Windows Remote Monitoring (NT_REMOTE_CONTAINER)

Acts as a container KM and hosts the instances of all remote hosts. This KM provides all the menu commands and tasks required to configure remote hosts for monitoring.

Note

The Windows Remote Monitoring monitor type in BMC ProactiveNet Performance Management is referred as the NT_REMOTE_CONTAINER application class in BMC PATROL.

This application class appears as the Remote Monitoring in the console.

The NT_REMOTE_CONTAINER application class contains the following menu commands:

Menu command	Description
Configure Remote Hosts	Displays the Configure Remote Host Monitoring dialog box, which allows you to add, modify or remove hosts.
Configure Profiles	Displays the Configure Profiles dialog box, which allows you to add, modify or remove profiles.

InfoBox

The following information is displayed on the NT_REMOTE_CONTAINER InfoBox:

Item	Description
KM Version	Version number of the KM

Attributes (parameters)

The attributes available for this monitor type are as follows.

Configuration Status (_ConfigStatus)

Configuring Windows Remote Monitoring

On the Add Monitor Types dialog, with the Monitoring Profile set to Remote Monitoring, and the Monitor Type set to Windows Remote Monitoring, provide the following details:

Note

Local monitoring will be disabled by default unless any monitoring profile is configured explicitly for local monitoring. Thus there will not be local monitoring if only remote monitoring profile is configured.

Note

Local monitoring will be disabled by default unless any monitoring profile is configured explicitly for local monitoring. Thus there will not be local monitoring if only remote monitoring profile is configured.

On the Add Monitor Types dialog box, with the Monitoring Profile set to Remote Monitoring, and the Monitor Type set to Windows Remote Monitoring, provide the following details:

Field	Description
Remote Host Configuration
Host Details
Remote host names
Host Names/File Path	Specify the host name of the server in either of the following options: Single host name or IP address. If you want to use the same configuration for multiple hosts, enter a comma separated list of host names or IP addresses with common credentials. If you want to use the same configuration for large number of hosts, you can configure the remote hosts from a file (.txt, .csv). Enter the absolute path to the file that includes a list of host names or IP addresses. For example, the file path can be C:\PROGRA~2\BMCSOF~1\Patrol3\log\WinProductionHosts.txt or %PATROL_HOME%\log\WinProductionHosts.txt. The file must contain a list of comma separated host names or IP addresses (with or without publish host names) that have common credentials. The file must be located on the host which is running the PATROL Agent. BMC PATROL default account must have read permission on the directory where the file is located. The _ConfigStatus* parameter indicates errors related to the input file. A combination of all the earlier options. Note: You can add a publish hostname to represent the host with different hostname or, if the Fully Qualified Domain name of the remote host cannot be retrieved. The publish hostname can be added in <hostname>;<publish_hostname> format. This format can be used in any of the above options.
Authentication	Select the type of authentication for adding the remote host. Negotiate: Negotiate is selected for local computer accounts. In this option, the client sends a request to the server to authenticate. The user name should be specified as username for a local user on the server. Kerberos: Kerberos is selected to authenticate a domain account. In this option, the client and server mutually authenticate using Kerberos tickets. The user name should be specified as domain\username for a domain user.
Connection Protocol	Select the type of connection protocol for adding the remote host. HTTP HTTPS
Port Number	Enter the remote host port number. By default, the port number is set to 5985 for HTTP and 5986 for HTTPS.
Reconnect Interval	This field has been introduced to enable the KM to auto reconnect to the remote host in case of `access denied` error due to server restart. If you want the KM to auto reconnect to the remote host enter a value greater than the value of the collection interval of _Status parameter. By default the collection interval is 1 minute. 0 indicates the KM will not auto reconnect, if _Status parameter displays an `Access denied` error. Note: This might increase the probability of account lockout if the `access denied` error is genuine and not because of server restart. Consider your account lockout policy before entering this value.
User Credentials
User Name	Enter the common user name to connect to the remote host. By default the value is $USERNAME. Note: If you continue with the default username then default PATROL account is used to connect remote hosts and hence the password field is ignored.
Password	Enter the common password of the hosts added in the Host Names/File Path field.
Confirm Password	Reconfirm the password that you entered in the field above.
Monitor Configuration
Operating System Monitoring
Monitoring options	Specify one of the following options: Disable OS Monitoring: This option disables both Standard and Advance monitoring options. You can select this option whenever you want to use only the Custom monitoring. Standard Monitoring: This option enables all the Standard monitors by default and cannot be disabled. Also, this monitoring option does not monitor any advance monitoring options. Advance Monitoring: This option monitors both windows Standard and Windows advanced configurations. Advance monitors need to be enabled explicitly. In this option, you can enable and disable all the configuration types.
Advanced Monitor Configuration
Memory: Select this check box to enable Memory monitoring. Health: Select this check box to enable Health monitoring. Cache: Select this check box to enable Cache monitoring. System: Select this check box to enable System monitoring. Processor: Select this check box to enable Processor monitoring. Network: Select this check box to enable Network monitoring. Physical Disk: Select this check box to enable Physical Disk monitoring. Logical Disk: Select this check box to enable Logical Disk monitoring. Page File: Select this check box to enable Page File monitoring. Process: Select this check box to enable Process monitoring. Service: Select this check box to enable Service monitoring. Event Log: Select this check box to enable Event Log monitoring. WMI* * indicates additional configuration is required for monitoring.

