Itc Templates - PDF

Document Sample
Itc Templates - PDF Powered By Docstoc
					ITC WinOS SPI A.01.10




                                                            Documentation

                                                  ITC SMART Plug-In for
                                               Windows OS Management
                                                              ITC WinOS SPI
                                                             Release A.01.10
                                                                 ITC GmbH




                 Version:      A.01.10                              Page 1 of 47
                 File:         itcwin-a-01-10.pdf
                 Save Date:    24 February 2003
                 Print Date:   24 February 2003
ITC WinOS SPI A.01.10




Table of Contents
1     Introduction.................................................................................................5
    1.1 Introduction to the ITC WinOS SPI.............................................................5
    1.2 How ITC WinOS SPI Works........................................................................6
    1.3 Components of ITC WinOS SPI...................................................................8
      1.3.1 Template Groups .................................................................................... 8
      1.3.2 Templates............................................................................................. 8
      1.3.3 Node Groups........................................................................................ 10
      1.3.4 Monitors, Commands, Actions .................................................................. 10
      1.3.5 Message Groups ................................................................................... 11
      1.3.6 Applications ......................................................................................... 11
2     Installing and Configuring ITC WinOS SPI................................................13
    2.1 Introduction ...........................................................................................13
    2.2 Task 1: Check Hardware and Software Requirements ................................14
      2.2.1 Management Server Hardware Requirements .............................................. 14
      2.2.2 Management Server Software Requirements ............................................... 14
      2.2.3 Managed Node Software Requirements...................................................... 14
    2.3 Task 2: Install on Management Server......................................................15
      2.3.1 Outline of Installation ............................................................................ 15
      2.3.2 Removing an ITC WinOS SPI A.01.00 Installation ......................................... 15
      2.3.3 Installation Steps on SUN Solaris .............................................................. 16
      2.3.4 Installation Steps on HP-UX..................................................................... 17
    2.4 Task 3: Assign Managed Nodes to Node Groups.........................................20
      2.4.1 Assignment of Template Groups to Node Groups.......................................... 21
    2.5 Task 4: Modify OVO User Configuration ....................................................22
      2.5.1 Update Responsibilities........................................................................... 22
      2.5.2 Assign ITC WinOS SPI Applications to OVO Users ......................................... 22
    2.6 Task 5: Distribute Templates and Program Files to Managed Nodes............23
    2.7 Task 6: Activate Compaq Insight Manager Integration ..............................24
      2.7.1 Setting 127.0.0.1 as Trap Destination for Windows NT SNMP.......................... 24
      2.7.2 Enable Sending of SNMP Traps for Compaq Insight Manager Agent.................. 24
      2.7.3 Sending Test Traps from Compaq Insight Manager Agent .............................. 24
3     Removing ITC WinOS SPI..........................................................................26
4     Using and Customizing ITC WinOS SPI .....................................................28
    4.1 ITC WinOS SPI Default Configuration .......................................................28
    4.2 ITC WinOS SPI Severity Concept..............................................................31
    4.3 ITC WinOS SPI Message Groups...............................................................32
    4.4 ITC WinOS SPI Event Log Monitoring .......................................................33
      4.4.1 Template Groups for Event Log Management .............................................. 34
      4.4.2 Duplicate Message Suppression................................................................ 34
      4.4.3 Classification of Core Event Log Sources..................................................... 35
      4.4.4 Classification of Infra Event Log Sources .................................................... 38
    4.5 ITC WinOS S PI Resource and Performance Monitoring ..............................41
      4.5.1 Use of the object Attribute ................................................................... 41
      4.5.2 Metrics Provided by ITC WinOS SPI Collector/Analyzer................................... 44
    4.6 ITC WinOS SPI Service and Driver Monitoring...........................................45
      4.6.1 Service Monitoring ................................................................................ 45
      4.6.2 Driver Monitoring .................................................................................. 45
      4.6.3 Process Monitoring ................................................................................ 45
    4.7 ITC WinOS SPI Dr. Watson Process Monitoring .........................................46

                   Version:         A.01.10                                                               Page 2 of 47
                   File:            itcwin-a-01-10.pdf
                   Save Date:       24 February 2003
                   Print Date:      24 February 2003
ITC WinOS SPI A.01.10



  4.8 ITC WinOS SPI Hardware Manager Integration.........................................47
    4.8.1 Compaq Insight Manager........................................................................ 47




                 Version:       A.01.10                                                         Page 3 of 47
                 File:          itcwin-a-01-10.pdf
                 Save Date:     24 February 2003
                 Print Date:    24 February 2003
ITC WinOS SPI A.01.10



Trademark Notices.

Adobe® is a trademark of Adobe Systems Incorporated.
Compaq and the names of Compaq products are either trademarks and/or service marks or registered trademarks
and/or service marks of Compaq Information Technologies Group, L.P.
HP-UX Release 10.20 and later and HP-UX Release 11.00 and later (in both 32 and 64-bit configurations) on all HP
9000 computers are Open Group UNIX 95 branded products.
Intel486 is a U.S. trademark of Intel Corporation.
Java™ is a U.S. trademark of Sun Microsystems, Inc.
Microsoft® is a U.S. registered trademark of Microsoft Corporation.
Netscape™ and Netscape Navigator™ are U.S. trademarks of Netscape Communications Corporation.
OpenView® is a registered U.S. trademark of Hewlett-Packard Company.
Oracle® is a registered U.S. trademark of Oracle Corporation, Redwood City, California.
Oracle Reports™, Oracle7™, and Oracle7 Server™ are trademarks of Oracle Corporation, Redwood City, California.
OSF/Motif® and Open Software Foundation® are trademarks of Open Software Foundation in the U.S. and other
countries.
Pentium® is a U.S. registered trademark of Intel Corporation.
SQL*Net® and SQL*Plus® are registered U.S. trademarks of Oracle Corporation, Redwood City, California.
UNIX® is a registered trademark of the Open Group.
Windows NT® is a U.S. registered trademark of Microsoft Corporat ion.
Windows® and MS Windows® are U.S. registered trademarks of Microsoft Corporation.

Other product and company names mentioned in this document may be trademarks and/or service marks of their
respective owners.



Naming Conventions.

Throughout this document we refer to the product HP OpenView (VantagePoint ) Operations for UNIX of HEWLETT-
PACKARD COMPANY, United States of America, as

HP OpenView Operations for UNIX (which corresponds to the name used at time of print of this documentation by
Hewlett-Packard itself)

or

HP OpenView Operations

or

OVO (for short)

Throughout this document the term Microsoft Windows or Windows refers to Microsoft Windows NT 4 or Microsoft
Windows 2000 unless otherwise stated.




                  Version:        A.01.10                                                               Page 4 of 47
                  File:           itcwin-a-01-10.pdf
                  Save Date:      24 February 2003
                  Print Date:     24 February 2003
ITC WinOS SPI A.01.10




1 Introduction
                                            PI,
This document describes the ITC WinOS S its architecture, installation, configuration and
usage. In order to be able to make best use of this document, a certain familiarity with concepts
and work processes of HP OpenView Operations for Unix (OVO) is necessary. If in doubt, first
read the product documentation of OVO, especially HP OpenView VantagePoint Operations for
HP-UX – Concepts Guide.


1.1 Introduction to the ITC WinOS SPI
The ITC WinOS SPI (SMART Plug-In for Windows OS) is based on Hewlett-Packard’s systems
management product HP OpenView Operations for UNIX (OVO) to which it adds monitoring
capabilities for Microsoft Windows-based server systems.

ITC WinOS SPI messaging and action-executing capabilities are based on the OVO concept of
Templates. These Templates define conditions within the Windows operating system that help
you avoid potential problems or resolve those that occur. As a result, you can avoid serious
disruptions to Windows operating system operation.

ITC WinOS SPI performs monitoring of Windows server systems covering five areas:

Event Log Monitoring

Operating system events (from the system Event Logs) as generated by Windows-based server
systems are predefined in a set of OVO Logfile Template. These Templates provide a mapping of
Windows event severities to OVO severities based on Windows event sources and allow for a
user-definable classification of servers into three categories of importance.

Resource and Performance Monitoring (Windows NT 4 only)

An enhanced resource and performance monitoring is designed to detect performance
bottlenecks and resource shortages by taking into consideration relations between Windows
performance counters and other sources. These aggregated values, provided as ITC WinOS SPI-
specific metrics, can be configured by standard OVO Monitor Templates.

Service and Driver Monitoring

ITC WinOS SPI continuously monitors all Windows services and drivers that are configured with
start mode “automatic”, and thus are supposed to run since system boot. Return values of
Windows Service Control Manager are fed into OVO and reactions, such as automatic restart of a
service, are user-configurable via OVO Monitor Templates.

Dr. Watson Process Monitoring

Dr. Watson processes are automatically killed in order to prevent CPU load on the managed
Windows system. For troubleshooting purposes, Dr. Watson log files are kept in OVO message
annotations and in a history file on the managed Windows system.




                 Version:      A.01.10                                                Page 5 of 47
                 File:         itcwin-a-01-10.pdf
                 Save Date:    24 February 2003
                 Print Date:   24 February 2003
ITC WinOS SPI A.01.10



Hardware Manager Integration

ITC WinOS SPI intercepts events generated by hardware managers, and allows for easy access
to hardware manager consoles. In this first release, Compaq Insight Manager is supported. In
later releases, further hardware managers will be supported.


1.2 How ITC WinOS SPI Works
The following diagram represents the monitoring architecture of ITC WinOS SPI.


                                                                                            Security
                                                                                      A      Application
                                                                                      P           System
                                                                                      I
                   opcle
                                Logfile
                               Templates                      Event Log Monitoring             Event Logs


                                            start
                                                                                      A
                                                      itcwinca.exe                    P         Perflib,
                                           opcmon                                               Registry
                                                                                      I
                                Monitor
                                         Resource and Performance Monitoring
                 opcmona       Templates

                                            start
                                                                                      A
      OVO                                            itcwinmon.exe                    P        Services,
                                           opcmon                                     I         Drivers
                                Monitor
                               Templates              Service and Driver Monitoring

                 opcmsgi       Schedule
                               Template     start                                     A
                                                      itckillwat.exe                  P      Process Table
                                           opcmsg                                     I
                               Message
                               Template              Dr. Watson Process Monitoring

                                                                                                SNMP
                  opcevti                                                                      Service
                                                                                          Windows NT
                                 Trap
                                                     Hardware Manager Integration           Compaq
                               Template
                                                                                          Insight Agent
                OVO Agent



                                                    ITC WinOS SPI
                                                     components




On the left hand side the OVO agent with part of its components (Logfile Encapsulator process
(opcle), Monitor Agent process (opcmona), Message Interceptor process (opcmsgi), Event


                 Version:       A.01.10                                                           Page 6 of 47
                 File:          itcwin-a-01-10.pdf
                 Save Date:     24 February 2003
                 Print Date:    24 February 2003
ITC WinOS SPI A.01.10



                                                      PI
Interceptor process (opcevti)) is shown. ITC WinOS S fully adheres to the OVO concepts of
monitoring, and thus uses the OVO agent as its basis.

