Table of Contents
I.
ProactiveWatch Technical Architecture ... 4
II.
Installing ProactiveWatch at a Customer Site ... 6
Installing the ProactiveWatch Gateway ... 6
Installing and Accessing the ProactiveWatch Explorer ... 8
III.
Deprovisioning a Customer ... 9
Change Customer ID ... 10
IV.
Operating the ProactiveWatch Explorer ... 11
Customizing the Explorer to Display (Only) What You Want To See ... 12
Customizing the Columns Displayed in the Grid View ... 13
Adding or Changing Grouping ... 14
The Alarms View – Working Alarms ... 15
The Alarm History ... 16
The Work Alarms Screen ... 16
Manual Maintenance Mode ... 18
Managing Alarms in ProactiveWatch ... 19
Exclusions in Manage Alarms ... 20
Marked As Normal in Manage Alarms ... 20
Notification Rules ... 22
New Variables for Alarm Notification Subject Fields ... 22
Manage Computers ... 24
V.
Monitoring Templates – How to Change and Add Monitoring
Functionality ... 25
Changing the Monitoring Settings in a Template ... 27
Assigning Monitoring Templates to Workstations, Servers and Network Devices 28
Default ProactiveWatch Monitoring Templates and Features ... 30
Default (Out-of-the-Box) Network Device Monitoring ... 32
Optional Monitors in ProactiveWatch ... 33
Threshold Timeframe for Windows Service Monitoring... 36
Round-Trip Email Monitor ... 36
SNMP Bandwidth Monitoring ... 37
Extended Profile Template... 42
Assign the Extended Profile template ... 42
Display the “Console User” column ... 42
Enhanced System Profile information ... 42
File and Directory Monitoring ... 44
Monitoring Extensions ... 45
Symantec Anti-Virus Extension Configuration and Monitoring Details ... 53
Symantec Backup Exec Extension Configuration and Monitoring Details ... 54
VI.
Analytical Tools in the ProactiveWatch Explorer ... 55
Show Issues ... 55
View Metrics ... 55
Creating a Time and Date Based Snapshot ... 56
System Compare ... 57
Application Compare ... 57
Event Log Analyzer ... 58
Distribution Graph ... 58
Trend Graph ... 59
Multi-User Impact Analysis ... 59
VII.
Patch Management ... 60
Scheduling Windows Patch Updates for specific days ... 61
VIII.
Reporting ... 62
Automatic Semi-monthly Patch Management Report ... 62
Manage Scheduled Reports ... 62
IX.
Remote Control... 63
Integrated Remote Control ... 63
Remote Control… ... 63
Remote Control (Quick Connect) ... 63
Security ... 63
Installing Remote Control ... 63
Troubleshooting ... 64
Using Alternate Remote Control ... 64
X.
Updating Agents and Gateways to Future Versions ... 66
XI.
Autotask Integration ... 68
Configuring Autotask ... 68
Configuring ProactiveWatch ... 70
XII.
The ProactiveWatch Mobile Web Console ... 72
I. ProactiveWatch Technical Architecture
The technical architecture of the ProactiveWatch system is shown in the image below. The architecture of the system has several key components:
1. ProactiveWatch hosts the back end applications servers and database servers. You do not need to buy any licensed software from ProactiveWatch, nor do you need to procure or maintain any Windows or Database server licenses or hardware to support the ProactiveWatch system.
2. For the purposes of monitoring servers and workstations, ProactiveWatch is an agent-based system. ProactiveWatch agents are very small (consuming less than 10MB of Virtual Memory on a server), and very efficient (collecting data on every process running on the server every 10 seconds) while consuming less than 1% CPU during every monitoring interval.
3. Agents are available for Windows 2000 Server and above, Windows XP Workstation and above, Red Hat Linux, and SUSE Linux.
4. For the purpose of supporting network devices, any server agent can collect data from any network device that the agent can access via SNMP. ProactiveWatch supports all network devices that can respond to an ICMP ping for availability monitoring. For performance and bandwidth monitoring ProactiveWatch uses SNMP MIB 2.0.
5. Agents open an outbound port to the Gateway. The Gateway opens 443 outbound to the PW Back End. No firewall ports need to be opened at the customer site in order for ProactiveWatch to function.
6. The ProactiveWatch Explorer (Console) is a rich client .Net 2.0 application that the VAR installs on a server or workstation at his site. It opens port 29443 outbound to the PW back end.
II. Installing ProactiveWatch at a Customer Site
Installing the ProactiveWatch Gateway
Launch ProactiveWatchGatewaySetup.exe. You will need your VAR ID (it is in your registration email), and a unique Customer ID for the customer where you are installing this Gateway.
Installing a Gateway will consume an agent license since a Gateway provides all of the functionality of an Agent in addition to the Gateway functionality. If you have only one server at a customer site, just install a Gateway on that server and you are done.
The next screen will be for the communications settings used by the Gateway. Do not change these settings.
The last Gateway installation screen is a communications test from the Gateway to the PW back end system. You will not be allowed to proceed beyond this point in the installation if the test fails.
If the test fails, please make sure you can open a browser to any public site on the Internet from this server. Next make sure that you have established a customer ID with licenses on the Manage site that matches what you used in the first configuration dialog.
If you can browse to the public Internet, next try to connect to the PW back end. From the target server, open a browser to
https://proxi.proactivewatch.com/. The page should respond with a message that the Servlet is listening for connections.
If that works, and the Gateway connect test still fails, please send an email to
[email protected]. You will not be able to proceed with the installation of the Gateway or any agents until this communications test completes successfully.
Installing ProactiveWatch Agents
Launch ProactiveWatchAgentSetup.exe. The first important screen will ask you which type of agent you wish to install. Install a Server Agent on any computer that is supposed to be on all of the time (if it goes down you will get a Server Down alarm). Install a Client on any computer like a workstation or laptop that may get turned off, and for which you do not want a server down alarm when they do get turned off.
On this screen you must provide the Agent installer with the IP address or host name of the computer that is the Gateway. The agent will retrieve the VAR ID and the Customer ID from the Gateway, so you must have a working Gateway, and point the Agent installer at it here.
When the agent retrieves the VAR ID and the Customer ID from the Gateway, they will be displayed in the corresponding fields.
The last step of the agent installation is a communications test. If your Gateway passed its test, and you were able to retrieve the VAR ID and the customer ID from the Gateway, this test should pass as well. If it does not, please send an email to [email protected].
