PATROL for Windows Servers.PATROL for Windows Servers upgrade scenarios Table 14 Component KM file naming patterns (Part 2 of 2) Naming pattern s s PATROL KM for Microsoft Message Queue PATROL KM for Microsoft Windows Domain Services MQ* MSMQ* MSDM* NT_* NTD_* AD* MWD* MCS* AS* EVENT* LOG* PMG* H*. you must manually migrate those customizations. which represent your customizations. To migrate customizations to KM files manually 1 Ensure that you have made a record of your customizations and have backed up the customized files in the PATROL_HOME and PATROL_CACHE directories. in PATROL for Windows Servers by comparing the content of the ASCII files in the newly installed PATROL for Windows Servers version with the content of the customized ASCII files with the same name that is saved in the directory to which you moved the old version. This task contains a procedure for manually migrating each kind of customization.

The PATROL KM for Microsoft Cluster Server can monitor your Microsoft Cluster Server environment using an external cluster-level agent or an internal cluster-level agent (CLA). These customizations may be embedded in .km files by using a PATROL developer console to reapply your changes.km file. To migrate customized PSL code Customizations made to PATROL Script Language (PSL) code are not automatically migrated.psl files that were shipped by BMC Software. that code will be overwritten when you install a new version of the product. You must manually edit the new . Table 15 on page 74 provides you with the characteristics of each of these options. Installing PATROL for Microsoft Cluster Server s s Installing PATROL KM for Microsoft Cluster Server Install the PATROL KM for Microsoft Cluster Server component only if you plan to monitor and manage a Microsoft server cluster.psl files. using the following guidelines: s If you modified . If you modified PSL code embedded in a . enter the customizations that you identified in step 4 on page 72. Chapter 2 Installing and migrating PATROL for Windows Servers 73 . one by one. C Using a PATROL developer console.km file. you must manually re-edit the PSL code in the new KM by using a PATROL developer console to reapply your changes. B Load the newly installed PATROL for Windows Servers.km files or stored in separate . To help you decide which of these options is best for your environment. Migrate these customizations manually. If you created a new PSL file (not shipped by BMC Software) outside of a .Installing PATROL KM for Microsoft Cluster Server 5 Incorporate your customizations to the new PATROL for Windows Servers by performing the following steps: A Restart the PATROL console.

Although the external cluster-level agent can monitor one or more clusters. A cluster can be monitored by only one clusterlevel agent. as shown in Figure 2 on page 75. are not shared with the new quorum owner after a Cluster Group failover automatically replicates the configuration information to all the nodes in the cluster does not require a computer that resides outside of the cluster to run the CLA allows the KM to use the PATROL agent default account when certain requirements are satisfied easier to set up and configure External cluster-level agent architecture The external CLA uses a three-tier architecture. history is not interrupted during a failover requires a CLA computer that resides outside of the cluster internal CLA The following statements apply to an internal CLA configuration: s s s s s s monitors only the underlying cluster does not provide an uninterrupted history.Installing PATROL KM for Microsoft Cluster Server Table 15 Monitoring configuration options for PATROL KM for Microsoft Cluster Server Characteristics The following statements apply to an external CLA configuration: s s s Monitoring configuration external CLA allows you to use the same CLA to monitor multiple clusters maintains both the configuration and history files outside of the cluster. therefore. and has components that you install inside and outside of a cluster. The external CLA uses a cluster-level agent machine that resides outside the cluster to collect data from the cluster nodes in all of the clusters you monitor. configuration and history files are stored on a local drive and. BMC Software recommends that you monitor no more than ten clusters from one clusterlevel agent for performance reasons. 74 BMC PATROL for Microsoft Windows Servers Getting Started .

and OS KM here. only the MCS KM on the quorum-owning node actively monitors the cluster. Install the PATROL KM for Microsoft Cluster Server. MCS KM. and OS KM here. PATROL Agent. Cluster 2 Node 1 Cluster-level agent computer Install the PATROL KM for Microsoft Cluster Server.quorum owner Install the Agent. PATROL Agent. Node 2 Install the PATROL KM for Microsoft Cluster Server. and PATROL Agent here. Node 2 Install the PATROL KM for Microsoft Cluster Server. as shown in Figure 3. and Microsoft Windows OS KM on all nodes in the cluster Node 2 While the PATROL KM for Microsoft Cluster Server (MCS KM) is loaded on all of the agents on all of the nodes in the cluster. Chapter 2 Installing and migrating PATROL for Windows Servers 75 .Installing PATROL KM for Microsoft Cluster Server Figure 2 PATROL KM for Microsoft Cluster Server with external CLA configuration Cluster 1 Node 1 Install the PATROL KM for Microsoft Cluster Server and a PATROL Console here. and OS KM here. PATROL Agent. Cluster 1 Node 1 . Figure 3 PATROL KM for Microsoft Cluster Server with internal CLA configuration Install the PATROL Console here. Install the PATROL KM for Microsoft Cluster Server. and OS KM here. PATROL Agent. Internal cluster-level agent architecture The internal CLA uses a two-tier architecture.

you must install Failover Clustering tools from Server Manager. see “PATROL KM for Microsoft Cluster Server account” on page 48.kml s installed the PATROL Agent Cluster connection account For each cluster. Support for Quorum Configurations in a failover cluster PATROL KM for Microsoft Cluster Server has added support for the Microsoft Windows server 2008 cluster. you must have the following completed: s s know the user name and password of the cluster connection account installed the PATROL KM for Microsoft Windows OS and loaded the NT_BASE. By default.exe command-line tool.Installing PATROL KM for Microsoft Cluster Server How to Install the PATROL KM for Microsoft Cluster Server Before you begin installing the PATROL KM for Microsoft Cluster Server. For more information about the cluster account. You can verify that the cluster connection account has the appropriate permissions by logging into the cluster-level agent with the selected account and connecting to the cluster with either the Microsoft Cluster Administrator GUI or the cluster.exe is not present in Windows 2008 non-cluster computer. the cluster. see the PATROL Agent Reference Manual. Support for external CLA s s s s Node and File share Majority Node and Disk Majority Node Majority No Majority: Disk only 76 BMC PATROL for Microsoft Windows Servers Getting Started . the cluster connection account (specified in the cluster administrator) must have the appropriate permissions and trusts to establish a session with the cluster. For information about how the PATROL Agent supports an application in a cluster environment and what type of failover tolerance the agent provides. NOTE If you use Windows Server 2008 as an external CLA.

This component can exist on the same computer as the external cluster-level agent or on a cluster node. Install the following components on each computer that contains an external cluster-level agent: s s PATROL Agent PATROL KM for Microsoft Cluster Server 3 Install the PATROL KM for Microsoft Cluster Server on the computer that has your PATROL Console.Considerations for using online Help Support for internal CLA s No Majority: Disk only Installation process The PATROL KM for Microsoft Cluster Server installation process consists of the following tasks: WARNING Do not load the PATROL KM for Microsoft Cluster Server on a virtual agent. Considerations for using online Help If you plan to install the UNIX version of PATROL for Windows Servers on a PATROL Console for UNIX. 1 Install the following components on each cluster node: s s s PATROL Agent PATROL KM for Microsoft Cluster Server PATROL KM for Microsoft Windows 2 This task is only required if you are using an external CLA. you must install the supported version of the Help browser separately if it is not already installed. Chapter 2 Installing and migrating PATROL for Windows Servers 77 .

Two windows will be displayed. the Netscape Navigator window is displayed as an icon. Download location Netscape Navigator is supplied by Netscape Communications Corp. some subsequent color requests might fail and the online Help will be improperly displayed.netscape. You can install Netscape anywhere on your UNIX computer as long as the binary is in the path.com/download. Additional considerations for using online Help for UNIX When you select Help from the PATROL Console for UNIX. If so.x PATROL Help does not support Netscape Navigator 6.x: s s UNIX: Netscape Navigator version 3. and then a browser window that contains the Help is displayed. By default. The Exceed for Windows product by Hummingbird Communication Ltd. You can locate the browser at http://home.Considerations for using online Help Browser version required for viewing PATROL Console for UNIX Help The appropriate one of the following browsers is required to view PATROL Help in PATROL version 3.0. As a result. continue functioning. you must be aware of the following restrictions: s Netscape Navigator displays warning messages when it is invoked multiple times within the same user account because of its file-locking mechanism. you might experience color flashing on your workstation. However. It will. First. however. when Netscape Navigator starts.01 through 4. you can set the value of PATROL_BROWSER so that the colormap option is not specified. may not always display the Help files properly. it may take a few seconds for the Help browser to launch. Installation requirement You must install Netscape Navigator on the computer where the PATROL console resides.78 Red Hat Linux: Netscape Navigator version 4. s s 78 BMC PATROL for Microsoft Windows Servers Getting Started . it uses a private color map. In addition.

Otherwise. The following sections describe these variables. Type of shell Bourne Korn C Export command for LANG variable LANG=C export LANG export LANG=C setenv LANG=C PATH variable The PATROL user account PATH variable must contain the location of the directory containing the Netscape files. Type of shell Bourne Korn C Export command for PATH variable PATH=$PATH:/netscape_location export PATH export PATH=$PATH:/netscape_location setenv PATH=$PATH:/netscape_location PATROL_BROWSER variable When PATROL starts the Help browser. As a default. PATH.Considerations for using online Help Consult your Netscape Navigator documentation for specific platform requirements and restrictions. LANG variable The UNIX LANG environment variable must be set to C so that Netscape Navigator will work properly. and PATROL_BROWSER environment variables must be set for the Help browser to run properly. Required environment variables settings for the browser The LANG. it uses the command in the PATROL_BROWSER environment variable. This requirement applies only to the PATROL user account on the PATROL console computer. If the directory containing the Netscape files is not in the path. the PATROL_BROWSER environment variable contains the following command: Chapter 2 Installing and migrating PATROL for Windows Servers 79 . you might experience product failures. add the directory to the PATROL user account path.

Determining the version of the installation utility To determine the version of the installer. you might remove files that are needed to perform uninstallation of other BMC Software products. perform the following procedure. 1 Access a command prompt and navigate to the appropriate location: (Windows) <BMC_ROOT>\Uninstall (UNIX) <BMC_ROOT>/Uninstall 2 Type the following command and press ENTER. EXAMPLE For a Korn shell: export PATROL_BROWSER=/usr/local/bin/netscape -raise Uninstalling PATROL for Windows Servers To uninstall PATROL for Windows Servers.Uninstalling PATROL for Windows Servers Type of shell Bourne Korn C Export command for PATROL_BROWSER variable PATROL_BROWSER=netscape -display $DISPLAY -install -iconic export LANG export PATROL_BROWSER=netscape -display $DISPLAY -install iconic setenv PATROL_BROWSER=netscape -display $DISPLAY -install iconic To use different arguments. (Windows) uninstall.exe -v 80 BMC PATROL for Microsoft Windows Servers Getting Started . WARNING If you use a different version of the installation program to uninstall the product than the version that you used to install the product. you can use the Windows Add/Remove Programs functionality or the installation utility that you used to install the product. set the value of PATROL_BROWSER to the appropriate string.

sh -v Uninstalling PATROL for Windows Servers on Windows You can use the option that is appropriate for what you want to uninstall to uninstall PATROL for Windows Servers. The Welcome window is displayed. C On another machine with a browser.exe to launch the installation utility in uninstall mode. Chapter 2 Installing and migrating PATROL for Windows Servers 81 .exe -serveronly A message box is displayed that shows the URL to use to connect to the installation Web server. double-click uninstall. The following procedures describe how to uninstall products from a Windows environment and all related log files. Click Next. start the browser. perform the following steps to launch the installation utility in uninstall mode: A From a command line. you can launch the installation utility in uninstall mode by choosing Start => Settings => Control Panel => Add/Remove Programs and double-clicking BMC Software Tools in the Add/Remove Programs Properties dialog box./uninstall. To uninstall individual products 1 From the Uninstall directory in your BMC Software product installation directory.Uninstalling PATROL for Windows Servers (UNIX) . D Connect to the installation Web server from the browser to start the installation utility by using the URL that is displayed in the message box. 2 Select the installation directory from which you want to remove a product. NOTE As an option. When installing on a Windows Server in application mode or with Citrix Metaframe installed. change to the directory where the installation utility is located and enter the following command to change to installation mode: change user/install B Change to the Uninstall directory and enter the following command to start the installation Web server: uninstall. and click Next.

txt extension) This file contains all messages about the If a space exists in the path. and click Next. 4 Open a command line prompt. -output sends the log information to an output log file Value any valid path and file name (with a . thorinst. 4 Review your selections and click Uninstall.Uninstalling PATROL for Windows Servers 3 Select the product or products that you want to uninstall. normally sent to standard output. To retain log files and configuration files This task describes how to uninstall the PATROL product but retain log files. 2 Locate the uninstall. and edit the /BMC/Base variable to specify the name of the directory from which you removed the products in step 1. After the uninstallation is complete. %PATROL_HOME%\Uninstall\Install\ instbin 6 Enter the following command. the entire path must be enclosed in quotation progress of the installation that are marks. 5 Change to the following directory. the entire path must be enclosed in quotation marks.ctl file in a text editor.exe -uninstall path to control file -log path to log file -output path to output log file Use the following table to help determine the log file and output log file locations: Option -log Description sends the log information to a standard log file This file contains all installation status information. a window is displayed that tells you whether the uninstallation was successful. which contain history for future analysis. %PATROL_HOME%\Uninstall\Install\instdata 3 Open the uninstall. 82 BMC PATROL for Microsoft Windows Servers Getting Started . and configuration files for redeployment. any valid path and file name (with a .ctl file in the following directory.txt extension) If a space exists in the path. 1 Uninstall all products as described in “To uninstall individual products” on page 81.

%PATROL_HOME%\Uninstall\Install\instdata 3 Open the uninstall-all. you cannot recover them unless you have made a back-up copy of the installation. 4 Open a command line prompt.ctl file in the following directory. you would change to the C:\Program Files\BMC Software\Uninstall\ Install\instbin directory and enter the following command: thorinst. 1 Uninstall all products as described in “To uninstall individual products” on page 81. configuration files. 2 Locate the uninstall-all. Once these files have been removed. and user-modified files would also be retained.out This action would remove all installation files and directories except those that are used by the utility at the time the uninstallation was performed.Uninstalling PATROL for Windows Servers Example If C:\Program Files\BMC Software is your product installation directory. Log files.exe -uninstall “C:\Program Files\BMC Software\Uninstall\Install\instdata\uninstall.ctl file in a text editor.txt -output Z:\NetworkLogs\MyLogs. thorinst. 5 Change to the following directory.exe -uninstall path to control file -log path to log file -output path to output log file Chapter 2 Installing and migrating PATROL for Windows Servers 83 . %PATROL_HOME%\Uninstall\Install\instbin 6 Enter the following command. To uninstall all log files and configuration files This task describes how to remove all PATROL products and related log files and configuration files from your Windows computer. and edit the /BMC/Base variable to specify the name of the directory from which you removed the products in step 1.ctl” -log Z:\NetworkLogs\MyLogs.

If a space exists in the path. the entire progress of the installation that are path must be enclosed in quotation normally sent to standard output.txt -output Z:\NetworkLogs\MyLogs. marks.txt extension) -output sends the log information to an output log file This file contains all messages about the If a space exists in the path.ctl” -log Z:\NetworkLogs\MyLogs. The files that were used to perform the uninstallation will be marked for deletion and will be removed when the computer on which the products were uninstalled is rebooted. any valid path and file name (with a .Uninstalling PATROL for Windows Servers Use the following table to help determine the log file and output log file locations: Option -log Description Value sends the log information to a standard any valid path and file name (with a . Example If C:\Program Files\BMC Software is your product installation directory. the entire path must be enclosed in quotation marks. 84 BMC PATROL for Microsoft Windows Servers Getting Started .txt extension) log file This file contains all installation status information.out This action would remove all installation files and directories. you would change to the C:\Program Files\BMC Software\Uninstall\Install\instbin directory and enter the following command: thorinst.exe -uninstall “C:\Program Files\BMC Software\Uninstall\Install\instdata\uninstall-all.

“Loading and configuring PATROL for Windows Servers Microsoft Windows Servers. “Accessing menu commands. “Agent configuration variables and rulesets” Appendix C. “PATROL for Microsoft Windows Servers . “Product components and capabilities” setting up and configuring PATROL for Chapter 3.” and PATROL for Windows Servers component online Help instructions about how to access the KM menu commands. InfoBoxes. InfoBoxes and online Help information about PATROL for Windows Servers configuration variables and predefined rulesets listing of the KM included with each PATROL for Windows Servers component step-by-step procedures and detailed descriptions of the applications. and online Help” Appendix B. parameters. and InfoBoxes Appendix A.kml files” PATROL for Windows Servers component online Help Chapter 2 Installing and migrating PATROL for Windows Servers 85 .Where to go from here Where to go from here The following table lists other topics and where you can find them: Topic overview of the PATROL for Windows Servers features Source of Information Chapter 1.

Where to go from here 86 BMC PATROL for Microsoft Windows Servers Getting Started .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 Loading the PATROL for Microsoft Windows Servers KMs . . . . . . . . . . . . . . . . . . . . . . . The following topics are discussed in this chapter: Preparing to use PATROL for Windows Servers . . . . . . . . . . . . . . . . . . . . 114 Configuring process monitoring . . . . . . . 142 Creating performance monitor parameters . . . . . . . . . . . 140 Configuring the PATROL KM for Microsoft Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 Enabling and disabling system monitoring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144 Chapter 3 Loading and configuring PATROL for Microsoft Windows Servers 87 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 Loading and preloading KMs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117 Creating custom parameters . . . . . . . . . . . . . . 142 Loading the PATROL Wizard for Microsoft Performance Monitor and WMI . . . . . . . . . . . . . . . . . . . . 128 Built-in native recovery actions . . . . . . 102 Configuring Windows events monitoring. 126 Notifying when disks are not present . . . . . 132 Using notification scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 Configuring the PATROL KM for Microsoft Windows OS. 138 Assigning notification targets for a PATROL alert. . . . . . . . . . . . . . . . . . . . . . 124 Viewing event logs . . . . . . . . . . . . 94 Requirements for configuring from the PATROL Console. . . . . . . . 129 Configuring built-in native recovery actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125 Configuring Blue Screen monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . 143 Setting alarm thresholds. . . . . . . 91 Preloading KMs on the PATROL Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128 About recovery actions . . . . . . 103 Configuring service monitoring . .Chapter 3 Loading and configuring PATROL for Microsoft Windows Servers 3 This chapter provides information about how to begin using and configuring the PATROL for Microsoft Windows Servers components. . . 130 Configuring e-mail notification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133 Defining notification servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127 Configuring recovery actions . . . . . . . . . . . . 141 Configuring PATROL Wizard for Microsoft Performance Monitor and WMI . . . . . . . 136 Assigning notification servers for the remote agents. 126 Providing nonaggregate values for a drive instance . . .

. . . . . . . . . . . . . . . . . 166 Displaying PATROL data by using the PATROL Adapter for Microsoft Office 167 How to use the PATROL Adapter for Microsoft Office . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168 Built-in report templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144 Configuring the PATROL KM for Log Management . . . . . . . . . . . . . . . . . . 160 Configure recovery actions for a log file. . . . . . . . . . 173 88 BMC PATROL for Microsoft Windows Servers Getting Started . . . . . . . . . . . . . . 170 Unloading KMs from a PATROL console . . . . . . . . . . . . . . . . 165 Using the PATROL Adapter for Microsoft Office to view reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150 Change the setup of a monitored file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168 Removing KMs from your console and agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156 Filter log file messages (create a search string) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147 Stop and start monitoring all default log files . . . 149 Stop monitoring a log file . . . . . . . 149 Start monitoring a log file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164 Configuring the PATROL KM for Microsoft Cluster Server . . . . . 157 Generate a custom event when a search string is identified . . . . . . . . . . . . . . . . . . . . . . . .Creating WMI parameters . . . . . . . . . . . . . . . . . . . . . . . . . . 171 Stopping preloaded KMs from running on the PATROL Agent . . . . . . . . . . . . . . . . . . . .

“Installing and migrating PATROL for Windows Servers. see the release notes for the version of PATROL for Microsoft Windows Servers that you are installing. the KMs that you want to use must be installed on the computer hosting the PATROL Console Server. you should verify that the following software requirements are met: s A supported version of a PATROL Console version 3.Preparing to use PATROL for Windows Servers Preparing to use PATROL for Windows Servers NOTE In this chapter. EXAMPLE If you want to monitor the operating system. If PATROL for Windows Servers has not been installed. see Chapter 2. A .km file is equivalent to an application class. the term Knowledge Module (KM) is usually equivalent to a .” After installing. return to this section for information about how to configure the components.kml file. s s NOTE For supported versions of PATROL products. Chapter 3 Loading and configuring PATROL for Microsoft Windows Servers 89 .kml file. Before configuring the PATROL for Windows Servers components. You should also verify that you have access to all required information about the monitored domain controllers or Windows servers. If you are using PATROL Central Operator – Microsoft Windows Edition or PATROL Central Operator – Web Edition. A supported version of the PATROL Agent and PATROL for Windows Servers must be installed on the computer you want to monitor and manage. ensure that you have the PATROL Console and the PATROL KM for Windows OS installed on the console machine and the PATROL Agent and the PATROL KM for Windows OS installed on the agent machine. which is a subset of a KM or .x and PATROL for Windows Servers must be installed on the computer you want to use for the PATROL Console.

kml files are preloaded on the PATROL Agent. usually under each agent icon.kml file COM.kml 90 BMC PATROL for Microsoft Windows Servers Getting Started .kml files (Part 1 of 2) Component PATROL KM for Microsoft COM+ PATROL History Loader KM PATROL KM for Microsoft Message Queue Description loads application classes to monitor COM+ packages loads application classes to monitor PATROL KM parameter history loads application classes to monitor Microsoft Message Queue (MSMQ) HISTORY. you will not see any gaps that would otherwise occur (because of the console’s absence). add them to the preload list for the appropriate PATROL Agents and load them on the console. KMs that are not preloaded collect data only while a PATROL console is connected to the PATROL Agent. Determining which KMs to load Before you can use the KMs that you have installed. To use the . Each PATROL Agent then collects data based on the instructions defined in the KM. You can find the steps for loading KM files in “Loading the PATROL for Microsoft Windows Servers KMs” on page 91. during discovery. Determining which KMs to preload Preloaded KMs collect data as long as the PATROL Agent runs. commands. and parameters appear in the PATROL console. Preloading KMs is a PATROL Agent feature that causes KM files to continue to run on the agent when no consoles are connected.kml MSMQ.kml files described in Table 16. even when no PATROL console is connected. Table 16 lists the KM files in this product that you can load. the KM files must be loaded into the PATROL console so that the product’s applications. the KM files are loaded on all the PATROL Agents to which the console is connected.kml PATROL for Microsoft Windows Servers . no .Preparing to use PATROL for Windows Servers Loading and preloading KMs When you load a KM from the PATROL Console for Windows or the PATROL Console for UNIX. By default. The KM icons appear in the console. You can find the steps for loading and preloading KMs in the following sections: s s “Loading the PATROL for Microsoft Windows Servers KMs” on page 91 “Preloading KMs on the PATROL Agent” on page 94 Table 16 . When you view a preloaded KM’s data collection history.

kml MWD_ACTIVE_Dire PATROL KM for Windows Active ctory_MN.kml MCS_Load.kml PATROL KM for Windows Domain Services loads the application classes to monitor Active Directory loads application classes to monitor the domain controller resources PATROL KM for Microsoft Cluster Server loads application classes that are used to monitor Microsoft server clusters loads application classes that are required to use the PATROL PerfMon and WMI Wizard loads application classes required to configure alerts.kml NT_BASE.kml Directory NTD.kml Performance Monitor and WMI EVENT_MANAGEM PATROL KM for Event Management ENT.Preparing to use PATROL for Windows Servers Table 16 .kml files (Part 2 of 2) Component PATROL KM for Windows OS Description loads application classes to monitor the operating system NT_LOAD. Before you begin Make sure you have met the following requirements: s s s the components that you want to load on the agent and console computers are installed the agents to which you want to load components are running the PATROL Console is running Chapter 3 Loading and configuring PATROL for Microsoft Windows Servers 91 . such as e-mail or paging notifications loads application classes required to configure log monitoring NT_PERFMON_WIZ PATROL Wizard for Microsoft ARD.kml file PATROL for Microsoft Windows Servers .kml LOG.kml NT_HYPER-V.kml PATROL KM for Log Management Loading the PATROL for Microsoft Windows Servers KMs This section provides instructions for loading the PATROL for Microsoft Windows Servers KMs on each of the PATROL consoles.

several minutes may be required to migrate forward existing configuration settings. Loading individual . the first time you load the KM. NOTE Unless you are an advanced PATROL user. 2 Select one or more of the .kml files. see “PATROL for Microsoft Windows Servers .km files can break the interdependencies between the . see “PATROL for Microsoft Windows Servers .kml files in Table 16 on page 90 that correspond to the components that you want to load.kml files. If the KM icons do not appear within 10 minutes.kml files in Table 16 on page 90 that correspond to the components that you want to load. NOTE Unless you are an advanced PATROL user. open and read the information in the PATROL system output window. open and read the information in the PATROL system output window. several minutes may be required to migrate forward existing configuration settings.km files can break the interdependencies between the . For detailed information about the application classes that are loaded with these .km files. NOTE If you have installed PATROL KM for Microsoft Windows OS over a previous version.km files. 3 Click Open. 92 BMC PATROL for Microsoft Windows Servers Getting Started . NOTE If you have installed PATROL KM for Microsoft Windows OS over a previous version.kml files” on page 282. the first time you load the KM. If the KM icons do not appear within 10 minutes. use the .kml files” on page 282. Loading individual . 3 Click OK. For detailed information about the application classes that are loaded with these . To load the KM on a PATROL Console for UNIX 1 Choose File => Load KM from the PATROL Console menu bar.Preparing to use PATROL for Windows Servers To load KMs on the PATROL Console for Windows Servers 1 Choose File => Load KM from the PATROL Console menu bar. 2 Select one or more of the .kml files to load product component files.kml files to load product component files. use the .

4 From the Knowledge Modules screen. If a particular .kml files that are listed are the ones that have been installed on all of the selected computers.Web Edition PATROL Central . and click Next.km and . see “PATROL for Microsoft Windows Servers .Web Edition has a Loading KMs feature that enables you to control which KMs are loaded on which computers. you must choose that computer by itself to load the file. the only .km or . click the Load/Unload KMs button.Windows Edition 1 In the Common Tasks tab of the Operator Console Module Taskpad. PATROL Displays the Load Knowledge Module(s) Wizard. To load the KM on PATROL Central .km and . listing each computer on which a PATROL Agent has been installed. 4 Click Finish. click Next. and displayed in the PATROL Central Operator tab. The KMs that you selected are loaded on the managed system. 3 From the Managed System screen. Chapter 3 Loading and configuring PATROL for Microsoft Windows Servers 93 .km or . For detailed information about the application classes that are loaded with these .kml files. The Load KMs page opens. click the Load Knowledge Module(s) icon. 3 Select the . PATROL loads the selected KMs on the selected computers. select the managed system that you want to load KMs on. select the KMs that you want to load. The Load KMs page displays a list of available . 2 To start the wizard. 2 Select the computers on which you want to load KMs. 5 Click Finish. added to your management profile.Preparing to use PATROL for Windows Servers To load the KM on PATROL Central Operator .kml files. 1 From the Monitored Systems page.kml file was installed only on one computer.kml files” on page 282.kml files that you want to load. If you selected more than one computer.

add it to the agent’s preload list. The wpconfig utility must be installed on a computer that can access machines that are running the PATROL Agent over the network. To preload a KM. You must have permission to modify the configuration change file (. 94 BMC PATROL for Microsoft Windows Servers Getting Started . ensure that the KM is installed on the appropriate computer and select only that computer in Step 2. type wpconfig. Preloading KMs on the PATROL Agent If you want your KMs to continue collecting data even when no console is running. you must preload your KMs on the PATROL Agent.cfg). choose Tools => Get Configuration. s s To use wpconfig to preload a KM from the PATROL Console for Microsoft Windows 1 From a Windows command window. You can update the preload list by using one of these methods: s use the PATROL Configuration Manager to apply one of the predefined rulesets to the PATROL Agent (see “PATROL for Microsoft Windows Servers rulesets” on page 257) using the wpconfig or xpconfig utility s Preloading using the wpconfig utility This section describes how to use the wpconfig utility to preload KMs on the PATROL Agent. see the PATROL Agent Reference Manual. For information about the wpconfig ir xpconfig utility.kml file that was not listed in Step 2.Preparing to use PATROL for Windows Servers NOTE If you want to load a . A preloaded KM is a KM that is loaded by the PATROL Agent at startup and runs as long as the PATROL Agent runs. The wpconfig window is displayed.km or . Before you begin s The PATROL Agent must be running. 2 From the menu bar.

“PATROL for Windows . The Modify Variable dialog box is displayed. listing the PATROL Agent host name to which you are connected. 6 In the Change Entries field. 10 In the Modify Variable dialog box. click the AgentSetup folder. The Change Entry dialog box is displayed.kml 9 Click OK.kml. 13 Save your changes to the configuration change file by clicking the Save button. Chapter 3 Loading and configuring PATROL for Microsoft Windows Servers 95 .kml files” for a list of the KMs that are available in this product. enter the name of a computer that is hosting the PATROL Agent and click OK. 5 Scroll down the variable list and double-click the preloadedKMs variable. double-click the highlighted REPLACE line. click OK to close the box. 4 In the left pane. leave REPLACE.Preparing to use PATROL for Windows Servers The Get Configuration dialog box is displayed. choose Apply Configuration. use the comma-separated format without spaces to type the names of the . 7 In the Type field. The wpconfig utility gets the PATROL Agent’s configuration. The Apply Configuration dialog box is displayed. 3 In the Host Name field.kml files that you want to preload.COM. The Change Entry dialog box closes.NT_PERFMON_WIZARD. 11 From the Tools menu. 8 In the Value field. a valid and typical preloaded KMs list is as follows: NT_BASE. 14 Close the wpconfig window. See Appendix C. 12 Click OK to apply your updated configuration to the PATROL Agent. The variables in the AgentSetup folder are displayed in the right pane.kml. For example.

The wpconfig window is displayed. as described in this task. 3 In the Host Name field. click the AgentSetup folder.kml or . 6 In the Change Entries field. The wpconfig utility gets the PATROL Agent’s configuration. The variables in the AgentSetup folder are displayed in the right pane. 7 In the Type field. 96 BMC PATROL for Microsoft Windows Servers Getting Started . The Change Entry dialog box is displayed.Preparing to use PATROL for Windows Servers Using wpconfig to remove KMs from the Agent preload list If you want to remove a KM or application class so that it no longer runs on the PATROL Agent. The Get Configuration dialog box is displayed. choose Tools => Get Configuration. 5 Scroll down the variable list and double-click the preloadedKMs variable. enter the name of a computer hosting the PATROL Agent and click OK. s s To use wpconfig to remove a KM from the preload list in the PATROL Console for Microsoft Windows 1 From a Windows command window.cfg). remove the corresponding . 4 In the left pane. 2 From the menu bar.km file from the agent preload list. leave REPLACE. type wpconfig. double-click the highlighted REPLACE line. Before you begin s The PATROL Agent must be running. The Modify Variable dialog box is displayed. You must have permission to modify the configuration change file (. The wpconfig utility must be installed on a computer that can access machines that are running the PATROL Agent over the network.

12 Click OK to apply your updated configuration to the PATROL Agent. 9 Click OK to close the Change Entry dialog box.kml files” for a list of the KMs that are available in this product. Requirements for configuring from the PATROL Console When using the PATROL Console to configure or manage the PATROL KM for Microsoft Windows OS. meets the following requirements: s s is a member of the local Administrators group on the agent computer has the right Log on as a Batch Job assigned If the console connection account does not meet these requirements. 11 From the Tools menu. the account that you use to connect to the agent. One can grant read/write permission to the connection account to %PATROL_HOME%\Patrol\tmp for this to work or add the connecting user to the Server Operators group on the agent machine. PATROL KM for Microsoft Cluster Server Deleting account information Delete Access Information Chapter 3 Loading and configuring PATROL for Microsoft Windows Servers 97 .kml file names that you want to remove from the preload list. The Apply Configuration dialog box is displayed. Table 17 KM PATROL KM for Microsoft Active Directory Console functionality that requires local admin rights (Part 1 of 4) Functionality Running the AD Operations report Menu command AD Operations Report Behavior System Output details the need for a sufficient connection account. 10 Click OK to close the Modify Variable dialog box. delete the . 13 Save your changes to the configuration change file by clicking the Save button. the features described in Table 17 are not available. Message is displayed with failure to remove account information. verify that the console connection account. choose Apply Configuration.Preparing to use PATROL for Windows Servers 8 In the Value field. See Appendix C. “PATROL for Windows . 14 Close the wpconfig window.

or add the account to the Server Operators group on the Agent machine. Report is blank.Preparing to use PATROL for Windows Servers Table 17 KM Console functionality that requires local admin rights (Part 2 of 4) Functionality Menu command Availability Report Behavior A blank report is displayed. Add the connecting account to the built-in Administrators group on the Agent machine. A blank report is displayed. Give full access to the %PATROL_HOME%\tmp directory structure to the connecting account. Add the connecting account to the built-in Administrators group on the Agent machine. Give the connecting account full access to the %PATROL_HOME%\tmp directory structure A blank report is displayed. Give the connecting account full access to the %PATROL_HOME%\tmp directory structure A message is displayed detailing the inability to access the resource. Give the connecting account full access to the %PATROL_HOME%\tmp directory structure. This report uses Agent history data. Message is displayed indicating inability to access service. PATROL KM for Running an Windows Domain availability report Services with the Remote Servers KM Running a Server Information report with the Remote Servers KM Displaying information about a user using the Users KM Stopping or Starting the WINS service Server Information Report Display User Information Start/Stop WINS Service Starting or stopping the DFS service Start/Stop DFS Service Running the DFS Operations report DFS Operations Report 98 BMC PATROL for Microsoft Windows Servers Getting Started .

Add the connecting account to the built-in Administrators group on the Agent machine. Message is displayed indicating inability to access service. Message is displayed indicating inability to access database.Preparing to use PATROL for Windows Servers Table 17 KM Console functionality that requires local admin rights (Part 3 of 4) Functionality Menu command Start/Stop Replica DFS Service Behavior Message is displayed indicating inability to access service. Access Denied message is displayed. Add the connecting account to the built-in Administrators group. continued service Disconnecting DFS users View/Disc. Users are not disconnected. Print Operators or Server Operators built-in group. Add the connecting account to the built-in Administrators group on the Agent machine. Add the connecting account to the built-in Administrators group on the Agent machine. A message is displayed detailing the inability to access the resource. Access Denied message is displayed. Add the PATROL Agent default account to the Account Operators. Add the connecting account to the built-in Administrators group on the Agent machine. Add the connecting account to the built-in Administrators group on the Agent machine. Connected Users Compressing the DHCP database Compress DHCP Database Starting or stopping the DHCP service Start/Stop DHCP Service Stopping or Starting the DNS service Start/Stop DNS Server Service PATROL KM for COM+ Starting or Stopping the DTC Start/Stop DTC Service Viewing application properties PATROL KM for MSMQ Starting or stopping the MSMQ service View application properties Start/Stop MSMQ Service Chapter 3 Loading and configuring PATROL for Microsoft Windows Servers 99 . Add the connecting account to the built-in Administrators group. An unable to view message is displayed. PATROL KM for Starting or stopping Windows Domain the DFS Replica Services.

see “Supplying an impersonation account” on page 100 Viewing the Windows Windows Event security event log Viewer Managing Windows event logs Windows Event Viewer Viewing server-based reports OS Reports Blank Microsoft Excel spreadsheets are displayed. 100 BMC PATROL for Microsoft Windows Servers Getting Started . PATROL KM for Microsoft Windows OS Configure BlueScreen You can use the three options provided Monitoring to configure the KM. but you cannot change properties. see “Supplying an impersonation account” on page 100. such as starting and stopping services or changing service startup properties Manage Windows Operating System Services The KM prompts you to supply an administrative account that includes the user right Log on as batch job on the PATROL Agent machine. the user right Act as part of the operating system is also required by the PATROL Agent when it impersonates an account. Add the right Manage Auditing And Security Log to the agent account and the console connection account. Supplying an impersonation account On Windows 2000. when it uses an account that you enter to perform the requested action. Configuring Windows Configure Operating operating system System Quotas quotas Managing Windows services. other than the security event log.Preparing to use PATROL for Windows Servers Table 17 KM Console functionality that requires local admin rights (Part 4 of 4) Functionality Configuring Blue Screen KM (NT_BSK) system recovery actions Configuring Blue Screen monitoring (NT_BSK) Menu command Set System Recovery Actions Behavior A pop-up window displays a message stating that the connecting user must have administrator privileges. For more information. you may need to also assign the user right Bypass traverse checking to the PATROL Agent default account. If the agent default account has this right and it has the user right Log on as batch job. The KM looks for the crash dump file as well as the event (ID 6008). You can view event logs. but PATROL still cannot perform the request. The KM prompts you to supply an administrative account that includes the user right Log on as batch job on the PATROL Agent machine. For more information. see “Supplying an impersonation account” on page 100. For more information. That is. The KM prompts you to supply an administrative account that includes the user right Log on as batch job on the PATROL Agent machine.

access the NT_PHYSICAL_DISK_ 126 CONTAINER and the NT_LOGICAL_DISK_CONTAINER applications and choose the KM menu command Acknowledge. access the CompositesColl application and choose the KM menu command Create Expressions. Page 103 configure service monitoring From the PATROL Console. access the Windows Event application and choose the KM menu command Configure Windows Event Monitoring. From the PATROL Console. From the PATROL Console. access the host application and 130 choose the KM menu command Configure Recovery Actions. From the PATROL Console. 114 117 From the PATROL Console. Chapter 3 Loading and configuring PATROL for Microsoft Windows Servers 101 . 124 view event logs 125 configure blue screen monitoring notify when disks are not present 126 From the PATROL Console. access the Services application and choose the KM menu command Configure Service Monitoring. access the Windows Event application and choose the KM menu command Windows Event Viewer.Configuring the PATROL KM for Microsoft Windows OS Configuring the PATROL KM for Microsoft Windows OS The following section describes how to configure key features of the PATROL KM for Microsoft Windows OS. configure process monitoring configure built-in recovery actions create custom parameters From the PATROL Console. see “Accessing KM commands and InfoBoxes” on page 214. For more detailed step-by-step configuration instructions. For more information about accessing KM menu commands. access the Processes application and choose the KM menu command Configure Manual Process Monitoring. Table 18 Tasks configure Windows event monitoring PATROL KM for Microsoft Windows OS configuration tasks Menu command From the PATROL Console. access the NT_BSK application and choose the KM menu command Configure Blue Screen Monitoring. see the referenced sections in Table 18 on page 101. see the PATROL KM for Microsoft Windows OS online Help. For information about PATROL KM for Microsoft Windows OS configuration tasks.