Processor Configuration

Processor: Select this check box to enable processors (CPU) monitoring. All processors discovered on the system are monitored by default.

Field

Description

Exclude Criteria

Specify a comma-separated list of processor instances that you want to exclude from monitoring.

For example: 0,1,2

Include Criteria

Specify a comma-separated list of processor instances that you want to include for monitoring.

For example: 0,1,2

Network Configuration

Network: Select this check box to enable monitoring of network interfaces. All network interfaces discovered on the system are monitored by default.

Field

Description

Exclude Criteria

Specify a comma-separated list of network interface instances that you want to exclude from monitoring.

For example: Local Area Connection,6TO4 Adapter

Include Criteria

Specify a comma-separated list of network interface instances that you want to include for monitoring.

For example: Local Area Connection,6TO4 Adapter

Physical Disk Configuration

Physical Disk: Select this check box to enable monitoring of the physical disks. All physical disks discovered on the system are monitored by default.

Field

Description

Exclude Criteria

Specify a comma-separated list of physical disk instances to exclude from monitoring.

For example: 0,1,2

Include Criteria

Specify a comma-separated list of physical disk instances to include for monitoring.

For example: 0,1,2

Logical Disk Configuration

Logical Disk: Select this check box to enable monitoring of the logical disks. All logical disks discovered on the system are monitored by default.

Field

Description

Exclude Criteria

Specify a comma-separated list of logical disk instances to exclude from monitoring.

For example: C:,D:,E:

Include Criteria

Specify a comma-separated list of logical disk instances to include for monitoring.

For example: C:,D:,E:

Page File Configuration

Page File : Select this check box to enable PageFile monitoring. All pagefiles discovered on the system are monitored by default.

Field

Description

Exclude Criteria

Specify a comma-separated list of paging file instances that you want to exclude from monitoring.

For example: _Total,C:\pagefile.sys.

Include Criteria

Specify a comma-separated list of paging file instances that you want to include for monitoring.

For example: _Total,C:\pagefile.sys.

Process Configuration

Process: Select this check box to enable Process monitoring. By default, PATROL does not monitor any processes. When configuring monitoring for a specific process, you can use the methods shown below:

Process monitoring methods:

Manual process monitoring: Use when you want to select or specify the processes to monitor and you want to customize how PATROL monitors them.

Automatic process monitoring: Use when you want to monitor a process only if it exceeds a specified CPU utilization percentage.

Process Specification
List of Processes: Click button to configure the process manually.
Configure Process Monitoring
Process Label	Specify a label to identify a group of processes. The input that you specify must match the regular expression pattern, '^[0-9a-zA-Z_]+$'.
Process Name	Specify a name or a regular expression pattern that matches the names of processes that must be monitored. Enter only the process name without extension. Example: If the process name is Notepad, enter Notepad. Do not enter Notepad.exe.
Use Regular Expression for Process Name	Select this check box if you want to monitor all the processes that contain the process name specified.
Process Arguments	Specify the command line arguments for the processes that you want to monitor. Note: To monitor a specific process, enter the process arguments. To monitor all the instances of the same process, enter wildcard asterisk ( * ) If the process argument field is left blank, only the process with no arguments will be monitored. Example: C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe is considered as no arguments and -k NetworkService is considered as arguments
Use Regular Expression for Process Argument	Select this check box to enter process command line arguments using regular expression pattern.
Minimum Count	Specify a value so that an alarm is raised if the process count drops under this value.
Maximum Count	Specify a value so that an alarm is raised if the process count rises above this value.
Acceptable Process Owner	Specify a name or regular expression pattern that matches the name of the acceptable process owner.
Use Process Owners for Filtering	Select this check box if you want to filter processes based on the process owners.
Process Settings
Generate alarm on Process stop	Select this check box to generate an alarm when the process stops.
Generate alarm on Process start	Select this check box to generate an alarm when the process starts.
OK	Click to save the configuration.
Cancel	Click to close the configuration window.

