ProactiveWatch
Table of Contents
Table of Contents ______________________________________________________ 1
I.
ProactiveWatch Technical Architecture__________________________________ 1
II.
Installing ProactiveWatch ___________________________________________ 2
Installing and Accessing the ProactiveWatch Explorer ___________________________ 2
III.
Cancelling a Customer _____________________________________________ 3
IV.
Operating the ProactiveWatch Explorer ________________________________ 3
Customizing the Explorer to Display (Only) What You Want To See ________________ 4
Customer Views __________________________________________________________ 4
Customizing the Columns Displayed in the Grid View ___________________________ 5
Adding or Changing Grouping ______________________________________________ 6
The Alarms View – Working Alarms _________________________________________ 7
The Alarm History ________________________________________________________ 8
The Work Alarms Screen __________________________________________________ 9
V.
Monitoring Templates – How To Change and Add Monitoring Functionality _ 10
Monitors in Base Templates, Add-On Templates and Extensions __________________ 11
Changing the Monitoring Settings in a Template _______________________________ 12
Assigning Monitoring Templates to Workstations, Servers and Network Devices _____ 13
VI.
Default ProactiveWatch Monitoring Templates and Features ______________ 14
Differences in Monitors between Agent Types _________________________________ 14
How the Default Monitors Work in ProactiveWatch ____________________________ 15
VII.
Default (Out-of-the-Box) Network Device Monitoring __________________ 16
VIII.
Optional Monitors in ProactiveWatch _______________________________ 17
IX.
Monitoring Extensions ____________________________________________ 19
Displaying Extension Monitor Status in the Explorer Grid View __________________ 20
Customizing and Configuring Extensions _____________________________________ 22
MS Exchange Extension Configuration and Monitoring Details ___________________ 23
MS Update Extension Configuration and Monitoring Details _____________________ 26
Symantec Anti-Virus Extension Configuration and Monitoring Details _____________ 27
Symantec Backup Exec Extension Configuration and Monitoring Details ___________ 28
X.
Managing Alarms in ProactiveWatch _________________________________ 29
Exclusions in Manage Alarms ______________________________________________ 30
Marked As Normal in Manage Alarms _______________________________________ 30
XI.
Notification Rules ________________________________________________ 32
XII.
Analytical Tools in the ProactiveWatch Explorer ______________________ 33
Show Issues ____________________________________________________________ 33
View Metrics ___________________________________________________________ 33
Creating a Time and Date Based Snapshot ____________________________________ 34
System Compare ________________________________________________________ 35
Application Compare ____________________________________________________ 35
Event Log Analyzer ______________________________________________________ 36
Distribution Graph ______________________________________________________ 36
Trend Graph ___________________________________________________________ 37
Multi-User Impact Analysis _______________________________________________ 37
XIII.
Updating Agents and Gateways to Future Versions ____________________ 38
XIV.
Integration with LogMeIn IT Reach and the LogMeIn Network Console ___ 39
XV.
Using A Different Remote Control Method than LogMeIN ______________ 41
XVI.
Autotask Integration ____________________________________________ 42
Configuring Autotask ____________________________________________________ 42
Configuring ProactiveWatch_______________________________________________ 44
XVII.
The ProactiveWatch Mobile Web Console____________________________ 46
XVIII.
About ProactiveWatch _________________________________________ 47
V120322 1
I.
ProactiveWatch Technical Architecture
The technical architecture of the ProactiveWatch system is shown in the image below. The architecture of the system has several key components:
1. ProactiveWatch hosts the back end applications servers and database servers. You do not need to buy any licensed software from ProactiveWatch, nor do you need to procure or maintain any Windows or Database server licenses or hardware to support the ProactiveWatch system.
2. For the purposes of monitoring servers and workstations, ProactiveWatch is an agent-based system. ProactiveWatch agents are very small (consuming approximately 20MB of Virtual Memory on a server), and very efficient (collecting data on every process running on the server every 10 seconds) while consuming approximately 1% CPU during every monitoring interval.
3. Agents are available for Windows 2000 Server and above, Windows XP Workstation and above, Linux/Unix (Red Hat, SUSE, etc.) and Mac OSX.
4. For the purpose of supporting network devices, any server agent can collect data from any network device that the agent can access via SNMP. ProactiveWatch supports all network devices that can respond to an ICMP ping for availability monitoring. For performance and bandwidth monitoring ProactiveWatch uses SNMP MIB 2.0.
5. Agents open an outbound port to the Gateway. The Gateway opens 443 outbound to the PW Back End. No firewall ports need to be opened at the customer site in order for ProactiveWatch to function. 6. The ProactiveWatch Explorer (Console) is a rich client .Net 2.0 application that the VAR installs on a
II. Installing ProactiveWatch
There are two simple steps to installing ProactiveWatch at a new customer site:
1. Install one ProactiveWatch Gateway (a Windows Service that runs on a non-dedicated server that can open an outbound connection on port 443) at the customer site. You will need your VAR ID and you will create unique ID for the customer during the Gateway install. Note that you will typically install this on a server (since the Gateway installation is combined with a Server-Class monitoring agent), but you may install it on a workstation if it is a peer-peer network.
2. Install Agents at the Customer Site. All you need to install Agents is to select the Agent Type, and to tell the installer the IP address of the computer that is the Gateway.
For detailed instructions on installation, please consult the Quick Start Guide.