On the right hand side you find representations of part of the Windows NT operating system with
its APIs and the Compaq Insight Manager agent.

ITC WinOS SPI bridges the gap between OVO agent on the one side and Windows NT operating
system and Compaq Insight Manager agent on the other side by providing a set of OVO
Templates and monitoring executables.

For Event Log Monitoring, the OVO Logfile Encapsulator directly connects via API to the Windows
Event Logs. ITC WinOS SPI provides a set of sophisticated OVO Logfile Templates for filtering
Windows Event Log messages.

Resource and Performance Monitoring requires the interpretation of values from various sources
within the Windows NT 4 operating system. Therefore, a dedicated process, the ITC WinOS SPI
Collector/Analyzer (itcwinca.exe) is triggered on a regular basis by the OVO agent, controlled
by an OVO Monitor Template. On its run it collects values from Windows NT, and provides a set
of calculated metrics via the standard interface opcmon to the OVO Monitor Agent, which is in
charge of deciding on these metric values by thresholds configurable in a set of OVO Monitor
Templates. Note that Resource and Performance Monitoring is available on Windows NT 4
managed nodes only.

The status of services and drivers is obtainable from the Windows Service Control Manager via
API. The ITC WinOS SPI Service/Driver Monitor (itcwinmon.exe) regularly (triggered by the
OVO Monitor Agent and thus controllable by an OVO Monitor Template) reads these states from
the Service Control Manager and reports via opcmon to the OVO Monitor Agent. Reactions to
failed services and drivers (such as e.g. automatic or operator-initiated restarts) are thus
configurable via standard OVO Monitor Templates.

Dr. Watson processes (drwtsn32.exe) are found by itckillwat.exe by scanning the
Windows process table. After a timeout, ensuring that writing to the Dr. Watson log file has been
finished, they are automatically killed through Windows API. A corresponding message is sent to
OVO via the opcmsg Message Interface. It can be further customized by an OVO condition to
best suit user’s needs.

Integration with Compaq Insight Manager is implemented via SNMP traps. While Compaq Insight
Manager agents can also be configured to log the Windows NT Event Logs, the SNMP path offers
better instruction texts, derived from Compaq SNMP trap definitions.

What can not be seen in the diagram above are interactive components of ITC WinOS SPI: A set
of OVO applications allows for configurative, controlling, and launching (such as the Compaq
Insight Manager XE web interfaces) tasks being triggered by the OVO user from the OVO GUI.




                 Version:      A.01.10                                                Page 7 of 47
                 File:         itcwin-a-01-10.pdf
                 Save Date:    24 February 2003
                 Print Date:   24 February 2003
ITC WinOS SPI A.01.10




1.3 Components of ITC WinOS SPI
After installation of ITC WinOS SPI you will find the following new components in your OVO
environment:


1.3.1 Template Groups
All OVO Templates provided by ITC WinOS SPI can be used out of the box without any
customizing tasks. The Templates are organized in the following way:

TOPLEVEL
     ITCWIN A.01.10                                      (Template    Group)
          ITCWIN-DRWATSON                                (Template    Group)
          ITCWIN-EVENTLOG                                (Template    Group)
          ITCWIN-HARDWARE                                (Template    Group)
          ITCWIN-NT4-CORE-P1                             (Template    Group)
          ITCWIN-NT4-CORE-P2                             (Template    Group)
          ITCWIN-NT4-CORE-P3                             (Template    Group)
          ITCWIN-NT4-INFRA                               (Template    Group)
          ITCWIN-NT4-PERF                                (Template    Group)
          ITCWIN-SVC                                     (Template    Group)
          ITCWIN-TEST                                    (Template    Group)
          ITCWIN-W2K-CORE-P1                             (Template    Group)
          ITCWIN-W2K-CORE-P2                             (Template    Group)
          ITCWIN-W2K-CORE-P3                             (Template    Group)
          ITCWIN-W2K-INFRA                               (Template    Group)


Note: If it is required, the Templates can be reorganized. However, to ensure smooth future
update procedures the original Template structure should remain intact. If you want to modify
Templates, it would be advisable to copy them to another place and rename them. Note,
however that Performance Management Templates (“ITCWIN-<Metric Number>”) must not be
renamed.

1.3.2 Templates

Template Type            Template Name              Purpose
Message Template         ITCWIN-MSG-opcmsg(1|3) Messages sent by using opcmsg API

Logfile Template         ITCWIN-Core-P1_APP         Application Event Log on Prio1 servers

Logfile Template         ITCWIN-Core-P2_APP         Application Event Log on Prio2 servers

Logfile Template         ITCWIN-Core-P3_APP         Application Event Log on Prio3 servers

Logfile Template         ITCWIN-Core-P1_SYS         System Event Log on Prio1 servers

Logfile Template         ITCWIN-Core-P2_SYS         System Event Log on Prio2 servers




                 Version:      A.01.10                                               Page 8 of 47
                 File:         itcwin-a-01-10.pdf
                 Save Date:    24 February 2003
                 Print Date:   24 February 2003
ITC WinOS SPI A.01.10



Logfile Template         ITCWIN-Core-P3_SYS         System Event Log on Prio3 servers

Logfile Template         ITCWIN-Core-P1_SEC         Security Event Log on Prio1 servers

Logfile Template         ITCWIN-Core-P2_SEC         Security Event Log on Prio2 servers

Logfile Template         ITCWIN-Core-P3_SEC         Security Event Log on Prio3 servers

Logfile Template         ITCWIN-Infra-P1_APP        Application Event Log on Prio1 Domain
                                                    Controllers
Logfile Template         ITCWIN-Infra-P2_APP        Application Event Log on Prio2 Domain
                                                    Controllers
Logfile Template         ITCWIN-Infra-P3_APP        Application Event Log on Prio3 Domain
                                                    Controllers
Logfile Template         ITCWIN-Infra-P1_SYS        System Event Log on Prio1 Domain
                                                    Controllers
Logfile Template         ITCWIN-Infra-P2_SYS        System Event Log on Prio2 Domain
                                                    Controllers
Logfile Template         ITCWIN-Infra-P3_SYS        System Event Log on Prio3 Domain
                                                    Controllers
Logfile Template         ITCWIN-LOG-INTRUSION       Repeated Logon Failures

Monitor Template         ITCWIN-MON-Driver-Down Windows Driver Monitoring

Monitor Template         ITCWIN-MON-Driver-Up       Windows Driver Monitoring

Monitor Template         ITCWIN-MON-Service-        Windows Service Monitoring
                         Down

Monitor Template         ITCWIN-MON-Service-Up      Windows Service Monitoring

Monitor Template         ITCWIN-PERF-05m            Windows Performance Monitoring;
                                                    Start Collector/Analyzer
Monitor Template         ITCWIN-0100 – 1xx          Windows Performance Monitoring Memory

Monitor Template         ITCWIN-0200 – 2xx          Windows Performance Monitoring CPU

Monitor Templa te        ITCWIN-0300 – 3xx          Windows Performance Monitoring Disk

Monitor Template         ITCWIN-0400 – 4xx          Windows Performance Monitoring Network

Schedule Template ITCWIN-DRWATSON-05m               Detect and Kill Dr. Watson Processes

Trap Template            ITCWIN-TRP-Compaq480       Compaq Hardware Management




                 Version:      A.01.10                                               Page 9 of 47
                 File:         itcwin-a-01-10.pdf
                 Save Date:    24 February 2003
                 Print Date:   24 February 2003
ITC WinOS SPI A.01.10




1.3.3 Node Groups
ITC WinOS SPI adds the following Node Groups to your OVO configuration:

Node Group Name                Node Group Label         Purpose
ITCWIN-                        Windows NT4 Prio 1       high-priority Windows NT 4 servers
WindowsNT4Prio1
ITCWIN-                        Windows NT4 Prio 2       medium-priority Windows NT 4 servers
WindowsNT4Prio2
ITCWIN-                        Windows NT4 Prio 3       low-priority Windows NT 4 servers
WindowsNT4Prio3
ITCWIN-                        Windows W2K Prio 1       high-priority Windows 2000 servers
WindowsW2KPrio1
ITCWIN-                        Windows W2K Prio 2       medium-priority Windows 2000 servers
WindowsW2KPrio2
ITCWIN-                        Windows W2K Prio 3       low-priority Windows 2000 servers
WindowsW2KPrio3
ITCWIN-                        Windows NT4 DC           Windows NT 4 domain controllers (PDC
WindowsNT4DC                                            and BDC)
ITCWIN-                        Windows W2K DC           Windows 2000 domain controllers
WindowsW2KDC
ITCWIN-WindowsTEST             Windows Test             Windows test systems


1.3.4 Monitors, Commands, Actions
ITC WinOS SPI provides and needs the following programs under the following directory on the
OVO Management Server, to be distributed to Windows Managed Nodes:

        /var/opt/OV/share/databases/OpC/mgd_node/customer/ms/intel/nt

File                                   Purpose
monitor/itcwinca.exe.Z   ITC WinOS SPI Collector/Analyzer for Resource and
                         Performance Monitoring
monitor/itcwinmon.exe.Z ITC WinOS SPI Service/Driver Monitor
actions/itckillwat.exe.Z ITC WinOS SPI Dr. Watson Detector/Killer


Note: The following two Microsoft DLLs are required for ITC WinOS SPI and have to be installed
in subdirectory monitor in compress format. These libraries are licensed with your Microsoft
Windows operating system and typically reside in %SYSTEMROOT%\SYSTEM32. However, as in
rare cases they have found to be not present on Windows systems, to be on the safe side please
distribute them with OVO:

monitor/pdh.dll.Z                    Performance Data Helper DLL
monitor/psapi.dll.Z                  Process Status Helper




                 Version:       A.01.10                                               Page 10 of 47
                 File:          itcwin-a-01-10.pdf
                 Save Date:     24 February 2003
                 Print Date:    24 February 2003
ITC WinOS SPI A.01.10



1.3.5 Message Groups
Message Group                  Purpose
ITCWIN-OS                      messages related to Windows operating system, I/O etc. malfunctions
ITCWIN-Security                messages related to Windows operating system security issues
ITCWIN-Perf                    messages related to Windows operating system, I/O etc. performance
                               issues
ITCWIN-Error                   internal error messages (SPI malfunctions)
ITCWIN-CompaqHW                messages related to Compaq hardware (Compaq Insight Manager
                               integration)
ITCWIN-Test                    test messages

1.3.6 Applications
ITC WinOS SPI provides the following Application Groups and Applications within Application
Group ITCWIN:

Application       Application Purpose
Group             (Label)
(Label)
ITCWIN-           ITCWINMON        Disable ITC WinOS SPI Service and Driver Monitoring
CONTROL           OFF
                  ITCWINMON        Enable ITC WinOS SPI Service and Driver Monitoring
                  ON
                  ITCWINCA         Disable ITC WinOS SPI Resource and Performance Monitoring
                  OFF
                  ITCWINCA         Enable ITC WinOS SPI Resource and Performance Monitoring
                  ON
ITCWIN-           ITCWINMON        Test functionality of ITC WinOS SPI Serv ice/Driver Monitor (as an
SUPPORT           TEST             example, checks status of Alerter service)
                  ITCWINCA         Test functionality of ITC WinOS SPI Collector/Analyzer
                  TEST             (checks connections to Windows APIs)
                  ITCWINMON        Show version of ITC WinOS SPI Service/Driver Monitor
                  VERSION
                  ITCWINCA         Show version of ITC WinOS SPI Collector/Analyzer
                  VERSION
                  ITCWIN           Download ITC WinOS SPI configuration from OVO database to
                  DOWNLOAD         archive
                                   /opt/OV/OpC/integration/itcwin/support/itcwinspic
                                   fgdwn/
                                   ITCWIN.A.01.00.cfgdwn.tar
                  ITCWIN           Show error and status logfile of ITC WinOS SPI on selected
                  SHOW             Managed Nodes
                  ITCWINLOG
ITCWIN-           CIM XE           Start web browser from Java GUI and connect to web interface of
CIM               Agent            Compaq Insight Manager XE Agent on selected Managed Node
                  CIM XE           Start web browser from Java GUI and connect to web interface of
                  Server           Compaq Insight Manager XE Server (server has to be configured
                                   prior to first use of this application via Modify…)
                  CIM SNMP         Restart Windows NT SNMP Service (including Compaq Insight
                  RESTART          Manager Subagents)


                 Version:          A.01.10                                                  Page 11 of 47
                 File:             itcwin-a-01-10.pdf
                 Save Date:        24 February 2003
                 Print Date:       24 February 2003
ITC WinOS SPI A.01.10



                  CIM SHOW     Show Trap Destinations of Windows NT SNMP Service (should
                  TRAPDEST     include 127.0.0.1 or localhost for CIM integration)
                  CIM SET      Set first Trap Destination of Windows NT SNMP Service to
                  TRAPDEST     127.0.0.1
                  CIM SHOW     Show running SNMP Service and Compaq Insight Manager
                  SNMP SVCS    Subagents on selected Managed Nodes
ITCWIN-           AGENT        Send “ITCWIN: TEST MESSAGE” via opcmsg from selected
AGENT             TEST         Managed Node, Message Group ITCWIN-TEST
                  MESSAGE
                  AGENT        Stop OVO agent processes (besides Control Agent) on selected
                  STOP         Managed Nodes
                  AGENT        Show status of OVO agent processes on selected Managed Nodes
                  STATUS
                  AGENT        (Re-)start OVO agent processes (assuming running Control Agent)
                  START        on selected Managed Nodes
                  AGENT        List all configured Templates on selected Managed Nodes
                  SHOW
                  TEMPL
                  AGENT        List all action executables on selected Managed Nodes
                  SHOW
                  ACTIONS
                  AGENT        List all monitor executables on selected Managed Nodes
                  SHOW
                  MONITORS
                  AGENT        List all command executables on selected Managed Nodes
                  SHOW CMDS
                  AGENT        Show contents of OVO agent error log file on selected Managed
                  SHOW         Nodes
                  OPCERROR




                 Version:      A.01.10                                                  Page 12 of 47
                 File:         itcwin-a-01-10.pdf
                 Save Date:    24 February 2003
                 Print Date:   24 February 2003
ITC WinOS SPI A.01.10




2 Installing and Configuring ITC WinOS SPI
This chapter describes the steps necessary to get ITC WinOS SPI installed on your OVO
Management Server and on your Windows Managed Nodes. After these steps ITC WinOS SPI is
in a usable state. To get the most out of the capabilities of ITC WinOS SPI, however, it is
advisable to become acquainted with the customizability of the SPI: Hints can be found in
chapter 4.


2.1 Introduction
To install and configure ITC WinOS SPI, complete the tasks below in the order listed.

•   Task 1: Check Hardware and Software Requirements

•   Task 2: Install on Management Server

•   Task 3: Assign Managed Nodes to Node Groups

•   Task 4: Modify OVO User Configuration

•   Task 5: Distribute Templates and Program Files to Managed Nodes

•   Task 6: Activate Compaq Insight Manager Integration




                 Version:      A.01.10                                                  Page 13 of 47
                 File:         itcwin-a-01-10.pdf
                 Save Date:    24 February 2003
                 Print Date:   24 February 2003
ITC WinOS SPI A.01.10




2.2 Task 1: Check Hardware and Software Requirements

2.2.1 Management Server Hardware Requirements
For general hardware and software requirements for the Management Server please refer to HP
OpenView VantagePoint Operations for HP-UX – Installation Guide for the Management Server,
Chapter 1 “Installation Prerequisites for the Management Server”.

The hardware requirements for the Management Server must be met before installing the ITC
WinOS SPI. The ITC WinOS SPI requires 10 MB of disk space in addition to the requirements for
the OVO Management Server.

2.2.2 Management Server Software Requirements
The ITC WinOS SPI is available for

•   HP OpenView (VantagePoint) Operations for UNIX A.06.x for HP-UX 10.20 or HP-UX 11.0
    HP OpenView Operations for UNIX A.07.x for HP-UX 11.0 or HP-UX 11.11

•   HP OpenView (VantagePoint) Operations for UNIX A.06.x for SUN Solaris 7 or SUN Solaris 8
    HP OpenView Operations for UNIX A.07.x for SUN Solaris 7 or SUN Solaris 8


2.2.3 Managed Node Software Requirements
•   Operating System:
    Windows NT 4.0, US localization, Service Pack 5 or later
    Windows 2000, US localization, Service Pack 2 or later

•   HP OpenView (VantagePoint) Operations for UNIX A.06.x agent
    HP OpenView Operations for UNIX A.07.x agent




                 Version:      A.01.10                                             Page 14 of 47
                 File:         itcwin-a-01-10.pdf
                 Save Date:    24 February 2003
                 Print Date:   24 February 2003
ITC WinOS SPI A.01.10




2.3 Task 2: Install on Management Server

2.3.1 Outline of Installation
The ITC WinOS SPI provides a set of OVO Templates, which will be loaded by OVO Configuration
Upload (cf. man opccfgupld) into the OVO Management Server database. In addition some
executables will be copied in compress-Format (.Z) into

        /var/opt/OV/share/databases/OpC/mgd_node/customer/ms/intel/nt

(subdirectories actions, cmds, monitor) on the Management Server.


2.3.2 Removing an ITC WinOS SPI A.01.00 Installation
In case you are upgrading to ITC WinOS SPI A.01.10 from using the previous A.01.00 version,
uninstall the previous installation:

•   As user root perform the following to remove all WinOS SPI executables from the OVO
    distribution directories (one line, line-wrap due to formatting):

    find /var/opt/OV/share/databases/OpC/mgd_node/customer/ms/intel/nt –
    name itcwin\* -exec rm {} \;

•   Also, as user root, perform the following to remove the WinOS SPI installation directory and
    its contents:

    rm –r /opt/OV/OpC/integration/itcwin

•   Log on to OVO as administrative user opc_adm

•   Remove all Templates and Template Groups starting with prefix ITCWIN. Use shift-select to
    select multiple Templates/Template Groups at once. Mind that Templates/Template Groups
    no longer belonging to a parent Template Group will appear at “Toplevel”. Please make sure
    to recursively delete ITCWIN Templates/Template Groups from “Toplevel” until all are
    deleted.

•   In case you added assignments of single ITCWIN Templates to Managed Nodes, please check
    that all Template Assignments of ITCWIN Templates are removed.

•   Distribute Templates, Actions, Monitors, Commands to all Managed Nodes that have been
    managed by ITC WinOS SPI. This will remove ITCWIN Templates and executables from the
    Managed Nodes.

•   In the following Node Groups remove all Managed Nodes (“remove from group”):
    Windows NT Prio 1
    Windows NT Prio 2
    Windows NT Prio 3
    Windows NT DC
    Windows NT Test



                 Version:      A.01.10                                               Page 15 of 47
                 File:         itcwin-a-01-10.pdf
                 Save Date:    24 February 2003
                 Print Date:   24 February 2003
ITC WinOS SPI A.01.10



•   Delete the following Node Groups:
    Windows NT Prio 1
    Windows NT Prio 2
    Windows NT Prio 3
    Windows NT DC
    Windows NT Test

•   Remove the following Message Groups:
    ITCWIN-OS
    ITCWIN-Security
    ITCWIN-Perf
    ITCWIN-Error
    ITCWIN-CompaqHW
    ITCWIN-TEST

•   In the following Application Groups within Application Group ITCWIN remove all OVO
    Applications (“delete”):
    ITCWIN-CONTROL
    ITCWIN-SUPPORT
    ITCWIN-CIM
    ITCWIN-AGENT

•   Delete the following Application Groups within Application Group ITCWIN:
    ITCWIN-CONTROL
    ITCWIN-SUPPORT
    ITCWIN-CIM
    ITCWIN-AGENT

•   Delete the Application Group ITCWIN.


2.3.3 Installation Steps on SUN Solaris
For installation of the ITC WinOS SPI package perform the following steps:

•   close all OVO GUI sessions

•   stop the OVO management server processes:
    /opt/OV/bin/ovstop ovoacomm opc

•   by killing manually, make sure that no leftover opc processes are running, except for OVO
    agent processes

•   insert ITC WinOS SPI A.01. 10 CD-ROM into drive; the Solaris automounter automatically
    mounts the CD-ROM to /cdrom/cdrom0

•   install ITC WinOS SPI from the software depot file on CD-ROM:
    /usr/sbin/swinstall -s /cdrom/cdrom0/itcwin.depot ITC-WINOS-SPI

    Example output:

    =======        02/17/03 15:16:47 MET BEGIN swinstall SESSION
                   (non-interactive) (jobid=myovosvr-0046)


                 Version:      A.01.10                                               Page 16 of 47
                 File:         itcwin-a-01-10.pdf
                 Save Date:    24 February 2003
                 Print Date:   24 February 2003
ITC WinOS SPI A.01.10



                * Session started for user "root@myovosvr".

                * Beginning Selection
                * Target connection succeeded for "myovosvr:/".
                * Source:                 /cdrom/cdrom0/itcwin.depot
                * Targets:                myovosvr:/
                * Software selections:
                      ITC-WINOS-SPI.SUPPORT,r=A.01.10
                      ITC-WINOS-SPI.TEMPLATES,r=A.01.10
                * Selection succeeded.


                * Beginning Analysis and Execution
                * Session selections have been saved in the file
                  "/.sw/sessions/swinstall.last".
                * The analysis phase succeeded for "myovosvr:/".
                * The execution phase succeeded for "myovosvr:/".
                * Analysis and Execution succeeded.


    NOTE:           More information may be found in the agent logfile using the
                    command "swjob -a log myovosvr-0046 @ myovosvr:/".

    =======    02/17/03 15:18:20 MET                   END   swinstall      SESSION        (non-
    interactive)
             (jobid=myovosvr-0046)

    The install script called by swinstall
    - copies all needed files into directory /opt/OV/OpC/integration/itcwin
    - uploads the ITC WinOS SPI Templates and other configuration items into the OVO
    database using opccfgupld
    - uploads all needed commands, actions and monitors to
    /var/opt/OV/share/databases/OpC/mgd_node/customer/ms/intel/nt

•   after successful installation eject the CD-ROM:
    eject

•   start the OVO management server processes:
    /opt/OV/bin/ovstart ovoacomm opc

•   Log on to the OVO administrative GUI as opc_adm. Open a Message Source Template
    window.


2.3.4 Installation Steps on HP-UX
For installation of the ITC WinOS SPI package on HP-UX perform the following steps:

•   close all OVO GUI sessions

•   stop the OVO management server processes:
    /opt/OV/bin/ovstop ovoacomm opc



                 Version:      A.01.10                                                Page 17 of 47
                 File:         itcwin-a-01-10.pdf
                 Save Date:    24 February 2003
                 Print Date:   24 February 2003
ITC WinOS SPI A.01.10



•   by killing manually, make sure that no leftover opc processes are running, except for OVO
    agent processes

•   insert ITC WinOS SPI A.01. 10 CD-ROM into drive

•   log on to the OVO Management Server as user root

•   start the Portable File System (PFS) mount request server:
    /usr/sbin/pfs_mountd &

•   start the PFS daemon:
    /usr/sbin/pfsd &

•   use a system editor to add the following line to /etc/pfstab:
    Syntax: <device_file> <mount_point> <filesystem_type> <translation_method>
    Example: /dev/dsk/c0t2d0 /SD_CDROM pfs-rrip xlat=unix 0 0

•   create the mount directory:
    mkdir /SD_CDROM

•   mount the CD-ROM:
    /usr/sbin/pfs_mount /SD_CDROM

•   install ITC WinOS SPI from the software depot file on CD-ROM:
    /usr/sbin/swinstall -s /SD_CDROM/itcwin.depot ITC-WINOS-SPI

    Example output:

    =======         02/17/03 15:16:47 MET BEGIN swinstall SESSION
                    (non-interactive) (jobid=myovosvr-0046)

                * Session started for user "root@myovosvr".

                * Beginning Selection
                * Target connection succeeded for "myovosvr:/".
                * Source:                 /cdrom/cdrom0/itcwin.depot
                * Targets:                myovosvr:/
                * Software selections:
                      ITC-WINOS-SPI.SUPPORT,r=A.01.10
                      ITC-WINOS-SPI.TEMPLATES,r=A.01.10
                * Selection succeeded.


                * Beginning Analysis and Execution
                * Session selections have been saved in the file
                  "/.sw/sessions/swinstall.last".
                * The analysis phase succeeded for "myovosvr:/".
                * The execution phase succeeded for "myovosvr:/".
                * Analysis and Execution succeeded.


    NOTE:           More information may be found in the agent logfile using the
                    command "swjob -a log myovosvr-0046 @ myovosvr:/".


                 Version:      A.01.10                                               Page 18 of 47
                 File:         itcwin-a-01-10.pdf
                 Save Date:    24 February 2003
                 Print Date:   24 February 2003
ITC WinOS SPI A.01.10




    =======    02/17/03 15:18:20 MET                    END   swinstall   SESSION      (non-
    interactive)
             (jobid=myovosvr-0046)

    The install script called by swinstall
    - copies all needed files into directory /opt/OV/OpC/integration/itcwin
    - uploads the ITC WinOS SPI Templates and other configuration items into the OVO
    database using opccfgupld
    - uploads all needed commands, actions and monitors to
    /var/opt/OV/share/databases/OpC/mgd_node/customer/ms/intel/nt

•   after successful installation unmount the CD-ROM:
    /usr/sbin/pfs_umount /SD_CDROM

•   stop the pfsd and pfs_mountd processes. For each of the processes, enter in the window
    in which you started them:
    fg
    <ctrl-c>

•   start the OVO management server processes:
    /opt/OV/bin/ovstart ovoacomm opc

•   Log on to the OVO administrative GUI as opc_adm. Open a Message Source Template
    window.




                 Version:      A.01.10                                           Page 19 of 47
                 File:         itcwin-a-01-10.pdf
                 Save Date:    24 February 2003
                 Print Date:   24 February 2003
ITC WinOS SPI A.01.10




2.4 Task 3: Assign Managed Nodes to Node Groups
ITC WinOS SPI adds the following Node Groups to your OVO configuration:

Node Group                         Purpose
Windows NT4 Prio 1                 high-priority Windows NT servers
Windows NT4 Prio 2                 medium-priority Windows NT servers
Windows NT4 Prio 3                 low-priority Windows NT servers
Windows W2K Prio 1                 high-priority Windows 2000 servers
Windows W2K Prio 2                 medium-priority Windows 2000 servers
Windows W2K Prio 3                 low-priority Windows 2000 servers
Windows NT4 DC                     Windows NT 4 domain controllers (PDC and BDC)
Windows W2K DC                     Windows 2000 domain controllers
Windows Test                       Windows test systems

From within the Node Groups window, copy & paste your Windows NT 4 managed nodes to Node
Groups Windows NT4 Prio 1, Windows NT4 Prio 2, Windows NT4 Prio 3 according to
their respective importance.

From within the Node Groups window, copy & paste your Windows 2000 managed nodes to
Node Groups Windows W2K Prio 1, Windows W2K Prio 2, Windows W2K Prio 3
according to their respective importance.

Copy & paste all Windows NT 4 Primary and Backup Domain controllers to Node Group
Windows NT 4 DC.

Copy & paste all Windows 2000 Domain controllers to Node Group Windows W2K DC.

Node Group Windows Test has been added for your convenience, if you should like to specify
Managed Nodes for testing purposes.

In order to learn how to assign Managed Nodes to Node Groups please refer to HP OpenView
VantagePoint Operations for HP-UX – Concepts Guide, Chapter 3 “Configuring and Maintaining
ITO”.

Note: Instead of using the ITC WinOS SPI Node Groups you could also keep using the Node
Groups you potentially already have set up for classifying your Windows Managed Nodes.
However please mind that all following descriptions refer to the ITC WinOS SPI Node Groups.




                 Version:      A.01.10                                             Page 20 of 47
                 File:         itcwin-a-01-10.pdf
                 Save Date:    24 February 2003
                 Print Date:   24 February 2003
ITC WinOS SPI A.01.10




2.4.1 Assignment of Template Groups to Node Groups
The following table gives an overview about the Template assignments provided after installation
of ITC WinOS SPI.

  Node Group                                            Template Group
  Windows NT4 Prio             1                        ITCWIN-NT4-CORE-P1
  Windows NT4 Prio             2                        ITCWIN-NT4-CORE-P2
  Windows NT4 Prio             3                        ITCWIN-NT4-CORE-P3
  Windows NT4 DC                                        ITCWIN-NT4-INFRA
  Windows W2K Prio             1                        ITCWIN-W2K-CORE-P1
  Windows W2K Prio             2                        ITCWIN-W2K-CORE-P2
  Windows W2K Prio             3                        ITCWIN-W2K-CORE-P3
  Windows W2K DC                                        ITCWIN-W2K-INFRA
  Windows Test                                          ITCWIN-TEST

Note. Not all Template Groups which are listed in section 3.1 must be assigned to the node
groups. The Template Groups ITCWIN-EVENTLOG, ITCWIN-PERF, ITCWIN-SVC, ITCWIN-
HARDWARE, ITCWIN-TEST are used to allow for a more simple Template organization only.




                 Version:          A.01.10                                          Page 21 of 47
                 File:             itcwin-a-01-10.pdf
                 Save Date:        24 February 2003
                 Print Date:       24 February 2003
ITC WinOS SPI A.01.10




2.5 Task 4: Modify OVO User Configuration
In the following we assume familiarity with the processes of setting up users, profiles and
responsibilities, as documented in HP OpenView VantagePoint Operations for HP-UX – Concepts
Guide, Chapter 3 “Configuring and Maintaining ITO”.


2.5.1 Update Responsibilities
For your OVO users and/or profiles add the following settings to their respective responsibility
matrix. Responsibilities printed in italics and/or brackets are optional.

                            …   Win-     Win-     Win-     Win-   Win-     Win-     Win-     Win-   Win-    …
                                dows     dows     dows     dows   dows     dows     dows     dows   dows
                                NT4      NT4      NT4      NT4    W2K      W2K      W2K      W2K    NT
                                Prio 1   Prio 2   Prio 3   DC     Prio 1   Prio 2   Prio 3   DC     TEST
…
ITCWIN-OS                         ü        ü        ü       ü       ü        ü        ü       ü      (ü)
ITCWIN-Security                   ü        ü        ü       ü       ü        ü        ü       ü      (ü)
ITCWIN-Perf                       ü        ü        ü       ü       ü        ü        ü       ü      (ü)
ITCWIN-Error                      ü        ü        ü       ü       ü        ü        ü       ü      (ü)
ITCWIN-Compaq                     ü        ü        ü       ü       ü        ü        ü       ü      (ü)
ITCWIN-TEST                      (ü)      (ü)      (ü)     (ü)     (ü)      (ü)      (ü)     (ü)     (ü)
…

Note: If you decided to stick with using your own Node Groups instead, please mind to add the
respective reponsibilities for the ITC WinOS SPI Message Groups and your own Node Groups.


2.5.2 Assign ITC WinOS SPI Applications to OVO Users

ITC WinOS SPI provides a range of OVO applications (see 1.3.6) for operating, administration
and troubleshooting. The assignment of applications to users (roles) depends on your
organization. Feel free to assign single OVO Applications or Application Groups according to your
needs to OVO users and/or profiles. The following table can serve as a broad suggestion.

Application Group Purpose                                          OVO User Type
ITCWIN-CONTROL Start/Stop ITC WinOS SPI                            Windows System Administrator
                  Monitoring
ITCWIN-SUPPORT Troubleshooting                                     OVO Administrator
ITCWIN-CIM        Configure CIM Integration,                       Windows System Administrator
                  Launch CIM Web User Interfaces
ITCWIN-AGENT      Control OVO Agent,                               Windows System Administrator
                  Show OVO Configuration




                 Version:       A.01.10                                                             Page 22 of 47
                 File:          itcwin-a-01-10.pdf
                 Save Date:     24 February 2003
                 Print Date:    24 February 2003
ITC WinOS SPI A.01.10




2.6 Task 5: Distribute Templates and Program Files to Managed
Nodes
Distribute Templates and Actions, Commands, Monitors to Node Groups configured in Task 3 and
Task 4 containing your Windows NT 4 and Windows 2000 Managed Nodes.




                 Version:      A.01.10                                           Page 23 of 47
                 File:         itcwin-a-01-10.pdf
                 Save Date:    24 February 2003
                 Print Date:   24 February 2003
ITC WinOS SPI A.01.10




2.7 Task 6: Activate Compaq Insight Manager Integration
In order to activate interception of events generated by the Compaq Insight Manager agent on a
Windows NT Managed Node two configuration steps have to be performed:

•   Setting 127.0.0.1 (localhost) as trap destination for the Windows SNMP Service

•   Enable sending of SNMP traps for Compaq Insight Manager agent

In this case, Compaq Insight Manager agent sends every event via the Windows SNMP Service to
                                                           o
receiver 127.0.0.1, which is the loopback interface of the l cal machine. The Event Interceptor
process of the OVO agent running on this machine will listen on port 162 to any incoming SNMP
traps, and will (configurable by a Trap Template provided by ITC WinOS SPI) filter and convert
the Compaq Insight SNMP traps to OVO messages.


2.7.1 Setting 127.0.0.1 as Trap Destination for Windows NT SNMP
•   Log on to OVO as an OVO user you have configured (Task 5) to have access to the ITC
    WinOS SPI applications CIM SET TRAPDEST and CIM SNMP RESTART.

•   Select all Compaq Managed Nodes and launch OVO application CIM SET TRAPDEST
    (member of Application Group ITCWIN CIM, which itself is a member of Application Group
    ITCWIN).

    This application will add 127.0.0.1, trap community public, as first trap destination to the
    list of trap destinations of the Windows SNMP Service on all selected Managed Nodes, by
    adding the corresponding key to the Windows Registry.

    Alternatively you can of course set the trap destination manually on the Managed Node
    (Control Panels, Network, Services, SNMP Service, Properties, Traps).

•   In order to have the Windows SNMP Service re-read its configuration from the Windows
    Registry, it has to be restarted. To facilitate this, select all Compaq Managed Nodes and
    launch OVO application CIM SNMP RESTART (member of Application Group ITCWIN CIM,
    which itself is a member of Application Group ITCWIN).


2.7.2 Enable Sending of SNMP Traps for Compaq Insight Manager Agent
Control Panel à Compaq Management Agents à Services

Host Remote Alerter and Host Information services are required as “Active Agents” to
receive SNMP traps. Check that they are in the left pane, and leave the control panel with [OK].
Confirm restart of Compaq agent services.


2.7.3 Sending Test Traps from Compaq Insight Manager Agent

Control Panel à Compaq Management Agents à SNMP Settings: Press button [Send Test Trap].



                 Version:      A.01.10                                               Page 24 of 47
                 File:         itcwin-a-01-10.pdf
                 Save Date:    24 February 2003
                 Print Date:   24 February 2003
ITC WinOS SPI A.01.10



Upon successful trap sending you will receive a dialog like this:




If you get this error message




and Host Remote Alerter and Host Information services are active, it sometimes helps
to reboot the system.




                 Version:      A.01.10                                    Page 25 of 47
                 File:         itcwin-a-01-10.pdf
                 Save Date:    24 February 2003
                 Print Date:   24 February 2003
ITC WinOS SPI A.01.10




3 Removing ITC WinOS SPI
For removing ITC WinOS SPI A.01.10 perform the following steps:

•   Log on to the OVO Management Server as user root and start a Unix shell.

•   As user root perform the following to remove all WinOS SPI executables from the OVO
    distribution directories (one line, line-wrap due to formatting):

    /usr/sbin/swremove ITC-WINOS-SPI

•   Log on to OVO as administrative user opc_adm

•   Remove all Templates and Template Groups starting with prefix ITCWIN. Use shift-select to
    select multiple Templates/Template Groups at once. Mind that Templates/Template Groups
    no longer belonging to a parent Template Group will appear at “Toplevel”. Please make sure
    to recursively delete ITCWIN Templates/Template Groups from “Toplevel” until all are
    deleted.

•   In case you added assignments of single ITCWIN Templates to Managed Nodes, please check
    that all Template Assignments of ITCWIN Templates are removed.

•   Distribute Templates, Actions, Monitors, Commands to all Managed Nodes that have been
    managed by ITC WinOS SPI. This will remove ITCWIN Templates and executables from the
    Managed Nodes.

•   In the following Node Groups remove all Managed Nodes (“Actions->Node->Remove From
    This Group”):
    Windows NT4 Prio 1
    Windows NT4 Prio 2
    Windows NT4 Prio 3
    Windows NT4 DC
    Windows W2K Prio 1
    Windows W2K Prio 2
    Windows W2K Prio 3
    Windows W2K DC
    Windows Test

•   Delete the following Node Groups (“Actions->Node Group->Delete”):
    Windows NT Prio 1
    Windows NT Prio 2
    Windows NT Prio 3
    Windows NT DC
    Windows W2K Prio 1
    Windows W2K Prio 2
    Windows W2K Prio 3
    Windows W2K DC
    Windows Test

•   Remove the following Message Groups (“Actions->Message Group->Delete”):
    ITCWIN-OS
    ITCWIN-Security

                 Version:      A.01.10                                              Page 26 of 47
                 File:         itcwin-a-01-10.pdf
                 Save Date:    24 February 2003
                 Print Date:   24 February 2003
ITC WinOS SPI A.01.10



    ITCWIN-Perf
    ITCWIN-Error
    ITCWIN-CompaqHW
    ITCWIN-Test

•   In the following Application Groups within Application Group ITCWIN remove all OVO
    Applications (“Actions->Application->Delete”):
    ITCWIN-CONTROL
    ITCWIN-SUPPORT
    ITCWIN-CIM
    ITCWIN-AGENT

•   Delete the following Application Groups within Application Group ITCWIN (“Actions
    ->Application->Delete”):
    ITCWIN-CONTROL
    ITCWIN-SUPPORT
    ITCWIN-CIM
    ITCWIN-AGENT

•   Delete the Application Group ITCWIN (“Actions->Application->Delete”).




                 Version:      A.01.10                                             Page 27 of 47
                 File:         itcwin-a-01-10.pdf
                 Save Date:    24 February 2003
                 Print Date:   24 February 2003
ITC WinOS SPI A.01.10




4 Using and Customizing ITC WinOS SPI

4.1 ITC WinOS SPI Default Configuration
For a quick overview the following table documents the monitoring performed when ITC WinOS
SPI default configuration has been installed to your Windows NT Managed Nodes, as described in
chapter 2.

All of these default configurations can be adapted to suit the specific needs of your system
environment. This chapter contains hints and details for customizing ITC WinOS SPI Templates.

For customizing purposes you should be familiar with the concepts of OVO Templates and their
configuration. If in doubt please consult HP OpenView VantagePoint Operations for HP-UX –
Concepts Guide, Chapter 4 “Implementing Message Policies”.

Area                             Monitoring                            Templates

Event Log Monitoring             Forward selected events from          ITCWIN-Core-*
                                 System, Application, and Security     ITCWIN-Infra-*
                                 Event Log depending on role and       ITCWIN-LOG-INTRUSION
                                 importance of Managed Node.

Service Monitoring               Report Windows NT services with        ITCWIN-MON-Service-*
                                 start mode “automatic”, that are not
                                 running. The operator-initiated action
                                 allows for easy restart of the service
                                 in question.

Driver Monitoring                Report Windows NT driver modules      ITCWIN-MON-Driver-*
                                 with start mode “automatic”, that are
                                 not running.

Memory Resource Monitoring Available physical memory less than 1 ITCWIN-MON-01*
(Windows NT 4 only)        megabyte on file servers or less than
                           4 megabyte on application servers for
                           more than 15 minutes.

                                 Available virtual memory less than
                                 80% for more than 10 minutes.

                                 Disk access time used for paging
                                 higher than 10% for more than 15
                                 minutes.

CPU Resource Monitoring          Utilization average across all CPUs   ITCWIN-MON-0200
(Windows NT 4 only)              higher than 95% for more than 15
                                 minutes.




                 Version:      A.01.10                                              Page 28 of 47
                 File:         itcwin-a-01-10.pdf
                 Save Date:    24 February 2003
                 Print Date:   24 February 2003
ITC WinOS SPI A.01.10



Disk Resource Monitoring         Free space on some logical disk less    ITCWIN-MON-0302
(Windows NT 4 only)              than 250 megabytes.1

Disk Performance Monitoring      Percentage of time some physical        ITCWIN-MON-031*
(Windows NT 4 only)              disk is busy during a 5 seconds
                                 probing interval higher than 70 for
                                 more than 10 minutes.

                                 Number of requests queued for some
                                 physical disk exceeds 2.

                                 Average seconds needed per transfer
                                 to/from some physical disk during a 5
                                 seconds probing interval exceed 0.3.

                                 Percentage of time some physical
                                 disk is busy during a 5 seconds
                                 probing interval higher than 70 while
                                 disk queue length for this disk
                                 exceeds 2.

Network Resource and             Percentage of TCP segments             ITCWIN-MON-04*
Performance Monitoring           retransmitted during a 5 seconds
(Windows NT 4 only)              probing interval exceeds 100 (i.e.
                                 every segment is sent at least twice).

                                 Number of redirector commands per
                                 network interface during a 5 seconds
                                 probing interval exceeds 1.

                                 The number of packets queueing up
                                 to be transmitted via some network
                                 interface exceeds 10.

                                 The utilization of some network
                                 interface exceeds 50%.

Dr. Watson Process               Existence of Dr. Watson log file;        ITCWIN-DRWATSON-05m
Monitoring                       automated kill of Dr. Watson process.
                                 Keep Dr. Watson log file in history file
                                 on managed system and in OVO
                                 message annotation.

Compaq Insight Manager           Forward events generated by the         ITCWIN-TRP-Compaq480
Event Monitoring                 agent of Compaq Insight Manager


1
  Easy configuration of other common disk resource monitoring patterns possible, such as “more
than x used megabytes”, “less than x percent free space”, “filled to more than x percent” by
choosing another suitable metric (Templates ITCWIN-MON-0300 through ITCWIN-MON-0303).
Also, thresholds can easily be set differently for different logical drives (configurable by drive
letters) and/or host names/host name patterns.

                 Version:      A.01.10                                                 Page 29 of 47
                 File:         itcwin-a-01-10.pdf
                 Save Date:    24 February 2003
                 Print Date:   24 February 2003
ITC WinOS SPI A.01.10



                                 covering hardware failures and
                                 issues.




                 Version:      A.01.10                            Page 30 of 47
                 File:         itcwin-a-01-10.pdf
                 Save Date:    24 February 2003
                 Print Date:   24 February 2003
ITC WinOS SPI A.01.10




4.2 ITC WinOS SPI Severity Concept
ITC WinOS SPI Templates deliberately does not use severity “critical” for its messages. The
intention is to leave you with the possibility to define events that are really critical in the context
of your specific environment.

The severity “normal” is only used for reset messages which are used to acknowledge previous
negative messages. Such reset messages usually are generated when a problem was fixed i.e. by
a succeeded action. OVO A.06.x with its feature of “Smart Message Correlation” allows the
definition of relationships between messages, and allows for automatic acknowledgement of
related messages.

The severities “warning”, “minor”, “major” will be used as shown in the following table:

Severity                       Used to indicate
Warning                        Any hint
Minor                          System health could be impacted if no intervention happens
Major                          Immediate action necessary




                 Version:        A.01.10                                                  Page 31 of 47
                 File:           itcwin-a-01-10.pdf
                 Save Date:      24 February 2003
                 Print Date:     24 February 2003
ITC WinOS SPI A.01.10




4.3 ITC WinOS SPI Message Groups
The objective of ITCWIN-specific Message Groups instead of referencing standard message
groups like OS, Security, Performance is higher flexibility: This model provides you with the
ability to regroup the ITC WinOS SPI messages without modifying the Templates. For example,
you could decide to route all ITCWIN-OS messages to your Windows message group by simply
adding a suitable Regroup Condition to your OVO configuration.

Please refer to HP OpenView VantagePoint Operations for HP-UX – Concepts Guide, Chapter 4
“Implementing Message Policies” for details on Regrouping Messages to other Message Groups.

Message Group                  Purpose
ITCWIN-OS                      messages related to Windows operating system, I/O etc. malfunctions.
ITCWIN-Security                messages related to Windows operating system security issues
ITCWIN-Perf                    messages related to Windows operating system, I/O etc. performance
                               issues
ITCWIN-Error                   internal error messages (SPI malfunctions)
ITCWIN-CompaqHW                messages related to Compaq hardware (Compaq Insight Manager
                               integration)
ITCWIN-TEST                    test messages




                 Version:          A.01.10                                                Page 32 of 47
                 File:             itcwin-a-01-10.pdf
                 Save Date:        24 February 2003
                 Print Date:       24 February 2003
ITC WinOS SPI A.01.10




4.4 ITC WinOS SPI Event Log Monitoring
ITC WinOS SPI comes with preconfigured Logfile Templates for Windows server systems. One
basic idea of ITC WinOS SPI Event Log Monitoring is to obey the “natural” classification of
Windows server systems as

    •    Member Servers (File and Print Server)
    •    Infrastructure Servers (Domain Controller, DNS)

According to server type a different focus on events is required. ITC WinOS SPI event
management was designed to consider this fact. The Logfile Templates were grouped according
to the server type focus:

  ITC WinOS SPI Template Group                      Server Type
  ITCWIN-NT4-CORE-P1
  ITCWIN-W2K-CORE-P1
  ITCWIN-NT4-CORE- P2
                                                    Member Servers (File and Print Server)
  ITCWIN-W2K-CORE- P2
  ITCWIN-NT4-CORE-P3
  ITCWIN-W2K-CORE-P3
  ITCWIN-NT4-INFRA                                  Infrastructure Servers (Domain Controller,
  ITCWIN-W2K-INFRA                                  DNS)

Furthermore, in typical Windows environments, it is often possible to classify Member Servers by
priority. While servers run the same operating system (Windows in this case) and thus possibly
generate identical Event Log messages, it is quite obvious that some servers contribute directly
to the productive environment, while others only do indirectly, or not at all. Impacts to low-
priority systems are not as expensive and must not be cared for with the same urgency as those
to high-priority systems.

This simply means that a certain Event Log message from a low-priority server system must not
be regarded as critical with respect to productive operations as a textually identical message
generated by a high-priority server system.

Another observation from practical Windows server operation, is that not all messages from
different Windows Event Log sources (in the sense of the such-named attribute of Windows
Event Log messages, being kind of the “application” denominator) are equally important. This
leads to a priority classification of Windows NT Event Log sources as well.

Based on these two classifications of Windows servers on the one hand, and Windows Event Log
sources on the other hand, ITC WinOS SPI provides a graded mapping of Windows Event Log
message severities to OVO message severities:




                 Version:      A.01.10                                                 Page 33 of 47
                 File:         itcwin-a-01-10.pdf
                 Save Date:    24 February 2003
                 Print Date:   24 February 2003
ITC WinOS SPI A.01.10



                                                              Mapping to OVO Severities
              Windows NT          Windows NT
              Event Log Source    Event Log            Server          Server        Server
              Classification      Message Severity    Priority 1      Priority 2    Priority 3
                                  Error                 Major           Minor       Warning
                         High     Warning               Minor         Warning        Normal
                                  Information         Warning          Normal             -
                                  Error                 Minor         Warning       Warning
                         Mid      Warning             Warning          Normal             -
                                  Information          Normal             -               -
                                  Error               Warning         Warning             -
                         Low      Warning              Normal             -               -
                                  Information             -               -               -
                         Null     all                     -               -               -



4.4.1 Template Groups for Event Log Management
Technically, the mapping described above is provided by three groups of Logfile Templates per
Windows operating system version:

ITCWIN-NT4-CORE-P1
ITCWIN-NT4-CORE-P2
ITCWIN-NT4-CORE-P3

ITCWIN-W2K-CORE-P1
ITCWIN-W2K-CORE-P2
ITCWIN-W2K-CORE-P3

The Template conditions were created based on practical experience gained from ITC GmbH
systems management implementations. The tables below give an overview of this out-of-the-box
definit ion. These definitions can be modified

    a) by modification of the conditions
    b) by adding new conditions


4.4.2 Duplicate Message Suppression
To prevent message storms on the Management Server and protect the management database
against a lot of identical messages, all Logfile Templates for Event Log management are
configured with the option suppress duplicate output messages. The agent will send one single
message if a condition matches an Event Log entry. Messages on further identical Event Log
entries will be suppressed for an interval of 5 minutes.




                 Version:        A.01.10                                                         Page 34 of 47
                 File:           itcwin-a-01-10.pdf
                 Save Date:      24 February 2003
                 Print Date:     24 February 2003
ITC WinOS SPI A.01.10




4.4.3 Classification of Core Event Log Sources

Source                              Category Event Log     Classification
DrWatson                                     APPLICATION   High
LSA                                          SECURITY      High
Security                                     SECURITY      High
eventlog                                     SYSTEM        High
fs_rec                                       SYSTEM        High
Mup                                          SYSTEM        High
Ntfs                                         SYSTEM        High
SAM                                          SYSTEM        High
Save Dump                                    SYSTEM        High
Service Control Manager                      SYSTEM        High
SNMP                                         SYSTEM        High
SNMPTRAP                                     SYSTEM        High
System                                       SYSTEM        High
UPS                                          SYSTEM        High
Windows File Protection                      SYSTEM        High
Chkdsk                                       APPLICATION   Low
Ci                                           APPLICATION   Low
DiskQuota                                    APPLICATION   Low
File Deployment                              APPLICATION   Low
Folder Redirection                           APPLICATION   Low
Java VM                                      APPLICATION   Low
JET                                          APPLICATION   Low
LoadPerf                                     APPLICATION   Low
MsiInstaller                                 APPLICATION   Low
Oakley                                       APPLICATION   Low
Offline Files                                APPLICATION   Low
Perfmon                                      APPLICATION   Low
PerfNet                                      APPLICATION   Low
Snmpelea                                     APPLICATION   Low
SysmonLog                                    APPLICATION   Low
Userenv                                      APPLICATION   Low
Userinit                                     APPLICATION   Low
NetDDE Object                                SECURITY      Low
Serial                                       SYSTEM        Low
8514A                                        SYSTEM        Low
Beep                                         SYSTEM        Low
Bh                                           SYSTEM        Low
diskperf                                     SYSTEM        Low
El59x                                        SYSTEM        Low
EPC                                          SYSTEM        Low
Ftdisk                                       SYSTEM        Low


                 Version:      A.01.10                                      Page 35 of 47
                 File:         itcwin-a-01-10.pdf
                 Save Date:    24 February 2003
                 Print Date:   24 February 2003
ITC WinOS SPI A.01.10



i8042prt                                            SYSTEM        Low
inport                                              SYSTEM        Low
kbdclass                                            SYSTEM        Low
Modem                                               SYSTEM        Low
NTMS                                                SYSTEM        Low
NtServicePack                                       SYSTEM        Low
null                                                SYSTEM        Low
OSPF                                                SYSTEM        Low
OSPFMib                                             SYSTEM        Low
Qic117                                              SYSTEM        Low
qv                                                  SYSTEM        Low
redbook                                             SYSTEM        Low
s3                                                  SYSTEM        Low
Sap Agent                                           SYSTEM        Low
Simbad                                              SYSTEM        Low
Streams                                             SYSTEM        Low
TCPMon                                              SYSTEM        Low
weitekp9                                            SYSTEM        Low
Application                                         APPLICATION   Mid
Application Management                              APPLICATION   Mid
Autochk                                             APPLICATION   Mid
ntbackup                                            APPLICATION   Mid
Ntbackup.ini                                        APPLICATION   Mid
Perfctrs                                            APPLICATION   Mid
PerfDisk                                            APPLICATION   Mid
Perflib                                             APPLICATION   Mid
PerfOS                                              APPLICATION   Mid
PerfProc                                            APPLICATION   Mid
Software Installation                               APPLICATION   Mid
VBRuntime                                           APPLICATION   Mid
WinMgmt                                             APPLICATION   Mid
WSH                                                 APPLICATION   Mid
Alerter                                             SYSTEM        Mid
Application Popup                                   SYSTEM        Mid
disk                                                SYSTEM        Mid
MdgMPort                                            SYSTEM        Mid
msfs                                                SYSTEM        Mid
Netflx3                                             SYSTEM        Mid
npfs                                                SYSTEM        Mid
piixide                                             SYSTEM        Mid
PolicyAgent                                         SYSTEM        Mid
Schedule                                            SYSTEM        Mid
tdi                                                 SYSTEM        Mid
TermDD                                              SYSTEM        Mid
TermServDevices                                     SYSTEM        Mid


                 Version:      A.01.10                                  Page 36 of 47
                 File:         itcwin-a-01-10.pdf
                 Save Date:    24 February 2003
                 Print Date:   24 February 2003
ITC WinOS SPI A.01.10



TermService                                         SYSTEM        Mid
Various                                             SYSTEM        Mid
Wmi                                                 SYSTEM        Mid
EventSystem                                         APPLICATION   Null
EvntAgnt                                            APPLICATION   Null
HostMIBAgent                                        APPLICATION   Null
Network Monitor Driver                              APPLICATION   Null
PlugPlayManager                                     APPLICATION   Null
SclgNtfy                                            APPLICATION   Null
SpoolerCtrs                                         APPLICATION   Null
WebClassRuntime                                     APPLICATION   Null
Windows 3.1 Migration                               APPLICATION   Null
abiosdsk                                            SYSTEM        Null
aha154x                                             SYSTEM        Null
aic116x                                             SYSTEM        Null
aic78u2                                             SYSTEM        Null
aic78xx                                             SYSTEM        Null
ami0nt                                              SYSTEM        Null
Amsint                                              SYSTEM        Null
AsyncMac                                            SYSTEM        Null
Atapi                                               SYSTEM        Null
Atdisk                                              SYSTEM        Null
Ati                                                 SYSTEM        Null
Atirage3                                            SYSTEM        Null
buslogic                                            SYSTEM        Null
busmouse                                            SYSTEM        Null
cd20xrnt                                            SYSTEM        Null
cdaudio                                             SYSTEM        Null
Cdfs                                                SYSTEM        Null
Cdm                                                 SYSTEM        Null
Cdrom                                               SYSTEM        Null
changer                                             SYSTEM        Null
dac960nt                                            SYSTEM        Null
Digiboard                                           SYSTEM        Null
Fastfat                                             SYSTEM        Null
fd16_700                                            SYSTEM        Null
Fireport                                            SYSTEM        Null
flashpnt                                            SYSTEM        Null
flpydisk                                            SYSTEM        Null
ipsraidn                                            SYSTEM        Null
Isapnp                                              SYSTEM        Null
MacFile                                             SYSTEM        Null
MacPrint                                            SYSTEM        Null
mouclass                                            SYSTEM        Null
mraid35x                                            SYSTEM        Null


