Writer instructions

Page title

For most spaces, this page must be titled Space announcements.

For spaces with localized content, this page must be titled Space announcements l10n.

Purpose

Provide an announcement banner on every page of your space.

Location

Move this page outside of your home branch.

Guidelines

Announcement Support for this product will end on November 3, 2025. We recommend that you use PATROL for Linux, PATROL for AIX, or PATROL for Solaris to monitor operating systems.

BMC PATROL KM for UNIX and Linux remote monitoring FAQ

This section addresses common questions about using the BMC PATROL Knowledge Module (KM) for UNIX and Linux to perform remote monitoring.

Which version of PATROL KM for UNIX and Linux supports remote monitoring?

PATROL KM for UNIX and Linux started supporting remote monitoring from version 9.8.00 onwards.

Which data collection method is used by remote monitoring?

Remote monitoring uses the PATROL Scripting Language (PSL) data collection method to discover instances and to get data through the remote External PSL Call (XPC).

What is the role of pukremotexec.xpc in remote monitoring?

PATROL KM for UNIX and Linux uses an XPC-based collection mechanism to support monitoring of the remote hosts. The pukremotexec.xpc stand-alone executable communicates with PATROL Agent through standard input (stdin) and output (stdout) channels connected with pipes. The communication between PATROL Agent and the XPC server is handled by the SDK libraries through PSL function calls.

pukremotexec.xpc is an XPC-based SSH2 client that opens sessions with remote hosts, runs commands on those hosts, and returns the output to the PSL collectors. For the PSL collectors, the command execution is transparent and the same PSL collectors work well with the local host and the remote host.

The XPC-based SSH2 client has following advantages:

  • A single SSH2 client (process) can handle multiple remote sessions simultaneously.
  • Multiple system commands can be executed over a single remote session simultaneously.

The XPC-based client is responsible for collecting information from the remote host for the application classes.

What hardware do I need to monitor multiple UNIX computers remotely?

The following table lists the hardware requirements for a single PATROL Agent running on a dedicated computer and monitoring 175 remote hosts.

Hardware requirements for remote monitoring on multiple UNIX computers

Resource

Minimum requirement

Recommended

Processor

  • Linux:
    Dual processor, x86-64, Itanium 2, and IBM zSeries
  • Oracle Solaris:
    Dual processor, SUN UltraSPARC, and x86-64
  • IBM AIX:
    Dual processor, Power 5, Power 6, and Power 7
  • HP-UX:
    Dual processor, Itanium 2 and PA-RISC
  • Linux:
    Quad processor, x86-64, Itanium 2, and IBM zSeries
  • Oracle Solaris:
    Quad processor, SUN UltraSPARC, and x86-64
  • IBM AIX:
    Quad processor, Power 5, Power 6, and Power 7
  • HP-UX:
    Quad processor, Itanium 2 and PA-RISC

Server memory

2 GB

4 GB

Disk space

600 MB

600 MB

Which operating systems can I monitor remotely?

The following operating systems that are supported by PATROL Agent and PATROL KM for UNIX and Linux can be monitored remotely:

  • Red Hat Enterprise Linux 4.x, 5.x, and 6.x
  • SUSE Linux Enterprise Server 10 and 11
  • Oracle Enterprise Linux 5.x and 6.x
  • VMware ESX Server 2.5, 3.0, 3.5, and 4.0
  • Solaris 9, 10, and 11
  • IBM AIX 6.1, and 7.1
  • HP-UX 11.11, 11.23, and 11.31
  • CentOS 5.x and 6.x

What are the pre-requisites for enabling remote monitoring?

The PATROL Agent computer should be a dedicated server for remote monitoring. The SSH client should be installed on the PATROL Agent computer to communicate with the remote host on which the SSH server is installed. The SSH server should be available and running on port 22 on the remote host before adding it into a PATROL Agent.

Note

It is not mandatory to install the SSH client on the PATROL Agent computer; the pukremotexec.xpc process performs the role of an SSH client.

Configuration requirements for host computers (PATROL Agent)

  • The operating system that is supported by PATROL Agent and PATROL KM for UNIX and Linux must be installed.
  • PATROL Agent and PATROL KM for UNIX and Linux version 9.8.00 or later must be installed.

Configuration requirements for the remote host

  • The SSH2 server must be installed and running.
  • The SSH2 server must be configured as follows:
    • To configure the remote host for password-based authentication, add the following entry to the SSH2 server configuration (sshd_config) file, if it is not already present:
      PasswordAuthentication yes
    • To configure the remote host for key-based authentication, add the following entry to the SSH2 server configuration (sshd_config) file, if it is not already present:
      PubkeyAuthentication yes
    • To configure a port number on the remote host, add the following entry to the SSH2 server configuration (sshd_config) file, if it is not already present:
      Port 22

You must restart the SSH2 server after making configuration changes.

The following figure illustrates a configuration with multiple remote hosts.

Monitoring configuration with multiple remote hosts

Monitoring config.png

Which authentication mechanisms are used in remote monitoring?

PATROL KM for UNIX and Linux supports the following types of user authentication mechanisms.

Password-based

When you configure a remote host for monitoring, you must provide a user name and a password to access the remote host. PATROL KM for UNIX and Linux stores these login credentials in a secure key store. The SSH2 client submits the credentials to the remote host in order to initiate a remote connection. If the credentials are validated successfully, the SSH2 client starts collecting data for the remote host.

To configure the remote host for password-based authentication, add the following entry to the SSH2 server configuration (sshd_config) file, if it is not already present:

PasswordAuthentication yes

Key-based

When you configure a remote host for monitoring, you must provide the public and private key file paths, and the passphrase (if applicable). The key file paths must be absolute paths (for example, /home/user/id_rsa.pub), and the PATROL user must have read permissions to access the key files. PATROL KM for UNIX and Linux stores the key file paths in a secure key store.

To configure the remote host for key-based authentication, add the following entry to the SSH2 server configuration (sshd_config) file, if it is not already present:

PubkeyAuthentication yes

Note

The KM stores the file name information and not the public or private key. BMC recommends that you set a passphrase for the private key.

What are “user profiles” in remote monitoring?

User profiles provide a way share credentials among multiple hosts. The hosts that have the same credentials can be grouped into a user profile. You can then assign that profile to all hosts.

Example

Host A, Host B, and Host C have the same credentials (patqa1/patAdm1n). You can create a profile named Test with credentials, patqa1/patAdm1n.

All hosts that are added to the Test profile automatically refer to these profile credentials for authentication; you do not have to enter credentials every time.

Which application classes are supported for remote monitoring?

The remote monitoring functionality in version 9.8.00 and later of PATROL KM for UNIX and Linux, supports the following application classes:

  • COLLECTORS
  • CPU
  • DISK
  • FILESYSTEM
  • MEMORY
  • PROCESS
  • PROCESS_PRESENCE
  • SMP
  • UNIX_OS
  • USERS
  • AIX_VIRTUALIZATION (version 9.10.00 onwards)
  • KERNEL (version 9.10.00 onwards)
  • NETWORK (version 9.10.00 onwards)
  • NFS (version 9.10.00 onwards)
  • SWAP (version 9.10.00 onwards)
  • ZPOOL (version 9.10.00 onwards)

Limitations

The following application class limitations apply for remote monitoring on UNIX and Linux computers:

  • Discovering an application class depends on the system command. Discovery might not work if the command is not available, the output is invalid, or the user account that you provided while adding the remote host does not have permission to execute the command.
  • The PROCESS_PRESENCE application class discovers and creates all default instances for the respective remote host.
    • The Synchronization functionality does not work for remote hosts.
    • Solaris non-global zone processes cannot be monitored if you are monitoring a Solaris global zone computer as a remote host. This functionality works only for local monitoring.
  • The SMP application class will not be discovered if a single processor is running on the remote host.
  • The FILESYSTEM application class is discovered 5 minutes after the discovery of the remote host.
  • The filesystems on which the PATROL user does not have read and execute permissions are not monitored. The parameters for these filesystems remain offline unless the required permissions are granted to the PATROL user.
  • The menu commands that require root credentials are not supported.

Which system commands do application classes refer to?

The following table lists the application classes and the system commands that they use.

System commands used by PATROL KM for UNIX and Linux application classes

Application class

System commands

CPU

vmstat, sar, uptime

DISKS

iostat

FILESYSTEM

df, mount

MEMORY

vmstat

PROCESS

ps

PROCESS PRESENCE

ps

SMP

mpstat

USERS

who

AIX_VIRTUALIZATION

lparstat

KERNEL

sar, vmstat

NETWORK

  • netstat
  • dmesg (Linux only)
  • kstat (Solaris only)
  • entstat (AIX only)
  • lanadmin (HP-UX only)

NFS

nfsstat

SWAP

swap / swapon

ZPOOL

zpool / zfs

How many remote hosts can one PATROL Agent monitor?

There is no maximum limit to the number of remote hosts that one PATROL Agent can monitor. However, in the PATROL Performance, Scalability and Reliability (PSR) lab, the largest configuration tested was 175 hosts.

