Configuring Microsoft Clusters in TrueSight

This topic provides information about configuring PATROL for Microsoft Cluster KM in the Central Monitoring Administration and TrueSight console. 

Cluster configuration video

Click to view a short video (4:36) of how to configure clusters for monitoring.

 https://youtu.be/CeJISHV8a0I

Configuration details

To configure the KM, set the following preferences on the Add Monitoring Configuration dialog.

Monitoring SolutionVersionMonitor ProfileMonitor Type
Microsoft Windows Servers5.0.00Cluster ServerCluster Monitoring

Click  button to add the Cluster Configuration details. 

FieldDescription
Cluster Details

Cluster Name

Enter a cluster name or a comma separated list of clusters for monitoring. A cluster instance is created with this name below the Microsoft Clusters container.

If you have entered a comma separated list of clusters, they must have the same credentials.

For example: hyperclust.abc.com,holoclust.abc.com

User Name

Enter the user name to connect to the cluster.

Password

Enter the password.

Confirm Password Re-enter the password for confirmation.
WinRM PortEnter the WinRM port number that will be used for communicating with the cluster. Default port number is 5985.
Connection Protocol

Select the type of connection protocol. By default, this value is set to HTTP.

  • HTTP
  • HTTPS
Filtering

Cluster Entity Filter Configuration: Click  button to add the configuration details.

Entity Type

Select the entity on which you want to apply the filters. The entities are specified as:

  • Roles
  • Resources
  • Shares

Filtering criteria can be for inclusion or exclusion.

Include Criteria

Enter a name or a regular expression to include the entity (Roles or Resources or Shares) for monitoring. By default Roles and Resources are included for monitoring, except Shares.

For example, TestRole1|TestRole2

Exclude Criteria

Enter a name or a regular expression to exclude the entity (Roles or Resources or Shares) from monitoring.

For example, TestRole1|TestRole2

OKClick to save the configuration.
CancelClick to close the configuration dialog.
Disable File Shares Monitoring

Select this checkbox to disable Shares monitoring. By default Shares monitoring is disabled.

Note: Clear this option to monitor and apply filtering of Shares.

Specify Resource Type to Exclude

Enter a comma separated list of resource types to exclude from monitoring. For example you can exclude Generic Application, Generic Service types of resources. The resource type names are case sensitive.

Node OS monitoring
Node configuration: Click  button to add the configuration details.

Node configuration

Monitor Configuration

Operating System Monitoring

Cluster NodesEnter a comma separated list of cluster nodes for remote monitoring.
Monitoring options

Specify one of the following options:

  • Standard Monitoring: This option enables monitoring of Processor, Memory, Disk, and Network monitor types only.
  • Advanced Monitoring: This option allows you to select and configure individual monitor types. These configurations need to be enabled explicitly. 
Advanced Monitor Configuration
  • Memory: Select this check box to enable Memory monitoring.
  • Health: Select this check box to enable Health monitoring.
  • Cache: Select this check box to enable Cache monitoring.
  • System: Select this check box to enable System monitoring.
  • Processor*: Select this check box to enable Processor monitoring.
  • Network*: Select this check box to enable Network monitoring.
  • Physical Disk*: Select this check box to enable Physical Disk monitoring.
  • Logical Disk*: Select this check box to enable Logical Disk monitoring.
  • Page File*: Select this check box to enable Page File monitoring.
  • Process*: Select this check box to enable Process monitoring.
  • Service*: Select this check box to enable Service monitoring.
  • Event Log*: Select this check box to enable Event Log monitoring.

* indicates additional configuration is required for monitoring.

Processor Configuration

Processor: Select this check box to enable processors (CPU) monitoring. All processors discovered on the system are monitored by default.

Field Description
Exclude Criteria

Specify a comma-separated list of processor instances that you want to exclude from monitoring.

For example: 0,1,2

Include Criteria

Specify a comma-separated list of processor instances that you want to include for monitoring.

For example: 0,1,2

Network Configuration

Network: Select this check box to enable monitoring of network interfaces. All network interfaces discovered on the system are monitored by default.

Field Description
Exclude Criteria

Specify a comma-separated list of network interface instances that you want to exclude from monitoring.

For example: Local Area Connection,6TO4 Adapter

Include Criteria

Specify a comma-separated list of network interface instances that you want to include for monitoring.

For example: Local Area Connection,6TO4 Adapter

Physical Disk Configuration

Physical Disk: Select this check box to enable monitoring of the physical disks. All physical disks discovered on the system are monitored by default.

Field Description
Exclude Criteria

Specify a comma-separated list of physical disk instances to exclude from monitoring.