Installing and Accessing the ProactiveWatch Explorer
After you install the Gateway, you should install the PW Explorer (the Console) and make sure that your newly installed Gateway will appear in your Console. Launch ProactiveWatchExplorerSetup.exe. The Explorer requires no configuration during installation (just .Net 2.0). You log into the Explorer with your VAR ID, the user ID and password that were provided to you in your registration email. If your Explorer cannot connect, please take the following steps:1. Verify that the Host is set to proxi.proactivewatch.com 2. Verify that the Port is set to 29443
3. Verify that your VAR ID and Password are correct 4. Verify that Domain is set to ProactiveWatch
5. Once you verify these items if you still fail to connect open a Command Prompt. Type: “Telnet proxi.proactivewatch.com 29443”. This will test whether you can get out to the public Internet on port 29443. If this test fails, then your access on this port is blocked, and you will need to get this port opened outbound in order to run the Explorer from your current location. 6. If the Telnet test passes, and you still cannot connect, please send an email to
After you have installed your first Gateway, and launched the Explorer, you should see your Gateway in the Explorer as is shown below. Note that you can use the Manage Columns under Settings to add the Agent Type column to your view so that you can see what types of agents you have installed.
III. Deprovisioning a Customer
There are several situations where you may wish to remove a customer and their agents from ProactiveWatch. To do so is an easy process:
If you have access to the customer’s machines where agents are installed:
1. Uninstall all ProactiveWatch Agent and the FreeMyIT Agent from Add/Remove Programs. 2. Open the ProactiveWatch Explorer and highlight all rows using CTRL-Click or SHIFT-Click. 3. Select Delete on the Edit menu. You can also do CTRL-Del as a shortcut.
If you do not have access to the customer’s machines:
2. From the Manage Blocked Agent List… dialog, select all agents to block and press the > button.
3. In the main device grid, highlight all rows using CTRL-Click or SHIFT-Click. 4. Select Delete on the Edit menu. You can also do CTRL-Del as a shortcut.
After the agents rows are removed from the Explorer, the license is freed up. You should additionally remove all Notification Rules that are specifically setup for the customer manually.
Change Customer ID
You may now change a client’s Customer ID from the Explorer Console. Select the rows of the systems (use Shift-Click to multi-select), right-click, Fill Cells. Select “Customer” and enter the new Customer ID.
IV. Operating the ProactiveWatch Explorer
The ProactiveWatch Explorer is a rich client .Net 2.0 application that you install upon workstations or Citrix/Terminal Servers at your site. This is the only piece of ProactiveWatch software that you need to install at your site or upon your user PC’s or laptops. The basic ProactiveWatch subscription includes 10 concurrent instances of the Explorer, so you have the flexibility to have a shared Explorer in the office, and also to install copies on laptops that travel with your technical personnel.
The Explorer displays the real-time status of all of the monitored servers, workstations, and network devices across all of your customers and sites monitored by ProactiveWatch. Each monitored device is a row in the Explorer. Each column represents the status of one or more monitors. The status of a Monitor for a device is displayed in the cell that is at the intersection of the device row and the monitor column. The colors in the cell have the following meanings:
1. A Green square means that the status is normal (no alert condition is present)
2. A Red Square means that the monitor is currently in an alarming state.
3. A Red Triangle means that the alarm has cleared. Alarms that are caused by conditions that clear like CPU abuse, Memory
abuse, etc., will clear automatically when the condition that caused the alarm goes away.
4. A Blue Square is for a Marked As Normal Alarm (discussed in detail in the Managing Alarms chapter). Normal Alarms (like scheduled reboots in the middle of the night) are alarms you want to know about, but that you do not want to get email notifications on.
5. A Red and a Yellow triangle in a square is an Event. Events do not have a time duration and by definition have occurred in the past when you see them for the first time, so are marked in Yellow with a Red Triangle. Unlike an Alarm there is no automatic or manual way to “Clear” an Event. You have an option in the Explorer for how far back in time you want to view events.
6. A Blue and Yellow triangle in a square is a Marked As Normal Event. For example if you decide that you want to Mark As Normal Event Log entries associated with printer creation errors you can mark that specific Event ID as Normal (in Manage Alarms), causing it to appear as blue/yellow, and you will not get email notifications on this event.
Customizing the Explorer to Display (Only) What You Want To See
The Explorer is easily customizable to display only the devices from a particular customer, the devices at a particular location, or only the devices that are currently alarming. The following options are available to you to customize your view in the Explorer (each number below corresponds to a number on the screen shot):
1. Clicking on the column header sorts by the data in the column. 2. Lets you choose how far back in time to display Events.
3. Filters your view. Choose Customer, and then select the Customer that you want to see. That will show only the servers and devices for that customer.
4. Pressing the “Clear Past Alarms” button makes all of the red triangles go away (acknowledges alarms that have occurred, but that have cleared).
5. Pressing “Pause”, pauses grid refreshes. This makes the grid “hold still” since rows with new alarms will go to the top in the default sort order unless you press this button.
6. Locks the grid to the top. If you have sorted alarms so that all CPU alarms are at the top, this will keep your selected rows at the top, even as alarms occur.
7. Toggles the view to display only rows with active alarms, or when pressed again shows all rows. 8. Locks in a view to Group by Customer (on by default).
9. If you do not have the Customer Grouping button on, this will sort your grid to put all alarming rows at the top.
Customizing the Columns Displayed in the Grid View
You can create multiple views each displaying a different set of columns, and you can customize the columns displayed in each grid. ProactiveWatch ships with three default views, “All”, “Computers” and “Network”. You may select these views by pressing the tab with the View name under “View” in the main grid view of the Explorer as shown below.
To create a new view, or to change the columns in an existing view, go to SettingsManage Columns. The right and left arrows in the middle of the dialog move columns between Available and Selected. Once a column is selected, you can highlight and drag it up or down in the Selected list on the right. If you were to add a column to the list below, and drag it so that it appeared under Agent Type, than that column would appear to the right of Agent Type in the Grid View.
To create a new View, Clone an existing View and give this view a name. There are several other places in the Explorer where the displayed set of columns is determined by the displayed set in the Main Grid View (for example in the Assign tab of Monitoring Templates). If you want to efficiently manage your screen real estate, you can create a view that is optimized for assigning templates to computers in this screen and switch to it before you go work with Monitoring Templates.
To create a new custom column, hit the “+” at the top right of the Available box. For example if you have customers on three different support plans (Silver, Gold, and Platinum), you can create a column named “Support Plan”. You can then select groups of rows in the Explorer, right-click, select Fill Cells, choose Support Plan as the column, and then type in “Gold” to populate the Support Plan column for the
Using the Quick Filter allows you to find and display only the computers that match a substring.
Adding or Changing Grouping
By default the button to group by Customer is active. So, when your Explorer comes up, it will automatally display all of the rows for each customer together. You can add or change groupings by dragging column headings up to the dark gray area above the column titles.
You can group by any column displayed in the Grid View. For example, if you have both servers and network devices monitored at your customer sites, and you would like them to be displayed together for each customer, then add Agent Type as a column, and drag its its Column heading up to the dark gray area as shown below.