Configuring the PATROL KM for Microsoft Windows OS

Enabling and disabling system monitoring
This section describes how to enable and disable the monitoring of basic server systems. By default, the monitoring for all discovered systems is enabled. To disable or enable monitoring, use the menu command shown in Table 19. The menu command displays a dialog that allows you to exclude or include systems from monitoring. For additional instructions, click the Help button available on the dialog. Table 19
System processors

Enabling and disabling system monitoring
To enable or disable

Monitored by default

all processors discovered on the From the PATROL Console, access the Processors application system and choose the KM menu command Enable-Disable Processor Monitoring. all physical disks discovered on From the PATROL Console, access the Physical Disks the system application and choose the KM menu command Enable-Disable Physical Disk Monitoring. all logical disks discovered on the system From the PATROL Console, access the Logical Disk application and choose the KM menu command Enable-Disable Logical Disk Monitoring. To monitor logical disks, PerfMon counters must be enabled. For more information, see “Monitoring logical or physical disk drives.”

physical disks logical disks

pagefiles

all pagefiles discovered on the system all event logs listed in the registry

From the PATROL Console, access the Pagefiles application and choose the KM menu command Enable-Disable Pagefile Monitoring. From the PATROL Console, access the Windows Events application and choose the KM menu command Enable-Disable Windows Event Log Monitoring. To monitor the security event log, the PATROL Agent default account must have the user right Manage auditing and security log.

event logs

network protocols network interfaces printers

all network protocols that are installed on the system all network interfaces discovered on the system all printers discovered on the system

From the PATROL Console, access the Network Protocols application and choose the KM menu command Enable-Disable Protocol Monitoring. From the PATROL Console, access the Network Interfaces application and choose the KM menu command Enable-Disable Network Interface Monitoring. From the PATROL Console, access the Printers application and choose the KM menu command Enable-Disable Printer Monitoring.

job objects

all job objects discovered on the From the PATROL Console, access the Job Objects application system and choose the KM menu command Enable-Disable Job Object Monitoring.

102

BMC PATROL for Microsoft Windows Servers Getting Started

Configuring the PATROL KM for Microsoft Windows OS

Monitoring logical or physical disk drives
If no data appears for the NT_LOGICAL_DISK application class, run one of the following diskperf commands from a command-line window to ensure that the Microsoft diskperf counters are enabled:
s s

diskperf -yv for Windows 2000 (restart required) diskperf -y for Windows Server 2003 (no restart required)

For the platforms shown above, Microsoft requires that you restart the system after running the diskperf command. For more information, see Microsoft Knowledge Base article Q262937, “PRB: RegQueryValueEx() May Not Return Disk Performance Counters.”

Configuring Windows events monitoring
To monitor for specific Windows events, PATROL allows you to create event filters. Event filters specify the type of events to monitor and how to monitor them. You can create event filters by specifying the types of events that you want to monitor based on the event’s source, ID, type, and content. However, before you can create a filter for a Windows event, you must enable the monitoring of that Windows event log. If the events you want to monitor have unregistered sources, but you can manually add those events. Once you have enabled the monitoring of the Windows Events, you can set up a filter to scan the event log for specific events. For example, you might want to monitor the WinMgmt events. The event filter options provided using the Configure Windows Event Monitoring => Create Filter or => Modify Filter menu commands from a Windows Event instance enable you to set up the monitoring of an event in many different ways. You can remove a Windows event filter at any time, and you can turn off an event filter. See the following topics for more information:
s s s s s

“Enable and disable monitoring of Windows events” on page 104 “Display events with unregistered sources” on page 104 “Example: creating an event filter to monitor WinMgmt events” on page 105 “Event filter options” on page 105 “Turning off an event filter” on page 114

Chapter 3

Loading and configuring PATROL for Microsoft Windows Servers

103

Configuring the PATROL KM for Microsoft Windows OS

Enable and disable monitoring of Windows events
Before you can create an event filter, you must enable the monitoring of the Windows event log. By default, all Windows event logs are monitored if they are registered in the Windows registry at the following location: HKLM\SYSTEM\CurrentControlSet\Services\Eventlog To enable or disable Windows event log monitoring, access the Windows Events application and choose the KM menu command Enable-Disable Windows Event Log Monitoring.

Display events with unregistered sources
When using the PATROL KM for Microsoft Windows OS graphical interface to create an event filter, the events that you choose to monitor must have registered event sources. Unregistered sources do not appear in the interface. To work around this problem, follow these steps to display an unregistered source in the interface so that it can be selected.

1 Using the Configure Windows Event Log Monitoring => Create Filter menu
command, create a new filter. In the Create Filter dialog box, select the Filter Property - Source, and deselect the option to Automatically include new sources. This sets the following agent configuration variable to 0:
/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config//EventLogMonitoring/eventlog/Ev entFilters/filtername/IncludeAllSources

2 Using PATROL Configuration Manager or the wpconfig utility, manually add the
unregistered event source to the following agent configuration variable.
/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config//EventLogMonitoring/eventlog/Ev entFilters/filtername/SourceList/list

3 Apply the change to the PATROL Agent.

104

BMC PATROL for Microsoft Windows Servers Getting Started

Configuring the PATROL KM for Microsoft Windows OS

Example: creating an event filter to monitor WinMgmt events
Assume that you want to create an event filter that monitors for the following events: Table 20
Event type Error

Event filter events:example
Event Event source category WinMgmt None Event ID 37 Description WMI ADAP was unable to load the perfproc.dll performance library due to an unknown problem within the library: 0x0 ADAP was unable to process the perfproc.dll performance library due to a time violation in the collect function WMI ADAP was unable to process the perfproc.dll performance library due to a time violation in the open function

Error

WinMgmt

None

41

Error

WinMgmt

None

61

You want to be notified immediately when these particular events occur. However, you want to be notified only when the event is related to the perfproc.dll performance library, not any other performance counter libraries. In addition, you do not want to be flooded with events, so if these events are generated multiple times within a short period, you want to be notified only once. Finally, if these events are detected, you want PATROL to remain in alarm until the alarm is acknowledged by an operator. Using the Event filter options presented in the Configuring Windows Event Monitoring => Create Filter dialog boxes, you can create a filter with all of the properties proposed in this example.

Event filter options
When you choose the Configure Windows Event Monitoring => Create Filter or => Modify Filter menu commands from a Windows Event instance, you are presented with several filter options. Table 21 on page 106 provides you with the name, description, and associated configuration variables for the event filter options you can select.

Chapter 3

Loading and configuring PATROL for Microsoft Windows Servers

105

Configuring the PATROL KM for Microsoft Windows OS

Table 21
Option

Event filter options (Part 1 of 8)
Description A unique name that represents the event filter. If you change the filter name, you will lose the historical data stored under the old name. The filter name must contain fewer than 127 characters. Configuration variables child_list For more information, see “Using the child_list variable” on page 271. FilterDescription

Filter name

Description

A description of the event filter. You can change the description at any time.

Report the number If you select this option, PATROL monitors the number of of events.... events that match the filter criteria during each collection cycle. Depending on which event types the filter monitors, the following parameters are used to report this data:
s s s s s s s

EventReport

ELMError ELMWarning ELMInformation ELMStatus ELMSuccessAudit ELMFailureAudit ELMOtherTypes

Notify PATROL immediately....

NA If you select this option, PATROL immediately updates the appropriate parameter when an event matches the filter criteria. Depending on which event types the filter monitors, the following parameters are displayed in an alarm state when an event matches the filter:
s s s

s

ELMErrorNotification ELMFailureAuditNotification ELMNotification (This parameter is active only when you have selected both of the following options: Notify immediately and consolidate event types. For more information, see the description in Event Type tab section of this table.) ELMWarningNotification

For more information about these parameters, see the PATROL KM for Microsoft Windows OS online Help. Source filter properties Source Select/Deselect source(s) for this filter Registered sources for which events can be monitored applications running on the server that PATROL is currently monitoring NA SourceList/list

106

BMC PATROL for Microsoft Windows Servers Getting Started

Configuring the PATROL KM for Microsoft Windows OS

Table 21
Option

Event filter options (Part 2 of 8)
Description Configuration variables

Automatically Include New Sources Disable Case Sensitivity Select Event Types to monitor Consolidate event types...

If you select this option, this event filter automatically monitors IncludeAllSources any new applications that are added to the system If you select this option, the event filter makes filter comparisons FilterDisableCase in a case-independent manner the Windows event types monitored by this event filter If you select this option, events of different types (Warning, Information, and Error, for example) are reported using one parameter: ELMStatus (or ELMNotification if you have also chosen to be notified immediately when the event occurs). If you want to have separate parameters for each event type that can alarm independently, deselect this option. EventType ConsolidateEventTy pes

Event Type filter properties

Event ID filter properties EventIdList/list Enter a Windows The Microsoft Windows event IDs that you want to monitor Event ID or a range with this filter. of IDs To specify a range of event IDs, separate the beginning and ending of the range with a dash. For example, to monitor events 100 through 200, enter 100-200. Include all specifies that all of the Windows event IDs in the list are Windows event IDs monitored by the event filter in the list IncludeAllEventIds

IncludeAllEventIds specifies that all of the Windows event IDs except those in the Include all Windows event IDs list are monitored by the event filter except those in the Select this option when there are certain event IDs that you are list not interested in monitoring and you want to exclude them from the event filter. Event Handling filter properties Annotate graph parameter... annotates the PATROL parameter graphs associated with this event filter with information about the event You can display the annotations by placing the cursor over the graph data points. Annotation

Chapter 3

Loading and configuring PATROL for Microsoft Windows Servers

107

For more information. see the description in Event Type tab section of this table. If you do not use recovery actions or do not plan to use them. if you create a recovery action that generates an e-mail when the event filter alarms. you could include the event description in the e-mail. EvRptOfError EvRptOfFailureAudit EvRptOfInformation EvRptOfStatus EvRptOfSuccessAudit EvRptOfWarning ELMRptOfOtherTypes ELMRptOfNotification (This parameter is active only when you have selected both of the following options: Notify immediately and consolidate event types..... RetainEventDescripti ons 108 BMC PATROL for Microsoft Windows Servers Getting Started . deselect this option to limit use of the agent database space.) For more information about these parameters. see the PATROL KM for Microsoft Windows OS online Help. Use event details. the following parameters are used to report this data: s s s s s s s s Configuration variables EventReport Write event details.Configuring the PATROL KM for Microsoft Windows OS Table 21 Option Event filter options (Part 3 of 8) Description writes details about the events that occur to a parameter Depending on which event types the filter monitors. saves information about the event in the agent configuration variable RetainEventDescriptions so that you can use this information in recovery actions For example.

This means that events of different types (Warning. Resetting to default setting To return to the default setting.Configuring the PATROL KM for Microsoft Windows OS Table 21 Option Event filter options (Part 4 of 8) Description When you select this option. the data point annotation contains information about each of the events that occurred. Chapter 3 Loading and configuring PATROL for Microsoft Windows Servers 109 . However. which is not reporting multiple events as one event and not consolidating events. see the description for the Event Type tab in this table. and Error. Information. the event filter generates an alarm. the event filter does not alarm. for example) are reported using one parameter. if only 5 events occur in 2 seconds. PATROL reports a single event when the event occurs many times within a short period.. event consolidation is also enabled. Configuration variables ConsolidationNumbe r and ConsolidationTime Report multiple events. Example For example. Consolidating event types If you select this option. Annotation details Even though one data point may represent multiple events of different types. ELMStatus (or ELMNotification if you have also chosen to be notified immediately when the event occurs).. For more information about event consolidation. if you select to report multiple events as one event if 10 events occur within 3 seconds. then if 20 events occur in 2 seconds. enter 0 as the number of times that the event occurs.

Disable Case Sensitivity If you select this option. Requirements for using: You must create an event filter that monitors for the required event and select that event filter from the drop-down list.. In addition. a period (.. PATROL returns the filter to an OK state if the events you are monitoring do not occur during the next collection cycle. Include all users in specifies that all of the user IDs in the list are monitored by the the list event filter Include all users except those in the list specifies that all of the user IDs except those in the list are monitored by the event filter Select this option when there are certain user IDs that you are not interested in monitoring and you want to exclude them from the event filter.). PATROL keeps the filter in alarm until an operator manually acknowledges the alarm. the event filter makes filter comparisons FilterDisableCase in a case-independent manner IncludeAllUsers 110 BMC PATROL for Microsoft Windows Servers Getting Started . If you select this option. you must enter the category as \$Smith... If you select this option. PATROL changes the filter state from an alarm state to an OK state when the criteria of a second event filter are met. such as a dollar sign ($). if the user name is $Smith. a parenthesis (). s Change state when the following event . or a slash (/).. Advanced properties . For example.Users UserList/list Enter the user the user ID of a user whose events you want to monitor associated with the event The user name cannot include commas. the event filter must be configured to notify PATROL immediately when an event matches the filter criteria.. When entering a user whose name includes special characters that are used in regular expressions. If you select this option.Configuring the PATROL KM for Microsoft Windows OS Table 21 Option Event filter options (Part 5 of 8) Description s Configuration variables AcknowledgeBy Acknowledge Alarms Automatically change state to ‘OK’ . you must escape each special character with a slash. s Remain in alarm until .

a period. When entering a category whose name includes special characters that are used in regular expressions. you must enter the category as \(100\). When entering strings which include special characters that are used in regular expressions. you must escape each special character with a slash. such as a dollar sign. Include all strings in the list Include all strings except those in the list specifies that all of the strings in the list are monitored by the event filter specifies that all of the strings except those in the list are monitored by the event filter Select this option when there are certain strings that you are not interested in monitoring and you want to exclude them from the event filter.Strings Chapter 3 Loading and configuring PATROL for Microsoft Windows Servers 111 . Include all categories in the list Include all categories except those in the list specifies that all of the categories in the list are monitored by the IncludeAllCategories event filter specifies that all of the categories except those in the list are monitored by the event filter Select this option when there are certain categories that you are not interested in monitoring and you want to exclude them from the event filter. Disable Case Sensitivity Enter strings If you select this option. you must enter the category as \$Smith.Category Enter the category the event category that you want to monitor with this event associated with the filter event Categories are defined by the application that generates the event.Configuring the PATROL KM for Microsoft Windows OS Table 21 Option Event filter options (Part 6 of 8) Description Configuration variables CategoryList/list Advanced properties -.). Disable Case Sensitivity If you select this option. if the category name is (100). the event filter makes filter comparisons FilterDisableCase in a case-independent manner The text strings that you want to monitor with this event filter The text string cannot include commas. the event filter makes filter comparisons FilterDisableCase in a case-independent manner StringList/list IncludeAllStrings StringList/list IncludeAllCategories Advanced properties . if the user name is $Smith. a parenthesis (). you must escape each special character with a slash. such as a dollar sign ($). a period (. For example. The category name cannot include commas. For example. or a slash (/). or a parenthesis.

Enter a Regular Expression for Source Enter a Regular Expression for Source Advanced properties . the event ID is compared with the specified regular expression. For more information about using regular expressions. the event is matched with the configured event ID list. If the source generating the event does not exist in the configured source list. if the sources are Norton AntiVirus Client or Symantec AntiVirus Client. the event is matched with the configured source list. For more information about using regular expressions. If you have configured the event IDs for the filter and an event occurs. Configuration variables SourceList/list Advanced properties . the regular expression should be configured as ‘^(Norton|Symantec) AntiVirus Client’. see “Using regular expressions” on page 117. For example. EventIdList/list 112 BMC PATROL for Microsoft Windows Servers Getting Started .Enter a Regular Expression for Event ID the regular expression that is used as a criteria for including or Enter a Regular Expression for Event excluding event IDs to be monitored with the Windows event ID filter. If the event ID does not exist in the configured list. If you have configured the sources for the filter and an event occurs.Configuring the PATROL KM for Microsoft Windows OS Table 21 Option Event filter options (Part 7 of 8) Description the regular expression that is used as a criteria for including or excluding sources to be monitored with the Windows event filter. the source generating the event is compared with the specified regular expression. see “Using regular expressions” on page 117.

Chapter 3 Loading and configuring PATROL for Microsoft Windows Servers 113 . Creating a Windows event filter While specifying the advanced options for a Windows event filter. You can also use the following new pconfig variables to configure or to view the names of the computers that you want the event log filter to monitor: s s /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/Event LogMonitoring/eventLog/EventFilters/filterName/Comput erNamesList/list – lists the names of the computers you provided when creating the filter. select the Include option.Computer name Computer name enables you to create a filter that monitors events generated only ComputerNamesList /list by a specified computer. Enter the name of the computer that you want the event log filter to monitor. include the word alarm and exclude the word warn. The pconfig variable contains a field or bit for computer name. if you want to filter a string that contains the word alarm but not the word warn. 3 Click Apply.Configuring the PATROL KM for Microsoft Windows OS Table 21 Option Event filter options (Part 8 of 8) Description Configuration variables Advanced properties . The string is added to the Include List. /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/Event LogMonitoring/eventLog/EventFilters/filterName/Include AllCompList – indicates whether all computers are monitored. For example. you can now include and exclude strings from filtering simultaneously. To include and exclude strings from filtering while creating or modifying a Windows event filter 1 In the Strings dialog box. 2 Enter the string that you want to include for filtering. 4 Select the Exclude option. You can use the FilterDisableCase pconfig variable to disable case sensitivity for the computer names.

Table 22 shows you how the KM monitors each startup type by default. You can change the monitoring properties of the monitored services or add other services to monitor. change the value of the FilterEnabled to 1. 6 Click Apply. The string is added to the Exclude List. Turning off an event filter You can temporarily turn off an event filter and then turn it back on at a later time. To turn off an existing event filter 1 Using the PATROL Configuration Manager or the pconfig utility. The event filter is disabled. edit the agent configuration variable FilterEnabled. It is no longer discovered and does not collect events. access the following agent configuration variable: /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config//EventLogMonitoring/ event log/EventFilters/filter/FilterEnabled where filter represents the name of the event filter 2 Change the value of the FilterEnabled variable to 0. choose the Configure Service Monitoring menu command from a Services application instance to perform the following tasks: 114 BMC PATROL for Microsoft Windows Servers Getting Started . PATROL monitors the availability of all system services except those whose startup type is disabled. Configuring service monitoring By default. Table 22 Automatic Manual Disabled Default service monitoring flags Auto restart 1 0 0 Alarm 1 0 0 Startup type To change the default settings for services. To turn the filter back on.Configuring the PATROL KM for Microsoft Windows OS 5 Enter the string that you want to exclude from filtering. To turn an event filter on or off.

s Thus. you can specify a Warning instead. The Monitor pconfig variable for the service is set to ‘1’. However. This feature is only for services with a startup type of Automatic. However. PATROL generates an Alarm. s s By default. Table 23 provides you with names. To remove services to the list of monitored services. after you select the service you want to configure. Windows KM monitors a service only if the Monitor pconfig variable for the service is set to ‘1’ and the service is not included in the list of the removedServiceList pconfig variable. and the configuration variable associated with each option. and default values for these options. choose Configure Service Monitoring => Configure Service menu command. when a service is stopped. Table 23 Option Restart service when stopped Service monitoring options (Part 1 of 2) Description Default (yes/no) Configuration variable AutoRestart Yes If you select this option. Generate a PATROL Alarm/Warn when the service is stopped WarningAlarm Chapter 3 Loading and configuring PATROL for Microsoft Windows Servers 115 . descriptions. PATROL automatically attempts to restart the service when it is stopped (only for services with a startup type of Automatic). the removedServiceList pconfig variable is updated to contain this particular service. choose the Configure Service Monitoring => Add Service menu command. To use this option. choose the Configure Service Monitoring => Remove Service menu command. s If you want to monitor a disabled service. add the service by using the Configure Service Monitoring => Add Service menu command. the Monitor pconfig variable is not set to ‘0’. you must also select the option “Generate a PATROL Alarm/Warn when the service is stopped. To configure monitored services. the Windows KM monitors all services with startup type as ‘automatic’ or ‘manual’. you are presented with the monitoring options. for a particular service.” Yes (Alarm) By default.Configuring the PATROL KM for Microsoft Windows OS s To add services to the list of monitored services. Service monitoring options When you select the Configure Service Monitoring => Configure Service menu command. If you add a disabled service and later remove the service by using the Configure Service Monitoring => Remove Service menu command.

PATROL monitors the service executable process and displays the monitored process beneath the NT_SERVICE application. To monitor how much memory and CPU a service executable consumes. “Agent configuration variables and rulesets. Table 24 shows the possible combinations of values for these variables and how each combination causes PATROL to restart (yes) or not restart (no) a monitored service when it goes down. you must set the alarm ranges for the SvcNotResponding parameter to correspond to the appropriate value returned by the executable.” 116 BMC PATROL for Microsoft Windows Servers Getting Started . PATROL monitors only whether services No are available. Table 24 Configuration variable and service restart: combinations Possible values 0 0 0 No 0 0 1 No 0 1 0 Yes 0 1 1 Yes 1 0 0 No 1 0 1 No 1 1 0 No 1 1 1 Yes . Use specified command to check status of non responsive service MonitorNotResp ond Ensuring that services are restarted as desired If the services that you are monitoring are not restarted by PATROL as desired. if the executable returns the value 1 when the service is not responsive. enable the SvcNotResponding Alarm2 as an Alarm and set the alarm range as 1 to 1. If you provide such an executable. the value returned by the executable is assigned to the SvcNotResponding parameter. When you enable process monitoring. you must enable process monitoring for the service. Service configuration variable DisableServiceRestart (global) AutoRestart (local) OverrideGlobalServiceRestart (local) Service is restarted? (yes/no) For more information about these configuration variables. This feature is available for advanced users who have No developed custom executables that can determine the status of a service. determine the values of the agent configuration variables that affect whether a service is restarted when it goes down. see Appendix B. For example.Configuring the PATROL KM for Microsoft Windows OS Table 23 Option Service monitoring options (Part 2 of 2) Description Default (yes/no) Configuration variable MonitorProcess Enable process monitoring for this service By default. To ensure that an alarm is generated when the service is not responding.

you can use regular expressions to specify the process name only. All the matching processes on a managed node are now monitored as a single instance and the instance parameters display consolidated values for all the matching processes. Table 26 Symbol . A regular expression is a sequence of any of the following items: s s s s s literal character matching character repetition clause alternation clause sub pattern grouped with parenthesis Table 26 provides an overview of the regular expression syntax. Using regular expressions When configuring the monitoring of processes. Table 25 Method Manual process monitoring Automatic process monitoring Process monitoring options When to use You want to select or specify the processes to monitor and you want to customize how PATROL monitors them. * + ? () Regular expression syntax (Part 1 of 2) Description matches any character. With new implementation of process monitoring the name of a process instance does not depend on a process ID. By default. PATROL does not monitor any processes. repetition and alternation operators apply to the entire preceding sub pattern Chapter 3 Loading and configuring PATROL for Microsoft Windows Servers 117 . used as a wildcard when creating a search string matches zero or more instances of the previous pattern item matches one or more instances of the previous pattern item matches zero or one instances of the previous pattern item groups sub pattern. The name of the new process instance depends on the label specified by the user. you can use the methods shown in Table 25.Configuring the PATROL KM for Microsoft Windows OS Configuring process monitoring This procedure describes how to configure PATROL to monitor processes. You want to monitor a process only if it exceeds a specified CPU utilization percentage. When configuring monitoring for a specific process.

use the ^ and the $ regular expression characters to enclose the process name. ^processname$ For more information about using regular expression characters. However. this character must be the last character in the set To configure manual process monitoring 1 Access the NT_PROCESS application menu (labeled Processes) as described in “Accessing KM commands and InfoBoxes” on page 214. You can enter the process name using a regular expression. this character must be the first character in the set anchors the pattern to the end of the string. 118 BMC PATROL for Microsoft Windows Servers Getting Started .Configuring the PATROL KM for Microsoft Windows OS Table 26 Symbol | Regular expression syntax (Part 2 of 2) Description allows for alternation of a pattern For example. [] delimits a set of characters. enter the process name and any appropriate command-line arguments. and choose the KM menu command Configure Manual Process Monitoring => Add Process. PATROL KM for Microsoft Windows adds all the processes for monitoring that contain the name of the selected process. see “Using regular expressions” on page 117. as shown below. the range is specified as [x-y] If the first character in the set is ^. or if the process is not currently running. the regular expression should read: Hello|hello. 3 Select the Select the process(es) using a regular expression for monitoring check box. TIP If you are specifying a process name and you want to ensure that only that specific process is monitored (and not other processes that have that process name as part of their name). to match Hello or hello in a string. For more information about regular expressions. ^ $ anchors the pattern to the beginning of the string. PATROL KM for Microsoft Windows adds only the selected process instances for monitoring. 2 Select (highlight) the process that you want to monitor. there is a match only when the remaining characters in the set are not present. if you do not select this check box. see “Using regular expressions” on page 117.

For example. NOTE The PATROL Agent default account must have the Administrator rights to get the process owner information. Maximum count: Set the maximum process count threshold. you must enter the process name as \$abc. Acceptable Process Owners: Enter a regular expression for the users who can run the process.Configuring the PATROL KM for Microsoft Windows OS NOTE If you enter multiple regular expressions that match the same process. Use Owner Filter: Select this option if you want to monitor the process instances that are being run only by the users that are specified in the Acceptable Process Owners field. when entering a process whose name includes special characters that are used in regular expressions. or enter the name of the user who can run the process.exe. 4 Select one of the following options: s monitor the process(es) only when it is running with the command line arguments shown monitor any occurrence of the selected process(es). or a period (. if the process name is $abc.exe. see the PATROL KM for Microsoft Windows online Help. For example. Chapter 3 Loading and configuring PATROL for Microsoft Windows Servers 119 . 7 Click on Add. such as a dollar sign ($). Example: svchost -k rpcss In addition. Do not enter processname. 6 On the next dialog you can provide a label and following properties for the process instance while adding the process for monitoring: s s s s Minimum count: Set the minimum process count threshold. regardless of the command-line arguments s 5 Click on Next. you must escape each special character with a slash. WARNING When entering the process name. For more details about adding a process. omit the extension.). enter processname argument. multiple process instances are created for that process.

you must create or update the AlarmThreshold agent configuration variable. beneath the NT_PROCESS application (labeled Processes). To disable this feature. To use a different threshold percentage. s s To configure how the process is monitored and managed. beneath the NT_PROCESS application (labeled Processes). PATROL begins monitoring the process and adds the process to the PATROL console. 3 Click Apply. see “To configure process control” on page 121. 2 Change the length of time specified for high CPU utilization. s To modify a monitored process. PATROL defines high CPU utilization as a value higher than 90% or the value specified by the agent configuration variable AlarmThreshold. select Configure Manual Process Monitoring => Remove. and choose the KM menu command Configure Automatic Process Monitoring. 120 BMC PATROL for Microsoft Windows Servers Getting Started . You can also perform the following functions using the Configure Manual Process Monitoring menu command: s To stop monitoring a process. The processes you selected are added to the PATROL console. select Configure Manual Process Monitoring => Process Settings. enter any negative number in this dialog box. When any process consumes high CPU for a period longer than what you specified.Configuring the PATROL KM for Microsoft Windows OS PATROL performs the following actions: s The processes you selected are removed from the list of running processes and are added to the list of monitored processes that are shown on the left pane of the Configure Process Monitoring window. To configure automatic process monitoring 1 Access the NT_PROCESS application menu (labeled Processes) as described in “Accessing KM commands and InfoBoxes” on page 214. The PATROL Agent begins monitoring the process.

2 For the length of time specified for high CPU utilization. 3 Click Apply. follow this procedure. check the annotation of _DiscoveryStatus and _CollectionStatus parameters of the NT_OS application class. 2 From the Configure Process Monitoring window. To disable automatic process monitoring To disable automatic process monitoring and monitor only the processes you specifically select. enter any negative number. Chapter 3 Loading and configuring PATROL for Microsoft Windows Servers 121 . select the monitored process that you want to configure. and choose the KM menu command Configure Automatic Process Monitoring. and then click Apply. 1 Access the NT_PROCESS application menu (labeled Processes) as described in “Accessing KM commands and InfoBoxes” on page 214. 3 Select the appropriate options.Configuring the PATROL KM for Microsoft Windows OS If a problem occurs If the Processes folder is not displaying or it does not contain any processes. described in Table 27 on page 122. To configure process control 1 Access the NT_PROCESS application menu (labeled Processes) as described in “Accessing KM commands and InfoBoxes” on page 214 and choose the KM menu command Configure Process Monitoring.

the process exceeds this threshold for the specified length of time s When the process exceeds the threshold for the specified length of time.Configuring the PATROL KM for Microsoft Windows OS Table 27 Option Process control options Description If you check this option. Generate a PATROL Alarm If you select this option. see “AlarmThreshold” on page 219. The following examples show the dependency of process instance path on the method of process configuration.20 of PATROL KM for Microsoft Windows. PATROL terminates the No process when it appears to be in a “run away” state. This state is defined by the following criteria: s TimeLimitForKillR unAwayProcess the CPU% utilization exceeds the threshold specified by the agent configuration variable AlarmThreshold. 122 BMC PATROL for Microsoft Windows Servers Getting Started . the process is terminated during the next collection cycle. PROCProcessColl collects data every 5 minutes.2. By default. you must supply the path to an executable that restarts the process and you must include any appropriate command-line arguments. whose scheduling is determined by the parameter PROCProcessColl. the PATROL No when the process is started NT_PROCESS parameter PROCStatus enters an alarm state when the process is started. the PATROL Yes when the process is NT_PROCESS parameter PROCStatus enters an terminated alarm state when the process is terminated. For more information about this variable. Generate a PATROL Alarm If you select this option. Default (yes/no) No Configuration variable StartupCommand Restart the process using the specified command when the process is stopped Terminate the process when the process CPU% utilization exceeds the defined PATROL threshold If you check this option. a single instance will be created without the process ID in the process instance path. The process instance path will depend upon the method by using which the process was configured in a prior version. EnableAlarmIfProc essDown EnableAlarmIfProc essStarts Process monitoring design for the migrated instances For all the instances of a process that were created with a process ID prior to version 4.

You can modify the number of minimum and maximum process instances that can be running. right-click the process instance for which you want to view details. 2 Double-click the PSL task for the process to view process details. All the running Notepad instances on a managed node will be monitored as a single instance and the instance parameters will display consolidated values for all the instances. A new PSL task is created containing the process name. the new process instance path will be created as NOTEPAD_ARGUMENTS. and choose KM Commands => View Process Details. the new process instance path will be created as NOTEPAD_ANY_ARGUMENT_LIST. Example 3 If a process Notepad was added with specific arguments. the new process instance path will be created as NOTEPAD_NO_ARGUMENT. Example 2 If a process called Notepad was added with any arguments. ID. Viewing process details After you add a process for monitoring. All the instances that were running with the same arguments on a managed node will be monitored as a single instance and the instance parameters will display consolidated values for all the instances. you can view its details such as name. owner.Configuring the PATROL KM for Microsoft Windows OS Example 1 If a process called Notepad was added without any arguments. To view process details 1 From the NT_PROCESS application instance. Modifying a process instance With this release. All the Notepad instances that were running without arguments will be monitored as a single instance and the instance parameters will display the consolidated values of all the instances. you can modify a process instance after you create it. Chapter 3 Loading and configuring PATROL for Microsoft Windows Servers 123 . and command-line arguments.

4 In the Acceptable Process Owners field.Configuring the PATROL KM for Microsoft Windows OS To modify a process instance 1 From the KM commands for the NT_PROCESS application instance. enter a name for the expression (parameter). 5 Modify the state of the Use Owner Filter check box if you want to change the filter settings. which are parameters whose values are dependent on one or more existing PATROL parameters. 2 In the Modify Process Instance dialog box. You can enter and edit composite parameter expressions manually or by using the expression entry wizard. You can then use PATROL alarm settings and recovery actions on the newly created parameters in the same way that you use alarm settings and recovery actions on other parameters. modify the Minimum count field to change the minimum process count threshold. Creating custom parameters This topic describes how to create composite parameters. right-click the process instance that you want to modify. To create custom parameters using the expression entry wizard 1 Access the NT_CompositesColl application menu as described in “Accessing KM commands and InfoBoxes” on page 214. and choose the KM menu command Create Expressions. Before you begin Composite parameters give you the capability to create parameters whose values are dependent on one or more existing PATROL parameters. 3 Modify the Maximum count field to change the maximum process count threshold. 124 BMC PATROL for Microsoft Windows Servers Getting Started . Enter the name of the user who can run the process. 6 Click OK. perform one of the following actions: s s Enter a regular expression for the users who can run the process. 2 From the Create Expressions dialog box. and choose KM Commands => Modify Process Instance.

click the Help button. After you complete the wizard. 4 From the Select Event Range list. the Windows Event Viewer dialog box retrieves the latest events for the selected event type. The Windows Event Viewer dialog box is displayed. By default. the Windows Event Viewer dialog box displays a maximum of 100 events at a time. the Windows Event Viewer dialog box retrieves the latest 100 events for the selected event type. and choose the KM menu command Windows Event Viewer. Chapter 3 Loading and configuring PATROL for Microsoft Windows Servers 125 . The details of the latest events are displayed in the Windows Event Viewer dialog box. select the range for the number of events to display. If you select the range for the events. 5 To view details pertaining to a particular event. 3 Click View. Viewing event logs 1 Access the NT_EVENTLOG application menu (labeled Windows Events) as described in “Accessing KM commands and InfoBoxes” on page 214. The Windows Event Viewer dialog box displays the latest 100 events associated with the selected event log type. as described in Table 28. NOTE For optimizing performance of event retrievals. select the event in the Windows Event Viewer dialog box and click View. 2 Select the type of event log to be viewed. based on the range.Configuring the PATROL KM for Microsoft Windows OS 3 Follow the instructions provided in the wizard. the new composite parameter is displayed on the console beneath the NT_Composites application (labeled Composites). For more information.

Crash Dump to monitor only the crash Dump. 126 BMC PATROL for Microsoft Windows Servers Getting Started . The product looks for the crash Dump file as well as the event (ID 6008) for detecting Blue Screen. To configure Blue Screen monitoring 1 Access the NT_BSK application menu as described in “Accessing KM commands and InfoBoxes” on page 214. Notifying when disks are not present PATROL KM for Microsoft Windows provides information about physical and logical disks that are no longer present. Default to monitor crash dump or event as per registry configuration.Configuring the PATROL KM for Microsoft Windows OS Table 28 Field Type Event details displayed in the Windows Event Viewer dialog box Description type of the event s s s s s s Warning Information Error Success audit Failure audit Other Date Time Source Event Category User Computer date of the event time stamp of the event application that triggered the event ID for the event category of the event user account from which the event is generated computer from which the event is generated Configuring Blue Screen monitoring You can configure the KM for blue screen monitoring. and choose the KM menu command Configure Blue Screen Monitoring. 2 Select either of the three options: s s s Event (ID 6008) to monitor only the 6008 event id.

s s s To acknowledge the alarms 1 Access the NT_PHYSICAL_DISK_ CONTAINER and the NT_LOGICAL_DISK_ CONTAINER applications menu as described in “Accessing KM commands and InfoBoxes” on page 214. and it provides you the name of the removed disk. The following values are valid: s s 1 = values shown for a particular drive instance do not consider the mount drives 0 = value shown is an aggregate of a particular drive instance and all of its mount drives Chapter 3 Loading and configuring PATROL for Microsoft Windows Servers 127 . This variable is located at PSX_P4WinSrvs/PWK_PKMforMSWinOS_config/LogicalDiskMonitoring/NonAggregate ParamValue. 2 Choose the Acknowledge KM menu command. The RemovedPDList variable provides a list of the removed physical disk instances. so that they do not consider the mount points on a particular drive instance. The LDStatus parameter goes into an alarm state when a logical disk is deleted. This allows you to acknowledge the alarms issued by the PDStatus and LDStatus parameters. The DeletedLDList variable provides a list of the deleted logical disk instances. and it provides you the name of the deleted disk.Configuring the PATROL KM for Microsoft Windows OS s The PDStatus parameter goes into an alarm state when a physical disk is removed. Providing nonaggregate values for a drive instance The following parameters under the NT_LOGICAL_DISKS application class by default provide the aggregate values of a particular drive and all of its mount drives: s s s LDldFreeSpacePercent LDldFreeMegabytes LDldDiskSpaceUsed You can use the NonAggregateParamValue variable to change these parameters.

For more information about using PATROL KM for Event Management recovery actions. About recovery actions For the sake of discussion. which are corrective actions taken by PATROL when a parameter reaches a set value or is in a warning or alarm state. when a parameter goes from an OK state to a WARN or ALARM state. you could define PATROL native recovery actions and specify that the parameter enters a WARN or ALARM state only after all recovery actions fail. you must use PATROL native recovery actions. Then you could create a PATROL KM for Event Management recovery action that runs only if the PATROL native recovery actions fail. If you do not want the parameter to alarm until recovery actions have been attempted. rather than PATROL KM for Event Management recovery actions. you can use both types. depending on how you configure the parameter. PATROL native recovery actions When you define PATROL native recovery actions in the PATROL console. WARN.Configuring recovery actions Configuring recovery actions This task describes how to configure the PATROL for Windows Servers built-in recovery actions. For example. The following sections explain the differences between PATROL native recovery actions and PATROL KM for Event Management recovery actions. However. or ALARM state when the recovery action runs. the recovery actions that you define in the KM using the PATROL console are referred to as PATROL native recovery actions. see the PATROL KM for Event Management User Guide. These recovery actions run when the PATROL parameter value enters the specified range. PATROL KM for Event Management recovery actions Unlike PATROL native recovery actions. For example. 128 BMC PATROL for Microsoft Windows Servers Getting Started . you associate the recovery actions with alarm and border ranges. or even when a parameter goes from an ALARM to an OK state. the PATROL KM for Event Management Recovery actions run only when a parameter changes status. The parameter may be in an OK.

are provided by default with PATROL for Microsoft Windows Servers. even if the process was previously started under a different account. No NT_PROCESS\PROCStatus Attempts to restart the process.Configuring recovery actions Built-in native recovery actions The following built-in recovery actions. Note: The process is restarted under the PATROL Agent default account. eSpacePercent No NT_PROCESS\PROCProcessor TimePercent Attempts to stop a runaway process. Yes Restart Service (PATROL KM for Microsoft Windows OS) NT_SERVICES\ServiceStatus Attempts to restart the service. Yes NT_LOGICAL_DISKS\LDldFre Clears the temp directory. associated with the specified parameter. NT_HEALTH\WMIAvailability Restarts the WINMGMT service when PATROL determines that it is unavailable. Table 29 Built-in recovery actions (Part 1 of 2) Parameter Description Runs automatically? Yes Recovery action Backup and Clear Event Log (PATROL KM for Microsoft Windows OS) Start Windows Management Instrumentation Service Check (PATROL KM for Microsoft Windows OS) Clean Temporary Directories (PATROL KM for Microsoft Windows OS) Terminate Process (PATROL KM for Microsoft Windows OS) Restart Process (PATROL KM for Microsoft Windows OS) NT_EVLOGFILES\ELMEvFileF Backs up the event log file reeSpacePercent and clears all events. (PATROL KM for Windows Domain) No Chapter 3 Loading and configuring PATROL for Microsoft Windows Servers 129 . Yes NT_REMOTE_SERVERS\MsPat Attempts to restart the Restarting a PATROL PATROL Agent on the Agent on a remote server rolAgentStatus remote machine after recovery action alarming for 2 collection cycles.

When the parameter goes out of the alarm state. 130 BMC PATROL for Microsoft Windows Servers Getting Started .Configuring recovery actions Table 29 Built-in recovery actions (Part 2 of 2) Parameter Description Runs automatically? No Recovery action Increase connections to DFS root recovery action (PATROL KM for Windows Domain) NT_DFS_ROOT\DfsConnection Increases the connection Percent share limit to DFS Root after alarming for 2 collection cycles. Yes Configuring built-in native recovery actions This section describes how to configure the built-in native recovery actions. the scheduling policy value returns to the default value of 1. (PATROL KM for Windows Domain) Increase connections allowed to share (PATROL KM for Windows Domain) PAWorkRateExecsMin Recovery Action (PATROL KM for Microsoft Windows OS) NT_Shares\ShConnPercent Increases the share connection limit after the ShConnPercent parameter alarms for 2 consecutive collection cycles. No PATROL_NT\PAWorkRateExec sets the scheduling policy sMin value to 9 (Schedule Force Delta and Schedule From End). Before you begin The recovery actions that are available to be configured depend on the KMs that you have loaded. NT_WINS_PARTNER\WpRepli Cleans up the WINS No Replication Failure: database after alarming for 2 Initiate WINS Scavenging cationFailures collection cycles.

highlight the instance and click Edit. a monitored process) Selecting a recovery action instance Recovery action to select the recovery action instance that displays the name of the application instance in the INSTANCE column configure the recovery action for all instances (for the recovery action that displays an example. choose from the settings described in Table 31 on page 131. all monitored processes) asterisk (*) in the INSTANCE column 4 From the Edit Recovery Action dialog box. PATROL is unable to prompt you. Table 30 Purpose configure the recovery action for a specific instance (for example. Note: If you select this option. PATROL prompts you operator confirmation before running the recovery action. Table 31 Setting Run automatically Recovery action configuration options (Part 1 of 2) Description If you select this mode. see Table 30. 2 From the list of recovery actions. be sure to keep a console connected to the PATROL Agent on the managed machine. without prompting you. Do Not Execute If you select this mode. PATROL does not perform the recovery action.Configuring recovery actions To configure recovery actions 1 Access the host application menu as described in “Accessing KM commands and InfoBoxes” on page 214 and choose the KM menu command Configure Recovery Actions. highlight the desired recovery action and click Accept. Configuration variable Mode Mode Run only with If you select this mode. Mode Chapter 3 Loading and configuring PATROL for Microsoft Windows Servers 131 . PATROL runs the recovery action automatically. 3 From the list of recovery action instances. For information about which instance to select. If you have no console connection.