Installing and Accessing the ProactiveWatch Explorer
After you install the Gateway, you should install the PW Explorer (the Console) on your laptop or workstation and make sure that your newly installed Gateway will appear in your Console.
The Explorer requires no configuration during installation (just .Net 2.0). You log into the Explorer with your VAR ID, the user ID and password that were provided to you in your registration email. If your Explorer cannot connect, please take the following steps:
1. Verify that the Host is set to proxi.proactivewatch.com 2. Verify that the Port is set to 29443
3. Verify that your VAR ID and Password are correct 4. Verify that Domain is set to ProactiveWatch
5. Once you verify these items if you still fail to connect open a Command Prompt. Type: “Telnet proxi.proactivewatch.com 29443”. This will test whether you can get out to the public Internet on port 29443. If this test fails, then your access on this port is blocked, and you will need to get this port opened outbound in order to run the Explorer from your current location. 6. If the Telnet test passes, and you still cannot connect, please send an email to
After you have installed your first Gateway, and launched the Explorer, you should see your Gateway in the Explorer as is shown below. Note
that you can use the Manage Columns under Settings to add the Agent Type column to your view so that you can see what types of agents you have installed.
V120322 3
III. Cancelling a Customer
To remove ProactiveWatch from a client site, you should ideally uninstall the ProactiveWatch and FreeMyIT agents (add/remove programs). If you no longer have acceess to the client’s site, you can “block” the agents from that site by using Settings->Manage Blocked Agents from the Console. Once you have blocked the agents, they will be prevented from re-connecting to the ProactiveWatch servers once a connection is broken (internet disruption, system reboot, etc.). At that time they will appear “grayed-out” in the Console and you can delete the systems from your Console.
Once the systems show as grayed-out in the console, you can delete them from the Console by selecting the rows and choosing Edit->Delete.
IV. Operating the ProactiveWatch Explorer
The ProactiveWatch Explorer is a rich client .Net 2.0 application that you install upon workstations or Servers at your site. This is the only piece of ProactiveWatch software that you need to install at your site or upon your user PC’s or laptops.
The Explorer displays the real-time status of all of the monitored servers, workstations, and network devices across all of your customers and sites monitored by ProactiveWatch. Each monitored device is a row in the Explorer. Each column represents the status of one or more monitors. The status of a Monitor for a device is displayed in the cell that is at the intersection of the device row and the monitor column. The colors in the cell have the following meanings:
1. A Green square means that the status is normal (no alert condition is present)
2. A Red Square means that the monitor is currently in an alarming state.
3. A Red Triangle means that the alarm has cleared. Alarms that are caused by conditions that clear like CPU abuse, Memory abuse,
etc., will clear automatically when the condition that caused the alarm goes away.
4. A Blue Square is for a Marked As Normal Alarm (discussed in detail in the Managing Alarms chapter). Normal Alarms (like scheduled reboots in the middle of the night) are alarms you want to know about, but that you do not want to get email notifications on.
5. A Red and a Yellow triangle in a square is an Event. Events do not have a time duration and by definition have occurred in the past when you see them for the first time, so are marked in Yellow with a Red Triangle. Unlike an Alarm there is no automatic or manual way to “Clear” an Event. You have an option in the Explorer for how far back in time you want to view events.
6. A Blue and Yellow triangle in a square is a Marked As Normal Event. For example if you decide that you want to Mark As Normal Event Log entries associated with printer creation errors you can mark that specific Event ID as Normal (in Manage Alarms), causing it to appear as blue/yellow, and you will not get email notifications on this event.
Customizing the Explorer to Display (Only) What You Want To See
The Explorer is easily customizable to display only the devices from a particular customer, the devices at a particular location, or only the devices that are currently alarming. The following options are available to you to customize your view in the Explorer (each number below corresponds to a number on the screen shot):
1. Clicking on the column header sorts by the data in the column. 2. Lets you choose how far back in time to display Events
3. Filters your view. For instance, choose Customer, and then select the Customer that you want to see. That will show only the servers and devices for that customer.
4. Substring Search lets you quickly find a system by typing in the partial computer name.
5. Pressing the “Resets Grid – Acknowledges Past Alarms” button makes all of the red triangles go away (acknowledges alarms that have occurred, but that have cleared).
6. Pressing “Pause”, pauses grid refreshes. This makes the grid “hold still” since rows with new alarms will go to the top in the default sort order unless you press this button.
7. Locks the grid to the top. If you have sorted alarms so that all CPU alarms are at the top, this will keep your selected rows at the top, even as alarms occur.
8. Toggles the view to display only rows with active alarms, or when pressed again shows all rows. 9. Locks in a view to Group by Customer (on by default).
10. If you do not have the Customer Grouping button on, this will sort your grid to put all alarming rows at the top.
11. Collapse/Expand All allows you to quickly collapse or expand the Groups.
Customer Views
When you add a new customer, a new View is automatically created to show just the systems for that customer (as shown in the screen, above). This lets you quickly click a tab to view a client environment. (You may need to log out and in again to see a new customer.)
V120322 5
Customizing the Columns Displayed in the Grid View
You can create multiple views each displaying a different set of columns, and you can customize the columns displayed in each grid. ProactiveWatch ships with three default views, “All”, “Computers” and “Network,” and as mentioned above, automatically creates views for each new Customer. You may select these views by pressing the tab with the View name in the main grid view of the Explorer
To create a new view, or to change the columns in an existing view, go to SettingsManage Columns. The right and left arrows in the middle of the dialog move columns between Available and Selected. Once a column is selected, you can highlight and drag it up or down in the Selected list on the right. If you were to add a column to the list below, and drag it so that it appeared under Agent Type, than that column would appear to the right of Agent Type in the Grid View.