For example: 0,1,2

Include Criteria

Specify a comma-separated list of physical disk instances to include for monitoring.

For example: 0,1,2

Logical Disk Configuration

Logical Disk: Select this check box to enable monitoring of the logical disks. All logical disks discovered on the system are monitored by default.

Field Description
Exclude Criteria

Specify a comma-separated list of logical disk instances to exclude from monitoring.

For example: C:,D:,E:

Include Criteria

Specify a comma-separated list of logical disk instances to include for monitoring.

For example: C:,D:,E:

Page File Configuration

Page File : Select this check box to enable PageFile monitoring. All pagefiles discovered on the system are monitored by default.

Field Description
Exclude Criteria

Specify a comma-separated list of paging file instances that you want to exclude from monitoring.

For example: _Total,C:\pagefile.sys.

Include Criteria

Specify a comma-separated list of paging file instances that you want to include for monitoring.

For example: _Total,C:\pagefile.sys.

Process Configuration

Process: Select this check box to enable Process monitoring. By default, PATROL does not monitor any processes. When configuring monitoring for a specific process, you can use the methods shown below:

Process monitoring methods:

Manual process monitoring: Use when you want to select or specify the processes to monitor and you want to customize how PATROL monitors them.

Automatic process monitoring: Use when you want to monitor a process only if it exceeds a specified CPU utilization percentage.

List of Processes: Click  button to configure the process manually. 
Process Specification
Configure Process Monitoring 

Process Label

Specify a label to identify a group of processes. The input that you specify must match the regular expression pattern, '^[0-9a-zA-Z_]+$'.

Process Name

Specify a name or a regular expression pattern that matches the names of processes that must be monitored. Enter only the process name without extension.

Example: If the process name is Notepad, enter Notepad. Do not enter Notepad.exe.

Use Regular Expression for Process Name Select this check box if you want to monitor all the processes that contain the process name specified.

Process Arguments

Specify the command line arguments for the processes that you want to monitor.

Note:

  • To monitor a specific process, enter the process arguments.
  • To monitor all the instances of the same process, enter wildcard asterisk ( * )
  • If the process argument field is left blank, only the process with no arguments will be monitored.

Example:

C:\Windows\system32\svchost.exe -k NetworkService 
C:\Windows\system32\svchost.exe is considered as no arguments and -k NetworkService is considered as arguments

Use Regular Expression for Process Argument Select this check box to enter process command line arguments using regular expression pattern.
Minimum Count Specify a value so that an alarm is raised if the process count drops under this value.
Maximum Count Specify a value so that an alarm is raised if the process count rises above this value.
Acceptable Process Owner Specify a name or regular expression pattern that matches the name of the acceptable process owner.
Use Process Owners for Filtering Select this check box if you want to filter processes based on the process owners.
 Process Settings  
Generate alarm on Process stop Select this check box to generate an alarm when the process stops.
Generate alarm on Process start Select this check box to generate an alarm when the process starts.
OK Click to save the configuration.
Cancel Click to close the configuration window.
Automatic Process Monitoring 
CPU Threshold in % Specify the CPU threshold (in %) for automatic process monitoring. The input that you specify must match the regular expression pattern, '^[0-9]+$'.

By default, this value is set to 90.

Time Duration in secs Specify the time limit (in seconds) to start the automatic process monitoring. The input that you specify must match the regular expression pattern, '^[0-9]+$'. By default, this value is set to 300.

Service Configuration

Service: Select this check box to enable Service monitoring. PATROL monitors the availability of all system services except for those where the start-up type is disabled. You can change the monitoring properties of the monitored services or add other services to monitor. The following table shows you how the KM monitors each start-up type by default.

Default service monitoring flags

Startup type

Auto restart

Alarm

Automatic

1

1

Manual

0

0

Disabled

0

0

Note

With 5.0.00 version, exclude operation is independent of the include operation. You can use Exclude Services to exclude objects, regardless of any include rules specified in the Include Services option.

 You can now create a policy with Service Exclusions only.

Service Configuration
Disable Automatic Restart Select this check box to disable automatic re-start of the services configured.
Disable Alert For Paused Services Select this check box to disable alerts for paused services.
List of Included Services
Service Details
Generate an Alarm/Warning when service is stopped By default, when a service is stopped, PATROL generates an Alarm. However, for a particular service, you can specify a Warning instead. This feature is only for services with a startup type of Automatic.
Alert State Select one of the following options to define the type of alert you want to raise when the service stops:
  • Alarm
  • Warning
Restart service when stopped Select this check box to restart a stopped process.
Enable process monitoring for the services

This option enables monitoring of the process that is associated with the configured Service.