NOTE For more information about the recovery action and its configuration options. the previous settings take effect. If you do not provide confirmation within the allotted time. For more detailed information about the functionality provided by the PATROL KM for Event Management. This section describes how to configure the PATROL KM for Event Management to send an e-mail notification. Configuration variable Suspend Suspend Recovery Action Attended Mode Dialog Timeout If the recovery action is configured in Run Attended Wait mode. this setting specifies the amount of time PATROL waits for confirmation to run the recovery action. If a problem occurs If you experience a problem when configuring recovery actions. see the PATROL KM for Event Management User Guide. such as trouble-tickets or other custom alerts. click Accept. PATROL does not run the recovery action. Configuring e-mail notification With the PATROL KM for Event Management. see “Recovery action problems” on page 209. You can also use it to forward events to an enterprise console. NOTE The PATROL KM for Event Management also provides you with the ability to configure other types of notification. PATROL temporarily pauses the recovery action. The e-mail notification configuration steps are shown below: 132 BMC PATROL for Microsoft Windows Servers Getting Started .Configuring e-mail notification Table 31 Setting Recovery action configuration options (Part 2 of 2) Description If you select this option. you can configure PATROL to send e-mail or pages when a PATROL parameter enters an alarm state. When you resume the recovery action (by deselecting this check box). click the Help button. 5 To save your changes.

Chapter 3 Loading and configuring PATROL for Microsoft Windows Servers 133 . You can also use any other SMTP-based. s Perl script that sends e-mail notification by means of Blat NOTE The PATROL for Microsoft Windows Servers has been tested with Blat version 1. 3.7. requirements for use. which can send any of the following types of notification: — SMTP e-mail message by means of a Visual Basic (VB) script (provided) — MAPI e-mail message by means of a Visual Basic (VB) script (provided) — SMTP e-mail message by means of Blat (not provided) Blat is a free command-line e-mail client. Using notification scripts The PATROL KM for Event Management provides sample notification scripts that call command-line utilities to initiate notification (such as e-mail and page). 2. 4. Define the notification servers. Define notification targets for PATROL alerts. their locations. This section describes the Windows sample scripts. the following script options are available: s a Windows batch file that you must edit before use. see “Editing scripts” on page 135. and editing requirements.Configuring e-mail notification 1. that you can download from the Web. For more information. Define the notification script and edit as necessary. Assign notification servers to the remote agents. command-line e-mail client if you edit the batch file accordingly. Default script location on Windows The Windows scripts are located in the %PATROL_HOME%\lib\psl\ directory and are named as shown in Table 32. On Windows.

pl.pl Script requirements To use these Windows scripts. This script uses an ActiveX control.bat. you must move Blat to this directory or edit AS_EVSLocalAlertNotify. Batch File Script SMTP VB Script MAPI VB Script send_mapi. Microsoft Outlook must be installed.Configuring e-mail notification Table 32 Script Notification script location on Windows Name AS_EVSLocalAlertNotify. Otherwise. If Blat is installed in a directory other than C:\Blat. 134 BMC PATROL for Microsoft Windows Servers Getting Started .bat sendmail. Table 33 Script Batch File Script Requirements for notification server when using Windows e-mail clients Requirement If Blat is installed in a directory other than C:\Blat. AS_EVSLocalAlertNotify.vbs This VB script is called from AS_EVSLocalAlertNotify. the server sending the notification must meet the requirements shown in Table 33 on page 134.pl Perl Script SMTP VB Script MAPI VB Script The SMTP service must be running. you must call the script using the following syntax: perl C:\PATROL3-4\lib\psl\AS_EVSLocalAlertNotify. to execute Blat from the directory where it is installed. Perl Script AS_EVSLocalAlertNotify. This script uses an ActiveX control. you must move Blat to this directory or edit the Perl script.bat to execute Blat from the directory where it is installed.vbs This VB script is called from AS_EVSLocalAlertNotify.pl extension with Perl.bat. Associate the . The Perl script assumes the use of Blat.

%email_file%==. to use Blat. The script provides sections for MAPI-based e-mail. remove the REM comments beginning with the line that starts with set and ending with the line that reads goto BYE.exe c:\blat\blat %email_file% -t %ntargets% -s %nmsg% rem goto BYE If you use a third-party command-line e-mail client or if you want to use the script to perform other types of notification."" echo "%AS_USERDEFINED%" > %email_file% rem if .bat.vbs). SMTP-based e-mail. :EMAIL rem -rem -. Find the following line in the Perl script and remove the comment (# ): #system("c:\\blat\\blat.Configuring e-mail notification Editing scripts Before using the sample scripts."%AS_USERDEFINED%"==. Editing Perl script for use on Windows On Windows."" echo "%nmsg%" > %email_file% rem if not . Editing the Windows batch file If you use AS_EVSLocalAlertNotify.exe $email_file -t \"$ntargets\" -s \"$nmsg\""). Chapter 3 Loading and configuring PATROL for Microsoft Windows Servers 135 . For example. such as paging or trouble tickets. set email_file=c:\blat\default. remove the REM comments from the mail client that you want to use. you must edit the Perl script before you can use it to send e-mail notifications with Blat.BLAT based eMail rem -rem set email_file=c:\blat\mtext%AS_PARAMETER_NAME%_%AS_SSTIME%. in the script shown below. you must add the code to the script that calls the e-mail client or appropriate notification utility."%AS_USERDEFINED%"==. you must edit the script to add the following information: s s name of the e-mail server the SMTP server port Add this information in the script as shown below. you must edit them. and Blat. Editing the SMTP VB script To use the SMTP VB Script (sendmail.txt rem if .txt rem if exist c:\blat\blat.

Configuring e-mail notification ' Enter the Mail Server name [FQDN/IP Address] iConf. you must gather information and plan your configuration.com" ' Enter the SMTP Server Port number iConf. For example. the backup notification server should be on a separate machine and network segment.microsoft. a server that acts as a backup notification server does not need to be idle. 136 BMC PATROL for Microsoft Windows Servers Getting Started . To assure availability in critical environments.com/cdo/configuration/smtpserverport") = 25 Editing scripts when using Blat If you use Blat and Blat is not installed in the C:\Blat directory. you must edit the script to indicate the appropriate path. Using primary and backup notification servers To ensure availability.Fields("http://schemas. you make the change only on the notification servers and not on each agent. You should gather the following information: s s s s s which servers will send notifications (act as notification servers) to whom e-mail or paging notifications are sent (targets) which servers will monitor the notification servers for availability which notification servers will be monitored for availability where to place notification rules (notification server or monitored agent) Defining notification servers A notification server is the managed system that performs notification and event collection on behalf of other PATROL Agents. Hence.microsoft. A notification server could be a primary notification server for some remote agents and a backup notification server for other remote agents. Why use a notification server? With a notification server. if you need to modify a notification script or change notification rules. you can centrally manage your event filtering and notification rules.bmc.Fields("http://schemas. you should assign both a primary and a backup notification for each remote agent. Before you can use PATROL for Microsoft Windows Servers. Notification servers also provide redundancy when you use a primary and backup notification server.com/cdo/configuration/smtpserver") ="mail.

create an operating system account on the notification server systems to be used specifically for remote notification. access the managed system you are using as your notification server and display the KM menu commands as described in “Accessing KM commands and InfoBoxes” on page 214. 3 Use the Quick Config . Providing security To improve security. You can configure the notification server so that it is unable to fully login to the notification server system by using the operating system.Notification Server dialog box opens. such as /bin/false. give the notification server login an invalid login shell. For example. 2 Choose the KM menu command Event Management => Quick Config => Notification Server. This configuration avoids having to use the PATROL login. These properties are described in Table 34: Chapter 3 Loading and configuring PATROL for Microsoft Windows Servers 137 . To configure a notification server 1 From the PATROL console. Notification server connectivity When identifying a notification server. make certain that there are no connectivity problems between the notification server and the agents that it serves.Configuring e-mail notification Once you have configured a primary and backup notification server. you can use the PATROL Configuration Manager to copy the settings to the other notification servers. Configuring a notification server This section describes how to configure a server as a notification server.Notification Server dialog box to specify the notification server properties. If you use this method. which may be common throughout your environment. The Quick Config . make sure that you use the same notification script file name and directory path on all notification servers. on UNIX.

5 Repeat this task for the server you are using as the backup notification server. Remote agents can send their own notifications. Assigning notification servers for the remote agents You should assign a notification server for each remote agent that will generate notifications. Assign both a primary and a backup notification server. enter NONE as your default e-mail account or leave this field empty. If you do not want any notifications sent until you configure notification for specific PATROL applications or parameters. Default Email Account Notification Command Perform Alert Test the complete path and filename of the notification script or command used to send notifications specifies whether you want to perform an alert test after the changes are accepted If this is your first time using the PATROL for Microsoft Windows Servers. 138 BMC PATROL for Microsoft Windows Servers Getting Started . see “Why use a notification server?” on page 136. 4 Define the notification server properties and click Accept. you should perform an alert test and verify that the notifications are received.Notification Server dialog box properties Description the default e-mail address (notification target) that receives e-mails when an object goes into an alarm or warning state All events for PATROL objects that do not have defined notification targets are sent to this e-mail address. However. For more information. there are considerable benefits to using notification servers. NOTE Notification servers are not required.Configuring e-mail notification Table 34 Property Quick Config . Before you begin You should configure and test the notification servers before configuring the remote PATROL Agents served by the notification servers.

Configuring e-mail notification NOTE You must use the PATROL KM for Event Management to complete this task.defaultAccount (backup) AS/EVENTSPRING/NOTIFICATION_SERVER1 (primary) AS/EVENTSPRING/NOTIFICATION_SERVER2 (backup) To assign notification servers to remote agents 1 From the PATROL console. use the IP address. This functionality is not available in PATROL Configuration Manager. access the remote agent menu commands.defaultAccount (primary) AS/EVENTSPRING/NOTIFICATION_SERVER2. The Primary Notification Server Settings is displayed. 4 Use the Primary Notification Server Settings dialog box to specify the properties of the primary notification server for the managed system. as described in “Accessing KM commands and InfoBoxes” on page 214. 2 Choose the KM menu command Event Management => Quick Config => Remote Agent. once you configure one notification server. The properties are described in Table 35 on page 139. The configuration settings are stored in the following variables: s s s s AS/EVENTSPRING/NOTIFICATION_SERVER1. However. Table 35 Property Notification server properties (Part 1 of 2) Description Notification Server Hostname the hostname or IP address of the primary notification server for the selected managed system To avoid DNS resolution problems. Notification Server Agent Port Notification Server User Name the port number of the notification server that the selected managed system will use the user name that the selected managed system will use to connect to the notification server Notification Server Password the password that the selected managed system will use to connect to the notification server Chapter 3 Loading and configuring PATROL for Microsoft Windows Servers 139 . you can use the PATROL Configuration Manager to copy your configuration to other notification servers. The Notification Server Settings dialog box opens. 3 Click PRIMARY NOTIFICATION SERVER SETTINGS.

2 Choose the menu command Event Management => Alert Settings => Notification Targets => Email => Local Targets ANY STATUS => Set For Parameters. Assigning notification targets for a PATROL alert You should set up specific targets for the PATROL for Microsoft Windows Servers notifications to ensure that the proper people are notified when alerts occur.Configuring e-mail notification Table 35 Property Notification server properties (Part 2 of 2) Description verify the password that the selected managed system will use to connect to the notification server indicates that the remote agent maintains a persistent connection with the notification server agent so that the remote agent does not need to create a new connection each time it sends an event to the notification server Verify Password Make Connection Persistent 5 Define the primary notification server properties. 6 Click BACKUP NOTIFICATION SERVER SETTINGS. The properties are described on Table 35. Use the PATROL Configuration Manager to quickly configure all remote agents at one time. To assign notification targets 1 From the PATROL console. 7 Enter the backup notification server properties. 8 Repeat this task for each remote agent. 3 Select the application class of the parameter and click Accept. Use the Backup Notification Server Settings dialog box to specify the properties of the backup notification server for the managed system. See the PATROL Configuration Manager User Guide for more information about the PATROL Configuration Manager. access the host KM menu commands. as described in “Accessing KM commands and InfoBoxes” on page 214. The following procedure describes how to set the notification target for a parameter alert. 140 BMC PATROL for Microsoft Windows Servers Getting Started . and click Accept. and click Accept.

The alarm annotations report the following: s s replication context names of the domain controllers that failed to replicate or that did not replicate in a timely manner For example: Chapter 3 Loading and configuring PATROL for Microsoft Windows Servers 141 . Paging instead of Email. To enable replication monitoring within the configuration naming context. 5 Select the parameter and click Accept. You can set other types of notification targets using the same procedure. 6 Enter the e-mail address of the target for this alert and click Accept. create and set the /ActiveDirectory/Configuration/ReplMonDomainNC configuration (pconfig) variable. Simultaneous replication monitoring of both the configuration and domain naming context is supported. If a problem occurs If you have problems configuring e-mail notification. but not required.Configuring the PATROL KM for Microsoft Active Directory 4 Select the application instance of the parameter and click Accept. create and set the /ActiveDirectory/Configuration/ReplMonConfigNC configuration (pconfig) variable. replication monitoring of the domain naming context must be enabled (the default). For example. and troubleshooting information. Configuring the PATROL KM for Microsoft Active Directory Replication monitoring within the configuration naming context is not enabled by default. For inter operability with previous releases of the KM. see the PATROL KM for Event Management User Guide. To disable replication monitoring of the domain naming context. usage scenarios. but you choose a different menu command in Step 2. PATROL uses the same parameters to monitor configuration naming context replication as it uses to monitor domain naming context replication. This document contains detailed configuration instructions.

Table 36 Task Loading the PATROL Wizard for Microsoft Performance Monitor and WMI Creating performance monitor parameters Setting alarm thresholds Creating WMI parameters PATROL Wizard for Microsoft Performance Monitor and WMI Tasks Page 142 143 144 144 Loading the PATROL Wizard for Microsoft Performance Monitor and WMI Before you can create new parameters by using the PATROL Wizard for Microsoft Performance Monitor and WMI.kml file as described in the “Loading the PATROL for Microsoft Windows Servers KMs” on page 91.cookies.DC=inc Domain controllers that failed to replicate data to the local domain controller: chocolate.inc lemon.DC=cookies.factory.inc pecan.cookies.cookies.Configuring PATROL Wizard for Microsoft Performance Monitor and WMI Replication Context: CN=Configuration. you must load the KM files on your PATROL console. Load the NT_PERFMON_WIZARD.inc Replication Context: DC=factory.factory. The tasks associated with the PATROL Wizard for Microsoft Performance Monitor and WMI are listed in Table 33 on page 134.DC=inc Domain controllers that failed to replicate data to the local domain controller: lemon.factory.DC=cookies.inc Configuring PATROL Wizard for Microsoft Performance Monitor and WMI The PATROL Wizard for Microsoft Performance Monitor and WMI allows you to quickly create your own parameters based on Microsoft’s Performance Monitor (PerfMon) counters or Windows Management Instrumentation (WMI) data. You may want to create a new parameter if you are interested in monitoring something for which no PATROL parameter currently exists. 142 BMC PATROL for Microsoft Windows Servers Getting Started .cookies.

The dialog box closes and PATROL creates your new parameters.Configuring PATROL Wizard for Microsoft Performance Monitor and WMI The Performance Monitor Wizard and WMI Wizard application icons appear in the console. 5 Select the instances you want to monitor from the Available Instances table by clicking the instance names. choose a Performance Object from the list. 1 Access the Performance Monitor Wizard application menu as described in “Accessing KM commands and InfoBoxes” on page 214. Counters and instances for the selected performance object display in the Available Counters and Available Instances tables. you can create new. Continue with step 3. 4 Select the counters you want to monitor from the Available Counters table by clicking the counter names. other PATROL console users will not be able to see the new parameters that you created until they load the NT_PERFMON_WIZARD. Selected counters appear highlighted. If you want to create new parameters over again. 2 Choose the Create Parameter menu command to display the Create Performance Monitor Parameter dialog box. 7 Click Done to create the parameters.kml file. NOTE After you have created new parameters on a particular PATROL Agent. user-defined parameters based on Microsoft Performance Monitor counters. Creating performance monitor parameters With the Performance Monitor Wizard. click Next. 6 Click Create to display the Select Performance Object to Monitor dialog box. and click Next. Chapter 3 Loading and configuring PATROL for Microsoft Windows Servers 143 . 3 From the Select Performance Object to monitor dialog box. Selected instances appear highlighted.

Type the upper-bound warning value in the Warning Maximum field.Configuring PATROL Wizard for Microsoft Performance Monitor and WMI Setting alarm thresholds 1 From the created parameters. 1 Access the WMI Wizard application menu as described in “Accessing KM commands and InfoBoxes” on page 214. 2 Choose the Create Parameter menu command. Creating WMI parameters With the WMI Wizard. However. Type the upper-bound alarm value in the Alarm Maximum field. If a problem occurs When monitoring a Performance Monitor counter whose value is normally less than 1. 2 Set a border range for an alarm or warning in the following fields. s Border Maximum s s 3 Click OK. you can customize the parameter so that the value displayed in PATROL is an integer. you cannot specify meaningful alarm ranges since alarm ranges must be integers. choose the Set Alarm Thresholds menu command to display the Set Alarm Thresholds dialog box. for the parameters that need thresholds: s Border Minimum s s Type the lower-bound warning value in the Warning Minimum field. Type the lower-bound alarm value in the Alarm Minimum field. The query must return a numerical value. you can create new. 4 Type a valid statement in the Enter a WQL Query field. user-defined parameters based on WMI data. 3 In the WMI Wizard dialog box. 144 BMC PATROL for Microsoft Windows Servers Getting Started . type a name for the WMI-based parameter you want to create in the Parameter Name field.

EXAMPLE select VirtualBytes from Win32_PerfRawData_PerfProc_Process where Name=“Idle” 5 Select the Formatted Data check box to normalize and display formatted performance data. See “Performance counters supported through Win32_PerfRawData WMI class” on page 146. For more information. if the return value of the WMI query is greater than 32-bit. you must scale down the values to get appropriate results. enter a scaling factor of 1024.Configuring PATROL Wizard for Microsoft Performance Monitor and WMI EXAMPLE select NumberOfProcesses from Win32_OperatingSystem or select CurrentSize from Win32_Registry For WMI classes that begin with Win32_PerfRawData. such as WMI queries that return 64-bit integer values. Chapter 3 Loading and configuring PATROL for Microsoft Windows Servers 145 . EXAMPLE If you specify the Select CommittedBytes from Win32_PerfRawData_PerfOS_Memory WMI query for a parameter specific to memory. 6 In the Scaling Factor text box. you can enter a scaling factor of 1000 to convert a return value in milliseconds to seconds. see “WMI queries for the WMI classes that begin with Win32_PerfRawData” on page 146. the query must return a number for a single WMI property. NOTE You can select this check box only for Win32_PerfRawData WMI classes. For 64-bit performance counters. if the parameter is specific to time. NOTE By default. the scaling factor is 1. Similarly. the returned value is divided by the specified scaling factor. Thus. The Set Alarm Thresholds dialog box is displayed. 7 Click Next to set alarm thresholds for the parameter that you are creating. enter a value between 0 and 2147483647 to scale down values that cannot be directly set to parameters.

The query must return a number for a single WMI property. and correspondingly connect to a 32-bit or 64-bit WMI provider. 146 BMC PATROL for Microsoft Windows Servers Getting Started . Continue with step 7. Type the upper-bound warning value in the Warning Maximum field. 10 Click Done to create the parameters. It helps you verify whether the system on which the application is running is 32-bit or 64-bit. Type the lower-bound alarm value in the Alarm Minimum field. Performance counters supported through Win32_PerfRawData WMI class The Win32_PerfRawData WMI class supports the following performance counters: s s s s s s s s s PERF_COUNTER_COUNTER PERF_COUNTER_BULK_COUNT PERF_COUNTER_LARGE_RAWCOUNT | PERF_COUNTER_LARGE_RAWCOUNT_HEX PERF_COUNTER_RAWCOUNT_HEX | PERF_COUNTER_RAWCOUNT PERF_100NSEC_TIMER PERF_100NSEC_TIMER_INV PERF_ELAPSED_TIME PERF_PRECISION_100NS_TIMER PERF_COUNTER_100NS_QUEUELEN_TYPE WMI queries for the WMI classes that begin with Win32_PerfRawData The KM enables you to execute the WQL queries for 64-bit counters and monitor the counters by using the wizard. 9 Click Create to create the parameter according to the SQL Query that you entered and close the dialog box. You must enter a valid WMI query in the Enter a WQL query text box of the WMI Wizard dialog box.Configuring PATROL Wizard for Microsoft Performance Monitor and WMI 8 For the parameter that needs warning and alarm thresholds: s s s s Type the lower-bound warning value in the Warning Minimum field. click Next. If you want to create new parameters over again. Type the upper-bound alarm value in the Alarm Maximum field. The dialog box closes and PATROL creates your new parameters.

Comma separated queries are invalid. PageFaultsPersec from Win32_PerfRawData_PerfProc_Process where Name=“Idle” You cannot add two WMI properties such as VirtualBytes and PageFaultsPersec in a WQL query. Select VirtualBytes. * indicates all the properties for a particular WMI class. the PATROL KM for Log Management will begin collecting data immediately. Configuring the PATROL KM for Log Management NOTE The PATROL KM for Log Management application classes appear under the PATROL KM for Microsoft Windows OS. Verify the record set returned by wbemtest. use wbemtest provided by Microsoft as shown in the following steps: 1 Go to Start => Run => wbemtest 2 Click Connect. The PATROL KM for Microsoft Windows OS must be loaded or the PATROL KM for Log Management application classes will not be visible. s To verify whether a particular query returns a single instance or multiple instances. Invalid WMI Queries: s Select * from Win32_PerfRawData_PerfProc_Process This returns the data for all the properties of Win32_PerfRawData_PerfProc_Process wmi class for all the instances. 4 Click Query. Enter a query. Select * from Win32_PerfRawData_PerfProc_Process. Click Connect. If the PATROL KM for Microsoft Windows OS is loaded and the PATROL KM for Log Management is loaded. you need to add the where clause appropriately. If there are multiple instances.Configuring the PATROL KM for Log Management EXAMPLE Valid WMI Query: Select VirtualBytes from Win32_PerfRawData_PerfProc_Process where Name=“Idle” This returns the result for VirtualBytes for Idle process. Chapter 3 Loading and configuring PATROL for Microsoft Windows Servers 147 . 3 Enter the Namespace such as \\root\cimv2.

The PATROL KM for Log Management supports the following five types of files: s Text Files — Text files are only read if they have been modified since the last scan. the KM monitors the following attributes: s s s s file size . Binary Files — Binary files are read with the use of a user-specified filter program. This secondary file is treated like a normal log file. s s s s This section describes how to configure the PATROL KM for Log Management so you can begin monitoring log files in your environment.stored in the LOGGrowthRate parameter content age The default list of monitored files may be added to or removed completely depending on your needs. Only blocking pipes are supported. XML files are always read from the beginning. The data is read from the pipe a line at a time and accumulated in a secondary log file.stored in the LOGFileSize parameter growth rate . XML files — XML files are only read if they have been modified since the last scan. Task Stop and start monitoring all default log files Stop monitoring a log file Start monitoring a log file Change the setup of a monitored file Filter log file messages (create a search string) Generate a custom event when a search string is identified Configure recovery actions for a log file Page 149 149 150 156 157 160 164 148 BMC PATROL for Microsoft Windows Servers Getting Started . Command Scripts — Command scripts are executed each scan cycle and the resulting output is treated as a log file. Named Pipe (or FIFO) — Named pipes are opened and kept open for reading. The following table lists the topics covered in this section.Configuring the PATROL KM for Log Management For each log file. Binary files are only read if they have been modified since the last scan.

The LOGMON instance icon for this log file disappears from the LOGS container window during the next polling cycle. 3 In the Default Log Monitoring dialog box. 3 In the confirmation dialog box. you must remove the undesired log files from the list of monitored files by following these steps: 1 Access the LOGT application menu for the log file that you no longer want to monitor. but does not delete the file from your system. To add or remove log files to the list of monitored files. 2 Select Enable/Disable Default Log Monitoring. PATROL stops monitoring the log file. the PATROL KM for Log Management monitors the PATROL Agent error log. NOTE The Default Monitoring dialog box only enables and disables monitoring for the log files that the PATROL KM for Log Management monitors by default. to stop monitoring the default log file. Chapter 3 Loading and configuring PATROL for Microsoft Windows Servers 149 . see “Start monitoring a log file” on page 150 and “Stop monitoring a log file. click Yes. 2 Select Delete Instance. This dialog box does not control monitoring for log files that you add to the list of monitored files. as described in “Accessing KM commands and InfoBoxes” on page 214.” Stop monitoring a log file To stop monitoring a log file. clear the Enable Default Log File Monitoring check box.Configuring the PATROL KM for Log Management Stop and start monitoring all default log files By default. To stop or start monitoring this log file 1 Access the LOG application menu as described in “Accessing KM commands and InfoBoxes” on page 214.

9 In the Filter Program text box. 5 In the Add File for Label: instanceName dialog box.log. NOTE s To monitor log files that have dynamic names. enter the log file name as backup_*. which appears in the event manager. For example.log. you must add that file to the list of monitored files. or Binary File. select TEXT Instance and enter a label for the text log file that you want to start monitoring. in the File/Pipe Name text box. The log icon label must be 50 characters or less and cannot contain any spaces. 7 Select the Contains Environmental Variables check box to enter a path defined by an environment variable that is resolved at runtime. 4 Click Accept. environment variables in the text file path are resolved. 2 Select Add Instance. if a log file is named backup_date. 6 Enter a logical name for the LOGMON instance that you want to monitor. Script. If you select this check box. To monitor a text log file 1 Access the LOG application menu as described in “Accessing KM commands and InfoBoxes” on page 214. where date changes each day. 150 BMC PATROL for Microsoft Windows Servers Getting Started . 3 In the Add Instance dialog box. the text file is treated as a pure file name. Otherwise.Configuring the PATROL KM for Log Management Start monitoring a log file To start monitoring a log file that the PATROL KM for Log Management is not monitoring. The product allows you to monitor a text file or an XML file. enter the full path and file name for the text file you want to monitor. Named Pipe. 8 Select either of the File Type options: Text File. enter the path and name of the filter program that is reading the file specified in the File/Pipe Name field. s Regular expression characters are not accepted for named pipes. use the * and ? regular expressions to define the file name.

then you would set the value of Threshold # 1 to 3 and select Alarm from the State list. or Alarm. 11 (Optional) If you are monitoring a dynamically named file and you want to monitor all of the files using the dynamic name specified in the File/Pipe Name field. Warn. enter values in the x:y format. NOTE The text file will only be scanned if the file changes. EXAMPLE If you want the KM to go into Alarm when the search string is found 3 times in the monitored file. 12 (Optional) Select the Generate Alarm if File not modified in check box if you want the LOGMON instance to ALARM if the monitored file is not modified periodically.Configuring the PATROL KM for Log Management NOTE In case of a Binary file type. rather than just the latest file. To search for a minimum number of text strings across a number of polling cycles. in the Minutes text box. 15 Select the state that you want the KM to exhibit when a threshold is reached—None. choose the Always Read at Beginning check box. In the Threshold # 1 text box. x represents the minimum number of text string matches. specify the minimum number of text search string matches required to produce a specified state. choose the All option. PATROL KM for Log Management does not accept arguments. You can specify a different state and a different number of matches from Threshold # 1. 14 In the Threshold # 2 text box. 10 (Optional) If you want to scan the entire text file on each scan. 13 Specify the default settings for a search criterion. Specify the time in minutes after which you want the KM to alarm if the file is not modified. enter values in the x:y format. Threshold # 2 should be higher than Threshold # 1. To search for a minimum number of text strings across a number of polling cycles. specify the minimum number of text search string matches in a polling cycle required to produce a specified state. OK. and y represents the total number of polling cycles. Chapter 3 Loading and configuring PATROL for Microsoft Windows Servers 151 . rather than scanning only the new content.

Configuring the PATROL KM for Log Management 16 (Optional) In the Custom Event Message text box. You must specify the first string in the String1 text box (in the Configure Search Criterion: instanceName dialog box) and the nullify string in the Nullify Alarm/Warn String text box. 152 BMC PATROL for Microsoft Windows Servers Getting Started . EXAMPLE If you specify Alarm up in the String1 text box and Alarm down in the Nullify Alarm/Warn String text box. you would enter Error: Disc Full as the search string and 2 as the value of Number of Lines in Log Entry so that when a disk is full. the product uses the instance name as the default origin of events. NOTE If either. You can use built-in macros (except the %x[-%y] macro) as the customized origin for events. the product displays a message similar to the following one in LOGMatchString text parameter: Id=id1 031605: Error: Disc Full Id=. specify the string that is used to nullify the alarm for the dual search feature. which is APPCLASS. If you do not specify the origin.textFileName. 18 In the Number of Lines in Log Entry text box. specify the customized origin for events. occurs again within the number of lines selected to be displayed. You can configure dual search for an instance so that the KM goes into the alarm state when any of the search criteria is found in the monitored file and nullifies the alarm when the nullify string is found in the monitored file. specify the number of lines that you want to be displayed when a match is found. 19 In the Nullify Alarm/Warn String text box. specify the message that you want displayed in the events when your search string conditions are satisfied.INSTANCE. the search string or the nullify string. 17 In the Custom Event Origin text box.MatchedLines /hd001 mounted as /opt SUMMARY:id1=1. the KM goes into an alarm state when Alarm up is found in the monitored file and the alarm is nullified when Alarm down is found in the monitored file. For nullified customized events. the KM does not find the instances of the search strings for all the search identifiers. EXAMPLE If you want to determine when a disk is full and where the disk is mounted. the default custom event message is used (as provided in the Custom Event Message text box).

32 You can custom-define a search criterion with settings that are different from the default settings in the Add File for Label: instanceName dialog box. define a search criterion. specify a number to specify a starting position of a search range in the matched file. Chapter 3 Loading and configuring PATROL for Microsoft Windows Servers 153 . 27 Select an operator from the Op list. specify a valid beginning token value. 28 In the Begin token text box. select a scan priority: Normal. NOTE This option displays all the lines in the file that do not match the search string. 24 In the String text boxes. select the Return to OK if no match found on next scan check box. Medium. 31 In the Second Number text box. 22 Click Continue. 21 From the Scan Priority list. 26 In the First Number text box. or Low. 29 In the End token text box. specify a number to specify an ending position of a search range in the matched file line. 25 (Optional) If you want the KM to alarm if a string is not present in the file. 30 Select an operator from the Op list. To do so. select the Not check box. The Search Identifier label appears in the search list and helps you identify the search criterion.Configuring the PATROL KM for Log Management 20 If the KM goes into an alarm or a warning state because the search string is found and you want the KM state to return to OK if the search string is not found on the next scan. 23 (Optional) In the Configure Search Criterion: instanceName dialog box. select the Override default setting check box and custom-define the settings for each search criterion as described in step 13 through step 17 on page 152. enter the regular expression for the first search string that you want to search in the text instance (4096-byte limit). specify a unique label in the Search Identifier text box. and configure a search string to define what type of messages the KM should search for. specify a valid ending token value. in the Search Criterion area.

Once the search string is found in the file. 154 BMC PATROL for Microsoft Windows Servers Getting Started . 35 PATROL adds the new log file name to the list of monitored files and displays the new log instance in the Desktop tree tab. 38 (Optional) Select Advanced Features => Schedule Log Scan to configure the KM to scan the file at different schedules. When the LOGErrorLvl parameter is not set for a period of time. 34 Click Done. see “Configure recovery actions for a log file” on page 164. the KM generates an alarm. access the LOGT application menu as described in “Accessing KM commands and InfoBoxes” on page 214. 37 (Optional) Select Advanced Features => Configure Size Actions to configure automatic recovery actions to determine how the KM should respond when the file reaches a defined size. For more information about configuring recovery actions for a log file. NOTE If you do not specify a search string. the LOGErrorLvl parameter will not be set. NOTE This option is not available if you are monitoring an XML file. 39 (Optional) Select Advanced Features => Configure Log Monitoring Blackout to prevent the KM from generating events for a file for a specified period of time 40 (Optional) Select Advanced Features => Configure Alarm to configure an alarm when the size of the monitored file exceeds a specified threshold 41 (Optional) Select Advanced Features => Multiline Search to configure limits to search a block of lines containing a match string. this message is benign. If you did not specify a search string. 36 (Optional) If you want to further configure the log file. “no data for specified range” messages are displayed in BMC PATROL history.Configuring the PATROL KM for Log Management 33 Select the Add option and click Update for the KM to populate the search criteria in the Search list.

To monitor an XML file 1 Access the LOG application menu as described in “Accessing KM commands and InfoBoxes” on page 214. NOTE To monitor log files that have dynamic names. 8 Configure a search string by specifying the combination of XML elements and values that you want to find in the monitored file. 2 Select Add Instance. in the XML File text box. You can use the same search identifier in other XML instances.log. PATROL adds the new log file name to the list of monitored files and displays the new log instance in the Desktop tree tab. 7 (Optional) In the Search Criteria area. choose the All file disposition option to monitor all of the files. enter the full path and file name for the XML file you want to monitor against XML elements that you provide. enter the log file name as backup_*. 4 Click Accept. 3 In the Add Instance dialog box. select XML Instance and enter a label for the XML file that you want to start monitoring. see the BMC PATROL Knowledge Module for Log Management User Guide. The log icon label must be 50 characters or less and cannot contain any spaces.log.Configuring the PATROL KM for Log Management 42 Click Accept. 5 In the Add File for XML Monitoring dialog box. This must be unique for an XML instance. use the * and ? regular expressions to define the file name. if a log file is named backup_date. where date changes each day. rather than just the latest file. Chapter 3 Loading and configuring PATROL for Microsoft Windows Servers 155 . but not in the same XML instance. enter an identification label for the XML search criterion in the Search Identifier text box. For more information about monitoring text log files. For example. 6 Optional) If you are monitoring a dynamically named file and you want to monitor all of the files using the dynamic name specified in the XML File field. 9 Define thresholds and states for each search XML search string.

13 (Optional) Select Advanced Features => Schedule Log Scan to configure the KM to scan the file at different schedules. Medium. For more information about monitoring XML files and the rules for configuring an XML log instance. the KM generates an alarm.Configuring the PATROL KM for Log Management Once the search string is found in the file. and the match count is greater than or equal to the threshold. see “Filter log file messages (create a search string)” on page 157. For more information about configuring recovery actions for a log file. For more information about configuring search strings. 12 (Optional) Select Advanced Features => Configure Size Actions to configure automatic recovery actions to determine how the KM should respond when the file reaches a defined size. follow these steps: 156 BMC PATROL for Microsoft Windows Servers Getting Started . or Low. PATROL adds the new XML file name to the list of monitored files and displays the new log instance in the Desktop tree tab. see “Configure recovery actions for a log file” on page 164. define how you want the product to respond when the specified search criterion is satisfied. 16 Click Update. The custom event must consist of string literals and the elements in the XML search string. see the BMC PATROL Knowledge Module for Log Management User Guide. select a scan priority: Normal. 10 In the Custom Event Message text box. 14 From the Scan Priority drop-down list. 15 Select the Add option. Change the setup of a monitored file To change any of the log monitoring options that you have entered. 11 (Optional) Access the LOGT application menu as described in “Accessing KM commands and InfoBoxes” on page 214.

make any desired changes to the setup options for the selected log file. When you define a search string and associate it with a log file. 2 Select Modify Instance. Chapter 3 Loading and configuring PATROL for Microsoft Windows Servers 157 . PATROL begins monitoring the log file for the search string or regular expression that you specified. 3 Depending on the type of log instance. the LOGMatchString parameter displays the text string or regular expression that was returned by the log search. What happens when the string is found Once the search string has been defined. PATROL sets the icon for the log instance to the alert state that you specify and sets the values of the LOGSearchString parameter and LOGErrorLvl parameter.Configuring the PATROL KM for Log Management 1 Access the LOGT application menu for a text or XML instance. 4 Click Update. the KM monitors the log for the following: s s s s s text or XML string. The maximum length for a string is 400 characters. The results of these criteria are combined to determine a match. Filter log file messages (create a search string) The PATROL KM for Log Management allows you to define what type of messages the KM should search for. on the Change file for Label: instanceName or Change file for XML Monitoring. If the text string or regular expression is found. you must define a search string for the monitored log file. WARN. or pattern multiple strings or patterns numeric values number of string matches per scan of the log file corresponding alert severity (OK. or ALARM) when the specified string or pattern is found String attributes The search string can consist of one or two regular expressions and/or a numeric comparison. In addition. To filter the log file for a particular type of message. as described in “Accessing KM commands and InfoBoxes” on page 214.

entering position numbers in the First Number and Second Number text boxes. 3 Enter a search string or regular expression in the String 1 text box. If you want to define a search string for an existing log file. Select the NOT check box next to the String 1 field if you want to identify file entries in which the string is not found. 4 If desired. 5 If desired. Valid values start at 1 and run from left to right. Select the NOT check box next to the field if you want to identify files in which the string is not found. For example. define a numeric comparison by specifying the starting and ending positions of a search range in the matched file line. in the String 2 text box. Tokens specify beginning and ending locations of the search within a matched log file line. 2 Enter a unique identification label for a search criterion in the Search Identifier text box. You can search for a literal word or phrase or you can use regular expressions to search for a type of message that has an identifiable format or pattern. Multiple adjacent white spaces are treated as one position. you would use a numeric comparison to determine if the number of jobs in a print queue exceeds 500. The numeric comparison is used to determine if a file entry exceeds a threshold or fits in a range. along with operators in the Op text boxes. click Continue to go to the Configure Search Criterion: instanceName dialog box. follow the steps in “Start monitoring a log file” on page 150.Configuring the PATROL KM for Log Management Before you begin s If you are adding a new log file to be monitored. This number must be a real number. not a percent. To see how you would define a search string for this example. Each white space-separated token in this search range is examined to determine if it is a base 10 number. enter a search string or regular expression. follow the steps in “Change the setup of a monitored file” on page 156. s Define a search string for a text file To define a search string for a new or existing monitored log file. 158 BMC PATROL for Microsoft Windows Servers Getting Started . Enter valid Begin Token and End Token values. follow these steps: 1 On the Add File for Label: instanceName dialog box or the Change File for Label: instanceName dialog box. see “Example: defining a search string for print queue length” on page 160.