To create a new View, Clone an existing View and give this view a name. There are several other places in the Explorer where the displayed set of columns is determined by the displayed set in the Main Grid View (for example in the Assign tab of Monitoring Templates). If you want to efficiently manage your screen real estate, you can create a view that is optimized for assigning templates to computers in this screen and switch to it before you go work with Monitoring Templates.
To create a new custom column, hit the “+” at the top right of the Available box. For example if you have customers on three different support plans (Silver, Gold, and Platinum), you can create a column named “Support Plan”. You can then select groups of rows in the Explorer, right-click, select Fill Cells, choose Support Plan as the column, and then type in “Gold” to populate the Support Plan column for the selected set of rows with Gold. You could then sort customers in the Grid View by Support Plan, or even build Notification Rules based upon which Support Plan a customer was on.
Adding or Changing Grouping
By default the button to group by Customer is active. So, when your Explorer comes up, it will automatally display all of the rows for each customer together. You can add or change groupings by dragging column headings up to the dark gray area above the column titles.
You can group by any column displayed in the Grid View. For example, if you have both servers and network devices monitored at your customer sites, and you would like them to be displayed together for each customer, then add Agent Type as a column, and drag its its Column heading up to the dark gray area as shown below.
V120322 7
The Alarms View – Working Alarms
Clicking on the alarms tab (next to the View tab) brings up a summary list of all of the open alarms across all of the managed devices at all of your customers. You can group these alarms by any column heading by dragging the column heading up into the dark gray area. You can also right click and take the following actions on any set alarm:
1. Work Alarm – this brings up the detailed work alarms screen that allows you to take a variety of actions upon an individual alarm.
2. Alarm History – this brings up the same view of the alarms for a specific server, workstation or device that you get when you double click upon a row in the Grid View.
3. Show Issues – this bring up the Show Issues analysis for a managed device. The Show Issues analytical tool is discussed in the Analytical Tools section of this manual.
4. Defer Alarms – this allows you to stop Notifications for a selected period so that you can take a set of planned actions to resolve an alarm.
5. Mark As Normal – This marks the alarm as Normal. Go to Manage Alarms and the Marked as Normal tab to customize the time windows for your Marked as Normal setting and the computers to which it applies.
6. Clear Alarms – This manually clears the selected set of alarms, even if the condition that caused them has not been addressed.
The Alarm History
If you double-click on any selected set of rows in the Grid View of the Explorer you will bring up the Alarm History for the selected set of devices. The Alarm History is a rich diagnotics tool that displays the following information:
1. The alarms that have occurred within the selected time period (24 hours, 3 days, or 7 days) for the selected set of servers.
2. If you select a single alarm, you will get the available diagnostics information for the alarm. In the case of resource based alarms (over use of CPU, Memory, Disk, Handles or Threads) you will get a detailed System Snapshot that shows you the state of the computer at the time of the alarm. This will include the usage state of the key resoruces on the server, as well as which processes are the top five users of those resources.
3. The System Profile at the time of the alarm.
4. The set of installed applications, security updates and hot fixes at the time of the alarm.
If you double-click on any single row in the Alarm History, you will go to the Work Alarms screen (described below).
V120322 9
The Work Alarms Screen
You can access the Work Alarms screen by either double-clicking on a row in the Alarm History, or by going to the Alarms tab in the main grid view, selecting a row, right-clicking and selecting “Work Alarm”. The Work Alarms screen pertains to a single alarm and allows you to perform the following actions: 1. Mark As Normal – This marks this alarm as normal. Future occurrences of this alarm on this computer
will be displayed in blue in the Grid View, and will not trigger email notifications. If you would like to generalize a specific Marked As Normal entry (for example to make it apply to more than one
Computer), use SettingsManage AlarmsMarked As Normal to customize your entries.
2. Clear Alarm – This clears the alarm whether the underlying cause of the alarm has been addressed or not.
3. Create Autotask Ticket. If you use the Autotask PSA and have configured the Autotask integration, you can automatically create a ticket for this alarm in Autotask.
4. Assign an Alarm – Click the Assign button to assign the alarm to yourself or another ProactiveWatch user. The alarm is displayed with the selected ownership in the accounts of other Explorer users at your company.
5. Defer – This defers the time count that the alarm is open in order to give you time to fix it. This will remain as an active alarm in the console, but will temporarily stop sending alarm/email notifications. 6. Manage Computer – Will launch the Manage Computer widget for this device which will allow you to
V. Monitoring Templates – How To Change and Add Monitoring Functionality
Go to SettingsMonitoring Templates to see the default set of monitoring templates, shown in the image to the right. All of the Default Templates are locked and their settings cannot be changed. To change monitoring settings, clone a template, and change the settings in the clone (see the next section for how).
There are three types of templates within ProactiveWatch, Base Templates (in blue) and Add-On Templates (in green) and Extension Templates. Only one Base Template may be assigned to a monitored device at a time. Base Templates are also tied to an Agent Type (Gateway Server, Server or Workstation). You cannot assign a Base Template to an Agent of a different type than the Template. So, if you create a new Server Template by cloning the default Server Template, you will only be able to assign the new template you made to servers that have the Server Agent installed upon them (and not to Workstations or Gateway Servers). Base Templates are the only place where you can set up monitors that have thresholds like CPU %.