                 Version:      A.01.10                                   Page 37 of 47
                 File:         itcwin-a-01-10.pdf
                 Save Date:    24 February 2003
                 Print Date:   24 February 2003
ITC WinOS SPI A.01.10



msadlib                                             SYSTEM   Null
N100                                                SYSTEM   Null
ncrc710                                             SYSTEM   Null
Network Monitor                                     SYSTEM   Null
Paging File                                         SYSTEM   Null
parallel                                            SYSTEM   Null
Parport                                             SYSTEM   Null
Parvdm                                              SYSTEM   Null
Pci                                                 SYSTEM   Null
Pciide                                              SYSTEM   Null
Pcmcia                                              SYSTEM   Null
PnPISA                                              SYSTEM   Null
Print                                               SYSTEM   Null
PrintServer                                         SYSTEM   Null
Rdbss                                               SYSTEM   Null
Removable Storage Service                           SYSTEM   Null
SCardSvr                                            SYSTEM   Null
Schannel                                            SYSTEM   Null
scsiport                                            SYSTEM   Null
sermouse                                            SYSTEM   Null
Sfloppy                                             SYSTEM   Null
Sglfb                                               SYSTEM   Null
Sndblst                                             SYSTEM   Null
sparrow                                             SYSTEM   Null
StillImage                                          SYSTEM   Null
sym_hi                                              SYSTEM   Null
symc810                                             SYSTEM   Null
symc8xx                                             SYSTEM   Null
Udfs                                                SYSTEM   Null
ultra66                                             SYSTEM   Null
VgaSave                                             SYSTEM   Null
WAM                                                 SYSTEM   Null
Win32k                                              SYSTEM   Null
Xga                                                 SYSTEM   Null

4.4.4 Classification of Infra Event Log Sources

Source                              Category Event Log       Classification
TimeServ                                     APPLICATION     High
Winlogon                                     APPLICATION     High
COM+                                         APPLICATION     Low
hpmon                                        APPLICATION     Low
IPSECPolicyStorage                           APPLICATION     Low
LicenseService                               APPLICATION     Low
MSDTC                                        APPLICATION     Low


                 Version:      A.01.10                                        Page 38 of 47
                 File:         itcwin-a-01-10.pdf
                 Save Date:    24 February 2003
                 Print Date:   24 February 2003
ITC WinOS SPI A.01.10



MSDTC Client                                        APPLICATION              Low
Replication Monitor                                 APPLICATION              Low
Replicator                                          APPLICATION              Low
NTFRSPerf                                           APPLICATION              Mid
Rasctrs                                             APPLICATION              Mid
Tlntsvr                                             APPLICATION              Mid
WinsCtrs                                            APPLICATION              Mid
Atkctrs                                             APPLICATION              Null
Directory Service                                   Directory Service        High
NTDS Database                                       Directory Service        High
NTDS General                                        Directory Service        High
NTDS Inter-site Messaging                           Directory Service        High
NTDS ISAM                                           Directory Service        High
NTDS KCC                                            Directory Service        High
NTDS LDAP                                           Directory Service        High
NTDS MAPI                                           Directory Service        High
NTDS Replication                                    Directory Service        High
NTDS SAM                                            Directory Service        High
NTDS SDPROP                                         Directory Service        High
NTDS Security                                       Directory Service        High
NTDS Setup                                          Directory Service        High
NTDS XDS                                            Directory Service        High
DNS                                                 DNS Server               High
DNS Server                                          DNS Server               High
File Replication Service                            File Replication Service High
NtFrs                                               File Replication Service High
Dhcp                                                SYSTEM                   High
DNS                                                 SYSTEM                   High
Server                                              SYSTEM                   High
Srv                                                 SYSTEM                   High
Tcpip                                               SYSTEM                   High
W32Time                                             SYSTEM                   High
WINS                                                SYSTEM                   High
Distributed Link Tracking Client                    SYSTEM                   Low
Distributed Link Tracking Server                    SYSTEM                   Low
Dnsapi                                              SYSTEM                   Low
Dnscache                                            SYSTEM                   Low
IPBOOTP                                             SYSTEM                   Low
IPNATHLP                                            SYSTEM                   Low
IPRip                                               SYSTEM                   Low
IPRIP2                                              SYSTEM                   Low
IPRouterManager                                     SYSTEM                   Low
IPSEC                                               SYSTEM                   Low
LmHosts                                             SYSTEM                   Low
NDISLoop                                            SYSTEM                   Low


                 Version:      A.01.10                                              Page 39 of 47
                 File:         itcwin-a-01-10.pdf
                 Save Date:    24 February 2003
                 Print Date:   24 February 2003
ITC WinOS SPI A.01.10



NetDDE                                              SY STEM   Low
PptpMiniport                                        SYSTEM    Low
SimpTcp                                             SYSTEM    Low
Browser                                             SYSTEM    Mid
DCOM                                                SYSTEM    Mid
DfsDriver                                           SYSTEM    Mid
DfsSvc                                              SYSTEM    Mid
DLC                                                 SYSTEM    Mid
Nbt                                                 SYSTEM    Mid
ndis                                                SYSTEM    Mid
NdisWan                                             SYSTEM    Mid
NetBIOS                                             SYSTEM    Mid
NetBT                                               SYST EM   Mid
Netlogon                                            SYSTEM    Mid
RasAuto                                             SYSTEM    Mid
RasMan                                              SYSTEM    Mid
RASPPTP                                             SYSTEM    Mid
Rdr                                                 SYSTEM    Mid
Relay Agent                                         SYSTEM    Mid
RemoteAccess                                        SYSTEM    Mid
Router                                              SYSTEM    Mid
SIMPTCP                                             SYSTEM    Mid
Transport                                           SYSTEM    Mid
Workstation                                         SYSTEM    Mid
AppleTalk                                           SYSTEM    Null
IPX/SPX                                             SYSTEM    Null
IPXCP                                               SYSTEM    Null
IPXRIP                                              SYSTEM    Null
IPXRouterManager                                    SYSTEM    Null
IPXSAP                                              SYSTEM    Null
lp6nds35                                            SYSTEM    Null
NetWare Workstation                                 SYSTEM    Null
NetwareWorkstation                                  SYSTEM    Null
NWCWorkstation                                      SYSTEM    Null
NwlnkIpx                                            SYSTEM    Null
NwlnkNb                                             SYSTEM    Null
NwRdr                                               SYSTEM    Null
SMTPSVC                                             SYSTEM    Null




                 Version:      A.01.10                               Page 40 of 47
                 File:         itcwin-a-01-10.pdf
                 Save Date:    24 February 2003
                 Print Date:   24 February 2003
ITC WinOS SPI A.01.10




4.5 ITC WinOS SPI Resource and Performance Monitoring

Resource and Performance Monitoring (in ITC WinOS SPI A.01.10 only available for Windows
NT 4) requires the interpretation of values from various sources within the Windows NT 4
operating system. Therefore, a dedicated process, the ITC WinOS SPI Collector/Analyzer
(itcwinca.exe) is triggered on a regular basis by the OVO agent, controlled by an OVO
Monitor Template. On its run it collects values from Windows NT 4, and provides a set of
calculated metrics via the standard interface opcmon to the OVO Monitor Agent, which is in
charge of deciding on these metric values by thresholds configurable in a set of OVO Monitor
Templates.

The Monitor Template ITCWIN-PERF-05m starts the Collector/Analyzer by default as:

itcwinca –mon ITCWIN-PERF-05m –m 100-101,104,200,302,310-313,400-403

The option –mon ITCWIN-PERF-05m defines the monitor template to provide with a dummy
value, and must thus always be identical to the name of the Monitor Template that defines the
itcwinca call. If you would call itcwinca by using a Schedule Template (which you could do
if you like), this option would not be needed.

The list of numerical values defined by the –m option defines the metrics that are to be calculated
during this itcwinca run. You can thus set up multiple templates with itcwinca calls at
different monitor intervals, and collect different metrics in different time intervals.

The processing of metric values is defined by a range of external Monitor Templates. Naming
convention for these Monitor Templates is

         ITCWIN-MON-<4-digit metric number with leading zeros if necessary>

Note that the names of these Templates must not be changed, in order to allow for operation of
ITC WinOS SPI Resource and Performance Monitoring.

itcwinca among other sources uses Windows NT 4 Performance Objects and Counters (in this
text named “Perflib Counters” for short) to retrieve resource and performance data from 2. If your
Managed Node for some reason does not provide some Perflib Counters necessary to calculate
certain metrics, itcwinca would never report on this metrics. The table in 4.5.2 serves as a
reference to find out which Perflib Counters are necessary for which metric to be computed.


4.5.1 Use of the object Attribute
                               n
In cases of disks and network i terfaces, a typical Windows system can have multiple instances.
In order to be able to differentiate in monitoring between instances of monitored objects, the
OVO message attribute object is used to provide the instance identifier.

OVO Monitor Templates allow for conditions to match on this object message attribute.



2
    This is done via Microsoft’s Performance Data Helper (PDH) library.

                 Version:      A.01.10                                                 Page 41 of 47
                 File:         itcwin-a-01-10.pdf
                 Save Date:    24 February 2003
                 Print Date:   24 February 2003
ITC WinOS SPI A.01.10



The table in 4.5.2 shows how itcwinca sets the object attribute in the various multi-instance
cases. The colon-separated combination of hostname and instance identifier allows for adding
conditions that are either hostname-specific, instance-specific, or specific to a certain
combination of hostname and instance. As standard OVO pattern matching can be used in the
object field of the “match condition” part of condition configuration, it is also possible to have
certain conditions match on e.g. a range of hostnames, if your hostname naming conventions are
set up accordingly.

Let us have a look at an example: The standard Monitor Template condition in ITCWIN-MON-
0302 (monitoring free megabytes on logical disks) would report less than 250 megabytes
available for any logical disk in any Managed Node:

object                             threshold        severity   message text       actions…

^<@.hostname>:<@.drive> 250                         Warning    … Only             automatic
                                                               <$VALUE> MB        action:
                                                               free…              itodiag
                                                                                  /drives



The pattern matching scheme ^<@.hostname>:<@.drive> matches everything separated by
colon. The assignment of the strings to variables <hostname> and <drive> are only there for
your convenience. They can be used in message text and/or application calls. Also, they serve as
reminders to know which part of the expression is the hostname, and which is the drive
identifier.

