Defining monitor policies

Monitor policies are a set of rules that enable administrators to deploy configurations to PATROL Agents by using monitoring solutions. Monitor policies provide instructions and information about what information to monitor. For example, you can collect information about the CPU and memory utilization of your Windows environment.

A monitor policy is applied to the PATROL Agents based on conditions such as Agent name, Agent port, Agent version, Agent tag, and so on. PATROL Agents collect performance data and generate events for availability metrics. 

When PATROL Agents are deployed and monitor policies are configured, the Agents receive the appropriate configuration and begin monitoring. When an existing policy is modified, the changes are automatically applied to the Agents.

As a tenant administrator, you can create, edit, delete, copy, enable or disable, and filter monitor policies. You can also view an audit trail of all updates made to monitor policies.

Related topics

Restricting-data-collection-for-monitor-attributes

BMC Helix Audit Dashboard for the Audit Trail dashboard


Policy precedence

Policy precedence is the priority for policy execution. It ranges from 0 to 999. A lower number indicates a higher priority. Policy precedence controls the configuration applied to the PATROL Agents and servers when conflicting or overlapping configurations are defined between two or more monitor policies.

If two policies attempt to manage the same variable, such as /AgentSetup/historyRetentionPeriod, the PATROL Agent resolves the conflict by evaluating the precedence of the involved policies. Consider the following examples:

BMC recommends that you define a precedence numbering system. This can help you group related monitor policies to the numeric ranges of the precedence numbers.

Important: Do not use the same precedence value

BMC recommends that you do not use the same precedence values for different policies. In such a scenario, the policies behave in the following way:

  • If polices with the same precedence value have the same KM parameters with different threshold settings, and they apply to different platforms, the policy with the latest time stamp is applied.
  • If policies with the same precedence value have different KM parameters, and they apply to the same host, both policies are applied.

See the following table for some suggestions:

Tip: Assigning precedence numbers

Assign precedence numbers starting with the highest number in the range and then continue in the descending order. By doing so, you can leave the lower numbers in the range for specific use cases.


File-based monitoring

When you configure a monitor policy, you can upload configuration files for Agents that support file-based monitoring, where configuration files store all the required information for monitoring, such as the remote host name. You do not have to upload the configuration files manually on each Agent that supports file-based monitoring. You can add a single or multiple configuration files for an Agent while creating the monitor policy.

Scenario

Sarah is an administrator at Apex Global. She uploads configuration files on PATROL Agents so that the knowledge modules (KMs) or monitoring solutions can collect data based on the inputs in the files. Sarah is looking for an alternative to manually uploading the files because of the following challenges:

  • Sarah needs to log in to each PATROL Agent while she uploads the file. She does not always have access to each PATROL Agent every time and needs to rely on other administrators to complete her work.
  • She needs to configure the monitoring separately for every file that she uploads.

Can Sarah find a solution to both these challenges?

Yes!
Sarah can now upload configuration files while she creates or edits a monitor policy in BMC Helix Operations Management. She can include multiple configuration files in the same policy.


On the Configuration > Monitor Policies page, the following monitor policies are available out-of-the-box:

  • Predefined policy for Linux
  • Predefined policy for Windows
  • Policy for rotated API key push


To create a monitor policy

On the Configuration > Monitor Policies page, click Create, and follow these steps:

  1. On the Create Monitoring Policy page, add a unique name and description for the monitor policy. 
    BMC recommends that you organize policies according to the precedence numbers when creating and editing policies. You can also include policy-specific information in the policy names. For more information, see Policy precedence.

    Click here to view examples of naming a policy
    • Option 1: To enable easy sorting of policies, include the precedence number of a policy as a prefix in the policy naming as per the following format: <precedence number>_<policyname>.
      Examples:
      • 099_Basic_Event_Propagation_ALL_AGENTS
      • 599_Standard_Windows_OS_Monitoring
    • Option 2: To enable easy searching of policies, include policy-specific information in the policy naming. For example, you can easily find all Windows policies if the policies are named as follows:
      • 899_Windows2012_Service_Monitoring
      • 799_Windows2012_Standard_Monitoring
      • 699_Windows2008_SQLSrv_Monitoring
  2. Add the associated user group for the policy. 
    An associated user group is the user group that the logged-on user belongs to. If the user belongs to multiple user groups, select the appropriate user group for the policy.

  3.  

    If you want to share the policy with the user group that you selected, select the  Share with User Group  checkbox.

  4.  

    Add a unique precedence number to the policy.
     You can add a custom value in this field, or use the arrows to increase or decrease the value.

  5.  

    If you want to enable the policy immediately, select  Enable Policy . You can enable it later from the Monitor Policies page.

  6. Create the PATROL Agent selection criteria based on which the policy must be applied to the Agents.

    Click here to create the agent selection criteria

    PATROL Agent selection criteria.png

    1. Select a property.

      Click here to know the property details

      Property

      Description

      Agent Host Name

      Host name of the computer on which the PATROL Agent is installed.

      Important:

      The value for the matches property must be a strict regular expression. Refer to the following regular expression examples that can be used:

      • virtual_machine -- To select Agents that match the exact string "virtual_machine"
      • .?virtual_machine.* -- To select Agents that match the sub-string "virtual_machine{*}"
      • ^((?!clm-pun-s).)*$ -- To select Agents that do not match the sub-string  "clm-pun{*}"

      Agent Port

      Port number through which the PATROL Agent listens for incoming connections from the PATROL console.

      Use port numbers from 1025 to 65535.

      Agent Version

      Version of the PATROL Agent.

      Agent Operating System

      Operating system of the computer on which the PATROL Agent is installed.

      Agent IP Address

      IP address of the computer on which the PATROL Agent is installed. If you select the within operator for the Agent IP Address, only IPv4 range is supported.

      Agent Tag

      Tag applied on the PATROL Agent.

      Important: 

      The agent tag value cannot contain special characters such as single quotation marks ('), double quotation marks ("), ampersand (&), angle brackets (< >), pipe (|), and braces ({ }).

    2. Select an operator to create the condition. The available operators depend on the property that you select.
    3. Specify a value for the selected property.
    4. (Optional) To add more than one condition, click Plus icon.png; to remove an existing condition, click Minus icon.png.
    5. (Optional) To group the conditions, use the following parentheses and Boolean operators from their corresponding lists:
      • (
      • ((
      • (((
      • )
      • ))
      • )))
      • AND
      • OR

  7. Add other configurations in any or all of the following tabs by clicking them:
    • Monitoring
    • Deactivate Collection
    • Polling Intervals

    • Configuration Variables

      Best practice

      • Avoid creating a policy with both monitoring configuration and a configuration variables. You can create separate policies for each of them.
      • To keep the PATROL Agent in sync with the policy configuration, change an existing configuration variable's operation to DELVAR instead of deleting it. After a configuration variable is deleted from the policy, you cannot perform any actions on it.
      For more information about these options, see Configuring-and-maintaining-monitor-policy-configurations.

  8. Save the monitor policy.


To view monitor policies

View all monitor policies on the Configuration > Monitor Policies page. 

Monitor policies list.png

If a PATROL Agent (responsible to monitor) is added to the authorization profile that you are a part of, you can view the policies created for the monitoring solution. You cannot view the policies if the PATROL Agent is removed from the authorization profile.

On the Monitor Policies page, you can view the following information:

  • Predefined policies
    You can view the following out-of-the-box policies:
    • Predefined policy for Linux
      Policy for the basic monitoring of a Linux host.
    • Predefined policy for Windows
      Policy for the basic monitoring of a Windows host.

    • Policy for rotated API key push
      Policy for pushing the rotated API key to PATROL Agents. This read-only policy is created when you choose to rotate the API key in BMC Helix Portal and is displayed under the Internal policy filter. For subsequent rotations, this policy stores the rotated (updated) API key in the /SecureStore/mca/tenant/apiKey configuration variable. The system also generates an Information event to provide notification about the key rotation. The rotated API key is used for data ingestion from PATROL Agents.
      For instructions about creating an API key, see Using API keys for external integrations.

  • Policy filters
    Use the following tabs to view filtered policies:
    • Enabled: View all enabled policies
    • Disabled: View all disabled policies
    • Shared: View all the policies that are shared with other users
    • Not shared: View all the policies that are not shared with any other users
    • Internal: View all policies that are created as attribute filters. You can only view these policies and not take any action on them.
      For more information on attribute filters, see Restricting-data-collection-for-monitor-attributes.