This is so you only ever have one of those kinds of thresholds to worry about per monitor, and never have to figure out which CPU % threshold (in which template) is causing the alarm (since there can be only one template with a CPU threshold assigned to any server or workstation).
Add-On Templates are not typed (they can be assigned to any monitored device), and you can assign as many Add-On Templates to a server, workstation, or network device as you like. Add-On Templates are designed to let you handle the variation among devices at your customer sites without having to proliferate Base Templates. So, if you have two different kinds of backup software installed at your customer sites, each of which writes different events to the Event Log, you can create two different Backup Add-On Templates by setting up the Event Log monitoring appropriately in each, and then assigning those Templates to the appropriate servers.
Extension Templates are Add-On Templates that contain a specific monitoring Extension for a specific type of server (like a Microsoft Exchange Server), or a specific type of third party service that requires in depth monitoring (like Symantec Anti-Virus or Symantec Backup Exec). Extensions are implemented as scripts that are downloaded to agents and then run upon a desired schedule. ProactiveWatch includes several extensions. These will be added to by ProactiveWatch over time, and you can also write your own.
V120322 11
Monitors in Base Templates, Add-On Templates and Extensions
As mentioned above, there are three different types of Templates in ProactiveWatch, Base Templates, Add-On Templates, and Extensions. The different monitors that are available in the three types of templates are summarized in the table below:
Template Type Base Add-On Extension
Site Down Monitor Yes No No
Internet Down Monitor Yes No No
Server Down Monitor Yes No No
LAN Latency Monitor Yes No No
Auto-Started Service Down Yes No No
Event Log Collection Yes No No
Total CPU Usage Yes No No
CPU Usage by a Single Process Yes No No
Low Disk Capacity Yes No No
Excessive Disk Time (Activity) Yes No No
Low Virtual Memory Yes No No
Low Physical Memory Yes No No
Excessive Threads used by a Process Yes No No
Excessive Handles used by a Process Yes No No
Registry Change Yes No No
Application Install/Removal Yes No No
System Profile Change Yes No No
Reboot Yes No No
Application Crash Yes No No
Port Error Yes Yes Yes
Client to Server Initiator Yes Yes Yes
Client to Server Listener Yes Yes Yes
URL Availability and Response Time Yes Yes Yes
Excessive ICA Connect Latency Yes Yes Yes
Windows Event Log Alerting Yes Yes Yes
Specific Service Down Yes Yes Yes
Specific Process Down Yes Yes Yes
MS Exchange Extension No No Yes
Symantec Anti-Virus Extension No No Yes
Symantec Backup Exec Extension No No Yes
Microsoft Update Extension No No Yes
In general the best practice is to have a small number of Base Templates that you can reuse widely across similar servers in your customer base. Then use Add-On Templates to handle variation between similar servers across customer sites. Use Extensions to add deep monitoring of certain functions to your system.
Changing the Monitoring Settings in a Template
To edit the settings for an existing template, you double-click on it and go to the settings for that template. To create a new template, select the appropriate starting point (remember the type of the template much match the installed agent type), right click and select “Clone”. To edit the settings within a template take the following steps:
1. The set of monitors in a template that are enabled are in green, disabled monitors are in gray. To turn a monitor on, select it, right click, and choose “Enable”.
2. For most monitors the settings are in the columns to the right of the Alarm name. These cells are editable, and you can simply type in the values you would like for each monitor.
3. Some monitors have thresholds that are the numerical value in the monitor that must be exceeded in order for the monitor to alarm. The value is either a count (a number of handles), a percentage (X % of CPU), or a time value (a certain number of seconds or milliseconds). The Unit of the threshold is specified in the Unit Column.
4. Timeframe is the duration in seconds that a monitor must surpass the threshold in order to alarm. 5. Certain monitors required advanced configuration. These monitors have blue “Configure” links in the
Advanced column. Click on the Configure Link to access the advanced configuration dialog for these monitors. Information on how to configure the advanced settings in the optional monitors is contained in the “Optional Monitors” section later in this manual.
V120322 13
Assigning Monitoring Templates to Workstations, Servers and Network Devices
ProactiveWatch provides for an easy spreadsheet like user interface to assign monitoring templates to workstations, servers, and network devices. You access this interface by going to SettingsMonitoring Templates and selecting the Assign tab. All you have to do to assign a template to a device is to double-click in the cell that intersects that device row and the template column.You can copy and paste template assignments en-masse so you can quickly assign a set of templates to a set of devices. To do this, select a cell, right-click and select copy. You can then select N rows, select paste and past that selection to those rows. You can also copy and paste an entire row of selections if you have one server set up just right, and want to copy that assignment to N other rows.
As mentioned before in the section on Monitoring Templates, you can only have one Base Template assigned to each server, workstation or network device. Furthermore, Base Templates have a type that matches the agent type you installed. You cannot assign a Base Template of one type to an agent of a different type. Only the allowed choices are in white in the Base Templates section of the Assign dialog. The Default Exclusions Template is automatically assigned to all devices, which gives you one easy place to manage all of the alarms that are not desirable. Please see more detail on this feature in the Manage Alarms section of this manual.
Notice the in the case below, the HP Insight Manger, Symantec BackupExec, and All Event Log Errors Add-On Templates are assigned to all of the servers. This shows how easy it is to configure ProactiveWatch for the different scenarios you encounter at customer sites.
The gray columns you selected in the main grid view determine the gray columns you see in the Assign dialog. If you are running out of real estate in this dialog, then go to Manage Columns and make a View called Assign Templates. Put the minimum columns you need in this view, and then select it before you come to this dialog.
VI. Default ProactiveWatch Monitoring Templates and Features
When you install an agent, one of three Base Monitoring Templates is automatically assigned to that agent depending upon what type of agent you install. If you install a Gateway on a computer, then a Gateway Server Agent is also installed upon that computer, and the associated Gateway Server Base Monitoring Template is assigned to that Gateway Agent. If you install a Server agent upon a computer, the Standard Server Base Template will be assigned to that agent. If you install a Workstation agent upon a computer the Standard Client Base Template will be assigned to that agent. The agents in the default templates contain a set of default monitors shown in the table below. No configuration or customization is required to activate these monitors.
Differences in Monitors between Agent Types
The differences in the default monitors that are provided in the three default monitoring templates is shown in the table below:
Computer Type Gateway Server Server Workstation
Agent Type Gateway Server Server Workstation
Default Template Gateway Server Standard Server Standard Client
Site Down Monitor Yes No No
Internet Down Monitor Yes No No
Server Down Monitor Yes Yes No
LAN Latency Monitor No Yes No
Auto-Started Service Down Yes Yes Yes
Event Log Collection Yes Yes Yes
Total CPU Usage Yes Yes Yes
CPU Usage by a Single Process Yes Yes Yes
Low Disk Capacity Yes Yes Yes
Excessive Disk Time (Activity) Yes Yes Yes
Low Virtual Memory Yes Yes Yes
Low Physical Memory Yes Yes Yes
Excessive Threads used by a Process Yes Yes Yes
Excessive Handles used by a Process Yes Yes Yes
Registry Change Yes Yes Yes
Application Install/Removal Yes Yes Yes
System Profile Change Yes Yes Yes
Reboot Yes Yes Yes
Application Crash Yes Yes Yes
The Gateway Server agent is the only agent that implements the Site Down and Internet Down Monitors. Since you typically have one Gateway at each customer site, these monitors serve to tell you if that site is up, and if the Internet is accessible from that site. The Server Down and LAN Latency Monitors are not implemented in the Workstation agents, since those agents typically get installed upon user computers including laptops that get turned off frequently (which would cause a false alarm if these monitors were
V120322 15 implemented. If you have a workstation that should be up all of the time, and you want to monitor it with the Server Down alarm, put a Standard Server Agent on that Workstation.
How the Default Monitors Work in ProactiveWatch
1. Site Down Monitor – The PW back end constantly monitors each GW to make sure that the GW is communicating back to the PW back end on the required intervals. If the GW fails to check in within the required interval (by default 60 seconds), the PW back end will issue a site down alarm. The PW back end will generate an email to the main support account at the VAR, notifying the VAR of the outage. This notification does not rely upon any infrastructure at the customer or the VAR except the ability on the part of the VAR to receive an email.
2. Internet Down – the PW Gateway measures the response time from the GW of www.google.com, and www.yahoo.com every 60 seconds. If both of these web requests fail, the GW sends an Internet Down alarm to the back end, which generates an Alarm and a Notification as described above. Alarms and Notifications will also be generated if both sites are slow to respond.
3. Server Down Monitor – the PW Gateway maintains a continuous connection with each monitored server. If that connection is broken, the Gateway sends a Server Down alarm to the PW back end, which generates an alarm and a notification as described above.
4. LAN Latency Monitor – The GW continuously checks the latency over the LAN between itself and the monitored servers. If the performance of the LAN degrades, an alarm is generated.
5. CPU Usage Monitor – If total CPU usage is above 95%, or usage by any single process is above 50% for the default time period, an alarm is issued.
6. Memory Usage Monitor – If Physical Memory usage is above 90% or Virtual Memory Usage is above 70% for the default time period, and alarm is issued.
7. Disk Time Monitor – If Disk Time (the percentage of the last second in which the disk controller is actively accessing the hard disk) is above 50% for the default time period, and alarm is issued. 8. Disk Capacity Monitor – If the free space on any disk drive falls below 5% an alarm is issued.
9. Thread and Handle Usage Monitor – If any single process uses more than the desired number of threads or handles, and alarm is issued.
10. Event Log Monitoring – All Event Log entries written to the Applications Log and the System Log are automatically collected. These can be browsed with the Event Log Viewer that is part of the PW 1.6 Explorer. Alerts for any combination of severities and logs can be turned on for any combination of servers or workstations with one mouse click.
11. Installed Programs Monitor – Any change to the set of installed programs (including Windows Hot Fixes and Security Updates) is detected, and alerted upon. Additionally any changes to the sections of the Registry that involve launching programs (Run, RunOnce) are also detected.
12. Application Crash Monitor – If any process on the server crashes, this crash is detected. Dr. Watson crash dump information is also collected if Dr. Watson is enabled on the server.
13. Windows Service Monitor – if any automatically started Windows Service goes down, and alarm is issued.
14. Reboot Monitor – If a server reboots and alarm is issued. Normal reboots can be easily masked out with the Marked As Normal features of the system.
15. System Profile Monitor – If the profile of a monitored server changes (for example, the IP address of a server changes), an alarm will be issued.
VII. Default (Out-of-the-Box) Network Device Monitoring
Any server agent can monitor any network device that it can access via ICMP and SNMP. If the VAR provides the information to the right about a Network Device, then ProactiveWatch will automatically monitor that network device.