Automatic Process Monitoring
CPU Threshold in %	Specify the CPU threshold (in %) for automatic process monitoring. The input that you specify must match the regular expression pattern, '^[0-9]+$'. By default, this value is set to 90.
Time Duration in secs	Specify the time limit (in seconds) to start the automatic process monitoring. The input that you specify must match the regular expression pattern, '^[0-9]+$'. By default, this value is set to 300.

Service Configuration

Service: Select this check box to enable Service monitoring. PATROL monitors the availability of all system services except for those where the start-up type is disabled. You can change the monitoring properties of the monitored services or add other services to monitor. The following table shows you how the KM monitors each start-up type by default.

Default service monitoring flags

Startup type	Auto restart	Alarm
Automatic	1	1
Manual	0	0
Disabled	0	0

Note

With 5.0.00 version, exclude operation is independent of the include operation. You can use Exclude Services to exclude objects, regardless of any include rules specified in the Include Services option.

You can now create a policy with Service Exclusions only.

Service Configuration
Disable Automatic Restart	Select this check box to disable automatic re-start of the services configured.
Disable Alert For Paused Services	Select this check box to disable alerts for paused services.
List of Included Services
Service Details
Generate an Alarm/Warning when service is stopped	By default, when a service is stopped, PATROL generates an Alarm. However, for a particular service, you can specify a Warning instead. This feature is only for services with a startup type of Automatic.
Alert State	Select one of the following options to define the type of alert you want to raise when the service stops: Alarm Warning
Restart service when stopped	Select this check box to restart a stopped process.
Enable process monitoring for the services	This option enables monitoring of the process that is associated with the configured Service. By default, PATROL monitors only whether services are available. To monitor how much memory and CPU a service executable consumes, you must enable process monitoring for the service. When you enable process monitoring, PATROL monitors the service executable process and displays the monitored process beneath the NT_SERVICE application.
Use command line for non-responsive services	Select this check box to use the specified command line.
Command line	This option is used for the non-responsive services.
Service Name
Service Name	Specify a Display Name or Service Name to add the service for monitoring. Grep regular expressions are supported in the Display Name field. The KM uses \\| characters for OR operation instead of \| character. Example: ^Windows.\\|^Application. ^Device Association.\\|^Device Setup.
Use Display Name	Select this option to add services by using Display Name or clear this option to add services using Service Name.
Service Startup Type
Automatic	Select this check box to monitor the services with Automatic Startup Type. This check box is enabled by default. Note If you are using BMC PATROL for Microsoft Windows Servers 5.1, use this check box for the following Startup Types - Automatic, Automatic (Trigger Start), and Automatic (Delayed Start). For BMC PATROL for Microsoft Windows Servers 5.1.10 and later, separate check boxes for trigger and delayed startup type services are provided.
Automatic Delayed Start	Select this check box to monitor the services with Automatic (Delayed Start) Startup Type. This check box is enabled by default. Note A separate check box for Automatic (Delayed Start) startup types is provided for local monitoring of services only. Such a check box is not available for remote services.
Automatic Trigger Start	Select this check box to monitor the services with Automatic (Trigger Start) Startup Type. This check box is enabled by default. Note A separate check box for Automatic (Trigger Start) startup types is provided for local monitoring of services only. Such a check box is not available for remote services.
Manual	Select this check box to monitor the services with Startup Type as Manual, Manual (Trigger Start). This check box is enabled by default.
Disabled	Select this check box to monitor the services with Startup Type as Disabled.
Exclude Services
List of Excluded Services
Service Name	Specify a Display Name or Service Name to add the service for monitoring. Regular expressions are supported only for Display Name.
Use Display Name	Select this option to exclude services by using Display Name or clear this option to exclude services by using Service Name.

Event Log Configuration

Event Log: Select this check box to enable Event Log monitoring. By default, all Windows event logs are monitored if they are registered in the Windows registry at the following location:

HKLM\SYSTEM\CurrentControlSet\Services\Eventlog

	List of Users	Click button to configure user details.
List of Event Logs: Click button to configure the event logs.
Log Name	Specify the event log name for which you want to create a filter.
List of Filters: Click button to filter the event logs.
Name	Enter a unique name that represents the event filter, and follows these rules: The filter name cannot exceed 127 characters. The filter name cannot use the following format: user@domain.com. If this format is used for the filter name, the filter fails to filter events.
Description	Enter a short description of the filter you are creating. This is additional information regarding the filter and you can change the description at any time.
Report/Notify	Select one of the following options, as appropriate: Report the number of events that match the filter criteria during each collection period - If you select this option, PATROL monitors the number of events that match the filter criteria during each collection cycle. Depending on which event types the filter monitors, the following parameters are used to report this data: Number of Error Events (ELMError) Number of Failure Audit Events (ELMFailureAudit) Number of Information Events (ELMInformation) Number of Other Type Events (ELMOtherTypes) Number of Events (ELMStatus) Number of Success Audit Events (ELMSuccessAudit) Number of Warning Events (ELMWarning) Notify immediately when an event matches the filter criteria - If you select this option, PATROL immediately changes a parameter to an alarm state when an event matches the filter criteria. Depending on which event types the filter monitors, the following parameters are displayed in an alarm state when an event matches the filter: Notifications of Error Events (ELMErrorNotification) Notifications of Failure Audit Events (ELMFailureAuditNotification) Notifications of Warning Events (ELMWarningNotification) Notifications of Windows Events (ELMNotification) (This parameter is active only when you have selected both of the option, Notify immediately and consolidate event types.
Source Details	Click button to configure the source name.
	Name	Specify the event log source name or a regular expression.
	OK	Click to save the configuration.
	Cancel	Click to close the dialog.

	Use name as a regular expression	Select this check box if you specified a regular expression in the Name field.
	Disable case sensitivity	Select this check box to disable case sensitivity for the source filtering. You can specify whether to make filter comparisons in a case-independent manner for the source, user, category, and string options of a Windows event filter. To disable case-independent comparisons for any of the options, ensure that the corresponding Disable Case Sensitivity check box while configuring windows event monitoring is cleared. The /PSX_P4WinSrvs/PWK_PKMforMSWinOS_config/EventLogMonitoring/eventlog/EventFilters/filter/FilterDisableCase configuration variable stores information about case-sensitivity of the event filter options. This variable has five bit values, depending upon case sensitivity, one bit corresponding to each of Source, User, Category, String, and Computer name, respectively. If any bit value is 1, a case-independent filter comparison is made for the corresponding field. You can set this variable to either of the following values: 00000 = none checked (default) 11111 = all 5 categories checked A combination of 0s and 1s, depending on which of the 5 categories were checked To disable case-sensitivity in the event filters, set the value of the FilterDisableCase configuration variable to 00000.
	Include/Exclude Source List	Select one of the following options, as appropriate: Include all event sources in the list Exclude all event sources in the list
Event Type Details	This option helps you to configure event details.
	Event Types to Monitor	Select one or more of the following event types to use in the filter for monitoring. Critical Error Warning Information Verbose Success_Audit Failure_Audit Others
	Consolidate event types when reporting	Select this option if you want various types of events (for example, Warning, Information, Error) to be reported by using one parameter, ELMStatus (or ELMNotification if you configured to be notified immediately when an error occurs while defining the Report/Notify option). Clear this check box, if you want to have separate parameters for each event type that can raise alarms independently.
Event ID Details	Click button to configure event ID details.
	Windows Event ID(s)	You can select one or more multiple IDs in the following ways: Single event ID. For example: 100 Comma-separated list of multiple event IDs. For example: 100,110,120 Range of event IDs. For example: 100-120 Regular expression. For example: 1[0-5]3

	Use Event ID as a regular expression	Select this check box if you specified a regular expression in the Windows Event ID(s) field.
	Include/Exclude Event ID List	Select one of the following options, as appropriate: Include all event IDs in the list Exclude all event IDs in the list
Event Handling	Choose how to handle your Windows events.
	Annotate Graph parameter with event details	Select this check box to annotate event details to Graph parameters.
	Write event details to a text parameter	Select this check box to add event details to text parameters.
	Use event details for a recovery action	Select this check box to enable using the event details for recovery actions.
	Report multiple events as a single event when the event occurs	Specify the number of events that must be reported as a single event depending on the value that you specify in the Time within seconds field. By default, this value is set to 1.
	Time within seconds	Specify the number of seconds that must be used for reporting multiple events as a single event. By default, this value is set to 0.
	Enter text automatic or Filter name to Acknowledge Alarm	Specify how you want to acknowledge the alarm raised by the event filter. You can specify one of the following values: automatic: If you specify automatic, then PATROL acknowledges alarms and returns the filter to an OK state if the filter criteria are not met during the most recent collection cycle. In other words, if the events you are monitoring do not occur during the collection cycle, the event filter state is changed back to OK. With this option you are not actively monitoring for alarms, you might not notice when the monitored events occurs because any alarms will be reset during the next collection cycle if the monitored events do not re-occur. Note: With this option, PATROL cannot acknowledge the alarm or return the filter to an OK state. filterName: If you specify the filter name, then PATROL changes the filter state from an alarm state to an OK state when the criteria of a second event filter are met. To use this option, you must create an event filter that monitors for the required event and that is configured to notify PATROL immediately when that filter criteria is met, and then specify the filter name in this field. By default, this value is set to automatic.
Advanced Properties	Click this tab to specify advanced properties for events.
	User Name	Specify the user name associated with the events that you want to monitor or exclude from monitoring.
	OK	Click to save the configuration.
	Cancel	Click to close the dialog.

