BMC Defender Ping Monitor adapter

This section provides a detailed description of the BMC Defender Ping Monitor adapter. This is an optional set of files and executables that are added to the BMC Defender Server in order to expand the role of the BMC to include monitoring of device states using ICMP ping messages.

This section provides information on specific features and capabilities of this special software, including installation procedures, operating theory, application notes, and certain features not documented elsewhere.

The BMC Defender Ping Monitor Adapter consists of several components. A background process continuously polls devices and compares response times to thresholds. The user can configure timeouts and retries and specify the syslog message sent when thresholds get violated. Additionally, the user can inspect the list of ping response times collected on the system. The description of the components is in detail within this section.

This section is for the BMC Defender users who operate the system, as well as system administrators responsible for installing the software components. This information is also of interest to program developers and administrators who want to extend the range of the BMC Defender system's role within an enterprise to include ICMP ping monitoring of device states and availabilities.

Overview of operation

The BMC Defender Ping Monitor Adapter extends the BMC Defender system to permit polling of device states using standard ICMP ping. This allows BMC to actively monitor network states, in particular, whether devices are capable of sending messages to the BMC Defender Server.

The BMC Defender ping background process continuously polls groups of devices, compares the ICMP response time to threshold values, and then sends syslog messages (of user-specified severity and content) to the main BMC Defender Server when response times are greater than anticipated. This gives BMC Defender more awareness of the network and enterprise state.

The BMC Defender ping background process is configured and monitored using a tightly coupled integration with the main BMC Defender web interface. The user configures address groups that are polled for specific values and define the message and severity that is sent to BMC Defender when a threshold trips.

BMC Defender Ping Monitor Adapter product features

ICMP is a network protocol that is supported by virtually all network devices.The ping utility uses ICMP protocol to test the reachability of a host on an Internet Protocol (IP) network. Ping requests are serviced at the interfaces to these devices and provide a good indication of whether a device exists and is capable of receiving messages.

Note

If a network interface card responds to an ICMP request, it does not necessarily mean that the system is actually operating or capable of processing. Although networking professionals commonly make this inference, the Ping request does not actually reach the CPU of the system. Hence, if the CPU is busy (or crashed), the managed device might still respond to pings.

If your objective is to assure that a device is operational, SNMP is a better choice than ping. (The user should consider installing the SNMP Adapter Software, discussed elsewhere.) However, if your objective is to determine whether a device is accessible and likely operational, then ping is an excellent choice since virtually all network devices support it.

The BMC Defender Ping Monitor Adapter comes as a single downloadable package in self-extracting WinZip format. This package is installed at the BMC Defender Server and contains the following specific components:

CO-Ping.exe program—This is the polling agent that is responsible for gathering ping information on the system. The process is configured to run on the BMC Defender system startup (using the System > Schedule screen).

Ping Configuration screen—This is a support screen, available under the Messages > Adapters > Ping tab of the BMC Defender web interface as part of the Windows component installation. This screen allows you to configure the devices to be polled, as well as the message severities and timeouts for the polling process.

Note

The only required components of the system are the CO-Ping.exe program and the Ping Configuration screen, documented herein.

Other information on the BMC Defender Server can be found in the standard User Manual, including operation and application notes that might assist in processing the Ping messages generated by the CO-Ping.exe program, and received by the BMC Defender syslog receiver process.

System diagram

The BMC Defender ping monitor process consists of a single background process that the BMC Defender Server executes. This process reads configuration data that is configured by the operator and continuously polls a list of devices. The devices are specified by an IP address, IP address wildcard, or standard BMC Defender Address Group specification.

As the server polls the list of managed devices for values, the ping response time of each device is compared to the operator-configured threshold. When the ping response time exceeds the threshold, the ping polling process issues a syslog message to the main BMC Defender Server. The operator configures the original message and its severity and this information appears in correlation threads and tickets like any other received message.

The following diagram illustrates the CO-Ping.exe process (installed and configured as described in the next topics) continuously polling a list of managed devices. The devices can be Windows platforms, UNIX servers, routers, switches, and other network equipment.

You can configure and monitor the polling process using the Messages > Adapters > Ping screen of the main BMC Defender Server web interface.

Additional notes

When the CO-ping.exe program polls each device group entry is not faster than once per minute. While the threshold is in violation, the CO-ping.exe program repeatedly issues messages indicating the violation.
If a poll fails, this value appears in the list of current values (accessed by clicking the Ping Monitor Adapter named hyperlink on the top level screen). This causes a syslog message to be sent to the BMC Defender Server.
You can determine the poll time and response time for the CO-ping.exe program by drilling down into the Ping Monitor Adapter named hyperlink, that shows the current response time values for all devices during the last poll cycle.
Caution should be taken to avoid specifying devices in the poll lists that do not support ping. This can substantially degrade the performance of the polling (especially if the timeout and retry value is high for the monitor).
Particular caution should be taken when specifying an address group of *.*.*.*, that causes all the devices in the Devices tab to be polled. This might result in multiple timeouts and errors that degrades the performance of the polling agent and increases the Poll Interval (described further).
The Poll Interval metric, available at the bottom-left of the Ping Monitor screen, indicates the time (in seconds) needed to poll all values during a single cycle. This value, if over 60 seconds, indicates the typical duration between poll cycles, and the rate of the Ping Monitor sends syslog messages when a threshold is violated.
When configuring a BMC Defender alert, the Alert Interval should be greater than the Poll Interval value to prevent multiple tickets from being opened for a single incident. Additionally the Auto-Learn function for the alert should typically be disabled.
When the Ping Monitor software is installed, the operation of the Messages > Devices screen is augmented as follows:
- Green indicates that the device is sending messages and is currently responding to ping requests.
- Yellow indicates that the device has recently sent messages, but is no longer responding to ping requests.
- Red indicates the device has not sent messages in a user configured period of time (irrespective of whether the device is responding to ping requests).

This section provides information about the following topics: