patrol for ms window server

PATROL for Microsoft Windows Servers v2.3.00Reviewers Guide

ContentsWelcome! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Management of Microsoft Windows Servers . . . . . . . . . . . . . . . . . . . . . . 3

Installation Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4PATROL Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Installing the Product . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6Server Operating System Availability with Quick Value Statistics . . . . . 9Advanced Features and Functionality. . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Alarm Thresholds. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Automated Recovery Actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Combination Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Custom Views and Graphs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16Event Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Microsoft Performance Counters and PATROL Monitoring . . . . . . 18Process Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19Registry Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20Services Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Text Log Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Environment-Specific Functionality. . . . . . . . . . . . . . . . . . . . . . . . . . . . 23Active Directory/Domain Management . . . . . . . . . . . . . . . . . . . . . . 23Cluster/Network Load Balancing Management. . . . . . . . . . . . . . . . 23Datacenter Server Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Microsoft Certification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24MTS/COM+ Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24MSMQ Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25Helping You Maintain Advantage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26About BMC Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

BMC Software, Inc., Confidential and Proprietary Information

2 PATROL for Microsoft Windows Servers v2.3.00 Reviewers Guide

Management of Microsoft Windows ServersWelcome!This reviewers guide outlines step-by-step instructions for you to quickly install, configure, and evaluate the PATROL for Microsoft Windows Servers product in a Microsoft Windows NT or Microsoft Windows 2000 test environment.

The installation procedures in this guide assume that the product will be installed locally on a single computer that does not already have PATROL installed. For more advanced PATROL installations, including upgrades from previous versions and remote installations, please consult the PATROL for Microsoft Windows Servers Getting Started guide.

Management of Microsoft Windows ServersPATROL for Microsoft Windows Servers provides automated management of Microsoft Windows servers and proactively manages server availability, performance, and utilization. Through enterprise-level PATROL service reporting or the easy-to-use Microsoft Excel-based reporting wizard, you can create reports to assist administrators in maintaining an optimal environment. In addition, the PATROL console provides management tools to ease administration. The real-time graphs, alerting, and notification capability in PATROL helps ensure that your servers are constantly available and running at peak capacity. Having servers available and running at peak capacity is critical to meeting service level agreements.

PATROL for Microsoft Windows Servers monitors Microsoft Windows NT, Windows 2000, and .NET Server operating systems, printers, disk, memory, and other core OS functions. Administrators also can scan event logs for trouble and set PATROL to take corrective action, such as automatically restarting a service. Operating system availability is critical to system administrators because server failures can result in lost productivity and lost revenue. All too frequently, administrators learn about server crashes after irate users call. PATROL provides the administrator with proactive tools to detect problems before they impact users.BMC Software, Inc., Confidential and Proprietary Information

3

Management of Microsoft Windows Servers

Installation RequirementsBefore installing PATROL for Microsoft Windows Servers, check that the requirements listed in Table 1 have been met.

PATROL Terminology

The core components of PATROL include the PATROL Agent, which collects data, the KMs or Knowledge Modules, which contain the application-specific monitoring knowledge (they tell the agent what to monitor), and the PATROL Console (the user interface). The PATROL Agent and several Windows Knowledge Modules (KMs) are components of the PATROL for Microsoft Windows Servers product. The console is a separately licensed product.

Table 1 PATROL for Microsoft Windows Servers Install Requirements

Resource Minimum Requirements CommentsPlatform Intel

Operating system

Windows 2000 Server (SP1 and SP2 are supported)

Windows 2000 Advanced Server (SP1 and SP2 are supported)

Windows 2000 Datacenter Server (SP1 and SP2 are supported)

Windows NT Server 4.0 (SP5 and SP6A are supported)

Windows NT 4.0 Enterprise Edition (SP5 and SP6A are supported)

Windows NT 4.0 Terminal Server Edition (SP4, SP5, and SP6 are supported)

RAM 32 MB for an agent More memory is required to run PATROL with larger applications.48 MB for a console More memory is required to run

PATROL simultaneously with other Windows applications.

Disk space 20 MB for an agent (without components and KMs)

More memory is required to run PATROL with larger applications.

50 MB for a console (without components and KMs)

More memory is required to run PATROL simultaneously with other Windows applications.