The Alarms View – Working Alarms
Clicking on the alarms tab (next to the View tab) brings up a summary list of all of the open alarms across all of the managed devices at all of your customers. You can group these alarms by any column heading by dragging the column heading up into the dark gray area. You can also right click and take the following actions on any set alarm:
1. Work Alarm – this brings up the detailed work alarms screen that allows you to take a variety of actions upon an individual alarm.
2. Alarm History – this brings up the same view of the alarms for a specific server, workstation or device that you get when you double click upon a row in the Grid View.
3. Show Issues – this bring up the Show Issues analysis for a managed device. The Show Issues analytical tool is discussed in the Analytical Tools section of this manual.
4. Defer Alarms – this allows you to stop Notifications for a selected period so that you can take a set of planned actions to resolve an alarm.
5. Mark As Normal – This marks the alarm as Normal. Go to Manage Alarms and the Marked as Normal tab to customize the time windows for your Marked as Normal setting and the computers to which it applies.
6. Clear Alarms – This manually clears the selected set of alarms, even if the condition that caused them has not been addressed.
The Alarm History
If you double-click on any selected set of rows in the Grid View of the Explorer you will bring up the Alarm History for the selected set of devices. The Alarm History is a rich diagnotics tool that displays the following information:
1. The alarms that have occurred within the selected time period (24 hours, 3 days, or 7 days) for the selected set of servers.
2. If you select a single alarm, you will get the available diagnostics information for the alarm. In the case of resource based alarms (over use of CPU, Memory, Disk, Handles or Threads) you will get a detailed System Snapshot that shows you the state of the computer at the time of the alarm. This will include the usage state of the key resoruces on the server, as well as which processes are the top five users of those resources.
3. The System Profile at the time of the alarm.
4. The set of installed applications, security updates and hot fixes at the time of the alarm.
If you double-click on any single row in the Alarm History, you will go to the Work Alarms screen (described below).
The Work Alarms Screen
You can access the Work Alarms screen by either double-clicking on a row in the Alarm History, or by going to the Alarms tab in the main grid view, selecting a row, right-clicking and selecting “Work Alarm”. The Work Alarms screen pertains to a single alarm and allows you to perform the following actions:
1. Mark As Normal – This marks this alarm as normal. Future occurrences of this alarm on this computer will be displayed in blue in the Grid View, and will not trigger email notifications. If you would like to generalize a specific Marked As Normal entry (for example to make it apply to more than one
Computer), use SettingsManage AlarmsMarked As Normal to customize your entries.
2. Clear Alarm – This clears the alarm whether the underlying cause of the alarm has been addressed or not.
3. Take Ownership of the Alarm – If you click the It’s Mine button, the alarm gets assigned to your Explorer account and will displayed as owned by you in the accounts of other Explorer users at your company.
4. Defer – This defers the time count that the alarm is open in order to give you time to fix it.
To speed working with alarms, there is a link that will allow you to instantly create a ticket in Autotask (similar to using the Notification Rule to send an email to open a ticket). There are two short-cut links. The first will bring up the “Manage Computer” panel, which will allow you to view real-time performance, start/stop services and kill processes. The second shortcut link will bring up the RemoteCommand panel for the system.
Manual Maintenance Mode makes it possible to easily ignore all alarms for a device while you are performing maintenance tasks or temporarily taking a device off-line. Alarms will show in the console as Blue (Mark as Normal), but notifications will be suppressed while Maintenance Mode is “Enabled.” Simply select one or more devices, rightclick and choose “Maintenance Mode->Manually Enable” to begin maintenance mode. Remember to “Disable” this once you are ready to begin monitoring again.
New “Task Manager”-like features available from Manage Computers, including Real-Time Performance Graphs, Processes, Users and Services lists, giving you visibility into, and the ability to interact with, services and processes on any remote system that has the RemoteCommand agent installed and running.
Managing Alarms in ProactiveWatch
ProactiveWatch is the only VAR oriented Managed Service monitoring solution that can monitor every process on the server for usage of key resources, monitor the server for changes in the state of the installed software, monitor servers for changes in desirable and undesirable ports, monitor web and Citrix servers for URL and ICA response time and monitor the Windows Event logs with the granularity required to catch critical events in a wide variety of applications and services.
With this tremendous ability to monitor deeply and broadly comes the prospect of a significant number of false alarms. ProactiveWatch includes an easy to use, but very powerful system that allows you to virtually eliminate false alarms:
7. Alarms may be Excluded by the Agent and never even set up to the back end database for analysis and reporting. Excluded alarms are treated as if they never occurred at all. An example of an alarm that is excluded in the Default Exclusions template is the Windows Performance Logs and Alerts service going down.
8. Alarms may be Marked As Normal. Marked As Normal alarms are recognized within the Console as having occurred and are marked in blue instead of red in the grid view. Alarms can be Marked As Normal for a specific time period. For example the nightly reboot of a set of servers in a farm can be Marked As Normal if it occurs within +/- 30 minutes of 2 AM, but the reboot alarm will be treated as normal otherwise.
9. Alarms and Notifications are treated separately. Notification Rules (which cause Email Alerts) are separately defined from Alarms themselves. So the VAR can easily create a rule that sends an email immediately if a site or a server is down, but that reserves all other alarms for a summary email in the morning.
10. Resource alarms (CPU, Memory, Disk Time, Handles, Threads) can be excluded based upon which process caused them. For example, on an Exchange Server, store.exe often uses all of the memory. So, if the threshold for a memory alarm is 90%, that alarm will always fire on an Exchange Server, since store.exe will always push total memory utilization above that point. ProactiveWatch allows you to define an Exclusion rule that masks out alarms having to do with the utilization of resources in total caused by specific processes. So, memory alarms caused by store.exe (and sqlserver.exe) cease to be a problem.
ProactiveWatch is also unique in that false alarms can be masked before they occur, and can be applied to computers upon which they have never occurred before they occur. Furthermore, specific alarms can be generalized, and then Excluded or Marked As Normal and applied to any set of monitored devices.
Exclusions in Manage Alarms
Any alarm that occurs can be right-clicked upon and excluded. Be default, Excluded Alarms are added to the Default Exclusions Template, which applies them to all monitored devices. Below is an example of the alarms that are excluded by default in ProactiveWatch.
Note that the Physical Memory alarm is excluded when it is caused by sqlserver.exe, but not by any other process and that the CPU usage alarm is excluded when it is caused by beremote (the backup process), but not when any other process causes it.
The asterisks in the screen shot below illustrate how easy it is to generalize and exclusion. A common system profile change is for the CPU Mhz to change as the CPU shifts up and down in speed. When this alarm occurs, it comes with specific values in the Old and New fields. Replacing these values with asterisks masks out all changes in CPU speeds from the alarm set.
Marked As Normal in Manage Alarms
Two alarms are marked as normal below. A regular task every Monday consumes a great deal of CPU. This task runs between Midnight and 7 AM depending upon other system load. So it is Marked As Normal on a weekly schedule with a start time and end time that cover the likely periods during which the task is running.
The second Marked As Normal alarm is a nightly reboot, which occurs within a few minutes of 1:13 AM. It is important to note the key differences between Excluded Alarms, and Marked As Normal Alarms. They are:
1. Excluded Alarms are treated by the system as never having happened. There is no record within the system of them having occurred. There is no time frame for exclusions. Either an alarm is excluded all of the time or it is not.
2. Marked As Normal alarms show up in the Grid View and therefore it is possible to verify that the task that caused the CPU issue, or the scheduled reboot did in fact occur.
3. Marked As Normal alarms have a time frame associated with them being normal. So this feature is used for alarms that are normal at night, and not normal during the day.
Notification Rules
The last layer in the system of deciding which alarms are “important” is to decide which ones should be the basis of email notifications. Note that Excluded alarms are masked out as never having occurred, and Marked As Normal alarms are noted in the Explorer, but are masked out from the set available for notifications.
The Add Notification Rule dialogs below, shows how the you can pick which alarms should be the basis of an email notification rule. The alarms of interest can be selected, and then the rule can be filtered on the basis of Customers, Locations, or even individual computers. Finally you can choose whether you want the alarm immediately, or whether you want summaries of the outstanding alarms hourly or daily. Four alert formats are supported. Default is designed for emails that would appear in normal email programs like Microsoft Outlook or Google Gmail. Compact is designed for emails destined for mobile devices. The format is abbreviated so that you are unlikely to have to scroll to read an alert.
The Filter By dialogs allows you to create alerts for specific customers, locations, or on the basis of the data that you put in any custom column that you create. If you choose Filter By Customer on the left dialog, and then choose a customer ID in the right Filter dialog, you will create a notification rule that just sends emails about that customer ID to the specified email address.
Two additional alert formats are supported, one for Autotask, and one for Connectwise. Feeding alerts to these systems requires additional configuration of ProactiveWatch and the receiving system and is covered in chapters dedicated to the integration with these two products.
New Variables for Alarm Notification Subject Fields
There are two new variables that can be included in the subject line of notification rules: $SYNOPSIS$ and $ALARMIDS$. Here is the full list of subject-line variables, and brief description:
Variable Description
$CUSTOMER$ Lists the Customer IDs contained in the notification $COMPUTERS$ Lists the Computer Names contained in the notification $ACTIVEALARMS$ The number of Active Alarms included in the notification $RESOLVEDALARMS$ The number of Resolved Alarms included in the notification $ALARMIDS$ The Alarm IDs in the notification email
$SYNOPSIS$ A Synopsis of the alarm notification placed in the subject line to assist with auto-populating ticketing systems (e.g. Autotask)
Below is an example of a useful subject line using created using a subject pattern:
Manage Computers
To access these new features, select the row of the desired system, right-click and choose “Manage Computers.” You will see new tabs for Performance, Processes, Users and Services as detailed below. a. Real-time Performance Graph
Select the Performance tab to display graphs of CPU and Memory for the selected system. Also displayed is the Task Manager-like information for Handles, Threads and Processes, Memory, Session and
Input/Output information. This information is updated in realtime every 15 seconds. b. Process List
The Processes tab lists the currently running processes, along CPU and Memory Usage, updated every 15 seconds. You may sort by clicking the column headings. Select a process, and click “End Process” to terminate that process or application.
c. Users
The Users tab displays the current users on the system for multi-user systems. This will be blank for single user machines. Select a User/Session and click “Reset User Session” should you need to clear or reset a terminal server session.
d. Services
The Services Tab is similar to Services.msc; it displays the Service Name of the services on the remote system along with the Status, and Startup Type. Click a column heading to sort. Select a service to Start, Stop or Restart that service on the remote system.
V. Monitoring Templates – How to Change and Add Monitoring Functionality
Go to SettingsMonitoring Templates to see the default set of monitoring templates, shown in the image to the right. All of the Default Templates are locked and their settings cannot be changed. To change monitoring settings, clone a template, and change the settings in the clone (see the next section for how).
There are three types of templates within ProactiveWatch, Base Templates (in blue) and Add-On Templates (in green) and Extension Templates. Only one Base Template may be assigned to a monitored device at a time. Base Templates are also tied to an Agent Type (Gateway Server, Server or Workstation). You cannot assign a Base Template to an Agent of a different type than the Template. So, if you create a new Server Template by cloning the default Server Template, you will only be able to assign the new template you made to servers that have the Server Agent installed upon them (and not to Workstations or Gateway Servers). Base Templates are the only place where you can set up monitors that have thresholds like CPU %.
This is so you only ever have one of those kinds of thresholds to worry about per monitor, and never have to figure out which CPU % threshold (in which template) is causing the alarm (since there can be only one template with a CPU threshold assigned to any server or workstation).
Add-On Templates are not typed (they can be assigned to any monitored device), and you can assign as many Add-On Templates to a server, workstation, or network device as you like. Add-On Templates are designed to let you handle the variation among devices at your customer sites without having to proliferate Base Templates. So, if you have two different kinds of backup software installed at your customer sites, each of which writes different events to the Event Log, you can create two different Backup Add-On Templates by setting up the Event Log monitoring appropriately in each, and then assigning those Templates to the appropriate servers.
Monitors in Base Templates, Add-On Templates and Extensions
As mentioned above, there are three different types of Templates in ProactiveWatch, Base Templates, Add-On Templates, and Extensions. The different monitors that are available in the three types of templates are summarized in the table below:
Template Type Base Add-On Extension
Site Down Monitor Yes No No
Internet Down Monitor Yes No No
Server Down Monitor Yes No No
LAN Latency Monitor Yes No No
Auto-Started Service Down Yes No No
Event Log Collection Yes No No
Total CPU Usage Yes No No
CPU Usage by a Single Process Yes No No
Low Disk Capacity Yes No No
Excessive Disk Time (Activity) Yes No No
Low Virtual Memory Yes No No
Low Physical Memory Yes No No
Excessive Threads used by a Process Yes No No
Excessive Handles used by a Process Yes No No
Registry Change Yes No No
Application Install/Removal Yes No No
System Profile Change Yes No No
Reboot Yes No No
Application Crash Yes No No
Port Error Yes Yes Yes
Client to Server Initiator Yes Yes Yes
Client to Server Listener Yes Yes Yes
URL Availability and Response Time Yes Yes Yes
Excessive ICA Connect Latency Yes Yes Yes
Windows Event Log Alerting Yes Yes Yes
Specific Service Down Yes Yes Yes
Specific Process Down Yes Yes Yes
MS Exchange Extension No No Yes
Symantec Anti-Virus Extension No No Yes
Symantec Backup Exec Extension No No Yes
Microsoft Update Extension No No Yes
In general the best practice is to have a small number of Base Templates that you can reuse widely across similar servers in your customer base. Then use Add-On Templates to handle variation between similar
Changing the Monitoring Settings in a Template
To edit the settings for an existing template, you double-click on it and go to the settings for that template. To create a new template, select the appropriate starting point (remember the type of the template much match the installed agent type), right click and select “Clone”. To edit the settings within a template take the following steps:
1. The set of monitors in a template that are enabled are in green, disabled monitors are in gray. To turn a monitor on, select it, right click, and choose “Enable”.
