Windows Remote Monitoring (NT_REMOTE_CONTAINER)

Acts as a container KM and hosts the instances of all remote hosts. This KM provides all the menu commands and tasks required to configure remote hosts for monitoring.

Note

The Windows Remote Monitoring monitor type in BMC ProactiveNet Performance Management is referred as the NT_REMOTE_CONTAINER application class in BMC PATROL.

This application class appears as the Remote Monitoring in the console.

The NT_REMOTE_CONTAINER application class contains the following menu commands:

Menu command

Description

Configure Remote Hosts

Displays the Configure Remote Host Monitoring dialog box, which allows you to add, modify or remove hosts.

Configure Profiles

Displays the Configure Profiles dialog box, which allows you to add, modify or remove profiles.

InfoBox

The following information is displayed on the NT_REMOTE_CONTAINER InfoBox:

Item

Description

KM Version

Version number of the KM

Attributes (parameters)

The attributes available for this monitor type are as follows.

Configuring Windows Remote Monitoring 

On the Add Monitor Types dialog, with the Monitoring Profile set to Remote Monitoring, and the Monitor Type set to Windows Remote Monitoring, provide the following details:

Note

Local monitoring will be disabled by default unless any monitoring profile is configured explicitly for local monitoring. Thus there will not be local monitoring if only remote monitoring profile is configured. 



Note

Local monitoring will be disabled by default unless any monitoring profile is configured explicitly for local monitoring. Thus there will not be local monitoring if only remote monitoring profile is configured. 

On the Add Monitor Types dialog box, with the Monitoring Profile set to Remote Monitoring, and the Monitor Type set to Windows Remote Monitoring, provide the following details:

FieldDescription
Remote Host Configuration
Host Details
Remote host names
Host Names/File Path

Specify the host name of the server in either of the following options:

  • Single host name or IP address.
  • If you want to use the same configuration for multiple hosts, enter a comma separated list of host names or IP addresses with common credentials.
  • If you want to use the same configuration for large number of hosts, you can configure the remote hosts from a file (.txt, .csv). Enter the absolute path to the file that includes a list of host names or IP addresses.
    For example, the file path can be C:\PROGRA~2\BMCSOF~1\Patrol3\log\WinProductionHosts.txt or %PATROL_HOME%\log\WinProductionHosts.txt.
    • The file must contain a list of comma separated host names or IP addresses *(with or without publish host names) that have common credentials.
    • The file must be located on the host which is running the PATROL Agent. BMC PATROL default account must have read permission on the directory where the file is located. The _ConfigStatus parameter indicates errors related to the input file.
  • A combination of all the earlier options.

Note: You can add a publish hostname to represent the host with different hostname or, if the Fully Qualified Domain name of the remote host cannot be retrieved. The publish hostname can be added in <hostname>;<publish_hostname> format. This format can be used in any of the above options.

Authentication

Select the type of authentication for adding the remote host.

  • Negotiate: Negotiate is selected for local computer accounts. In this option, the client sends a request to the server to authenticate. The user name should be specified as username for a local user on the server.
  • Kerberos:  Kerberos is selected to authenticate a domain account. In this option, the client and server mutually authenticate using Kerberos tickets. The user name should be specified as domain\username for a domain user.
Connection Protocol

Select the type of connection protocol for adding the remote host.

  • HTTP
  • HTTPS
Port NumberEnter the remote host port number.  By default, the port number is set to 5985 for HTTP and 5986 for HTTPS.
Reconnect Interval

This field has been introduced to enable the KM to auto reconnect to the remote host in case of access denied error due to server restart.

If you want the KM to auto reconnect to the remote host enter a value greater than the value of the collection interval of _Status parameter. By default the collection interval is 1 minute.

0 indicates the KM will not auto reconnect, if _Status parameter displays an Access denied error. 

Note: This might increase the probability of account lockout if the access denied error is genuine and not because of server restart. Consider your account lockout policy before entering this value. 

User Credentials
User Name

Enter the common user name to connect to the remote host. By default the value is $USERNAME.

Note: If you continue with the default username then default PATROL account is used to connect remote hosts and hence the password field is ignored.