 By default, PATROL monitors only whether services are available. To monitor how much memory and CPU a service executable consumes, you must enable process monitoring for the service. When you enable process monitoring, PATROL monitors the service executable process and displays the monitored process beneath the NT_SERVICE application.

Use command line for non-responsive services Select this check box to use the specified command line.
Command line This option is used for the non-responsive services. 
Service Name
Service Name

Specify a Display Name or Service Name to add the service for monitoring. Regular expressions are supported only for Display Name.

The KM uses \| characters for OR operation instead of | character.

Example:

  • ^Windows.*\|^Application.*
  • ^Device Association.*\|^Device Setup.*
Use Display Name

Select this option to add services by using Display Name or clear this option to add services using Service Name. 

Service Startup Type
Automatic Select this check box to monitor the services with Startup Type as Automatic, Automatic (Trigger Start) Automatic (Delayed Start). This check box is enabled by default.
Manual Select this check box to monitor the services with Startup Type as Manual, Manual (Trigger Start). This check box is enabled by default.
Disabled Select this check box to monitor the services with Startup Type as Disabled.
OK Click to save the configuration.
Cancel Click to close the configuration window.
Exclude Services
List of Excluded Services
Service Name Specify a Display Name or Service Name to add the service for monitoring. Regular expressions are supported only for Display Name.
Use Display Name Select this option to exclude services by using Display Name or clear this option to exclude services by using Service Name.
OK Click to save the configuration.
Cancel Click to close the configuration window.

Event Log Configuration 

Event Log: Select this check box to enable Event Log monitoring. By default, all Windows event logs are monitored if they are registered in the Windows registry at the following location: 

HKLM\SYSTEM\CurrentControlSet\Services\Eventlog 

List of Event Logs: Click  button to configure the event logs. 
Log Name

Specify the event log name for which you want to create a filter.

List of Filters:  Click  button to filter the event logs. 
Name

Enter a unique name that represents the event filter, and follows these rules:

  • The filter name cannot exceed 127 characters.
  • The filter name cannot use the following format: user@domain.com. If this format is used for the filter name, the filter fails to filter events.
Description Enter a short description of the filter you are creating. This is additional information regarding the filter and you can change the description at any time.
Report/Notify

Select one of the following options, as appropriate:

Source Details Click  button to configure the source name. 
Name Specify the event log source name or a regular expression.
OK Click to save the configuration.
Cancel Click to close the dialog.
 
Use name as a regular expression Select this check box if you specified a regular expression in the Name field.
Disable case sensitivity

Select this check box to disable case sensitivity for the source filtering.

You can specify whether to make filter comparisons in a case-independent manner for the source, user, category, and string options of a Windows event filter. To disable case-independent comparisons for any of the options, ensure that the corresponding Disable Case Sensitivity check box while configuring windows event monitoring is cleared.

The /PSX_P4WinSrvs/PWK_PKMforMSWinOS_config/EventLogMonitoring/eventlog/EventFilters/filter/FilterDisableCase configuration variable stores information about case-sensitivity of the event filter options.

This variable has five bit values, depending upon case sensitivity, one bit corresponding to each of Source, User, Category, String, and Computer name, respectively. If any bit value is 1, a case-independent filter comparison is made for the corresponding field.

You can set this variable to either of the following values:

  • 00000 = none checked (default)
  • 11111 = all 5 categories checked
  • A combination of 0s and 1s, depending on which of the 5 categories were checked

To disable case-sensitivity in the event filters, set the value of the FilterDisableCase configuration variable to 00000.

Include/Exclude Source List

Select one of the following options, as appropriate:

  • Include all event sources in the list
  • Exclude all event sources in the list
Event Type Details This option helps you to configure event details.
Event Types to Monitor

Select one or more of the following event types to use in the filter for monitoring.

  • Critical
  • Error
  • Warning
  • Information
  • Verbose
  • Success_Audit
  • Failure_Audit
  • Others
Consolidate event types when reporting
  • Select this option if you want various types of events (for example, Warning, Information, Error) to be reported by using one parameter, ELMStatus (or ELMNotification if you configured to be notified immediately when an error occurs while defining the Report/Notify option).
  • Clear this check box, if you want to have separate parameters for each event type that can raise alarms independently.
Event ID Details Click  button to configure event ID details. 
Windows Event ID(s)

You can select one or more multiple IDs in the following ways:

  • Single event ID. For example: 100
  • Comma-separated list of multiple event IDs. For example: 100,110,120
  • Range of event IDs. For example: 100-120
  • Regular expression. For example: 1[0-5]3
 
Use Event ID as a regular expression Select this check box if you specified a regular expression in the Windows Event ID(s) field.
Include/Exclude Event ID List

Select one of the following options, as appropriate:

  • Include all event IDs in the list
  • Exclude all event IDs in the list
Event Handling Choose how to handle your Windows events.
Annotate Graph parameter with event details Select this check box to annotate event details to Graph parameters.
Write event details to a text parameter Select this check box to add event details to text parameters.
Use event details for a recovery action Select this check box to enable using the event details for recovery actions.
Report multiple events as a single event when the event occurs

Specify the number of events that must be reported as a single event depending on the value that you specify in the Time within seconds field.