2 In the XML Search String text box. but not in the same XML instance. The converted number is used as variable X in this mathematical statement: A op1 X op2 B A and B are fixed.Configuring the PATROL KM for Log Management The first number encountered is used. enter the combination of XML elements and values that you want to find in the monitored file. The label must be unique for an XML instance. You can only use aplha-numeric characters such as a-z. the numeric portion of the search string is ignored. 3 Fill out or modify the rest of the dialog box fields as described in “To monitor an XML file” on page 155. enter an identification label for the XML search criterion in the Search Identifier text box. user-supplied base 10 numbers. 0-9. B is optional. You can use the same search identifier in other XML instances. A is required. >= not equal to. Chapter 3 Loading and configuring PATROL for Microsoft Windows Servers 159 . follow these steps: 1 In the Add File for XML Monitoring dialog box or the Change File for XML Monitoring dialog box. A-Z. 'op2' only applies when B is supplied. > equal. Define a search string for an XML file To define a search string for a new XML file or an existing XML file that is being monitored. < greater than. This label appears in the search list and helps you identify the search criterion. != 6 Fill out or modify the rest of the dialog box fields as described in “To monitor a text log file” on page 150. <= greater than or equal. If no numbers are found. 'op1' and 'op2' can be one of these operators: s s s s s s less than. = less than or equal. and up to a maximum of 20 characters.

160 BMC PATROL for Microsoft Windows Servers Getting Started .Configuring the PATROL KM for Log Management Example: defining a search string for print queue length This example shows you how to define a search string that will monitor the print queue length in a log file to identify print queues with more that 500 jobs. 5 In the End token field. where inst is the user-defined label of the log file and fname is the log file name. The completed Search String section appears. It also allows you to specify a custom event origin. 2 In the First number field. you would define the search string as follows: 1 On the Add File for Label: instanceName dialog box. Text entered in the Custom Event Message field can also be included in the event. Part or all of the matching log entries can be included in the custom event message.fname. Generate a custom event when a search string is identified The PATROL KM for Log Management allows you to generate a custom event when the search string that you defined matches a log file entry. 6 Complete the remaining fields as described in “Start monitoring a log file” on page 150. 3 From the Op drop-down list to the right of the First number field.inst. 4 In the Begin token field. The sample log file contains entries like the following: Print Queue HOU7 contains 323 jobs Print Queue HOU19 contains 605 jobs Print Queue HOU1 contains less than 10 jobs To identify log entries that contain print queues with more that 500 jobs. select <. click Continue to navigate to the Configure Search Criterion: instanceName dialog box. enter 500. enter 7. enter 5. The custom event has the following characteristics: s s s s Event class — LOGGeneral Event type — WARN Event severity — 3 Event origin — LOGMON.

NOTE If you want to have the % character appear in the message. follow the steps in “Change the setup of a monitored file” on page 156. You can use built-in macros (except the %x[-%y] macro) as the customized origin for events. you might want to create a custom event message that would display when a service fails to initialize. Ranges of words can be included. For example. which is APPCLASS. numbered left to right starting with 1. the KM uses the default origin. you will still receive the standard event generated by the LOGErrorLvl parameter when your search string is found.INSTANCE.textFileName. follow the steps in “Start monitoring a log file” on page 150. enter %%. %2-5 would identify tokens 2 through 5 inclusive). see “Example: defining a search string for print queue length” on page 160. For example. Specify a custom origin for the events in the Custom Event Origin text box. If you want to set up a custom message for an existing log file. Before you begin s If you are adding a new log file to be monitored. such as Disk /dev/sd0 is 45 % full. To see how you would set up a custom event message for this example. and are entered following a single % (for example. If you do not specify an origin. s Chapter 3 Loading and configuring PATROL for Microsoft Windows Servers 161 . Word substitution will be identified in the custom event message text by using the % character.Configuring the PATROL KM for Log Management The words of the message (represented by tokens separated by white space) will be identified by their ordinal position in the matched log file line. NOTE If you do not create a custom event message. entering Disk %3 is %5 %% full displays the 3rd and 5th strings in the match line.

enter the number of lines to include from the log file in the message returned when a search string is found. 5 In case of a text instance. the KM does not find the instances of the search strings for all the search identifiers. if you want to define custom messages specific to a search criterion. EXAMPLE If you were searching for Disc Full errors. leave the Number of Lines in Log Entry field blank. and Disc full occurs in the first and third lines of the file. 162 BMC PATROL for Microsoft Windows Servers Getting Started . enter the text that you want to display when your search string conditions are satisfied. access the either of the following: s s Add File for Label: instanceName dialog box or the Change File for Label: instanceName dialog box Add File for XML Monitoring dialog box or the Change File for XML Monitoring dialog box 2 In the Custom Event Message text box. NOTE s If either. 4 (Optional) For a text instance. you could configure the KM to return two lines so that when the string Error: Disc Full is found. the search string or the nullify string. in the LOGMatchString parameter: Id=id1 031605: Error: Disc Full Id=. s If you want to ensure that all matches are found. click Continue. in the Number of Lines in Log Entry text box. the KM counts only the first instance of Disc Full as a match.MatchedLines /hd001 mounted as /opt SUMMARY:id1=1. occurs again within the number of lines selected to be displayed. the KM returns the line matching that string and the next line. follow these steps: 1 Depending on whether you are adding a new log file to be monitored or changing an existing log file. enter the origin for the events.Configuring the PATROL KM for Log Management Create a custom event message To create a customized event message. 3 In the Custom Event Origin text box. if you specify that the KM returns four lines when it finds the search string Disc Full. on the Add file for Label: instanceName dialog box. For example.

%INSTANCE%. in the Custom Event Message Field. 9 Specify an origin for the events in the Custom Event Origin text box.%SEARCHID% Chapter 3 Loading and configuring PATROL for Microsoft Windows Servers 163 . enter: GX6 component %2 failed initializing service %6. id1: %APPCLASS%. usllSrv: 7)" To create the custom event message. See logfile \var\opt\GX6\log\it_execd. szAccessControlList:\opt\GX6\etc\it_execd. The sample log file entry looks similar to this (with the exception that a real log file entry would fit on one line): "20030508_124352 <ITD> ExecInitialize failed (szServicesEntry: it_execd. 10 Complete the remaining fields as described in “Start monitoring a log file” on page 150. szLogFile: \var\opt\GX6\log\it_execd. Example: creating a custom event message that displays when a service fails to initialize This example shows you how to create a custom event message to display the following event message when a service fails to initialize: GX6 component <ITD> failed initializing service it_execd.log. If you create an instance such as inst1 with a search identifier. 8 Specify a custom event message for the search criterion in the Custom Event Message text box. See logfile %10 for details..log.Configuring the PATROL KM for Log Management 6 On the Configure Search Criterion: instanceName dialog box. for details. add a unique identification label in the Search Identifier text box. Example: Creating a custom event origin that displays the event origin according to Macros specified in the configuration This example shows you how to create a custom event origin to display the event origin according to macros specified in the configuration. 7 Select the Override default setting check box.acl.

the first time that the error_log. follow the steps in “Change the setup of a monitored file” on page 156. If you want to configure a recovery action for an existing log file.Configuring the PATROL KM for Log Management The LOGGeneral and NOTIFY_EVENT Event Class will display the following Event Origin: LOGMON.id1 Configure recovery actions for a log file The PATROL KM for Log Management allows you to define recovery actions when a log file reaches a specified size. the backup file is written to the same directory with an incremental number appended to the log file name. s 164 BMC PATROL for Microsoft Windows Servers Getting Started . The available recovery actions for log files are: s reduce the log file to 0 MB by deleting all the messages in the log file when the file reaches the size limit backup the file into the pmg_backup subdirectory located in the same directory as the monitored log file and reduce the log file to 0 MB s Each time the file is backed up. you can configure them to require user confirmation if the Run Attended option button is set to Yes.txt reaches its size limit.inst1PN0. Recovery actions run automatically by default. The PATROL recovery action checks to make sure that the backup file name is not already in use. PATROL creates a backup file named error_log.txt2 and so on. PATROL creates a backup file named error_log. PATROL may take some time to complete this recovery action. For example.txt1. NOTE BMC Software recommends that you periodically move the backup files to another location. Before you begin s If you are adding a new log file to be monitored. The next time that it reaches its limit. follow the steps in “Start monitoring a log file” on page 150. however. If hundreds or even thousands of backup files exist in the log directory.

3 In the Configure Size Actions dialog box.Configuring the PATROL KM for Microsoft Cluster Server Configure a log file recovery action based on file size To define a recovery action that runs when the log file exceeds a defined file size. For example. enter the number of bytes that the monitored file must exceed before PATROL executes the recovery action. follow these steps: 1 Access the LOGT application menu for a text or XML instance. Configuring the PATROL KM for Microsoft Cluster Server You can set up the PATROL KM for Microsoft Cluster Server to use one of the following configurations: s s internal cluster-level agent (CLA) external cluster-level agent Chapter 3 Loading and configuring PATROL for Microsoft Windows Servers 165 . 2 Select Advanced Features => Configure Size Actions. in the Size Limit text box. if the limit is 100 bytes. Delete—PATROL reduces the log file to 0 MB by deleting all the messages in the log file when the file reaches the size limit. Backup and Delete— PATROL backs up the existing log file and reduces the log s s file to 0 MB 5 Click the Yes or No button to indicate whether PATROL runs attended (prompt an operator for confirmation before performing a recovery action). For more information about the features and functionalities in PATROL KM for Log Management. enter 100 in the Size Limit text box. see the BMC PATROL Knowledge Module for Log Management User Guide. 4 Select an Action option to specify a recovery action for PATROL to take when the log file reaches the specified size limit: s Nothing—PATROL continues monitoring the log file but does not attempt to reduce its size. as described in “Accessing KM commands and InfoBoxes” on page 214.

you should verify that the software products are installed correctly. For instructions on how to load KMs. load MCS_Load. Before configuring the PATROL for Microsoft Cluster Server components.Using the PATROL Adapter for Microsoft Office to view reports These configurations each offer advantages and disadvantages. Using the PATROL Adapter for Microsoft Office to view reports If you install the PATROL Adapter for Microsoft Office. For more information about setting up the Cluster account.Setup appears as the label under the MCS_Clusters application instance icon. add the managed system that corresponds to your cluster by choosing Host => Add.kml. choose PATROL Admin=>Maintain Account Info. when requirements are met. see “Loading the PATROL for Microsoft Windows Servers KMs” on page 91. enter an account that is a member of the Administrators group on the local computer or cluster node. the KM can use the PATROL agent default account. you can display PATROL data in Microsoft Excel through the PATROL Adapter for Microsoft Office wizard. For more information. To decide which configuration best suits your environment.Setup instance. Microsoft Clusters . 2 From the PATROL Console. see “PATROL KM for Microsoft Cluster Server account” on page 48. To verify that you have installed the appropriate software on the appropriate computers. see Table 15 on page 74. To configure the PATROL KM for Microsoft Cluster Server Follow the following process to configure PATROL KM for Microsoft Cluster Server: 1 From the PATROL Console. 3 If the KM is not already configured. see the following topics: 166 BMC PATROL for Microsoft Windows Servers Getting Started . 4 From the Microsoft Clusters . see “Installing PATROL KM for Microsoft Cluster Server” on page 73. For internal cluster-level agents configurations. This account allows the cluster-level agent and external executables to access the cluster nodes you want to monitor. 5 In the Authorized Account dialog box.

and SP3) Microsoft Excel Office 2003 (SP1) To start the PATROL Adapter for Microsoft Office from Microsoft Excel 1 Start Microsoft Excel. SR2. SP2. 2 Choose File => New. 6 Click Enable Macros. 3 Choose the Spreadsheet Solutions tab. start Excel and choose Tools => Macro => Security. 4 Choose the Patrol Report. and SR2b) Microsoft Excel 2000 (SR1a. Chapter 3 Loading and configuring PATROL for Microsoft Windows Servers 167 . The New dialog box is dismissed and the Microsoft Excel macros message appears.Using the PATROL Adapter for Microsoft Office to view reports Task Displaying PATROL data by using the PATROL Adapter for Microsoft Office How to use the PATROL Adapter for Microsoft Office Built-in report templates Page 167 168 168 Displaying PATROL data by using the PATROL Adapter for Microsoft Office This task describes how to start the PATROL Adapter for Microsoft Excel so that you can view server-based PATROL reports. SP2. you must have one of the following versions of Microsoft Excel loaded on the console machine: s s s s Microsoft Excel 97 (SR1.xlt template. 5 Click OK. To change the Microsoft Excel security level. To run the wizard. Before you begin To use PATROL Adapter for Microsoft Office. and SP3) Microsoft Excel Office XP (SP1. the Microsoft Excel security level must be either Low or Medium. If the security level is High. the wizard does not run and displays no error messages.

PATROL KM for Microsoft Windows Operating System If you are using the PATROL KM for Microsoft Windows OS.Daily History value reported by the parameter LDldFreeSpacePercent) Memory . Please see the PATROL Adapter for Microsoft Office User Guide for more information regarding requirements and limitations of PATROL Adapter for Microsoft Office. For a list of these predefined reports.Weekly History Memory . the predefined report templates in Table 38 on page 169 are available when you use the PATROL Adapter for Microsoft Office. Table 37 s s Reports for PATROL KM for Microsoft Windows OS Description percentage of time that a processor is busy executing the threads of a process (the value reported by the parameter CPUprcrProcessorTimePercent) Report Name CPU Util .09.Daily History number of megabytes of physical memory currently available to processes (the value reported by the parameter MEMmemAvailableBytes) PATROL KM for Microsoft Windows Domain Services If you are using the PATROL KM for Microsoft Windows Domain Services.Weekly History CPU Util . How to use the PATROL Adapter for Microsoft Office For more information about how to use the PATROL Adapter for Microsoft Office. the predefined report templates in Table 38 are available when you use the PATROL Adapter for Microsoft Office.Using the PATROL Adapter for Microsoft Office to view reports 7 See the PATROL Adapter for Microsoft Office User Guide for instructions on generating a report. see the PATROL Adapter for Microsoft Office User Guide. 168 BMC PATROL for Microsoft Windows Servers Getting Started . see the following sections.Daily History s s s s Logical Disk .Weekly History percentage of free space available on the selected logical disk drive (the Logical Disk . Built-in report templates Several products have predefined reports that you can use immediately.2. NOTE History reports are not available for PATROL Agents that are version 3.

Using the PATROL Adapter for Microsoft Office to view reports Table 38 s s s s s s s s s s s s s s s Reports for PATROL KM for Microsoft Windows Domain Services Description NT_DHCP reports regarding the percent of DHCP leases available each day. or month NT_DHCP reports regarding the daily. weekly. and monthly connection outages between trusted and trusting domains NT_WINS reports regarding daily. weekly. Chapter 3 Loading and configuring PATROL for Microsoft Windows Servers 169 . weekly. or monthly connection response Report times of remote domain servers Remote Servers Connect Response Time Monthly History Report Remote Servers Connect Response Time Weekly History Report Remote Servers Connection Status Daily Outage Report Remote Servers Connection Status Monthly Outage Report Remote Servers Connection Status Weekly Outage Report Shares Disk Usage Daily History Report Shares Disk Usage Monthly History Report Shares Disk Usage Weekly History Report Trust Domain Connectivity Daily Outage Report Trust Domain Connectivity Monthly Outage Report Trust Domain Connectivity Weekly Outage Report WINS Server Utilization Daily History Report WINS Server Utilization Monthly History Report WINS Server Utilization Weekly History Report NT_REMOTE_SERVERS reports regarding daily. and monthly utilization of the Windows Internet Naming Service (WINS) on Windows servers PATROL KM for Microsoft Message Queue If you are using the PATROL KM for Microsoft Message Queue. weekly. or monthly connection outages of remote domain servers s s s s s s s s s s s s NT_SHARES reports regarding daily. or monthly server utilization of the DHCP service NT_DNS reports regarding daily. or monthly server utilization of the DNS service Report name DHCP Lease Availability Daily History Report DHCP Lease Availability Monthly History Report DHCP Lease Availability Weekly History Report DHCP Server Utilization Daily History Report DHCP Server Utilization Monthly History Report DHCP Server Utilization Weekly History Report DNS Server Response Time Daily History Report DNS Server Response Time Monthly History Report DNS Server Response Time Weekly History Report DNS Server Utilization Daily History Report DNS Server Utilization Monthly History Report DNS Server Utilization Weekly History Report NT_REMOTE_SERVERS reports regarding Remote Servers Connect Response Time Daily History daily. week. weekly. weekly. or monthly usage of network shares on the managed server NT_TRUST reports regarding daily. weekly. weekly. or monthly server response times for the Domain Name Service (DNS) NT_DNS reports regarding daily. the predefined report templates in Table 39 are available when you use the PATROL Adapter for Microsoft Office.

you must uninstall the KM.km file.Daily History Report MSMQ Service Availability . Table 40 Reports for PATROL for Microsoft COM+ Description total number of processes run during a 24-hour period line graph of the current status of a package (active or in-active) during a 24-hour period line graph of the current status of a package (active or inactive) during a 30-day period total number of packages active during a 24-hour period total number of transactions aborted during a 24-hour period total number of transactions aborted during a 30-day period Report name Process Count Daily Summary Package Status Daily Summary Package Status 30-Day Summary Active Packages Daily Summary Aborted Transaction Daily Summary Aborted Transaction 30-Day Summary Removing KMs from your console and agent If you want to remove a KM from being displayed in your PATROL console.km file does not delete the file from the lib\knowledge or psl directories on the PATROL console or PATROL Agent computer.Weekly History Report MSMQ Sessions .Daily History Report MSMQ Sessions .” When you unload a . 170 BMC PATROL for Microsoft Windows Servers Getting Started . If you want to delete a KM completely from your system. the predefined report templates in Table 40 are available when you use the PATROL Adapter for Microsoft Office.km files) as described in “Unloading KMs from a PATROL console.Weekly History Report PATROL KM for Microsoft COM+ If you are using the PATROL KM for Microsoft COM+.Removing KMs from your console and agent Table 39 Reports for PATROL KM for Microsoft Message Queue Description current rate that messages are received during a 24-hour period current rate that messages are received during a 7-day period number of MSMQ sessions that occur during a 24-hour period number of MSMQ sessions that occur during a 7-day period total number of messages that waited for processing during a 7-day period Report name MSMQ Message Rate . Unloading a . Waiting . you can unload its corresponding application classes (. its corresponding application class no longer appears in your console.Weekly History Report MSMQ Total Msgs.

3 Repeat Step 1 and Step 2 until you have deleted all of the application classes associated with the KM that you want to delete. 2 From the Lists of Application Classes window. The application class is removed from your cache directory and your console session file. 3 From the List of Application Classes menu bar. choose Edit => Delete.km file was not preloaded. if the . When you remove a KM from the PATROL Agent preload list. click the name of the application class that you want to delete.kml file or not). Chapter 3 Loading and configuring PATROL for Microsoft Windows Servers 171 .km files) that make up the KM. then unloading it does stop the file from running and collecting data on the PATROL Agent. choose File => Save KM to save your changes. you can unload the corresponding application classes (. To unload KMs with the PATROL Console for UNIX 1 From the PATROL Main window.km files from the PATROL Agent preload list as described in “Using wpconfig to remove KMs from the Agent preload list” on page 96. KMs that are not preloaded do not run unless a console is running. you can remove its corresponding . right-click the application class name that you want to delete and choose Delete from the pop-up menu.km file.kml file or . If you no longer want the PATROL Agent to run a KM that was preloaded.Removing KMs from your console and agent If a . To unload KMs with the PATROL Console for Microsoft Windows Servers 1 From the KM tab of the tree view. 2 Click Yes to delete the application class. the agent does not run the KM unless you load it with a running console. choose Attributes => Application Classes.km file was preloaded (whether as part of a . 4 From the console menu bar. unloading it does not stop the PATROL Agent from collecting data for that . Unloading KMs from a PATROL console If you no longer want to view a KM that currently appears in your console. However.

click the Unload Knowledge Module(s) icon.km files. listing each computer on which a PATROL Agent has been installed.Web Edition PATROL Central . The PATROL Console removes the application class name from the List of Application Classes. click the Load/Unload KMs button. 172 BMC PATROL for Microsoft Windows Servers Getting Started . Currently loaded .km files that you want to unload. 3 Cancel the selection of the . The Load KMs page opens. To unload KMs with PATROL Central . To Unload KMs with PATROL Central Operator .km files.Removing KMs from your console and agent The application class is removed from your cache directory and your console session file. 4 Repeat Step 2 and Step 3 until you have deleted all of the application classes associated with the KM that you want to delete. and click Next. select the managed system. select the KMs that you want to unload. 3 From the Managed System screen. 4 From the Knowledge Modules screen. see “Table 16PATROL for Microsoft Windows Servers . 2 Select the computers from which you want to unload . 5 Click Finish.km files are highlighted in the list. PATROL displays the Unload Knowledge Module(s) Wizard.kml files” on page 90. For a description of the PATROL for Microsoft Windows Servers KMs. 2 To start the wizard. The Load KMs page displays a list of . 5 From the List of Application Classes menu bar.km files from specified computers.Web Edition has a feature that enables you to unload specified . 4 Click Finish. click Next. choose File => Save KM to save your changes. 1 From the Managed Systems page.Windows Edition 1 In the Common Tasks tab of the Operator Console Module Taskpad.

Removing KMs from your console and agent The console removes the .km files will no longer be in the current management profile. Chapter 3 Loading and configuring PATROL for Microsoft Windows Servers 173 . Stopping preloaded KMs from running on the PATROL Agent If you want to stop a KM or application class so that it no longer runs on the PATROL Agent.km files that you specified.km file from the agent preload list. remove the corresponding . as described in “Using wpconfig to remove KMs from the Agent preload list” on page 96. These .kml or .

Removing KMs from your console and agent 174 BMC PATROL for Microsoft Windows Servers Getting Started .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Post-PCC configuration. . . . Define the PATROL Agent as a member of the group . . . . . . . . . . . . . . . . . . . Distribute license file. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Install the PATROL Agent on each cluster node . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Unattended configuration of Cluster Configuration Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Chapter 4 176 176 177 177 177 178 183 183 183 184 184 184 184 185 186 189 189 190 191 191 Using the PATROL Cluster Configuration Wizard 4 This chapter provides you with information that you will need to use the PATROL Cluster Configuration Wizard (also referred to as PCC). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Chapter 4 Using the PATROL Cluster Configuration Wizard 175 . . . . . . . . . . . . . . . . . . . . . . . . . . Access requirements for running the PCC Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . The following topics are discussed: Using the PATROL Cluster Configuration Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Operation . . . Preparing to use the PCC Wizard . . . . . . . . . . . . . . . . . . . . . . . . . Starting the PCC Wizard . . . . . . . . . . . . . . . . . Create and register a new service for the PATROL Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Variables . Install the application on each cluster node . . . . . . . . . Define the PATROL cluster-specific environment variables . . . . . . . . . . . . . . . . . . . . . . Manually configuring the PATROL Agent for clustering . . . . . . . . How to use the PCC Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Example. . . . . . . . . PATROL cluster-specific environment variables for history and configuration . . . . . Assign a unique port number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

176 BMC PATROL for Microsoft Windows Servers Getting Started . That functionality is handled by the PATROL Agent and the PATROL KM for Microsoft Cluster Server. It does this by s configuring the agent to operate on a virtual server name and separate port storing the agent history and configuration data on cluster-shared media s Thus.Using the PATROL Cluster Configuration Wizard Using the PATROL Cluster Configuration Wizard Install the PATROL Cluster Configuration (PCC) Wizard to help you configure the PATROL Agent for failover in a Microsoft server cluster environment. while providing a consistent view of the data being collected. The Wizard does not enable the monitoring of clustered resources. the agent will failover to another node with the monitored application. The Wizard automates and simplifies cluster configuration of the PATROL Agent. and eliminates configuring the agent manually. For example. in the event of a node failure. the history data is kept intact. Overview The PCC Wizard allows you to easily configure the PATROL Agent to monitor cluster-aware applications such as Microsoft Exchange Server.

if possible. This identity makes the group or the PATROL virtual agent accessible from the PATROL Console. typing pcc from the Run command. For information about how the PATROL Agent supports an application in a cluster environment and what type of failover tolerance it provides. Access requirements for running the PCC Wizard The account you use to run the PCC Wizard must be a member of the local administrator group. should not be the quorum disk.Using the PATROL Cluster Configuration Wizard Preparing to use the PCC Wizard Before you begin using the PCC Wizard. — Network name A network name resource provides an identity to the group in the form of a unique network name and IP address. This recommendation prevents some caution pop-up windows from appearing. you must s s s s install PCC on any computer in the cluster domain install PATROL Agent on all nodes in the cluster know the user name and password of a cluster administrator account identify a group to install the PATROL virtual Agent into. choosing Start => Programs => BMC PATROL => PATROL Cluster Configuration Wizard. Starting the PCC Wizard You can start the wizard by s From Windows Start menu. s Chapter 4 Using the PATROL Cluster Configuration Wizard 177 . this group will need to contain the following (at a minimum): — Physical disk The PATROL virtual Agent stores history and configuration data on a standard cluster-shared disk which. NOTE The node that you run the PCC Wizard from should be the current owner of the group you select. see the PATROL Agent Reference Manual.

the network name for an agent on port 3182 is PATROL_VIRTUALNAME_3182=BMC_ExchangeHou. creates registry entries for this PATROL Agent service name on each node you select. Information required by PCC Use the table below to plan your configuration of each PATROL Agent resource. For example. Note: PATROL does not rename the PatrolAgent. The resource name must be unique for this cluster. The service name must be unique for this system and comply with the rules for a service name. the history data location for an agent on port 3182 is PATROL_HISTORY_3182=X:\patrol\history. Table 41 Information required by PCC (Part 1 of 2) Your information PCC adds the PATROL Agent resource to the cluster you select or enter. which the PATROL Agent uses instead of the host name to store the PATROL configuration and history data. sets the PATROL_HISTORY_PORT# environment variable to this path on the shared drive.Using the PATROL Cluster Configuration Wizard How to use the PCC Wizard Once you have installed PCC Wizard on all nodes. sets the port number that the PATROL Agent is using and that is referenced by all environment variables. adds the PATROL Agent resource to one or more cluster groups. which stores the agent history files. Each PATROL virtual Agent must have a unique port number. you need to run the PCC Wizard just once. To configure all nodes. sets the drive shared by a cluster on which the configuration and history data will be stored. For example. The PATROL Agent must be able to access this shared drive at agent startup. adds the PATROL Agent service as a Generic Service resource type with this name. and the shared drive should belong to the cluster group with which the PATROL Agent is bundled. this name should be the virtual server name of the cluster group with which the agent is bundled. For easy identification. from a single node. sets the PATROL_VIRTUALNAME_PORT# environment variable to this network name.exe. Required information Cluster Name Group Name(s) Resource Name Service Name Network Name Port Number Shared Drive History Path 178 BMC PATROL for Microsoft Windows Servers Getting Started . use the following instructions to use the PCC Wizard to configure the PATROL Agent resources.

the configuration database location for an agent on port 3182 is PATROL_CONFIG_3182=X:\patrol\config.Using the PATROL Cluster Configuration Wizard Table 41 Information required by PCC (Part 2 of 2) Your information PCC sets the PATROL_CONFIG_PORT# environment variable to this path on the shared drive. If you have not configured an RTserver for your PATROL environment. Chapter 4 Using the PATROL Cluster Configuration Wizard 179 . You may enter one or more known RTservers.bmc. For example. which stores the PATROL Agent configuration database. sets the RTSERVERS environment variable associated with the PATROL Agent. Each entry is separated by a comma and has the format of protocol:hostname:port. tcp:tbrady3w2k.com:2059. Required information Config DB Path RTSERVERS variable Node(s) creates a registry entry for the PATROL Agent service on each cluster node you select. For example. you can leave this field blank.

Using the PATROL Cluster Configuration Wizard Configuring the PATROL Agent Action 1. You can select multiple groups. If you are installing the first resource. Dialog box Notes 2. 180 BMC PATROL for Microsoft Windows Servers Getting Started . the groups will correspond to the applications you want to monitor. Adding a PATROL Agent as a cluster resource performs the following actions: s s s Sets the required environment variables Registers the PATROL Agent with a new service name Adds the PATROL Agent to the cluster as a Generic Service resource type and sets the resource properties 3. Select the groups to which you want to add the agent and click Next. In most cases. Select the appropriate option and click Next. Click Next. select Add one or multiple PATROL Agent resource(s).

Chapter 4 Using the PATROL Cluster Configuration Wizard 181 . You can select a node by clicking the node. Verify that all nodes that you want to configure are selected and click OK. All nodes are selected by default. accept the defaults.Using the PATROL Cluster Configuration Wizard Action 4. Click Next. 5. You are returned to the PATROL Agent configuration screen. The port number must be a port that is not in use by any other process. Dialog box Notes If you do not know what names to use. Enter the appropriate information and click Node List.

Sets the service startup to manual. 182 BMC PATROL for Microsoft Windows Servers Getting Started . Click View Log or Finish. Brings the newly created resource online if the selection box is checked. Sets the service name parameter of the Generic Service and enables use Network Name for computer name.Using the PATROL Cluster Configuration Wizard Action 6. Sets the registry parameters and port number. Creates the resource of type Generic Service in the cluster. Verify the configuration information and click Configure. Dialog box Notes 7. Sets resource dependencies on the specified Physical Disk and Network Name. Sets the Generic Service resource properties to restart without affecting the cluster group. Creates PATROL Agent history and configuration files on shared disk. Your configuration of the PATROL Agent using PCC performs the following actions: s s s s s s s s s s Registers the PATROL Agent service with a new service name within the Service Control Manager. Creates environment variables for cluster nodes. remaining properties have default values. You have finished configuring the agent.

and configuring the remaining KMs to monitor only resources that are instances of that group. Install the application on each cluster node Install the cluster application on the local disk.Post-PCC configuration Post-PCC configuration Now that you have finished using PCC to configure multiple PATROL Agents. Chapter 4 Using the PATROL Cluster Configuration Wizard 183 . This generally requires using wpconfig to modify the disabledKMs list for each group agent. Manually configuring the PATROL Agent for clustering NOTE BMC Software recommends that you use the PCC Wizard to cluster your PATROL Agent. This also means that you only need to modify the preloadedKMs list using wpconfig to preload KMs that are appropriate for that node or group agent. the manual instructions have been included in case you prefer manual configuration or want to know what the PCC Wizard is configuring. This section provides a high-level overview of building a Windows cluster and integrating PATROL into that environment. In the Windows environment. Each of the group agents in the cluster need to monitor resources that are a only part of that group. the executable must be installed on the local disk. Setting up PATROL to run in a Windows cluster environment consists of several standard tasks. PCC simplifies the configuration process. The information in this section provides a general idea of the processes involved in setting up a Windows cluster environment and integrating PATROL into that environment. However. The manual process defined in this chapter requires you to run multiple PATROL Agent executables on your CPU to monitor more than one application on the cluster. The node agents should not monitor group resources. you must perform some post-wizard configuration. Procedures and steps describing how to set up third-party software are intended as a general outline of the process for that product and are not intended as step-by-step instructions. The standard cluster administration tasks and the PATROL-specific tasks are described in general terms.

Rebooting enables each system to read the new variables and store them in memory. it searches for “license” without an extension. then reboot each node. the PATROL Agent searches for “license. You should have at least two separate agent executables installed on the node: s s one to monitor the node’s operating system one to monitor the cluster application Install the agent once.hostname. you will define the PATROL cluster-specific environment variables on each node. This port must be the same across all nodes within the cluster. If it can’t find the file. Include only those Knowledge Modules that support the application and the operating system.” using its own host name. Perform the following tasks on each node in the cluster. 184 BMC PATROL for Microsoft Windows Servers Getting Started . If you duplicate a license file and do not delete or change the file’s host name extension. Use the naming convention “license” without the host name as an extension. listening port number to the PATROL Agent bound to the cluster application. the agent cannot find the license and will not start. This action ensures that all the agents in a cluster read their configuration information and write their history information to the same set of files. Define the PATROL cluster-specific environment variables In this task. During startup. assign a unique.Manually configuring the PATROL Agent for clustering Install the PATROL Agent on each cluster node Install the PATROL Agent on the local disk of the node. Distribute license file Duplicate the license file on each node. Assign a unique port number During installation of the agent on each node. Then see “Create and register a new service for the PATROL Agent” on page 185 for information about setting up a second agent to monitor the cluster application.

select Start => Settings => Control Panel.exe 4 Install the executable at the command line. 2 Rename the executable. This task involves copying and renaming the agent’s executable and then registering the service in the Windows Services Applet. see “PATROL cluster-specific environment variables for history and configuration” on page 189. 3 Paste the executable into the %PATROL_HOME%\bin directory. navigate to the %PATROL_HOME%\bin directory. Use a name that indicates that the agent is an executable dedicated to monitoring an application.exe in %PATROL_HOME%\bin directory. 2 Double-click the System icon and select the Environment tab. 3 Enter the variable name and value in the appropriate fields and click Set. PATROL_VIRTUALNAME_PORT=VirtualServerName PATROL_HISTORY_PORT=Drive:\History_Directory PATROL_CONFIG_PORT=Drive:\Config_Directory For more information about specific variables. Create and register a new service for the PATROL Agent In this task. you will create a PATROL Agent executable and register it as a service so that you can dedicate it to monitoring a cluster application. and enter the following command: PatrolAgent-application_name -install The system acknowledges that the service installed successfully. 1 Copy the PatrolAgent. Perform the following task on each node in the cluster. Chapter 4 Using the PATROL Cluster Configuration Wizard 185 . The variables and their values are listed below.Manually configuring the PATROL Agent for clustering 1 From the Windows Taskbar. NOTE Name the executable the same on every node in the cluster. Repeat this step for the remaining variables. PatrolAgent-application_name.

The PatrolAgent COM Server registered sucessfully NOTE The PATROL Agent COM Server can be registered only once. Table 42 Arguments cluster.Manually configuring the PATROL Agent for clustering Tue MON DD HH:MM:SS CCYY PatrolAgent-application_name PID 318 Success 1000: The PatrolAgent Service was successfully installed. select the Manual radio button and click OK. The service displays Manual in the Startup column. however. 186 BMC PATROL for Microsoft Windows Servers Getting Started . 5 From the Windows Taskbar. The cluster software provides two methods for binding a service to a cluster: GUI or command line. NOTE This task description uses Windows Cluster Management Software as an example. 6 Double-click the Services icon and select application_name service from the list box. the multiple agent processes will run. The steps describing how to set up the software are intended as a general outline of the process and are not intended as step-by-step instructions. 7 In the Startup Type pane. you will add the new PATROL Agent service as a resource of type “Generic Service” to the cluster. Regardless of the method you choose. Define the PATROL Agent as a member of the group In this task. you must provide the information listed in Table 42.exe clusterName RES "PatrolAgent for MyApplication" Cluster administration properties (Part 1 of 2) Description Cluster Administration Executable (command line only) User-defined name of the cluster Specifies the service as a resource of the cluster Description of the service /CREATE /Group: /TYPE: Create a group and assign it a resource type. Perform the following task on only the master node of the cluster. Additional attempts to register it will fail. Click Startup. This task is commonly referred to as binding the agent to the cluster application. select Start => Settings => Control Panel.

Determines what the cluster does (shut down. issue the following command to name the service.) if PATROL Agent service fails and is unable to restart. and assign it a resource type of “Generic Service”. etc. the name of the cluster. /Prop:RestartAction /Priv: ServiceName /Priv: StartupParameters /ON Using Cluster Administration GUI Add the new PATROL Agent service as a resource of type “Generic Service” to the cluster using the Cluster Administrator GUI. create a group.exe clusterName RES "PatrolAgent for MyApplication" /CREATE /Group:MyGroup /TYPE:"Generic Service" 2 Add the disk that stores the PATROL Agent configuration and history information as a dependency. you must reenter the name of the cluster executable. Identify the service name of the PATROL Agent service bound to the cluster application. cluster. 1 From the command line. Using the command line To bind a PATROL Agent service to the cluster application. Make the PATROL Agent service available (online) to the cluster. This command instructs the cluster software to bring up the disk with configuration information before it attempts to start the PATROL Agent. and various attributes. the resource option. the name of the cluster. wait. and the service name. description of the service. cluster. designate it as a resource of the cluster. Each command contains the name of the cluster registration executable.Manually configuring the PATROL Agent for clustering Table 42 Arguments /ADDEP Cluster administration properties (Part 2 of 2) Description Establish a dependency between the service and the cluster. Specify startup characteristics such as port number.exe clusterName RES "PatrolAgent for MyApplication" /ADDDEP:"Disk MyGroupDisk" Chapter 4 Using the PATROL Cluster Configuration Wizard 187 . RES. NOTE For each command. you must issue several commands.

A value of one (1) indicates that if the application is unable to restart.Manually configuring the PATROL Agent for clustering 3 Set the restart action. This number must be the same as the number assigned as a suffix to the PATROL cluster-specific environment variables. The service name must be identical to the service name assigned to the PATROL Agent executable on each cluster node. cluster. see “Define the PATROL cluster-specific environment variables” on page 184. the cluster will continue to run. cluster. cluster.exe clusterName RES "PatrolAgent for MyApplication" /Priv StartupParameters="-p Port#" 6 Set the service to be available (online) when the cluster is running.exe clusterName RES "PatrolAgent for MyApplication" /Priv ServiceName="PatrolAgent-application_name" 5 Set the port number for the PATROL Agent bound to the cluster application. cluster.exe clusterName RES "PatrolAgent for MyApplication" /Prop:RestartAction=1 4 Identify the service name to the cluster software. This command determines what the cluster does if an application fails and is unable to restart. For details about the PATROL cluster-specific environment variables.exe clusterName RES "PatrolAgent for MyApplication" /ON 188 BMC PATROL for Microsoft Windows Servers Getting Started .

Variables Table 43 describes the purpose of PATROL cluster-specific environment variables. the agent stores the configuration file in PATROL_HOME\config. When creating and writing to history files. This situation occurs when PATROL Agents are bound to individual applications such as Oracle. Chapter 4 Using the PATROL Cluster Configuration Wizard 189 . etc. the agent uses the host name to identify history data within the history files. you must create and set the value of three environment variables. append the port number to the variable name. Exchange. PATROL_VIRTUALNAME PATROL_VIRTUALNAME_PORTa an alias for the host name If this variable is empty or doesn’t exist.PATROL cluster-specific environment variables for history and configuration PATROL cluster-specific environment variables for history and configuration To take advantage of failover tolerance for history files. Table 43 PATROL cluster-specific environment variables Description the location of history files If this variable is empty or doesn’t exist. a Environment variable PATROL_HISTORY PATROL_HISTORY_PORTa To manage multiple PATROL Agents running on separate ports. PATROL_CONFIG PATROL_CONFIG_PORTa the location of the configuration files If this variable is empty or doesn’t exist. Each agent uses a separate port number. the PATROL Agent searches for information in these files. Sybase. the agent writes the history files to PATROL_HOME\log\history\ host\portnumber.