	Include/Exclude User List	Select one of the following options, as appropriate: Include all users in the list - Specifies that all of the users in the list are monitored by the event filter. Select this option when you only want to monitor specific users. Exclude all users in the list - Specifies that all the users except those in the list are monitored by the event filter. Select this option when you want to monitor all the users, except for a few specific users, which you want to exclude from the event filter.
	Disable Case Sensitivity	If you select this option, the event filter makes filter comparisons in a case-independent manner.

	List of Categories	Click button to provide category details for the events you want to monitor.
	Category Name	Specify the category name associated with the events that you want to monitor or exclude from monitoring.
	OK	Click to save the configuration.
	Cancel	Click to close the dialog.

	Include/Exclude Category List	Select one of the following options, as appropriate: Include all categories in the list - Specifies that all of the categories in the list are monitored by the event filter. Select this option when you only want to monitor specific categories. Exclude all categories in the list - Specifies that all the categories except those in the list are monitored by the event filter. Select this option when you want to monitor all the categories, except for a few specific categories, which you want to exclude from the event filter.
	Disable Case Sensitivity	If you select this option, the event filter makes filter comparisons in a case-independent manner.

	String Details	Click button to provide string details associated with the events you want to monitor.
	Include String	Specify the string associated with the events that you want to include for monitoring. When entering a string that includes special characters that are used in regular expressions, such as a dollar sign ($), a period (.), a parenthesis (), or a slash (), you must escape each special character with a slash. For example, if the string is $Error, you must enter the string as \$Error.
	OK	Click to save the configuration.
	Cancel	Click to close the dialog.
	Exclude String	Specify the string associated with the events that you want to exclude for monitoring. When entering a string that includes special characters that are used in regular expressions, such as a dollar sign ($), a period (.), a parenthesis (), or a slash (), you must escape each special character with a slash. For example, if the string is $Error, you must enter the string as \$Error.
	Disable Case Sensitivity	If you select this option, the event filter makes filter comparisons in a case-independent manner.
	OK	Click to save the configuration.
	Cancel	Click to close the dialog.
	Close	Click this option to save your details
	Computer Details	Click to provide details regarding the computers associated with the events that you want to monitor.
	Computer Name	Specify the computer associated with the events that you want to monitor or exclude from monitoring.
	OK	Click to save the configuration.
	Cancel	Click to close the dialog.
	Include/Exclude User List	Select one of the following options, as appropriate: Include all computers in the list - Specifies that all of the computers in the list are monitored by the event filter. Select this option when you only want to monitor computers. Exclude all computers in the list - Specifies that all the computers except those in the list are monitored by the event filter. Select this option when you want to monitor all the computers, except for a few specific computers, which you want to exclude from the event filter.
	Disable Case Sensitivity	Select this check box to disable case sensitivity for computer comparison.
OK	Click to save the configuration.
Cancel	Click to close the dialog.

Custom Monitoring
WMI Monitors
List of Parameters: Click to configure WMI.
Parameter Name	Enter the WMI parameter name. For example: CDrive_FreeSpace.
Namespace	Specify the namespace you want to connect. By default it is root\\cimv2
WMI Query	Enter the WMI query. For example: select FreeSpace from win32_logicaldisk WHERE DeviceID='C:' Note: The WMI Query must return a numeric value.
Scaling Factor	Enter a value between 1 and 2147483647, to scale down value that cannot be directly set to parameters, such as WMI queries that return 64-bit integer value.
Raw Counter Data Configurations
Formatted Raw Counter Data	Select the checkbox to display a normalize formatted performance data. Note: You can select this check box only for Win32_PerfRawData WMI classes. For more information, see Performance counters supported through Win32_PerfRawData WMI class.
Counter Type	Specify the counter type qualifier for properties in Win32_PerfRawData classes. To see more on counter type configuration click here.
OK	Click to save the configuration.
Cancel	Click to close the dialog.

Windows Remote Monitoring (NT_REMOTE_CONTAINER)

InfoBox

Attributes (parameters)

Configuring Windows Remote Monitoring

Comments