Configuring Internet server monitoring

The target server must meet the following requirements:

• Operating system—The target server must be running Windows Server with IIS installed and running
• IIS version—The IIS monitoring collects metrics by reading Windows Management Instrumentation (WMI) performance counters. The IIS version must make the following WMI performance counter classes available:
  • Win32_PerfFormattedData_W3SVC_WebService: Provides website‑level metrics
  • Win32_PerfFormattedData_W3SVCW3WPCounterProvider_W3SVCW3WP: Provides worker process‑level metrics

The IIS monitoring connects to the IIS server remotely. This connection uses Windows Remote Management (WinRM):

• WinRM Service—WinRM service must be enabled and running on the target Windows server. To enable WinRM Service on the target server, run the following command as an administrator:
  winrm quickconfig
• WinRM Ports—WinRM must use the following ports:
  • Port 5985 (HTTP)—Use port 5985 (HTTP) as the default port
  • Port 5986 (HTTPS)—Port 5986 (HTTPS) is supported but not enabled by default
• Firewall configuration—The Windows firewall on the IIS server must allow inbound connections on port 5985 from the PATROL Agent host

IIS monitoring connects to the target server by using a Windows account and authenticates by using NTLM (NT LAN Manager) authentication method, which is the standard Windows method for verifying user credentials.

You must provide a Windows domain account or a local account in the monitor policy to allow IIS monitoring to connect to the target server. Configure the user name by using the policy variable /STM/Servers/<server-name>/AUTH_USERNAME and configure the corresponding password by using /STM/Servers/<server-name>/AUTH_PWDkey. The user name can be specified in the format DOMAIN\username for a domain account or in the format username for a local account. If either the user name or the password is not provided, IIS monitoring cannot authenticate to the server and does not collect any data.

The Windows account used for IIS monitoring must have sufficient permissions to read IIS performance data. Make sure that the account meets the following requirements:

• The Permission to query WMI performance counters in the root\cimv2 namespace
• The account must be a member of one of the following Windows groups:
  • The Performance Monitor Users group
  • The Administrators group, which provides full access
• The account must have remote WMI access rights on the target server. You can grant the required WMI permissions by navigating to the following location on the target server:
  wmimgmt.msc → WMI Control → Properties → Security → root\cimv2

The computer where the PATROL Agent is installed must meet the following requirements to enable IIS monitoring:

• The PATROL Agent host must have network connectivity to the target IIS server on port 5985
• No additional client‑side software is required on the PATROL Agent host, because WinRM communication is handled by the embedded winrm4j library

Enter the IP address of the server.

Use the $HOSTNAME variable to use the host name of the PATROL Agent.

Enter the following credentials to connect to the server:

• User Name
• Password
• Confirm Password

Important: Server credentials are required for IIS server monitoring to authenticate and collect IIS performance and availability metrics. Use these fields only for IIS server monitoring; otherwise, leave them blank

Select one of the following options to monitor URL responses and handle HTTP redirects:

• NORMAL— Follows redirects only for safe and standard HTTP methods
• ALWAYS— Follows all redirects regardless of the HTTP method or context. This option is used by default. 
• NEVER— Stops at the initial response and does not follow any redirects.

Select the HTTP version to use for sending the request:

• Auto—Selects the highest HTTP version supported by the target URL, for example, HTTP/2 or HTTP/1.x
• HTTP_1_X—Sends the request by using HTTP version 1.0 or 1.1. Use this option when the monitored URL supports only older HTTP versions.
• HTTP_2—Sends the request by using HTTP version 2.0. Use this option when the endpoint supports HTTP/2 for better performance.

Expand to Server Certificate Details to configure the certificate path and password:

• Server Certificate Path—Enter the path of the certificate file that contains the downloaded server certificate
• Server Certificate Password—Enter the password for the keystore if the server certificate is stored in a keystore file

Expand Device mapping configuration to configure device mapping with the following options: 

• Override Global Device Mapping Setting— Select this checkbox to configure the device mapping for a specific server. When you select this checkbox, the custom device mapping will apply to this server, and the global settings will be ignored.
• Enable Device Mapping— Select one of the following options to enable device mapping:
  • External DNS Hostname— Select this option to create a device by using the DNS name of the server, which is automatically determined from its IP address through a reverse DNS lookup.
  • Server name/IP Address— Select this option to create a device by using the name of the server or IP address without performing a DNS lookup. This option is selected by default.
  • Disabled— Select this option if you do not want to create a device for the server.

Expand Proxy settings to configure proxy settings with the following options:

• Proxy host name/IP address— Enter a host name or IP address for the proxy.
• Proxy port number— Enter the port number of the proxy server.
• Proxy Username— Enter the username for the proxy server. If the proxy server authentication is not required, leave it blank.
• Proxy Password— Enter the password for the proxy server.

Expand Port monitoring settings to add the port number of the server or a service to monitor. If the default HTTP/HTTPS ports (80 or 443) are used, do not enter a port number.  

Expand Administration to configure Java settings, device mapping, and debug options:

• JAVA Home (11 or above)— Enter the full path of the JRE directory on the PATROL Agent server. The JAVA version should be 11 and later.
  For example, c:\java\jre11.
  Important: Make sure that the JAVA home is configured correctly; otherwise, monitoring will not start.
• JVM Arguments— Enter the additional Java Virtual Machine arguments for the Java collector.
  For example, for Java memory settings: -Xms256m -Xmx1024m.
• Enable Device Mapping— Select one of the following options to enable device mapping:
  • External DNS Hostname— Select this option to create a device by using the DNS name of the server, which is automatically determined from its IP address through a reverse DNS lookup.
  • Server name/IP Address— Select this option to create a device by using the name of the server or IP address without performing a DNS lookup. This option is selected by default.
  • Disabled—Select this option if you do not want to create a device for the server.
• Enable Debug— Select the checkbox to enable debug for detailed logging. The debug log files are available at PATROL_HOME\stm\server\log directory. This option is selected by default. 

Expand Client Certificate Database details to configure the certificate path and password:

• .jks file path— Enter the full path name of the Java Keystore Database (.jks file) that contains the required certificates. Make sure that the file is located on the same host as the PATROL Agent.
• KeyStore password— Enter the password of the Java Keystore Database (jks file).

Expand Global Proxy settings details to configure proxy settings with the following options:

• Proxy host name/IP address— Enter a host name or IP address for the proxy.
• Proxy port number— Enter the port number of the proxy server.
• Proxy User Name— Enter the username for the proxy server. If the proxy server authentication is not required, leave it blank.
• Proxy Password— Enter the password for the proxy server.

Expand Annotation Configuration and select the Enable Annotation checkbox to enable annotations. When a server returns an error, the response code parameter displays a descriptive message (such as an HTTP status description). The annotation is displayed with the response time.