Configuration file changes are written to PATROL_HOME\config\config_virtualname_port. PATROL_HOME\log\history\virtualname or hostname\port\ Variable type Virtual Name Configuration File yes no History Database yes no 190 BMC PATROL for Microsoft Windows Servers Getting Started . PATROL_HOME\config\config_virtualname or hostname-port PATROL_HISTORY_8888 exists. If the application fails over. Table 44 Operation of configuration and history environment variables Exists? Description yes PATROL_VIRTUALNAME_8888 exists. PATROL_CONFIG_8888 exists.PATROL cluster-specific environment variables for history and configuration Operation When searching for configuration information and creating and writing to the history database. then the agent reads configuration information from the location specified by this variable.cfg. the PATROL Agent uses the following logic to check for the existence of PATROL cluster-specific variables. The history database is written to the subdirectory structure history\virtualname\port. The agent also uses the virtual host name to identify the configuration file changes and the history database. which will be located in the directory pointed to by PATROL_HISTORY_PORT. the agent writes history using the virtual name as the host name. Using the actual hostname creates gaps in the results of any dump_hist commands because the command does not recognize that the same application ran on different hosts. Using the virtual name provides continuous history for an application regardless of which host the application is running on. no The agent writes history using the actual host name. The agent reads from the default directory. the agent writes history using the new agent’s name. then the agent writes history to the location specified by this variable the agent writes to the default directory.

exe file for silent installation and uninstallation.exe.cfg.dat %PATROL_HOME%\log\history\HostName\8888\param.hist K:\doc\work\config\config_AliasHostName-8888 If these variables do not exist or they are empty. You can use this file as a command line argument for the pcc.Unattended configuration of Cluster Configuration Wizard Example The following example illustrates how the environment variables would be named for a host using port 8888. the PATROL Agent stores configuration information and records the history data in the following directory structure: K:\doc\work\histdir\AliasHostName\8888\annotate. pcc. It also depicts the directory structure and file location.dat K:\doc\work\histdir\AliasHostName\8888\param. for silent installation. In the Cluster Configuration Wizard.hist %PATROL_HOME%\config\config_HostName-8888 Unattended configuration of Cluster Configuration Wizard The Cluster Configuration Wizard file. enables you to specify the installation values in the pcc. This configuration process is separate from the setup wizard installation. the CreateCfgFile button enables you to create the configuration file. pcc.cfg file. Chapter 4 Using the PATROL Cluster Configuration Wizard 191 . Environment variables PATROL_HISTORY=K:\doc\work\histdir PATROL_VIRTUALNAME=AliasHostName PATROL_CONFIG=K:\doc\work\config Directory structure For the values provided in the “Environment Variables” section of this example. the PATROL Agent stores configuration information and records the history data in the following directory structure: %PATROL_HOME%\log\history\HostName\8888\annotate.

for example: s s pcc.Unattended configuration of Cluster Configuration Wizard You can edit the pcc.exe –apply pcc.cfg However.cfg pcc. 192 BMC PATROL for Microsoft Windows Servers Getting Started .exe –remove pcc.cfg file in the above commands.cfg file for the different cluster groups that you want to configure. you need to specify the full path of the pcc.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Supported tasks for remote monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Supported application classes . . . . Object hierarchy for remote monitoring . . . . . . . . . . . . . . . . . . . . .Chapter 5 193 195 195 195 196 196 196 197 198 5 Monitoring remote hosts This chapter provides you with information that you will need to monitor remote hosts. . . . Application classes to configure remote monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Parameters for remote monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . Prerequisites for remote monitoring . . . . . . . . . . . . . . . . . The following topics are discussed: Introduction . . . . . Chapter 5 Monitoring remote hosts 193 . . . . . . . . . . . . Figure 4 shows the collection architecture for remote monitoring. Configuring PATROL KM for Windows for remote monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . The same set of parameters are used to collect information for the local host as well as the remote host. . . . . . Introduction PATROL KM for Windows supports monitoring of remote hosts using the Windows Remote Management (WinRM) functionality. . . . . .

Data returned to WS-Management protocol are formatted in XML. a standard Simple Object Access Protocol (SOAP)-based. 194 BMC PATROL for Microsoft Windows Servers Getting Started . from different vendors.Introduction Figure 4 Collection architecture for remote monitoring The Windows Remote Management (WinRM) is the Microsoft implementation of WS-Management Protocol. firewall-friendly protocol that allows hardware and operating systems. WinRM establishes a session with a remote computer through the SOAP-based WS-Management protocol. to interoperate.

WinRM should be configured with listener either on HTTP or HTTPS. The user name should be specified as username for a local user on a server computer.1 or 2.0 should be installed and running.kml file. Chapter 5 Monitoring remote hosts 195 . set the HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\LocalAccou ntTokenFilterPolicy registry key to 1. s Requirements for remote host: s s s WinRM version 1. To allow all accounts in the Administrators group to access the service. User Account Control (UAC) affects access to the WinRM service. Starting with Windows Vista.0 should be installed. Valid domain or local user who is a member of the Administrators group. only the built-in Administrator account can access the service. you must meet all the requirements mentioned in this section: s Requirements for host machines (PATROL Agent): s WinRM version 1. When Negotiate authentication is used in a workgroup or domain. Authentication Patrol KM for Windows client supports password based authentication for local and domain users. load the NT_REMOTE. NTLM is selected for local computer accounts. Configuring PATROL KM for Windows for remote monitoring To configure PATROL KM for Windows for remote monitoring. Negotiate authentication(NTLM)-The client sends a request to the server to authenticate.kml file. The user name should be specified as domain\username for a domain user. For loading the . Kerberos is selected to authenticate a domain account.1 or 2. see “Loading the PATROL for Microsoft Windows Servers KMs” on page 91.Prerequisites for remote monitoring Prerequisites for remote monitoring Before you can use the remote monitoring feature successfully. It uses the following network authentication protocols: s s Kerberos authentication-The client and server mutually authenticate using Kerberos tickets.

This container application class provides all the menu commands and tasks required to configure remote hosts for monitoring.Application classes to configure remote monitoring Application classes to configure remote monitoring PATROL KM for Windows uses the following application classes to configure remote monitoring: s NT_REMOTE_CONTAINER => Is a container KM and hosts instances of all remote hosts. NT_REMOTE_HOST => Contains application instances for each remote host. s Supported application classes PATROL KM for Windows supports monitoring of the following application classes for a remote host: s s s s s s s s s s s NT_CACHE NT_CPU NT_CPU_CONTAINER NT_LOGICAL_DISKS NT_LOGICAL_DISKS_CONTAINER NT_MEMORY NT_OS NT_PAGEFILE NT_PAGEFILE_CONTAINER NT_SERVICES NT_SERVICES_CONTAINER Object hierarchy for remote monitoring The Remote Monitoring container contains all the remote hosts discovered. Each remote host container contains the WINDOWS Operating System container. 196 BMC PATROL for Microsoft Windows Servers Getting Started . which displays all the supported application classes and its parameters. Each remote host contains the NT_OS container. The NT_REMOTE_CONTAINER application class is represented by Remote Monitoring in the PATROL console. The NT_REMOTE_HOST application class is represented by Host Name in the PATROL console.

Figure 5 Object hierarchy for remote monitoring Parameters for remote monitoring Table 45 lists the parameters that are used to discover application classes for remote monitoring. Table 45 Collector RMPageFileDiscovery RMCpuDiscovery RMMemoryDiscovery RMCacheDiscovery RMLogicalDiskDiscovery RMOSDiscovery RMServiceDiscovery Parameters for remote monitoring Consumer Application NT_PAGEFILE NT_CPU NT_MEMORY NT_CACHE NT_LOGICAL_DISKS NT_OS NT_SERVICES Chapter 5 Monitoring remote hosts 197 .Parameters for remote monitoring Figure 5 shows the object hierarchy for remote monitoring.

choose KM Commands => Configure Remote Hosts. When you remove a host using Configure Remote Hosts menu command. Modifying profiles: You can modify user name and password for a profile. and choose the Add option. To remove a profile. from the Remote Monitoring container. enter username and password. select the host and choose the Remove option. see the PATROL KM for Windows online Help. To remove a remote host. and host3 are the remote hosts that you want to keep in the TrustedHosts list. To modify a profile.”} s s where host1. from the Remote Monitoring container. you can remove the host to stop monitoring. from the Remote Monitoring container. the remote host gets added to the TrustedHosts list of WinRM. if you uninstall the KM. To add a profile. choose KM Commands => Configure Profiles. select the host and choose the Modify option. enter the details for the host. s s For information about these tasks. and choose the Add option. Removing profiles: You can remove a profile as required. When you add a remote host with local computer account using Configure Remote Hosts menu command. select the profile and choose the Remove option. from the Remote Monitoring container.Supported tasks for remote monitoring Supported tasks for remote monitoring You can perform the following tasks to monitor remote hosts: s Adding remote hosts: To add a remote host. it gets deleted from the TrustedHosts list only if the host was added with local compueter account. In this case. the remote host does not get deleted from the TrustedHosts list. choose KM Commands => Configure Profiles. select the profile and choose the Modify option. choose KM Commands => Configure Remote Hosts. choose KM Commands => Configure Profiles. Modifying remote hosts: After you add a remote host. host2. from the Remote Monitoring container. To modify a remote host. However. Removing remote hosts: After you add a remote host. winrm set winrm/config/client @{TrustedHosts=””} s Creating profile: You can create profiles that can be shared across different remote hosts.. choose KM Commands => Configure Remote Hosts. 198 BMC PATROL for Microsoft Windows Servers Getting Started . you need to remove the host using the following winrm commands: winrm set winrm/config/client @{TrustedHosts=”host1host2host3. you can modify its details such as the assigned profile. from the Remote Monitoring container. username and password.

. . . . 200 PATROL Generates Event 560 and 562 in the Windows security event log. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205 PATROL KM for Event Management not working as expected . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209 Even though I select “Do not ask me again” PATROL prompts before running recovery action . . . . . 210 Locations where you can find diagnostic information . 211 Chapter 6 Troubleshooting PATROL for Microsoft Windows Servers 199 . . . . . . 208 Recovery action problems. . . . . . . . 206 Problems with all other KMs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201 Event filter parameters not automatically acknowledged . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210 Determining PATROL KM version number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204 Too many e-mail alerts are being generated . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202 Multiple processes are selected when you select a single process . . . 206 AS_AVAILABILITY application not displayed . . . . . . . . . 201 Newly installed protocols are not discovered. . . . . . . . . . . . . . . . . 207 Cannot add performance monitor counters with alarm ranges less than 1 . . . . . . 200 Process or job object data not displayed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207 AdPerfCollector parameter display error message . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209 Gathering diagnostic information . . . . . . . . . . . . 209 Recovery actions do not execute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Chapter 6 Troubleshooting PATROL for Microsoft Windows Servers 6 This chapter contains information for troubleshooting PATROL for Microsoft Windows Servers. . . . . . . . . . . . . . . . . . . . . 201 Event log summary instance cannot be removed . . . . . . . . . . . . 210 Installation logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203 PATROL Agent has DiscoveryStatus parameter in alarm . . . . . . . . . . . . . 203 PATROL KM for Event Management problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202 Windows event log does not work . . . . . . . . 203 Mount point monitoring and logical disk quotas does not work . . . . . . . . . . . . . This chapter contains the following topics: PATROL KM for Microsoft Windows OS problems. . . . . . . . . . . . 204 Parameters settings lost after agent restart . . . . . . . . . . . . . . . .

The PATROL Agent default account cannot read a registry key. if service executables are being monitored.PATROL KM for Microsoft Windows OS problems PATROL KM for Microsoft Windows OS problems This section contains troubleshooting information for PATROL KM for Microsoft Windows OS. are not discovered.dll. 200 BMC PATROL for Microsoft Windows Servers Getting Started .dll is disabled. enable perfproc. Solution To resolve this problem. the instances for those service executables are not displayed.dll. do not display any instances. The following registry may be locked and cannot be read by the PATROL Agent default account. In addition. After you enable perfproc. you may need to restart the PATROL Agent. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009 To resolve this problem. or do not collect data. The _CollectionStatus parameter displays a message stating that a performance object is not loaded or enabled. Problem type Process or job object data not displayed PATROL Generates Event 560 and 562 in the Windows security event log Event filter parameters not automatically acknowledged Newly installed protocols are not discovered Event log summary instance cannot be removed Windows event log does not work Multiple processes are selected when you select a single process PATROL Agent has DiscoveryStatus parameter in alarm Mount point monitoring and logical disk quotas does not work Page 200 201 201 201 202 202 203 203 203 Process or job object data not displayed In the PATROL console. Explanation The Microsoft Performance counter collector perfproc. the Processes or Job Objects containers are offline. grant read access for this registry key to the PATROL Agent default account.

Newly installed protocols are not discovered Protocols that are installed on the server are not discovered by PATROL even though counters for the protocols are displayed in Microsoft Performance Monitor. printer. as specified on the Event Handling tab of the Configure Windows Event Monitoring window. or other system object. An object could be a file.Object Open Event ID 562 . Chapter 6 Troubleshooting PATROL for Microsoft Windows Servers 201 . Explanation PATROL generates these events during normal data collection if success auditing is enabled for object access.Handle Closed Solution To prevent PATROL from generating these events. folder. see “Configuring Windows events monitoring” on page 103. Event filter parameters not automatically acknowledged Event filter parameters are not automatically acknowledged even though the event filter is configured to do so. For more information about this setting. you can turn off success auditing for object access. see Microsoft KB article 149401.PATROL KM for Microsoft Windows OS problems PATROL Generates Event 560 and 562 in the Windows security event log PATROL generates the following events in the Windows security event log: s s Event ID 560 . This setting determines whether to audit user access to an object. registry key. matches the filter occurs. For more information. This behavior occurs for the following parameters: s s s s s s s ELMErrorNotification ELMFailureAuditNotification ELMInformationNotification ELMNotification ELMOtherTypesNotification ELMSuccessAuditNotification ELMWarningNotification Solution Explanation These parameters cannot be Deselect the option to notify PATROL immediately when an event that automatically acknowledged. You cannot use the auto-acknowledge feature if the event filter is configured to notify immediately.

Alternatively. and setting the username and password required for the event log KM in the pconfig variable. right-click the Summary instance and select Delete. 202 BMC PATROL for Microsoft Windows Servers Getting Started . Event log summary instance cannot be removed Each Windows event log application contains an instance named Summary that cannot be removed. For more information. Explanation Windows event log does not work correctly. Solution The BMC PATROL Agent default account credentials are stored in the /AgentSetup/defaultAccount agent pconfig variable.PATROL KM for Microsoft Windows OS problems Explanation The PATROL Agent does not detect the new performance objects. set the value of the agent configuration variable OverrideSummaryAutoCreate to 1. you can also set the account for event log by adding the /AgentSetup/NT_EVENTLOG. Executing the KM menu command Configure Windows Event Monitoring. see “OverrideSummaryAutoCreate” on page 228. Set the BMC PATROL default account so that the /AgentSetup/defaultAccount agent pconfig variable is not blank. 2. Explanation Configuration variable setting needs to be changed. you can also permanently remove the Summary instance by following these steps: 1. Alternatively. Solution Restart the agent or refresh the performance counters. From the Configure Windows Event Monitoring window. Solution To permanently remove Summary instances from the event log applications. Windows event log does not work The Windows event log does not work correctly.OSdefaultAccount pconfig variable.

is installed correctly. If you do not select this check box.aspx?familyid=32bc1bee-a 3f9-4c13-9c99-220b62a191ee&displaylang=en Mount point monitoring and logical disk quotas does not work The PATROL Agent default account must be in the local or domain Admins group. Event log and Logical disks application class are not visible. Explanation Patrol Agent has the DiscoveryStatus parameter in alarm. Chapter 6 Troubleshooting PATROL for Microsoft Windows Servers 203 . and the Services. select the Process(es) using a regular expression for monitoring check box. which is part of BPM for Servers installation.microsoft. Solution Verify that the Microsoft Visual C++ 2005 Redistributable Package (x86). In case. you can install it from http://www. the mount drive has security restriction. the product only adds the process instances for monitoring. ABC2. Explanation Multiple process are selected even if you select only one process.com/downloads/details. Solution If you want the product to add all the processes for monitoring. 2ABC.PATROL KM for Microsoft Windows OS problems Multiple processes are selected when you select a single process Processes with names that contain the same string are all selected when you select any one of those processes. EXAMPLE If you select the ABC process. If it is missing. and any other process with a name that contains ABC are also selected. you must provide an explicit access right to the Agent account for monitoring. for which you have the name of the process selected. PATROL Agent has DiscoveryStatus parameter in alarm PATROL Agent displays the DiscoveryStatus parameter in an alarm state. 123ABCxyz.

PATROL KM for Event Management problems PATROL KM for Event Management problems This section contains troubleshooting information for the PATROL KM for Event Management: Problem type Too many e-mail alerts are being generated Parameters settings lost after agent restart PATROL KM for Event Management not working as expected AS_AVAILABILITY application not displayed Page 204 205 206 206 Too many e-mail alerts are being generated PATROL is generating too many e-mail messages. as necessary. /AS/EVENTSPRING/ALERT/a rsAction is set to 4. Solution Begin baselining and adjusting parameter thresholds. You can make these changes on one remote agent and then use the PATROL Configuration Manager to deploy these changes to other agents. For more information. If you are receiving alerts because systems are down for maintenance. If the arsAction rule is set to 4 for all PATROL objects. Instead. The rule Set the rule /AS/EVENTSPRING/ALERT/arsAction to 0. Explanation Parameters and thresholds need tuning. you may want to disable notification for all PATROL objects. Review the e-mail alerts to determine which parameters are generating alerts. the following configuration variable is created: /AS/EVENTSPRING/ALERT/object/arsAction 204 BMC PATROL for Microsoft Windows Servers Getting Started . see the PATROL KM for Event Management User Guide. Then adjust the parameter thresholds. When you enable notification for a specific PATROL object. or deactivate parameters. Blackout periods are needed. you should configure blackout periods that specify when alerts are not generated. or parameters. enable notification only for the desired applications. notifications are sent for all events. or too many notifications in general or you are receiving notifications for events that are not important to you. Then. instances. deactivate threshold ranges. by setting /AS/EVENTSPRING/arsAction to 0 at the remote agent.

This reduces network traffic.conf instructions. remove the following line: allowsendparamonly=true 5 Save and close the file.For %PATROL_HOME%\common\patrol. the PATROL KM or Event Management threshold and poll time settings are not applied.conf does not exist.conf from %PATROL_HOME%\common\patrol. obtain a copy of the file Patrol. If Patrol. open patrol.conf. allowsendparamonly variable.” If this variable exists and is set to True.conf file.PATROL KM for Event Management problems Parameters settings lost after agent restart Parameter poll times that are set using the PATROL KM for Event Management are not retained upon agent restart.d to a secure location. as described in “Removing the allowsendparamonly variable. if it exists.d/PATROL. but it also prevents the PATROL KM for Event Management from detecting when parameters become active after an agent restart.conf file doesn't exist then all the agent variables get set to TRUE. Thus.conf and remove the allowsendparamonly variable. copy it from another computer or contact BMC Software Support. Chapter 6 Troubleshooting PATROL for Microsoft Windows Servers 205 . To resolve this problem. 4 Underneath the [AGENT] stanza.” To obtain the Patrol. 2 Using the PACFG (PATROL Agent Configuration) utility. specify that secured location. Explanation Solution The allowsendparamonly variable exists in Remove the allowsendparamonly variable. 3 Using Notepad (with word wrap disabled) or Wordpad. Removing the allowsendparamonly variable 1 Move patrol. 6 Reinitialize the agent. then state change events for applications and instances are not generated.d\PATROL. see “Removing the file and is set to true. etc/patrol.

ctg.ctg to %PATROL_HOME%\lib\knowledge\StdEvents.PATROL KM for Event Management problems PATROL KM for Event Management not working as expected The PATROL KM for Event Management shows any of the following problems: s s s s It does not send events.00. if the PATROL Agent is installed after the PATROL KM for Event Management.x and you do not want to upgrade to version 2.ctg ensuring that the correct backup file that corresponds to the PATROL Agent installation is renamed. Explanation Solution Availability targets have Add availability targets. 206 BMC PATROL for Microsoft Windows Servers Getting Started . a PATROL KM for Event Management catalog file is overwritten.6. If you are running PATROL KM for Event Management 2.ctg. 2 Rename %PATROL_HOME%\lib\knowledge\StdEvents.5. For more information. Management User Guide. To Ensure the PATROL KM for Event Management 2. Errors are displayed in the console system output window Parameter thresholds are not applied. AS_AVAILABILITY application not displayed The AS_AVAILABILITY application icon is not displayed in the PATROL Console.5x uses Correct Event Catalog File”. 4 Restart the PATROL Agent service. you must ensure that you are using the correct event catalog file. The AS_AVAILABILITY application class instantiates only when availability targets have been defined. Solution On Windows platforms.date_PID to %PATROL_HOME%\lib\knowledge\StdEvents. see “To Ensure the PATROL KM for Event Management 2.bak 3 Rename %PATROL_HOME%\lib\knowledge\StdEvents. Explanation The PATROL KM for Event Management catalog file has been overwritten. The PATROL KM for Event Management must be installed after the PATROL Agent for the PATROL KM for Event Management to function. For more information.5x uses Correct Event Catalog File 1 Stop the PATROL Agent service. see the PATROL KM for Event not been added. The NotifiedEvents parameter is offline.

2 Using PATROL Configuration Manager or the pconfig utility. To customize performance counters 1 Use the PATROL Wizard for Performance Monitor and WMI to create parameters for a Performance Monitor counter. you can’t create useful alarm ranges if the Microsoft performance monitor counter values are normally less than 1. see “Customizing performance monitor counters.Problems with all other KMs Problems with all other KMs This section contains troubleshooting information for all other KMs in the PATROL for Windows product: Problem type Cannot add performance monitor counters with alarm ranges less than 1 Cannot add performance monitor counters with alarm ranges less than 1 AdPerfCollector parameter display error message Page 207 207 208 Cannot add performance monitor counters with alarm ranges less than 1 The PATROL Wizard for Performance Monitor and WMI does not allow decimal alarm ranges that are less than one. you would multiply the reported value by a a number less than 1. you can multiply the reported value by a specified amount.” Customizing performance monitor counters Since PATROL alarm ranges must be integer values. by following this procedure. Solution To resolve this problem. you can manually multiply or divide the PerfMon counter to get appropriate values for display so that you can set appropriate alarm ranges. This allows you to create meaningful alarm ranges. For more information. Explanation This problem is due to a PATROL limitation. You can also use this approach if the value reported by the counter is too large. display the following configuration variable: Chapter 6 Troubleshooting PATROL for Microsoft Windows Servers 207 . yet the Performance Monitor counters values are normally in this range. However. See the suggested solution. In that case. as described in “Creating performance monitor parameters” on page 143.

208 BMC PATROL for Microsoft Windows Servers Getting Started . For example. you can also multiple the other counters by a multiplier. The value reported by PATROL for the selected counter is adjusted by the multiplier that you entered. AdPerfCollector parameter display error message When a Windows Server 2003 or Windows 2000 Server machine is promoted to a domain controller (DC).1 WARNING When entering a multiplier that is less than 1. you must include a leading zero.1. For example: counter1*100. add *100 to the variable. as shown: Active Threads*100.1. where multiplier is the numerical value by which you want to multiply the reported value. available in WMI. after the counter name. 4 Apply the configuration change to the agent. to multiple the reported value of the counter Active Threads by 100. *multiplier. For example. you must enter 0. If you are monitoring multiple counters for the object.counter2.Problems with all other KMs /Perfmon/NT_PERFMON_WIZARD/object/Counters where object is the Microsoft Performance Monitor object.counter3*0. and not . the annotated data point for the AdPerfCollector parameter may display the following error message: ERROR.Error: WBEM_E_INVALID_CLASS Explanation Solution The required Microsoft Follow the instructions in Microsoft Knowledge Base Article 266416 to dredge Performance Counters are not the performance counters from the registry and make them available in WMI. 3 Edit the configuration variable value by adding.

For more information about configuring recovery actions. When the recovery action is triggered. You enable the recovery action and select the option Do not ask me again. PATROL prompts you whether to terminate the process. Solution This is a known issue. therefore. As a workaround. see “Accounts” on page 43. you configure the recovery action that terminates a runaway process and specify that the recovery action runs only with operator confirmation. PATROL prompts you again before terminating the process. For more information about the account rights required. PATROL prompts you again before running a recovery action. For example. Chapter 6 Troubleshooting PATROL for Microsoft Windows Servers 209 . Explanation The PATROL Agent default account lacks the rights to execute the recovery action. Even though I select “Do not ask me again” PATROL prompts before running recovery action Even though you select the option Do not ask me again. it runs with a different PID and. Explanation The process runs with a different PID (process identification) number and appears to PATROL as a different process. you can configure the recovery action to run automatically instead of with operator confirmation. Solution Assign local administrator rights to the PATROL Agent default account on the host where you want to execute the recovery action. A message indicating that access is denied may be displayed in the PATROL console system output window.Recovery action problems Recovery action problems This section contains troubleshooting information about PATROL for Microsoft Windows Servers recovery actions: Problem type Recovery actions do not execute Even though I select “Do not ask me again” PATROL prompts before running recovery action Page 209 209 Recovery actions do not execute The built-in recovery actions are enabled but they do not execute. see “Configuring recovery actions” on page 128. The next time that the process is triggered to be terminated.

PATROL From the PATROL console.Gathering diagnostic information Gathering diagnostic information The following section provides information about where you can obtain diagnostic information. PATROL Diags From the PATROL console. a log file for user bhunter on a Windows Server computer BHUNT_1 could be: C:\WINNT\Profiles\bhunter\Application Data\BMCinstall\BHUNT_1-1005340189. Type Installation logs Location %USERPROFILE%\Application Data\BMCINSTALL\ Description See “Installation logs. relating to the operation of KMs. You can check here to determine if NOTIFY_EVENTS are being generated. including error messages. Locations where you can find diagnostic information The following table lists locations where you can find diagnostic information for problems with PATROL for Microsoft Windows Servers.log. The name of the log file is a combination of the computer name and a time stamp.” System Output See the documentation for your PATROL The system output window contains messages Window console. PATROL Diags provides a variety of information about your environment that support requires. For example. 210 BMC PATROL for Microsoft Windows Servers Getting Started . The PATROL Event Manager shows all of the PATROL related events for the host. load KM PSX_APPLICATION_DEBUG and right-click Application Trace icon => KM Commands => Create Diagnostic Report Installation logs One log file is created each time the installer is run. right-click Event Manager the host and select Event Manager. The log file is located in the %USERPROFILE%\Application Data\BMCINSTALL\ directory.

Gathering diagnostic information Determining PATROL KM version number Follow these steps to determine the PATROL KM version that is installed on the host machine. Chapter 6 Troubleshooting PATROL for Microsoft Windows Servers 211 . access the top-level KM application. 2 Right-click the application and select the menu command InfoBox and described in “Accessing KM commands and InfoBoxes” on page 214. To determine the PATROL KM version 1 From the PATROL console. The PATROL KM version is displayed next to KM Version.

Gathering diagnostic information 212 BMC PATROL for Microsoft Windows Servers Getting Started .

. . . . . . InfoBoxes. and online Help 213 . . . . . . . . . . Because of the different environments in which these consoles run. . . . . 215 Appendix A Accessing menu commands. . . and online Help on each of the PATROL consoles. . . . . . . . . . . This appendix provides instructions for accessing the KM menu commands. . . . . . .Appendix A Accessing menu commands. . . . . . . . . . . . . . . . . Accessing KM commands and InfoBoxes . . . InfoBoxes. . . . and online Help A BMC Software offers several PATROL consoles from which you can view a PATROL Knowledge Module (KM). . . . . each one uses a different method to display and access information in the KM. . . . See the PATROL for Windows Servers online Help for more detailed information about navigation in the PATROL Consoles. . . . . . 214 Accessing online Help . . . . . . . . . . . . InfoBoxes. . . . .

With the middle mouse button. right-click a computer or application icon to display a pop-up menu that contains KM-specific commands. To access InfoBoxes In either the Desktop tree tab or the work area. PATROL Central Operator . Knowledge Module Commands from the pop-up menu.Accessing KM commands and InfoBoxes Accessing KM commands and InfoBoxes Table 46 provides information about how to access KM commands and InfoBoxes from the various PATROL consoles. right-click a PATROL object and choose managed system or application InfoBox from the pop-up menu. PATROL Console for UNIX PATROL Central Operator Windows Edition In the navigation pane. In the work area. right-click an application class or parameter icon and choose InfoBox from the pop-up menu. icon and choose Knowledge Module Commands from the pop-up menu. right-click a computer or application icon and choose KM Commands from the pop-up menu. click an application class or parameter icon. right-click an In the tree view area. right-click a In the navigation pane. right-click a PATROL object and choose application icon and choose Infobox from the pop-up menu. In the tree view area.Web Edition 214 BMC PATROL for Microsoft Windows Servers Getting Started . Table 46 Console PATROL Console for Microsoft Windows Servers Accessing KM Commands and InfoBoxes To access menu commands In either the Desktop tree tab or work area.

select an application icon and press F1.Accessing online Help Accessing online Help Table 47 provides information about how to access Help from each console. Choose Attributes => Application Classes and double-click the application name. Right-click a parameter icon and click Help On. choose Help => Help Topics. Help and choose PATROL choose Help. see the PATROL Installation Reference Manual for specific instructions about installing and setting up a browser in the UNIX environment. Click Show Help in the Application Definition dialog box. click the name of your product.Web Edition In the upper right corner of In the tree view. NOTE If you are trying to access Help from a UNIX console. from the properties dialog box. Double-click a parameter in the KM tab of the console. select a parameter icon and press F1. From the Application Properties dialog box. Appendix A Accessing menu commands. InfoBoxes. Then click Show Help. click the Help tab. To access parameter help s PATROL Console for Microsoft Windows Servers Right-click a parameter icon and choose Help On from the pop-up menu. right-click In the tree view. click the Help tab. KM Help. and online Help 215 . click Help. choose Help => Help Topics => PATROL Knowledge Modules. To access application class help Double-click an application class in the KM tab of the console. choose Help On => Knowledge Modules. In the Contents tab. PATROL Central Operator .Windows Edition From the console menu bar. right-click an application class and a parameter and choose PATROL Central. In the Operator tab of the navigation pane. In the Operator tab of the navigation pane. PATROL Central Operator . Table 47 Console Accessing online Help To access product help From the console menu bar. then click Show Help. Double-click a parameter icon. s s PATROL Console for UNIX From the console menu bar. click the ? icon or Help button in the parameter display window.

Workaround: To view the online Help on Windows Vista. you must download the WinHlp32. The Windows Help program (WinHlp32. Microsoft did not include the WinHlp32.Accessing online Help NOTE In PATROL Central Operator – Microsoft Windows Edition on a Microsoft Windows Vista operating system.com/fwlink/?LinkID=82148 216 BMC PATROL for Microsoft Windows Servers Getting Started .exe program from the following Microsoft Windows support website and install it onto your computer: http://go.microsoft.exe program with Microsoft Windows Vista. the online Help does not work.exe) is used to display 32-bit Help files that have the .hlp extension.

. . . . . . . . . . . . . . . PATROL KM for Microsoft Cluster Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL for Microsoft Windows Servers rulesets . . PATROL KM for Microsoft Windows Domain Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL KM for Microsoft Windows Message Queue. . . Manually creating or changing configuration variables . . . . . . . . Using PCM to apply configurations changes to other agents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL KM for Microsoft Windows OS . . . . . . . . . . . . . . . . . PATROL KM for Microsoft COM+. . . . . . . . use the PATROL Configuration Manager or the wpconfig utility. . . . . . Before you change a variable. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL Wizard for Microsoft Performance Monitor and WMI. Using PATROL Configuration Manager . . . . . . . . . . . Information about using PATROL Configuration Manager is included in this appendix. . . . . . . . . . . . Managing configuration variables. . . . . 218 218 218 241 244 248 253 254 255 256 257 257 257 258 260 269 269 270 Appendix B Agent configuration variables and rulesets 217 . . . WARNING Changing any of these agent configuration variables can prevent some functions from working properly and can affect your entire installation. . . . . . . . . . . . . . PATROL KM for Microsoft Active Directory . . . . . . . . . . . . . . . . . . PATROL KM for Event Management required . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . make a record of the original setting. . . . . . . . . . PATROL for Windows Servers configuration variables . . . . . . . . . . . . . . . . . . . . . . . . . . This appendix also describes the PATROL Configuration Manager rulesets that are provided for PATROL for Microsoft Windows Servers. . . . . . . . . . . . . . . . . . . . Server roles with predefined rulesets . . . . . . . . . . . . . . . To view these variables. . . . . . . . . . . . . Ruleset reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Appendix B Agent configuration variables and rulesets B The variables described in this appendix are PATROL for Windows Servers agent configuration variables that are set in the PATROL Agent. . . . . PATROL for Microsoft Windows Servers . . . . . . . . . . . . . . . . . Using PATROL Configuration Manager to apply rulesets .

PATROL KM for Microsoft Windows OS Table 48 on page 219 lists the PATROL KM for Microsoft Windows OS (the KM) component variable settings. 218 BMC PATROL for Microsoft Windows Servers Getting Started . the configuration variable has no applicable default value because the variable is created only when the product is configured.Managing configuration variables Managing configuration variables BMC Software recommends that you set agent configuration variables by using a console to configure PATROL for Windows Servers KMs. NOTE For information about the PATROL KM for Event Management agent configuration variables. PATROL for Windows Servers configuration variables The following sections lists the agent configuration variables associated with each PATROL for Windows Servers component. if the default value is shown as NA. see the PATROL KM for Event Management User Guide. All PATROL KM for Microsoft Windows OS variables are located in the following pconfig directory: /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config In Table 48 on page 219. Use the PATROL Configuration Manager or the wpconfig utility only to view variable settings or deploy them to others machines.

Argume nts Appendix B Agent configuration variables and rulesets 219 .Memory KM displays in the View Process Usage. Directory path and variable InactiveonMissingPerfObj Migrate37 specifies whether the KM migrates the configurations from the registry at every discovery cycle the alarm threshold used when automatic monitoring is enabled the length of time that a process can exceed the AlarmThreshold before the KM automatically monitors the process 0. 1 itself when a Microsoft performance object is disabled This configuration variable can also be associated with any other KM.Handle s.Threads. s s DisablePatrolGroup empty 0 = instances are created 1 = instances are not created DisablePatrolRestart specifies whether the PATROL agent 0. 1 restarts if it exceeds the processor% threshold s s empty StatusNumberofProcessesToDisplay specifies how many processes the KM displays in the View Process Status dialog box StatusSortKey StatusSelectedColumns/list the column that is used for sorting the View Process Status dialog box integer > = 0 All All an existing column Pid NA comma-separated list of columns the User%.Page Faults/sec.PATROL for Windows Servers configuration variables Table 48 PATROL KM for Microsoft Windows OS variables (Part 1 of 23) Description Values Default empty (0) specifies whether the KM inactivates 0. 1 0 /ProcessMonitoring AlarmThreshold AutoDiscoveryTimeLimit greater than 0 s s NA integer > = 0 NA -1 turns off this feature NA CollectionCount the number of processes that the KM integer greater collects performance data for at one than 0 time specifies whether the KM automatically creates instances for the PATROL group Note: You must also remove the instances from the list of monitored instances using the Configure Manual Process Monitoring => Remove Processes menu command.VM Status dialog box size.

No Yes. including any appropriate command-line arguments that the KM uses to start the process when the process goes down length of time (in minutes) that the process can remain in a run-away state before the KM terminates the process A run-away process is defined as a process that exceeds the PROCProcessorTimePercent parameter alarm threshold for the length of time specified by this variable. No process name directory path Default Yes No process name empty Directory path and variable EnableAlarmIfProcessDown EnableAlarmIfProcessStarts ProcessName StartupCommand /ProcessMonitoring/ProcessConfigurationList/instance TimeLimitForKillRunAwayProcess integer > = 0.PATROL for Windows Servers configuration variables Table 48 PATROL KM for Microsoft Windows OS variables (Part 2 of 23) Description specifies whether the KM generates an alarm when a process terminates specifies whether the KM generates an alarm when the process starts the name of the monitored process path to an executable command. Values Yes. No NA NA Yes 220 BMC PATROL for Microsoft Windows Servers Getting Started . a number of minutes empty GroupList/list ArgumentList/list UserDefinedProcess DisplayName ProcessOwner ProcessSettings list of the groups to which the process belongs list of arguments for the configured process specifies whether the process is a user-defined process Contains the display name of the process instance Contains the user name or regular expression for the acceptable owners Contains the comma-separated values of minimum and maximum threshold count for a process instance group names arguments Yes.

Values Valid values of the this property are: s Directory path and variable UseOwnerFilter Default s 1: process owner filtering on 0: process owner filtering off The second property indicates Valid values are: whether to display the annotation for the PROCOwnerCheck parameter.PATROL for Windows Servers configuration variables Table 48 PATROL KM for Microsoft Windows OS variables (Part 3 of 23) Description Contains a list of two commaseparated properties The first property indicates whether the process owner filtering is on or off. s 0: annotation on s 1: annotation off Appendix B Agent configuration variables and rulesets 221 .

222 BMC PATROL for Microsoft Windows Servers Getting Started . manual services are monitored NULL removedServiceList contains a list of services that have been removed by the PATROL user Note: The default value ‘NULL’ indicates that no services are removed. see “Ensuring that services are restarted as desired” on page 116.PATROL for Windows Servers configuration variables Table 48 PATROL KM for Microsoft Windows OS variables (Part 4 of 23) Description enables and disables the automatic resetting of specific service monitoring flags specifies whether annotations are enabled or disabled for the NT_SERVICES application parameters global setting that specifies restart properties for all services. For more information about using this variable. manual services are not monitored 1 = enabled. Values Valid values are: s s Directory path and variable /ServiceMonitoring AutoResetServiceConfig Default empty 0 = disabled 1 = enabled empty DisableAnnotation Valid values are: s s 0 or blank = enabled 1 = disabled 0 DisableServiceRestart Valid values are: s s 0 = yes. automatic restart 1 = no automatic restart empty DisableServiceMonitoring global setting that specifies whether services are monitored Valid values are: s s 0 = by default all services are monitored 1 = disables service monitoring empty MonitorManualServices specifies whether manual services are monitored Valid values are: s s 0 = disabled.

PATROL for Windows Servers configuration variables Table 48 PATROL KM for Microsoft Windows OS variables (Part 5 of 23) Description Values Default NA enables you to remove the SERVICES Valid values are: prefix from NT_SERVICES instance names s 0 or blank = prefix Note: You must enter this variable s 1 = no prefix manually. the NT_SERVICES instance names were changed. In version 3.9. This naming convention is not fully backward compatible. the KM does not create it. they were prefixed with SERVICES. Directory path and variable UseBackwardCompatibleName Appendix B Agent configuration variables and rulesets 223 .00 of PATROL KM for Microsoft Windows OS.

PATROL for Windows Servers configuration variables Table 48 PATROL KM for Microsoft Windows OS variables (Part 6 of 23) Description Values Default Directory path and variable /ServiceMonitoring/ServiceList/service name 224 BMC PATROL for Microsoft Windows Servers Getting Started .

only automatic and running manual services are monitored. Valid values are: s s 0 = no monitoring 1 = yes. Valid values are: s s 0 = yes. NA WarningAlarm 0 specifies whether the service triggers Valid values are: a warning instead of an alarm Appendix B Agent configuration variables and rulesets s 0 = alarm s 1 = warning 225 . alarm NA AutoRestart specifies whether to restart the monitored service Valid values are: s s 0 = no restart 1 = yes.PATROL for Windows Servers configuration variables Table 48 Alarm PATROL KM for Microsoft Windows OS variables (Part 7 of 23) Description specifies whether to alarm when the service goes down Values Valid values are: s s Directory path and variable Default NA 0 = no alarm 1 = yes. Valid values are: s s NA OverrideGlobalServiceRestart NA 0 = do not override 1 = override OverrideGlobalServiceMonitoring specifies whether the MonitorProcess Valid values are: variable for the monitored service overrides the global s 0 = do not DisableServiceMonitoring variable override s 1 = override You can set this variable only by using PATROL Configuration Manager. restart 0 IgnoreAutoResetConfig specifies whether the global auto reset feature applies to this service This variable can be set only through PATROL Configuration Manager. monitor 0 MonitorProcess specifies whether the process associated with the service is monitored specifies whether the KM runs the command specified by the NotRespondCmd variable Valid values are: s s 0 = no 1 = yes 0 = no 1 = yes 0 MonitorNotRespond s s NotRespondCmd the path to an executable that the KM path to an runs if the variable executable MonitorNotRespond has a value of 1 specifies whether the AutoRestart variable for the monitored service overrides the global DisableServiceRestart variable You can set this variable only by using PATROL Configuration Manager. automatic reset 1 = no automatic reset NA Monitor specifies whether to monitor the service By default.

PATROL for Windows Servers configuration variables Table 48 PATROL KM for Microsoft Windows OS variables (Part 8 of 23) Description Values Default Directory path and variable /EventLogMonitoring 226 BMC PATROL for Microsoft Windows Servers Getting Started .