148 MB for an agent(with all solution components and KMs)116 MB for a console(with all solution components and KMs)

PATROL PATROL Console 3.3.x or laterPATROL Agent 3.3.x or laterBMC Software, Inc., Confidential and Proprietary Information


Management of Microsoft Windows Servers

The console includes a tree view that you can expand to view the four levels

of monitoring provided by PATROL (Figure 1 on page 5). Traditionally, under the PATROL main map, you can see these four monitoring levels:

Server or Host (represented by the computer name) Application Class Instance Parameter

Each object has a menu of actions (menu commands) that you can view by right-clicking the object in the tree or icon view.

Annotated data points in PATROL are data points in a PATROL graph, represented by an asterisk, that provide additional details when an item is in an alarm state. One example is an annotated data point for peak CPU usage.

By clicking on this annotated data point, you can see a list of the top ten processes that were running at the time the CPU usage peaked.

Figure 1 PATROL window showing the expanded tree view with the four levels of monitoring.BMC Software, Inc., Confidential and Proprietary Information

5

Installing the Product

Installing the ProductFor your evaluation, install PATROL from the CD.

Before launching the install program, make sure to log into Windows with a user account that has local administrative privileges for the machine on which you are installing PATROL products.

Note: Although you can use an existing Windows user account to install PATROL, BMC Software recommends that you create a separate Windows user account for PATROL. This account should be a member of the local administrators group on the server where PATROL is being installed. The minimum user rights that must be assigned for PATROL to execute tasks are as follows:

act as part of OS debug programs increase quotas log on as service log on locally profile system performance replace a system token

Note: Before attempting to view Microsoft Excelbased reports in PATROL, please make sure you have Excel installed on the local machine.

1. Insert the PATROL for Windows Servers CD into the CD-ROM drive

2. The installation procedure begins automatically by using the Microsoft Windows auto-run functionality.

Note: If the installation program does not start automatically, from the Start menu, choose Run, and type the following command: D:\Setup.exe where D is your CD-ROM drive.

3. Install console components, KMs, and PATROL Agent as discussed in the following section.BMC Software, Inc., Confidential and Proprietary Information



To Install Console Components, Knowledge Modules, and PATROL AgentThe installation procedures in this guide assume the product will be installed locally on a single computer that does not already have PATROL installed. For more advanced PATROL installations, including upgrades from previous versions and remote installations, please consult the PATROL for Microsoft Windows Servers Getting Started guide.

Your first task is to decide which products to install on which machines. For evaluation purposes, you can install all components and products on a single test machine. In a production environment, you install the KMs and PATROL Agents on all computers to be managed (Managed Systems) and install the console components only on the few computers that will provide the PATROL user interface (Console Systems).

By launching auto-run from a CD install, or by double-clicking on the setup.exe file, you can begin the install program. As it launches, it displays in a Web browser interface.

1. Click Next on the welcome screen.

2. Read the license agreement and select Accept, then click Next.

Note: PATROL ships with a 30-day trial license. This license will expire in 30 days if you do not purchase the product and enter a permanent license key.

3. From the Select Type of Installation window, select Typical and click Next.

Note: With a Typical installation, PATROL automatically selects the default port number of 3181.

4. In the Specify Installation Directory window, enter the location where you want to install PATROL or accept the default directory and click Next.

5. From the Select System Roles window, select Console Systems and Managed System, then click Next.

6. Expand the PATROL Solutions for Microsoft Windows - QuickStart Packages tab and select Manage Microsoft Windows Servers and click Next.

7. Enter a valid Windows account log-in name with administrator privileges and then type the password twice as requested and click Next.

8. On the PATROL 3.x Product Directory window, specify a subdirectory location or accept the default directory and click Next.BMC Software, Inc., Confidential and Proprietary Information

7


9. Select the option to start the PATROL Agent automatically, then click

Next.

10. Review the installation summary screen, and click Start Install.

11. After successful installation, click Next.

12. To exit the install utility, click Finish.

13. Click OK, then Yes to close all browser windows.

To Set Basic Configuration

Complete the following steps to start monitoring and managing with PATROL in your environment:

1. From the Windows Start menu, select Programs => BMC PATROL => Developer Console.

Note: You will need Developer Console authority to complete some of the configuration and customization tasks in this guide. If you only want to view PATROL data, you can use the Operator Console.

To add the host (computer) that you want to monitor to the PATROL console,

2. Select Hosts => Add from the PATROL console main menu.

3. Next to Host Name, type the name of the local machine.

4. Type the Windows user name and type the password twice as requested.

Note: The Interactive System Output Window is an optional feature that might be helpful. The Interactive System Output Window allows you to view real-time descriptions of PATROL Agent activity from the console. To activate, right-click on the computer (host) name in the PATROL tree view. Then, select Show System Output Window.

5. Click OK.

Note: When you selected the Typical install option, the minimal set of monitoring parameters were automatically configured for you. However, to do some of the advanced functions in this reviewers guide, you need to load additional KMs.

6. Within the PATROL console, select File => Load KM.BMC Software, Inc., Confidential and Proprietary Information


Server Operating System Availability with Quick Value Statistics

7. Select the NT_LOAD.kml file, then click Open.Note: The NT_LOAD.kml is the most comprehensive (and the most resource intensive) of the KM files. This file is loaded for evaluation purposes so that you can see the full breadth of PATROL capability. In a production environment, the Typical install components may be sufficient for many servers.

Save your KMs so that PATROL automatically loads the selected KMs the next time you start the PATROL Console.

To do so, select File => Save KM from the PATROL main menu. You are now ready to monitor with PATROL.

To immediately view data (instead of waiting for PATROLs next scheduled monitoring interval),

1. Right-click your computers (host) name in the PATROL tree view (right under PATROL Main Map).

2. Select KM Commands => Utilities => Patrol => Force Discovery.

Note: If you make a mistake, or later want to change the Windows user account used for PATROL, you can do this from the PATROL Console. Right-click on the computer (host) name in the PATROL tree view. Select Properties, then select the Security tab. Type a new user account and password with local administrative privileges. Click OK.

For advanced featuresincluding notification, and enterprise-wide, consolidated, service reporting and event managementcontact your BMC Sales Representative for documentation on PATROL Operations Manager and PATROL Service Reporting.


The following table lists some of the statistics (parameters) available in PATROL to ensure Windows server availability. The items are listed in the order that they appear on the PATROL console.

To view the PATROL tree view, BMC Software, Inc., Confidential and Proprietary Information

9


1. Expand the PATROL MainMap icon in the top left corner of the console.2. Expand the computer name and then expand Windows Operating System.

3. To view data for any item represented in Table 2 on page 10, double-click the item in the tree view of the PATROL console

.

Table 2 How PATROL Ensures Server Availability (Part 1 of 3)

Parameter Name by Application Class How PATROL ensures server availabilityHealth At A Glance Container This high level container includes a few of the most critical statistics

you need to monitor on each server

NT_PERFMON KM This KM is used to create new custom KMs from any existing set of Microsoft Performance Counters available on a server.

Windows Operating System KM This high level container includes all of the operating system application classes and parameters listed below and on the next few pages.

NT_CACHE The next two parameters monitor caching performance.CACcachCopyReadHitsPercent the percentage of cache copy read requests

A copy read is a file read operation that is satisfied by a memory copy from a cache page to the applications buffer.

CACcachCopyReadsPerSec the frequency of reads from cache pages that involve a memory copy of the data from the cache to the applications buffer

NT_COMPOSITES Application Class This application class is used to create new custom parameters by combining multiple parameters into a single alarm. See Combination Parameters on page 14.

NT_CPU The next four parameters monitor CPU utilization.

CPUprcrInterruptsPerSec the number of device interrupts encountered by the processor per secondAn interrupt occurs when a device has completed a task or when it requires attention.

CPUprcrPrivTimePercent the percentage of processor time spent in privileged mode in non-idle threads

CPUprcrProcessorTimePercent the percentage of time that a processor is busy executing the threads of a processThreads are units of work that make up a process. Consistently high numbers (greater than 75 percent) can indicate performance problems that can slow your system down.

CPUprcrUserTimePercent the percentage of CPU time currently being spent in user mode doing commands and tasks initiated by users

NT_EVENTLOG This application class is used to monitor events in the Windows event logs. See Event Monitoring on page 17.

NT_LOGICAL_DISKS The next four parameters monitor logical disk availability.LDldDiskQueueLength the number of requests outstanding on the disk, including requests

currently in serviceBMC Software, Inc., Confidential and Proprietary Information



Table 2 How PATROL Ensures Server Availability (Part 2 of 3)LDldDiskTimePercent the percentage of elapsed time that the selected disk drive is busy servicing read or write requests

LDldFreeMegabytes the amount of unused space on the disk drive in megabytes (MB)LDldFreeSpacePercent the percentage of free space available on the selected logical disk

driveAutomated Recovery: PATROL can automatically clear the temp directory when LdldFreeSpacePercent enters an alarm state.