You could add a very specific condition for drive E: on Managed Node AppSvr1, for example
(note that more specific conditions always have to be entered before more general conditions, in
order to work):

object                             threshold        severity   message text       actions…

^AppSvr1:E                         1000             Major      Application 1 out operator-
                                                               of space!         initiated action:
                                                                                 DEL some
                                                                                 temp files

^<@.hostname>:<@.drive> 250                         Warning    … Only             auto-action:
                                                               <$VALUE> MB        itodiag
                                                               free…              /drives



Or, you could add a condition matching only C: drives on all Managed Nodes (hint: $ ties the
matching pattern to the line end):

object                             threshold        severity   message text       actions…

^AppSvr1:E                         1000             Major      Application 1 out operator-
                                                                                 initiated action:


                 Version:      A.01.10                                                 Page 42 of 47
                 File:         itcwin-a-01-10.pdf
                 Save Date:    24 February 2003
                 Print Date:   24 February 2003
ITC WinOS SPI A.01.10



                                                               of space!          DEL some
                                                                                  temp files

C$                                 100              Warning    … Only             auto-action:
                                                               <$VALUE> MB        itodiag
                                                               free…              /drives

^<@.hostname>:<@.drive> 250                         Warning    … Only             auto-action:
                                                               <$VALUE> MB        itodiag
                                                               free…              /drives



If all of your application servers have host names like AppSvr<number>, you could match all
drives besides the C: drives on these servers by:

object                             threshold        severity   message text       actions…

^AppSvr<#>:<![C]>                  1000             Major      Application out of operator-
                                                               space!             initiated action:
                                                                                  DEL some
                                                                                  temp files

^AppSvr1:E                         1000             Major      Application 1 out operator-
                                                               of space!         initiated action:
                                                                                 DEL some
                                                                                 temp files

C$                                 100              Warning    … Only             auto-action:
                                                               <$VALUE> MB        itodiag
                                                               free…              /drives

^<@.hostname>:<@.drive> 250                         Warning    … Only             auto-action:
                                                               <$VALUE> MB        itodiag
                                                               free…              /drives



Of course, you could still assign the matched values to variables, like in:
^<[AppSvr<#>].hostname>:<[<![C]>].drive>, which has been omitted from the tables
in order not to clutter them.




                 Version:      A.01.10                                                  Page 43 of 47
                 File:         itcwin-a-01-10.pdf
                 Save Date:    24 February 2003
                 Print Date:   24 February 2003
ITC WinOS SPI A.01.10




4.5.2 Metrics Provided by ITC WinOS SPI Collector/Analyzer
Metric Template Name     Description              Windows NT Perflib Counters Used for Content of object
                                                  Metric Calculation                   Attribute
100   ITCWIN-MON-0100 Available Megabytes in      \\Memory\\Available Bytes            <hostname>:[applserver
                      Physical Memory                                                  |fileserver]
101   ITCWIN-MON-0101 Virtual Memory Percent Used \\Memory\\% Committed Bytes In Use   unused
104   ITCWIN-MON-0104 Percent Disk Access Time for \\LogicalDisk(<Disk with Paging File>)\\Avg. unused
                      Paging                       Disk sec/Transfer
                                                   \\Memory\\Pages/sec
200   ITCWIN-MON-0200 CPU Utilization              \\System\\% Total Processor Time             unused
300   ITCWIN-MON-0300 Logical Disk Percent Free   \\LogicalDisk(_INSTANCE_)\\Free Megabytes <hostname>:<upper case
                      Space                                                                 drive letter>
301   ITCWIN-MON-0301 Logical Disk Percent Used   \\LogicalDisk(_INSTANCE_)\\Free Megabytes <hostname>:<upper case
                                                                                            drive letter>
302   ITCWIN-MON-0302 Logical Disk Free Megabytes \\LogicalDisk(_INSTANCE_)\\Free Megabytes <hostname>:<upper case
                                                                                            drive letter>
303   ITCWIN-MON-0303 Logical Disk Used Megabytes \\LogicalDisk(_INSTANCE_)\\Free Megabytes <hostname>:<upper case
                                                                                            drive letter>
310   ITCWIN-MON-0310 Physical Disk % Disk Time   \\PhysicalDisk(_INSTANCE_)\\% Disk Time <hostname>:<numeric disk
                                                                                            instance>
311   ITCWIN-MON-0311 Physical Disk Queue Length \\PhysicalDisk(_INSTANCE_)\\Avg. Disk      <hostname>:<numeric disk
                                                  Queue Length                              instance>
312   ITCWIN-MON-0312 Physical Disk               \\LogicalDisk(_INSTANCE_)\\Avg. Disk      <hostname>:<numeric disk
                      Seconds/Transfer            sec/Transfer                              instance>
313   ITCWIN-MON-0313 Physical Disk Bottleneck    \\PhysicalDisk(_INSTANCE_)\\% Disk Time <hostname>:<numeric disk
                      suspected                   \\PhysicalDisk(_INSTANCE_)\\Avg. Disk     instance>
                                                  Queue Length
400   ITCWIN-MON-0400 TCP % Segments              \\TCP\\Segments Sent/sec                  <hostname>
                      Retransmitted/sec           \\TCP\\Segments Retransmitted/sec

401   ITCWIN-MON-0401 Redirector Current             \\Redirector\\Current Commands             <hostname>
                      Commands Per Interface         \\Network Interface(_INSTANCE_)

402   ITCWIN-MON-0402 Network Interface Output       \\Network Interface(_INSTANCE_)\\Ouput     <hostname>:<numeric
                      Queue Length                   Queue Length                               interface instance>
403   ITCWIN-MON-0403 Network Interface %            \\Network Interface(_INSTANCE_)\\Bytes     <hostname>:<numeric
                      Utilization                    Total/sec                                  interface instance>
                                                     \\Network Interface(_INSTANCE_)\\Current
                                                     Bandwidth
                                                     \\Network Interface(_INSTANCE_)\\Bytes




                 Version:          A.01.10                                                               Page 44 of 47
                 File:             itcwin-a-01-10.pdf
                 Save Date:        24 February 2003
                 Print Date:       24 February 2003
ITC WinOS SPI A.01.10




4.6 ITC WinOS SPI Service and Driver Monitoring
The monitor program itcwinmon.exe provided by ITC WinOS SPI allows for monitoring
services, drivers, and processes.

4.6.1 Service Monitoring
By default, itcwinmon is able to monitor all Windows services configured with start mode
automatic. If one of these services is not running, a message appears in the OVO message
browser. The operator-initiated action (net start <Service Name>) allows for manual re-start
of the failed service. After performing the action, the output of the action will be written to the
annotation of the message.

The Monitor Template ITCWIN-MON-Service-Down is used to start the monitor program
itcwinmon and trigger on services that are not running. A second, external Monitor Template
ITCWIN-MON-Service-Up is used to trigger on services running again. If the operator-initiated
action was finished successfully, the message “service <service name> is down” will be
acknowledged automatically.

By using OVO Smart Message Correlation (Message Key used in ITCWIN-MON-Service-Down
is ITCWIN-0720.1:<$MSG_NODE_NAME>:<$MSG_OBJECT>) “service down” messages are
automatically acknowledged by “service up” messages concerning the same service.

4.6.2 Driver Monitoring
When called with option -d, itcwinmon is able to monitor all Windows drivers configured with
startup mode automatic. If one of these drivers is not running, a message appears in the OVO
message browser.

The Monitor Template ITCWIN-MON-Driver-Down is used to start the monitor program
itcwinmon and trigger on drivers that are not running. A second, external Monitor Templa te
ITCWIN-MON-Driver-Up is used to trigger on drivers running again.

By using OVO Smart Message Correlation (Message Key used in ITCWIN-MON-Driver-Down
is ITCWIN-0710.1:<$MSG_NODE_NAME>:<$MSG_OBJECT>) “driver down” messages are
automatically acknowledged by “service up” messages concerning the same driver.


4.6.3 Process Monitoring
The call itcwinmon –p <process name> allows monitoring a single process. If the process
specified by <process name> is not running, itcwinmon sends a message (via opcmsg())
to the OVO message browser.




                 Version:      A.01.10                                                 Page 45 of 47
                 File:         itcwin-a-01-10.pdf
                 Save Date:    24 February 2003
                 Print Date:   24 February 2003
ITC WinOS SPI A.01.10




4.7 ITC WinOS SPI Dr. Watson Process Monitoring
“Dr. Watson” is the Windows standard debugger process that takes care of handling crashing
processes/applications on Windows NT 4 and Windows 2000. A dump of the process’s stack and
other debug information is written to a Dr. Watson log file. The location of this log file can be
configured (by calling drwtsn32.exe manually on the managed system), its default value
depends on the operating system version.

Oftentimes, after or while handling process exceptions, Dr. Watson processes are known to hog
CPU, which adversely influences system performance.

In order to prevent this effect, ITC WinOS SPI Dr. Watson Process Monitoring scans the Dr.
Watson log file directory for a new Dr. Watson log file. After a timeout (by default 2 seconds;
user-configurable ), ensuring that writing to the Dr. Watson log file can finish, the Dr. Watson
process, if still running, is killed. Accessing the process table and killing the process are
performed by using standard Windows API functions.

For this purpose, every 5 minutes (user-configurable ) itckillwat.exe <timeout> is
triggered by Schedule Template ITCWIN-DRWATSON-05m. A corresponding message is sent to
OVO via the opcmsg(3) Message API . It can be further customized by OVO condition “Dr
Watson occurred” in Message Template ITCWIN-MSG-opcmsg(1|3) to best suit user’s
needs.

itckillwat.exe appends the newly found Dr. Watson log file to drwtsn32_hist.log. This
Dr. Watson history log file allows you to later use the debug information.

The message sent contains Dr. Watson process ID (“pid”), and log file path, example:

“Killed process: DRWTSN32.EXE with pid: 2284 (D:\WINNT\Profiles\All
Users\Documents\DrWatson\drwtsn32.log)”

An automatic action outputs the new Dr. Watson log file to the message annotations (type) and
eventually deletes (del) the log file, in order to prepare for the next Dr. Watson run. For your
later troubleshooting endeavours, you find the log file contents both in the OVO message
annotations, and in drwtsn32_hist.log on the managed system.




                 Version:      A.01.10                                                 Page 46 of 47
                 File:         itcwin-a-01-10.pdf
                 Save Date:    24 February 2003
                 Print Date:   24 February 2003
ITC WinOS SPI A.01.10




4.8 ITC WinOS SPI Hardware Manager Integration

4.8.1 Compaq Insight Manager
The Trap Template ITCWIN-TRP-Compaq480 provides conditions for all SNMP traps defined by
Compaq Insight Manager up to version 4.80. Every Compaq message generated provides as
operator-initiated action the possibility to directly launch from the OVO Java GUI the web GUI to
connect to the Compaq Insight Manager XE agent on the respective Managed Node.




                 Version:      A.01.10                                               Page 47 of 47
                 File:         itcwin-a-01-10.pdf
                 Save Date:    24 February 2003
                 Print Date:   24 February 2003

				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:36
posted:2/23/2011
language:English
pages:47
Description: Itc Templates document sample