0 MaxResourceIdleRetainPeriod the maximum amount of time.PATROL for Windows Servers configuration variables Table 48 PATROL KM for Microsoft Windows OS variables (Part 9 of 23) Description specifies the location of the backup directory for the event log Note: If the directory entered for the backup directory does not exist.. that an event description resource DLL is held in cache list of event logs that are monitored Appendix B greater than 0 300 seconds InclusionList/list list of event logs NA 227 Agent configuration variables and rulesets . UseCheckPoint Valid values are: s s 0 0 = use auto configure 1 = do not use auto configure specifies whether the event log uses a Valid values are: checkpoint value to guarantee that no events are missed if the PATROL s 0 = do not use Agent is not running or the KM is not s 1 = use loaded for a period of time This is a global setting that can be overridden by individual event log configurations. since last accessed. For example. the Backup and Clear Eventlog recovery action fails. you could use the following variable to inactivate the NT_HEALTH parameters: . Values directory path Example: D:\temp Default NA Directory path and variable BackupDir IncludeAll specifies whether all event logs are discovered or only those configured to be monitored Valid values are: s s 1 0 = only configured 1 = all OverrideParameterAutoActivate Valid values are: 0 specifies whether to automatically activate and automatically inactivate event log parameters based on the s 0 = use auto current configuration configure s 1 = do not use You can also use this variable to auto configure inactivate or activate other parameters. You can also apply this variable to specific event logs../HealthMonitoring/OverridePara meterAutoActivate OverrideParameterFileFreeSpacePct specifies whether the parameter AutoActivate ELMEvFileFreeSpacePercent automatically activates and inactivates based on the current configuration This variables applies to all event logs.

Valid values are: s s 0 = use auto configure 1 = do not use auto configure 228 BMC PATROL for Microsoft Windows Servers Getting Started .xpc). You can also apply this variable globally to all event logs. Values list of event logs Valid values are: s Directory path and variable ExclusionList/list DisablePEMInfoEvents Default NA 0 s 0 = do not disable information events 1 = disable information events 0 TogglePEMOriginData Valid values are: determines whether the event is displayed in the event log name format or the detailed format in PEM s 0 = event log (PATROL Event Manager) name format s 1 = detailed format specifies whether all occurring events are sent to PEM (PATROL Event Manager) Valid values are: s s /EventLogMonitoring/event log/ ForwardAllNTEventstoPEM 0 0 = do not send 1 = send 0 ForwardFilteredNTEventstoPEM Valid values are: specifies whether all events that match the configured event filters for the event log are sent to PEM s 0 = do not (PATROL Event Manager) send s 1 = send specifies whether the default behavior to automatically create the Summary instance is overridden Valid values are: s OverrideSummaryAutoCreate 0 s 0 = do not override (create) 1 = yes. override (do not create) 0 OverrideParameterFileFreeSpacePct specifies whether the parameter AutoActivate ELMEvFileFreeSpacePercent automatically activates and inactivates based on the current configuration This variable applies to a specific event log.PATROL for Windows Servers configuration variables Table 48 PATROL KM for Microsoft Windows OS variables (Part 10 of 23) Description list of event logs that are not monitored specifies whether to disable information events generated by XPC (psx_server.

However. the event filter is automatically acknowledged when the referenced event filter criteria is satisfied.PATROL for Windows Servers configuration variables Table 48 PATROL KM for Microsoft Windows OS variables (Part 11 of 23) Description Values Default 0 specifies whether the event log uses a Valid values are: checkpoint value to guarantee that no events are missed if the PATROL s 0 = do not use Agent is not running or the KM is not s 1 = use loaded for a period of time the last event log record that was successfully recorded a list that details the defined event filters specifies whether the event filter is enabled Disabled event filters are not discovered and do not collect events. if an instance is not created. If this value is set. greater than 0 list of event filters Directory path and variable UseCheckPoint CheckPoint EventFilters/child_list 0 Summar y 1 /EventLogMonitoring/eventlog/EventFilters/filter FilterEnabled Valid values are: s s 0 = not enabled 1 = enabled CreateInstance Valid values are: 1 specifies whether an application instance is created for the event filter s 0 = not created An application instance is not s 1 = created required to collect data. path to valid PATROL application instance NA ParentInstance AcknowledgeBy specifies how the event filter is acknowledged If the value of this variable is the name of another event filter. automatic. manual. the only way to retrieve the data collected by the event filter is too subscribe to the event filter data. allows the parent application instance of an event filter to be changed. the event filter instance is created with the specified parent instance. or filtername automatic Annotation specifies whether the parameter data Valid values are: point is annotated with event text s 0 = do not annotate s 1 = annotate 0 Appendix B Agent configuration variables and rulesets 229 .

For example. use a value of 18 (2 +16). 8. 32. to monitor both Warning and AuditFailure events. 16. 1. and the sums of any or all of these numbers FilterDescription text that describes the event filter no restrictions NA 230 BMC PATROL for Microsoft Windows Servers Getting Started . 4. 2.PATROL for Windows Servers configuration variables Table 48 PATROL KM for Microsoft Windows OS variables (Part 12 of 23) Description specifies whether event types are consolidated Values Valid values are: s s Directory path and variable ConsolidateEventTypes Default 0 0 = do not consolidate 1 = consolidate 1 ConsolidationNumber number of events that occur within a integer less than specified time and are reported as 35791394 one event the time period in which events must integer less than occur to satisfy the consolidation 35791394 criteria specifies whether event descriptions are reported by means of a text parameter Valid values are: s s ConsolidationTime 0 EventReport 0 0 = do not report 1 = report For security event log: 25 All other event logs: 1 EventType specifies the type of events that are filtered 1 = Error 2 = Warning 4 = Information 8 = AuditSuccess 16 = AuditFailure 32= OtherType A valid value is any summation of these types.

depending on the value of the variable IncludeAllEventIds specifies whether all sources are monitored If all sources are monitored (1). it represents an inclusion list. Otherwise. depending on the value of the variable IncludeAllCategories specifies whether all event IDs are monitored If all event IDs are monitored (1). then the CategoryList variable represents an exclusion list. Values Default 1 Directory path and variable IncludeAllCategories CategoryList/list a list of event categories that are included or excluded from monitoring. Otherwise. Otherwise. list of event IDs NA IncludeAllSources Valid values are: s s 1 0 = not monitored 1 = monitored SourceList/list a list of sources that are included or excluded from monitoring. it represents an inclusion list.PATROL for Windows Servers configuration variables Table 48 PATROL KM for Microsoft Windows OS variables (Part 13 of 23) Description specifies whether all event categories are monitored If all categories are monitored (1). depending on the value of the variable IncludeAllSources specifies whether all text strings are monitored If all text strings are monitored (1). Otherwise. it represents an inclusion list. then the StringList variable represents an exclusion list. then the SourceList variable represents an exclusion list. list of event sources NA IncludeAllStrings Valid values are: s s 1 0 = not monitored 1 = monitored Appendix B Agent configuration variables and rulesets 231 . list of event categories NA IncludeAllEventIds Valid values are: s s 1 0 = not monitored 1 = monitored EventIdList/list a list of event categories that are included or excluded from monitoring. it represents an inclusion list. then the EventIdList variable represents an exclusion list.

Valid values are: s s Directory path and variable StringList/list IncludeAllUsers 1 0 = not monitored 1 = monitored UserList/list a list of users that are included or excluded from monitoring.PATROL for Windows Servers configuration variables Table 48 PATROL KM for Microsoft Windows OS variables (Part 14 of 23) Description Values Default NA a list of text strings that are included list of text strings or excluded from monitoring. Otherwise. it represents an inclusion list. depending on the value of the variable IncludeAllStrings specifies whether all users are monitored If all users are monitored (1).xpc memory for the filter 232 BMC PATROL for Microsoft Windows Servers Getting Started . depending on the value of the variable IncludeAllUsers specifies whether event descriptions are stored in the PATROL Agent namespace for retrieval list of text strings NA RetainEventDescriptions Valid values are: s s 0 0 = do not retain 1= retain 1 Scheduling the type of collection used for collecting event data Valid values are: s s s 0= Notification 1 = Polling 2 = Both 3010 MaxRecords the maximum number of records that greater than 0 are held in psx_server. then the UserList variable represents an exclusion list.

Category.PATROL for Windows Servers configuration variables Table 48 PATROL KM for Microsoft Windows OS variables (Part 15 of 23) Description lists the subscriptions that exist for the parent event log and filter Values subscribers Default empty NA Directory path and variable SubscriberList/list DisplayName specifies the label that the KM places label for filter under the filter instance Note: You must manually enter this variable. Setting this variable does not change the instance name/namespace. the KM does not create it. User. This variable is read only at initial filter creation or parent instance change. String. depending on which of the 5 categories were checked Appendix B Agent configuration variables and rulesets 233 . a case-independent filter comparison is made for the corresponding field. one bit corresponding to each of Source. and Computer name. depending upon case sensitivity. respectively. FilterDisableCase specifies whether the filter comparisons are made in a caseindependent manner This variable has five bit values. Valid values are: s 0000 s s 00000 = none checked (default) 11111 = all 5 categories checked a combination of 0s and 1s. If any bit value is 1.

1 filter name Function function name empty Library library name empty /EventLogMonitoring/_TUNING_/ 234 BMC PATROL for Microsoft Windows Servers Getting Started .PATROL for Windows Servers configuration variables Table 48 PATROL KM for Microsoft Windows OS variables (Part 16 of 23) Description Values Default empty Directory path and variable ComputerNamesList/list /EventLogMonitoring/event log/EventFilters/filterName lists the computers that are included list of computers for monitoring or the computers that are excluded from monitoring. and the ComputerNa mesList variable is an exclusion list 1 empty /EventLogMonitoring/eventlog/Subscribers/subscriber Enabled Filter specifies whether the subscriber (subscription) is enabled specifies the name of the filter that notifies the subscriber when monitored events are detected specifies the function that the Subscriber calls when notified of events specifies the location of the library that contains the function that the Subscriber calls 0. depending on the value of the IncludeAllCompList variable indicates whether all computers are monitored Valid values are: s IncludeAllCompList s 0 = none of the computers are monitored by default. and the ComputerNa mesList variable is an inclusion list 1 = all of the computers are monitored.

xpc) memory for any filter specifies whether the KM obtains account names from the SID whether job object parameters are automatically activated or inactivated based on the current configuration 3010 ReportAccountName /JobObjectMonitoring/ OverrideParameterAutoActivate 0. 1 0 Valid values are: s s 0 0 = auto configure 1 = do not auto configure 0 ManualAcknowledge whether the PROCStatus parameter is manually acknowledged Valid values are: s s 0 = auto acknowledge 1 = manually acknowledge 1 MonitorProcess whether job object assigned processes are monitored Valid values are: s s 0 = do not monitor 1 = monitor 1 IncludeAll whether all job objects are discovered Valid values are: or only the job objects specifically configured to be monitored s 0 = only configured objects s 1 = all the job objects that are monitored list of job objects the job objects that are excluded from list of job objects monitoring Appendix B InclusionList/list ExclusionList/list NA NA Agent configuration variables and rulesets 235 .PATROL for Windows Servers configuration variables Table 48 PATROL KM for Microsoft Windows OS variables (Part 17 of 23) Description specifies the heartbeat configuration that is passed to the PEM API Values number that is calculated using valid values: 5000 <= x <= 1800000 Default 30000 Directory path and variable EventForwardingHeartbeat EventForwardingRetries specifies the number of times the KM number that is attempts to send an event calculated using valid values: 2 <= x <= 10 specifies the timeout configuration that is passed to the PEM API number that is calculated using valid values: 5000 <= x <= 1800000 number > 0 4 EventForwardingTimeout 30000 MaxFilterRecords specifies the maximum number of records that the KM holds in XPC (psx_server.

PATROL for Windows Servers configuration variables Table 48 PATROL KM for Microsoft Windows OS variables (Part 18 of 23) Description number of processes for which performance data is collected at one time whether the PROCStatus parameter is annotated Values greater than 0 Default NA Directory path and variable CollectionCount AnnotateProcStatus Valid values are: s s 1 0 = no 1 = yes 1 DestroyAcknowledgeProcess specifies whether to destroy acknowledged process instances Valid values are: s s 0 = no 1 = yes 1 /ProcessorMonitoring/ AnnotateTopProcs Valid values are: specifies whether the parameter NT_CPU/CPUprcrProcessorTimePe rcent for the _Total instance is s 0 = no annotated with the top N CPUs 1 = yes consuming processes integer greater number of top processes to include than 0 when annotating the NT_CPU/CPUprcrProcessorTimePe rcent parameter Valid values are: specifies whether annotations are enabled or disabled for the NT_CPU (icon labled Processor) application s 0 or blank = parameters enabled s 1 = disabled the processors that are excluded from list of processors monitoring specifies whether all processors are monitored (except for the ones specifically excluded) the processors that are monitored This variable is ignored unless the /ProcessorMonitoring/IncludeAll variable is set to 0. CPUprcrStatus /PagefileMonitoring/ the last count of the processors that are monitored integer 0 Valid values are: s s AnnotateProcCount 10 DisableAnnotation ExclusionList/list IncludeAll NA 1 0 = no 1 = yes NA InclusionList/list list of processors 236 BMC PATROL for Microsoft Windows Servers Getting Started .

list of network interfaces ExclusionList/list /PhysicalDiskMonitoring/ InclusionList/list ExclusionList/list IncludeAll the network interfaces that are excluded from monitoring list of network interfaces NA the physical disks that are monitored list of device numbers the physical disks that are excluded from monitoring whether all physical disks are discovered list of device numbers Valid values are: s s NA NA 1 0 = no 1 = yes empty (no limit) NA MaxReloadCounters specifies the maximum number of times that the KM can issue the %RELOAD_COUNTERS command integer > 0 RemovedPDList stores the physical disk instances that list of deleted instances have been removed under the NT_PHYSICAL_DISKS_CONTAINE R application class whether the NT_FTP KM is activated Valid values are: s s /NetworkProtocolMonitoring/ FTP/Active 1 0 = no 1 = yes Appendix B Agent configuration variables and rulesets 237 .PATROL for Windows Servers configuration variables Table 48 PATROL KM for Microsoft Windows OS variables (Part 19 of 23) Description whether all network interfaces (less those excluded) are monitored Values Valid values are: s s Directory path and variable IncludeAll Default 1 0 = no 1 = yes NA InclusionList/list the pagefiles that are monitored This variable is ignored unless the /PagefileMonitoring/IncludeAll variable is set to 0. list of pagefiles ExclusionList/list /NetworkInterfaceMonitoring/ IncludeAll the pagefiles that are excluded from monitoring whether all network interfaces (less those excluded) are monitored list of pagefiles NA Valid values are: s s 1 0 = no 1 = yes NA InclusionList/list the network interfaces that are monitored This variable is ignored unless the /NetworkInterfaceMonitoring/Inclu deAll variable is set to 0.

PATROL for Windows Servers configuration variables Table 48 PATROL KM for Microsoft Windows OS variables (Part 20 of 23) Description specifies whether the NT_ICMP KM is activated Values Valid values are: s s Directory path and variable ICMP/Active Default 1 0 = no 1 = yes 1 IP/Active specifies whether the NT_IP KM is activated Valid values are: s s 0 = no 1 = yes 1 IPX/Active specifies whether the NT_IPX KM is activated Valid values are: s s 0 = no 1 = yes 1 NETBEUI/Active specifies whether the NT_NETBEUI KM is activated Valid values are: s s 0 = no 1 = yes 1 NETBIOS/Active specifies whether the NT_NETBIOS KM is activated Valid values are: s s 0 = no 1 = yes 1 TCP/Active specifies whether the NT_TCP KM is Valid values are: activated s 0 = no s 1 = yes specifies whether the NT_UDP KM is Valid values are: activated s 0 = no s 1 = yes the logical disks that are monitored UDP/Active 1 /LogicalDiskMonitoring/ InclusionList/list list of logical disks NA 238 BMC PATROL for Microsoft Windows Servers Getting Started .

PATROL for Windows Servers configuration variables Table 48 PATROL KM for Microsoft Windows OS variables (Part 21 of 23) Description the logical disks that are excluded from monitoring whether all logical disks are discovered Values Default list of logical disks NA Valid values are: s s Directory path and variable ExclusionList/list IncludeAll 1 0 = no 1 = yes empty (no limit) MaxReloadCounters specifies the maximum number of times that the KM can issue the %RELOAD_COUNTERS command integer > 0 DeletedLDList NonAggregateParamValue stores a list of the deleted logical disk list of logical disk instances instances changes the values generated by the following parameters: s s s Valid values are: s LDldFreeSpacePercent LDldFreeMegabytes LDldDiskSpaceUsed s 1 = values shown for a particular drive instance do not consider the mount drives 0 = value shown is an aggregate of a particular drive instance and all of its mount drives /RegistryMonitoring/ InclusionList/list AnnotateValueChange list of registry keys that are monitored whether the RegValueChanged parameter is annotated list of registry keys NA Valid values are: s s 1 0 = no 1 = yes NA /PrinterMonitoring/ DisableAnnotation specifies whether annotations are enabled (0 or blank) or disabled (1) for the NT_PRINTER application parameters the printers that are monitored the printers that are excluded from monitoring Valid values are: s s 0 or blank = enabled 1 = disabled NA NA InclusionList/list ExclusionList/list list of printers list of printers Appendix B Agent configuration variables and rulesets 239 .

greater than 0 2000000 OverrideAutoConfigUpdate HighThresholdOnEvents /BlueScreenKM/ ConfigureOptionUsed Valid values are: s 3 s s 1 = Event (ID 6008) – only monitors the event id. The KM looks for a crash dump file as well as the event (ID 6008). Dump.HighThreshold OnEvents property is auto-corrected s 0 = auto using the HighThresholdOnEvents correct configuration variable s 1 = do not auto correct minimum required value for the WIN32_WMISetting allows you to configure the KM by using three options.PATROL for Windows Servers configuration variables Table 48 PATROL KM for Microsoft Windows OS variables (Part 22 of 23) Description whether all printers are discovered Values Valid values are: s s Directory path and variable IncludeAll Default 1 0 = no 1 = yes 0 TestConnectivity specifies whether the KM pings the printer to test connectivity Valid values are: s s 0 = no 1 = yes 30 80 /HealthMonitoring/ ProcessorContentionThreshold MemoryContentionThreshold OverrideParameterAutoActivate threshold for resource contention threshold for memory contention 0 to 100 0 to 100 Valid values are: 0 whether the WMIAvailability parameter is automatically activated or inactivated based on the current s 0 = auto configuration on Windows NT 4 configure s 1 = do not auto configure Valid values are: 0 whether the Win32_WMISetting. 240 BMC PATROL for Microsoft Windows Servers Getting Started . 6008. 3 = Default – monitors crash dump or event as per registry configuration. 2 = Crash Dump – only monitors the crash.

The KM functions without specifying the PATROL Agent default account. PATROL KM for Microsoft Windows Domain Services Table 49 lists PATROL KM for Microsoft Windows Domain Services component variable settings. When you enter a blank user name and password for the PATROL Agent default account. Table 49 PATROL KM for Windows Domain Services variables (Part 1 of 3) Description the number of times to perform a DNS test comma-separated list of IP addresses to attempt during DNS test IP address for DNS Server Values text string text string Default 10 NA Directory path and variable /DomainKM/DNS/ IterationCount ResolveTestList ServerIPAddress text string <Local PATROL Agent IP Address> 53 0 ServerPortNumber TCPorUDP port of DNS Server protocol for DNS Test text string 1 = TCP 0 = UDP Appendix B Agent configuration variables and rulesets 241 .PATROL for Windows Servers configuration variables Table 48 PATROL KM for Microsoft Windows OS variables (Part 23 of 23) Description Values Default Directory path and variable /AgentSetup/ NT_EVENTLOG.OSdefaultAccount allows you to provide a valid user name and password for the PATROL Agent default account. the PATROL KM for Microsoft Windows works with a blank user name and password for the PATROL Agent default account. XPC (psx_server. Except for the Windows event log KM.xpc) runs under the local system account. The Windows event log KM requires a valid user name and password to connect to the PATROL Agent using PEMAPI.

PATROL for Windows Servers configuration variables Table 49 PATROL KM for Windows Domain Services variables (Part 2 of 3) Description the number of times to perform a DNS test comma-separated list of IP addresses to attempt during DNS test IP address for DNS Server Values text string text string Default 10 NA Directory path and variable /DomainKM/DNS2000/ IterationCount ResolveTestList ServerIPAddress text string <Local PATROL Agent IP Address> 53 0 ServerPortNumber TCPorUDP /DomainKM/DHCP/Events/ SCOPEADD SCOPEDEL DHCPBAK /DomainKM/Domain/ MBREL MBRADD port of DNS Server protocol for DNS Test text string 1 = TCP 0 = UDP 0 = no 1 = yes 0 = no 1 = yes 0 = no 1 = yes 0 = no 1 = yes 0 = no 1 = yes 0 = no 1 = yes raises a PATROL event when a DHCP Scope is added raises a PATROL event when a DHCP Scope is removed raises a PATROL event when the DHCP database is backed up raises a PATROL event when a new master browser is elected raises a PATROL event when a member server is added to the domain raises a PATROL event when a member server is removed from the domain 0 0 0 0 0 MBRDEL 0 BDCADD BDCDEL DHCPADD DHCPDEL raises a PATROL event when a BDC 0 = no server is added to the domain 1 = yes raises a PATROL event when a BDC 0 = no server is removed from the domain 1 = yes raises a PATROL event when a 0 = no DHCP server is added to the domain 1 = yes raises a PATROL event when a DHCP server is removed from the domain 0 = no 1 = yes 0 0 0 0 WINSADD WINSDEL raises a PATROL event when a 0 = no WINS server is added to the domain 1 = yes raises a PATROL event when a WINS server is removed from the domain 0 = no 1 = yes 0 0 /DomainKM/Server/ 242 BMC PATROL for Microsoft Windows Servers Getting Started .

PATROL for Windows Servers configuration variables Table 49 PATROL KM for Windows Domain Services variables (Part 3 of 3) Description the number of minutes a server is inactive before it is considered idle comma-separated list of domain servers that should not be discovered by NT_REMOTE_ SERVERS Values string Default 0 Directory path and variable IdleServerTime /DomainKM/RemoteServer/ ServerExcludeList string NA /DomainKM/Shares/ MaxShares the maximum number of shares that string can be discovered by NT_SHARES Note: Increasing this value above 300 may affect PATROL Agent performance. ShareExcludeList comma-separated list of shared directories that should not be discovered by NT_SHARES comma-separated list of trust relationships that should not be discovered by NT_TRUST maximum number of user accounts that can be discovered by NT_USERS Note: Increasing this value above 300 may affect PATROL Agent performance. UserExcludeList comma-separated list of user accounts that should not be discovered by NT_USERS string NA string NA 300 /DomainKM/Trust/ TrustExcludeList string NA /DomainKM/Users/ MaxUsers string 300 Appendix B Agent configuration variables and rulesets 243 .

PATROL for Windows Servers configuration variables PATROL KM for Microsoft Active Directory Table 50 provides PATROL KM for Microsoft Windows Active Directory variable settings. By default annotation is enabled. To disable annotation for all PATROL KM for Active Directory parameters.5. DbRequiredSpace minimum amount of free space required in kilobytes for the logical drive that holds the database file enables/disables parameter annotation. controls the creation of the old format (1.x event filters s s 1 number of hours 12 hours DomainNamingMasterConnStatus interval for checking LDAP greater than 0 Sched connectivity to the domain controller that is the FSMO Domain Naming Master EnableRA determines whether the KM executes the Restart File Replication Service recovery action that is associated with the AdFrsSidResolution parameter determines the Active Directory object types that the KM monitors for replication collisions s s 0 = do not execute 1 = execute 0 IncludedCNFObjectTypes text string (object empty types) 244 BMC PATROL for Microsoft Windows Servers Getting Started . add this variable to pconfig and set the value to 1. Table 50 PATROL KM for Microsoft Active Directory variables (Part 1 of 5) Description Values Default Directory path and variable /ActiveDirectory/Configuration/ DbRequiredPercent minimum percentage of size for the number > 0 < 100 20 (percentage) percent Active Directory database if the database and log files reside on separate logical drives This value is used by the AdDiskSpaceAvailable parameter.x) Active Directory event filters number > 0 (kilobytes) s s 500000 kilobytes 0 DisableAnnotations 0=annotate 1=do not annotate DisableEventConfig s s 0 = auto configure 1 = do not auto configure 0 = do not delete 1 = delete 1 DisableObsoleteEventFilters determines whether the KM deletes the obsolete AD 1.5.

PATROL for Windows Servers configuration variables Table 50 PATROL KM for Microsoft Active Directory variables (Part 2 of 5) Description interval for checking LDAP connectivity to the domain controller that is the FSMO Infrastructure Master determines the collection schedule for the AdLdGcConnectStatus and AdLdGcResponseTime parameters minimum percentage required of the Active Directory size if the database and the log files reside on separate logical drives This percentage is used by the AdDiskSpaceAvailable parameter Values Default number of hours 1 hour greater than 0 Directory path and variable InfrastructureMasterConnStatus Sched LdapGcConnStatusSched number of 3600 seconds between seconds collections (1 hour) percentage > 0 but < 100 20 percent LogRequiredPercent LogRequiredSpace minimum amount of space required number of in kilobytes for the Active Directory kilobytes > 0 log files if the log files and the database reside on the same logical drive This value is used by the AdDiskSpaceAvailable parameter 200000 kilobytes PDCEmulatorConnStatusSched interval for checking LDAP connectivity to the domain controller that is the FSMO PDC Emulator number of hours 1 hour greater than 0 number of hours 1 hour RelativeIDMasterConnStatusSched interval for checking LDAP greater than 0 connectivity to the domain controller that is the FSMO Relative ID Master ReplMonConfigNC determines whether configuration naming context replication monitoring is enabled determines whether domain naming context replication monitoring is enabled interval for checking LDAP connectivity to the domain controller that is the FSMO Schema Master s s 0 = disabled 1 = enabled 0 = disabled 1 = enabled 0 ReplMonDomainNC s s 1 SchemaMasterConnStatusSched number of hours 12 hours greater than 0 Appendix B Agent configuration variables and rulesets 245 .

PATROL for Windows Servers configuration variables Table 50 PATROL KM for Microsoft Active Directory variables (Part 3 of 5) Description Values s s Directory path and variable AlertMSGForRepliCollector Default 0 enables you to include the AlarmPoint annotation text in the alert message of the AdReplicationCollector parameter 0 = default value 1 = include AlarmPoint annotation text in the alert message /ActiveDirectory/Configuration/fully-qualified-server-name_ PingTimeout provides a way to configure (on a per-server basis) the timeout that is used when a server is pinged for availability . s s /ActiveDirectory/RpcConnection/ DisableCheckPointOverrides 0 = override do not override 0 MaxWaitTime number > 0 indicates the maximum amount of time the KM waits in seconds for a 13509 FRS event to occur after a 13508 FRS occurs before considering the 13508 FRS event an issue This value is used by the AdFrsRpcConnectivity parameter 14400 seconds Do not manually change the values of the following variables. These variables contain state information that is used internally by the product. If you change these variables manually.servers that are connected through a slower link may need this value increased time out in milliseconds 5.000 PingCount number of pings 3 provides a way to configure (on a greater than 0 per-server basis) the number of times that a server is pinged to test its availability .servers that are connected through a slower link may need this value increased (a server is considered available if any one ping is successful) indicates whether the KM overrides the check point enabling for the FRS event log This value is used by the AdFrsRpcConnectivity parameter. the product cannot operate correctly. /ActiveDirectory/AgentSiteInfo 246 BMC PATROL for Microsoft Windows Servers Getting Started .

the KM uses this information to determine whether or not a change was replicated Specifies a comma separated list of the remote hosts that have been added for monitoring Specifies the protocol (HTTP or Valid values are: HTTPS) that is used for remote host s 1: HTTP connection s 2: HTTPS Specifies the user account which is used to connect to the remote host Specifies the shared credential. was non-responsive contains the UTC time when the replication source last updated its replication object Do not manually change the value of this variable.inc/first NonResponse contains the UTC time when the KM Do not manually change the determined that the replication source value of this variable. resided contains information that specifies a ConfigNC DomainNC configuration naming context or a domain naming context. prevObjectVersion /REMOTE/HOSTS/ hosts /REMOTE/HOSTS/Remote Host/ connectionProtocol userAccount accountProfile /REMOTE/PROFILE/ profileList /REMOTE/PROFILE/Profile Name/ Appendix B Agent configuration variables and rulesets 247 . /ActiveDirectory/ReplConfig/replication context replication source/ replication context firstNonResponse lastChangeTime origChangeTime contains the UTC time when the KM Do not manually change the determined that the replication source value of this variable. for example. Directory path and variable prevDCName prevDCSiteName contains the name of the last known Do not manually change the site where the domain controller value of this variable.PATROL for Windows Servers configuration variables Table 50 PATROL KM for Microsoft Active Directory variables (Part 4 of 5) Description contains the last known qualified domain name of the domain controller Values Default Do not manually change the value of this variable. /ActiveDirectory/ReplConfig/Con figNCwaternoose. if it has been used for remote host connection Specifies a comma separated list of the profiles (shared credentials) Do not manually change the value of this variable. might have failed to replicate contains the last known version of an object.monsters.

McsGatewayStatus. Table 51 /MCS/ AccountInfo stores the Cluster account information indicates whether the cluster level agent can run on a cluster node username/ encrypted password 0.PATROL for Windows Servers configuration variables Table 50 PATROL KM for Microsoft Active Directory variables (Part 5 of 5) Description Specifies a comma separated list of the monitored remote hosts with the respective profile Specifies the user name for each profile Values Default Directory path and variable hostList userAccount PATROL KM for Microsoft Cluster Server Table 51 provides PATROL KM for Microsoft Cluster Server variable settings. McsGwConAvailable. 1 NA PATROL KM for Microsoft Cluster Server variables (Part 1 of 5) Description Values Default Directory path and variable ClaInsideCluster DisableServiceAutoRestart 1 0 indicates whether the McsService is 0. and McsServiceStatus. 1 automatically started and stopped by the KM indicates whether the MCS_Clusters parameters. 1 DisableParmOverrides 0 PingIpTimeout specifies the amount of time the KM integer > 0 waits before timing out when pinging an IP resource integer > 0 but specifies the amount of time in =< 300 seconds that the McsServiceStatus parameter waits for the McsService to start before generating an alarm 5000 ServiceCollWaitTime 60 248 BMC PATROL for Microsoft Windows Servers Getting Started . are automatically activated and inactivated by the KM 0.

The path is not set by default. The path is set through the Quorum Admin (MCS_Quorum) => Set Backup Path menu command. You can exclude IP addresses through the PATROL Admin (MCS_Groups) => Maintain Exclusion List => Exclude IP Address menu command. list of IP addresses NA directory path NA NA Appendix B Agent configuration variables and rulesets 249 . You can exclude file shares through the PATROL Admin (MCS_Groups) => Maintain Exclusion List => Exclude File Shares menu command. clusterInstance_IPExclusionList stores excluded IP addresses If an IP address has been excluded. or Error the following application classes: s s s s Directory path and variable applicationClass_AnnotationMode MCS_Groups MCS_Group_Resources MCS_Nodes MCS_Performance The annotation mode is set through the PATROL Admin => Configure Annotation Mode menu command. list of file clusterInstance_FileShareExclusion stores excluded file shares. Excluded file shares are displayed in the Desktop tree and data is collected from them by the ResourceStatus parameter. Excluded IP addresses are displayed in the Desktop tree and data is collected from them by the ResourceStatus parameter. then it will shares not be monitored by the FileShareUnAvailable parameter. If a file List share has been excluded. Off. then it will not be monitored by the CheckIPResourceColl parameter.PATROL for Windows Servers configuration variables Table 51 PATROL KM for Microsoft Cluster Server variables (Part 2 of 5) Description Values Default NA stores the annotation mode setting for On. clusterInstance_CluDBBackupPath stores backup path for the Cluster database. and therefore the BackupClusterDatabase parameter is offline.

If a name has been entered in the /MCS/clusterName_NetworkNameFor FileShares variable. The FileShareUnAvailable parameter has been modified to read this pconfig variable. clusterInstance_UpTimeBaseLine stores the start date and time for the ClusterAvailability parameter. If a List resource has been excluded. The network name is stored in the variable. /MCS/clusterName_NetworkNameFor FileShares. s s the name of a network null (the KM maps the file share resources to a default network) 250 BMC PATROL for Microsoft Windows Servers Getting Started . You can provide the network name for the file shares through the PATROL Admin (MCS_Group) => Assign Network Name menu command. Enter the network name in the dialog box. then the resource is not monitored and an instance is not created. You can set the start date and time through the PATROL Admin (MCS_Cluster) => Set Available Start Date menu command. time in seconds NA clusterName_NetworkNameForFileS determine whether a network name hares has been designated for the file share resources of the cluster.PATROL for Windows Servers configuration variables Table 51 PATROL KM for Microsoft Cluster Server variables (Part 3 of 5) Description Values Default list of resources NA Directory path and variable clusterInstance_ResourceExclusion stores excluded resources. You can exclude resources through the PATROL Admin (MCS_Groups) => Maintain Exclusion List => Exclude Resources menu command. the KM attempts to map the file shares using that network name.

the ClusterLogFileError parameter sends an alarm. you must add a variable to the agent configuration database. verify that the domain with the cluster nodes trusts the domain with the cluster-level agent. To monitor an additional domain. If any of the keywords are found. and the parameter is offline. Appendix B Agent configuration variables and rulesets 251 . Define the keywords through the PATROL Admin (MCS_Nodes) => Maintain Keywords menu command. Adding a domain: 1. If any of the keywords keywords are found. the ClusterLogFileError parameter sends an alarm or warning. Define the date and keywords through the PATROL Admin (MCS_Nodes) => Maintain Keywords menu command. Before loading and configuring the KM. no keywords are defined. By default. no date or keywords are defined. Execute on the command line: wpconfig +Reload your-filename Values domain name Default NA Directory path and variable DomainInclusionList hostName_LogMonKeyAlarm stores keywords that the KM searches list of for in the cluster log file.PATROL for Windows Servers configuration variables Table 51 PATROL KM for Microsoft Cluster Server variables (Part 4 of 5) Description stores the domain name being monitored. NA hostName_LogMonKeyDate time in seconds NA stores the date from which the KM searches for defined keywords in the cluster log file. PATROL_CONFIG “/MCS/DomainInclusionList” = { REPLACE = “DomainName” } 2. By default. Create a change file as a plain text file using any text editor with the following content: Note: wpconfig command options are case sensitive. and the parameter is offline.

Change the list through the PATROL Admin (MCS_Clusters) => Select Cluster to Monitor menu command. number >0 specifies in seconds the amount of time that the Uptime Collector spends waiting for the PATROL Uptime resource to send data Directory path and variable hostName_LogMonKeyWarn MenuCmdROMode NA MonitoredClusterList NA UptimeCollWaitTime 300 252 BMC PATROL for Microsoft Windows Servers Getting Started .PATROL for Windows Servers configuration variables Table 51 PATROL KM for Microsoft Cluster Server variables (Part 5 of 5) Description Values Default NA stores keywords that the KM searches list of for in the cluster log file. and the parameter is offline. no keywords are defined. If any of the keywords keywords are found. Fales stores the read-only setting for the Cluster Admin Commands. True. Define the keywords through the PATROL Admin (MCS_Nodes) => Maintain Keywords menu command. Read-only is disabled by default. Change the read-only setting through the PATROL Admin (MCS_Clusters) => Configure Menu Cmd RO Mode menu command. By default. list of clusters stores the clusters you are monitoring. the ClusterLogFileError parameter sends a warning.

in kilobytes.. Table 52 PATROL KM for Windows Message Queue variables Description the number of messages currently managed by the MSMQ service the size.TimeIn terval2. Values 0-999999 0-2000000 Default 450000 1600000 Directory path and variable /MQ_SERVER/ QueueMsgCountThreshold QueueMsgSizeThreshold ScheduledServers ServerName1.PATROL for Windows Servers configuration variables PATROL KM for Microsoft Windows Message Queue Table 52 provides PATROL KM for Microsoft Message Queue variable settings.Ti NA meInterval|Serv erName2. /MQ_QUEUES/ JournalMsgCountThreshold JournalMsgSizeThreshold QueueMsgCountThreshold QueueMsgSizeThreshold the number of messages currently in 0-999999 the queue the number of kilobytes used by all messages in the queue the number of messages in the journal queue the size in kilobytes of all messages in the journal queue 0-2000000 0-999999 0-2000000 450000 1600000 450000 1600000 Appendix B Agent configuration variables and rulesets 253 .. A value of 0 turns off round-trip scheduling for the specified server. of all message queues managed by the MSMQ service a text string that specifies the scheduled servers and their respective scheduled interval (in minutes) Valid time intervals are 0-60 minutes.

Z = The number of times the COM+ application is restarted that causes an alarm. Monitor. Do not monitor. X = 1. Table 53 PATROL KM for Windows COM+ variables Description specifies the monitoring properties for the COM+ application Values X:Y:Z: <List>where. Y = 0. <List> Represents a comma separated list of the methods being monitored for this application in format <MethodName>\<InterfaceName >\<ComponentName> Default 1:1:5 Directory path and variable /COM_PLUS/Applications/ ApplicationName 254 BMC PATROL for Microsoft Windows Servers Getting Started . Y= 1. Z is used only if Y =1. X = 0.PATROL for Windows Servers configuration variables PATROL KM for Microsoft COM+ Table 53 provides PATROL KM for Microsoft COM+ variable settings. Restart the COM+ application if it is stopped. Do not restart if the COM+ application is stopped.

PATROL for Windows Servers configuration variables PATROL Wizard for Microsoft Performance Monitor and WMI Table 54 provides the PATROL Wizard for Microsoft Performance Monitor and WMI variable settings. You need to manually add the /Perfmon/NT_WMI /ConnectAs32Bit pconfig variable and set it to a value of 1. By default. this pconfig variable is not present at the time of installation. /Perfmon/NT_WMI/name comma separated list NA the upper-level alarm threshold for a any integer specific counter instance the lower-level alarm threshold for a any integer specific counter instance the upper-level warning threshold for a specific counter instance the lower-level warning threshold for a specific counter instance any integer any integer NA NA NA NA Appendix B Agent configuration variables and rulesets 255 . Table 54 PATROL Wizard for Performance Monitor and WMI variables (Part 1 of 2) Description lists the NT_PERFMON_WIZARD application class name comma-separated list of objects to monitor comma-separated list of counters monitored for the object comma-separated list of instance of the object to monitor Values comma separated list comma separated list comma separated list comma separated list Default NA NA Directory path and variable /Perfmon/NT_PERFMON_WIZARD Name Objects /Perfmon/NT_PERFMON_WIZARD/object/ Counters Instances NA NA /Perfmon/NT_PERFMON_WIZARD/object/counter AlarmMax AlarmMin WarnMax WarnMin /Perfmon/NT_WMI/ Parameters ConnectAs32Bit comma-separated list of NT_WMI parameters allows you to connect a 64-bit Windows environment to a 32-bit WMI provider.