PasswordEnter the common password of the hosts added in the Host Names/File Path field.
Confirm PasswordReconfirm the password that you entered in the field above.
Monitor Configuration
Operating System Monitoring
Monitoring optionsSpecify one of the following options:
  • Disable OS Monitoring: This option disables both Standard and Advance monitoring options. You can select this option whenever you want to use only the Custom monitoring.
  • Standard Monitoring: This option enables all the Standard monitors by default and cannot be disabled. Also, this monitoring option does not monitor any advance monitoring options.
  • Advance Monitoring: This option monitors both windows Standard and Windows advanced configurations. Advance monitors need to be enabled explicitly. In this option, you can enable and disable all the configuration types.
Advanced Monitor Configuration
  • MemorySelect this check box to enable Memory monitoring.
  • Health: Select this check box to enable Health monitoring.
  • Cache: Select this check box to enable Cache monitoring.
  • System: Select this check box to enable System monitoring.
  • Processor*: Select this check box to enable Processor monitoring.
  • Network*: Select this check box to enable Network monitoring.
  • Physical Disk*: Select this check box to enable Physical Disk monitoring.
  • Logical Disk*: Select this check box to enable Logical Disk monitoring.
  • Page File*: Select this check box to enable Page File monitoring.
  • Process*: Select this check box to enable Process monitoring.
  • Service*: Select this check box to enable Service monitoring.
  • Event Log*: Select this check box to enable Event Log monitoring.
  • WMI*

* indicates additional configuration is required for monitoring.

Processor Configuration

Processor: Select this check box to enable processors (CPU) monitoring. All processors discovered on the system are monitored by default.

Field Description
Exclude Criteria

Specify a comma-separated list of processor instances that you want to exclude from monitoring.

For example: 0,1,2

Include Criteria

Specify a comma-separated list of processor instances that you want to include for monitoring.

For example: 0,1,2

Network Configuration

Network: Select this check box to enable monitoring of network interfaces. All network interfaces discovered on the system are monitored by default.

Field Description
Exclude Criteria

Specify a comma-separated list of network interface instances that you want to exclude from monitoring.

For example: Local Area Connection,6TO4 Adapter

Include Criteria

Specify a comma-separated list of network interface instances that you want to include for monitoring.

For example: Local Area Connection,6TO4 Adapter

Physical Disk Configuration

Physical Disk: Select this check box to enable monitoring of the physical disks. All physical disks discovered on the system are monitored by default.

Field Description
Exclude Criteria

Specify a comma-separated list of physical disk instances to exclude from monitoring.

For example: 0,1,2

Include Criteria

Specify a comma-separated list of physical disk instances to include for monitoring.

For example: 0,1,2

Logical Disk Configuration

Logical Disk: Select this check box to enable monitoring of the logical disks. All logical disks discovered on the system are monitored by default.

Field Description
Exclude Criteria

Specify a comma-separated list of logical disk instances to exclude from monitoring.

For example: C:,D:,E:

Include Criteria

Specify a comma-separated list of logical disk instances to include for monitoring.

For example: C:,D:,E:

Page File Configuration

Page File : Select this check box to enable PageFile monitoring. All pagefiles discovered on the system are monitored by default.

Field Description
Exclude Criteria

Specify a comma-separated list of paging file instances that you want to exclude from monitoring.

For example: _Total,C:\pagefile.sys.

Include Criteria

Specify a comma-separated list of paging file instances that you want to include for monitoring.

For example: _Total,C:\pagefile.sys.

Process Configuration

Process: Select this check box to enable Process monitoring. By default, PATROL does not monitor any processes. When configuring monitoring for a specific process, you can use the methods shown below:

Process monitoring methods:

Manual process monitoring: Use when you want to select or specify the processes to monitor and you want to customize how PATROL monitors them.

Automatic process monitoring: Use when you want to monitor a process only if it exceeds a specified CPU utilization percentage.

List of Processes: Click  button to configure the process manually. 
Process Specification
Configure Process Monitoring 

Process Label

Specify a label to identify a group of processes. The input that you specify must match the regular expression pattern, '^[0-9a-zA-Z_]+$'.

Process Name

Specify a name or a regular expression pattern that matches the names of processes that must be monitored. Enter only the process name without extension.

Example: If the process name is Notepad, enter Notepad. Do not enter Notepad.exe.

Use Regular Expression for Process Name Select this check box if you want to monitor all the processes that contain the process name specified.

Process Arguments

Specify the command line arguments for the processes that you want to monitor.

Note:

  • To monitor a specific process, enter the process arguments.
  • To monitor all the instances of the same process, enter wildcard asterisk ( * )
  • If the process argument field is left blank, only the process with no arguments will be monitored.