The default Network Device template is shown below with the default settings for network device monitoring. The monitors that are on by default are:
1. ICMP Ping Failure – The selected Server Agent will ping the network devices and issue an alarm if the devices fails to respond.
2. If packet loss on the
ping exceeds the threshold, and alarm will be issued.
3. If the response time on the ping exceeds a latency threshold, an alarm will be issued.
4. If the profile of the network device (for example the version of its installed software) changes, and alarm will be issued.
5. If utilization of any of the inbound or outbound interfaces exceeds the threshold, an alarm will be issued.
The Connected Network Device monitor is off by default since it will alarm whenever the set of devices connected to a switch or router changes. This can be a very valuable monitor in certain circumstances, but it will generate a large number of false alarms for routers and switches that support workstation and laptop computers.
V120322 17
VIII. Optional Monitors in ProactiveWatch
ProactiveWatch contains a wide variety of monitors that you can enable by simply selecting them in a monitoring template and turning them on. Some of these monitors require some customer specific configuration. The optional monitors are detailed below:
1. Web Site (URL) Response Time Monitor – This monitor tests the availability and response time of any selected web site. This can be a public web site, a corporate intranet, or a Citrix Web Interface Server. Any agent can run this monitor against any web server that is accessible from the computer that the agent is running on.
2. ICA Port Response Time Monitor – This monitor tests how long it takes a Citrix server to respond to connect request on the ICA port from the agent making the port request. Any agent can run this monitor against any Citrix server that is accessible from the computer that the agent is running on.
3. Port Monitor – This monitor allows the VAR to specify ports that must be present (80 and 443 on a web server), ports that are allowed to come and go (135 the RPC port), and then either ban a specific “black list” of ports or, as is shown in the example to the right, ban all ports that are not either required, or specifically allowed.
4. Client2Server Monitor – This monitor tests the latency over a TCP/IP socket between any two sets of monitored devices. The C2S monitor is an excellent choice to watch the latency between the servers that constitute the tiers of an applications system (for example from web servers to applications servers, to database servers). The Client2Server Monitor is configured in two different places –
server(s) that respond to (listen for) latency checks and server(s) that create (initiate) latency checks. To configure the listener, clone the Generic Exclusions Template and make an Add-On Template named C2S listener. Enable the C2S Listener in that template. Use Monitoring TemplatesAssign to assign the C2S Listener Add-On Template to the servers that will be responding to latency checks. To configure the initiator, create another Add-On Template named C2S Initiator. Configure it to send latency checks to the servers that you have applied the Listener template to. Assign this template in Monitoring TemplatesAssign to the servers or workstations that you want to test the latency to the target servers. Note that the configured port (29100 by default) must be open between the two sets of servers for this monitor to work.
5. Individual Service Monitor – By default ProactiveWatch monitors all automatically started services and alarms if any of them go down. If you wish to monitor services that are not automatically started, you can do so by configuring the Specific Windows Service Down Monitor. Please enter the Display Name of the service in the dialog when configuring this monitor.
6. Process Down Monitor – ProactiveWatch can be configured to watch any specific process. This monitor is enabled by default in the Exchange Server template to watch store.exe. Just enable the Process Down Monitor in the Template (Base or Add-On) of your choice and then add the process name you would like to have monitored.
7. Total Handle and Total Thread Usage Monitors – These monitors watch the total number of threads and handles in use. Since the acceptable number is highly dependent upon the type of work that a server is doing, these monitors should be turned on within a monitoring template dedicated to a specific type of server.
8. Memory Usage by a Process – This monitor can watch the memory usage by individual processes, and should be using in conjunction with application specific monitoring.
9. Extensions – 1.6 includes Extensions that provide very detailed monitoring of Microsoft Exchange, MS Update, Symantec Anti-Virus, and Symantec Backup Exec. Other extensions will be added over time. You can even add your own extensions. Extensions are documented in Chapter XVII.
V120322 19
IX. Monitoring Extensions
ProactiveWatch includes the ability to deeply monitor a specific vendor’s product or service with monitoring functionality custom to that product or service. Certain extensions are provided by ProactiveWatch and are included in ProactiveWatch. You can also write your own extensions and have ProactiveWatch install and distribute them for you. ProactiveWatch includes the following extensions: 1. Microsoft Exchange – deep monitoring of Exchange queues, and mail flow over POP, IMAP and MAPI 2. Symantec Anti-Virus – monitoring of whether signatures are up to date, and if a virus has been found 3. Symantec BackupExec – monitoring of whether or not all configured backups have completed
successfully
4. Microsoft Update – monitoring of whether or not all available patches have been installed Extensions are provided in ProactiveWatch via an additional set of Add-On Templates. If you go to SettingsMonitoring Templates, you will see four new Add-On Templates that correspond to the four Extensions described above. Templates that have Extensions assigned to them, list the short name of the Extension (MSEXCH, MSUPD, SAVMON, and SMBE) in the Extensions Column.
Displaying Extension Monitor Status in the Explorer Grid View
Go to SettingsManage Columns. Select thefour columns highlighted in the Available box on the left of the screen shot. Hit the right arrow. This will move those columns to the bottom of the Selected set and display them to the right in your Grid View. This will display the alarm status of all four extensions. You can also add a column named “Installed Extensions” to cause a column to appear that lists the extensions installed on each computer in that column.
If you configure your columns as described above, you will have a Grid View in your Explorer that will look similar to the one below. Your Extensions will be listed to the far right of all of your columns, and you will have a column that lists each of Extensions installed on each computer.
All alarms for the MS Exchange extension will appear in the MS Exchange column. The same is true for the MS Update Extension. All Anti-Virus extension alarms (for Symantec and for all other AV products that will be supported over time) will roll up into the blue Anti-Virus column. All Backup Extension alarms (for Symantec and all other backup products that will be supported over time) will roll up into the blue Backup column.
V120322 21
Assigning Extensions to Servers and Workstations
The default extensions that are provided with ProactiveWatch are all locked. This means that you cannot change their configurations. However, they come with default configurations, and in some cases, you might just be able to use the default configurations. The Symantec Backup Exec, and the MS Update Extensions contain no environment specific configurations, so as a first step, if you have computers that have Backup Exec and/or MS Update installed upon them, you might want to just assign the templates corresponding to these extensions to those computers.
Templates that contain Extensions have “Enhanced” in their names. This is to differentiate them from templates that address the same product (for example Symantec Backup Exec) but that monitor the services, processes, and event log entries for that product. In the screen shot below, you see two templates with Symantec Backup Exec in their names:
1. Symantec Backup Exec – this template monitors the services, processes and event log entries for Backup Exec.
2. Symantec Backup Exec Enhanced – this template contains the Backup Exec Extension, and does not contain the service, process, and event log monitors contain in the template described in #1 above. Since the Symantec Backup Exec, Symantec Anti-Virus and the MS Update Extensions do not contain parameters that could be specific to a customer environment; you can get started with Extensions by simply assigning these Extension templates (with Enhanced in their template names) to the computers that Symantec Backup Exec, Symantec Anti-Virus and MS Update installed upon them. Note that if you want both the Symantec Backup Exec Extension monitoring and the monitoring of Backup Exec services, processes, and event log entries; you have to assign two templates to each of the computers running Backup Exec.
Customizing and Configuring Extensions
In order to change the default configuration of an Extension, or to customize one specific to your customer base, or a specific customer you have to first clone the extension. Go to SettingsMonitoring TemplatesDefine Tab, select the Extension you wish to customize, right click and select Clone. Give the template a name. Please be aware of the following considerations when naming Extension Templates: 1. The Symantec Anti-Virus, Symantec Backup Exec and MS Update templates contain no parameters
that are specific to a customer environment. You might be able to use the default extension template, or create one clone of each of these templates that you can reuse across all of your customers. You might want to consider naming such a template “MS Update – Global Tech” where Global Tech is the name of your company.
2. The MS Exchange Extension requires a unique configuration for each Exchange Server that you wish to monitor. If you have customers with more than one Exchange Server, then you might want to use a naming convention like Exchange Extension – Cust Name – Computer.
If you implement the suggestions in 1 – 2 above, then you might end up with the following assignments in the SettingsMonitoring TemplatesAssign Tab:
1. The Exchange Add-On (Exchange services, processes, and event logs) is assigned to all Exchange Servers and MS Exchange – Fugitive (the Exchange Extensions template for this specific Exchange server) is assigned to just the Fugitive Exchange Server.
2. The Default MS Update Extension Template is assigned to all servers.
3. The Symantec Anti-Virus template (services processes, and event logs), and the Symantec Anti-Virus Enhanced template are assigned to all computers that have Symantec AV installed upon them. 4. The Symantec Backup Exec template (services processes, and event logs), and the Symantec Backup
Exec Enhanced Template are assigned to all servers and workstations that have Symantec BE installed upon them.
V120322 23
MS Exchange Extension Configuration and Monitoring Details
You may use the Default MS Exchange Extension template to monitor the Services, Thresholds and DNS based on our default settings. In order to use the Exchange Extension with the more powerful Round-Trip email verification, you must first clone the Add-On Template that contains the Extension, and give the resulting Add-On Template a unique name. Since Exchange Extensions are specific to each Exchange Server, you should name these templates with names that correspond to each Exchange Server at your customer sites (you will need one unique Exchange Extension for each Exchange Server at your customer sites). Optionally, you can use the Default MS Exchange Template, and use the Override Feature from the Properties dialog (select the system’s row, Edit->Properties) to setup the specific round-trip
configuration.
Using the Round-Trip Email Verification
ProactiveWatch can be configured to log into a test email account to send and receive test emails to ensure true mail flow.
Create a test email address on the Exchange server for the exclusive use of ProactiveWatch. The ProactiveWatch MS Exchange Extension will send emails from this account, thereby testing that SMTP is functioning. It will then log into the account via one or more of IMAP, MAPI and POP3 to ensure that mail is flowing for each of these protocols. If mail is not received for each the protocols you have selected for testing, an alarm will be created.
As mentioned, it is necessary to clone and save a template for each customer’s Exchange Server that you wish to monitor with Round-Trip Email Verification since mailbox names and login credentials will be specific to the Exchange Server. You will then fill in the necessary parameters based on the email protocols that are to be tested on this Exchange server. At a minimum, you must specify the SMTP credentials, and credentials for at least one of IMAP, MAPI or POP3 in order for ProactiveWatch to test that mail is received and to clear the email from the system.
Configuring the MS Exchange Extension
To make configuration changes, double click on the field containing the value you want to change. A drop-down box will appear that gives you the choices for the field unless it is a field that requires you to type in a value. The following parameters can be configured for an Exchange Extension:
Alarm on Success – (true/false). If true generates an alarm if all monitors pass their test. If you have mail flow monitoring configured, this is a great way of getting a positive acknowledgment that the Exchange Server is working.