2. Suspend whether to temporarily pause the recovery 0 = no action 1 = yes the amount of time PATROL waits for confirmation to run the recovery action. see “Configuring built-in native recovery actions” on page 130. This variable is used internally. PATROL does not run the recovery action. If you do not provide confirmation within the allotted time. 3 runs: s s s Run automatically (1) Run only with operator confirmation (2) Do not execute (3) For more information about these modes. Table 55 PATROL for Microsoft Windows Servers variables Description The name of the recovery action. number of seconds NA Wait NA 256 BMC PATROL for Microsoft Windows Servers Getting Started . Values Default Directory path and variable Description HelpID Mode /RecoveryActions/application class/instance/parameter/ text description NA NA NA Help topic ID associated with the recovery integer action. These variables are applicable to any KM in the PATROL for Microsoft Windows Servers solution.PATROL for Windows Servers configuration variables Table 54 PATROL Wizard for Performance Monitor and WMI variables (Part 2 of 2) Description WQL query used in the created NT_WMI parameter Values string Default NA NA NA NA NA Directory path and variable Query AlarmMax AlarmMin WarnMax WarnMin the upper-level alarm threshold for a any integer specific NT_WMI parameter the lower-level alarm threshold for a any integer specific NT_WMI parameter the upper-level warning threshold for a specific NT_WMI parameter the lower-level warning threshold for a specific NT_WMI parameter any integer any integer PATROL for Microsoft Windows Servers Table 55 provides the PATROL for Microsoft Windows Servers variable settings. The mode under which the recovery action 1.

PATROL KM for Event Management required To use the PATROL Configuration Manager to view or manage a PATROL agent configuration or to apply rulesets. which are stored as text files with . When process monitoring is enabled for the service. However. PATROL monitors only whether the service is available. A rule is an instruction applied to a PATROL Agent that instructs the agent to change a variable in its agent configuration database. you can use the PATROL Configuration Manager to apply these predefined rulesets to a server. the services whose process monitoring is enabled are noted. Using PATROL Configuration Manager to apply rulesets Instead of manually configuring the monitoring of each server.PATROL for Microsoft Windows Servers rulesets PATROL for Microsoft Windows Servers rulesets PATROL for Microsoft Windows Servers provides pre-configured rules that are organized into rulesets for the major Microsoft server roles. If you need to change a ruleset. the PATROL KM for Event Management must be loaded on the PATROL Agent machine. such as the file server and print server roles. see . save the ruleset. and then apply the new ruleset to other like servers. These PATROL for Microsoft Windows Servers predefined rulesets include the following configuration settings: s s s s s preloaded KMs services whose process monitoring is enabled processes that are monitored Windows events that are monitored additional Windows Performance Monitor counters that are monitored (added as parameters beneath the NT_PERFMON_WIZARD application class) NOTE PATROL automatically monitors services whose startup property is automatic. you can do so on one server. A ruleset is a collection of rules.cfg extension. Appendix B Agent configuration variables and rulesets 257 . For more information about loading KMs. In the ruleset descriptions in this chapter. PATROL also monitors how much memory and CPU a service executable consumes.

open the files Primary_Site_Role. 2 Replace all occurrences of %SITECODE% with the uppercase 3-character SMS site code.cfg PRU_PrintServer.cfg.cfg PRU_ApplicationServer. For more information about the PATROL Configuration Manager. you must first perform the following minor edits and then apply the rulesets. 3 Replace all occurrences of %WMIPATH% as follows: s s For SMS 2. Figure 6 on page 260 shows these rulesets as they appear in the PATROL Configuration Manager interface. you can apply the predefined rulesets directly to any Windows server. Server roles with predefined rulesets The PATROL for Microsoft Windows Servers predefined rulesets are installed in the following directory: %PATROL_HOME%\pconfmgr\rulesets\Shipped\Operating_System_KMs\Windows_ KM Rulesets are provided for the server roles shown in Table 56. see “Using PATROL Configuration Manager” on page 269.cfg and Site_Role.cfg Description provide and manage access to files provide and manage access to printers provides key infrastructure and services to applications hosted on a system 258 BMC PATROL for Microsoft Windows Servers Getting Started .x Servers — cimv2\\sms For SMS 2003 Servers — sms 4 Save the files. Editing predefined rulesets prior to applying With the exception of the SMS rulesets. see the PATROL Configuration Manager User Guide. Table 56 Role File server ruleset Print server ruleset Application server ruleset Server roles (Part 1 of 2) Ruleset file PRU_FileServer. To edit SMS rulesets before applying 1 In a text editor.PATROL for Microsoft Windows Servers rulesets For more information about applying rulesets. For the SMS rulesets.

authentication.cfg Appendix B Agent configuration variables and rulesets 259 .cfg WINS server ruleset PRU_WINSServer.cfg Domain controller ruleset PRU_DomainServer.cfg server ruleset DNS server ruleset Streaming media server ruleset PRU_DNSServer.cfg PRU_MediaServer.cfg SMS — primary site Primary_Site_Role. and directory searches stores SMS data for the primary site and all the sites beneath it in a SQL Server database attaches to and reports to a primary site Mail server ruleset Terminal server ruleset Remote access/VPN PRU_RasVpnServer.PATROL for Microsoft Windows Servers rulesets Table 56 Role Server roles (Part 2 of 2) Ruleset file PRU_MailServer.cfg ruleset SMS — site ruleset Site_Role.cfg PRU_TerminalServer. including user logon processes.cfg Description provide e-mail services to users can provide a single point of installation that gives multiple users access to any computer that is running a Windows Server 2003 operating system provides a full-featured software router and both dialup and virtual private network (VPN) connectivity for remote computers enables client computers on your network to register and resolve user-friendly DNS names provides Windows Media Services to your organization maps NetBIOS names to IP addresses and centrally manages the name-to-address database stores directory data and manages communication between users and domains.

PATROL for Microsoft Windows Servers rulesets

Figure 6

Shipped rulesets in PATROL Configuration Manager

Ruleset reference
The following section describes the ruleset configuration settings. The rulesets define monitoring that is enabled beyond what is enabled by default in the KM. The configuration variables (rules) for each type of ruleset are stored in the agent configuration database in the location shown in Table 57. For more information about the specific configuration variables associated with each type of configuration setting, see the page referenced in Table 57. Table 57 Configuration variable locations (Part 1 of 2)
Location of configuration variable(s) (rules) \AgentSetup\preloadedKMs See also NA
.

Configuration setting Preloaded KMs Services with process monitoring enabled

\PSX_P4WinSrvs\PWK_PKMforMSWinOS_config\ServiceMonitori page 222 ng\ServiceList\servicename

260

BMC PATROL for Microsoft Windows Servers Getting Started

PATROL for Microsoft Windows Servers rulesets

Table 57

Configuration variable locations (Part 2 of 2)
Location of configuration variable(s) (rules) See also \PSX_P4WinSrvs\PWK_PKMforMSWinOS_config\ProcessMonitori page 219 ng\ProcessConfigurationList\processname \PSX_P4WinSrvs\PWK_PKMforMSWinOS_config\EventLogMonit oring\eventlog\EventFilters\filtername \PerfMon\NT_PERFMON_WIZARD\countername (The default polling interval for all added PerfMon or WMI parameters is 10 minutes, unless otherwise noted.) page 226 page 255

Configuration setting Processes monitored Windows events monitored Additional Windows PerfMon counters or WMI objects monitored

Preloaded KMs for all rulesets
The following KMs are preloaded for all of the rulesets. The ruleset descriptions that follow list any additional KMs that are preloaded for the respective ruleset.
s s s s s s s s s s s s

NT NT_OS NT_CACHE NT_CPU* NT_MEMORY NT_PAGEFILE* NT_SYSTEM NT_LOGICAL_DISK* PATROL_NT NT_SERVICES* NT_PROCESS* NT_HEALTH

NOTE
An asterisk indicates that all KMs that start with the stem are included. For example, NT_CPU* indicates both NT_CPU and NT_CPU_CONTAINER.

Application server ruleset
Table 58 shows the application server ruleset properties. Table 58 Application server ruleset (Part 1 of 2)
s s s

Preloaded KMs (PRU_ApplicationServer.kml)

COM_* NT_EV* NT_PERFMON*

Appendix B

Agent configuration variables and rulesets

261

PATROL for Microsoft Windows Servers rulesets

Table 58

Application server ruleset (Part 2 of 2)
s s s s s s s

Services with Process Monitoring Enabled Processes Monitored Windows Events Monitored

s s s s s s s s s s s s s s s

World Wide Web Publishing Service (process monitoring enabled) IIS Admin Service Simple Mail Transport Protocol (SMTP) Service FTP Publishing Service Network News Transfer Protocol (NNTP) Service Distributed Transaction Coordinator COM+ System Application (process monitoring enabled) COM+ Event Service (process monitoring enabled) Remote Services (COM and RPC) inetinfo.exex Error events from .NET Runtime source (application event log) Error and warning events from ASP.NET (application event log) Active Server Pages — Errors/Sec ASP.NET — Requests Rejected ASP.NET— Requests Queued ASP.NET Application — Errors Unhandled During Execution/Sec ASP.NET Application — Errors Total/Sec .NET CLR Data — Sqlclient: Total # failed commands .NET CLR Exceptions — # of Exceps Thrown/sec .NET CLR Jit — Standard Jit Failures .NET CLR Loading —Rate of Load Failures Web Service — Current Blocked Async I/O Requests Web Service — Locked Errors/sec Web Service — Not Found Errors/sec

Additional Perfmon Counters Monitored

s s

Terminal server ruleset
Table 59 shows the terminal server ruleset properties. Table 59 Terminal server ruleset
s s

Preloaded KMs (PRU_TerminalServe r.kml) Services with Process Monitoring Enabled Processes Monitored Windows Events Monitored Additional Perfmon Counters Monitored

NT_EV* NT_PERFMON* Terminal Services (process monitoring enabled) Terminal Services Session Directory (process monitoring enabled)

s s

None
s s s s s s s

Error and warning events from TermService (system event log) Error and warning events from TermServLicensing (system event log) Error and warning events from TermServDevices (system event log) Terminal Services —Active Sessions Terminal Services — Inactive Sessions Terminal Services — Total Sessions System — Processes

262

BMC PATROL for Microsoft Windows Servers Getting Started

PATROL for Microsoft Windows Servers rulesets

Remote access/VPN server ruleset
Table 60 shows the Remote Access/VPN Server ruleset properties. Table 60 Remote access / VPN server ruleset
s s

Preloaded KMs (PRU_RasVpnServer.kml) Services with Process Monitoring Enabled Processes Monitored Windows Events Monitored Additional Perfmon Counters Monitored

NT_EV* NT_PERFMON*

Remote Access Service (process monitoring enabled) None Error and warning events from Remote Access (system event log)
s s

RAS Total —Total Connections RAS Total — Total Errors\Sec

Print server ruleset
Table 61 shows the Print Server ruleset properties. Table 61 Print server ruleset
s s

Preloaded KMs (PRU_PrintServer.kml) Services with Process Monitoring Enabled Processes Monitored Windows Events Monitored Additional Perfmon Counters Monitored

NT_EV* NT_PRINT*

Spooler spoolsv.exe Error and warning events from Print source (system event log) None

Domain controller ruleset
Table 62 shows the Domain Controller ruleset properties. Table 62 Domain controller ruleset (Part 1 of 2)
s s

Preloaded KMs (PRU_DomainServer.kml) Services with Process Monitoring Enabled Processes Monitored

s s

NT_EV* NT_DOMAIN NT_MEMBER_SERVER AD_AD*

Windows Time (process monitoring enabled) None

Appendix B

Agent configuration variables and rulesets

263

PATROL for Microsoft Windows Servers rulesets

Table 62

Domain controller ruleset (Part 2 of 2)
s s s s s s s

Windows Events Monitored Additional Perfmon Counters Monitored

s

Error and warning events from NT File Replication Service (file replication service event log) Error and warning events from source LSASERV (system event log) Error and warning events from source SAM (system event log) Error and warning events from source NetLogon (system event log) Error and warning events from source Windows Time (system event log) Error and warning events from source KDC (system event log) Error and warning events from source UserEnv (application event log) Error and warning events from DNS API (system event log)

None

File server ruleset
Table 63 shows the File Server ruleset properties. Table 63 File server ruleset
s s s

Preloaded KMs (PRU_FileServer.kml) Services with Process Monitoring Enabled

s s s s s s

NT_DFS* NT_EV* NT_DOMAIN NT_MEMBER_SERVER NT_PHYSICAL_DISKS* Netlogon dmserver services.exe lsass.exe svchost.exe (with any argument) Error and Warning events from DfsSvc (system event log) Error and Warning events from NtFrs (file replication service event log)

Processes Monitored

s s s

Windows Events Monitored Additional Perfmon Counters Monitored

None

Mail server ruleset
Table 64 shows the Mail Server ruleset properties. Table 64 Mail server ruleset (Part 1 of 2)
s s s s

Preloaded KMs (PRU_MailServer.kml)

NT_EV* NT_PERFMON* NntpSvc Pop3Svc (process monitoring enabled) RpcSs (process monitoring enabled) SMTPSVC (process monitoring enabled)

Services with Process Monitoring Enabled Processes Monitored

s s

None

264

BMC PATROL for Microsoft Windows Servers Getting Started

PATROL for Microsoft Windows Servers rulesets

Table 64

Mail server ruleset (Part 2 of 2)
s s s s s

Windows Events Monitored

Error and warning events from Pop3Svc (application event log) Error and warning events from SMTPSvc (system event log) POP3 Service — Messages delivered/sec POP3 Service — Sockets in use SMTP NTFS Store Driver — Messages in the queue directory SMTP Server — Connection Errors/sec SMTP Server — Outbound Connections Refused

Additional Perfmon Counters Monitored

s s

DNS server ruleset
Table 65 shows the DNS Server ruleset properties. Table 65 DNS server ruleset
s s s

Preloaded KMs (PRU_DNSServer.kml) Additional Active Parameters Services with Process Monitoring Enabled Processes Monitored

s s

NT_DNS_2000 NT_DOMAIN NT_MEMBER_SERVER NT_EV* NT_PERFMON*

None None dns.exe
s s

Windows Events Monitored

s s s s

Error and warning events from source DNS (DNS event log) Error and warning events from source DNS API (system event log) Error and warning events from source DNS Cache (system event log) DNS — Caching memory DNS — Dynamic Update Received/sec DNS — Total Query Received/sec DNS — Database Node Memory DNS — Dynamic Update Written to Database/sec

Additional Perfmon Counters Monitored

s s

WINS server ruleset
Table 66 shows the WINS Server ruleset properties. Table 66 WINS server ruleset (Part 1 of 2)
s s

Preloaded KMs (PRU_WinsServer.kml) Additional Active Parameters Services with Process Monitoring Enabled

s s

NT_DOMAIN NT_MEMBER_SERVER NT_EV* NT_WINS*

None WINS

Appendix B

Agent configuration variables and rulesets

265

PATROL for Microsoft Windows Servers rulesets Table 66 WINS server ruleset (Part 2 of 2) None Error and warning events from WINS (system event log) None Processes Monitored Windows Events Monitored Additional Perfmon Counters Monitored DHCP server ruleset Table 67 shows the DHCP Server ruleset properties. Table 67 DHCP server ruleset s s Preloaded KMs (PRU_DhcpServer. 266 BMC PATROL for Microsoft Windows Servers Getting Started .kml) Additional Active Parameters Services with Process Monitoring Enabled Processes Monitored Windows Events Monitored Additional Perfmon Counters Monitored s s NT_DOMAIN NT_MEMBER_SERVER NT_EV* NT_DHCP* None DHCPServer None Error and Warning from DHCPServer (system event log) None Streaming media server ruleset Table 68 shows the streaming media server ruleset properties.kml) Additional Active Parameters NT_EV* NT_PERFMON* None Services with Process Monitoring WMServer Enabled Processes Monitored Windows Events Monitored None Error and Warning from WMServer (Application Event log) s s s s Windows Media Services — Current Streaming Players Windows Media Service — Current Connected Players Windows Media Services — Current Connection Queue Length Windows Media Services — Current Stream Error Rate Additional Perfmon Counters Monitored The default polling time for each of these parameters is 5 minutes. Table 68 Streaming media server ruleset s s Preloaded KMs (PRU_MediaServer.

see “To edit SMS rulesets before applying” on page 258. warning. you must edit the rulesets. and information events from source SMS (application event log) Processes Monitored Windows Events Monitored Appendix B Agent configuration variables and rulesets 267 . For more information.exe (with any argument) smsdbmon. Table 69 SMS primary site ruleset (Part 1 of 2) NT_EV* NT_PERFMON* None Preloaded KMs Additional Active Parameters MSSQLSERVER SMS Executive SMS Site Backup Services with Process Monitoring SMS Site Component Manager SMS SQL Monitor Enabled sitecomp.exe (with any argument) smsexec.0 and SMS 2003 Primary Servers.exe (with any argument) Error.PATROL for Microsoft Windows Servers rulesets SMS — primary site ruleset Table 69 on page 267 shows the SMS primary site ruleset properties.exe (with any argument) sqlservr. These rulesets apply to SMS 2. Before applying this default ruleset to an agent .

PATROL for Microsoft Windows Servers rulesets Table 69 SMS primary site ruleset (Part 2 of 2) s s s s s s s s s s s s s s s s s s s s s s SMS Discovery Data Manager —Total DDRs Enqueued SMS Discovery Data Manager —Total DDRs Processed SMS Discovery Data Manager —DDRs Processed/minute SMS In-Memory Queues — Total Objects Dequeued SMS In-Memory Queues — Total Objects Enqueued SMS Inventory Data Loader — Total MIFs Enqueued SMS Inventory Data Loadaer — Total MIFs Processed SMS Inventory Data Loader — MIFs Processed/minute SMS Software Inventory Processor — Total SINVs Enqueued SMS Software Inventory Processor — Total SINVs Processed SMS Software Inventory Processor — SINVs Processed/minute SMS Standard Sender — Average Bytes/sec SMS Standard Sender — Sending Thread Count SMS Standard Sender —Total Bytes Attempted SMS Status Messages — Written to SMS Database SMS Status Messages — Reported to Application Event Log SMS Status Messages — Replicated at Normal Priority SMS Status Messages — Replicated at Low Priority SMS Status Messages — Replicated at High Priority SMS Status Messages — Received SMS Status Messages — Processed/sec SMS Status Messages — Corrupt Additional Perfmon Counters Monitored The default polling time for each of these parameters is 5 minutes. Before applying this default ruleset to an agent. For more information. see “To edit SMS rulesets before applying” on page 258. These rulesets apply to SMS 2. s s s s s s Additional WMI Objects Monitored s s SMS Advertisements Failed SMS Advertisements Total SMS Errors SMS Informationals SMS Machines Total SMS Packages Failed SMS Programs Failed SMS Warnings SMS — site ruleset Table 70 shows the SMS site ruleset properties. Table 70 SMS site ruleset (Part 1 of 2) NT_EV* NT_PERFMON* None Preloaded KMs Additional Active Parameters SMS Executive Services with Process Monitoring SMS Site Backup Enabled SMS Site Component Manager 268 BMC PATROL for Microsoft Windows Servers Getting Started .0 and SMS 2003 Site Servers. you must edit the rulesets.

warning. see “Loading the PATROL for Microsoft Windows Servers KMs” on page 91. configure monitoring on one agent. using the procedure described below. the PATROL KM for Event Management must be loaded on the PATROL Agent machine.exe (with any argument) Error.exe (with any argument) smsexec. Use the PATROL Configuration Manager to copy the agent configuration to the other similar agents.Using PATROL Configuration Manager Table 70 SMS site ruleset (Part 2 of 2) sitecomp. Using PCM to apply configurations changes to other agents BMC Software recommends that you configure multiple agents using the following method: 1. Using PATROL Configuration Manager This section describes how to use the PATROL Configuration Manager (PCM) to manage PATROL for Microsoft Windows Servers KM configuration settings. Appendix B Agent configuration variables and rulesets 269 . 2. Using a PATROL console. and information events from source SMS (application event log) s s s s s s s s s s s s s s s s Processes Monitored Windows Events Monitored SMS Discovery Data Manager —Total DDRs Enqueued SMS Discovery Data Manager —Total DDRs Processed SMS Discovery Data Manager —DDRs Processed/minute SMS In-Memory Queues — Total Objects Dequeued SMS In-Memory Queues — Total Objects Enqueued SMS Standard Sender — Average Bytes/sec SMS Standard Sender — Sending Thread Count SMS Standard Sender —Total Bytes Attempted SMS Status Messages — Written to SMS Database SMS Status Messages — Reported to Application Event Log SMS Status Messages — Replicated at Normal Priority SMS Status Messages — Replicated at Low Priority SMS Status Messages — Replicated at High Priority SMS Status Messages — Received SMS Status Messages — Processed/sec SMS Status Messages — Corrupt Additional Perfmon Counters Monitored The default polling time for each of these parameters is 5 minutes. For more information about loading KMs. NOTE To use the PATROL Configuration Manager to view or manage a PATROL agent configuration.

you must be careful to avoid typos and you must use the following syntax guidelines. 270 BMC PATROL for Microsoft Windows Servers Getting Started . see the PATROL Configuration Manager User Guide or the PATROL KM for Event Management User Guide. Manually creating or changing configuration variables Although not recommended. you must follow the syntax guidelines discussed here and avoid typos. 3 Using the PATROL Configuration Manager. WARNING When creating rules manually within PATROL Configuration Manager. perform a get to obtain the new PATROL Agent configuration. 4 In PATROL Configuration Manager. to directly update the agent configuration database by manually entering rules or changing existing rules. which show how to manually configure several PATROL KM for Microsoft Windows OS features. 6 Apply this rule set to the other PATROL Agents. 5 Save the differences between the 2 agent configuration as a new rule set. For more detailed information about using the PATROL Configuration Manager. 2 Configure the PATROL Agent as desired. compare the last 2 configurations. For more information. perform a get on the PATROL Agent. instead of the PATROL console. you can also use the PATROL Configuration Manager. see the examples in the following sections. Failure to do so could result in unpredictable behavior. However.Using PATROL Configuration Manager To copy configuration changes using PCM 1 Using the PATROL Configuration Manager.

where hostname=test is the actual name of an object. Appendix B Agent configuration variables and rulesets 271 . as shown in Figure 7. the comma is used to separate values. you must replace server1/outlook with server1(SL)outlook. slash (/) (SL) equal sign (=) (EQ) double quote (““) (QU) Using the child_list variable When manually creating rules. the child_list variable has the following value: child_list = “SourceList. you must replace hostname=test with hostname(EQ)test. For example.EventIdList. the child_list variable in the Example folder lists the configuration variables beneath it in the hierarchy. where server1/outlook is the actual name of an object. The child_list variable specifies the configuration variables that apply to the configured object. you must replace example””text with example(QU)text. the value is interpreted as two separate values. use a PATROL console to configure monitoring and then examine the child_list rules that are created. If part of a configuration variable name includes the text server1/outlook. you may need to include the child_list variable. Otherwise. see Table 71. If part of a configuration variable name includes the text hostname=test. For example. If part of a configuration variable name includes the text example””text. 142 and 156.Using PATROL Configuration Manager Syntax guidelines When manually creating rules. In the pconfig hierarchy. Thus.156 you must express the value as 142(CO)156. you must substitute special codes for certain characters when those characters are part of a configuration variable name or value.) Special characters required for pconfig variables Replace with (CO) Example If the value of a variable is 142.StringList” If you are unsure how or when to use the child_list variable. in Figure 7. the child_list variable is placed one level higher up than the configuration variables that it references. For more information. Table 71 Character comma (.UserList. These characters are used for specific purposes within pconfig.

AcknowledgeBy.IncludeAllSources. Adding a rule in PCM When manually adding rules within PATROL Configuration Manager. follow this general procedure. you may also need to include the variable_list variable. In the pconfig hierarchy.EventType.ConsolidateEventTypes.EventReport. use a PATROL console to configure monitoring and then examine the variable_list rules that are created.ConsolidationNumber. The variable_list variable lists the variables that are associated with the configured object.Using PATROL Configuration Manager Figure 7 Using the child_list and variable_list variables Using the variable_list variable When manually creating rules.FilterDescription.IncludeAllStrings. 272 BMC PATROL for Microsoft Windows Servers Getting Started .IncludeAllUsers.ConsolidationTi me. RetainEventDescriptions.IncludeA llCategories. the variable_list variable is placed at the same level as the variables that is references.Scheduling. For example.IncludeAllEventIds.Annotation. in Figure 7. the variable_list variable has the following value: variable_list = “FilterEnabled.CreateInstance” If you are unsure how or when to use the variable_list variable.

AutoRestar t. you would create the rules shown in Table 72. 3 Right-click the new ruleset and select New Rule. For more information about the configuration variable specified in these rules. 2 Rename the ruleset. and variable. 4 From the Ruleset dialog. Table 72 Rule Example: adding a service to monitor Operation Value empty ProcessConfigurat ionList Enabled 0 Alarm. Adding a service to monitor: example Assume that you want to set up the following service monitoring configuration: s s s s monitor the DHCP Client service restart the start the service when it stops generate a PATROL Warning when the service is stopped enable the monitoring of the process associated with this service To manually create this configuration. A new ruleset is created called NewRuleSet. For more information about what to enter. operation. see “PATROL for Windows Servers configuration variables” on page 218. see the examples that follow. enter the ruleset.Using PATROL Configuration Manager 1 Right-click the folder where you want to add the rule and select New => Ruleset.Monitor /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/ProcessMonitoring/ Replace ParentDefinedProcessList/child_list /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/ProcessMonitoring/ Replace child_list /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/ServiceMonitoring/ Replace ServiceList/Dhcp/Alarm /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/ServiceMonitoring/ Replace ServiceList/Dhcp/Monitor /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/ServiceMonitoring/ Replace ServiceList/Dhcp/variable_list Adding a processes to monitor: example Assume that you want to set up the following process monitoring configuration: s monitor rtserver process with argument -service terminate the process when the process CPU% exceeds a threshold value (defined by the AlarmThreshold variable) for 15 minutes Appendix B Agent configuration variables and rulesets 273 s .

For more information about the configuration variable specified in these rules.EnableAlarmIfP rocessStarts RTSERVER_SERVICE 1 /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/ProcessMonito Replace ring/ProcessConfigurationList/child_list /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/ProcessMonito Replace ring/ProcessConfigurationList/RTSERVER_SERVICE/EnableAlarmI fProcessDown /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/ProcessMonito Replace ring/ProcessConfigurationList/RTSERVER_SERVICE/EnableAlarmI fProcessStarts /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/ProcessMonito Replace ring/ProcessConfigurationList/RTSERVER_SERVICE/TimeLimitFor KillRunAwayProcess 0 15 274 BMC PATROL for Microsoft Windows Servers Getting Started . see “PATROL for Windows Servers configuration variables” on page 218 Table 73 Rule Example: adding a process to monitor Operation Value -service /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/ProcessMonito Replace ring/ProcessConfigurationList/RTSERVER_SERVICE/ArgumentList /list /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/ProcessMonito Replace ring/ProcessConfigurationList/RTSERVER_SERVICE/ArgumentList /variable_list /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/ProcessMonito Replace ring/ProcessConfigurationList/RTSERVER_SERVICE/ProcessName /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/ProcessMonito Replace ring/ProcessConfigurationList/RTSERVER_SERVICE/child_list /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/ProcessMonito Replace ring/ProcessConfigurationList/RTSERVER_SERVICE/variable_list list rtserver ArgumentList ProcessName.TimeLimi tForKillRunAwayProce ss. you would create the rules shown in Table 73.Using PATROL Configuration Manager s generate a PATROL alarm when the process is not running do not generate a PATROL alarm when the process is running s To manually create this configuration.EnableAlarmIfProces sDown.

do not consolidate event types when reporting.Using PATROL Configuration Manager Creating an event filter: example Assume that you want to set up the following event monitoring filter: s create an event filter named Example with the description Event Filter Example monitor only Warning and Error event types. remain in alarm until acknowledged by an operator s s s s s s s s s s Appendix B Agent configuration variables and rulesets 275 . monitor events from application sources PerfDisk and PerfProc monitor event IDs 100 through 154 monitor events generated under the username of bhunter monitor events that have the test string missing in the event text monitor events in any event category choose the option to write event details to a text parameter choose the option to report multiple events as one event when 5 or more events occur within 30 seconds choose the option to notify PATROL immediately when an event filter matches the filter criteria when in alarm. Report Warning and Error events separately.

see “PATROL for Windows Servers configuration variables” on page 218.Using PATROL Configuration Manager To manually create this configuration. Table 74 Rule Example: adding an event filter to monitor (Part 1 of 2) Operation Value Manual 0 0 5 30 1 100-154 list 1 3 EventFilterExample 1 1 0 1 0 0 0 0 list /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonit Replace oring/Application/EventFilters/Example/AcknowledgeBy /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonit Replace oring/Application/EventFilters/Example/Annotation /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonit Replace oring/Application/EventFilters/Example/ConsolidateEventTypes /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonit Replace oring/Application/EventFilters/Example/ConsolidationNumber /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonit Replace oring/Application/EventFilters/Example/ConsolidationTime /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonit Replace oring/Application/EventFilters/Example/CreateInstance /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonit Replace oring/Application/EventFilters/Example/EventIdList/list /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonit Replace oring/Application/EventFilters/Example/EventIdList/variable_list /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonit Replace oring/Application/EventFilters/Example/EventReport /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonit Replace oring/Application/EventFilters/Example/EventType /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonit Replace oring/Application/EventFilters/Example/FilterDescription /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonit Replace oring/Application/EventFilters/Example/FilterEnabled /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonit Replace oring/Application/EventFilters/Example/IncludeAllCategories /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonit Replace oring/Application/EventFilters/Example/IncludeAllEventIds /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonit Replace oring/Application/EventFilters/Example/IncludeAllSources /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonit Replace oring/Application/EventFilters/Example/IncludeAllStrings /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonit Replace oring/Application/EventFilters/Example/IncludeAllUsers /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonit Replace oring/Application/EventFilters/Example/RetainEventDescriptions /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonit Replace oring/Application/EventFilters/Example/Scheduling /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonit Replace oring/Application/EventFilters/Example/SourceList/variable_list 276 BMC PATROL for Microsoft Windows Servers Getting Started . For more information about the configuration variable specified in these rules. you would create the rules shown in Table 74.

UserList. the changes are stored externally in the pconfig database.IncludeAl lCategories. Appendix B Agent configuration variables and rulesets 277 . NOTE When you change parameter thresholds through the PATROL Configuration Manager or through PATROL KM for Event Management. To change parameter thresholds or poll times in this manner.ConsolidationNu mber.An notation.Inc ludeAllUsers.EventType.Acknowled geBy.EventReport.IncludeAllS trings.IncludeAllSources . you would create the rules shown in Table 75.EventIdList. For more information about loading KMs. Scheduling.CreateInstance Example /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonit Replace oring/Application/EventFilters/Example/StringList/list /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonit Replace oring/Application/EventFilters/Example/StringList/variable_list /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonit Replace oring/Application/EventFilters/Example/UserList/list /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonit Replace oring/Application/EventFilters/Example/UserList/variable_list /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonit Replace oring/Application/EventFilters/Example/child_list /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonit Replace oring/Application/EventFilters/Example/variable_list /PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonit Replace oring/Application/EventFilters/child_list Updating parameter thresholds or poll times: example Assume that you want to change the alarm thresholds for any instance of the parameter NT_CPU/CPUprcrProcessorTimePercent to the following values: s Alarm Range 1: 80—85 Alarm Range 2: 85—100 s To manually create this configuration. see “Loading the PATROL for Microsoft Windows Servers KMs” on page 91.StringList FilterEnabled.ConsolidationTi me.IncludeAllEventIds.R etainEventDescriptions. you must have the PATROL KM for Event Management loaded on the PATROL Agent.ConsolidateEventT ypes.Using PATROL Configuration Manager Table 74 Rule Example: adding an event filter to monitor (Part 2 of 2) Operation Value missing list bhunter list SourceList.FilterDes cription. not in the KM.

1 85 100 002 The following table provides a detailed description of the THRESHOLDS configuration rule. this value specifies the number of occurrences before triggering an alarm specifies that the state is OK Alarm1 settings indicates that the Alarm 1 alarm is active the Alarm 1 begin range the Alarm 1 end range specifies when to trigger alarm. Table 75 Rule /AS/EVENTSPRING/PARAM_SETTINGS/THRESHOLDS/ NT_CPU/__ANYINST__/CPUprcrProcessorTimePercent Example: changing parameter thresholds Operation Replace Value 1. see the detailed description in Table 76. CPUprcrProcessorTime parameter name Percent 1 0 0 0 0 0 0 1 80 85 0 0 1 1 85 indicates that the parameter is active Border settings indicates that the border range is inactive the border begin range the border end range specifies when to trigger alarm.1 80 85 0 0 1.Using PATROL Configuration Manager For more information about the this rule. Table 76 Item /AS/EVENTSPRING /PARAM_SETTINGS /THRESHOLDS /NT_CPU /__ANYINST__ Understanding the THRESHOLDS rule (Part 1 of 2) Description variable folder variable folder variable folder application class a variable that indicates any instance of the application class. 0 means immediately on the first occurrence if the trigger value is non zero. 0 means immediately on the first occurrence if the trigger value is non zero. this value specifies the number of occurrences before triggering an alarm specifies that the state is WARN Alarm 2 settings indicates that the Alarm 2 alarm is active the Alarm 2 begin range 278 BMC PATROL for Microsoft Windows Servers Getting Started .0 0 0 0 0 0. You could also specify a specific instance instead.

1 0 5 0 0 2. 0 means immediately on the first occurrence if the trigger value is non zero. this value specifies the number of occurrences before triggering an alarm specifies that the state is ALARM Inactivating or deactivating a parameter: example Assume that you want to deactivate any instance of the parameter NT_LOGICAL_DISKS/LDldFreeSpacePercent. To manually create this configuration. Table 77 Rule /AS/EVENTSPRING/PARAM_SETTINGS/THRESHOLDS/N T_LOGICAL_DISKS/__ANYINST__/LDldFreeSpacePercent Example: Inactivating or deactivating a parameter Operation Replace Value 0.1 5 10 0 0 1 Appendix B Agent configuration variables and rulesets 279 .Using PATROL Configuration Manager Table 76 Item 100 0 0 2 Understanding the THRESHOLDS rule (Part 2 of 2) Description the Alarm 2 end range specifies when to trigger alarm.1 0 100 0 0 2. you would create the rules shown in Table 77.

Using PATROL Configuration Manager 280 BMC PATROL for Microsoft Windows Servers Getting Started .

. PATROL for Microsoft Windows Servers rulesets. . . . . PATROL for Microsoft Windows Servers . . . PATROL KM for Microsoft Message Queue . . . . . . . . . . . . . . . . . . . . . . . . . . . .Appendix C 282 282 285 286 286 287 287 288 288 289 289 289 290 C PATROL for Windows . . . . . . . PATROL History Loader KM .kml files. . . . . . . . . . . . Appendix C PATROL for Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL KM for Microsoft Windows Active Directory Remote Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .kml files 281 . PATROL KM for Log Management . . . . . . . . . . . . . . . . . . . . . . . PATROL KM for Microsoft Windows Domain Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .kml files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL Wizard for Microsoft Performance Monitor and WMI. . . . PATROL KM for Microsoft COM+. . . . . . . . . . . . . . . . . . . . . . . .kml files This section contains a list of the KM files that are included in each of the PATROL for Windows Servers . . . . . PATROL KM for Microsoft Windows Active Directory . . . . . PATROL KM for Microsoft Cluster Server . . . . . . . . . . . . . . . . . . . . PATROL KM for Microsoft Windows OS . . . . . . PATROL KM for Event Management . . . . . . . . . . . . . . . . . . .

kml files PATROL for Microsoft Windows Servers .kml The PATROL KM for Microsoft Windows OS uses the NT_LOAD.kml Note: NT_LOAD. For detailed instructions.kml 282 BMC PATROL for Microsoft Windows Servers Getting Started .kml NT_HYPER-V.kml PATROL KM for Microsoft Windows OS NT_LOAD.kml includes NT_BASE.kml NT_LOAD.kml file (Part 1 of 2) Application classes NT_BASE. PATROL KM for Microsoft Windows OS The PATROL KM for Microsoft Windows OS uses the following . see “Loading the PATROL for Microsoft Windows Servers KMs” on page 91.kml files to load the application classes provide in the KM: s s s NT_LOAD.kml (see Table 79 on page 284) NT_BSK NT_Composites NT_CompositesColl NT_EVENTLOG NT_EVINSTS NT_EVLOGFILES NT_FTP NT_FTP_CONTAINER Component and .kml NT_BASE.kml files.kml file. Table 78 PATROL KM for Microsoft Windows OS NT_LOAD.kml files PATROL for Windows Servers uses several . which load specific application classes. which loads the application classes shown in Table 78.PATROL for Microsoft Windows Servers .

kml files Table 78 PATROL KM for Microsoft Windows OS NT_LOAD.PATROL for Microsoft Windows Servers .kml Appendix C PATROL for Windows .kml file (Part 2 of 2) Application classes NT_ICMP NT_IP NT_IPX NT_IPX_CONTAINER NT_JOBS NT_JOBS_CONTAINER NT_JOBS_PROCESS_GROUP NT_JOBS_PROCESS NT_NETBEUI NT_NETBEUI_CONTAINER NT_NETBIOS NT_NETBIOS_CONTAINER NT_NET_PROTOCOLS NT_NETWORK NT_NETWORK_CONTAINER NT_PHYSICAL_DISKS_CONTAINER NT_PHYSICAL_DISKS NT_PRINTER NT_PRINTER_CONTAINER NT_PRINTERJOB NT_PRINTERJOBS NT_PROCESS_CONTAINER NT_PROCESS_GROUP NT_PROCESS NT_REGISTRY NT_REGISTRY_KEYINST NT_SECURITY NT_SERVER NT_SERVICES NT_SERVICES_CONTAINER NT_TCP NT_UDP Component and .kml files 283 .

kml The NT_LOAD. which loads the application classes shown in Table 79.kml PATROL KM for Microsoft Windows OS NT_BASE.kml file. 284 BMC PATROL for Microsoft Windows Servers Getting Started .kml file.kml files NT_BASE.kml file Application classes NT NT_OS NT_CACHE NT_CPU NT_CPU_CONTAINER NT_HEALTH NT_LOGICAL_DISKS NT_LOGICAL_DISKS_CONTAINER NT_MEMORY NT_NTFS_MOUNT NT_NTFS_MOUNT_CONTAINER NT_NTFS_QUOTA NT_NTFS_QUOTA_CONTAINER NT_PAGEFILE NT_PAGEFILE_CONTAINER NT_SYSTEM PATROL_NT Component and .PATROL for Microsoft Windows Servers . NOTE Ensure that the Hyper-V server role is installed on the computer.kml file includes the NT_BASE.kml The PATROL KM for Microsoft Windows OS uses the NT_HYPER-V.kml NT_HYPER-V. which loads the application classes shown in Table 80. Table 79 PATROL KM for Microsoft Windows OS NT_BASE.

kml file.km Component and .km AD_AD_ADDRESS_BOOK.km AD_AD_DNS.km AD_AD_GPO.km AD_AD_CNF.kml files Table 80 PATROL KM for Microsoft Windows OS NT_HYPER-V.kml PATROL KM for Microsoft Windows Active Directory The PATROL KM for Microsoft Windows Active Directory uses the MWD_ACTIVE_Directory_MN.km AD_AD_FRS.kml file Application classes AD_AD_SERVER.kml PATROL KM for Microsoft Windows OS NT_HYPER-V.km AD_AD_CNF_CONT.PATROL for Microsoft Windows Servers .kml files 285 .kml MWD_ACTIVE_Directory_MN.km AD_AD_FSMO_ROLE_CONECTIVITY.km AD_AD_LDAP.km AD_AD_FSMO_ROLE_PLACEMENT.kml file Application classes NT_HYPER-V NT_HYPERV_HYPERVISOR NT_HYPERV_LOGICAL_PROCESSOR_CONT NT_HYPERV_LOGICAL_PROCESSOR NT_HYPERV_PARTITION_CONT NT_HYPERV_PARTITION NT_HYPERV_PART_VIRTUAL_PRCR_CONT NT_HYPERV_PART_VIRTUAL_PRCR NT_HYPERV_PARTITION_VHD_CONT NT_HYPERV_PARTITION_VHD Component and .km AD_AD_COLLECTOR.km AD_AD_FSMO_ROLE_CONECTIVITY_CONT.kml Appendix C PATROL for Windows .km AD_AD_SAM.km AD_AD_LOST_FOUND_OBJECTS.km AD_AD_REPLICATION. Table 81 PATROL KM for Microsoft Windows Active Directory . which loads the application classes shown in Table 81.km AD_AD_AUTHENTICATION.

kml file.kml file Application classes AD_RMT_SERVER_CONT.kml PATROL KM for Microsoft Windows Domain Services (uses NTD.kml) 286 BMC PATROL for Microsoft Windows Servers Getting Started .km AD_RMT_DOMAINCONTROLER. Table 83 PATROL KM for Microsoft Windows Domain Services . which loads the application classes shown in Table 83.kml files PATROL KM for Microsoft Windows Active Directory Remote Monitoring The PATROL KM for Microsoft Windows Active Directory Remote Monitoring uses the REM_ACTIVE_DIRECTORY.km Component and .PATROL for Microsoft Windows Servers .kml PATROL KM for Microsoft Windows Domain Services The PATROL KM for Microsoft Windows Domain Services uses the NTD.kml file Application classes NT_DOMAIN NT_MEMBER_SERVER NT_DFS_LINK NT_DFS_LINK_REPLICA NT_DFS_ROOT NT_DFS_ROOT_REPLICA NT_DHCP NT_DHCP_SCOPE NT_DNS NT_DNS_2000 NT_RAS NT_RAS_DEVICE NT_REMOTE_SERVERS NT_REPLICATION NT_REPL_DIR NT_REPL_SVR NT_SHARES NT_TRUST NT_USERS NT_USER_ACCOUNTS NT_WINS NT_WINS_PARTNER Component and .km AD_RMT_FSMO_ROLE_CONNECTIVITY. which loads the application classes shown in Table 82.km AD_RMT_DOMAINSITE.km AD_RMT_FSMO_ROLE_CONNECTIVITY_CONT.kml REM_ACTIVE_DIRECTORY.kml file. Table 82 PATROL KM for Microsoft Windows Active Directory Remote Monitoring .

kml) PATROL KM for Microsoft COM+ PATROL KM for Microsoft COM+ uses the COM.kml PATROL KM for Microsoft Cluster Server (uses MCS_Load.PATROL for Microsoft Windows Servers .kml file.kml file Application classes COM_PLUS COM_APPLICATION COM_APPLICATIONC COM_DTC COM_APP_COMPONENT COM_APP_INTERFACE COM_APP_METHOD Component and .kml file Application classes MCS_Clusters MCS_Cluster MCS_Collectors MCS_Groups MCS_Group MCS_Group_Resources MCS_Networks MCS_Network_Interfaces MCS_Nodes MCS_Quorum MCS_Performance MCS_Shares Component and .kml) Appendix C PATROL for Windows .kml file. which loads the application classes shown in Table 84.kml files PATROL KM for Microsoft Cluster Server PATROL KM for Microsoft Cluster Server uses the MCS_Load.kml PATROL KM for Microsoft COM+ (uses COM. which loads the application classes shown in Table 85.kml files 287 . Table 85 PATROL KM for Microsoft COM+ . Table 84 PATROL KM for Microsoft Cluster Server .

kml) PATROL Wizard for Microsoft Performance Monitor and WMI The PATROL Wizard for Microsoft Performance Monitor and WMI uses the NT_PERFMON_WIZARD.kml PATROL Wizard for Microsoft Performance Monitor and WMI (NT_PERFMON_WIZARD. Table 86 PATROL KM for Microsoft Message Queue .kml file.kml file Application classes NT_PERFMON_WIZARD (Performance Counter Wizard) NT_PERFMON_OBJECT NT_PERFMON_INSTANCE NT_PERFMON_COUNTER NT_WMI (WMI Wizard) NT_WMI_PARAMETER Component and .kml PATROL KM for Microsoft Message Queue (uses MSMQ.kml file Application classes MQ_CONTAINER MQ_SERVER MQ_QUEUES MQ_QUEUESC MQ_IS MQ_ROUNDTRIP MQ_SESSIONSC MQ_SESSIONS Component and .kml files PATROL KM for Microsoft Message Queue The PATROL KM for Microsoft Message Queue uses the MSMQ.PATROL for Microsoft Windows Servers .kml file.kml) 288 BMC PATROL for Microsoft Windows Servers Getting Started . which loads the application classes shown in Table 87. Table 87 PATROL Wizard for Microsoft Performance Monitor and WMI . which loads the application classes shown in Table 86.

which loads the application classes shown in Table 89.km Component and . which loads the application classes in Table 90.PATROL for Microsoft Windows Servers .kml files 289 .km LOGMON.kml) Appendix C PATROL for Windows .kml file.kml PATROL History Loader KM (HISTORY. Table 89 PATROL History Loader KM . which loads the application classes shown in Table 88.kml PATROL KM for Log Management PATROL History Loader KM The PATROL History Loader KM uses the HISTORY.kml) PATROL KM for Event Management The PATROL KM for Event Management uses the AS_EVENTSPRING. Table 88 PATROL KM for Log Management .kml files Application classes EVENT_MANAGEMENT AS_AVAILABILITY AS_EVENTSPRING_ALL_COMPUTERS Component and . Table 90 PATROL KM for Event Management .kml file.km LOGTEMP.kml file.kml files PATROL KM for Log Management The PATROL KM for Log Management uses the LOG.km PMGCONVERT.kml file Application classes HISTORY_Computer HISTORY_Propagator MSSQLSERVER_History_Loader ORACLE_History_Loader SYBASE_History_Loader DB2UDB_History_Loader Component and .kml PATROL KM for Event Management (AS_EVENTSPRING.km PMGDEBUG.kml file Application classes LOGT.