By default, this value is set to 1.

Time within seconds

Specify the number of seconds that must be used for reporting multiple events as a single event.

By default, this value is set to 0.

Enter text automatic or Filter name to Acknowledge Alarm

Specify how you want to acknowledge the alarm raised by the event filter. You can specify one of the following values:

  • automatic: If you specify automatic, then PATROL acknowledges alarms and returns the filter to an OK state if the filter criteria are not met during the most recent collection cycle. In other words, if the events you are monitoring do not occur during the collection cycle, the event filter state is changed back to OK. With this option you are not actively monitoring for alarms, you might not notice when the monitored events occurs because any alarms will be reset during the next collection cycle if the monitored events do not re-occur. Note: With this option, PATROL cannot acknowledge the alarm or return the filter to an OK state.
  • filterName: If you specify the filter name, then PATROL changes the filter state from an alarm state to an OK state when the criteria of a second event filter are met. To use this option, you must create an event filter that monitors for the required event and that is configured to notify PATROL immediately when that filter criteria is met, and then specify the filter name in this field.

By default, this value is set to automatic.

Advanced Properties Click this tab to specify advanced properties for events.
List of Users Click  button to configure user details. 
User Name Specify the user name associated with the events that you want to monitor or exclude from monitoring.
OK Click to save the configuration.
Cancel Click to close the dialog.
 
Include/Exclude User List

Select one of the following options, as appropriate:

  • Include all users in the list - Specifies that all of the users in the list are monitored by the event filter. Select this option when you only want to monitor specific users.
  • Exclude all users in the list - Specifies that all the users except those in the list are monitored by the event filter. Select this option when you want to monitor all the users, except for a few specific users, which you want to exclude from the event filter.
Disable Case Sensitivity If you select this option, the event filter makes filter comparisons in a case-independent manner.
 
List of Categories

Click  button to provide category details for the events you want to monitor.

Category Name Specify the category name associated with the events that you want to monitor or exclude from monitoring.
OK Click to save the configuration.
Cancel Click to close the dialog.
 
Include/Exclude Category List

Select one of the following options, as appropriate:

  • Include all categories in the list - Specifies that all of the categories in the list are monitored by the event filter. Select this option when you only want to monitor specific categories.
  • Exclude all categories in the list - Specifies that all the categories except those in the list are monitored by the event filter. Select this option when you want to monitor all the categories, except for a few specific categories, which you want to exclude from the event filter.
Disable Case Sensitivity If you select this option, the event filter makes filter comparisons in a case-independent manner.
 
String Details Click  button to provide string details associated with the events you want to monitor.
Include String

Specify the string associated with the events that you want to include for monitoring.

When entering a string that includes special characters that are used in regular expressions, such as a dollar sign ($), a period (.), a parenthesis (), or a slash (), you must escape each special character with a slash. For example, if the string is $Error, you must enter the string as \$Error.

OK Click to save the configuration.
Cancel Click to close the dialog.
Exclude String

Specify the string associated with the events that you want to exclude for monitoring.

When entering a string that includes special characters that are used in regular expressions, such as a dollar sign ($), a period (.), a parenthesis (), or a slash (), you must escape each special character with a slash. For example, if the string is $Error, you must enter the string as \$Error.

Disable Case Sensitivity If you select this option, the event filter makes filter comparisons in a case-independent manner.
OK Click to save the configuration.
Cancel Click to close the dialog.
Close Click this option to save your details
Computer Details

Click to provide details regarding the computers associated with the events that you want to monitor.

Computer Name Specify the computer associated with the events that you want to monitor or exclude from monitoring.
OK Click to save the configuration.
Cancel Click to close the dialog.
Include/Exclude User List  Select one of the following options, as appropriate:
  • Include all computers in the list - Specifies that all of the computers in the list are monitored by the event filter. Select this option when you only want to monitor computers.
  • Exclude all computers in the list - Specifies that all the computers except those in the list are monitored by the event filter. Select this option when you want to monitor all the computers, except for a few specific computers, which you want to exclude from the event filter.
Disable Case Sensitivity  Select this check box to disable case sensitivity for computer comparison.
OK Click to save the configuration.
Cancel Click to close the dialog.