NT_MEMORY The next three parameters monitor memory availability.

MEMmemAvailableBytes the number of megabytes of physical memory currently available to processes (is not directly related to the amount of physical memory installed in your server)

MEMmemPageFaultsPerSec the number of hard and soft page faults in the processorMEMmemPagesPerSec the number of hard page faults for the processor; the value often

determines whether or not your system needs more RAM

NT_NETWORK The next two parameters monitor TCP/IP network traffic.

NETniPktsOutboundErrors the number of outbound packets that could not be sent as a result of errors

NETniPcktsPerSec the rate that packets are sent and received on the networkNT_PAGEFILE The next parameter monitors page file use.

PAGEpgUsagePercent the amount of the page file currently in useNT_PHYSICAL_DISKS The next two parameters monitor physical disk availability.

PDpdDiskQueueLength the number of requests outstanding on the disk at the time the performance data is collected

PDpdDiskTimePercent the percentage of elapsed time that the disk spends servicing read or write requestsGood disk performance enhances virtual memory performance and reduces the elapsed time required to load programs that perform a large number of I/O requests.

NT_PROCESS The next four parameters are displayed after you configure specific processes for monitoring. See Process Monitoring on page 19.

PROCPageFaultsPerSec the number of page faults per second by the threads executing in this process A page fault occurs when a thread refers to a virtual memory page that is not in its working set in main memory.

PROCPageFileBytes the current number of bytes this process has used in the paging filePROCProcessorTimePercent the percentage of elapsed time the selected process used to

execute instructionsAutomated Recovery: PATROL can automatically kill a process when PROCProcessorTimePercent is in alarm for a specified amount of time.

PROCStatus the status of the associated process A value of 0 indicates the process is running. A value of 1 indicates that the parameter is not running.

Parameter Name by Application Class How PATROL ensures server availabilityBMC Software, Inc., Confidential and Proprietary Information

11


Table 2 How PATROL Ensures Server Availability (Part 3 of 3)NT_REGISTRY_GROUP The next parameter is displayed after you configure specific registry keys for monitoring. See Registry Monitoring on page 20.

Total_UpdateFrequency tracks all update activities of the keys in the groupNT_SECURITY The next three parameters monitor file access security.

SECsvrErrorsAccessPermissions the number of times people attempted to open files and failed because of insufficient permissions to the file A high number of failures can indicate that someone is trying to randomly access files that are not adequately protected.

SECsvrErrorsGrantedAccess the number of times people attempted to open files and were denied A high number of denied-access errors can indicate that someone is attempting to access files without the correct authorization.

SECsvrErrorsLogon the number of failed logon attempts on the serverA high number of failed logon attempts can indicate that someone is trying to guess passwords, possibly using a password-cracking program, which could pose a breach in the security of the server.

NT_SERVER The next two parameters monitor server process activity.SVRsvrServerSessions monitors the number of sessions currently active in the server

SVRsvrSessionsErroredOut monitors the number of sessions that have been closed because of unexpected error conditions This value indicates how frequently network problems are causing dropped sessions on the server.

NT_SERVICES The next parameter monitors service availability.

ServiceStatus indicates whether a service is up or downAutomated Recovery: PATROL can automatically restart a failed service if it has a startup type of automatic.

NT_SYSTEM The next three parameters monitor system performance.

SYSobjProcesses the number of processes in the computer at the time of data collection

SYSobjThreads the number of processes in the computer at the time of data collection

SYSsysSystemUpTime the time, in seconds, that the computer has been up and running

Parameter Name by Application Class How PATROL ensures server availabilityBMC Software, Inc., Confidential and Proprietary Information


Advanced Features and FunctionalityAdvanced Features and FunctionalityThe following sections highlight some key features you will want to review in your evaluation of PATROL for Microsoft Windows Servers.

Alarm Thresholds

PATROL monitors server activity and sends alerts to the PATROL console based on predefined threshold ranges. This procedure uses an example to show you how to change these ranges to settings specific to your organization.

1. Switch from the desktop to the KM tab on the console (tabs are at the bottom of the tree view).

2. Once in the KM view, expand the Knowledge Module icon, then expand the Application Classes folder.

3. Expand the NT_LOGICAL_DISKS application class.

4. Expand the Global folder.

5. Expand the Parameters folder.

6. For this example, double-click on the LDldFreeSpacePercent parameter.

The Parameter Properties are displayed.

7. Select the Alarm Ranges tab.

Alarm 1 is for alarms. Alarm 2 is for warnings. You can select Enable for either or both alarm ranges and set the minimum and maximum ranges for when an alarm should be sent to the console. Notice that out-of-the-box PATROL gives you a warning when your free space gets below 10 percent. Then it will go into alarm when the free space is below 5 percent.BMC Software, Inc., Confidential and Proprietary Information

13

Advanced Features and Functionality

Automated Recovery ActionsPATROL includes automated methods to recover from common failures. To view the defaults for the automatic recovery action that automatically clears a temp directory when the disk gets full:

1. Return to the Desktop tab, right-click the computer (host) name in the PATROL tree view, and select KM Commands => Configure Recovery Actions.

2. Select Clean Temp Directory and click Accept.

3. Select the NT_LOGICAL_DISKS application class and click Edit.

4. Select the mode Run Attended.

This setting lets you acknowledge all recovery actions before they take place.

5. Click Accept.

6. Click Close twice to exit.

To activate the recovery action:

1. Right-click the NT_LOGICAL_DISKS icon, and select KM Commands => Edit Recovery Action List.

2. Select Include All, then click Apply.

3. Click Close.

Combination Parameters

With PATROL, you can combine several individual parameters into a single parameter (composite parameter) to see how events are correlated. For example, you can create a composite parameter to alarm only when both CPU and memory exceed predefined thresholds.

To create a composite parameter,

1. Right-click on the NT_CompositesColl application class, and select KM Commands => Create Expressions.

2. Create a name for the new parameter. For this example, type MemCPU, and click Create.BMC Software, Inc., Confidential and Proprietary Information



3. On the initial Edit screen, accept the default values and click Wizard.4. Select Patrol KM parameter and click Continue.

5. Select NT_CPU and click Continue.

6. Select CPU_Total and click Continue.

7. Select CPUprcrProcessorTimePercent and click Continue.

8. Select Greater than or equal to and click Continue.

9. Select Constant value and click Continue.

10. Type 10, and click Continue.

You have now finished the first half of the procedureto set the alarm when CPU utilization exceeds 10 percent. The following portion of the procedure guides you through setting the limit for available bytes.

11. Click More, select And, and click Continue.

12. Select Patrol KM parameter and click Continue.

13. Select NT_MEMORY and click Continue.

14. Select MEMmemAvailableBytes and click Continue.

15. Select Less than or equal to and click Continue.

16. Select Constant value and click Continue.

17. Type 100 and click Continue.

18. Exit the remaining open windows by clicking the appropriate buttons in this sequence: Done, Done, Save, OK, and Done.

You now have a new object that alerts only when both criteria are metCPU greater than 10 percent and available bytes less than 100 MB.BMC Software, Inc., Confidential and Proprietary Information

15


Custom Views and GraphsIt may be useful to create custom views that represent domains, departments, or other logical groupings of servers and parameters in the PATROL console.

To create a custom folder:

1. Select File => New => Folder from the PATROL main menu.

2. Give your custom folder a name and a title.

3. Click Browse and select an icon for the custom folder.

4. Click Open, then click OK.

The new folder is displayed below the PATROL Main Map icon in the PATROL tree view.

5. To move specific servers to this new folder, drag and drop server icons into the folder.

You can also create custom graphs of the parameters that are most important to your organization.

1. Select File => New => Graph Folder.

2. Give your custom graph a name and a title.

3. Click Browse and select an icon for the custom graph.

4. Click Open, then click OK.

The new custom graph is displayed below the custom folder in the PATROL tree view.

5. To move specific parameters to this graph, drag and drop parameter icons into the graph. You can include multiple parameters in a single graph.BMC Software, Inc., Confidential and Proprietary Information



Event MonitoringBy default, PATROL for Microsoft Windows Servers monitors all Microsoft event logs including

System Log Security Log Application Log DNS Server Directory Service File Replication Service

PATROL can monitor all event levels including informational, warning, and error. Howeverby defaultPATROL alarms only on errors. PATROL, also by default, forwards all Windows error events to the PATROL event window. You can forward additional filtered events to the PATROL console based on event source, event type, text strings, users, event categories, and event IDs.

To view the PATROL event window, select Tools => Event Manager from the PATROL main menu.

For this evaluation, use the example of monitoring the Windows application log for a specific event source.

To create a new monitoring item (instance) that represents a particular source in the Windows application log:

1. Double-click the NT_EVENTLOG application class in the tree view of the PATROL console.

2. Right-click the Application icon in the display pane on the right.

3. Select KM Commands => Instances => Defined by Template.

4. Create a name for your new monitored object and type it in the Instance Name box (for example, type MyEvents).

5. Select Create, then click Apply.

A screen is displayed where you can select different properties for event filtering.

6. In the From Sources drop-down box, select an event source. For this example, select DrWatson and select Add next to the source.

7. Change the annotation option to Yes so that any events that are found will include the event details when they are forwarded to the PATROL event window.BMC Software, Inc., Confidential and Proprietary Information

17


8. Click Apply and then click Close twice to exit.To send additional Windows events to the PATROL Event Manager (PEM) window in the PATROL console:

1. Double-click on the NT_EVENTLOG application class in the tree view of the PATROL console.

2. Right-click the Application icon in the display pane on the right.

3. Select KM Commands => Utilities => Forward NT Events to PEM.

4. In the resulting window, select Yes to choose Forward filtered NT events from the Application Log to PEM.

5. Click Apply, then click Close to exit.

Microsoft Performance Counters and PATROL Monitoring

Microsoft Windows NT and Microsoft Windows 2000 provide hundreds of performance monitor counters that collect various data about the operating system. By default, PATROL includes the industry-typical performance-monitor counters.

If your organization has interest in additional counters, you can add them by using the PATROL Perfmon Wizard tool in the PATROL Console - NT_PERFMON.

To add Microsoft performance counters,

1. Within the PATROL Console, select File => Load KM.

2. Select the NT_PERFMON.kml file, then click Open.

Within a few minutes, NT_PERFMON will display in the PATROL tree view.

3. Right-click on the NT_PERFMON application class icon and select KM commands.

4. Select Update PerfMon Parameters.

5. Type a User ID and Password with administrative rights for the server you want to monitor, and click Next.

A list of available performance groups is displayed.BMC Software, Inc., Confidential and Proprietary Information



6. Select a performance group (for example, Internet Information Services

Global, if it is listed).

7. Select the Create PATROL Application, then click Select.

A list of available counters in this performance group is displayed on the left.

8. Select a performance counter such as File Cache Hits.

9. Select Add and click the Add/Delete/Explain.

The counter now appears in the selected counters list on the right.

10. Repeat these steps for each counter of interest in this performance-monitoring group.

11. When you are finished adding counters, click Done, click Finish, and then click OK on the resulting summary screen.

The new items you added to monitoring will be displayed under the NT_PERFMON application class.

To load the new KM for monitoring by the PATROL console,

1. From the main menu on the PATROL console, select File => Load KM.

2. In the File Type box, change the kml files (*.kml) default to KmFiles (*.km).

3. From the Look in drop-down list, find the lib folder, then open the Knowledge folder.

4. Select the new KM that has a name starting with PERF, such as PERF_InetInfoSvcGbl.km.

5. Click Open.

Process Monitoring

PATROL monitors processes out of the box by reporting on the top ten processes consuming resources (PROCTopProcs). You can also customize PATROL to view continuous historic usage for a specific process or group of processes.BMC Software, Inc., Confidential and Proprietary Information

19


To monitor specific processes,1. Right-click on the NT_PROCESS application class in the PATROL tree view.

2. Select KM Commands => Process Monitoring.

3. From the list of running processes listed on the left, select a process that you want to monitor.

Note: If the process you want to monitor is not currently running, type the exact process name in the Specify a Process Name field.

4. Next to action, select Add and then click Apply.

5. On the Select Process with Argument List, keep the default values and click Apply.

6. Click Close twice to exit.

Registry Monitoring

PATROL can monitor for any changes in the Windows registry on the local machine. This ability alerts administrators to changes that could negatively affect the performance of their servers.

To begin monitoring a group of registry keys, you will need to create a registry group monitoring object (instance) in PATROL.

To create a registry group monitoring object,

1. Right-click the NT_REGISTRY application, and choose KM Commands => Define Registry Group.

2. Create a name for your new monitored object and type it in the Instance Name box.

3. Select Create and then click Apply.

4. Select the item that you want to monitor from the Select Root Key drop-down list (for example, HKEY_LOCAL_MACHINE to capture all registry changes on the local machine).

5. Leave all the other options in their default states.

6. Click Apply, then click Close twice to exit.BMC Software, Inc., Confidential and Proprietary Information



Services MonitoringBy default, PATROL monitors availability of all services that are running on the managed server. This functionality helps administrators ensure the availability of their critical applications. You can customize this list of monitored services to add services that are not yet running or to exclude services that are of less concern. Also, PATROL will restart any services that go down if they are configured to start automatically.

In addition to the default availability monitoring, you can customize PATROL to monitor how much memory and CPU a service consumes.

To monitor memory and CPU for a specific service,

1. Right-click the NT_SERVICES application and choose KM Commands => Service Executable Monitoring.

2. Select the name of the service that you wish to include for more detailed monitoring.

3. Select Include Selected.

4. Click Apply and click Close.

Text Log Monitoring

PATROL includes the ability to monitor custom application logs or any text file for file size, for file growth, and for a particular text string found in the log. If the log file grows too large, PATROL also can automatically back up and clear the log file.

To monitor a new text file:

1. Use Microsoft Windows Wordpad to create a text file with the letters XYZ in it and save it as test.txt.

2. Double-click on the NT_EVENTLOG application class in the tree view of the PATROL console.

3. Right-click on the TextLogs icon in the display pane on the right.

4. Select KM Commands => Edit List of Monitored Files.

5. Select Add and click Apply.BMC Software, Inc., Confidential and Proprietary Information

21


6. Type in the full name and path of the file that you want to monitor (for

example, C:test.txt) in the File Name box.

7. Type the maximum acceptable size for this file in Size Limit (Bytes).

Note: PATROL alarms if the file grows beyond the size that you set.

8. For the automated recovery action, you can leave the default, No Action, selected for now.

9. Click Apply, then Accept and Close to exit.

To search for a specific text string in the log file, go back to the TextLogs icon in the display panel.

1. Right-click on TextLogs, and select KM Commands => Edit Search Template.

2. Select Add, and click Apply.

3. Create a name for the new template you are creating (for example, FindXYZ), and type XYZ for the Search String.

4. Select the name of the file to search for in the text string (c:test.txt).

5. Change the Alert Severity to 3 Alarm, then click Apply.

6. On the resulting Confirm screen, click Accept.

7. Click Cancel to exit.

You will now have a PATROL alert each time the text string XYZ is found in the sample log file.BMC Software, Inc., Confidential and Proprietary Information


Environment-Specific FunctionalityEnvironment-Specific FunctionalityThe following sections give information about functionality that is available for PATROL for Microsoft Servers under specific environments.

Active Directory/Domain Management

PATROL for Microsoft Windows Servers ensures the connectivity, replication, and overall health of the active directory. The PATROL solution includes monitoring

the local Domain Controller directory Local Security Authority Subsystem (LSASS) process Lightweight Directory Access Protocol (LDAP) connectivity Domain Name System (DNS)

In addition, PATROL uses synthetic transactions, performance counters, and Windows Management Instrumentation (WMI) to ensure the availability of the customer's Active Directory.

PATROL provides Dynamic Host Configuration Protocol (DHCP) and Domain Controller monitoring to help administrators track domain usage. For example, you can easily monitor DHCP lease usage to determine in advance when you will need to allocate more addresses on particular DHCP servers.

Cluster/Network Load Balancing Management

PATROL monitors and manages processes, network status, graphical views of dependencies, and cluster health. This capability monitors the health of the cluster services and cluster-resource status in addition to monitoring cluster uptime, cluster-specific errors, resource types, and cluster-specific connectivity.

The PATROL for Windows Servers product monitors, manages, and balances the TCP/IP connection loads across clusters and nodes, improving network throughput. PATROL for Microsoft Network Load Balancing (NLB) allows you to obtain the following information:

status of the NLB cluster status of nodes within the NLB cluster cluster-related events cluster performance dataBMC Software, Inc., Confidential and Proprietary Information

23

Microsoft Certification

Datacenter Server ManagementPATROL monitors and manages the advanced features in Microsoft Windows 2000 Datacenter Server including clusters and job objects, ensuring a highly manageable, enterprise-computing platform. BMC Software has worked closely with hardware vendors to ensure that PATROL maximizes customer investments on the Microsoft Windows 2000 Datacenter Server platform. In addition, PATROL for Microsoft Windows Servers has earned Microsoft certification on the Datacenter Platform.