Can I use an earlier version of PATROL Agent?

Yes. You can use any one of the earlier PATROL Agent versions supported. BMC recommends you to use the latest version of the PATROL Agent for better performance.

Can I monitor UNIX and Linux systems from PATROL Agent for Windows?

No, you cannot monitor UNIX or Linux systems from a Microsoft Windows computer.

How do I configure PATROL KM for UNIX and Linux for remote monitoring?

The REMOTE_HOST and REMOTE_CONT application classes are supported to monitor remote hosts.

To add a remote host for monitoring

  1. Install PATROL Agent and PATROL KM for UNIX and Linux version 9.8.00 or later on a computer.
  2. Add the computer in step 1 in the PATROL console as a Managed Node.
  3. Load UNIX3.kml and Remote.kml.
    By default, all the application classes in the DCM collection method are discovered.
  4. To switch to the PSL collection method, right-click UNIX OS and choose KM Commands > Knowledge Module Admin > Toggle PSL/DCM Collection.

  5. After full discovery, right-click the Remote Monitoring container and choose KM Commands > Manage List of Monitored Hosts.

    When the Manage List of Monitored Hosts dialog box appears, the Add New Host option is selected by default.

  6. Click OK, and in the Add New Host dialog box, provide the host name, user name, and password of the remote host to be monitored.

    Note

    The host can also be added by using a profile, and public and private keys.

To modify a remote host

  1. Right-click the Remote Monitoring container and choose KM Commands > Manage List of Monitored Hosts.
  2. In the Manage List of Monitored Hosts dialog box, select the remote host that you want to modify, and select the Modify Host option.
  3. Click OK.
  4. Edit the host information as necessary, and then click OK to save the changes.

To delete a remote host

  1. Right-click the Remote Monitoring container and choose KM Commands > Manage List of Monitored Hosts.
  2. In the Manage List of Monitored Hosts dialog box, select the remote host that you want to modify, and select the Delete Host option.
  3. Click OK.

Can I simultaneously use the DCM method to monitor the local host and the PSL method to monitor a remote host?

No, you cannot use the DCM method for local monitoring and the PSL method for remote monitoring, simultaneously. You must switch from DCM collection to PSL collection to enable remote monitoring on UNIX computers.

Warning

Do not run multiple PATROL Agents for DCM and PSL collection, as this could result in duplicate monitoring on the local host.

Does each collector have its own dedicated SSH session?

No, all of the collectors for a remote host use the same SSH session.

Is the SSH connection to a remote host persistent?

Yes, a persistent SSH connection is maintained for each remote host being monitored.

Can I specify a different polling cycle for each application class?

Yes, you can specify a different polling cycle for each application class.

Note

The default polling cycles that are applied for each application class in remote monitoring are the same as those used in local monitoring, except the FILESYSTEM application class.

Can I change threshold values for a specific remote host instance?

You can configure threshold values for a specific remote host using the BMC PATROL KM for Event Management.

What instance hierarchy is displayed for remote hosts?

The instance hierarchy that is displayed for a remote host is the same as that of a local host.

How does BMC ProactiveNet discover remote hosts?

BMC ProactiveNet discovers remote host instances as devices.

What are the Performance and Scalability metrics for remote monitoring?

The following table lists the metrics based on 2 processors and 2 GB of RAM for 175 remote hosts monitored for 120 hours.

Performance and Scalability metrics for remote monitoring with PATROK KM for UNIX and Linux

Operating system

Average CPU (in %)

Average Memory (in MB)

Network


PATROL Agent

pukremotexec. xpc

PATROL Agent

pukremotexec. xpc

In (Kilo Bytes per second)

Out (Kilo Bytes per second)

Oracle Solaris 10

20.43

6.37

329.41

12.30

55.6

10.3

Red Hat Enterprise Linux 5.4 x86-64

23.45

7.0

407.09

12.73

65.4

11.9

IBM AIX 6.1 Power6

21.04

6.25

392.30

13.44

83.0

23.4

HP-UX 11.23 PARISC

36

9.45

422.70

14.43

56.1

10.7


How do I configure remote hosts via the PATROL Configuration Manager (PCM)?

