Windows Operations Agent User Guide

1.6 VMC-WAD VISUAL Message Center Windows Operations Agent User Guide The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement.

Document date: August 2012

Document version: 2.31

Product version: 1.6

No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language or computer language, in any form or by any means, electronic mechani- cal, magnetic, optical, chemical, manual, or otherwise, without the prior written permission of Tango/04.

Trademarks Any references to trademarked product names are owned by their respective companies.

Technical Support For technical support visit our web site at www.tango04.com.

Tango/04 Computing Group S.L. Avda. Meridiana 358, 5 A-B Barcelona, 08027 Spain

Tel: +34 93 274 0051 Table of Contents

Table of Contents

Table of Contents...... iii How to Use this Guide...... x

Chapter 1

Introduction ...... 1

1.1. What You Will Find in this User Guide...... 2

Chapter 2

Configuration ...... 3

2.1. Monitor Configuration...... 3 2.2. Data Source Configuration...... 5 2.2.1. Main Information ...... 5 2.2.2. General settings...... 6 2.2.3. Target host settings...... 6 2.3. WMI and API...... 7 2.4. WMI Security Settings...... 8 2.4.1. Windows 2000, XP SP1, and Windows 2003 Server (no Service Pack) ..8 2.4.2. Windows XP SP2, 2003 Server SP1 and Later Versions ...... 10 2.4.3. Windows Firewall Configuration...... 14 2.4.4. WMI Security Recommendations...... 15

Chapter 3

Windows Health - Introduction...... 16

3.1. Windows Health Common Settings ...... 16 3.1.1. Data Source Configuration ...... 16 3.1.2. Monitor Configuration...... 17 3.2. Variables ...... 17 3.3. Field Map SmartConsole – ThinkServer ...... 20

Chapter 4

Windows Health ThinAgents ...... 22

4.1. CPU Usage ...... 22 4.1.1. Default Health Script ...... 22 4.1.2. ThinAgent Variables...... 22 4.2. CPU Queue Length...... 23 4.2.1. Default Health Script ...... 23 4.2.2. ThinAgent Variables...... 23 4.3. Max Disk Usage...... 24 4.3.1. Default Health Script ...... 24 4.3.2. ThinAgent Variables...... 24 4.4. Min Disk Free Space...... 24 4.4.1. Default Health Script ...... 24 4.4.2. ThinAgent Variables...... 25 4.5. Physical Memory...... 25 4.5.1. Default Health Script ...... 25 4.5.2. ThinAgent Variables...... 25 4.6. Virtual Memory...... 26 4.6.1. Default Health Script ...... 26 4.6.2. ThinAgent Variables...... 26 4.7. Page Faults...... 26 4.7.1. Default Health Script ...... 27 4.7.2. ThinAgent Variables...... 27 4.8. Processes ...... 27 4.8.1. Default Health Script ...... 27 4.8.2. ThinAgent Variables...... 28 4.9. CPU Abusers ...... 28 4.9.1. Default Health Script ...... 28 4.9.2. ThinAgent Variables...... 28 4.10. Memory Abusers...... 29 4.10.1. Default Health Script ...... 29 4.10.2. ThinAgent Variables...... 29 4.11. Threads...... 29 4.11.1. Default Health Script ...... 29 4.11.2. ThinAgent Variables...... 30 4.12. Busiest Network Interface ...... 30 4.12.1. Default Health Script ...... 30 4.12.2. ThinAgent Variables...... 30 4.13. Longest Network Interface Queue ...... 31

4.13.1. Default Health Script ...... 31 4.13.2. ThinAgent Variables...... 31 4.14. Network Interface Outbound Errors ...... 31 4.14.1. Default Health Script ...... 31 4.14.2. ThinAgent Variables...... 32 4.15. Network Interface Received Errors ...... 32 4.15.1. Default Health Script ...... 32 4.15.2. ThinAgent Variables...... 32 4.16. Registry Quota ...... 33 4.16.1. Default Health Script ...... 33 4.16.2. ThinAgent Variables...... 33 4.17. Printed Pages ...... 33 4.17.1. Default Health Script ...... 33 4.17.2. ThinAgent Variables...... 33 4.18. Up Time ...... 34 4.18.1. Default Health Script ...... 34 4.18.2. ThinAgent Variables...... 34 4.19. Generic ...... 34

Chapter 5

Windows Lightweight – Introduction ...... 35

5.1. Configuration...... 35 5.1.1. Main Information ...... 36 5.1.2. General settings...... 36 5.1.3. Target host settings...... 36

Chapter 6

Windows Lightweight – ThinAgents...... 38

6.1. Lightweight CPU ...... 38 6.1.1. Default Health Script ...... 38 6.1.2. ThinAgent Variables...... 38 6.1.3. Field Map SmartConsole – ThinkServer ...... 39 6.2. Lightweight Disks ...... 39 6.2.1. Default Health Script ...... 40 6.2.2. ThinAgent Variables...... 40 6.2.3. Field Map SmartConsole – ThinkServer ...... 41 6.3. Lightweight Environment Variables...... 42 6.3.1. Default Health Script ...... 42 6.3.2. ThinAgent Variables ...... 42 6.3.3. Field Map SmartConsole – ThinkServer ...... 43 6.4. Lightweight Event Log...... 43 6.4.1. Default Health Script ...... 43 6.4.2. ThinAgent Variables ...... 44

6.4.3. Field Map SmartConsole – ThinkServer ...... 47 6.5. Lightweight Memory...... 47 6.5.1. Default Health Script ...... 47 6.5.2. ThinAgent Variables ...... 47 6.5.3. Field Map SmartConsole – ThinkServer ...... 48 6.6. Lightweight Network Connections...... 49 6.6.1. Default Health Script ...... 49 6.6.2. ThinAgent Variables ...... 49 6.6.3. Field Map SmartConsole – ThinkServer ...... 51 6.7. Lightweight Page Files ...... 52 6.7.1. Default Health Script ...... 52 6.7.2. ThinAgent Variables ...... 52 6.7.3. Field Map SmartConsole – ThinkServer ...... 53 6.8. Lightweight Shares ...... 53 6.8.1. Default Health Script ...... 53 6.8.2. ThinAgent Variables ...... 53 6.8.3. Field Map SmartConsole – ThinkServer ...... 54

Chapter 7

File System ...... 56

7.1. File size and Properties ...... 56 7.1.1. Monitor Configuration...... 56 7.1.2. Monitor Settings ...... 57 7.1.3. Default Health Script ...... 58 7.1.4. ThinAgent Variables...... 58 7.1.5. Field Map SmartConsole – ThinkServer ...... 61 7.2. Folder File Count ...... 61 7.2.1. Data Source Configuration...... 62 7.2.2. Monitor Configuration...... 63 7.2.3. Default Health Script ...... 63 7.2.4. ThinAgent Variables...... 63 7.2.5. Field Map SmartConsole – ThinkServer ...... 64 7.3. Folder Size ...... 64 7.3.1. Monitor Configuration ...... 64 7.3.2. Default Health Script ...... 64 7.3.3. ThinAgent Variables...... 65 7.3.4. Field Map SmartConsole – ThinkServer ...... 65 7.4. Folder Size Increase ...... 65 7.4.1. Monitor Configuration ...... 65 7.4.2. Default Health Script ...... 65 7.4.3. ThinAgent Variables...... 65 7.4.4. Field Map SmartConsole – ThinkServer ...... 66 7.5. Folder Size Percent Increase...... 66 7.5.1. Monitor Configuration ...... 66 7.5.2. Default Health Script ...... 66 7.5.3. ThinAgent Variables...... 66 7.5.4. Field Map SmartConsole – ThinkServer ...... 66

7.6. Large Files ...... 67 7.6.1. Data Source Configuration...... 67 7.6.2. Default Health Script ...... 68 7.6.3. ThinAgent Variables...... 68 7.6.4. Field Map SmartConsole – ThinkServer ...... 68 7.7. Remote Folder File Count...... 69 7.7.1. Data Source Configuration...... 69 7.7.2. Monitor Configuration...... 70 7.7.3. Default Health Script ...... 70 7.7.4. ThinAgent Variables...... 71 7.7.5. Field Map SmartConsole – ThinkServer ...... 71 7.8. Remote Folder Size ...... 71 7.8.1. Monitor Configuration ...... 71 7.8.2. Default Health Script ...... 71 7.8.3. ThinAgent Variables...... 72 7.8.4. Field Map SmartConsole – ThinkServer ...... 72 7.9. Remote Folder Size Increase ...... 72 7.9.1. Monitor Configuration ...... 72 7.9.2. Default Health Script ...... 72 7.9.3. ThinAgent Variables...... 73 7.9.4. Field Map SmartConsole – ThinkServer ...... 73 7.10. Remote Folder Size Percent Increase ...... 73 7.10.1. Monitor Configuration ...... 73 7.10.2. Default Health Script ...... 73 7.10.3. ThinAgent Variables...... 74 7.10.4. Field Map SmartConsole – ThinkServer ...... 74 7.11. Remote Large Files...... 74 7.11.1. Data Source Configuration...... 74 7.11.2. Default Health Script ...... 75 7.11.3. ThinAgent Variables...... 75 7.11.4. Field Map SmartConsole – ThinkServer ...... 76

Chapter 8

Performance...... 77

8.1. Network Interfaces Usage...... 77 8.1.1. Monitor Configuration...... 77 8.1.2. Default Health Script ...... 77 8.1.3. ThinAgent Variables...... 78 8.1.4. Field Map SmartConsole – ThinkServer ...... 79 8.2. Physical Disk Transfer Rate...... 80 8.2.1. Monitor Configuration...... 80 8.2.2. Default Health Script ...... 80 8.2.3. ThinAgent Variables...... 81 8.2.4. Field Map SmartConsole – ThinkServer ...... 83

Chapter 9

Processes ...... 84

9.1. Windows Processes...... 84 9.1.1. Monitor Configuration...... 84 9.1.2. Default Health Script ...... 85 9.1.3. ThinAgent Variables...... 85 9.1.4. Field Map SmartConsole – ThinkServer ...... 89 9.2. Windows Single Processes...... 90 9.2.1. Monitor Configuration...... 91 9.2.2. Default Health Script ...... 91 9.2.3. ThinAgent Variables...... 92 9.2.4. Field Map SmartConsole – ThinkServer ...... 95 9.3. Windows Process Groups ThinAgent ...... 96 9.3.1. Monitor Configuration...... 96 9.3.2. Default Health Script ...... 97 9.3.3. ThinAgent Variables...... 97 9.3.4. Field Map SmartConsole – ThinkServer ...... 100

Chapter 10

Scheduled Tasks...... 101

10.1. Monitor Configuration ...... 101 10.1.1. Variables definition ...... 101 10.2. Default Health Script ...... 102 10.3. ThinAgent Variables...... 102 10.4. Field Map SmartConsole – ThinkServer ...... 103

Chapter 11

Services ...... 104 11.0.1. ThinAgent Variables...... 104 11.1. Automatic Services ...... 106 11.1.1. Monitor Configuration...... 106 11.1.2. Default Health Script ...... 107 11.1.3. ThinAgent Variables...... 107 11.1.4. Field Map SmartConsole – ThinkServer ...... 107 11.2. Windows Services...... 108 11.2.1. Monitor Configuration...... 108 11.2.2. Default Health Script ...... 109 11.2.3. ThinAgent Variables...... 109 11.2.4. Field Map SmartConsole – ThinkServer ...... 109 11.3. Windows Single Services ...... 110 11.3.1. Monitor Configuration...... 110

11.3.2. Default Health Script ...... 111 11.3.3. ThinAgent Variables...... 111 11.3.4. Field Map SmartConsole – ThinkServer ...... 111 11.4. Extended Services ...... 112 11.4.1. Monitor Configuration...... 112 11.4.2. Default Health Script ...... 113 11.4.3. ThinAgent Variables...... 113 11.4.4. Field Map SmartConsole – ThinkServer ...... 117 11.5. Services Not Responding ...... 117 11.5.1. Monitor Configuration...... 117 11.5.2. Default Health Script ...... 118 11.5.3. ThinAgent Variables...... 118 11.5.4. Field Map SmartConsole – ThinkServer ...... 118

Chapter 12

Terminal Services...... 120

12.1. Terminal Services Number of Sessions...... 120 12.1.1. Monitor Configuration...... 120 12.1.2. Default Health Script ...... 121 12.1.3. ThinAgent Variables...... 121 12.1.4. Field Map SmartConsole – ThinkServer ...... 121 12.2. Terminal Services Sessions Performance ...... 122 12.2.1. Monitor Configuration...... 122 12.2.2. Default Health Script ...... 122 12.2.3. ThinAgent Variables...... 122 12.2.4. Field Map SmartConsole – ThinkServer ...... 126

Chapter 13

Windows Advanced...... 128

Appendices

Appendix A: WMI Queries for the Windows Health ThinAgent...... 129

Appendix B: Granting Non-Admin User Permissions on a Specific  Service...... 132 B.1. Windows Server 2003 ...... 132 B.2. Windows Server 2008 ...... 135 B.3. Check for Permission Changes ...... 138

Appendix C: Contacting Tango/04...... 139

About Tango/04 Computing Group ...... 141 Legal Notice...... 142

How to Use this Guide

This chapter explains how to use Tango/04 User Guides and understand the typographical conventions used in all Tango/04 documentation.

Typographical Conventions The following conventional terms, text formats, and symbols are used throughout Tango/04 printed documentation:

Convention Description

Boldface Commands, on-screen buttons and menu options.

Blue Italic References and links to other sections in the manual or further documentation containing relevant information.

Italic Text displayed on screen, or variables where the user must substitute their own details.

Monospace Input commands such as System i commands or code, or text that users must type in. Keyboard keys, such as CTRL for the Control key and F5 for the UPPERCASE function key that is labeled F5.

Notes and useful additional information.

Tips and hints that will improve the users experience of working with this product.

Important additional information that the user is strongly advised to note.

Warning information. Failure to take note of this information could potentially lead to serious problems.

Chapter 1 1 Introduction

VISUAL Message Center offers a full range of monitoring capabilities for one or several Windows Servers, including:

• Windows NT Server1

• Windows 2000 Server

• Windows 2003 Server

• Windows 2008 Server

And their derivative families (Enterprise, DataCenter Editions, etc.)

In addition, VISUAL Message Center helps you monitor workstations running most Windows desktop operating systems, such as Windows 2000 Professional and Windows XP, Windows Vista and Windows 7. VISUAL Message Center will help you monitor the availability, health and security of most Microsoft and non-Microsoft products, including leading databases such as Microsoft SQL Server, IBM DB2, and Oracle databases; and even applications running across different platforms, including Unix, Linux, and OS/400; network equipment, and other devices.

Our solution’s wide range of monitoring capabilities includes control and management of:

• Windows Server Availability

• Windows Performance

• Windows Security, Regulatory Compliance and Auditing

• Business Services that use Microsoft operating systems as a critical component

VISUAL Message Center uses several technologies to proactively alert IT Directors, Operators, Database Administrators (DBAs), technical staff, and even Line of Business managers of events and potentially dangerous trends before that they become a problem.

The exclusive features of the VISUAL Message Center SmartConsole provide a unique way to easily model business services and understand the impact of a failure on each affected service.

VISUAL Message Center provides unlimited ways to consolidate events and metrics coming from different environments, infrastructure elements, applications and platforms. As a result, it is a valuable

1. Many Windows Operations ThinAgents are based on WMI classes. Because not all WMI Classes are available on Windows NT machines, a number of ThinAgents will not work on a Windows NT Machine. For example Windows NT cannot retrieve most performance data.

solution that enables the implementation of Business Service Management (BSM) strategies in companies of practically any size and sector, helping them achieve the strictest Service Level Agreements (SLAs). 1.1 What You Will Find in this User Guide

This User Guide describes the purpose of each Windows Operations ThinAgent and any variables that are pre-configured for a particular Windows Operations ThinAgent. It also explains the minimum configuration settings required to run a particular Windows Operations monitor. For a full description of VISUAL Message Center ThinkServer functionality see the VISUAL Message Center ThinkServer User Guide.

The introduction chapter covers the basic purpose of the Windows Operations Agent and the common configuration of data sources and monitors.

The following chapters give a detailed description of the different ThinAgents, the default configuration and the variables important to each ThinAgent. You can use these variables to set Health conditions, configure actions, create templates, and send messages to the SmartConsole. There are also a number of generic variables available to all ThinAgents, which are described in the VISUAL Message Center ThinkServer User Guide.

Furthermore you will find a field map for each Windows operations ThinAgent describing the values as they appear in the SmartConsole and ThinkServer.

Chapter 2 2 Configuration

2.1 Monitor Configuration

The monitor configuration of the Windows Services, Processes and Health ThinAgents is quite straightforward. Besides the data source configuration, discussed below, you only need to add a name and description for the monitor, along with a few key values such as the service or process you want to monitor, and user ID and domain information where required.

For example, say you want to monitor the service for network connections. You will need to enter a name and description of the windows services monitor and the name of the service you want to monitor.

Note Use the service name not the display name here. This example is illustrated in Figure 1.

Figure 1 – Configuration of Windows Services monitor

Another example illustrates the configuration of a Windows Processes monitor. Here we will show you how to configure the monitor of the Windows Process Internet explorer. Again enter a name and description for the monitor. Then add the windows process settings:

• Domain: Enter the domain of the connection to filter for. If you use * all domains will be included.

• User: Enter the user who started process you want to filter for. If you use * all users will be included.

• Process: Make the most out of his monitor by entering the individual Windows Process(es) you want to monitor here.

You can make a list of multiple processes separated by commas. You can also use the wildcards * and ? to create your list of processes.

To find the names of other windows processes, go to your task manager and select the process tab.

To monitor all windows processes simply enter *. Note that you can use wildcards * and ?.

Figure 2 shows the Process monitor configuration according to our example

Figure 2 – Configuration of a Windows Processes monitor

The Windows Advanced and Lightweight ThinAgents have a slightly more elaborate configuration. You will find a second tab in the Monitor Configuration Window where you can indicate what ThinAgent specific variables you would like to monitor. Here you can also add a filter mask to help narrow down the data you retrieve.

For example let’s say you want to monitor User Accounts that are predicted to fail in the near future. Open the Windows Advanced ThinAgent Accounts and enter the monitor name and description in the General tab. Then click the Variables Definition tab to select the variables you want to retrieve for this monitor and add the filter mask for the Pred Fail accounts. With this configuration Python will evaluate each account in Pred Fail state, and only these accounts.

Figure 3 illustrates this example.

Figure 3 – Windows Advanced monitor configuration

Configuration of the Windows Lightweight monitors is very similar to the example above. 2.2 Data Source Configuration

The Data Source Configuration variables are the same for Windows Services, Processes, Health and Lightweight ThinAgents. The General Variables come pre-configured according to best practice and values will vary from ThinAgent to ThinAgent.

When you create a new monitor please check that these settings are appropriate for your purposes and, if necessary, you can change the settings. Remember that any changes made to shared data sources will have immediate effect on all monitors connected to it. 2.2.1 Main Information

Configuration Variables & Values Description

Name of the data Use the default provided or enter a new name source, for example for the data source. Name “Windows General Tip: add the host name you are monitoring to Health DataSource” help quickly identify where problems occur.

Description Enter a description of the data source

2.2.2 General settings

Configuration Variables & Values Description

The data source will be refreshed every 60 Refresh time 60 seconds seconds. If we detect an error we determine that we will Number of tries 2 retry two times...

Interval between tries 10 seconds ...And that we will retry after 10 seconds.

In the case that errors exceed the number specified in Number of Tries (in this case more Error retry time 60 seconds than once), we will wait for 60 seconds before starting the recollection process check again.

2.2.3 Target host settings

Configuration Variables & Values Description

You can enter the IP Address or use the DNS IP / DNS Name name of the host.

Domain Host domain.

User User to connect to host with.

Password to connect Password of the user connecting to the host.

Configuration of the Windows Advanced monitors is slightly more complicated. When you open the data source configuration you will see General Settings as described above and a second tab called Advanced Settings. Here you can see which WMI query executes on your system when this monitor is running. In the Where field you can enter conditions to reduce the number of values retrieved by this monitor. The idea of applying such a filter to a data source is to reduce the amount of data to retrieve and send to the ThinkServer.

For example, to monitor a specific user account, open the Windows Advanced ThinAgent User Account. After setting the general settings open the tab Advanced Settings. You will see the WMI Query that is run for this monitor. To narrow the data retrieved by this monitor to a particular user enter a where clause in the bottom half of the window. For this example enter where name = ‘Test’ to retrieve data only for the user test. With this configuration only the data for the user Test is sent to the ThinkServer instead of the information for all users on the system.

Figure 4 below illustrates this example.

Figure 4 – Configuration of advanced settings in a Windows Advanced monitor

Note In filtering information at data source level there is a fine line between cutting out excess information to the maximum and still retrieving sufficient information for your monitoring purposes. Make sure you are not filtering out relevant information in the process, leaving you with a speedy monitor that retrieves “nothing” in practical terms)

Note The advanced settings are intended for users with advanced knowledge of WMI technology

Important Make sure conditions are correct, as the monitor may not work with an invalid configuration.

2.3 WMI and API

Most Windows Operations ThinAgents use WMI and it is important to set WMI Security as described in section 2.4 - WMI Security Settings below.

However, there are a number of ThinAgents that use API and run on the same machine as the ThinkServer. For these ThinAgents user authentication must be valid for both the local and the remote machine. Examples of ThinAgents that use API in stead of WMI:

• Local FileSystem ThinAgents. To monitor files or folders on the remote machine, these files and folders must be shared on the monitored remote machine and the user must have access to these folders from the machine running ThinkServer.

• Scheduled Task ThinAgents. To monitor scheduled tasks on a remote machine the user authentication must be valid on both machines. Also the user must have permission to access to the scheduled tasks on the remote machine.

• Windows Security Agent. To monitor the Windows Event Log using API, instead of using WMI or the Automatic mode, the user authentication must be valid on both the local and the remote machines. Also the user must have permission to access the Windows Event Log on the remote machine. For details see the Windows Security Agent User Guide.

Note By default, Security ThinAgents/EventLog use WMI to monitor remote computers. The above information only applies when the data source is changed to use API.

2.4 WMI Security Settings

To make WMI connections to a remote system, network access to this system needs to be granted. Once the connection with remote host is possible we will focus on authorization issues.

WMI uses DCOM to get information from remote hosts. To reach DCOM make sure that TCP ports 135 and 445 are open on the system that you will monitor with ThinkServer. In addition the dynamic ports used by svchost.exe and winmgmt.exe (for Windows 2000 only) must be open. If a firewall is enabled on the remote system include these permissions to the list of exceptions. When using the Windows Firewall go to Windows Firewall Configuration section.

By default, all members of the Administrators group have full control of the WMI services on the computer that is being managed. All others have read/write/execute permissions on their local computer only. So, by default, any user can run queries on the localhost and only an administrator of the target host can perform remote queries. If one of these situations matches your needs there should be no problem.

If your enterprise security policy does not allow the use of administrator accounts, some changes are needed to give standard users access rights to your systems.

Access to WMI is based on the namespace, where each namespace has its own security settings. The namespace we use, and where all information related to the operating system can be found, is root\cimv2.

With new Service Pack releases some changes are required to keep monitoring the same systems with standard users. This section is intended for first time installations and installations affected by these changes in operating system security policies. 2.4.1 Windows 2000, XP SP1, and Windows 2003 Server (no Service Pack)

On this group of systems, the following user permissions are required to perform WMI queries to the root\cimv2 namespace on localhost:

• Execute Methods

• Enable Account

The following profile is required to perform WMI queries to the root\cimv2 on a remote host. Note that this configuration applies to target host.

• Execute Methods

• Enable Account

• Remote Enable

To change these properties you can use wmimgmt.msc (in properties, security tab) in each system: Step 1. Right click on WMI Control and click Properties

Figure 5 – Windows Management Infrastructure

Step 2. In the Security tab, select the CIMV2 namespace and click the Security button.

Figure 6 – WMI Control (Local) Properties

Step 3. Select the permissions Allow check boxes for:

• Execute Methods

• Enable Account and

• Remote Enable

Step 4. Click OK to add the user.

Figure 7 – Select permissions for the user

The following list shows the permissions available on each WMI namespace for each user or group:

• Execute Methods: Permits methods that are exported from the WMI classes or instances to be run.

• Full Write: Permits full read, write, and delete access to all WMI objects, classes, and instances.

• Partial Write: Permits write access to static WMI objects.

• Provider Write: Permits write access to objects that are provided by the provider.

• Enable Account: Permits read access to WMI objects.

• Remote Enable: Permits remote access to the namespace.

• Read Security: Permits read-only access to WMI security information.

• Edit Security: Permits read and write access to WMI security information. 2.4.2 Windows XP SP2, 2003 Server SP1 and Later Versions

On this group of systems and later versions, the changes applied in the previous section are needed, but are not sufficient to let a standard user run a query. In addition some changes are required in DCOM to enable remote launch privilege for WMI service on a target host. With these changes we will authorize a user to launch the application needed to retrieve the data to populate the query run.

If you do not apply the following settings you will get the error access denied (0x80070005 error code).

The access and launch DCOM privileges determine whether a user can access to one of the DCOM applications. You can set the default access and launch permissions that will apply to all the DCOM applications of system, except for the ones which have special requirements and have a particular configuration.

The changes can be applied to default settings or to Windows Management Instrumentation Application.

Note To monitor performance counters in Windows 2003 Server, it is necessary to add the user to the Performance Monitor Users group. However, there are some monitors that can not be executed without an administrator account.

Note To set launch permissions we must run dcomcnfg.exe

Figure 8 – Component services

Step 1. Right-click My Computer and select Properties.

Step 2. In the COM Security tab click Edit Default and add the user we will use to run the monitors with all the privileges. This defines the default access permission for this user.

Figure 9 – COM Security tab

Figure 10 – Access Permission Default Security settings

Step 3. We do the same with launch permissions:

Figure 11 – Repeat for launch permissions

Figure 12 – Launch permission default security

Step 4. And finally we override default launch permissions:

Figure 13 – Default launch permissions

Figure 14 – Launch Permission Security Limits 2.4.3 Windows Firewall Configuration

On Windows XP SP2 systems with Windows Firewall enabled to allow remote WMI queries the following changes are required:

Enable Allow Remote Administration for the user account.

You can run either the Group Policy editor (Gpedit.msc) to enable Allow Remote Administration, or use the netsh firewall command at the command prompt.

You should disable the remote administration feature after you have finished connecting to the remote computer to raise the security level of Windows Firewall.

The following command enables remote administration of the firewall.

> netsh firewall set service RemoteAdmin enable

The following command disables remote administration of the firewall.

> netsh firewall set service RemoteAdmin disable

Use the following steps in the Group Policy editor (Gpedit.msc) to enable Allow Remote Administration.

Step 1. Under the Local Computer Policy heading, open the Computer Configuration folder.

Step 2. Open the Administrative Templates folder.

Step 3. Open the Network folder.

Step 4. Open the Network Connections folder.

Step 5. Open the Windows Firewall folder.

Figure 15 – Group Policy Editor

Step 1. If the computer is in the domain, then open the Domain Profile folder; otherwise, open the Standard Profile folder.

Step 2. Click Windows Firewall: Allow remote administration exception.

Step 3. On the Action menu, select Properties.

Step 4. Click Enable, and then click OK. 2.4.4 WMI Security Recommendations

This section explained how to allow standard users access to WMI on local and remote machines.

The easiest solution is to create a user of the domain and add it to Domain Admin group. Note that by default Domain Admin group is member of Administrators group, which provides access to domain controllers. If you need access only to domain workstations the Domain Admin group does not need to be a member of the Administrators group.

Tip Remember firewall configuration is still needed.

The most secure solution is to use a non-administrator user and give permission to the individual workstations. A standard user with the configuration explained here has enough rights to monitor anything on a system, but some operations, such as kill a process, can only be executed by an Administrator account. Moreover, if the workstations are working on a Windows 2003 Server OS with SP1, the application would need an administrator account to be able to perform some important monitors of the system, i.e. accessing Windows Services information. So we recommend you use an administrator account on those systems that are running a Windows 2003 Server SP1 and use a lower user account on those which work with previous Windows versions.

Chapter 3 3 Windows Health - Introduction

Windows Health ThinAgents are ready to check the most critical values of a Windows system that may lead to performance or availability problems. Default thresholds have been accurately selected to let the user start monitoring a system only by setting system name (if other than local) and a login to connect. We recommend you adjust the monitor settings after product installation to suit your specific system configuration.

No installation is required on the remote host. All you need is a WMI service running on the server and a user with WMI access rights.

Windows Health ThinAgents are a good example of what we call sub-ThinAgents: A data source can be shared for all these ThinAgents, the same data is recollected for all of them and monitor filters exactly the same data, the only difference is in the scripts. These ThinAgents take advantage of data source and monitor separation; only one recollection is needed for all monitors to work on the same system, so that creating more monitors does not increase workload on monitored system.

Sharing all the variables on each ThinAgent allow users to set more intelligent health conditions, for example when checking top processes in CPU usage and CPU usage on system altogether. Furthermore, a system snapshot is generated using main variables for users to have a global view of Windows system health. Only one event is generated on each data recollection with all needed system information.

Note Changes to your system’s hardware and software configuration may require that you adjust the settings of these monitors to the new situation.

3.1 Windows Health Common Settings

Before describing the individual ThinAgents we will discuss general configuration and default variables of all Windows Health ThinAgents. 3.1.1 Data Source Configuration

Configuration of the data sources is the same for every Windows Health ThinAgent. For configuration details see section 2.2 - Data Source Configuration on page 5.

3.1.2 Monitor Configuration

All that is required to get started monitoring Windows Health Parameters is to configure the name and a description of the monitor.

Fields to configure are:

Configuration Variables & Values Description

Name of the Monitor, Use the default provided or enter a new name for example “Windows for the data source. Tip: add the host name you Name General Health Data- are monitoring to help quickly identify where Source” problems occur.

Description Enter a description of the data source 3.2 Variables

The following variables are common to all Windows Health ThinAgents. To facilitate identification of the meaning of each variable we have added a prefix to the variable name that indicates the group it belongs to. For example: memory, processes, network, and logical disk.

Variable Description

Host Host name or IP address.

LogicalDisks_MaxDiskUsedName Name of disk with highest usage.

Usage percentage of disk with highest LogicalDisks_MaxDiskUsedPertentage usage.

Mbytes of free space of the disk with the LogicalDisks_MinDiskAvailableSpace least free space.

LogicalDisks_MinDiskAvailableSpaceName Name of disk with the least free space.

LogicalDisks_NumberOfDisks Number of logical disks.

Number of bytes the server has sent to Logons_BytesPerSec and received from the network, an overall indication of how busy the server is.

Logons_LogonsPerSec Rate of all server logons.

Number of sessions currently active in the Logons_ServerSessions server. Indicates current server activity.

Sum of all interactive logons, network logons, service logons, successful logons, Logons_TotalLogons and failed logons since the machine was last rebooted.

Memory_PageFaultsPerSec Number of page faults per second.

Memory_PagefileUsagePercentage Percentage of paged file space used.

Amount of available physical memory, Memory_PhysicalMemoryAvailableMbytes measured in Mbytes.

Total amount of physical memory, mea- Memory_PhysicalMemoryTotalMbytes sured in Mbytes.

Variable Description

Amount of available virtual memory, mea- Memory_VirtualMemoryAvailableMbytes sured in Mbytes.

Total amount of virtual memory, measured Memory_VirtualMemoryTotalMbytes in Mbytes.

Amount of bandwidth used by the most Network_MaxBandwidthUsage active network interface.

Current theorical bandwidth of the most Network_MaxBandwidthUsageBandwidth active network interface.

Name of the most active network inter- Network_MaxBandwidthUsageName face.

Length of output queue of the busiest net- Network_MaxOutputQueueLength work interface.

Name of the network interface with the Network_MaxOutputQueueName longest output queue length.

Maximum number of packet outbound Network_MaxPacketOutboundErrors errors of a network interface.

Name of the network interface with most Network_MaxPacketOutboundErrorsName outbound errors.

Maximum number of packet received Network_MaxPacketReceivedErrors errors from a network interface.

Name of the network interface with most Network_MaxPacketReceivedErrorsName received errors.

Network_NumberOfNetworkInterfaces Number of network interfaces.

Number of semaphores currently being Objects_Semaphores used by system processes.

Number of threads currently running on Objects_Threads system.

Maximum rate of read and write opera- PhysicalDisks_MaxDiskTransfer tions on a disk.

Name of disk with most read and write PhysicalDisks_MaxDiskTransfersName operations per second.

PhysicalDisks_MaxQueueLength Queue length of busiest physical disk.

Name of disk with the longest queue PhysicalDisks_MaxQueueLengthName length.

PhysicalDisks_NumberOfDisks Number of physical disks.

Printer_TotalJobsPrinted Number of jobs printed since last reboot.

Printer_TotalPagesPrinted Number of pages printed since last reboot.

Percentage of CPU usage by the most Processes_MaxCPUAbuserProcess1 abusive CPU process.

Percentage of CPU usage by the 2nd Processes_MaxCPUAbuserProcess2 most abusive CPU process.

Percentage of CPU usage by the 3rd most Processes_MaxCPUAbuserProcess3 abusive CPU process.

Variable Description

Process identifier of most abusive CPU Processes_MaxCPUAbuserProcessID1 process.

Process identifier of 2nd most abusive Processes_MaxCPUAbuserProcessID2 CPU process.

Process identifier of 3rd most abusive Processes_MaxCPUAbuserProcessID3 CPU process.

Processes_MaxCPUAbuserProcessName1 Name of most abusive CPU process.

Processes_MaxCPUAbuserProcessName2 Name of 2nd most abusive CPU process.

Processes_MaxCPUAbuserProcessName3 Name of 3rd most abusive CPU process.

Memory usage by most abusive memory Processes_MaxMemoryAbuserProcess1 process.

Memory usage by 2nd most abusive CPU Processes_MaxMemoryAbuserProcess2 process.

Memory usage by 3rd most abusive CPU Processes_MaxMemoryAbuserProcess3 process.

Process identifier of most abusive mem- Processes_MaxMemoryAbuserProcessID1 ory process.

Process identifier of 2nd most abusive Processes_MaxMemoryAbuserProcessID2 memory process.

Process identifier of 3rd most abusive Processes_MaxMemoryAbuserProcessID3 memory process.

Processes_MaxMemoryAbuserProcessName1 Name of most abusive memory process.

nd Processes_MaxMemoryAbuserProcessName2 Name of 2 most abusive memory process.

rd Processes_MaxMemoryAbuserProcessName3 Name of 3 most abusive memory process.

Processes_WorkingSet Working set of all processes.

Processors_NumberOfProcessors Number of processors on system.

Percentage CPU usage in privileged Processors_PrivilegedTimePercentage mode.

Processors_ProcessorTimePercentage Percentage CPU usage.

Processors_UserTimePercentage Percentage CPU usage in user mode.

Time in seconds to perform recollection of RecollectionTime health data values.

System_BuildNumber Operating System build number.

System_Day Current day of system date.

System_LoggedOnUser User logged on system.

System_Month Current month of system date.

System_NumberOfProcesses Number of processes running on system.

Variable Description

System_OperatingSystem Operating system description.

Percentage of usage by system registry System_PercentageRegistryQuotaInUse files.

System_ProcessorQueueLength Number of threads waiting for processor.

System_ServicePackVersion Latest service pack installed.

System_SystemDescription Host Description.

System_SystemName System name.

System_Time Current time of system.

Day-component of time since last system System_UpTimeDays startup.

Hour-component of time since last system System_UpTimeHours startup.

Minute-component of time since last sys- System_UpTimeMinutes tem startup.

System_Year Current year of system date.

SystemIP_Address1-10 IP address of a network interface. 3.3 Field Map SmartConsole – ThinkServer

The following table shows how the different variables are represented in the SmartConsole and the ThinkServer, along with a description of the variables.

This field map shows the default settings for each individual ThinAgent. However you can change these settings to suit your needs. In contrast to the data source any changes you make will apply only to the monitor where you make the change – the change is not applied globally.

SmartConsole ThinkServer Description

Var01 Set Health Wizard Script name.

Var02 Host Host name or IP address.

Description of the operat- Var03 System_OperatingSystem ing system.

Latest service pack Var04 System_ServicePackVersion installed.

Var05 Processors_ProcessorTimePercentage Percentage CPU usage.

Amount of available Var06 Memory_PhysicalMemoryAvailableMbytes physical memory, measured in Mbytes.

Amount of available vir- Var07 Memory_VirtualMemoryAvailableMbytes tual memory, measured in Mbytes.

Number of page faults Var08 Memory_PageFaultsPerSec per second.

SmartConsole ThinkServer Description Name of disk with high- Var09 LogicalDisks_MaxDiskUsedName est usage.

Percentage of usage of Var10 LogicalDisks_MaxDiskUsedPertentage disk with highest usage.

Name of most abusive Var11 Processes_MaxCPUAbuserProcessName1 CPU process.

Process identifier of most Var12 Processes_MaxCPUAbuserProcessID1 abusive CPU process.

Percentage of CPU Var13 Processes_MaxCPUAbuserProcess1 usage by the most abusive CPU process.

Name of most abusive Var14 Processes_MaxMemoryAbuserProcessName1 memory process.

Process identifier of most Var15 Processes_MaxMemoryAbuserProcessID1 abusive memory process.

Memory usage by most Var16 Processes_MaxMemoryAbuserProcess1 abusive memory process.

Chapter 4 4 Windows Health ThinAgents

CPU, Disk and Memory are the most critical values when analyzing a system health and performance. If any of these values exceed normal limits system performance may decrease and in many situations may cause application failures or systems not to respond. 4.1 CPU Usage

Use this ThinAgent to check system CPU usage. If there’s more than one processor on the system the average value is given.

There are two ways to interpret system CPU Usage health:

• A high usage of CPU (over 95%) may indicate that there is a problem with a particular process. It may also simply indicate a workload peak during the day.

• On other hand if CPU usage reaches average values of over 85% using long refresh intervals (at least 1h) and system performance of the monitored system is critical to your operation, it indicates that the system does not have enough processor capacity and it is advisable to increase the number of processors or to change processors for faster ones. 4.1.1 Default Health Script

The default Health script is useful for detecting high CPU consumption in the short term.

By default Health is set to:

• Critical when CPU usage exceeds 95%

• Warning when CPU usage is greater than 80%

• Success in all other cases.

These Health conditions can be changed to suit your needs using the Health and Actions Wizard in the ThinkServer Configurator.

Changing refresh time and critical threshold allows the user to check average CPU usage of the system and evaluate whether its capacity is enough. 4.1.2 ThinAgent Variables

As mentioned in the introduction the same variables are retrieved for every monitor. Here is a list of the variables that are most important to this ThinAgent:

• Processors_PrivilegedTimePercentage

• Processors_ProcessorTimePercentage

• Processors_UserTimePercentage

• Processors_NumberOfProcessors

For descriptions of the different variables see section 3.2 - Variables on page 17. 4.2 CPU Queue Length

CPU queue length indicates the number of threads waiting for a processor. Both in systems with one processor and in systems with more than one processor there is only one queue.

Some sources say that the CPU queue length should not be greater than number of processors multiplied by 2; others use more complex formula to determine this value. Regardless of what theory you ascribe to, having a long CPU queue implies long response times and performance problems.

CPU Queue length is a good example of an instantaneous value. On windows systems there is no average value available for the CPU queue length. Therefore there is no additional benefit in increasing the refresh time. 4.2.1 Default Health Script

According to our experience with systems running one and two processors (the most frequent configuration of Windows operating systems), the following values are good indicators of system CPU health.

By default Health is set to:

• Critical when CPU queue length exceeds 9 threads

• Warning when CPU queue is longer than 5 threads

• Success in all other cases.

On systems where performance and response time are critical, these values should be decreased.

If there are more than 2 processors on a system change this condition so that CPU queue length does not exceed the number of processors multiplied by 2. 4.2.2 ThinAgent Variables

As mentioned in the introduction the same variables are retrieved for every monitor. Here is a list of the variables that are most important to this ThinAgent:

• System_ProcessorQueueLength

• System_NumberOfProcesses

• Objects_Threads

• Processors_ProcessorTimePercentage

For descriptions of the different variables see section 3.2 - Variables on page 17.

Use this ThinAgent to check which disk has a highest usage on a system. The importance of this check depends on the purpose of the system. For those systems where data is critical and enlarging fast this ThinAgent can help to avoid situations leading to a loss of information.

By setting a threshold, you can check if all your disk usage rates stay within the limits you specify. When any one of them reaches high occupation levels you are alerted immediately. 4.3.1 Default Health Script

System disk (the disk where operating system is installed) usage should never reach very high values, as this disk is frequently used and high usage on this disk could decrease system performance.

Note Disks with a usage over 85% have longer write and read times and that disk fragmentation increases disk seeks which is an expensive operation in time.

By default Health is set to

• Critical when any disk usage exceeds 92% of space used

• Warning when disk usage reaches 80%

• Minor when usage is over 75%

• Success in all other cases.

If your system data is frequently accessed do not let disk usage exceed these values, otherwise be alert on usage and don’t let disk reach 100% to avoid loosing data. 4.3.2 ThinAgent Variables

As mentioned in the introduction the same variables are retrieved for every monitor. Here is a list of the variables that are most important to this ThinAgent:

• LogicalDisks_NumberOfDisks

• LogicalDisks_MaxDiskUsedPertentage

• LogicalDisks_MaxDiskUsedName

• LogicalDisks_MinDiskAvailableSpace

• LogicalDisks_MinDiskAvailableSpaceName

For descriptions of the different variables see section 3.2 - Variables on page 20. 4.4 Min Disk Free Space

This ThinAgent is very similar to the Max Disk Usage ThinAgent. It looks at the same statistics from a different angle: the disk with the highest percentage of usage does not necessarily mean it has less free space; it all depends on disk size. 4.4.1 Default Health Script

By default health status is set to

• Critical when any disk’s free space is lower than 100 MB of space,

• Warning is set when there is less than 300 MB left to reach full usage

• Success in all other cases. 4.4.2 ThinAgent Variables

As mentioned in the introduction the same variables are retrieved for every monitor. Here is a list of the variables that are most important to this ThinAgent:

• LogicalDisks_NumberOfDisks

• LogicalDisks_MinDiskAvailableSpace

• LogicalDisks_MinDiskAvailableSpaceName

• LogicalDisks_MaxDiskUsedPertentage

• LogicalDisks_MaxDiskUsedName

For descriptions of the different variables see section 3.2 - Variables on page 17. 4.5 Physical Memory

Use this ThinAgent to check current usage of physical memory. If the usage is high processes are using more memory than is available on the system. In this situation many processes will have some of their work set pages (process environment) in paging files, which may reduce system performance.

Systems have physical and virtual memory. Physical memory is the amount of RAM memory on the system. Virtual memory is the view of memory that processes have and is greater than physical memory.

When available, the operating system uses physical memory to store processes work set. However when there is not enough physical memory, paging files are used to save the less frequently referenced pages of a processes work set. When a page that is stored in paging files needs to be accessed, pages are freed from RAM and copied to paging files, and the required pages are copied from the paging files to RAM. This is a time and resource consuming operation and in general it is desirable to reduce this to a minimum by increasing physical memory on system. 4.5.1 Default Health Script

By default Health is set to:

• Critical when the free space of physical memory is lower than 4 MB

• Warning when the free space is less than 10 MB

• Success in all other cases

There are some applications, such as SQL Server, that use high amounts of physical memory even if unnecessary not needed from the time they startup. Usually, if these applications detect physical memory is very low they release part of their work set. However incorrect configuration of one of these applications could cause physical memory to rise to such high values as mentioned here. 4.5.2 ThinAgent Variables

As mentioned in the introduction the same variables are retrieved for every monitor. Here is a list of the variables that are most important to this ThinAgent:

• Memory_PhysicalMemoryTotalMbytes

• Memory_PhysicalMemoryAvailableMbytes

• Memory_VirtualMemoryTotalMbytes

• Memory_VirtualMemoryAvailableMbytes

• Memory_PagefileUsagePercentage

• Memory_PageFaultsPerSec

For descriptions of the different variables see section 3.2 - Variables on page 20. 4.6 Virtual Memory

Use this ThinAgent to check current usage of virtual memory. When usage of virtual memory is high, many processes have part of their work set (process environment) in paging files, which in turn decreases system performance.

System virtual memory is the sum of physical memory and paging files memory. When a system runs out of virtual memory no more applications can be started, applications that need more memory fail, and the system may hang.

Virtual memory usage can reach very high values when many processes are running on the system, or when some of the processes are having problems releasing memory. 4.6.1 Default Health Script

By default Health is set to

• Critical when free space of virtual memory is lower than 50 MB

• Warning when free space of virtual memory is lower than 100 MB

• Success in all other cases

When your system is running out of memory, take a close look at the number of processes running and the most abusive memory users. Here you will find the key to resolving the current situation. 4.6.2 ThinAgent Variables

As mentioned in the introduction the same variables are retrieved for every monitor. Here is a list of the variables that are most important to this ThinAgent:

• Memory_VirtualMemoryTotalMbytes

• Memory_VirtualMemoryAvailableMbytes

• Memory_PhysicalMemoryTotalMbytes

• Memory_PhysicalMemoryAvailableMbytes

• Memory_PagefileUsagePercentage

• Memory_PageFaultsPerSec

For descriptions of the different variables see section 3.2 - Variables on page 17. 4.7 Page Faults

This ThinAgent checks the rate of hard page faults on a system. There are 2 types of page faults: soft page faults and hard page faults. Soft page faults are common on the system and do not negatively

affect it. They are produced when accessing a page that is not available in a process work set, but are available in physical memory. Hard page faults occur when the page referenced is not in physical memory but in paging files (in disk).

High rates of paging faults affect system performance in two ways:

• Page faults are very slow compared to physical memory access.

• High rates of page faults affect hard disk performance, in turn affecting other applications based on disk usage, such as database or file servers.

A page fault rate of over 100 can cause performance problems and is not desirable. To improve this situation, add more physical memory to system. 4.7.1 Default Health Script

By default the Health is set to

• Critical when the page faults rate exceeds 200 per second

• Warning when this value reaches 150

• Success in all other cases.

When you have a high page fault rate, have a close look at the number of processes running and the most abusive memory users. Here you will find the key to correcting the current situation. 4.7.2 ThinAgent Variables

As mentioned in the introduction the same variables are retrieved for every monitor. Here is a list of the variables that are most important to this ThinAgent:

• Memory_PageFaultsPerSec

• Memory_PagefileUsagePercentage

• Memory_VirtualMemoryTotalMbytes

• Memory_VirtualMemoryAvailableMbytes

• Memory_PhysicalMemoryTotalMbytes

• Memory_PhysicalMemoryAvailableMbytes

For descriptions of the different variables see section 3.2 - Variables on page 17. 4.8 Processes

Use this ThinAgent to check the number of processes running on the system. Most applications create processes. If any one of these applications malfunctions, too many processes may be created. This could lead to an overload of memory and CPU usage and possibly hang the system. 4.8.1 Default Health Script

By default Health is set to:

• Warning when the number of processes running on system is greater than 100

• Success is set in all other cases

Critical Health was not pre-configured, as we understand that on some systems it may be normal to run more than 100 processes at a given time.

4.8.2 ThinAgent Variables

As mentioned in the introduction the same variables are retrieved for every monitor. Here is a list of the variables that are most important to this ThinAgent:

• System_NumberOfProcesses

• Objects_Threads

For descriptions of the different variables see section 3.2 - Variables on page 17. 4.9 CPU Abusers

Use this ThinAgent to check whether CPU usage of top 3 CPU abusers is within specified limits and if the most consuming processes are those you are expecting to be heavy users.

By setting a top limit for a processes CPU consumption you can detect whether there is a process on the system showing strange behavior. 4.9.1 Default Health Script

By default Health is set to

• Warning when there is a process on system using more than 40% of CPU and system CPU usage exceeds 80%.

• Success in all other cases.

With these conditions we try to check whether there is a process spending so much CPU that it might get in the way of running other processes. 4.9.2 ThinAgent Variables

As mentioned in the introduction the same variables are retrieved for every monitor. Here is a list of the variables that are most important to this ThinAgent:

• Processes_MaxCPUAbuserProcess1

• Processes_MaxCPUAbuserProcessName1

• Processes_MaxCPUAbuserProcessID1

• Processes_MaxCPUAbuserProcess2

• Processes_MaxCPUAbuserProcessName2

• Processes_MaxCPUAbuserProcessID2

• Processes_MaxCPUAbuserProcess3

• Processes_MaxCPUAbuserProcessName3

• Processes_MaxCPUAbuserProcessID3

• Processors_ProcessorTimePercentage

For descriptions of the different variables see section 3.2 - Variables on page 17.

Use this ThinAgent to check that memory usage of top 3 memory abusers is within specified limits and if the most consuming processes are those you were expecting.

By setting a top limit for a process's consumption of memory you can detect whether there is a process with strange behavior on system. 4.10.1 Default Health Script

By default health is set to

• Critical when the most abusive memory user is using over 1000 MB of memory

• Warning when the most abusive memory user is using over 300 MB

• Success in all other cases.

If your memory is running out, have a close look at the number of processes running on the system and the heaviest memory abusers. Here you will find the key to solving the situation. 4.10.2 ThinAgent Variables

As mentioned in the introduction the same variables are retrieved for every monitor. Here is a list of the variables that are most important to this ThinAgent:

• Processes_MaxMemoryAbuserProcess1

• Processes_MaxMemoryAbuserProcessName1

• Processes_MaxMemoryAbuserProcessID1

• Processes_MaxMemoryAbuserProcess2

• Processes_MaxMemoryAbuserProcessName2

• Processes_MaxMemoryAbuserProcessID2

• Processes_MaxMemoryAbuserProcess3

• Processes_MaxMemoryAbuserProcessName3

• Processes_MaxMemoryAbuserProcessID3

• Processes_WorkingSet

For descriptions of the different variables see section 3.2 - Variables on page 17. 4.11 Threads

Use this ThinAgent to check how many threads are currently running on system. Just as when there are too many processes running on a system, having too many threads can cause the system to spend more CPU in operating system mode (which should be kept to a minimum) and memory. This situation may also indicate that a particular process is not running properly. 4.11.1 Default Health Script

By default Health is set to

• Warning when the number of threads on the system is over 2000

• Success in all other cases

In these situations the user should find out which processes are using most threads and evaluate if this is behavior is correct. 4.11.2 ThinAgent Variables

As mentioned in the introduction the same variables are retrieved for every monitor. Here is a list of the variables that are most important to this ThinAgent:

• System_NumberOfProcesses

• Objects_Threads

For descriptions of the different variables see section 3.2 - Variables on page 17. 4.12 Busiest Network Interface

Nowadays the network is considered a critical resource for most servers. High usage of a network interface can be a bottleneck for critical remote applications. When a network device usage exceeds 50% of its capacity more collisions occur, some packets may be lost and response times may increase.

If a particular network interface is very busy (excluding loop back) we recommend you add more network adapters to balance usage. 4.12.1 Default Health Script

By default Health is set to

• Warning when the bandwidth of the busiest network interface exceeds 50% of its capacity

• Success in all other cases. 4.12.2 ThinAgent Variables

As mentioned in the introduction the same variables are retrieved for every monitor. Here is a list of the variables that are most important to this ThinAgent:

• Network_NumberOfNetworkInterfaces

• Network_MaxBandwidthUsage

• Network_MaxBandwidthUsageName

• Network_MaxBandwidthUsageBandwidth

• Network_MaxOutputQueueLength

• Network_MaxOutputQueueName

• Network_MaxPacketOutboundErrors

• Network_MaxPacketOutboundErrorsName

• Network_MaxPacketReceivedErrors

• Network_MaxPacketReceivedErrorsName

For descriptions of the different variables see section 3.2 - Variables on page 17.

This is another indicator of insufficient network capacity. As mentioned in the Busiest Network Interface ThinAgent, the network is considered a critical resource for most servers. High usage of a network interface can be a bottleneck for critical remote applications. When a network device usage exceeds 50% of its capacity more collisions occur, some packets may be lost and response times may increase.

If a particular network interface is very busy (excluding loop back) we recommend you add more network adapters to balance usage. 4.13.1 Default Health Script

By default Health is set to

• Warning when the length of the longest network interface queue exceeds 5 packets to be sent

• Success in all other cases. 4.13.2 ThinAgent Variables

As mentioned in the introduction the same variables are retrieved for every monitor. Here is a list of the variables that are most important to this ThinAgent:

• Network_MaxOutputQueueLength

• Network_MaxOutputQueueName

• Network_NumberOfNetworkInterfaces

• Network_MaxBandwidthUsage

• Network_MaxBandwidthUsageName

• Network_MaxBandwidthUsageBandwidth

• Network_MaxPacketOutboundErrors

• Network_MaxPacketOutboundErrorsName

• Network_MaxPacketReceivedErrors

• Network_MaxPacketReceivedErrorsName

For descriptions of the different variables see section 3.2 - Variables on page 17. 4.14 Network Interface Outbound Errors

Use this ThinAgent to detect outbound errors on network interfaces. Errors on network interfaces are not frequent and they may point to a hardware problem on this interface. 4.14.1 Default Health Script

By default Health is set to

• Critical when any outbound error occurs on a network interface

• Success is set in all other cases.

4.14.2 ThinAgent Variables

As mentioned in the introduction the same variables are retrieved for every monitor. Here is a list of the variables that are most important to this ThinAgent:

• Network_MaxPacketOutboundErrors

• Network_MaxPacketOutboundErrorsName

• Network_MaxPacketReceivedErrors

• Network_MaxPacketReceivedErrorsName

• Network_NumberOfNetworkInterfaces

• Network_MaxBandwidthUsage

• Network_MaxBandwidthUsageName

• Network_MaxBandwidthUsageBandwidth

• Network_MaxOutputQueueLength

• Network_MaxOutputQueueName

For descriptions of the different variables see section 3.2 - Variables on page 17. 4.15 Network Interface Received Errors

Use this ThinAgent to detect reception errors on network interfaces. Reception errors on network interfaces do not occur frequently, and they may point to a hardware problem on this interface. 4.15.1 Default Health Script

By default health is set to

• Critical when there is any reception error on a network interface

• Success in all other cases 4.15.2 ThinAgent Variables

As mentioned in the introduction the same variables are retrieved for every monitor. Here is a list of the variables that are most important to this ThinAgent:

• Network_MaxPacketReceivedErrors

• Network_MaxPacketReceivedErrorsName

• Network_MaxPacketOutboundErrors

• Network_MaxPacketOutboundErrorsName

• Network_NumberOfNetworkInterfaces

• Network_MaxBandwidthUsage

• Network_MaxBandwidthUsageName

• Network_MaxBandwidthUsageBandwidth

• Network_MaxOutputQueueLength

• Network_MaxOutputQueueName

For descriptions of the different variables see section 3.2 - Variables on page 17. 4.16 Registry Quota

Use this ThinAgent to check whether there is available space in the Windows Registry. Almost all program installations use the Windows Registry to store advanced settings. Some programs also use it to store user settings and data. When the registry runs out of free space these applications may not work properly.

If the registry reaches high usage levels, the administrator must extend registry space or replace unused entries. 4.16.1 Default Health Script

By default health is set to

• Critical when registry quota exceeds 95%,

• Warning when the when registry occupation exceeds 80%

• Success in all other cases. 4.16.2 ThinAgent Variables

As mentioned in the introduction the same variables are retrieved for every monitor. This is the variable that is most important to this ThinAgent:

• System_PercentageRegistryQuotaInUse

For descriptions of the different variables see section 3.2 - Variables on page 17. 4.17 Printed Pages

With this ThinAgent you can control the number of pages printed from a system since its startup.

By using scripts you can modify its behavior to see how many pages are printed in a certain time interval. 4.17.1 Default Health Script

By default Health is set to

• Warning when printed pages exceed 1000

• Success in all other cases. 4.17.2 ThinAgent Variables

As mentioned in the introduction the same variables are retrieved for every monitor. Here is a list of the variables that are most important to this ThinAgent:

• Printer_TotalPagesPrinted: Number of pages printed since last reboot

• Printer_TotalJobsPrinted: Number of jobs printed since last reboot

For descriptions of the different variables see section 3.2 - Variables on page 17.

Use this ThinAgent to check the time a system has been switched on. Running a system for a long time can cause the system to become unstable. We recommend you reboot a Windows system at least once per month. Periodically rebooting your Windows system improves system performance and stability.

All applications running on a system, including the operating system use some system resources that can be incorrectly released. Also some applications may fail and lock a number of resources. By rebooting you ensure all system and service processes are restarted and the host behavior improves. 4.18.1 Default Health Script

By default Health is set to

• Warning when system has been running for more than 20 days

• Success in all other cases.

Depending on what programs are running on the system this time may be too short or too long. You should adjust these conditions to meet your system requirements. 4.18.2 ThinAgent Variables

As mentioned in the introduction the same variables are retrieved for every monitor. Here is a list of the variables that are most important to this ThinAgent:

• System_UpTimeDays

• System_UpTimeHours

• System_UpTimeMinutes

• System_Year

• System_Month

• System_Day

• System_Time

For descriptions of the different variables see see section 3.2 - Variables on page 17. 4.19 Generic

Windows Health offers a wide range of pre-configured ThinAgents to get you started monitoring your Windows operating system. However if these ThinAgents do not cover all of your specific monitoring needs you can use the Generic ThinAgent to create your own custom monitor.

With the Generic ThinAgent you have access to all variables retrieved by the data source for the Windows Health Monitor and you can use any of them to configure your own health rules, actions, message templates, and even pre- and post actions. For descriptions of the different variables see section 3.2 - Variables on page 17.

Chapter 5 5 Windows Lightweight – Introduction

Windows Lightweight ThinAgents are a set of easy use ThinAgents that retrieve and monitor only the key values of a Windows system. They have been designed make specific checks on each system, as in an enterprise environment each system plays a special role and has particular needs.

When using Lightweight monitors, only the necessary data is recollected. The fewer monitors created, the less data needs to be recovered, and thus the lower is the workload on the server.

All data sources of these ThinAgents are private, greatly simplifying the configuration of each monitor. As the data for each ThinAgent is very particular and no more than one check is required for each ThinAgent there is no additional benefit in using shared data sources.

Default thresholds have been set so that the user can start monitoring with just a click of the mouse. Like in all ThinAgents these values can and should be changed to meet your company’s specific needs.

No installation is required on the remote host. All you need is a WMI service running on the server and a user with WMI access rights.

TipDue to the nature of the Lightweight ThinAgents and the fact that they retrieve only the minimum information required, you will not find information about the general system properties or be able to give a “snapshot” of basic system information. If you require this type of information for your monitoring purposes, we suggest you use the “Windows Health ThinAgents” instead. 5.1 Configuration

The configuration of each ThinAgent is different. However there is some information that is the same for all the Lightweight ThinAgents.

In the first tab you will find the Main Information, General Settings and Target Host Data. The fields in Main Information and Target Host Data are the same for every ThinAgent. Likewise the values in General Settings are the same for each monitor. The following tables contain the common configuration variables, their default values, and descriptions of the variables.

5.1.1 Main Information

Configuration Variables & Description Values

Use the default provided or enter a new name for the Name data source. Tip: add the host name you are monitoring to help quickly identify where problems occur.

Description Enter a description of the data source.

5.1.2 General settings

Configuration Variables & Values Description

The data source will be refreshed every 60 sec- Refresh time 60 seconds onds.

If we detect an error we determine that we will Number of tries 2 retry two times...

Interval between 10 seconds ...And that we will retry after 10 seconds. tries

In the case that errors exceed the number spec- 600 sec‐ ified in Number of Tries (in this case more than Error retry time onds twice), we will wait for 600 seconds before running the check again.

5.1.3 Target host settings

Configuration Variables & Description Values

You can enter the IP Address or use the DNS name IP / DNS Name of the host.

Domain Host domain.

User User to connect to host with.

Password to Password of the user connecting to the host. connect

The second tab contains the relevant variables for the monitor. Here you can select the variables you need to work with on scripts. You can use a filter mask to filter out unwanted data. The mask is not case sensitive, and wildcards (*,?) are allowed. If need be you can also change the descriptions here.

Each ThinAgent comes with its own set of relevant variables, which won’t be available until the monitor is successfully created. See the descriptions of the individual ThinAgents for further information.

Furthermore there are a number of variables that are retrieved for every Lightweight ThinAgent. The following table contains these general variables.

General Variables Description

Host Server name or IP address.

General Variables Description

This variable identifies the CPU you are interested in. It defines NameSpace the label by which the statistic or metric is known. When subclassed, the property can be overridden to be a Key property.

Query Text of WQL Query run

The next chapter describes the available Lightweight ThinAgents.

Chapter 6 6 Windows Lightweight – ThinAgents

6.1 Lightweight CPU

Use this monitor to see the CPU usage of a system. This value is not an instantaneous value, but rather the average of CPU usage since last refresh. This value is really important in determining whether the system workload is appropriate for the capacity of the processor.

In theory the system CPU usage can reach 100% without causing problems, however when the average usage is higher than 85% it could slow down certain applications. If this situation becomes usual, reduce the workload of the system or increase the capacity of the processor.

The processor usage is the sum of privileged time usage and user time usage. User time usage is the consumption of resources by the processes running on system. Privileged time usage is the consumption of resources by the operating system when preparing the processor to run user programs. Thus you should try to keep privileged time near zero. If this value grows, it could mean that many processes are waiting for processor or that there is a hardware problem. 6.1.1 Default Health Script

This script generates a health object event for each CPU and one with the average values of all processors on system, named Total.

By default Health is set to

• Critical when the percentage of processor usage is higher than 85%.

• Warning when the event count is 0 (i.e. no data has been retrieved)

• Success in all other cases

In most cases it is enough to receive only one event with the average values of CPU usage in order to determine the system CPU Health. To accomplish this, go to monitor settings and open the select the CPU Usage Settings tab. For the variable Name, enter “_Total” in the filter mask. Only events with name Total will be picked up by the monitor. 6.1.2 ThinAgent Variables

This section describes the variables specific to this ThinAgent. For a description of the generic variables available in a ThinAgent see the ThinkServer Configurator User Guide.

The variable Name is used to identify the CPU you are interested in.

The variable PercentProcessorTime stands out as particularly interesting for the purpose of this monitor.

The following table contains the CPU-specific variables.

Variables Description

Host Server name or IP address.

This variable identifies the CPU you are interested in. It defines Name the label by which the statistic or metric is known. When subclassed, the property can be overridden to be a Key property.

NameSpace Name space connected.

Percentage Privileged Time: consumption of resources by the PercentPrivilegedTi operating system when preparing the processor to run user me programs.

PercentProcessorTi Percentage Processor Time: processor usage is the sum of me privileged time usage and user time usage.

Percentage User Time: consumption of resources by the pro- PercentUserTime cesses running on system.

Query Text of WQL Query that was run.

6.1.3 Field Map SmartConsole – ThinkServer

The following table shows how the different variables are represented in the SmartConsole and the ThinkServer, along with a description of the variables. You can change these settings to suit your needs.

SmartConsole ThinkServer Description

Var01 Set Health Wizard Script name.

Var02 Host IP Address or DNS Name of the host.

Var03 Name CPU identifier.

Percentage Processor Time: processor usage PercentProcessor‐ Var04 is the sum of privileged time usage and user Time time usage.

Percentage Privileged Time: consumption of PercentPrivi‐ Var05 resources by the operating system when pre- legedTime paring the processor to run user programs.

Percentage user time: consumption of Var06 PercentUserTime resources by the processes running on system. 6.2 Lightweight Disks

You can use this monitor to check space availability of any permanent logical disk (not removable devices) on any machine on the network. A logical disk does not have to match a physical disk: this monitor represents each logical disk partition as a different disk.

6.2.1 Default Health Script

This script checks whether there is a logical disk with a usage greater than 85% and whether there are unformatted disks.

It receives one event for each logical disk on system from the ThinkServer. The first time it runs it creates an object health event for each disk and a monitor object Health corresponding to the most critical disk health (this is an example of a group script).

On the following iterations, it only generates an object Health event when a disk health status has changed. If the most critical disk health changes a monitor object health event is also generated.

By default a the disk Health is set to

• Critical when usage is greater than 85%

• Minor when the disk is not formatted.

• Success in all other cases.

This configuration can easily be changed to suit your company’s goals using the Health Wizard. 6.2.2 ThinAgent Variables

This section describes the variables specific to this ThinAgent. For a description of the generic variables available in a ThinAgent see the ThinkServer Configurator User Guide.

Certain variables are used to identify the Logical Disks. They are

• DeviceID

• SystemName

• VolumeName

The following variables stand out as particularly interesting for the purpose of this monitor

• FileSystem

• FreeSpace

• Size

The following table contains the Disks-specific variables.

Variable Description

This variable indicates whether the logical volume exists as a single compressed entity, such as a DoubleSpace volume. If file Compressed based compression is supported (such as on NTFS), this property will be FALSE.

The DeviceID property contains a string uniquely identifying the DeviceID logical disk from other devices on the system.

FileSystem The file system on the logical disk. For example NTFS.

FreeSpace Free space on logical disk.

Host Server name or IP address.

NameSpace Name space connected.

Variable Description

Query Text of WQL Query run.

Size Total size of logical disk.

SystemName Name of host.

The volume name of the logical disk. Allows a maximum of 32 VolumeName characters.

VolumeSerialNum The volume serial number of the logical disk. Allows a maximum ber of 11 characters. For example A8C3-D032.

6.2.3 Field Map SmartConsole – ThinkServer

This ThinAgent sends messages to the SmartConsole for each individual logical disk on the system and one global message summarizing the current monitor health.

The following tables show how the different variables are represented in the SmartConsole and the ThinkServer, along with a description of the variables. You can change these settings to suit your needs.

The variables sent to the SmartConsole for the individual messages are set in Post Health-Check Actions and by default include the following variables:

SmartConsole ThinkServer Description

Var01 Set health Wizard Script name.

Var02 Host IP address or host name.

The DeviceID property contains a string Var03 DeviceID uniquely identifying the logical disk from other devices on the system.

Var04 PercentUsed Percentage of logical disk used

Total space available for the logical disk, Var05 TotalMB measured in MB

Space available on the logical disk, mea- Var06 FreeMB sured in MB

The default field map of the global health message is set in Event Variables and contains the following variables:

SmartConsole ThinkServer Description

Var01 Set health Wizard Script name.

Var02 Host IP address or host name.

Var03 MaxDiskUsageName Name of the disk with the highest usage.

Percentage of occupation on the disk with Var04 MaxDiskUsage the highest usage.

MinDiskFreeSpace‐ Var05 Name of the disk with the least free space. Name

SmartConsole ThinkServer Description

Level of free space on the disk with the least Var06 MinDiskFreeSpace free space, measured in MB. 6.3 Lightweight Environment Variables

You can use this monitor to check whether an environment variable is created, whether its value is correct, or to retrieve the value for the variable. Some applications need a correct environment variable to start. 6.3.1 Default Health Script

The default script of this monitor is very simple. It works as an informative monitor. Every refresh time it shows all the environment variable names and values. An object Health event is generated for every variable. Object Health is set to

• Warning when it cannot retrieve any data

• Success in all other cases.

You can change the Health conditions to suit your needs. For example you could configure the script to check that C:\program files\Software is in your PATH environment variable. 6.3.2 ThinAgent Variables

This section describes the variables specific to this ThinAgent. For a description of the generic variables available in a ThinAgent see the ThinkServer Configurator User Guide.

The variable Name is used to identify the Environment Variables.

The following variables stand out as particularly interesting for the purpose of this monitor:

• SystemVariable

• UserName

• VariableValue

The following table contains the Environment-specific variables.

Variable Description

Caption A short textual description (one-line string) of the object.

Description A full description of the object.

Host Server name or IP address.

A date-time value indicating when the object was installed. Note that InstallDate the absence of this value does not indicate that the object has not been installed.

Contains a character string specifying the name of a Win32 environment variable. By specifying the name of a variable that does not yet Name exist, an application can create a new environment variable. For example Path.

NameSpace Name space connected.

Variable Description

Query Text of WQL Query run.

A string indicating the current status of the object. Various operational and non-operational statuses can be defined. Operational statuses are OK Degraded Pred Fail - indicates that an element may be functioning properly but predicting a failure in the near future. An example is a SMART- enabled hard drive. Status Non-operational statuses can also be specified. These are: Error Starting Stopping Service – may apply during mirror-resilvering of a disk, reloading a user permissions list, or other administrative work. Not all such work is on-line, yet the managed element is neither 'OK' nor in one of the other states.

Indicates whether the variable is a system variable. A system variable is set by the operating system, and is independent from user environ- SystemVariab ment settings. Values are le True - indicates the variable is a system variable False

Indicates the owner of the environment setting. Values are: (SYSTEM) - for settings that are specific to the Win32 system (as UserName opposed to a specific user) (DEFAULT) - for default user settings. For example Jsmith.

Contains the placeholder variable of a Win32 environment variable. Information like the file system directory can change from machine to VariableValue machine. The operating system substitutes placeholders for these. For example %SystemRoot%. 6.3.3 Field Map SmartConsole – ThinkServer

SmartConsole ThinkServer Description

Var01 Set Health Wizard Script name.

Var02 Host Host name or IP address. 6.4 Lightweight Event Log

This monitor can be used to check event log file usage, overwrite policy, number of events and much more. With this monitor you can check free space on event log files and take action to avoid losing events. 6.4.1 Default Health Script

One object Health event is generated for each event log file. This script sets Health to

• Critical for files that reach 95% of maximum size and has the overwrite policy set to “never delete old events” (user must do so manually).

• Warning for files that reach 80% of maximum size and have an overwrite policy set to “never delete old events” (user must do so manually).

• Minor if no data can be retrieved

• Success in all other cases

Note The overwrite policy can be set to remove events older than a specified number of days.

6.4.2 ThinAgent Variables

This section describes the variables specific to this ThinAgent. For a description of the generic variables available in a ThinAgent see the ThinkServer Configurator User Guide.

Certain variables are used to identify the Event Logs. They are:

• LogFileName

• Name

The following variables stand out as particularly interesting for the purpose of this monitor:

• FileSize

• MaxFileSize

• NumberOfRecords

• OverwriteOutdated

• OverwritePolicy

The following table contains the Event Log-specific variables and their description.

Variable Description

A bit array representing the access rights to the given file or directory held by the user or group on whose behalf the instance is returned. Note This property is only supported AccessMask under Windows NT and Windows 2000. On Windows 98 and on Windows NT/2000 FAT volumes, FULL_ACCESS is returned, indicating no security has been set for the object.

Archive A Boolean value indicating that the file should be archived.

Caption A short textual description (one-line string) of the object.

Compressed A Boolean value indicating that the file is compressed.

Variable Description

A free form string indicating the algorithm or tool used to compress the logical file. If it is not possible (or not desired) to describe the compression scheme (perhaps because it is not known), use Unknown - to indicate that it is not known whether the logical CompressionMethod file is compressed or not Compressed - to show that the file is compressed but that either its compression scheme is not known or not disclosed Not Compressed - to express that the logical file is not compressed.

CreationClassName A string indicating the name of this class.

CreationDate A date-time value indicating the file's creation date.

CSCreationClassNa A string indicating the class of the computer system. me

CSName A string indicating the name of the computer system.

Description A textual description of the object.

A string representing the drive letter (including colon) of the Drive file. For example: c:

EightDotThreeFileNa A string representing the DOS-compatible file name for this me file. For example c:\progra~1.

Encrypted A Boolean value indicating that the file is encrypted.

A free form string indicating the algorithm or tool used to encrypt the logical file. If it is not possible (or not desired) to describe the encryption scheme (perhaps for security reasons), use Unknown to represent that it is not known whether the logical EncryptionMethod file is encrypted or not, Encrypted to represent that the file is encrypted but either its encryption scheme is not known or not disclosed Not Encrypted to represent that the logical file is not encrypted.

A string representing the file's extension (without the dot). For Extension example txt, mof, mdb.

A string representing the filename (without extension) of the FileName file. For example: autoexec.

FileSize The size of the file measured in Kbytes.

A string descriptor representing the file type (indicated by the FileType Extension property).

FSCreationClassNa A string indicating the class of the file system. me

FSName A string indicating the name of the file system.

Hidden A Boolean value indicating whether the file is hidden.

Host Server name or IP address.

Variable Description

A date-time value indicating when the object was installed. InstallDate The absence of this value does not imply that the object is not installed.

An integer indicating the number of 'file opens' currently active InUseCount against the file.

A date-time value indicating the time the file was last LastAccessed accessed.

LastModified A date-time value indicating the time the file was last modified.

LogfileName Name of the log file.

Manufacturer Manufacturer string from version resource if one is present.

MaxFileSize Maximum file size in Kbytes.

A string representing the inherited name that serves as a key Name of a logical file instance within a file system. Full path names should be provided. For example: c:\winnt\system\win.ini

NameSpace Name space connected.

NumberOfRecords Total number of records in the event log file.

OverwriteOutDated Number of days to wait before overwriting data.

Overwrite policy. Possible values are: Never OverWritePolicy Outdated WhenNeeded

A string representing the path of the file. This includes leading Path and trailing backslashes. Example \windows\system\.

Query Text of WQL Query that was run.

Readable A Boolean value indicating the file can be read.

A string indicating the current status of the object. Various operational and non-operational statuses can be defined. Operational status OK Degraded Pred Fail - indicates that an element may be functioning properly but predicting a failure in the near future. An example is a SMART-enabled hard drive. Status Non-operational statuses can also be specified. These are Error Starting Stopping Service – may apply during mirror-resilvering of a disk, reloading a user permissions list, or other administrative work. Not all such work is on-line, yet the managed element is neither 'OK' nor in one of the other states.

System A Boolean value indicating if the file is a system file.

Version Version string from version resource if one is present.

Variable Description

Writeable A Boolean value indicating whether the file can be written.

6.4.3 Field Map SmartConsole – ThinkServer

SmartConsole ThinkServer Description

Var01 Set Health Wizard Script name.

Var02 Host Host name or IP address. 6.5 Lightweight Memory

This is a very basic memory monitor. It shows the physical and virtual memory usage. Physical memory is the amount of RAM memory installed on a system. Usually a system needs more memory than is available on RAM to run an application. In these situations Disk is used to simulate that there is more memory available than there really is. The amount of memory available on the system including RAM memory and paging files on disk space is called Virtual memory. The problem of using Disk is that transfer operations are very slow and this reduces system performance. To avoid these situations it is advisable to add as much RAM memory as possible to critical systems. 6.5.1 Default Health Script

The script of this monitor is very simple. It generates one event for every refresh of the data source. It sets Health to:

• Critical if virtual memory usage reaches 85%

• Warning if physical memory usage reaches 90%

• Minor if no data is retrieved

• Success in all other cases

A high usage of physical memory may indicate that there is not enough memory available for the application to run on the system. On the other hand some programs maximize physical memory usage to improve performance, in which case high memory usage is a normal situation.

Virtual memory is a better indicator of potential problems. When the system runs out of virtual memory, performance decreases because of an increase in page fault rates. This can even cause applications to stop responding. 6.5.2 ThinAgent Variables

This section describes the variables specific to this ThinAgent. For a description of the generic variables available in a ThinAgent see the ThinkServer Configurator User Guide.

These variables stand out as particularly interesting for the purpose of this monitor

• Physical memory TotalVisibleMemorySize FreePhysicalMemory

• Virtual memory TotalVirtualMemorySize FreeVirtualMemory

The following table contains the Memory-specific variables.

Variable Description

FreePhysicalMemor Number of kilobytes of physical memory currently unused and y available.

The total number of kilobytes that can be mapped into the FreeSpaceInPagingF operating system's paging files without causing any other iles pages to be swapped out.

Number of kilobytes of virtual memory currently unused and available. For example, this may be calculated by adding the FreeVirtualMemory amount of free RAM to the amount of free paging space (i.e., adding the properties, FreePhysicalMemory and FreeSpa- ceInPagingFiles).

Host Server name or IP address.

NameSpace Name space connected.

Query Text of WQL Query run

Number of kilobytes of virtual memory. For example, this may be calculated by adding the amount of total RAM to the TotalVirtualMemoryS amount of paging space (i.e., adding the amount of memory in/ ize aggregated by the computer system to the property, SizeStoredInPagingFiles.

The total amount of physical memory available to the operat- TotalVisibleMemory ing system. This value does not necessarily indicate the true Size amount of physical memory, but what is reported to the operating system as available to it. 6.5.3 Field Map SmartConsole – ThinkServer

SmartConsole ThinkServer Description

Set Health Wiz‐ Var01 Script Name. ard

Var02 Host Host Name or IP address.

The total amount of physical memory available to the operating system. This value does not Var03 TotalPhysical necessarily indicate the true amount of physical memory, but what is reported to the operating system as available to it.

FreePhysicalMem‐ Number of kilobytes of physical memory cur- Var04 ory rently unused and available.

Var05 PercentPhysical Percentage of physical memory used.

SmartConsole ThinkServer Description

Number of kilobytes of virtual memory. For example, this may be calculated by adding the amount of total RAM to the amount of paging Var06 TotalVirtual space (i.e., adding the amount of memory in/ aggregated by the computer system to the property, SizeStoredInPagingFiles.

Number of kilobytes of virtual memory currently unused and available. For example, this may be FreeVirtualMem‐ calculated by adding the amount of free RAM to Var07 ory the amount of free paging space (i.e., adding the properties, FreePhysicalMemory and FreeSpaceInPagingFiles).

Var08 PercentVirtual Percentage of virtual memory used. 6.6 Lightweight Network Connections

Use this monitor to check the status of network connections on a system.

Note that you may encounter a problem retrieving this information from your local system due to the user profile when you run ThinkServer as a Windows service:

When you run ThinkServer as a service on your machine it runs under user localsystem. Network connections are particular to the user that is logged on to the system. So when the localsystem user is used, no data is retrieved. This implies that you can use this monitor to check network connections of remote hosts only.

If you want to use this monitor to check the localsystem you will need to change the user profile of the ThinkServer Service.

Note This ThinAgent only works with Windows XP or later, due to a problem in Windows 2000.

6.6.1 Default Health Script

The script checks whether there is any network connection disconnected. If there is any persistent network connection disconnected a critical object health event is generated indicating the number of disconnected connections.

This script receives one event for each network connection, the first time it is run one object health event is generated. A group event is also generated indicating the number of connections, number of disconnected persistent connections and number of disconnected non-persistent connections.

On further iterations of this check, only changes to group Health will generate object health events. 6.6.2 ThinAgent Variables

This section describes the variables specific to this ThinAgent. For a description of the generic variables available in a ThinAgent see the ThinkServer Configurator User Guide.

Certain variables are used to identify the network connections. They are:

• LocalName

• Name

• RemoteName

These two variables stand out as particularly interesting for the purpose of this monitor

• ConnectionState

• Persistent

This table contains the Network Connection-specific variables and their description.

Variable Description

Caption A short textual description (one-line string) of the object.

ConnectionSta Indicates the current state of the network connection. te

ConnectionTy Indicates the persistence type of the connection used for connecting pe to the network. For example: Permanent.

Description A textual description of the object.

Indicates how the network object should be displayed in a network DisplayType browsing application. For example: Generic.

Host Server name or IP address.

Indicates the local name of the connected network device. For exam- LocalName ple: c:\public.

Indicates the name of the current network connection. It is the combi- Name nation of the value in the RemoteName property and the value in the LocalName property. For example: :\\NTRELEASE (c:\public).

NameSpace Name space connected.

Determines whether this connection will be reconnected automatically by the operating system on the next logon. Values are Persistent TRUE - indicates the network connection will be automatically connected. FALSE

Contains the name of the provider that owns the resource. This prop- ProviderName erty can be NULL if the provider name is unknown.

Query Text of WQL Query that was run.

Contains the remote network resource name for a network resource. For a current or persistent connection, RemoteName contains the network name associated with the name of the value in the Local- RemoteName Name property. The name in RemoteName must follow the network provider's nam- ing conventions. For example: :\\NTRELEASE.

Contains the full path to the network resource. Example RemotePath :\\infosrv1\public.

ResourceType Identifies the type of resource to enumerate or connect to.

Variable Description

A string indicating the current status of the object. Various operational and non-operational statuses can be defined. Operational statuses are OK Degraded Pred Fail - indicates that an element may be functioning properly but predicting a failure in the near future. An example is a SMART- enabled hard drive. Status Non-operational statuses can also be specified. These are Error Starting Stopping Service – may apply during mirror-resilvering of a disk, reloading a user permissions list, or other administrative work. Not all such work is on-line, yet the managed element is neither 'OK' nor in one of the other states.

Contains the user name or the default user name used to establish a UserName network connection. For example: SYSTEM. 6.6.3 Field Map SmartConsole – ThinkServer

This ThinAgent sends messages to the SmartConsole for each individual network connection and one global message summarizing the current monitor health.

The variables sent to the SmartConsole for the individual messages are set in Post Health-Check Actions and by default include the following variables:

SmartConsole ThinkServer Description

Var01 Set Health Wizard Script Name.

Var02 Host Host name or IP address.

Indicates the local name of the connected Var03 LocalName network device. For example: c:\public.

Contains the full path to the network Var04 RemotePath resource. Example: \\infosrv1\public.

Indicates the current state of the network Var05 ConnectionState connection.

The default field map of the global health message is set in Event Variables and contains the following variables:

SmartConsole ThinkServer Description

Var01 Set Health Wizard Script Name.

Var02 Host Host name or IP address.

Var03 VSMEventCount Total number of network connections.

SmartConsole ThinkServer Description

Var04 ConnectedCount Number of connected network connections.

Var05 DisconnectedCount Number of disconnected network connections. 6.7 Lightweight Page Files

Paging files are the files used by the operating system to save those pages that cannot be saved in RAM memory when virtual memory used is greater than physical memory available on system.

Although it is possible to create a paging file per logical disk, we recommend you create a maximum of one paging file per physical disk to avoid repeating disk seeks.

You can increase performance by using paging files on more than one disk as disk operations can be balanced.

For critical servers it is wise not to use the main operating system disk for paging files (even though this is the default setting). 6.7.1 Default Health Script

This script receives one event for each paging file on the system. Health is set to

• Critical, for each paging file with a usage greater than 90%

• Warning, if the usage is greater than 80%.

• Minor, if the data cannot be retrieved

• Success in al other cases

If more than one paging file is used on the system you could use this monitor to check if the usage of paging files is balanced. 6.7.2 ThinAgent Variables

This section describes the variables specific to this ThinAgent. For a description of the generic variables available in a ThinAgent see the ThinkServer Configurator User Guide.

The variable Name is used to identify the paging files.

The following variables stand out as particularly interesting for the purpose of this monitor

• AllocatedBaseSize

• CurrentUsage

• PeakUsage

The following table contains the paging files-specific variables and their description.

Variable Description

Indicates the actual amount of disk space allocated for use with AllocatedBaseSi this paging file. This value corresponds to the range established in ze Win32_PageFileSetting under the InitialSize and MaximumSize properties, set at system startup. For example 178MB.

Caption A short textual description (one-line string) of the object.

Variable Description

Indicates the amount of disk space currently used by the paging CurrentUsage file.

Host Server name or IP address.

Indicates the name of the paging file. For example C:\PAGE- Name FILE.SYS.

NameSpace Name space connected.

PeakUsage Indicates the paging file with the highest usage.

Query Text of WQL Query that was run.

6.7.3 Field Map SmartConsole – ThinkServer

SmartConsole ThinkServer Description

Var01 Set Health Wizard Script Name.

Var02 Host Host name or IP address. 6.8 Lightweight Shares

Use this monitor to check which directories or devices are shared by a system. Excessive sharing may lead to security problems. 6.8.1 Default Health Script

This script works in informative mode, it receives an event for each share on the system and for each one generates a success object health event.

You can easily modify monitor settings to filter by the name of the share you are interested in and modify the script to check whether it is always or never shared. 6.8.2 ThinAgent Variables

This section describes the variables specific to this ThinAgent. For a description of the generic variables available in a ThinAgent see the VISUAL Message Center ThinkServer User Guide.

Certain variables are used to identify the shares. They are:

• Name

• Path

The following variables stand out as particularly interesting for the purpose of this monitor

• AllowMaximum

• MaximumAllowed

The following table contains the shares-specific variables and their description.

Variable Description

Indicates whether the number of concurrent users for this resource has been limited. Values are True - indicates the number of concurrent users of this resource has AllowMaximum not been limited and the value in the MaximumAllowed property is ignored. False.

Caption A short textual description (one-line string) of the object.

Description Provides a full description of the object.

Host Server name or IP address.

Indicates the limit of the number of users allowed to use this MaximumAllow resource concurrently. For example 10. ed Note that the value is only valid if the AllowMaximum member is set to FALSE.

Indicates the alias given to a path set up as a share on a Win32 sys- Name tem. For example: public.

NameSpace Name space connected.

Indicates the local path of the Win32 share. For example: C:\Pro- Path gram Files.

Query Text of WQL Query that was run.

A string indicating the current status of the object. Various operational and non-operational statuses can be defined. Operational statuses are OK Degraded Pred Fail - indicates that an element may be functioning properly but predicting a failure in the near future. An example is a SMART- enabled hard drive. Status Non-operational statuses can also be specified. These are: Error Starting Stopping Service - may apply during mirror-resilvering of a disk, reloading a user permissions list, or other administrative work. Not all such work is on-line, yet the managed element is neither 'OK' nor in one of the other states.

Specifies the type of resource being shared. Types include disk Type drives, print queues, inter-process communications (IPC), and general devices. 6.8.3 Field Map SmartConsole – ThinkServer

SmartConsole ThinkServer Description

Var01 Set Health Wizard Script name.

Var02 Host Host name or IP address.

Chapter 7 7 File System

The Windows File System ThinAgents allow you to monitor several properties of local or remote directories. Some ThinAgents work with WMI, by connecting to the system to monitor and working directly with the native file system. Others work directly with shared directories.

For ThinAgents that work directly with shared directories it is a prerequisite that

• The monitored directory in the remote computer is shared

• The specified user/password has read access to the monitored directory.

ThinkServer comes with the following File System ThinAgents:

• File size and Properties

• (Remote) Folder File Count

• (Remote) Folder Size

• (Remote) Folder Size Increase

• (Remote) Folder Size Percent Increase

• (Remote) Large Files

The last five ThinAgents are available for monitoring both local and remote machines. 7.1 File size and Properties 7.1.1 Monitor Configuration

Each File Size and Properties Monitor has its own private data source.

To configure the Monitor start by giving it a name and description in the general information section of the configuration panel. Next enter the path of the file you want to monitor. If you want to monitor a remote host, enter the host name or IP address in the Target Host Settings. Finally, check the default settings in General Settings are suitable for your monitoring purposes.

Main Information

Configuration Variables & Values Description

File Size and Proper- Give your File Size and Properties monitor a Name ties Monitor name.

Enter a description for your File Size and Proper- Description ties monitor.

File Information

Configuration Variables & Values Description

Enter the complete file path of the file you want File Path "c:\winnt\win.ini" to monitor in brackets. For example: "c:\winnt\win.ini"

Target host settings

Configuration Variables & Values Description

You can enter the IP Address or use the IP / DNS Name DNS name of the host.

Domain Host domain.

User User to connect to host with.

Password of the user connecting to the Password to connect host.

General settings

Configuration Variables & Values Description

The data source will be refreshed every Refresh time 60 seconds 60 seconds.

If we detect an error we determine that Number of tries 1 we will retry one time ...

Interval between tries 10 seconds ...And that we will retry after 10 seconds.

In the case that errors exceed the number specified in Number of Tries (in this Error retry time 60 seconds case more than once), we will wait for 60 seconds before starting the File Size and Properties check again. 7.1.2 Monitor Settings

Here you can select the variables you need to work with in scripts and set filters for the monitor. You can also change the descriptions of the variables to suit your needs. This information will be displayed while editing scripts. This list of variables is specific to each monitor so it won't be available until the monitor is successfully created.

7.1.3 Default Health Script

The default Health script helps detect when the monitored file is excessively large.

By default object Health is set to

• Critical when the monitored file exceeds 100 MB.

• Warning when the monitor could not find the file.

• Success in any other case.

The user can easily change Health conditions and default message templates to suit their organization’s needs.

In addition to the current size of the monitored file, the default message templates return information such as file creation date, last accessed and last modified dates. 7.1.4 ThinAgent Variables

There are many variables retrieved for this ThinAgent. In this section we’ve first singled out a number that contain particularly important information for this monitor see Figure 16. At the end you will find a total list of the variables available for this ThinAgent see Figure 17.

Variables offering most important information The most important information retrieved by this ThinAgent can be found in the following variables:

Variable Description

(string) The FileName property is a string repre- FileName senting the filename (without extension) of the file. Example: autoexec

(string) The FileSize property represents the size FileSize of the file (in bytes).

(string) The CreationDate property is a datetime CreationDate value indicating the file's creation date.

(string) The LastAccessed property is a datetime LastAccessed value indicating the time the file was last accessed.

(string) The LastModified property is a datetime LastModified value indicating the time the file was last modified.

Figure 16 – Most important variables for this monitor

Total list of Variables

Variable Description

(numeric) The AccessMask property is a bit array representing the access rights to the given file or directory held by the user or group on whose behalf the instance is returned. This property is AccessMask only supported under Windows NT and Windows 2000. On Windows 98 and on Windows NT/2000 FAT volumes, FULL_ACCESS is returned, indicating no security has been set on the object.

Variable Description

(boolean) The Archive property is a boolean Archive value indicating that the file should be archived.

(string) The Caption property is a short textual Caption description (one-line string) of the object.

(boolean) The Compressed property is a boolean Compressed value indicating that the file is compressed.

(string) The CompressionMethod property is a free form string indicating the algorithm or tool used to compress the logical file. If it is not possible (or not desired) to describe the compression scheme (perhaps because it is not known), use the following words: 'Unknown' to represent that it CompressionMethod is not known whether the logical file is compressed or not, 'Compressed' to represent that the file is compressed but either its compression scheme is not known or not disclosed, and 'Not Compressed' to represent that the logical file is not compressed.

(string) The CreationClassName property is a CreationClassName string indicating the name of this class.

(string) The CreationDate property is a datetime CreationDate value indicating the file's creation date.

(string) The CSCreationClassName property is a CSCreationClassName string indicating the class of the computer system.

(string) The CSName property is a string indicat- CSName ing the name of the computer system.

(string) The Description property provides a tex- Description tual description of the object.

(string) The Drive property is a string representing Drive the drive letter (including colon) of the file. Exam- ple: c:

(string) The EightDotThreeFileName property is a EightDotThreeFileName string representing the DOS-compatible file name for this file. Example: c:\progra~1

(boolean) The Encrypted property is a boolean Encrypted value indicating that the file is encrypted.

(string) The EncryptionMethod property is a free form string indicating the algorithm or tool used to encrypt the logical file. If it is not possible (or not desired) to describe the encryption scheme (perhaps for security reasons), use the following EncryptionMethod words: 'Unknown' to represent that it is not known whether the logical file is encrypted or not, 'Encrypted' to represent that the file is encrypted but either its encryption scheme is not known or not disclosed, and 'Not Encrypted' to represent that the logical file is not encrypted.

(string) The Extension property is a string repre- Extension senting the file's extension (without the dot). Example: txt, mof, mdb.

Variable Description

(string) The FileName property is a string repre- FileName senting the filename (without extension) of the file. Example: autoexec

(string) The FileSize property represents the size FileSize of the file (in bytes).

(string) The FileType property is a string descrip- FileType tor representing the file type (indicated by the Extension property).

(string) The FSCreationClassName property is a FSCreationClassName string indicating the class of the file system.

(string) The FSName property is string indicating FSName the name of the file system.

(boolean) The Hidden property is a boolean value Hidden indicating if the file is hidden.

(string) The InstallDate property is datetime value indicating when the object was installed. A lack of InstallDate a value does not indicate that the object is not installed.

(numeric) The InUseCount property is an integer InUseCount indicating the number of 'file opens' that are currently active against the file.

(string) The LastAccessed property is a datetime LastAccessed value indicating the time the file was last accessed.

(string) The LastModified property is a datetime LastModified value indicating the time the file was last modified.

(string) Manufacturer string from version resource Manufacturer if one is present.

(string) The Name property is a string representing the inherited name that serves as a key of a Name logical file instance within a file system. Full path names should be provided. Example: c:\winnt\system\win.ini

(string) The Path property is a string representing Path the path of the file. This includes leading and trailing backslashes. Example: \windows\system\

(boolean) The Readable property is a boolean Readable value indicating if the file can be read.

Variable Description

(string) The Status property is a string indicating the current status of the object. Various operational and non-operational statuses can be defined. Operational statuses are 'OK', 'Degraded' and 'Pred Fail'. 'Pred Fail' indicates that an element may be functioning properly but predicting a failure in the near future. An example Status is a SMART-enabled hard drive. Non-operational statuses can also be specified. These are 'Error', 'Starting', 'Stopping' and 'Service'. The latter, 'Ser- vice', could apply during mirror-resilvering of a disk, reload of a user permissions list, or other administrative work. Not all such work is on-line, yet the managed element is neither 'OK' nor in one of the other states.

(Boolean) The system property is a Boolean System value indicating if the file is a system file.

(String) Version string from version resource if Version one is present.

(Boolean) The Writeable property is a Boolean Writeable value indicating if the file can be written.

Figure 17 – Total variables retrieved for this monitor 7.1.5 Field Map SmartConsole – ThinkServer

SmartConsole ThinkServer Description

Var01 Set Health Wizard Script name.

Var02 Host Host name or IP address.

Var03 FileName Name of the monitored file

Var04 FileSizeMB Size of the monitored file in MB

The datetime value indicating the file's Var05 CreationDate creation date.

The datetime value indicating the time Var06 LastAccessed the file was last accessed.

A datetime value indicating the time the Var07 LastModified file was last modified. 7.2 Folder File Count

Use this ThinAgent to monitor local directories and shared folders accessible from localhost. It will count recursively or not recursively the files in a directory and will also provide the sum of their size and information about the largest file.

7.2.1 Data Source Configuration

The Folder File Count ThinAgent uses a shared data source. You can either select an existing data source or create a new one here.

To configure the data source start by giving it a name and description in the Main Information section of the configuration panel. Next, check the default settings in General Settings are suitable for your monitoring purposes. Finally, configure the user profile and directory settings in the Data Source tab.

This monitor runs from the local computer where ThinkServer is installed. To monitor a remote directory the folder on the remote machine must be a shared folder.

Main Information

Configuration Variables & Values Description

Windows File Count Give your Windows File Count data source a Name DataSource name.

Enter a description for your Windows File Count Description data source.

General settings

Configuration Variables & Values Description

The data source will be refreshed every Refresh time 60 seconds 60 seconds.

If we detect an error we determine that Number of tries 1 we will retry one time ...

Interval between tries 10 seconds ...And that we will retry after 10 seconds.

In the case that errors exceed the number specified in Number of Tries (in this Error retry time 60 seconds case more than once), we will wait for 60 seconds before starting the Folder File Count check again.

Directory Settings

Configuration Variables & Values Description

Configure whether you want to scan the direc- Process  tory recursively or not. By default ThinkServer Subdirectories scans the directory recursively.

Enter the complete path of the directory you want to monitor in brackets. For example: Directory Path "C:\Temp\" "c:\winnt\" Note: The Directory Path must end always with a backslash (\)

User Profile Settings User profile you use her must have access to the target directory and must be able to login in localhost. If you want to retrieve information from localhost you do not need to set user profile settings.

Configuration Variables & Values Description

Domain Host domain.

User User to connect to host with.

Password of the user connecting to the Password host. 7.2.2 Monitor Configuration

To configure the Monitor start by giving it a name and description in the Monitor Settings section of the configuration panel and select a data source.

Configuration Variables & Values Description

Windows File Count Name Give your Windows File Count monitor a name. Monitor

Enter a description for your Windows File Count Description Monitor. 7.2.3 Default Health Script

The default Health script helps detect when there is an excessively large number of file in the monitored directory.

By default object Health is set to

• Critical when there are more than 1000 files in the monitored directory.

• Warning when there are less than 2 files in the monitored directory.

• Success in any other case.

The user can easily change Health conditions and default message templates to suit their organization’s needs.

The default message templates include data to identify the monitored folder, in addition to the number of files and folders and the folder size. 7.2.4 ThinAgent Variables

The following variables are retrieved for this ThinAgent:

Variable Description

DriveName Drive of the monitored directory

FileCount Number of files in the monitored folder (recursive)

FolderCount Number of folders in folder (recursive)

FolderName Name of the monitored directory

FolderSize Size of the folder in bytes

Host Server name or IP address

7.2.5 Field Map SmartConsole – ThinkServer

SmartConsole ThinkServer Description

Var01 Set Health Wizard Script name.

Var02 Host Host name or IP address.

Var03 FolderName Name of the monitored directory

Number of files in the monitored folder Var04 FileCount (recursive)

Number of directories in the monitored Var05 FolderCount folder (recursive).

Var06 FolderSize Size of the folder in bytes 7.3 Folder Size

Use this monitor to manage local directories and shared folders accessible from localhost. This monitor checks whether the size of a directory is within correct limits. 7.3.1 Monitor Configuration

Configuration of the data source is the same as for the Folder File Count data source. For further details see section 7.2.1 - Data Source Configuration on page 62.

To configure the Monitor start by giving it a name and description in the Monitor Settings section of the configuration panel and select a data source.

Configuration Variables & Values Description

Windows Folder Size Name Give your Windows Folder Size monitor a name. Monitor

Enter a description for your Windows Folder Description Size Monitor. 7.3.2 Default Health Script

The default Health script helps detect when there is an excessively large number of folders in the monitored directory.

By default object Health is set to

• Critical when total file size is more than 1000.

• Warning when total file size is less than 2.

• Success in any other case.

The user can easily change Health conditions and default message templates to suit their organization’s needs.

The default message templates include data to identify the monitored folder, in addition to the number of files and folders and the folder size.

7.3.3 ThinAgent Variables

This ThinAgent retrieves the same variables as the Folder File Count ThinAgent. The variables are described in section 7.2.4 - ThinAgent Variables on page 63. 7.3.4 Field Map SmartConsole – ThinkServer

This ThinAgent sends the same variables to the SmartConsole as the Folder File Count ThinAgent. The field map is described in section 7.2.5 - Field Map SmartConsole – ThinkServer on page 64. 7.4 Folder Size Increase

Use this monitor to manage local directories and shared folders accessible from localhost. This monitor checks whether the size of a directory is within correct limits. 7.4.1 Monitor Configuration

Configuration of the data source is the same as for the Folder File Count data source. For details see section 7.2.1 - Data Source Configuration on page 62.

To configure the Monitor start by giving it a name and description in the Monitor Settings section of the configuration panel and select a data source.

Configuration Variables & Values Description

Windows Folder Size Give your Windows Folder Size Increase moni- Name Increase Monitor tor a name.

Enter a description for your Windows Folder Description Size Increase Monitor. 7.4.2 Default Health Script

The default Health script helps detect when there is excessive growth of the number of folders in the monitored directory.

By default object Health is set to

• Critical when the size of the monitored directory increases by more than 500.

• Warning when the increase in the size of the folder since the last refresh exceeds 100.

• Success in all other cases.

The user can easily change Health conditions and default message templates to suit their organization’s needs.

The default message templates include data to identify the monitored folder, in addition to the number of files and folders and the folder size. 7.4.3 ThinAgent Variables

This ThinAgent retrieves the same variables as the Folder File Count ThinAgent. The variables are described in section 7.2.4 - ThinAgent Variables on page 63.

7.4.4 Field Map SmartConsole – ThinkServer

This monitor checks whether the percentage of the size increase of a directory is within correct limits. 7.5.1 Monitor Configuration

Configuration of the data source is the same as for the Folder File Count data source. For details see section 7.2.1 - Data Source Configuration on page 62.

To configure the Monitor start by giving it a name and description in the Monitor Settings section of the configuration panel and select a data source.

Configuration Variables & Values Description

Windows Folder Size Give your Windows Folder Size Percent Name Percent Increase Increase monitor a name. Monitor

Enter a description for your Windows Folder Description Size Percent Increase Monitor. 7.5.2 Default Health Script

The default Health script helps detect when there is excessive growth of the number of folders in the monitored directory.

By default object Health is set to

• Critical when the folders size of the monitored directory increases by more than 50% since the last time the monitor was run.

• Warning when the increase in folder size since the last refresh exceeds 30%.

• Success in all other cases.

The user can easily change Health conditions and default message templates to suit their organization’s needs.

The default message templates include data to identify the monitored folder, in addition to the percentage of the increase, current folder size, and the number of files and folders. 7.5.3 ThinAgent Variables

This ThinAgent retrieves the same variables as the Folder File Count ThinAgent. The variables are described in section 7.2.4 - ThinAgent Variables on page 63 7.5.4 Field Map SmartConsole – ThinkServer

This ThinAgent sends the same variables to the SmartConsole as the Folder File Count ThinAgent. The field map is described in section 7.2.5 - Field Map SmartConsole – ThinkServer on page 64.

This monitor counts the files which size exceeds configured threshold. 7.6.1 Data Source Configuration

The Large Files ThinAgent uses a private data source. To configure the data source start by giving it a name and description in the Main Information section of the configuration panel. Next, check the default settings in General Settings are suitable for your monitoring purposes. Finally, configure the user profile and directory settings in the Data Source tab.

Main Information

Configuration Variables & Values Description

Windows Large Files Name Give your Windows Large Files monitor a name. Monitor

Enter a description for your Windows Large Description Files Monitor.

General settings

Configuration Variables & Values Description

The data source will be refreshed every Refresh time 60 seconds 60 seconds.

If we detect an error we determine that Number of tries 1 we will retry one time ...

Interval between tries 10 seconds ...And that we will retry after 10 seconds.

In the case that errors exceed the number specified in Number of Tries (in this Error retry time 60 seconds case more than once), we will wait for 60 seconds before starting the Large Files check again.

Directory Settings

Configuration Variables & Values Description

Detect files 100 MB Define the size of a large file. larger than

Configure whether you want to scan the direc- Process  tory recursively or not. By default ThinkServer Subdirectories scans the directory recursively.

Enter the complete path of the directory you want to monitor in brackets. For example: Directory Path "C:\Temp\" "c:\winnt\" Note: The Directory Path must end always with a backslash (\)

Inclusion List Specific files to include in the monitor

Exclusion List Specific files not to include in the monitor.

Configuration Variables & Values Description

Domain Host domain.

User User to connect to host with.

Password of the user connecting to the Password host. 7.6.2 Default Health Script

The default Health script helps detect when there is excessive growth of the number of folders in the monitored directory.

By default object Health is set to

• Critical when there is a file that is larger than 1000 MB.

• Warning when there are one or more files that exceed 100 MB.

• Success in all other cases.

The user can easily change Health conditions and default message templates to suit their organization’s needs.

The default message templates show the file path and the size of the relevant file. 7.6.3 ThinAgent Variables

The following variables are retrieved for this ThinAgent:

Variable Description

DriveName Drive of the monitored directory

FileFolder Name of the folder where the file is located

FileName Name of the file

FileSize Size of the file in MB

FolderName Name of the monitored directory

Host Server name or IP address

7.6.4 Field Map SmartConsole – ThinkServer

SmartConsole ThinkServer Description

Var01 Set Health Wizard Script name.

Var02 Host Host name or IP address.

Var03 DriveName Drive of the monitored directory

Var04 FolderName Name of the monitored directory

Name of the folder where the file is Var05 FileFolder located

Var06 FileName Name of the file

Var 07 FileSize Size of the file in MB 7.7 Remote Folder File Count

Use this monitor to manage remote unshared directories only, otherwise use local file system ThinAgents. This monitor checks whether the number of files in a directory is within correct limits. 7.7.1 Data Source Configuration

The Remote Folder File Count ThinAgent uses a shared data source. You can either select an existing data source or create a new one here.

Main Information

Configuration Variables & Values Description

Windows File Count Give your Windows File Count data source a Name DataSource name.

Enter a description for your Windows File Count Description data source.

General settings

Configuration Variables & Values Description

The data source will be refreshed every Refresh time 60 seconds 60 seconds.

If we detect an error we determine that Number of tries 1 we will retry one time ...

Interval between tries 10 seconds ...And that we will retry after 10 seconds.

In the case that errors exceed the number specified in Number of Tries (in this Error retry time 60 seconds case more than once), we will wait for 60 seconds before starting the Remote Folder File Count check again.

Directory Settings

Configuration Variables & Values Description

Configure whether you want to scan the direc- Process  tory recursively or not. By default ThinkServer Subdirectories scans the directory recursively.

In brackets, enter the drive where the directory Logical drive "C:" you want to monitor is located. For example: "C: "

Enter the path of the directory you want to monitor in brackets. For example: " \winnt\" Directory Path "\Temp\" Note: The Directory Path must end always with a backslash (\)

Target Host Settings Define the host and directory settings. If you want to retrieve information from localhost you do not need to set user profile settings.

Configuration Variables & Values Description

IP/DNS Name IP address or DNS Name

Domain Host domain.

User User to connect to host with.

Password of the user connecting to the Password host. 7.7.2 Monitor Configuration

To configure the Monitor start by giving it a name and description in the Monitor Settings section of the configuration panel and select a data source.

Configuration Variables & Values Description

Remote Windows Give your Remote Windows File Count monitor Name File Count Monitor a name.

Enter a description for your Remote Windows Description File Count Monitor. 7.7.3 Default Health Script

The default Health script helps detect when there is an excessively large number of file in the monitored directory.

By default object Health is set to:

• Critical when there are more than 1000 files in the monitored directory.

• Warning when there are less than 2 files in the monitored directory.

• Success in any other case.

The user can easily change Health conditions and default message templates to suit their organization’s needs.

The default message templates include data to identify the monitored folder, in addition to the number of files and folders and the folder size. 7.7.4 ThinAgent Variables

This ThinAgent retrieves the same variables as the Folder File Count ThinAgent. The variables are described in section 7.2.4 - ThinAgent Variables on page 63 7.7.5 Field Map SmartConsole – ThinkServer

SmartConsole ThinkServer Description

Var01 Set Health Wizard Script name.

Var02 Host Host name or IP address.

Var03 DriveName Drive of the monitored directory

Var04 FolderName Name of the monitored directory

Number of files in the monitored folder Var05 FileCount (recursive)

Number of directories in the monitored Var06 FolderCount folder (recursive).

Var07 FolderSize Size of the folder in bytes 7.8 Remote Folder Size

Use this monitor to manage local directories and shared folders accessible from localhost. This monitor checks whether the size of a directory is within correct limits. 7.8.1 Monitor Configuration

Configuration of the data source is the same as for the Remote Folder File Count data source. For details see section 7.7.1 - Data Source Configuration on page 69

To configure the Monitor start by giving it a name and description in the Monitor Settings section of the configuration panel and select a data source.

Configuration Variables & Values Description

Remote Windows Give your Remote Windows Folder Size monitor Name Folder Size Monitor a name.

Enter a description for your Remote Windows Description Folder Size Monitor. 7.8.2 Default Health Script

The default Health script helps detect when total folder size of the monitored directory is excessive.

By default object Health is set to

• Critical when total folder size is bigger than 1000.

• Warning when total folder size is less than 2.

• Success in any other case.

The user can easily change Health conditions and default message templates to suit their organization’s needs.

The default message templates include data to identify the monitored folder, in addition to the number of files and folders and the folder size. 7.8.3 ThinAgent Variables

This ThinAgent retrieves the same variables as the Folder File Count ThinAgent. The variables are described in section 7.2.4 - ThinAgent Variables on page 63. 7.8.4 Field Map SmartConsole – ThinkServer

Use this monitor to manage remote unshared directories only, otherwise use local file system ThinAgents. This monitor checks whether the size increase of a directory is within correct limits. 7.9.1 Monitor Configuration

Configuration of the data source is the same as for the Remote Folder File Count data source. For details see section 7.7.1 - Data Source Configuration on page 69.

To configure the Monitor start by giving it a name and description in the Monitor Settings section of the configuration panel and select a data source.

Configuration Variables & Values Description

Remote Windows Give your Remote Windows Folder Size Name Folder Size Increase Increase monitor a name. Monitor

Enter a description for your Remote Windows Description Folder Size Increase Monitor. 7.9.2 Default Health Script

The default Health script helps detect when there is excessive growth of total size of the monitored directory.

By default object Health is set to

• Critical when the size of the monitored directory increases by more than 500.

• Warning when the increase in the size of the folder since the last refresh exceeds 100.

• Success in all other cases.

The user can easily change Health conditions and default message templates to suit their organization’s needs.

The default message templates include data to identify the monitored folder, in addition to the number of files and folders and the folder size. 7.9.3 ThinAgent Variables

This ThinAgent retrieves the same variables as the Folder File Count ThinAgent. The variables are described in section 7.2.4 - ThinAgent Variables on page 63. 7.9.4 Field Map SmartConsole – ThinkServer

Use this monitor to manage remote unshared directories only, otherwise use local file system ThinAgents. This monitor checks whether the percentage of size increase of a directory is within correct

limits.

7.10.1 Monitor Configuration

Configuration of the data source is the same as for the Remote Folder File Count data source. For details see section 7.7.1 - Data Source Configuration on page 69.

To configure the Monitor start by giving it a name and description in the Monitor Settings section of the configuration panel and select a data source.

Configuration Variables & Values Description

Remote Windows Give your Remote Windows Folder Size Percent Name Folder Size Percent Increase monitor a name. Increase Monitor

Enter a description for your Remote Windows Description Folder Size Percent Increase Monitor. 7.10.2 Default Health Script

The default Health script helps detect when there is excessive growth of the monitored directory in terms of percentage.

By default object Health is set to:

• Critical when the size of the monitored directory increases by more than 50% since the last time the monitor was run.

• Warning when the increase in folder size since the last refresh exceeds 30%.

• Success in all other cases.

The user can easily change Health conditions and default message templates to suit their organization’s needs.

The default message templates include data to identify the monitored folder, in addition to the percentage of the increase, current folder size, and the number of files and folders.

7.10.3 ThinAgent Variables

This ThinAgent retrieves the same variables as the Folder File Count ThinAgent. The variables are described in section 7.2.4 - ThinAgent Variables on page 63. 7.10.4 Field Map SmartConsole – ThinkServer

This monitor counts the files which size exceeds configured threshold. 7.11.1 Data Source Configuration

The Remote Large Files ThinAgent uses a private data source. To configure the data source start by giving it a name and description in the Main Information section of the configuration panel. Next, check the default settings in General Settings are suitable for your monitoring purposes. Finally, configure the user profile and directory settings in the Data Source tab.

Main Information

Configuration Variables & Values Description

Remote Windows Give your Remote Windows Large Files monitor Name Large Files Monitor a name.

Enter a description for your Remote Windows Description Large Files Monitor.

General settings

Configuration Variables & Values Description

The data source will be refreshed every Refresh time 60 seconds 60 seconds.

If we detect an error we determine that Number of tries 1 we will retry one time ...

Interval between tries 10 seconds ...And that we will retry after 10 seconds.

Directory Settings

Configuration Variables & Values Description

Detect files 100 MB Define the size of a large file. larger than

Configuration Variables & Values Description

In brackets, enter the drive where the directory Logical drive "C:" you want to monitor is located. For example: "C: "

Configure whether you want to scan the direc- Process  tory recursively or not. By default ThinkServer Subdirectories scans the directory recursively.

Enter the complete path of the directory you want to monitor in brackets. For example: Directory Path "C:\Temp\" "c:\winnt\" Note: The Directory Path must end always with a backslash (\)

Inclusion List Specific files to include in the monitor

Exclusion List Specific files not to include in the monitor.

Configuration Variables & Values Description

Domain Host domain.

User User to connect to host with.

Password of the user connecting to the Password host. 7.11.2 Default Health Script

The default Health script helps detect when there is excessive growth of the number of folders in the monitored directory.

By default object Health is set to

• Critical when there is a file with a file size larger than 1000 MB.

• Warning when there are one or more files that exceed 100 MB.

• Success in all other cases.

The user can easily change Health conditions and default message templates to suit their organization’s needs.

The default message templates show the file path and the size of the relevant file. 7.11.3 ThinAgent Variables

The following variables are retrieved for this ThinAgent:

Variable Description

DriveName Drive of the monitored directory

FileFolder Name of the folder where the file is located

Variable Description

FileName Name of the file

FileSize Size of the file in MB

FolderName Name of the monitored directory

Host Server name or IP address

7.11.4 Field Map SmartConsole – ThinkServer

SmartConsole ThinkServer Description

Var01 Set Health Wizard Script name.

Var02 Host Host name or IP address.

Var03 DriveName Drive of the monitored directory

Var04 FolderName Name of the monitored directory

Name of the folder where the file is Var05 FileFolder located

Var06 FileName Name of the file

Var 07 FileSize Size of the file in MB

Chapter 8 8 Performance

8.1 Network Interfaces Usage 8.1.1 Monitor Configuration

Configuration of the data source is the same as for the Windows Processes data sources. For details see section 2.2 - Data Source Configuration on page 5.

To configure the Monitor start by giving it a name and description in the general information section of the configuration panel

General Information

Configuration Variables & Values Description

Network Interface Give your Network Interface Performance moni- Name Performance Monitor tor a name.

Enter a description for your Network Interface Description Performance Monitor. 8.1.2 Default Health Script

The default Health script helps detect excessive network interface usage. This monitor generates one event per network interface that matches the monitor configuration.

The first time it is run, one object Health event is generated for each network interface, and the monitor’s global object Health is set according to the most critical Health for these events. On following iterations of this check new events will only be created for changes to the current situation. Changes include new Network interfaces, deleted Network Interfaces, or changes in the Health of a Network interfaces.

The Network Interfaces Usage ThinAgent uses the current bandwidth counter to determine object health. By default object Health is set to

• Critical when there is at least one Network interface that is using more than 50% of current bandwidth.

• Warning when usage of at least one Network Interface usage exceeds 40% of current bandwidth.

• Minor when the monitor is not able to retrieve any data.

• Success in any other case.

The user can easily change Health conditions and default message templates to suit their organization’s needs. 8.1.3 ThinAgent Variables

There are many variables retrieved for this ThinAgent. In this section we’ve first singled out a few variables that identify a Network Interface see Figure 18, then a number that contain particularly important information for this monitor see Figure 19. At the end you will find a total list of the variables available for this ThinAgent see Figure 20.

Variables that identify each Network Interface

Variable Description

Host Host name or IP address

Name Name of the interface with largest usage.

Figure 18 – Variables that identify the process

Variables offering most important information The most important information retrieved by this ThinAgent can be found in the following variables:

Variable Description

MaxInterfaceUsage Highest amount interface usage

CurrentBandwidthMbps Current bandwidth measured in Mbps

BytesTotalPersec Total network traffic per second in bytes

BytesReceivedPersec Bytes received per second

BytesSentPersec Bytes sent per second

Figure 19 – Most important variables for this monitor

Total list of Variables

Variable Description

BytesReceivedPersec Bytes received per second

BytesSentPersec Bytes sent per second

BytesTotalPersec Total bytes per sec

A short description (one-line string) for the statis- Caption tic or metric

CurrentBandwidth Current bandwidth

Description Description of the statistic or metric

Name Name of the interface with highest usage

Variable Description

OutputQueueLength Output queue length

PacketsOutboundDiscarded Packets outbound discarded

PacketsOutboundErrors Packets outbound errors

PacketsPersec Packets per second

PacketsReceivedDiscarded Packets received discarded

PacketsReceivedErrors Packets received errors

PacketsReceivedNonUnicastPer Non-unicast packets received per second sec

PacketsReceivedPersec Packets received per second

PacketsReceivedUnicastPersec Unicast packets received per second

PacketsReceivedUnknown Unknown packets received

PacketsSentNonUnicastPersec Non-unicast packets sent per second

PacketsSentPersec Packets sent per second

PacketsSentUnicastPersec Unicast packets sent per second

Figure 20 – Total variables retrieved for this monitor 8.1.4 Field Map SmartConsole – ThinkServer

This ThinAgent sends messages to the SmartConsole for each individual network interface and one global message summarizing the current monitor health.

The variables sent to the SmartConsole for the individual messages are set in Post Health-Check Actions and by default include the following variables:

SmartConsole ThinkServer Description

Var01 Set Health Wizard Script name.

Var02 Host Host name or IP address.

Var04 Name Name of the network interface

Var05 InterfaceUsage Usage of the network interface

Current bandwidth, measured in MB per Var06 CurrentBandwidthMbps second

Total traffic on the network interface Var07 BytesTotalPersec measured in bytes

Bytes received over the network inter- Var08 BytesReceivedPersec face per second

SmartConsole ThinkServer Description

Bytes sent over the network interface Var09 BytesSentPersec per second

The default field map of the global health message is set in Event Variables and contains the following variables:

SmartConsole ThinkServer Description

Var01 Set Health Wizard Script name.

Var02 Host Host name or IP address.

Var03 Name

Name of the interface with the highest Var04 MaxInterfaceUsageName network interface usage.

Amount of interface usage by the inter- Var05 MaxInterfaceUsage face with the highest network interface usage

Amount of bandwidth used by the inter- MaxInterfaceUsageBand‐ Var06 face with the highest network interface width usage. 8.2 Physical Disk Transfer Rate 8.2.1 Monitor Configuration

Configuration of the data source is the same as for the Windows Processes data sources. For details see section 2.2 - Data Source Configuration on page 5.

To configure the Monitor start by giving it a name and description in the general information section of the configuration panel

General Information

Configuration Variables & Values Description

Physical Disk Trans- Give your Physical Disk Transfer Rate monitor a Name fer Rate Monitor name.

Enter a description for you Physical Disk Trans- Description fer Rate monitor. 8.2.2 Default Health Script

The default Health script helps determine whether the disk transfer rate is within acceptable limits.

The first time it is run, one object Health event is generated and the monitor’s global object Health is set for the event. On following iterations of this monitor new events will only be created for changes in the Health of the object.

By default object Health is set to:

• Critical when disk transfer rate is more than 125 operations per second.

• Warning when disk transfer rate exceeds 100 operations per second.

• Minor when the monitor was not able to retrieve data.

• Success in any other case.

The user can easily change Health conditions and default message templates to suit their organization’s needs. 8.2.3 ThinAgent Variables

There are many variables retrieved for this ThinAgent. In this section we’ve first singled out a few variables that identify a process see Figure 21, then a number that contain particularly important information for this monitor see Figure 22. At the end you will find a total list of the variables available for this ThinAgent see Figure 23.

Variables that identify each process

Variable Description

Host Host name or IP address.

Figure 21 – Variables that identify the process

Variables offering most important information The most important information retrieved by this ThinAgent can be found in the following variables:

Variable Description

DiskTransfersPersec Number of disk transfers per second.

DiskReadsPersec Number of disk reads per second.

DiskWritesPersec Number of disk writes per second

Figure 22 – Most important variables for this monitor

Total list of Variables

Variable Description

AvgDiskBytesPerRead Average bytes of disk per read

AvgDiskBytesPerRead_Base AvgDiskBytesPerRead_Base

AvgDiskBytesPerTransfer Average bytes of disk per transfer

AvgDiskBytesPerTransfer_Base AvgDiskBytesPerTransfer_Base

AvgDiskBytesPerWrite Average bytes of disk per write

AvgDiskBytesPerWrite_Base AvgDiskBytesPerWrite_Base

AvgDiskQueueLength Average disk queue length

AvgDiskReadQueueLength Average length of disk reads queue

AvgDisksecPerRead Average disk seconds per read

Variable Description

AvgDisksecPerRead_Base AvgDisksecPerRead_Base

AvgDisksecPerTransfer Average disk seconds per transfer

AvgDisksecPerTransfer_Base AvgDisksecPerTransfer_Base

AvgDisksecPerWrite Average disk seconds per write

AvgDisksecPerWrite_Base AvgDisksecPerWrite_Base

AvgDiskWriteQueueLength Average length of disk writes queue

A short description (one-line string) for the statis- Caption tic or metric.

CurrentDiskQueueLength Current disk queue length

Description A description of the statistic or metric.

DiskBytesPersec Disk bytes per second

DiskReadBytesPersec Bytes of disk reads per second

DiskReadsPersec Disk reads per second

DiskTransfersPersec Disk transfers per second

DiskWriteBytesPersec Bytes of disk write per second

DiskWritesPersec Disk writes per second

The label by which the statistic or metric is Name known. When subclassed, the property can be overridden to be a Key property.

PercentDiskReadTime Percent disk read time

PercentDiskReadTime_Base PercentDiskReadTime_Base

PercentDiskTime Percent disk time

PercentDiskTime_Base PercentDiskTime_Base

PercentDiskWriteTime Percent disk write time

PercentDiskWriteTime_Base PercentDiskWriteTime_Base

PercentIdleTime Percent idle time

PercentIdleTime_Base PercentIdleTime_Base

SplitIOPerSec Split IO per second

Figure 23 – Total variables retrieved for this monitor

8.2.4 Field Map SmartConsole – ThinkServer

This ThinAgent sends messages to the SmartConsole for each individual physical disk and one global message summarizing the current monitor health.

The variables sent to the SmartConsole for the individual messages are set in Post Health-Check Actions and by default include the following variables:

SmartConsole ThinkServer Description

Var01 Set Health Wizard Script name.

Var02 Host Host name or IP address.

Var03 DiskTransfersPersec Disk transfers per second

Var04 DiskReadsPersec Disk reads per second

Var05 DiskWritesPersec Disk writes per second

The default field map of the global health message is set in Event Variables and contains the following variables:

SmartConsole ThinkServer Description

Var01 Set Health Wizard Script name.

Var02 Host Host name or IP address.

Name of the transfer with the highest Var03 MaxDiskTransfersName disk transfer.

MaxDiskTransfersPer‐ Highest number of disk transfers per sec- Var04 sec ond.

Highest number of disk reads per sec- Var05 MaxDiskReadsPersec ond.

MaxDiskWritesPersec Highest number of disk writes per sec- Var06 ** ond.

Chapter 9 9 Processes

9.1 Windows Processes

Use the Windows Processes ThinAgent to check whether one or more processes are running, and set object Health using performance information of this process and of the system where it is running. In the event you want to check only whether a particular process instance is running use the Windows Single Processes ThinAgent.

The data source retrieves information of all the processes currently running on a system, and performance information of the system itself. The monitor filters the information of processes that match process name, user and domain filters and generates an event for each one.

The Windows Process ThinAgent takes maximum advantage of the separation between data source and monitor. Only one data recollection is required to check whether all critical applications on a system are running. 9.1.1 Monitor Configuration

Configuration of the data source is the same as for the Windows Processes data sources. For details see section 2.2 - Data Source Configuration on page 5.

To configure the Monitor start by giving it a name and description in the general information section of the configuration panel

General Information

Configuration Variables & Values Description

Name Process Monitor Give your Windows Process monitor a name.

Enter a description for you Windows Process Description monitor.

Next, configure the Windows Process Settings.

Windows Process settings Use these settings to narrow down your monitor to check specific processes. You can filter the processes by domain, user, and individual processes.

Configuration Variables & Description Values

Enter the domain of the user to filter for. If you use Domain * * all domains will be included.

Enter the user who started the process you want to User * filter for. If you use * all users will be included.

Make the most out of his monitor by entering the individual Windows Process(es) you want to monitor here. You can make a list of processes separated by Process Iexplore* commas. You can also use the wildcards * and ? to create your list of processes. To find the names of other Windows processes, go to your task manager and select the process tab. To monitor all Windows processes simply enter *. 9.1.2 Default Health Script

The default Health script helps detect processes that are using a lot of system resources or processes that are not running. This monitor generates one event per process that matches the monitor configuration.

The first time it is run, one object Health event is generated for each process, and the monitor’s global object Health is set according to the most critical Health for these events.

On following iterations of this check new events will only be created for changes to the current situation. Changes include new processes, deleted processes, or changes in the Health of a process.

By default object Health is set to

• Critical when there is at least one process that is using more than 15% of CPU or more than 20% of system memory.

• Warning when there are processes with a CPU usage greater than 15% or process memory usage of over 10%.

• Minor when the requested processes are not running.

• Success in any other case.

The user can easily change Health conditions and default message templates to suit their organization’s needs. 9.1.3 ThinAgent Variables

There are many variables retrieved for this ThinAgent. In this section we’ve first singled out a few variables that identify a process see Figure 24, then a number that contain particularly important information for this monitor see Figure 25. At the end you will find a total list of the variables available for this ThinAgent see Figure 26.

Variables that identify each process

Variable Description

DomainName Domain name.

ExecutablePath Path of the executable.

ProcessId Process identifier.

ProcessName Process name.

UserName Process owner.

Figure 24 – Variables that identify the process

Variables offering most important information The most important information retrieved by this ThinAgent can be found in the following variables:

Variable Description

AgeOfProcess Minutes the process has been running.

Number of processes matching the selection criteria. Values are: Instances 1 if process is running 0 if process is not running.

Amount of memory in use by a process, mea- MemoryInUse sured in Kbytes.

PageFaults Number of page faults since process started.

Average number of page faults per second PageFaultsPerSec caused by this process since last refresh.

PercentCPUUsage Percentage of CPU utilization by a process.

Percentage of total physical memory used by a PercentMemoryUsage process or group of processes.

SystemCPUPercentage Percentage of total CPU used.

SystemPercentPhysicalMemory Percentage of total memory used. Used

ThreadCount Number of threads of the process.

TotalNumberOfProcesses Number of processes running on system.

Kbytes of memory set aside for a process or a VirtualMemory group of processes in paging files.

Figure 25 – Most important variables for this monitor

Total list of Variables

Variable Description

AgeOfProcess Minutes the process has been running.

ClassWMI WMI class of this process object.

Milliseconds of processor time used since last CPUTime refresh.

Description Description of the process.

Domain filter as set by user in configuration of DomainMask monitor.

DomainName Domain name.

ExecutablePath Path of the executable.

HandleCount Number of open handles.

Host Host name or IP address.

Rate at which the process is reading and writing bytes in I/O operations. This property counts all InputOutputBytesPerSec activity generated by the process, including file, network, and device I/Os.

Rate at which the process is issuing read and write I/O operations. This property counts all InputsOutputsPerSecond activity generated by the process, including file, network, and device I/Os.

Number of processes matching the selection criteria. Values are: Instances 1 if process is running 0 if process is not running.

MemoryInUse Kbytes of memory used by a process.

Kbytes of non-paged memory pool. This is the MemoryPoolNonPag used space of the operating system memory area that cannot be paged.

Kbytes of paged memory pool. This is the used MemoryPoolPag space of the operating system memory area that can be paged.

PageFaults Number of page faults since process started.

Average number of page faults per second PageFaultsPerSec caused by this process since last refresh.

Current usage of paged file area, measured in PageFileUsage Kbytes.

ParentId Parent process identifier.

PathWMI WMI path of this process object.

Maximum usage of non-paged memory pool, measured in Kbytes. This is the used space of PeakMemoryPoolNonPag operating system memory area that cannot be paged.

Variable Description

Maximum usage of paged memory pool, mea- PeakMemoryPoolPag sured in Kbytes. This is the used space of operating system memory area that can be paged.

Maximum usage of paged file area, measured in PeakPageFile Kbytes.

Maximum usage of virtual memory used by the PeakVirtualMemory process since started, measured in Kbytes.

Maximum usage of work memory set used by PeakWorkSetSize process since started, measured in Kbytes.

PercentCPUUsage Percentage of CPU utilization by a process.

Percentage of total physical memory in use by a PercentMemoryUsage process or a group of processes.

Process Priority. Priority values can range from 0 Priority to 31, where 0 is the lowest priority and 31 the highest.

ProcessId Process Identifier.

Process filter as set by user in configuration of the ProcessMask monitor.

ProcessName Process name.

Current size of the virtual address space that a ProcessTotalMemory process is using, measured in Kbytes. It does not represent real memory usage.

Number of read operations performed by a pro- ReadOpsCount cess.

ReadSize Amount of information read, measured in Kbytes.

SystemCPUPercentage Percentage of total CPU used.

SystemFreePhysicalMemory Kbytes of total free physical memory.

SystemFreeVirtualMemory Kbytes of total free virtual memory.

Rate at which the system processes are reading and writing bytes in I/O operations. This property SystemInputOutputBytesPerSec counts all activity generated by the process, including file, network, and device I/Os.

Rate at which the system processes are issuing read and write I/O operations. This property SystemInputsOutputsPerSec counts all activity generated by the process, including file, network, and device I/Os.

Seconds the processor has been in system mode SystemModeTime since process started.

System Name System name

Number of average system page faults per sec- SystemPageFaultsPerSec ond since last refresh.

SystemPercentPhysicalMemory Percentage of total physical memory used. Used

Variable Description

Amount of total physical memory used, measured SystemPhysicalMemoryUsed in Kbytes.

Amount of total physical memory, measured in SystemTotalPhysicalMemory Kbytes.

Amount of total virtual memory, measured in SystemTotalVirtualMemory Kbytes.

Amount of total virtual memory used, measured in SystemVirtualMemoryUsed Kbytes.

ThreadCount Number of threads of this process.

TotalNumberOfProcesses Number of processes running on the system.

User filter as set by the user in the configuration UserMask of this monitor.

Seconds the processor has been in user mode UserModeTime since process started.

UserName Process owner.

Kbytes of memory set aside for a process or a VirtualMemory group of processes in paging files.

Number of write operations performed by a pro- WriteOpsCount cess.

Amount of information written, measured in WriteSize Kbytes.

Figure 26 – Total variables retrieved for this monitor 9.1.4 Field Map SmartConsole – ThinkServer

This ThinAgent sends messages to the SmartConsole for each individual Windows Process and one global message summarizing the current monitor health.

The variables sent to the SmartConsole for the individual messages are set in Post Health-Check Actions and by default include the following variables:

SmartConsole ThinkServer Description

Var01 Set Health Wizard Script name.

Var02 Host Host name.

Var03 ProcessMask Process filter applied to monitor.

Var04 UserMask User filter applied to monitor.

Var05 DomainMask Domain filter applied to monitor.

SmartConsole ThinkServer Description

Number of processes matching the selection criteria. Values are: Var06 Instances 1 if process is running 0 if process is not running.

Var07 ProcessName Process name

Percentage of CPU utilization by a pro- Var08 PercentCPUUsage cess.

Percentage of total physical memory in Var09 PercentMemoryUsage use by a process

Var10 ProcessID Process identifier

The default field map of the global health message is set in Event Variables and contains the following variables:

SmartConsole ThinkServer Description

Var01 Set Health Wizard Script name.

Var02 Host Host name.

Var03 ProcessMask Process filter applied to monitor.

Var04 UserMask User filter applied to monitor.

Var05 DomainMask Domain filter applied to monitor.

Name of the process using the most Var06 MaxCPUUsageProcess** CPU.

Amount of CPU used by the most abu- Var07 MaxCPUUsage** sive process.

MaxMemoryUsagePro‐ Name of the process consuming most Var08 cess** memory.

Amount of memory used by the most Var09 MaxMemoryUsage** abusive process.

** These variables are calculated using Python scripts. 9.2 Windows Single Processes

In contrast to the Windows Process and windows Group Process ThinAgents, this monitor is intended for individually controlling a Windows process. Use the filters to identify the processes you want to check. The default configuration checks that there is only one instance of this process running. One event will be generated for each process that matches the filter, and all resource consumption data is added here to give global performance information and allow you to set Health rules and Message templates.

The Single Process ThinAgent is useful for checking whether a specific process is running, and that only one instance of the process is running. In contrast the Windows Processes ThinAgent was designed for working with several processes.

9.2.1 Monitor Configuration

Configuration of the data source is the same as for the Windows Processes data sources. For details see section 2.2 - Data Source Configuration on page 5.

To configure the Monitor start by giving it a name and description in the general information section of the configuration panel

General Information

Configuration Variables & Values Description

Windows Single Pro- Give your Windows Single Process monitor a Name cess Monitor name.

Enter a description for your Windows Single Pro- Description cess monitor.

Next, configure the Windows Process Settings.

Windows Process settings Use these settings to narrow down your monitor to check a specific process. You can filter the processes by domain, user, and individual processes.

Configuration Variables & Description Values

Enter the domain of the user to filter for. If you use Domain * * all domains will be included.

Enter the user who started the process you want to User * filter for. If you use * all users will be included.

Make the most out of his monitor by entering the individual Windows process you want to monitor Process Explorer.exe here. To find the names of other Windows processes, go to your task manager and select the process tab. 9.2.2 Default Health Script

The default Health script simply sends a critical message when the Windows process to monitor is not available. This monitor generates one event per process that matches the monitor configuration.

The first time it is run, one object Health event is generated and the monitor’s global object Health is set accordingly. On following iterations of this check new events will only be created for changes in the Health of the process.

By default object Health is set to

• Critical when the requested process is not running

• Success in any other case.

The user can easily change Health conditions and default message templates to suit their organization’s needs.

9.2.3 ThinAgent Variables

There are many variables retrieved for this ThinAgent. In this section we’ve first singled out a few variables that identify a process see Figure 27, then a number that contain particularly important information for this monitor see Figure 28. At the end you will find a total list of the variables available for this ThinAgent see Figure 29.

Variables that identify each process

Variable Description

DomainName Domain name.

ExecutablePath Path of the executable.

ProcessId Process identifier.

ProcessName Process name.

UserName Process owner.

Figure 27 – Variables that identify the process

Variables offering most important information The most important information retrieved by this ThinAgent can be found in the following variables:

Variable Description

AgeOfProcess Minutes the process has been running.

Number of processes matching the selection criteria. Values are: Instances 1 if process is running 0 if process is not running.

Amount of memory in use by a process, mea- MemoryInUse sured in Kbytes.

PageFaults Number of page faults since process started.

Average number of page faults per second PageFaultsPerSec caused by this process since last refresh.

PercentCPUUsage Percentage of CPU utilization by a process.

Percentage of total physical memory used by a PercentMemoryUsage process or group of processes.

SystemCPUPercentage Percentage of total CPU used.

SystemPercentPhysicalMemoryUsed Percentage of total memory used.

ThreadCount Number of threads of the process.

TotalNumberOfProcesses Number of processes running on system.

Kbytes of memory set aside for a process or a VirtualMemory group of processes in paging files.

Figure 28 – Most important variables for this monitor

Total list of Variables

Variable Description

AgeOfProcess Minutes the process has been running.

ClassWMI WMI class of this process object.

Milliseconds of processor time used since last CPUTime refresh.

Description Description of the process.

Domain filter as set by user in configuration of DomainMask monitor.

DomainName Domain name.

ExecutablePath Path of the executable.

HandleCount Number of open handles.

Host Host name or IP address.

Rate at which the process is reading and writing bytes in I/O operations. This property counts all InputOutputBytesPerSec activity generated by the process, including file, network, and device I/Os.

Rate at which the process is issuing read and write I/O operations. This property counts all InputsOutputsPerSecond activity generated by the process, including file, network, and device I/Os.

Number of processes matching the selection criteria. Values are: Instances 1 if process is running 0 if process is not running.

MemoryInUse Kbytes of memory used by a process.

Kbytes of non-paged memory pool. This is the MemoryPoolNonPag used space of the operating system memory area that cannot be paged.

Kbytes of paged memory pool. This is the used MemoryPoolPag space of the operating system memory area that can be paged.

PageFaults Number of page faults since process started.

Average number of page faults per second PageFaultsPerSec caused by this process since last refresh.

Current usage of paged file area, measured in PageFileUsage Kbytes.

ParentId Parent process identifier.

PathWMI WMI path of this process object.

Maximum usage of non-paged memory pool, measured in Kbytes. This is the used space of PeakMemoryPoolNonPag operating system memory area that cannot be paged.

Variable Description

Maximum usage of paged memory pool, mea- PeakMemoryPoolPag sured in Kbytes. This is the used space of operating system memory area that can be paged.

Maximum usage of paged file area, measured in PeakPageFile Kbytes.

Maximum usage of virtual memory used by the PeakVirtualMemory process since started, measured in Kbytes.

Maximum usage of work memory set used by PeakWorkSetSize process since started, measured in Kbytes.

PercentCPUUsage Percentage of CPU utilization by a process.

Percentage of total physical memory in use by a PercentMemoryUsage process or a group of processes.

Process Priority. Priority values can range from 0 Priority to 31, where 0 is the lowest priority and 31 the highest.

ProcessId Process Identifier.

Process filter as set by user in configuration of the ProcessMask monitor.

ProcessName Process name.

Current size of the virtual address space that a ProcessTotalMemory process is using, measured in Kbytes. It does not represent real memory usage.

Number of read operations performed by a pro- ReadOpsCount cess.

ReadSize Amount of information read, measured in Kbytes.

SystemCPUPercentage Percentage of total CPU used.

SystemFreePhysicalMemory Kbytes of total free physical memory.

SystemFreeVirtualMemory Kbytes of total free virtual memory.

Seconds the processor has been in system mode SystemModeTime since process started.

System Name System name

Number of average system page faults per sec- SystemPageFaultsPerSec ond since last refresh.

SystemPercentPhysicalMemory Percentage of total physical memory used. Used

Variable Description

Amount of total physical memory used, measured SystemPhysicalMemoryUsed in Kbytes.

Amount of total physical memory, measured in SystemTotalPhysicalMemory Kbytes.

Amount of total virtual memory, measured in SystemTotalVirtualMemory Kbytes.

Amount of total virtual memory used, measured in SystemVirtualMemoryUsed Kbytes.

ThreadCount Number of threads of this process.

TotalNumberOfProcesses Number of processes running on the system.

User filter as set by the user in the configuration UserMask of this monitor.

Seconds the processor has been in user mode UserModeTime since process started.

UserName Process owner.

Kbytes of memory set aside for a process or a VirtualMemory group of processes in paging files.

Number of write operations performed by a pro- WriteOpsCount cess.

Amount of information written, measured in WriteSize Kbytes.

Figure 29 – Total variables retrieved for this monitor 9.2.4 Field Map SmartConsole – ThinkServer

SmartConsole ThinkServer Description

Var01 Set Health Wizard Script name.

Var02 Host Host name.

Var03 ProcessMask Process filter applied to monitor.

Var04 UserMask User filter applied to monitor.

Var05 DomainMask Domain filter applied to monitor.

Name of the process using the most Var06 MaxCPUUsageProcess** CPU.

Amount of CPU used by the most abu- Var07 MaxCPUUsage** sive process.

MaxMemoryUsagePro‐ Name of the process consuming most Var08 cess** memory.

Amount of memory used by the most Var09 MaxMemoryUsage** abusive process.

** These variables are calculated using Python scripts. 9.3 Windows Process Groups ThinAgent

This ThinAgent is very similar to Windows Processes ThinAgent. They can even share a data source. The difference between the Windows Process ThinAgent and the Windows Process Groups ThinAgent lies in the way they filter the process information retrieved by the data source.

While the Windows Processes ThinAgent generates an event for each process, this ThinAgent generates only one event for the whole group using the information of the number of processes that matched the monitor settings. All resource consumption data is added here to give global performance information.

Often we need to know how many resources are being used by a task or service that needs the participation of a number of additional processes (for example a Web server that uses a database server). This ThinAgent can help in these situations. 9.3.1 Monitor Configuration

Configuration of the data source is the same as for the Windows Processes data sources. See “Data Source Configuration” on page 11 for details.

Start by giving the monitor a name and description in the general information section of the configuration panel.

General Information

Configuration Variables & Values Description

Windows Process Give your Windows Process Group monitor a Name Group Monitor name.

Enter a description for you Windows Process Description Group monitor.

Next configure the Windows Process Settings

Windows Process settings Use these settings to narrow down your monitor to check specific processes. You can filter the processes by domain, user, and individual processes.

Configuration Variables & Values Description

Enter the domain of the user to filter for. If you use Domain * * all domains will be included.

Enter the user who started process you want to fil- User * ter for. If you use * all users will be included.

Configuration Variables & Values Description

Make the most out of his monitor by entering the individual Windows Process(es) you want to monitor here. You can make a list of processes separated by commas. You can also use the wildcards * and ? Process Iexplore* to create your list of processes. To find the names of other Windows processes, go to your task manager and select the process tab. To monitor all Windows processes simply enter *. 9.3.2 Default Health Script

This script receives one event with information about the group of processes as determined by the monitor configuration, evaluates the Health conditions for this event and sets the object Health.

This script is useful to check whether processes that should be running are actually running.

By default Health is set to

• Critical when there is no process running that matches the criteria

• Warning when there are more than four processes running

• Success in all other cases.

Health conditions can easily be changed to check that the number of processes running match with what was expected (if number of processes known), or to monitor task resources consumption. 9.3.3 ThinAgent Variables

There are many variables retrieved for this ThinAgent. In this section we’ve first singled out a few variables that identify a process see Figure 30, then a number that contain particularly important information for this monitor see Figure 31. At the end you will find a total list of the variables available for this ThinAgent see Figure 32.

Variables that identify each process

Variable Description

DomainName Domain name.

ExecutablePath Path of executable.

ProcessId Process identifier.

ProcessName Process name.

UserName User name.

Figure 30 – Variables that identify the process

Variables offering most important information The most important information retrieved by this ThinAgent can be found in the following variables:

Figure 31 – Most important variables for this monitor

Variable Description

Number of processes matching the selection cri- Instances teria.

Kbytes of memory currently used by a process or MemoryInUse a group of processes, whether physical memory or paging files.

PageFaults Number of page faults since process started.

Average number of page faults per second PageFaultsPerSec caused by this process since last refresh.

Percentage of CPU utilization by a process or a PercentCPUUsage group of processes.

Percentage of total physical memory in use by a PercentMemoryUsage process or a group of processes.

SystemCPUPercentage Percentage of total CPU used.

SystemPercentPhysicalMemory Percentage of total memory used. Used

ThreadCount Number of threads for this process group.

TotalNumberOfProcesses Number of processes running on system.

Kbytes of memory set aside for a process or a VirtualMemory group of processes in paging files.

Total list of Variables

Variable Description

AgeOfProcess Minutes the process has been running.

Milliseconds of processor time used since last CPUTime refresh.

Domain filter as set by user in configuration of DomainMask monitor.

HandleCount Number of open handles.

Host Host name or IP address.

Number of processes matching the selection cri- Instances teria.

Kbytes of memory currently used by a process or MemoryInUse a group of processes, whether physical memory or paging files.

MemoryPoolNonPag Kbytes of non-paged memory pool.

MemoryPoolPag Kbytes of paged memory pool.

PageFaults Number of page faults since process started.

Average number of page faults per second PageFaultsPerSec caused by this process since last refresh.

Variable Description

Current usage of paged file area, measured in PageFileUsage Kbytes.

Maximum usage of non-paged memory pool, PeakMemoryPoolNonPag measured in Kbytes.

Maximum usage of paged memory pool, mea- PeakMemoryPoolPag sured in Kbytes.

Maximum usage of paged file area, measured in PeakPageFile Kbytes.

Maximum usage of virtual memory used by pro- PeakVirtualMemory cess since started, measured in Kbytes.

Maximum usage of work memory set used by pro- PeakWorkSetSize cess since started, measured in Kbytes.

Percentage of CPU utilization by a process or a PercentCPUUsage group of processes.

Percentage of total physical memory in use by a PercentMemoryUsage process or a group of processes.

ProcessIdList Process identifier list.

Process filter as set by user in configuration of ProcessMask monitor.

Current size of the virtual address space that a ProcessTotalMemory process is using, measured in Kbytes. It does not imply real memory usage.

ReadOpsCount Number of read operations.