Example:

C:\Windows\system32\svchost.exe -k NetworkService 
C:\Windows\system32\svchost.exe is considered as no arguments and -k NetworkService is considered as arguments

Use Regular Expression for Process Argument Select this check box to enter process command line arguments using regular expression pattern.
Minimum Count Specify a value so that an alarm is raised if the process count drops under this value.
Maximum Count Specify a value so that an alarm is raised if the process count rises above this value.
Acceptable Process Owner Specify a name or regular expression pattern that matches the name of the acceptable process owner.
Use Process Owners for Filtering Select this check box if you want to filter processes based on the process owners.
 Process Settings  
Generate alarm on Process stop Select this check box to generate an alarm when the process stops.
Generate alarm on Process start Select this check box to generate an alarm when the process starts.
OK Click to save the configuration.
Cancel Click to close the configuration window.
Automatic Process Monitoring 
CPU Threshold in % Specify the CPU threshold (in %) for automatic process monitoring. The input that you specify must match the regular expression pattern, '^[0-9]+$'.

By default, this value is set to 90.

Time Duration in secs Specify the time limit (in seconds) to start the automatic process monitoring. The input that you specify must match the regular expression pattern, '^[0-9]+$'. By default, this value is set to 300.

Service Configuration

Service: Select this check box to enable Service monitoring. PATROL monitors the availability of all system services except for those where the start-up type is disabled. You can change the monitoring properties of the monitored services or add other services to monitor. The following table shows you how the KM monitors each start-up type by default.

Default service monitoring flags

Startup type

Auto restart

Alarm

Automatic

1

1

Manual

0

0

Disabled

0

0

Note

With 5.0.00 version, exclude operation is independent of the include operation. You can use Exclude Services to exclude objects, regardless of any include rules specified in the Include Services option.

 You can now create a policy with Service Exclusions only.

Service Configuration
Disable Automatic Restart Select this check box to disable automatic re-start of the services configured.
Disable Alert For Paused Services Select this check box to disable alerts for paused services.
List of Included Services
Service Details
Generate an Alarm/Warning when service is stopped By default, when a service is stopped, PATROL generates an Alarm. However, for a particular service, you can specify a Warning instead. This feature is only for services with a startup type of Automatic.
Alert State Select one of the following options to define the type of alert you want to raise when the service stops:
  • Alarm
  • Warning
Restart service when stopped Select this check box to restart a stopped process.
Enable process monitoring for the services

This option enables monitoring of the process that is associated with the configured Service.

By default, PATROL monitors only whether services are available. To monitor how much memory and CPU a service executable consumes, you must enable process monitoring for the service. When you enable process monitoring, PATROL monitors the service executable process and displays the monitored process beneath the NT_SERVICE application.

Use command line for non-responsive services Select this check box to use the specified command line.
Command line This option is used for the non-responsive services.
Service Name
Service Name

Specify a Display Name or Service Name to add the service for monitoring. Grep regular expressions are supported in the Display Name field.

The KM uses \| characters for OR operation instead of | character.

Example:

  • ^Windows.*\|^Application.*
  • ^Device Association.*\|^Device Setup.*
Use Display Name

Select this option to add services by using Display Name or clear this option to add services using Service Name. 

Service Startup Type
Automatic

Select this check box to monitor the services with Automatic Startup Type. This check box is enabled by default.

Note

If you are using BMC PATROL for Microsoft Windows Servers 5.1, use this check box for the following Startup Types - Automatic, Automatic (Trigger Start), and Automatic (Delayed Start). For BMC PATROL for Microsoft Windows Servers 5.1.10 and later, separate check boxes for trigger and delayed startup type services are provided.

Automatic Delayed Start

Select this check box to monitor the services with Automatic (Delayed Start) Startup Type. This check box is enabled by default.

Note

A separate check box for Automatic (Delayed Start) startup types is provided for local monitoring of services only. Such a check box is not available for remote services.

Automatic Trigger Start

Select this check box to monitor the services with Automatic (Trigger Start) Startup Type. This check box is enabled by default.

Note

A separate check box for Automatic (Trigger Start) startup types is provided for local monitoring of services only. Such a check box is not available for remote services.

Manual Select this check box to monitor the services with Startup Type as Manual, Manual (Trigger Start). This check box is enabled by default.
Disabled Select this check box to monitor the services with Startup Type as Disabled.
Exclude Services
List of Excluded Services
Service Name Specify a Display Name or Service Name to add the service for monitoring. Regular expressions are supported only for Display Name.
Use Display Name Select this option to exclude services by using Display Name or clear this option to exclude services by using Service Name.
Event Log Configuration 

Event Log: Select this check box to enable Event Log monitoring. By default, all Windows event logs are monitored if they are registered in the Windows registry at the following location: 

HKLM\SYSTEM\CurrentControlSet\Services\Eventlog 

List of Event Logs: Click  button to configure the event logs. 
Log Name

Specify the event log name for which you want to create a filter.