2. For most monitors the settings are in the columns to the right of the Alarm name. These cells are editable, and you can simply type in the values you would like for each monitor.
3. Some monitors have thresholds that are the numerical value in the monitor that must be exceeded in order for the monitor to alarm. The value is either a count (a number of handles), a percentage (X % of CPU), or a time value (a certain number of seconds or milliseconds). The Unit of the threshold is specified in the Unit Column.
4. Timeframe is the duration in seconds that a monitor must surpass the threshold in order to alarm. 5. Certain monitors required advanced configuration. These monitors have blue “Configure” links in the
Advanced column. Click on the Configure Link to access the advanced configuration dialog for these monitors. Information on how to configure the advanced settings in the optional monitors is contained in the “Optional Monitors” section later in this manual.
Assigning Monitoring Templates to Workstations, Servers and Network Devices
ProactiveWatch provides for an easy spreadsheet like user interface to assign monitoring templates to workstations, servers, and network devices. You access this interface by going to SettingsMonitoring Templates and selecting the Assign tab. All you have to do to assign a template to a device is to double-click in the cell that intersects that device row and the template column.You can copy and paste template assignments en-masse so you can quickly assign a set of templates to a set of devices. To do this, select a cell, right-click and select copy. You can then select N rows, select paste and past that selection to those rows. You can also copy and paste an entire row of selections if you have one server set up just right, and want to copy that assignment to N other rows.
As mentioned before in the section on Monitoring Templates, you can only have one Base Template assigned to each server, workstation or network device. Furthermore, Base Templates have a type that matches the agent type you installed. You cannot assign a Base Template of one type to an agent of a different type. Only the allowed choices are in white in the Base Templates section of the Assign dialog. The Default Exclusions Template is automatically assigned to all devices, which gives you one easy place to manage all of the alarms that are not desirable. Please see more detail on this feature in the Manage Alarms section of this manual.
Notice the in the case below, the HP Insight Manager, Symantec BackupExec, and All Event Log Errors Add-On Templates are assigned to all of the servers. This shows how easy it is to configure
ProactiveWatch for the different scenarios you encounter at customer sites.
The gray columns you selected in the main grid view determine the gray columns you see in the Assign dialog. If you are running out of real estate in this dialog, then go to Manage Columns and make a View called Assign Templates. Put the minimum columns you need in this view, and then select it before you come to this dialog.
Override Monitor Template
There are two main uses for the use of Override Monitor Template. One is when you need to change a limited number of settings for just a single machine and the remaining monitoring settings in the standard template are fine. For instance, on a legacy/slower system you might want to increase just the CPU % threshold and would prefer not to create a new template.
Another use is for setting specific variables in templates like Exchange Enhanced or the new [Round-Trip] Mail Monitor, without having to create a new
template (which was a necessary step prior to this new feature).
To use the “Override” feature, select the system from the main grid, and choose Edit->Properties (F2) to bring up the Properties dialog box as shown to the right. Select the “Override” checkbox, and choose Edit to bring up the selected Monitoring Template settings, make and save your changes.
You may perform Overrides for Base Templates and Add-On Templates.
A system that has Overrides applied will be shown with a Red dot in Monitoring Templates, Assign Tab, as shown in the system to the right.
Default ProactiveWatch Monitoring Templates and Features
When you install an agent, one of three Base Monitoring Templates is automatically assigned to that agent depending upon what type of agent you install. If you install a Gateway on a computer, then a Gateway Server Agent is also installed upon that computer, and the associated Gateway Server Base Monitoring Template is assigned to that Gateway Agent. If you install a Server agent upon a computer, the Standard Server Base Template will be assigned to that agent. If you install a Workstation agent upon a computer the Standard Client Base Template will be assigned to that agent. The agents in the default templates contain a set of default monitors shown in the table below. No configuration or customization is required to activate these monitors.
Differences in Monitors between Agent Types
The differences in the default monitors that are provided in the three default monitoring templates is shown in the table below:
Computer Type Gateway Server Server Workstation
Agent Type Gateway Server Server Workstation
Default Template Gateway Server Standard Server Standard Client
Site Down Monitor Yes No No
Internet Down Monitor Yes No No
Server Down Monitor Yes Yes No
LAN Latency Monitor No Yes No
Auto-Started Service Down Yes Yes Yes
Event Log Collection Yes Yes Yes
Total CPU Usage Yes Yes Yes
CPU Usage by a Single Process Yes Yes Yes
Low Disk Capacity Yes Yes Yes
Excessive Disk Time (Activity) Yes Yes Yes
Low Virtual Memory Yes Yes Yes
Low Physical Memory Yes Yes Yes
Excessive Threads used by a Process Yes Yes Yes
Excessive Handles used by a Process Yes Yes Yes
Registry Change Yes Yes Yes
Application Install/Removal Yes Yes Yes
System Profile Change Yes Yes Yes
Reboot Yes Yes Yes
Application Crash Yes Yes Yes
The Gateway Server agent is the only agent that implements the Site Down and Internet Down Monitors. Since you typically have one Gateway at each customer site, these monitors serve to tell you if that site is up, and if the Internet is accessible from that site. The Server Down and LAN Latency Monitors are not
implemented. If you have a workstation that should be up all of the time, and you want to monitor it with the Server Down alarm, put a Standard Server Agent on that Workstation.
How the Default Monitors Work in ProactiveWatch
1. Site Down Monitor – The PW back end constantly monitors each GW to make sure that the GW is communicating back to the PW back end on the required intervals. If the GW fails to check in within the required interval (by default 60 seconds), the PW back end will issue a site down alarm. The PW back end will generate an email to the main support account at the VAR, notifying the VAR of the outage. This notification does not rely upon any infrastructure at the customer or the VAR except the ability on the part of the VAR to receive an email.
2. Internet Down – the PW Gateway measures the response time from the GW of www.google.com, and www.yahoo.com every 60 seconds. If both of these web requests fail, the GW sends an Internet Down alarm to the back end, which generates an Alarm and a Notification as described above. Alarms and Notifications will also be generated if both sites are slow to respond.
3. Server Down Monitor – the PW Gateway maintains a continuous connection with each monitored server. If that connection is broken, the Gateway sends a Server Down alarm to the PW back end, which generates an alarm and a notification as described above.
4. LAN Latency Monitor – The GW continuously checks the latency over the LAN between itself and the monitored servers. If the performance of the LAN degrades, an alarm is generated.
5. CPU Usage Monitor – If total CPU usage is above 95%, or usage by any single process is above 50% for the default time period, an alarm is issued.
6. Memory Usage Monitor – If Physical Memory usage is above 90% or Virtual Memory Usage is above 70% for the default time period, and alarm is issued.
7. Disk Time Monitor – If Disk Time (the percentage of the last second in which the disk controller is actively accessing the hard disk) is above 50% for the default time period, and alarm is issued. 8. Disk Capacity Monitor – If the free space on any disk drive falls below 5% an alarm is issued.
9. Thread and Handle Usage Monitor – If any single process uses more than the desired number of threads or handles, and alarm is issued.
10. Event Log Monitoring – All Event Log entries written to the Applications Log and the System Log are automatically collected. These can be browsed with the Event Log Viewer that is part of the PW 1.6 Explorer. Alerts for any combination of severities and logs can be turned on for any combination of servers or workstations with one mouse click.
13. Windows Service Monitor – if any automatically started Windows Service goes down, and alarm is issued.
14. Reboot Monitor – If a server reboots and alarm is issued. Normal reboots can be easily masked out with the Marked As Normal features of the system.
15. System Profile Monitor – If the profile of a monitored server changes (for example, the IP address of a server changes), an alarm will be issued.
Default (Out-of-the-Box) Network Device Monitoring
Any server agent can monitor any network device that itcan access via ICMP and SNMP. If the VAR provides the information to the right about a Network Device, then ProactiveWatch will automatically monitor that network device.
The default Network Device template is shown below with the default settings for network device monitoring. The monitors that are on by default are:
6. ICMP Ping Failure – The selected Server Agent will ping the network devices and issue an alarm if the devices fails to respond.
7. If packet loss on the
ping exceeds the threshold, and alarm will be issued.
8. If the response time on the ping exceeds a latency threshold, an alarm will be issued.
9. If the profile of the network device (for example the version of its installed software) changes, and alarm will be issued.
10. If utilization of any of the inbound or outbound interfaces exceeds the threshold, an alarm will be issued.
The Connected Network Device monitor is off by default since it will alarm whenever the set of devices connected to a switch or router changes. This can be a very valuable monitor in certain circumstances, but it will generate a large number of false alarms for routers and switches that support workstation and laptop computers.
Optional Monitors in ProactiveWatch
ProactiveWatch contains a wide variety of monitors that you can enable by simply selecting them in a monitoring template and turning them on. Some of these monitors require some customer specific configuration. The optional monitors are detailed below:
11. Web Site (URL) Response Time Monitor – This monitor tests the availability and response time of any selected web site. This can be a public web site, a corporate intranet, or a Citrix Web Interface Server. Any agent can run this monitor against any web server that is accessible from the computer that the agent is running on.
12. ICA Port Response Time Monitor – This monitor tests how long it takes a Citrix server to respond to connect request on the ICA port from the agent making the port request. Any agent can run this monitor against any Citrix server that is accessible from the computer that the agent is running on.
13. Port Monitor – This monitor allows the VAR to specify ports that must be present (80 and 443 on a web server), ports that are allowed to come and go (135 the RPC port), and then either ban a specific “black list” of ports or, as is shown in the example to the right, ban all ports that are not either required, or specifically allowed.
14. Client2Server Monitor – This monitor tests the latency over a TCP/IP socket between any two sets of monitored devices. The C2S monitor is an excellent choice to watch the latency between the servers that constitute the tiers of an applications system (for example from web servers to applications servers, to database servers). The Client2Server Monitor is configured in two different places – server(s) that respond to (listen for) latency checks and server(s) that create (initiate) latency checks.
To configure the listener, clone the Generic Exclusions Template and make an Add-On Template named C2S listener. Enable the C2S Listener in that template. Use Monitoring TemplatesAssign to assign the C2S Listener Add-On Template to the servers that will be responding to latency checks.
To configure the initiator, create another Add-On Template named C2S Initiator. Configure it to send latency checks to the servers that you have applied the Listener template to. Assign this template in Monitoring TemplatesAssign to the servers or workstations that you want to test the latency to the target servers. Note that the configured port (29100 by default) must be open between the two sets of servers for this monitor to work.
15. Individual Service Monitor – By default ProactiveWatch monitors all automatically started services and alarms if any of them go down. If you wish to monitor services that are not automatically started, you can do so by configuring the Specific Windows Service Down Monitor. Please enter the Display Name of the service in the dialog when configuring this monitor.
16. Process Down Monitor – ProactiveWatch can be configured to watch any specific process. This monitor is enabled by default in the Exchange Server template to watch store.exe. Just enable the Process Down Monitor in the Template (Base or Add-On) of your choice and then add the process name you would like to have monitored.
17. Total Handle and Total Thread Usage Monitors – These monitors watch the total number of threads and handles in use. Since the acceptable number is highly dependent upon the type of work that a server is doing, these monitors should be turned on within a monitoring template dedicated to a specific type of server.
18. Memory Usage by a Process – This monitor can watch the memory usage by individual processes, and should be using in conjunction with application specific monitoring.
19. Extensions – 1.6 includes Extensions that provide very detailed monitoring of Microsoft Exchange, MS Update, Symantec Anti-Virus, and Symantec Backup Exec. Other extensions will be added over time. You can even add your own extensions. Extensions are documented in Chapter XVII.
Threshold Timeframe for Windows Service Monitoring.
This allows you to avoid “false alarms” for services that are automatically restarted by setting a timeframe (in seconds) the service must be down before ProactiveWatch will alarm on “service down.” Set the threshold Timeframe for Automatically Started Services in the Base Template (below), or for Specific Windows Service in either an Add-On or Base template from the Configure panel.
Round-Trip Email Monitor
There is a new enhanced monitoring template, Mail Monitor, that allows you to perform round-trip email monitoring of your client’s hosted (or non-Exchange) email systems. (This version will not work if SSL is required.) Clone the Mail Monitor template, or assign it to a system and use the aforementioned “Override” feature, in order to configure the variables for the system.
At a minimum, you will need to create a designated email address and specify: Email_From and Email_To addresses
the SMTP information (which does not need to be the same server)
and enable at least one of IMAP, POP or MAPI and configure the related variables
The default schedule is to send and then retrieve the test email every 5 minutes, 24x7x365. (Change the schedule by clicking into the Schedule field.)
The process is that ProactiveWatch will send the test email as configured, and then login via the enabled “Check_” methods to retrieve the test email. It will delete all emails in the test mailbox after each check, so this must be a mailbox designated only for ProactiveWatch’s use.
Use Settings->Manage Columns to add the “Email” column to the right side in the “Selected” panel if you wish to have a visible indicator of alarms from this monitor. To test that this is working, [temporarily] enable “ALARM_ON_SUCCESS.”
SNMP Bandwidth Monitoring
ProactiveWatch can perform bandwidth monitoring of network devices (like switches and routers) via SNMP “Gets.” Two improvements to SNMP Network Device Bandwidth are:
Reports will now include kbps (as well as the previous % utilization metrics)
Line speed values may be specified for individual interfaces for more meaningful % reporting and alarm thresholds
ProactiveWatch performs SNMP “walks” to determine the “serial” ports on the devices being monitored, and also queries the device for the line speed which is used to calculate the bandwidth utilization percentages for reporting and threshold alerting. Often the device returns the maximum capable speed of the port which does not match the actual line speed. For example, the port may be capable of 100 Mbps, but in actuality it is connected to a 1.5 Mbps data line. ProactiveWatch cannot know that it is 1.5 Mbps, so all calculations are performed using 100 Mbps.
This new feature allows you to supply the actual line speeds to be used in the monitoring and reporting calculations. To supply the line speed for the ports being monitored, you will either clone the Network Device template (from Settings->Monitoring Templates), or use the Override feature described above, then enter the actual line speeds as shown:
1. From Edit Template, click any one of the “Configure” buttons associated with Column “Bandwidth Usage” (they all go to the same place).
2. In the Configure SNMP panel, enter the interface numbers and the corresponding Line Speed Proactive Watch should use for its calculations
If you are not sure what the interface numbers are for a device, you can use View Metrics to see the Serial interfaces that ProactiveWatch detected.
Note: There are two reasons that View Metrics could be blank:
(1) The Network Device was just “installed.” Check again in an hour.
(2) The SNMP Community string or IP address was specified incorrectly.
Low Physical Memory (<MB), in the base templates, (shown on right), can be enabled and configured to alert when available Physical Memory is lower than the specified amount, providing greater control and accuracy when monitoring in these dynamic virtual environments. Typically you would disable the “Low Disk Capacity %-based” rule, but the two rules can be used simultaneously. Remember, you can create a new template or use the Override feature (documented
below), to enable and use the new settings.
Low Disk Capacity (<MB), in the base template (shown above) can be enabled and configured to alert on disk space lower than a set amount in MB, providing fine-grained control for more accurate and reduced false alarm conditions. Typically you will disable the %-based rule, but the two rules can be used together. (Again, create a cloned base template or use “override” to enable/configure the new setting.)
Enhanced SNMP monitoring. A new SNMP "Add-On Template" allows you to go beyond monitoring of Up/Down (via PING) and MIB II bandwidth to specify Object Identifiers (OIDs) to be read via SNMP, and return an alarm based on comparison to a specified value
Please keep in mind that this is a “technical" feature, and you should be familiar with SNMP and will need to know and specify the full OID to be read. ProactiveWatch support can assist with configuration problems and questions, but does not have the knowledge of what OIDs to be used on different SNMP enabled devices.
a. Add a device to be monitored
i. From the Explorer, use Settings->Add Network Device to specify a Windows server in the client environment that will perform the SNMP “gets.”
ii. Ensure that SNMP "gets" are enabled on the target network device and that you have specified the correct Community String when configuring the “Add Network Device.”
iii. If the device is not a switch/router, you should create a new Network Device “Base Template” (using clone) and turn off the “bandwidth” and/or PING related rules to avoid false alarms (remember to assign the new template).
c. Assign this new cloned template to the Network Device being monitored (not a server) once the configuration has been completed.
The fields are:
Action Currently may only be set to “ALARM”
OID Enter the OID to be retrieved from the network device
Compare Use the drop down (as shown) to select the comparison. If the test is TRUE, the alarm is generated.
Op Type Description
= Numeric Equal to
>= Numeric Greater than or Equal to
> Numeric Greater than
< Numeric Less than
<= Numeric Less than or Equal to
!= Numeric Not Equal to
eq String Equal to
eqi String Equal to – case insensitive
ne String Not Equal to
nei String Not Equal to – case insensitive
re String Regex(1) Equals
rei String Regex(1) Equals – case insensitive
<> Range (2) Alarm if OID value Less Than x or
Greater Than y.
(“Not between”, non-inclusive) <=>= Range (2) Same as above, but “inclusive.”
>< Range (2) Alarm if OID value Greater Than x
and Less Than y. (Between, non-inclusive.)
>=<= Range (2) Same as above, but “inclusive.”
Notes:
(1) Regular Expression (regex). See Regex below.
(2) These operations are a Range Comparison as defined by the operator and two parameters (x & y) in the Threshold column, separated by a comma.
Threshold The value to compare the OID information against. Note the Type of Range (2) requires two
numbers separated by a comma (e.g. – 50,80). Message The text information you want to include in the Alarm
Regex patterns (regular expressions) employ a set of rules or parameters, a small subset that will be described here and should be sufficient for many applications.
Pattern Explanation
Any character
* Zero or more characters + One or more characters
A-Z The ASCII characters A through Z a-z The ASCII characters a through z A-z The ASCII characters A through z 0-9 The ASCII characters 0 through 9 [abc] The characters “a” or “b” or “c”
\ Used to indicate the next character is literal \\ Indicates the literal “\”
\. Indicates the literal “.” \n Indicates a new line
(…) Defines the “capture” text from the OID read to be used in the compare
An Regex example is:
.*Status: .*([A-Z])\.*
which would return the text following the word “Status:” and ending in “.”, and might be compared to “OFFLINE” as an alarm condition.It is beyond the scope of this text to attempt a full explanation of regex. There are numerous sources to learn more, but one good site is: http://www.regular-expressions.info or http://www.regular-expressions.info/quickstart.html
Extended Profile Template
This new template will return additional information for the systems that you are monitoring. This includes information on the System Profile, and also returns the current “console user” that is logged into the machine, which can be very useful when monitoring and managing workstations.
Assign the Extended Profile template
You must apply this template to the machines in order to have ProactiveWatch collect the new information. From the Explorer, use Settings->Monitoring templates and assign the template called “Extended Profile” to your client’s systems. Remember that you can use the Copy / Paste function to speed this up. From the Assign tab in the Monitoring Templates dialog, double-click to assign the
Extended Profile template to the first machine. Right-click and choose Copy. Then multi-select (SHIFT or CTRL-click) to select other machines, and choose Paste to copy that single action to the other machines. Once you assign the template, it can take 10-20 minutes for the template to be downloaded and then executed on the systems.