The job-object monitoring that PATROL for Microsoft Windows Servers performs includes

monitoring process control service alarming when job objects are created or control limits are changed monitoring when a process tried to change its priority or affinity alarming when applications are shut down or crash due to violating a

process-control limit

Microsoft CertificationBMC Software has earned Microsoft's approval to carry the Certified for Microsoft Windows 2000 Server logo on BMC Software's PATROL for Microsoft Windows Servers. BMC Software was the first enterprise systems management vendor to earn this certification for Microsoft Windows 2000 Servers.

Certification assures our customers that PATROL will run predictably on Microsoft Windows 2000 Servers, Advanced Servers and Datacenter Servers, thereby reducing the overall time and cost spent implementing Microsoft Windows 2000.

MTS/COM+ ManagementPATROL monitors and manages Microsoft Transaction Server (MTS) by monitoring processes, transactions, and events, and helping to manage multiprocessing services for higher scalability and availability.

The PATROL for Windows Servers product provides functionality to monitor the run-time environment for Microsoft Transaction Server (MTS) on a Microsoft Windows NT 4.0 server and Microsoft COM+ (COM+) on a Microsoft Windows 2000 Server.BMC Software, Inc., Confidential and Proprietary Information


MSMQ Management

The PATROL for Microsoft COM+ product performs the following actions

for Microsoft Windows 2000 servers:

monitors the COM+ run-time environment

monitors the status of COM+ applications

monitors Microsoft Windows 2000 log events related to the Microsoft Distributed Transaction Coordinator (MS DTC) service and monitors the MS DTC service status

manages the MS DTC service by providing the capability to start or stop the service

monitors Microsoft Windows 2000 COM+ log events

MSMQ ManagementPATROL monitoring of Microsoft Message Queue (MSMQ) enables administrators to monitor and manage sessions, messages, and queues, thereby ensuring the delivery of messages. The Microsoft MSMQ round-trip time metric tracks round-trip message time of each use.

ReportingPATROL provides easy-to-use, canned reports on performance and availability of Microsoft Servers and applications. You can easily generate customizable, business reports using Microsoft Excel. For more advanced, enterprise-wide summary reports, you can install the PATROL Service Reporting component.BMC Software, Inc., Confidential and Proprietary Information

25

Helping You Maintain AdvantageHelping You Maintain AdvantageBMC Software Professional Services helps your company maintain its competitive advantage through a comprehensive suite of services that includes service level management consulting, installation, implementation, configuration, and customization. Our professional services and education offerings are designed to ensure the ongoing availability of critical business applications, maximize product potential, reduce project risk, deliver IT value to your business, and improve your operations. For more information about BMC Software Professional Services, visit http://www.bmc.com/profserv.

About BMC SoftwareBMC Software, Inc. [NYSE: BMC], is the leading provider of enterprise management solutions. Through its Assuring Business Availability approach, BMC Software delivers control over infrastructure management costs, control of market advantage and differentiation via service management, and growth of business value with solutions for business optimization. BMC Software is a member of the S&P 500, with fiscal year 2001 revenues exceeding $1.5 billion and offices worldwide. For more information, please visit the BMC Software Web site at http://www.bmc.com.BMC Software, Inc., Confidential and Proprietary Information


About BMC SoftwareBMC Software, Inc., Confidential and Proprietary Information

27

For more information visit BMC Software on the Web at www.bmc.com

BMC Software, the BMC Software logos and all other BMC Software product or service names are registered trademarks or trademarks of BMC Soft-ware, Inc. All other registered trademarks or trade-marks belong to their respective companies. 2002, BMC Software, Inc. All rights reserved.

17444 6/02

Welcome!Management of Microsoft Windows ServersInstallation RequirementsPATROL Terminology

Installing the ProductServer Operating System Availability with Quick Value StatisticsAdvanced Features and FunctionalityAlarm ThresholdsAutomated Recovery ActionsCombination ParametersCustom Views and GraphsEvent MonitoringMicrosoft Performance Counters and PATROL MonitoringProcess MonitoringRegistry MonitoringServices MonitoringText Log Monitoring

Environment-Specific FunctionalityActive Directory/Domain ManagementCluster/Network Load Balancing ManagementDatacenter Server Management

Microsoft CertificationMTS/COM+ ManagementMSMQ ManagementReportingHelping You Maintain AdvantageAbout BMC Software

patrol for ms window server

Documents