List of Filters:  Click  button to filter the event logs. 
Name

Enter a unique name that represents the event filter, and follows these rules:

  • The filter name cannot exceed 127 characters.
  • The filter name cannot use the following format: user@domain.com. If this format is used for the filter name, the filter fails to filter events.
Description Enter a short description of the filter you are creating. This is additional information regarding the filter and you can change the description at any time.
Report/Notify

Select one of the following options, as appropriate:

Source Details Click  button to configure the source name. 
Name Specify the event log source name or a regular expression.
OK Click to save the configuration.
Cancel Click to close the dialog.
 
Use name as a regular expression Select this check box if you specified a regular expression in the Name field.
Disable case sensitivity

Select this check box to disable case sensitivity for the source filtering.

You can specify whether to make filter comparisons in a case-independent manner for the source, user, category, and string options of a Windows event filter. To disable case-independent comparisons for any of the options, ensure that the corresponding Disable Case Sensitivity check box while configuring windows event monitoring is cleared.

The /PSX_P4WinSrvs/PWK_PKMforMSWinOS_config/EventLogMonitoring/eventlog/EventFilters/filter/FilterDisableCase configuration variable stores information about case-sensitivity of the event filter options.

This variable has five bit values, depending upon case sensitivity, one bit corresponding to each of Source, User, Category, String, and Computer name, respectively. If any bit value is 1, a case-independent filter comparison is made for the corresponding field.

You can set this variable to either of the following values:

  • 00000 = none checked (default)
  • 11111 = all 5 categories checked
  • A combination of 0s and 1s, depending on which of the 5 categories were checked

To disable case-sensitivity in the event filters, set the value of the FilterDisableCase configuration variable to 00000.

Include/Exclude Source List

Select one of the following options, as appropriate:

  • Include all event sources in the list
  • Exclude all event sources in the list
Event Type Details This option helps you to configure event details.
Event Types to Monitor

Select one or more of the following event types to use in the filter for monitoring.

  • Critical
  • Error
  • Warning
  • Information
  • Verbose
  • Success_Audit
  • Failure_Audit
  • Others
Consolidate event types when reporting
  • Select this option if you want various types of events (for example, Warning, Information, Error) to be reported by using one parameter, ELMStatus (or ELMNotification if you configured to be notified immediately when an error occurs while defining the Report/Notify option).
  • Clear this check box, if you want to have separate parameters for each event type that can raise alarms independently.
Event ID Details Click  button to configure event ID details. 
Windows Event ID(s)

You can select one or more multiple IDs in the following ways:

  • Single event ID. For example: 100
  • Comma-separated list of multiple event IDs. For example: 100,110,120
  • Range of event IDs. For example: 100-120
  • Regular expression. For example: 1[0-5]3
 
Use Event ID as a regular expression Select this check box if you specified a regular expression in the Windows Event ID(s) field.
Include/Exclude Event ID List

Select one of the following options, as appropriate:

  • Include all event IDs in the list
  • Exclude all event IDs in the list
Event Handling Choose how to handle your Windows events.
Annotate Graph parameter with event details Select this check box to annotate event details to Graph parameters.
Write event details to a text parameter Select this check box to add event details to text parameters.
Use event details for a recovery action Select this check box to enable using the event details for recovery actions.
Report multiple events as a single event when the event occurs

Specify the number of events that must be reported as a single event depending on the value that you specify in the Time within seconds field.

By default, this value is set to 1.

Time within seconds

Specify the number of seconds that must be used for reporting multiple events as a single event.

By default, this value is set to 0.

Enter text automatic or Filter name to Acknowledge Alarm

Specify how you want to acknowledge the alarm raised by the event filter. You can specify one of the following values:

  • automatic: If you specify automatic, then PATROL acknowledges alarms and returns the filter to an OK state if the filter criteria are not met during the most recent collection cycle. In other words, if the events you are monitoring do not occur during the collection cycle, the event filter state is changed back to OK. With this option you are not actively monitoring for alarms, you might not notice when the monitored events occurs because any alarms will be reset during the next collection cycle if the monitored events do not re-occur. Note: With this option, PATROL cannot acknowledge the alarm or return the filter to an OK state.
  • filterName: If you specify the filter name, then PATROL changes the filter state from an alarm state to an OK state when the criteria of a second event filter are met. To use this option, you must create an event filter that monitors for the required event and that is configured to notify PATROL immediately when that filter criteria is met, and then specify the filter name in this field.

By default, this value is set to automatic.

Advanced Properties Click this tab to specify advanced properties for events.
List of Users Click  button to configure user details. 
User Name Specify the user name associated with the events that you want to monitor or exclude from monitoring.
OK Click to save the configuration.
Cancel Click to close the dialog.
 
Include/Exclude User List

Select one of the following options, as appropriate:

  • Include all users in the list - Specifies that all of the users in the list are monitored by the event filter. Select this option when you only want to monitor specific users.
  • Exclude all users in the list - Specifies that all the users except those in the list are monitored by the event filter. Select this option when you want to monitor all the users, except for a few specific users, which you want to exclude from the event filter.
Disable Case Sensitivity If you select this option, the event filter makes filter comparisons in a case-independent manner.
 
List of Categories

Click  button to provide category details for the events you want to monitor.

Category Name Specify the category name associated with the events that you want to monitor or exclude from monitoring.
OK Click to save the configuration.
Cancel Click to close the dialog.
 
Include/Exclude Category List

Select one of the following options, as appropriate:

  • Include all categories in the list - Specifies that all of the categories in the list are monitored by the event filter. Select this option when you only want to monitor specific categories.
  • Exclude all categories in the list - Specifies that all the categories except those in the list are monitored by the event filter. Select this option when you want to monitor all the categories, except for a few specific categories, which you want to exclude from the event filter.
Disable Case Sensitivity If you select this option, the event filter makes filter comparisons in a case-independent manner.
 
String Details Click  button to provide string details associated with the events you want to monitor.
Include String

Specify the string associated with the events that you want to include for monitoring.

When entering a string that includes special characters that are used in regular expressions, such as a dollar sign ($), a period (.), a parenthesis (), or a slash (), you must escape each special character with a slash. For example, if the string is $Error, you must enter the string as \$Error.

OK Click to save the configuration.
Cancel Click to close the dialog.
Exclude String

Specify the string associated with the events that you want to exclude for monitoring.

When entering a string that includes special characters that are used in regular expressions, such as a dollar sign ($), a period (.), a parenthesis (), or a slash (), you must escape each special character with a slash. For example, if the string is $Error, you must enter the string as \$Error.

Disable Case Sensitivity If you select this option, the event filter makes filter comparisons in a case-independent manner.
OK Click to save the configuration.
Cancel Click to close the dialog.
Close Click this option to save your details
Computer Details

Click to provide details regarding the computers associated with the events that you want to monitor.

 

Computer Name Specify the computer associated with the events that you want to monitor or exclude from monitoring.
OK Click to save the configuration.
Cancel Click to close the dialog.
Include/Exclude User List  Select one of the following options, as appropriate:
  • Include all computers in the list - Specifies that all of the computers in the list are monitored by the event filter. Select this option when you only want to monitor computers.
  • Exclude all computers in the list - Specifies that all the computers except those in the list are monitored by the event filter. Select this option when you want to monitor all the computers, except for a few specific computers, which you want to exclude from the event filter.
Disable Case Sensitivity  Select this check box to disable case sensitivity for computer comparison.
OK Click to save the configuration.
Cancel Click to close the dialog.

Custom Monitoring 
WMI Monitors
List of Parameters: Click to configure WMI.
Parameter Name Enter the WMI parameter name. For example: CDrive_FreeSpace.
Namespace Specify the namespace you want to connect. By default it is root\\cimv2
WMI Query

Enter the WMI query. For example: select FreeSpace from win32_logicaldisk WHERE DeviceID='C:'

Note: The WMI Query must return a numeric value.

Scaling Factor Enter a value between 1 and 2147483647, to scale down value that cannot be directly set to parameters, such as WMI queries that return 64-bit integer value.
 Raw Counter Data Configurations
Formatted Raw Counter Data

Select the checkbox to display a normalize formatted performance data.

Note: You can select this check box only for Win32_PerfRawData WMI classes. For more information, see  Performance counters supported through Win32_PerfRawData WMI class

Counter Type Specify the counter type qualifier for properties in Win32_PerfRawData classes. To see more on counter type configuration click here.
OK Click to save the configuration.
Cancel Click to close the dialog.


Was this page helpful? Yes No Submitting... Thank you

Comments