Click a policy name to see the View Monitoring Policy page. This page displays the general properties of the policy and the agent selection criteria that you used while creating the policy. It also shows other configurations that you made while creating the policy. If you have not configured a criterion, you can see the following message in the criterion area:

No data to display.


To enable or disable a policy

To enable a policy, select the Configuration > Monitor Policies page, click the action menu of a disabled policy, and click Enable

To disable a policy, select the Configuration > Monitor Policies page, click the action menu of an enabled policy, and click Disable.

After enabling or disabling a policy, ensure that you wait for a few minutes before changing the status again.

After you disable a monitor policy, all entities that are associated with the PATROL Agent (device) are deleted from the Monitors tab on the Device Details page. Deleting this entity closes all associated alarm events on the Events page.

The reason for the alarm event closure is displayed on the Logs and Notes tab on the Event Details page of the alarm event. For more information, see Viewing-or-adding-notes-to-an-event .


To edit a policy

  1. On the Configuration > Monitor Policies page, click the action menu of the policy that you want to modify and select Edit .
  2. (Optional) For the KMs that support file-based monitoring, add or edit the configuration files by performing the following actions:
    1. In the Monitoring tab, for the monitoring solution that has file-based monitoring enabled, click the action menu and select Files.
    2. In the Add Configuration files dialog box, perform one of the following actions:
      • To add a file, click Add and see Configuring-and-maintaining-monitor-policy-configurations for instructions about adding a configuration file.
      • To delete a file, click the action menu of the file and click Delete.
      • To download a file, click the action menu of the file and click Download

    3. Click Save.

      Important

      You can add or edit the configuration files only for PATROL Agents version 23.3.00 or later. If a PATROL Agent is upgraded to version 23.3.00 after you created and enabled a monitor policy, you must disable the policy and enable it again to be able to upload configuration files from the monitor policy.

  3. Make other updates to the policy and save the changes.


To copy a policy

Before copying the policy, ensure the following:

  • The user that you plan to use in the new policy belongs to the associated user group in the original policy.
  • The associated user group in the new policy can access the monitoring solutions and configurations of the original policy. Without this, the monitoring solutions and configurations will not be available in the new policy.

On the Configuration > Monitor Policies page, click the action menu of the policy that you want to copy and select  Copy. The Create Policy page is displayed with the configurations of the copied policy. You can modify the configurations according to your requirements.  If you have configured credentials in the policy, ensure that you update the credentials to access the host. If you have configured credentials in the policy, ensure that you update the credentials to access the host.


To filter polices and view applicable Agent details

Go to Configuration > Monitor Policies to view all monitor polices. You can filter the policies on this page to view applicable Agent details.

  • To filter policies, use any or all of the following check boxes:
    • Enabled
    • Disabled
    • Shared
    • Not Shared
    • Internal
  • To view applicable Agent details:
    1. Click a policy action menu.
    2. Click View Applicable Agents to view the information on the Selected Agents page.
      Use the Search Agent Name field to search for specific agents.  


To delete a policy

On the Configuration > Monitor Policies page follow these steps:

  1. If the policy that you want to delete is enabled, disable it.
  2. Click the action menu for the policy, and click Delete and then click Yes on the confirmation message window.


Viewing the audit trail of monitor policies

As a tenant administrator, you can use the BMC Helix Audit Dashboard in BMC Helix Dashboards, to view the trail of the changes that were made to monitor policies. You can view the trail of the following operations:

  • Create, edit, delete
  • Policy status change
  • Policy applied on the PATROL Agent

Scenario

Tina is a tenant administrator and Sarah is a system administrator at Apex Global. Tina has left on vacation and won't be back at work for two more weeks. Sarah has taken up some of Tina's responsibilities during this time. Sarah is looking at some monitor policies in the system and she wants to know when Tina created them and when they were updated. Because Tina is on vacation, how can Sarah obtain this information?

Sarah can log in to BMC Helix Dashboards and use the BMC Helix Audit Dashboard to see a complete audit trail of all monitor policies.

For instructions on opening the BMC Helix Audit Dashboard and for other details, see BMC Helix Audit Dashboard.

The following image displays the audit trail of monitor policies in the BMC Helix Audit Dashboard. Note that the selected resource type is MONITORING POLICY.

audit_trail_dashboard_monpol.png


Where to go from here

Configuring-and-maintaining-monitor-policy-configurations.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*