You can add remote hosts in the PATROL Agent by creating the following rulesets in PCM:

To add a remote host in the PATROL Agent, create:

  • "/REMOTE/HOSTS/remoteHost/hostInfo" = {REPLACE = "remoteHost<Ctrl+B>NONE<Ctrl+B>0<Ctrl+B>UserName"}
  • "/SecureStore/REMOTE_HOSTS/remoteHost/passWord" = {REPLACE = "COLLECTORS;FILESYSTEM;KERNEL;LDOM;LVIRT;MEMORY;NETWORK;NFS;POOL;PROCCONT;PROCESS;PROJECT;REMOTE_CONT;REMOTE_HOSTS;UNIX_OS;USERS;VIRTUALIZATION;WPAR;ZFS;ZPOOL;ZONE/EncryptedPassword"}

To add a remote host in the PATROL Agent with public and private key, create:

  • "/REMOTE/HOSTS/remoteHost/hostInfo" = {REPLACE = "remoteHost<Ctrl+B>NONE<Ctrl+B>0<Ctrl+B>UserName<Ctrl+B><Ctrl+B>PublicKey<Ctrl+B>PrivateKey"}
  • "/SecureStore/REMOTE_HOSTS/remoteHost/passPhrase" = {REPLACE = "COLLECTORS;FILESYSTEM;KERNEL;LDOM;LVIRT;MEMORY;NETWORK;NFS;POOL;PROCCONT;PROCESS;PROJECT;REMOTE_CONT;REMOTE_HOSTS;UNIX_OS;USERS;VIRTUALIZATION;WPAR;ZFS;ZPOOL;ZONE/EncryptedPassword"}

To add a remote host in the PATROL Agent using profiles, create:

  • "/REMOTE/PROFILE/profileName/credential" = {REPLACE = "ProfileName<Ctrl+B>UserName"}
  • "/SecureStore/REMOTE/PROFILE/profileName/passWord" = {REPLACE = "COLLECTORS;FILESYSTEM;KERNEL;LDOM;LVIRT;MEMORY;NETWORK;NFS;POOL;PROCCONT;PROCESS;PROJECT;REMOTE_CONT;REMOTE_HOSTS;UNIX_OS;USERS;VIRTUALIZATION;WPAR;ZFS;ZPOOL;ZONE/EncryptedPassword"}
  • "/REMOTE/HOSTS/remoteHost/hostInfo" = {REPLACE = "Hostname<Ctrl+B>ProfileName<Ctrl+B>0<Ctrl+B>UserName"}
  • "/SecureStore/REMOTE_HOSTS/remoteHost/passWord" = {REPLACE = "COLLECTORS;FILESYSTEM;KERNEL;LDOM;LVIRT;MEMORY;NETWORK;NFS;POOL;PROCCONT;PROCESS;PROJECT;REMOTE_CONT;REMOTE_HOSTS;UNIX_OS;USERS;VIRTUALIZATION;WPAR;ZFS;ZPOOL;ZONE/null"}

The following table gives a description of the items to be entered in the preceding rulesets:

Item

Description

remoteHost

Name of the remote host

UserName

User name that you will use to configure remote hosts

ProfileName

Profile name that you will use to share credentials

EncryptedPassword

Encrypted password that you will enter in a secure key store.

You can encrypt the password in the following ways:

  • Use the encrypt() function.
    Syntax: encrypt ("password","DES")
  • Use the pwd_encrypt password binary file from $PATROL_HOME/bin

PublicKey

Public key that you will use for authentication for remote monitoring

PrivateKey

Private key that you will use for authentication for remote monitoring

<Ctrl+B>

Ctrl+B is a key combination that you will use to insert a separator character

For information on configuring remote hosts in the PATROL console, see Configuring-PATROL-KM-for-UNIX-for-remote-monitoring.

Can I monitor more than 175 remote hosts on a single computer?

Yes, you can monitor more than 175 remote hosts on a single computer. To do this, you have to run another PATROL Agent on a port different from the one you are already using and add upto 175 remote hosts. In the PATROL PSR lab, a maximum of two PATROL Agents have been tested to function simultaneously. To monitor more than 175 hosts at the same time, ensure that you have enough hardware resources to support this configuration in your environment. For more information, see the recommended hardware configurations.

Troubleshooting SSH

The following information addresses common questions about SSH, and issues that you might face while configuring remote monitoring.

How do I debug PATROL KM for UNIX and Linux for remote monitoring?

You can enable and disable debugging at the XPC and SSH library levels for the remote XPC for a remote host.

To enable debugging for the remote XPC for a remote host

Tip

You can store the debug information for the remote XPC in an external file.