This template will be run approximately every minute so that changes to the Console User will be transmitted to the ProactiveWatch system and displayed in your Explorer Console.
Display the “Console User” column
To view the logged in “console user” you need to make sure that the “Console User” column is displayed in your explorer. Go to Settings->Manage Columns. In the “Available” (left) column, find “Console User” and click the “right triangle” to move it to the Selected column. You may then drag it up in the Selected column to position it in the order you wish.
Enhanced System Profile information
The new information collected is shaded in the table below (which is output from a System Compare), and includes new key items such as information on:
Memory Banks (installed, RAM size, available) Microsoft Windows Key
Network Adapters Service Tag (Dell, etc.) System Slots
As a reminder, the System Profile information is available from:
Compare->System (which can be copied to clipboard; pasted into Excel, etc.) Alarm History, Profile Tab
Alarm Detail, Profile Tab Report->Inventory
Note! System Profile information is part of the meta-data that is collected and transmitted to our servers daily. So if you require “instant gratification” – please do the following:
Tun the Agent Manager (from the Start Menu) on a system Go to Views->Override->Agent
File and Directory Monitoring
The new File/Directory add-on template allows you to monitor files or directories for a variety of conditions, and you can set the alarm message and determine the ProactiveWatch “column” for the alert. For example, this is useful for monitoring the “last modified” attribute of an anti-virus or anti-malware definition file to alarm if it has not been modified in 7 days, with the alert details populating the A/V alarm column.
Clone the File/Directory Monitoring template, rename it and double-click to open it.
Click “Add” to add a new rule to this template (right). Enter the file or
directory, and enable the conditions to be monitored. Set a timeframe for the condition, and customize the alarm message if desired.
(The monitoring extension that performs the monitoring runs once per minute.)
Monitoring Extensions
ProactiveWatch includes the ability to deeply monitor a specific vendor’s product or service with monitoring functionality custom to that product or service. Certain extensions are provided by ProactiveWatch and are included in ProactiveWatch. You can also write your own extensions and have ProactiveWatch install and distribute them for you. ProactiveWatch includes the following extensions: 1. Microsoft Exchange – deep monitoring of Exchange queues, and mail flow over POP, IMAP and
MAPI
2. Symantec Anti-Virus – monitoring of whether signatures are up to date, and if a virus has been found
3. Symantec BackupExec – monitoring of whether or not all configured backups have completed successfully
4. Microsoft Update – monitoring of whether or not all available patches have been installed Extensions are provided in ProactiveWatch via an additional set of Add-On Templates. If you go to SettingsMonitoring Templates, you will see four new Add-On Templates that correspond to the four Extensions described above. Templates that have Extensions assigned to them, list the short name of the Extension (MSEXCH, MSUPD, SAVMON, and SMBE) in the Extensions Column.
Displaying Extension Monitor Status in the Explorer Grid View Go to SettingsManage Columns. Select the
four columns highlighted in the Available box on the left of the screen shot. Hit the right arrow. This will move those columns to the bottom of the Selected set and display them to the right in your Grid View. This will display the alarm status of all four extensions. You can also add a column named “Installed Extensions” to cause a column to appear that lists the extensions installed on each computer in that column.
If you configure your columns as described above, you will have a Grid View in your Explorer that will look similar to the one below. Your Extensions will be listed to the far right of all of your columns, and you will have a column that lists each of Extensions installed on each computer.
All alarms for the MS Exchange extension will appear in the MS Exchange column. The same is true for the MS Update Extension. All Anti-Virus extension alarms (for Symantec and for all other AV products that will be supported over time) will roll up into the blue Anti-Virus column. All Backup Extension alarms (for Symantec and all other backup products that will be supported over time) will roll up into the blue Backup column.
Assigning Extensions to Servers and Workstations
The default extensions that are provided with ProactiveWatch are all locked. This means that you cannot change their configurations. However, they come with default configurations, and in some cases, you might just be able to use the default configurations. The Symantec Backup Exec, and the MS Update Extensions contain no environment specific configurations, so as a first step, if you have computers that have Backup Exec and/or MS Update installed upon them, you might want to just assign the templates corresponding to these extensions to those computers.
Templates that contain Extensions have “Enhanced” in their names. This is to differentiate them from templates that address the same product (for example Symantec Backup Exec) but that monitor the services, processes, and event log entries for that product. In the screen shot below, you see two templates with Symantec Backup Exec in their names:
1. Symantec Backup Exec – this template monitors the services, processes and event log entries for Backup Exec.
2. Symantec Backup Exec Enhanced – this template contains the Backup Exec Extension, and does not contain the service, process, and event log monitors contain in the template described in #1 above. Since the Symantec Backup Exec, Symantec Anti-Virus and the MS Update Extensions do not contain parameters that could be specific to a customer environment; you can get started with Extensions by simply assigning these Extension templates (with Enhanced in their template names) to the computers that Symantec Backup Exec, Symantec Anti-Virus and MS Update installed upon them. Note that if you want both the Symantec Backup Exec Extension monitoring and the monitoring of Backup Exec services, processes, and event log entries; you have to assign two templates to each of the computers running Backup Exec.
Customizing and Configuring Extensions
In order to change the default configuration of an Extension, or to customize one specific to your customer base, or a specific customer you have to first clone the extension. Go to SettingsMonitoring TemplatesDefine Tab, select the Extension you wish to customize, right click and select Clone. Give the template a name. Please be aware of the following considerations when naming Extension Templates: 1. The Symantec Anti-Virus, Symantec Backup Exec and MS Update templates contain no parameters
that are specific to a customer environment. You might be able to use the default extension template, or create one clone of each of these templates that you can reuse across all of your customers. You might want to consider naming such a template “MS Update – Global Tech” where Global Tech is the name of your company.
2. The MS Exchange Extension requires a unique configuration for each Exchange Server that you wish to monitor. If you have customers with more than one Exchange Server, then you might want to use a naming convention like Exchange Extension – Cust Name – Computer.
If you implement the suggestions in 1 – 2 above, then you might end up with the following assignments in the SettingsMonitoring TemplatesAssign Tab:
1. The Exchange Add-On (Exchange services, processes, and event logs) is assigned to all Exchange Servers and MS Exchange – Fugitive (the Exchange Extensions template for this specific Exchange server) is assigned to just the Fugitive Exchange Server.
2. The Default MS Update Extension Template is assigned to all servers.
3. The Symantec Anti-Virus template (services processes, and event logs), and the Symantec Anti-Virus Enhanced template are assigned to all computers that have Symantec AV installed upon them. 4. The Symantec Backup Exec template (services processes, and event logs), and the Symantec Backup
Exec Enhanced Template are assigned to all servers and workstations that have Symantec BE installed upon them.