Table 91 .kml files (Part 1 of 4) Application classes s s s s s s s s s s s s s s s PRU_ApplicationServer.kml files PATROL for Microsoft Windows Servers rulesets The server role rulesets provided with PATROL for Microsoft Windows Servers use the . For more information about the rulesets.kml s s s s s s s s s s s s s s 290 BMC PATROL for Microsoft Windows Servers Getting Started . NT_CPU* indicates both NT_CPU and NT_CPU_CONTAINER.PATROL for Microsoft Windows Servers . NOTE An asterisk indicates that all KMs that start with the stem are included.kml files shown in Table 91 on page 290 to specify which KMs are preloaded.kml PATROL for Windows Ruleset .kml NT NT_OS NT_CACHE NT_CPU* NT_MEMORY NT_PAGEFILE* NT_SYSTEM NT_LOGICAL_DISK* PATROL_NT NT_SERVICES* NT_PROCESS* NT_HEALTH COM_* NT_EV* NT_PERFMON* NT NT_OS NT_CACHE NT_CPU* NT_MEMORY NT_PAGEFILE* NT_SYSTEM NT_LOGICAL_DISK* PATROL_NT NT_SERVICES* NT_PROCESS* NT_HEALTH NT_EV* NT_PERFMON* PRU_TerminalServer. For example. see “PATROL for Microsoft Windows Servers rulesets” on page 257.

kml NT NT_OS NT_CACHE NT_CPU* NT_MEMORY NT_PAGEFILE* NT_SYSTEM NT_LOGICAL_DISK* PATROL_NT NT_SERVICES* NT_PROCESS* NT_HEALTH NT_EV* NT_PERFMON* NT NT_OS NT_CACHE NT_CPU* NT_MEMORY NT_PAGEFILE* NT_SYSTEM NT_LOGICAL_DISK* PATROL_NT NT_SERVICES* NT_PROCESS* NT_HEALTH NT_EV* NT_PRINT* NT NT_OS NT_CACHE NT_CPU* NT_MEMORY NT_PAGEFILE* NT_SYSTEM NT_LOGICAL_DISK* PATROL_NT NT_SERVICES* NT_PROCESS* NT_HEALTH NT_EV* NT_DOMAIN NT_MEMBER_SERVER AD_AD* PRU_PrintServer.kml files Table 91 .kml files 291 .kml s s s s s s s s s s s s s s PRU_DomainServer.PATROL for Microsoft Windows Servers .kml files (Part 2 of 4) Application classes s s s s s s s s s s s s s s PRU_RasVpnServer.kml s s s s s s s s s s s s s s s s Appendix C PATROL for Windows .kml PATROL for Windows Ruleset .

kml files Table 91 .PATROL for Microsoft Windows Servers .kml s s s s s s s s s s s s s s s s s 292 BMC PATROL for Microsoft Windows Servers Getting Started .kml files (Part 3 of 4) Application classes s s s s s s s s s s s s s s s s s PRU_FileServer.kml s s s s s s s s s s s s s s s PRU_DNSServer.kml NT NT_OS NT_CACHE NT_CPU* NT_MEMORY NT_PAGEFILE* NT_SYSTEM NT_LOGICAL_DISK* PATROL_NT NT_SERVICES* NT_PROCESS* NT_HEALTH NT_DFS* NT_EV* NT_DOMAIN NT_MEMBER_SERVER NT_PHYSICAL_DISKS* NT NT_OS NT_CACHE NT_CPU* NT_MEMORY NT_PAGEFILE* NT_SYSTEM NT_LOGICAL_DISK* PATROL_NT NT_SERVICES* NT_PROCESS* NT_HEALTH NT_EV* NT_PERFMON* NT NT_OS NT_CACHE NT_CPU* NT_MEMORY NT_PAGEFILE* NT_SYSTEM NT_LOGICAL_DISK* PATROL_NT NT_SERVICES* NT_PROCESS* NT_HEALTH NT_DNS_2000 NT_DOMAIN NT_MEMBER_SERVER NT_EV* NT_PERFMON* PRU_MailServer.kml PATROL for Windows Ruleset .

PATROL for Microsoft Windows Servers .kml s s s s s s s s s s s s s s s s PRU_MediaServer.kml files 293 .kml NT NT_OS NT_CACHE NT_CPU* NT_MEMORY NT_PAGEFILE* NT_SYSTEM NT_LOGICAL_DISK* PATROL_NT NT_SERVICES* NT_PROCESS* NT_HEALTH NT_DOMAIN NT_MEMBER_SERVER NT_EV* NT_WINS* NT NT_OS NT_CACHE NT_CPU* NT_MEMORY NT_PAGEFILE* NT_SYSTEM NT_LOGICAL_DISK* PATROL_NT NT_SERVICES* NT_PROCESS* NT_HEALTH NT_DOMAIN NT_MEMBER_SERVER NT_EV* NT_DHCP* NT NT_OS NT_CACHE NT_CPU* NT_MEMORY NT_PAGEFILE* NT_SYSTEM NT_LOGICAL_DISK* PATROL_NT NT_SERVICES* NT_PROCESS* NT_HEALTH NT_EV* NT_PERFMON* PRU_DhcpServer.kml s s s s s s s s s s s s s s Appendix C PATROL for Windows .kml files (Part 4 of 4) Application classes s s s s s s s s s s s s s s s s PRU_WinsServer.kml files Table 91 .kml PATROL for Windows Ruleset .

kml files 294 BMC PATROL for Microsoft Windows Servers Getting Started .PATROL for Microsoft Windows Servers .

41. 122 tuning 204 AlarmThreshold variable 122. 76 PCC 177 AccountInfo variables 248 accounts requirements 97 setting up for installation 43 Windows 43 AcknowledgeBy variable 229.kml 91 NT_BASE 284 NT_HYPER-V 285 NT_LOAD. 100 activating parameters 279 Active Directory 22 ActiveX control 134 adding event filters 275 295 .km files 89 __ANYINST__ variable 278.kml 91 HISTORY. 256 alarms acknowledging 201 generating 115.kml 286 . 273 rules 272 services to monitor 273 WMI parameters 144 address book monitoring 24 addresses default 138 email.A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Index Symbols %PATROL_CACHE% 65 %PATROL_HOME% 65 . 256 AlarmMin variable 255. .kml 90. 288 MWD_ACTIVE_Directory_MN. 276 AnnotationMode variable 249 application classes NT_CompositeColl 124 NT_DHCP 40.kml COM.kml 91 MSMQ. 282 NT_PERFMON_WIZARD.kml 91 NTD.kml files list of 90 vs. specifying 141 administrator rights 100 AdPerfCollector parameter 208 advanced user rights.kml 90.kml 90. 169 NT_DNS 169 NT_FTP 237 NT_ICMP 238 NT_IP 238 Numerics 560/562 events 201 A account requirements PATROL KM for Cluster Server 48. 219 AlertMSGForRepliCollector variable 246 alerts reducing number of 200 troubleshooting 204 allow log on locally (user right) 44 allowsendparamonly variable 205 AnnotateProcCount variable 236 AnnotateProcStatus variable 236 AnnotateTopProcs variable 236 AnnotateValueChange variable 239 Annotation variable 229. 289 LOG. 287 EVENT_MANAGEMENT. required 44 agents assigning notification servers to 139 configuration variables 217–257 configuring 138–140 configuring in a cluster 176 PATROL 34 persistent connection to 140 Alarm variable 225 AlarmMax variable 255.kml 91.kml 91. 276 acknowledging alarms 201 Act as part of operating system (user right) 44. 286 REM_ACTIVE_DIRECTORY. 279 _CollectionStatus parameter 200 _DiscoveryStatus parameter 46 Performance Monitor (PerfMon) counters 143 processes to monitor 118.

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z NT_IPX 238 NT_LOGICAL_DISK 100 NT_NETBEUI 238 NT_NETBIOS 238 NT_PROCESS 118 NT_REMOTE_SERVERS 169 NT_SERVICES 100 NT_SHARES 169 NT_TCP 238 NT_TRUST 169 NT_UDP 238 NT_WINS 169 application server. 177 cluster. escaping 271 components KM files 282–289 PATROL Adapter for Microsoft Office 34 PATROL Agent for Microsoft Windows Servers 34 PATROL Cluster Configuration Wizard 31 PATROL Cluster Configuration Wizard (PCC) 31 PATROL History Loader KM 34 PATROL KM for Cluster Server 30 PATROL KM for Event Management 33 PATROL KM for Log Management 32 PATROL KM for Microsoft Cluster Server 30 PATROL KM for Microsoft COM+ 31 PATROL KM for Microsoft Message Queue 31 PATROL KM for Microsoft Windows Active Directory 22 PATROL KM for Microsoft Windows Domain Services 30 PATROL KM for Microsoft Windows OS 21 composite parameters. contacting 2 Bourne shell 79 Bypass traverse checking user right 100 C C shell 79 catalog. 287 command-line arguments 122 commas. creating 124 compressing the DHCP database 99 ComputerNamesList/list variable 234 configuration variables 217–257 configurations. rulesets for monitoring 258 arguments. event 206 296 BMC PATROL for Microsoft Windows Servers Getting Started .kml 90. component-based PATROL KM for History Loader 289 PATROL KM for Microsoft COM+ 287 PATROL KM for Microsoft Message Queue (MSMQ) 288 PATROL KM for Microsoft Windows Domain Services 286 PATROL KM for Microsoft Windows OS 282 PATROL KM for MS Windows Active Directory Remote Monitoring 286 ConfigureOptionUsed variable 240 configuring blue screen monitoring 100. 236 colormap option 78 COM. monitoring 30 backup notification servers 136 BackupClusterDatabase parameter 249 BackupDir variable 227 batch file 134 BDCADD variable 242 BDCDEL variable 242 blackouts 204 Blat defined 133 version tested with 133 blue screen monitoring crash dump 126 default 126 event id 6008 126 BMC Software. disabling 201 authentication support 24 AutoDiscoveryTimeLimit variable 219 automatic process monitoring 117 AutoRestart variable 116.pl 134 Attended Mode Dialog Timeout field 131 auditing. monitoring 206 changing account rights 45 security levels 54 system monitoring 102 thresholds and poll times 277 characters. 126 composite parameters 124 custom parameters 124 B backing up before migration 69 backup domain controllers.kml 70 AS_EVSLocalAlertNotify. 225 availability.exe 76 ClusterLogFileError parameter 251 clusterName_NetworkNameForFileShares variable 250 CollectionCount variable 219. 76. process 122 arsAction variable 204 AS_AVAILABILITY application 206 AS_CHANGESPRING. special 271 charting PATROL data 166 CheckIPResourceColl parameter 249 CheckPoint variable 229 child_list variable 271 CluDBBackupPath variable 249 cluster administrator account 48.bat editing 135 requirements for using 134 AS_EVSLocalAlertNotify.

276 ConsolidationNumber variable 230. parameter history 34 deactivating parameters 279 debug programs (user right) 44 default email account 138 defining notification servers 136 remote agents 136 DeletedLDList variable 239 dependencies 92 deploying settings 137 DestroyAcknowledgeProcess variable 236 E editing notification scripts 135 rulesets 258 ELMError parameter 106 ELMErrorNotification parameter 106. 230. monitoring 26 dns. 276 Core Active Directory service 25 core Active Directory service 26 Counters variable 255 counters.A B C D E F G H I J K L M N O P Q R S T U V W X Y Z e-mail notification 132 event log monitoring 114 event monitoring 103 in PCM. service monitoring 273 KM to look for crash dump file 100 monitoring of text files 148 PATROL in a cluster 176 PATROL KM for Microsoft Windows OS 101–125 process control 121 process monitoring 117–122 quotas 100 remote agents 138–140 service monitoring 114–?? Windows event monitoring 103 ConnectAs32Bit variable 255 connection. 236. process monitoring 273 in PCM. disconnecting 99 DfsConnectionPercent parameter 130 DHCP (Dynamic Host Configuration Protocol) 30 DHCP reports 169 DHCPADD variable 242 DHCPBAK variable 242 DHCPDEL variable 242 diagnosing problems 199–211 directory replication 23 DisableAnnotation variable 222. monitoring 102 Distributed File System (DFS) 30 DNS name registration 25 DNS reports 169 DNS server. 201 ELMOtherTypes parameter 106 297 . Performance Monitor 207 CreateInstance variable 229 creating custom parameters 124 event filter to monitor events generated only by a specified computer 113 rules 272 WMI parameters 34 custom installation option 55 customer support 2 customizations migrating manually 72 customized PSL. 201 ELMEvFileFreeSpacePercent parameter 129 ELMFailureAudit parameter 106 ELMFailureAuditNotification parameter 106. persistent 140 ConsolidateEventTypes variable 107. escaping 271 dynamic file names. monitoring 150. 276 ConsolidationTime variable 230. migrating 73 customizing monitoring of counters 142 scripts 135 text log monitoring 147 thresholds 207 DFS (Distributed File System) 30 DFS users.exe 265 domain controllers rulesets for monitoring 259 domain controllers. 201 ELMInformation parameter 106 ELMInformationNotification parameter 201 ELMNotification parameter 106. monitoring 30 Domain Name Service (DNS) monitoring 30 rulesets 259 DomainInclusionList variable 251 DomainNamingMasterConnStatusSched variable 244 double quotes. 239 DisableAnnotations variable 244 DisableEventConfig variable 244 DisableServiceRestart variable 116. 222 disabling event filters 114 event log monitoring 104 KMs 170 parameters 279 process monitoring 121 disconnecting DFS users 99 discovery. event monitoring 275 in PCM. 155 Dynamic Host Configuration Protocol (DHCP) 30 dynamic update 26 D database. problems with 200 diskperf 103 disks.

239 expressions. escaping 271 error messages 210 escaping special characters 271 event catalog 206 event log windows event log 202 event logs monitoring. 235.kml 90.A B C D E F G H I J K L M N O P Q R S T U V W X Y Z ELMOtherTypesNotification parameter 201 ELMRptOfNotification parameter 108 ELMRptOfOtherTypes parameter 108 ELMStatus parameter 106. 230. 237. 239 increase quotas (user right) 44 inetinfo. enabling 102 troubleshooting 201 viewing 125 event monitoring configuring in PCM 275 Core Active Directory service 25 domain controller health 25 file replication service and group policy 25 Kerberos 25 Netlogon 25 time synchronization service 25 EVENT_MANAGEMENT. 238. 237. 236. 289 HPFS file system 40 I ICMP/Active variable 238 IdleServerTime variable 243 InactiveonMissingPerfObj variable 219 IncludeAll variable 227. Microsoft 100 ExclusionList/list variable 228. 235. 201 e-mail notification 132 EnableAlarmIfProcessDown variable 220 EnableAlarmIfProcessStarts variable 220 enabling event filters 114 event log monitoring 104 parameters 279 environment variables LANG 79 PATH 79 PATROL_BROWSER 79 PATROL_CACHE 65 PATROL_HOME 65 setting for Help browser 79 setting for the browser 79 equal sign. 276 EvRptOfError parameter 108 EvRptOfFailureAudit variable 108 EvRptOfInformation parameters 108 EvRptOfStatus parameters 108 EvRptOfSuccessAudit parameters 108 EvRptOfWarning parameter 108 eXceed 78 Excel. 107 ELMSuccessAudit parameter 106 ELMSuccessAuditNotification parameter 201 ELMWarning parameter 106 ELMWarningNotification parameter 106. 276 FilterDisableCase variable 233 FilterEnabled variable 114 first time installation 55 Flexible Single Master Operations (FSMO) 24 ForwardAllNTEventstoPEM variable 228 ForwardFilteredNTEventstoPEM variable 228 FSMO monitoring 24 FTP/Active variable 237 G graphing PATROL data 166 group policy monitoring 25 H HighThresholdOnEvents variable 240 history reports 168 HISTORY. 235. event monitoring 103 FilterDescription variable 230. supported 40 FileShareExclusionList variable 249 filter. rulesets for monitoring 258 file systems. regular 117 extracting downloaded installation files 52 order 52 F failover. 240 IncludeAllCompList variable 234 InclusionList list/variable 237 InclusionList/list variable 227. 239. 276 events monitoring 103 reducing 200 EventType variable 107. 237. 236. cluster 31 FAT file system 40 file replication service and group policy 26 file server.exe 262 InfrastructureMasterConnStatusSched variable 245 installation backing up before migration 69 298 BMC PATROL for Microsoft Windows Servers Getting Started . 236.kml 289 EventLogMonitoring BackupDir variable 227 ExclusionList/list variable 228 IncludeAll variable 227 InclusionList/list variable 227 EventReport variable 230.

76 PATROL KM for Cluster Server overview 73 preparing for 49 setting up installation accounts 43 system requirements 39 typical option 54 verifying requirements 39 Windows account requirements 43 Installation logs 210 installing checking for product patches or fixes 50 clearing cache 71 determining the version of the installation utility 51 extracting downloaded files 52 extraction order 52 extraneous target platforms in the installation utility user interface 50 for the first time 55 installing PATROL Agent over an existing installation 51 turning off pop-up blocking software 49 unsupported platform in the installation utility user interface 50 upgrading from an earlier version 63 where to install KMs 52 where to install PATROL Agent 51 Instances variable 255 integration with Blat 133 intrasite/intersite monitoring 23 IP/Active variable 238 IPExclusionList variable 249 IPX/Active variable 238 IterationCount variable 241. 27 KM configuration variables 217–257 KM customizations 299 . monitoring 102 LogicalDiskMonitoring ExclusionList/list variable 239 IncludeAll variable 239 InclusionList/list variable 238 login accounts requirements 43 Windows 43 logs event. required 39 loading KMs 91–93 log files. rulesets for monitoring 259 Make Connection Persistent option 140 managed system 22 manual migration of KM customizations 72 process monitoring 117 ManualAcknowledge variable 235 MAPI scripts 134 MaxRecords variable 232 MaxResourceIdleRetainPeriod variable 227 MaxShares variable 243 MaxUsers variable 243 K Kerberos 25.exe 264 J job objects missing 200 monitoring 102 JobObjectMonitoring CollectionCount variable 236 ExclusionList/list variable 235 IncludeAll variable 235 InclusionList/list variable 235 JournalMsgCountThreshold variable 253 JournalMsgSizeThreshold variable 253 M mail servers.A B C D E F G H I J K L M N O P Q R S T U V W X Y Z custom option 55 log files 210 PATROL KM for Cluster Server account requirements 48. 242 migrating manually 72 KMs deploying 18 determining if migratable 64 determining versions of 211 included with product 281–289 installing individual 55 installing QuickStart packages 54 loading 91–93 preloading 90 unloading 170 upgrading from an earlier version 63 where to install 52 Korn shell 79 L LANG environment variable 79 LDAP monitoring 24 LDldFreeSpacePercent parameter 129 license.kml 91 LOGErrorLvl not set if search string is not defined 154 logical disks. monitoring 102 installation 210 lsass. monitored by default 149 Log on as a service (user right) 44 Log on as batch job user right 100 LOG.

41 NT_EVENTLOG.kml 42. 288 MsPatrolAgentStatus parameter 129 MWD_ACTIVE_Directory_MN.OSdefaultAccount variable 241 NT_FTP application class 237 NT_HYPER-V. streaming 259 MemoryContentionThreshold variable 240 MenuCmdROMode variable 252 messages. 282 NT_LOGICAL_DISK application class 100 NT_NETBEUI application class 238 NT_NETBIOS application class 238 NT_PERFMON application class 91 NT_PROCESS application class 118.kml 42.A B C D E F G H I J K L M N O P Q R S T U V W X Y Z MBRADD variable 242 MBRDEL variable 242 MBREL variable 242 media. defining 138 notification. 155 job objects 102 logical disks 102 logical or physical disk drives 103 logs 114 network interfaces 102 network protocols 102 pagefiles 102 physical disks 102 printers 102 processes 117 processors 102 service executables 116 services 114 strings 114 text files 148 MonitorManualServices variable 222 MonitorNotRespond variable 225 MonitorProcess 225 MonitorProcess variable 235 MSMQ. error log 210 Microsoft Excel 100. monitoring 102 network protocols.kml 91. using 133–136 server 136 notification scripts customizing 135 editing 135 specifying 138 notification servers benefits of 136 configuring 136–138 defining 136 primary and backup 136 providing security for 137 notification targets. 167 Microsoft Message Queue (MSMQ) 31 Microsoft Transaction Server COM+ 31 migrating customized PSL 73 determining if KM is migratable 64 from an earlier version of the KM 63 KM customizations manually 72 Mode variable 256 monitor requirements 40 Monitor variable 225 MonitoredClusterList variable 252 monitoring Active Directory 22 availability of agents 206 backup domain controllers 30 clusters 31 domain controllers 30 enabling and disabling 102 event logs 102 events 103. 91. 201 NetworkInterfaceMonitoring ExclusionList/list variable 237 IncludeAll variable 237 InclusionList/list variable 237 new PATROL users easy install option 54 installing for the first time 55 nonaggregate values for drive instance 127 NonAggregateParamValue variable 239 notification scripts.kml 284. 200 NT_SERVICES application class 100 NT_TCP application class 238 NT_UDP application class 238 NTD.kml 91 Net Logon 25. 286 N Name variable 255 300 BMC PATROL for Microsoft Windows Servers Getting Started . monitoring 102.kml 90. 27 NETBEUI/Active variable 238 NETBIOS/Active variable 238 Netscape Navigator 78 network interfaces. e-mail 132 NOTIFICATION_SERVER1 variable 139 NOTIFICATION_SERVER1. 114 files 114 files with dynamic names 150. 284 NT_CompositesColl application class 124 NT_DHCP application class 40.defaultAccount variable 139 NOTIFICATION_SERVER2 variable 139 NotifiedEvents parameter 206 notifying disks are not present 126 NotRespondCmd variable 225 NT authentication support 24 NT_BASE. 285 NT_ICMP application class 238 NT_IP application class 238 NT_IPX application class 238 NT_LOAD.

235 RegValueChanged 239 ServiceStatus 115. 225 OverrideParameterAutoActivate variable 227. 76 architecture 74 description 30 installation overview 73 installation requirements 76 O Objects variable 255 operating system. 235. system 210 OverrideAutoConfigUpdate variable 240 OverrideGlobalServiceMonitoring variable 225 OverrideGlobalServiceRestart variable 116.Windows Edition 172 PATROL Configuration Manager description 18 using 269–277 PATROL consoles and Netscape Navigator 78 installing KMs to 53 PATROL for Microsoft Windows Servers rulesets 290 PATROL for Windows Operating System Monitor service 35 PATROL History Loader KM description 34 PATROL KM for Cluster Server account requirements 48. creating 43 PATROL Adapter for Microsoft Office description 34 installation requirements 167 PATROL Agent configuring in a cluster 176 description 34 installing KMs to 53 installing over an existing installation 51 where to install 51 PATROL Central .Web Edition loading KMs on 93 PATROL Central . 201 ELMInformation 106 ELMInformationNotification 106. monitoring 101 output window. 129. 130 SvcNotResponding 116 SvcStatus 116 troubleshooting 205 tuning 200 WMIAvailability 129. 240 OverrideParameterFileFreeSpacePctAutoActivate variable 228 OverrideSummaryAutoCreate variable 202. 201 ELMEvFileFreeSpacePercent 129 ELMFailureAudit 106 ELMFailureAuditNotification 106. 201 ELMNotification 201 ELMOtherTypes 106 ELMOtherTypesNotification 201 ELMRptOfNotification 108 ELMRptOfOtherTypes 108 ELMStatus 106 ELMSuccessAudit 106 ELMSuccessAuditNotification 201 ELMWarning 106 ELMWarningNotification 106. storing and analyzing 34 DfsConnectionPercent 130 ELMError 106 ELMErrorNotification 106. viewing 90 LDldFreeSpacePercent 129 MsPatrolAgentStatus 129 NotifiedEvents 206 PAWorkRateExecsMin 130 PROCDown 122 PROCProcessColl 122 PROCProcessorTimePercent 129 PROCStatus 122. monitoring 102 parameters 205 _DiscoveryStatus 46 activating and deactivating 279 AdPerfCollector 208 BackupClusterDatabase 249 CheckIPResourceColl 249 ClusterLogFileError 251 composite 124 creating 34 creating e-mail notifications for 132 creating PerfMon-based 143 creating WMI 144 customizing 124 data. 129 ShConnPercent 46.A B C D E F G H I J K L M N O P Q R S T U V W X Y Z NTFS file system 40 EvRptOfError 108 EvRptOfFailureAudit 108 EvRptOfInformation 108 EvRptOfSuccessAudit 108 EvRptOfWarning 108 history. 201 301 . 228 P PACFG (PATROL Agent Configuration) utility 205 PagefileMonitoring ExclusionList/list variable 237 IncludeAll variable 237 InclusionList/list variable 237 pagefiles. 240 WpReplicationFailures 130 Parameters variable 255 ParentInstance variable 229 PATH environment variable 79 PATROL account.

changing 205. supported 39 poll times. 94 preparing for installation 49 Primary_Site_Role.cfg 258. monitoring 102 problem resolution 199–211 PROCDown parameter 122 process control. 42 requirements 41.conf 205 PATROL_BROWSER environment variable 79 PATROL_CACHE 65. 71 PATROL_HOME 65 PatrolAgent service 35 PAWorkRateExecsMin parameter 130 PCC (PATROL Cluster Configuration Wizard) account requirements 177 description 31 installation requirements 177 overview 176 unattended configuration 191 using 178 pconfig syntax rules for 271 variables 218–257 PDCEmulatorConnStatusSched variable 245 Performance Counter (PerfMon) Wizard 34 Performance Monitor counters. 42 troubleshooting 97 PATROL KM for Microsoft Windows Domain Services KMs 286 requirements 40 troubleshooting 98 PATROL KM for Microsoft Windows OS configuring 101–125 KMs 282 requirements 40 PATROL KM for MS Windows Active Directory Remote Monitoring KMs 286 REM_ACTIVE_DIRECTORY. customizing 207 perfproc.kml file 289 PATROL KM for Microsoft COM+ report options 170 troubleshooting 99 Windows configuration 287 PATROL KM for Microsoft Message Queue KMs 288 report options 169 troubleshooting 99 PATROL KM for Microsoft Windows Active Directory description 22 installation requirements 41. 259 print server. configuring 121 processes _DiscoveryStatus and _CollectionStatus parameters 121 configuring in PCM 273 disabling monitoring of 121 missing 200 monitoring 117 multiple processes selected 203 restarting 46. monitoring 102 PhysicalDiskMonitoring ExclusionList/list variable 237 IncludeAll variable 237 InclusionList/list variable 237 PingCount variable 246 PingTimeout variable 246 planning installation 49 notification 136 platforms. rulesets for monitoring 258 PrinterMonitoring DisableAnnotation variable 239 ExclusionList/list variable 239 IncludeAll variable 240 InclusionList/list variable 239 printers. 277 preloading KMs 90. 122 run-away 220 stopping 122 troubleshooting 200 ProcessMonitoring StatusSelectedColumns/list variable 219 ProcessName variable 220 ProcessorContentionThreshold variable 240 302 BMC PATROL for Microsoft Windows Servers Getting Started .kml 286 PATROL KM for Windows Active Directory required defaultAccount permissions 47 PATROL Perform Agent 38 PATROL security overview of levels 53 requirements 39 PATROL Wizard for Performance Monitor and WMI .dll 200 persistent agent connection 140 physical disks.kml files 289 configuring 132–141 PATROL KM for History Loader KMs 289 PATROL KM for Log Management .kml file 288 configuring 142 creating Performance Monitor parameters 143 creating WMI parameters 144 description 34 loading 142 migration 64 performance counters supported 146 queries that begin with Win32_PerfRawData 146 setting alarm thresholds 144 Win32_PerfRawData WMI class 146 PATROL.A B C D E F G H I J K L M N O P Q R S T U V W X Y Z monitoring features 30 overview 73 PATROL KM for Event Management .

vbs 134 sendmail. migrating 73 psx_server. 242 ServerPortNumber variable 241.A B C D E F G H I J K L M N O P Q R S T U V W X Y Z ProcessorMonitoring DisableAnnotation variable 236 ExclusionList/list variable 236 IncludeAll variable 236 InclusionList/list variable 236 processors. 168–170 requirements overview 39 PATROL KM for Cluster Server 76 PATROL KM for Cluster Server account 48. 76 PATROL KM for Microsoft Windows Active Directory 41.vbs 134 ServerExcludeList variable 243 ServerIPAddress variable 241. adding 272 rulesets applying 257 editing 258 PATROL for Microsoft Windows Servers 290 shipped 257–269 run-away processes 220 Q Query variable 256 QueueMsgCountThreshold variable 253 QueueMsgSizeThreshold variable 253 quorum configurations support in a failover cluster 76 quotas. 242 ResourceExclusionList variable 250 restarting agent 205 processes 46. monitoring 102 PROCProcessColl parameter 122 PROCProcessorTimePercent parameter 129 PROCStatus parameter 122. assigning notification servers to 139 remote monitoring tasks 198 RemovedPDList variable 237 removedServiceList variable 222 removing KMs 171 replace a process level (user right) 45 303 . 122 RetainEventDescriptions variable 276 rights. escaping 271 S SAM monitoring 24 SAM NT authentication support 24 ScheduledServers variable 253 Scheduling variable 232 SchemaMasterConnStatusSched variable 245 SCOPEADD variable 242 SCOPEDEL variable 242 scripts batch file 134 customizing 135 editing 135 using 133–136 search string 154 security event log 100 notification server 137 overview of levels 53 Security Account Manager (SAM) 24 send_mapi. required 44. 129. 42 PCC 177 software 89 system 39 user right 44 Windows account 43 Windows script 134 ResolveTestList variable 241. deploying settings to 137 ServiceMonitoring R RAS (Remote Access Service) 263 recovery actions about 128 configuring 128–132 troubleshooting 46 variables used for 256 redundancy 136 RegistryMonitoring InclusionList/list variable 239 regular expressions 117 using to monitor dynamic file names 150. 155 RegValueChanged parameter 239 RelativeIDMasterConnStatusSched variable 245 Remote Access Service (RAS) 263 remote agents. 100 rules. 235 product components 20 configuration tasks 101 product support 2 profile system performance (user right) 45 protocols monitoring 102 troubleshooting 201 PRU_FileServer.cfg 258 PSL. configuring 100 quotes. 242 servers.xpc 232 replication monitoring 23 reports 100.

required 44 UserExcludeList variable 243 using PCC 178 V variable_list variable 272 variables __ANYINST__ 278 child_list 271 FilterEnabled 114 NOTIFICATION_SERVER1 139 NOTIFICATION_SERVER2 139 PATROL KM for Microsoft Active Directory 244–248 PATROL KM for Microsoft Cluster Server 248–253 PATROL KM for Microsoft COM+ 254 PATROL KM for Windows Domain Services 241–244 304 BMC PATROL for Microsoft Windows Servers Getting Started .exe 267 smsexec. 115 startup properties.exe 264 ServiceStatus parameter 115.ctg 206 stopping event log monitoring 104 monitoring 102 processes 122 services 99 streaming media servers. requirements 40 spoolsv. 204 time synchronization service 25. 122 text files. 242 UDP/Active variable 238 uninstalling products 81 unloading KMs 172 unresponsive services 116 upgrading 63 backing up current installation before 69 choosing a procedure 65 from an earlier version of the KM 63 UpTimeBaseLine variable 250 UseCheckPoint variable 227. rulesets for monitoring 259 success auditing 201 Summary instance 202 support.exe 264 SvcNotResponding parameter 116 SvcStatus parameter 116 syntax pconfig 271 system output window 210 system requirements 39 system roles 52 T TCP/Active variable 238 TCPorUDP variable 241.cfg 258.exe 267 starting services 99. 27 TimeLimitForKillRunAwayProcess variable 220 TotalMessageSizeThreshold variable 253 troubleshooting 199–211 DiscoveryStatus parameter in alarm 203 multiple processes selected 203 windows event log 202 TrustExcludeList variable 243 typical installation option 54 U UDP protocol 241. monitoring 148 thresholds changing in PCM 277 customizing 207 rule for 278 tuning 200. 259 sitecomp. 115 services. rulesets for 258 smsdbmon. 229 user account 79 user rights. 130 shells Bourne 79 C 79 Korn 79 Site_Role. PATROL Adapter for Microsoft Office 168 terminal server 259 terminating processes 46. service 100 StatusNumberofProcessesToDisplay variable 219 StatusSelectedColumns/list variable 219 StatusSortKey variable 219 StdEvents.exe 267.A B C D E F G H I J K L M N O P Q R S T U V W X Y Z DisableAnnotation variable 222 MonitorManualServices variable 222 removedServiceList variable 222 services checking status of 116 configuring in PCM 273 monitoring 114 monitoring executables for 116 PATROL for Windows Servers 35 restarting 46.exe 263 sqlservr. 242 technical support 2 templates. customer 2 Suspend Recovery Action field 131 Suspend variable 256 svchost. 129 setting environment variables for Help browser 79 ShareExcludeList variable 243 ShConnPercent parameter 46. escaping 271 SMS (Systems Management Server).exe 267. 269 SMTP scripts 134 SNMP service 41 SNMP. 269 slashes.

determining 211 View Process Status dialog box 219 viewing event logs 125 Visual Basic (VB) 133 VPN (virtual private network) 259 W Wait variable 256 warnings.A B C D E F G H I J K L M N O P Q R S T U V W X Y Z PATROL KM for Windows Message Queue 253 PATROL KM for Windows OS 218–241 PATROL Wizard for Performance Monitor and WMI 255–256 PATROL_BROWSER 79 variable_list 272 wpconfig 18 VB (Visual Basic) 133 version. generating 115. 256 WarnMin variable 255. 240 WMServer service 266 wpconfig utility 94 wpconfig variables 18 WpReplicationFailures parameter 40. 122 WarnMax variable 255. creating 144 WMI Wizard 34 WMIAvailability parameter 129. 130 X xpconfig utility 94 305 . 256 WBEM_E_INVALID_CLASS error message 208 Win32_PerfRawData performance counters supported 146 WMI queries for WMI class 146 WIN32_WMISetting 240 Windows 30 Windows account requirements 43 Windows Management Instrumentation (WMI) 34 Windows NT Workstation 134 WINS (Windows Internet Naming Service) recovery actions 130 reports 169 rulesets for monitoring 259 WINSADD variable 242 WINSDEL variable 242 WMI parameters.

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 306 BMC PATROL for Microsoft Windows Servers Getting Started .

Notes .

*533571* *533571* *533571* *533571* 175335 .