  1. Access the UNIX OS application menu for the remote host in the Remote Monitoring container.
  2. Choose Debug and Diagnostics > PUK Remote XPC Debug Admin.
  3. In the PUK Remote Host Debug Admin dialog box, select the Enable XPC Debug check box to start debugging at the XPC level.
  4. Select the Enable Libssh2 TRACE check box to start debugging at the library level.
  5. Enter the absolute path and name of the log file in which you want the KM to store the debug information (for example, /tmp/PukRemoteDebug.txt).
  6. Click Accept.
    The log file is generated in the format, /tmp/PukRemoteDebug.txt~pid, where pid is the process ID of the running pukremotexec.xpc.

To disable debugging for the remote XPC for a remote host

  1. Access the UNIX OS application menu for the remote host in the Remote Monitoring container.
  2. Choose Debug and Diagnostics > PUK Remote XPC Debug Admin.
  3. In the PUK Remote Host Debug Admin dialog box, clear the Enable XPC Debug check box to stop debugging at the XPC level.
  4. Clear the Enable Libssh2 TRACE check box to stop debugging at the library level.
  5. To close the generated log file, select the Close debug file check box.
  6. Click Accept.

Where I can find the sshd_config file on the system?

The sshd_config file resides in /etc/ssh/, but the location might vary depending upon the operating system or distribution:

  • For Linux, Solaris, and AIX: /etc/ssh/sshd_config
  • For HP-UX: /opt/ssh/etc/sshd_config

Can I modify the sshd_config file as a standard user?

By default, a root user has permissions to modify this file. However, the environment can be configured to allow a standard user to modify this file.

How do I start and stop the sshd service?

You can use the following commands to start and stop the sshd service:

  • Red Hat Enterprise Linux:
    #service sshd restart
  • SUSE Linux:
    # /etc/rc.d/sshd restart
  • Oracle Enterprise Linux:
    # /etc/init.d/sshd stop
    # /etc/init.d/sshd start
    # /etc/init.d/sshd restart
  • Solaris 9 and earlier versions:
    # /etc/init.d/sshd stop
    # /etc/init.d/sshd start
  • Solaris 10:
    # svcadm disable ssh
    # svcadm enable ssh
  • AIX:
    # stopsrc -s sshd
    # startsrc -s sshd
  • HP-UX:
    # /sbin/init.d/secsh stop
    # /sbin/init.d/secsh start

How do I verify and debug the SSH connection for a specific remote host?

You can use the following commands to verify and debug the ssh connection with a remote host. The debug log appears only on that same session of system.

  • For password-based authentication:
    # ssh -2 –v –v –v –l userName -o PreferredAuthentications=password remoteHostsys_command
  • For key-based authentication:
    # ssh -2 –v –v –v –l userName -o PreferredAuthentications=publickey remoteHostsys_command

You must execute these commands on monitoring servers (PATORL Agent computer).

How do I create RSA public and private keys?

An RSA key pair must be generated on the client system. The public portion of this key pair must reside on the servers that the client will access, and the private portion must reside on a secure local area of the client system (by default in the ~/.ssh/id_rsa directory).

The following figure shows the RSA key pair on client and server systems.

RSA key pair on client and server systems

RSA key pair.png

You can generate the keys by using the ssh-keygen utility.

To generate the RSA key pair

  1. Enter the following command on the client system to create the ~/.ssh directory:
    mkdir ~/.ssh
  2. Enter the following command on the client system to change permissions on the ~/.ssh directory:
    chmod 700 ~/.ssh
  3. Enter the following command on the client system:
    ssh-keygen -q -f ~/.ssh/id_rsa -trsa
  4. Enter the passphrase if required.
  5. Enter the passphrase again.

The file permissions should be locked to prevent other users from being able to read the key pair data. OpenSSH might also refuse to support public key authentication if the file permissions are too open. These fixes should be done on all systems involved.

To lock file permissions

  1. Enter the following commands on the client system:

    • chmod go-w ~/
    • chmod 700 ~/.ssh
    • chmod go-rwx ~/.ssh/*

To enable public key authentication

  1. Copy the public portion of the RSA key pair to the servers that the client will access.
    The public key information to be copied should be located in the ~/.ssh/id_rsa.pub file on the client.
  2. Append the public key information to the ~/.ssh/authorized_keys file on the servers.
    You can use the scp or ssh-copy-id utility for copying the ID on the server.
  3. Verify that public key connections to the servers work properly by executing the following commands:
    • client$ ssh -o PreferredAuthentications=publickey sshServerName
    • Enter passphrase for key '/…/.ssh/id_rsa': passphrase
    • passphrase
    • server$

Remote monitoring flowchart

The following figure represents the workflow for remote monitoring:

Remote monitoring flow chart.png

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*