Check IMAP, MAPI and POP - (true/false). This turns on mail flow monitoring via each of these protocols. You must configure accounts and parameters for each one of these monitors for them to work. (I.e.-You must set _HOST, _USER, _PASSWORD, _PORT, etc., for each protocol to be monitored.)
Collect Exchange Diag – (true/false). If true causes the Extension to collect diagnostic data when an alarm occurs, which is then presented along with the alarm.
Deferred Delivery Queue Threshold – (type in value). This queue contains messages that are queued for later delivery. This queue might contain messages that were sent by earlier versions of Microsoft Outlook, such as Microsoft Outlook 2000. Newer versions of Outlook store these types of messages in the Exchange store. Messages remain in the Messages Queued for Deferred Delivery queue until their
V120322 25 scheduled delivery time. The threshold is the size of the deferred delivery queue that will be allowed before an alarm is triggered.
Failed Message Queue Threshold – (type in value). This queue contains messages that failed a queue submission. Messages can fail a queue submission for several reasons, and the failure can occur before any other processing is done. If messages are corrupted or system resources are low, messages appear in this queue. The threshold is the size of the queue that will be allowed before an alarm is triggered.
Local Async Queue Threshold – (type in value). This queue contains inbound messages for delivery to mailboxes on the Exchange server. The threshold is the size of the queue that will be allowed before an alarm is triggered.
Post DSN Generation Queue Threshold – (type in value). This queue contains DSN messages pending submission. DSN Messages are Delivery Status Notification messages. The threshold is the size of the queue that will be allowed before an alarm is triggered.
Pre Cast Queue Threshold (type in value). This queue contains messages waiting directory lookup. The threshold is the size of the queue that will be allowed before an alarm is triggered.
Pre Routing Queue Threshold – (type in value). This queue contains messages waiting to be routed. The threshold is the size of the queue that will be allowed before an alarm is triggered.
Pre Submission Queue Threshold – (type in value). This queue contains messages pending submission. The threshold is the size of the queue that will be allowed before an alarm is triggered.
DNS Check Hostname and ResolveIP – (type in value). These parameters are unique to each Exchange Server, and must be uniquely specified for each server you want to monitor.
Email FROM and TO – (type in value). These are the TO: and FROM: email addresses that will be used when test emails are sent for POP, IMAP and MAPI mail flow monitoring.
Host, Password Port and User - (type in values). These values need to be set for each of the POP, IMAP, and MAPI mail flow monitors that you want to set up. You need to create an account on the Exchange Server that corresponds to the values that you use here.
SMTP Auth – (true/false). Whether or not to use SMTP Authentication in the mail flow monitors. Schedule (drop down, or Cron type in) - This determines how often the Extension will run to check
the status of the Update process, and the availability of any updates.
MS Update Extension Configuration and Monitoring Details
The MS Update Extension is contained in an Add-On Template named MSUpdate Enhanced. You can assign this template to any server or workstation in its default state, and it will monitor the MS Update process in the following manner:
If the MSUpdate process gets turned off or disabled in any manner you will get an alarm
When Updates are available, but not installed yet, you will get an alarm that will include the list of available updates
The Extension will run once a day to determine the status of the MS Update process.
If you wish to change any of the above parameters, you will need to clone the MS Update Enhanced template and give your clone a unique name. Since there are no customer or server specific
configurations required for the MS Update Extension you can use one or just a few clones to cover your entire customer base. If you are going to use just one clone to cover your entire customer base, you might want to create a clone that reflects your company name, like MS Update – Global Tech.
To make configuration changes, double click on the field containing the value you want to change. A drop-down box will appear that gives you the choices for the field unless it is a field that requires you to type in a value.
The following parameters can be configured for an MS Update Extension:
Desired_Levels (drop down) – Selects which states of the MS Update process will cause an alarm. By default, the Extension will alarm if the Update process is Not Configured, Disabled, or in an Unknown state. You can select the states that are required, and then the Extension will alarm if the process is not in one of the required states.
Monitor_AutoUpdates (true/false) - If true will alarm when updates are available and provide a list. Schedule (drop down, or Cron type in) - This determines how often the Extension will run to check
the status of the Update process, and the availability of any updates.
V120322 27
Symantec Anti-Virus Extension Configuration and Monitoring Details
The Symantec Anti-Virus Extension is contained in an Add-On Template named Symantec Anti-Virus Enhanced. You can assign this template to any server or workstation in its default state as long as the Rtvscan.exe program is installed in the directory that is specified in the default template. The default template and Extension will monitor the Symantec Anti-Virus in the following manner:
If a virus is found, your will get an alarm
If the virus definitions have not been updated within Max-Days, you will get an alarm
The Extension will run once a day to determine the status of the Symantec Anti-Virus process. If you wish to change any of the above parameters, you will need to clone the Symantec Anti-Virus Enhanced template and give your clone a unique name. Since there are no customer or server specific configurations required for the Symantec Anti-Virus Extension you can use one or just a few clones to cover your entire customer base. If you are going to use just one clone to cover your entire customer base, you might want to create a clone that reflects your company name, like MS Update – Global Tech. To make configuration changes, double click on the field containing the value you want to change. A drop-down box will appear that gives you the choices for the field unless it is a field that requires you to type in a value.
The following parameters can be configured for a Symantec Anti-Virus Extension:
Alarm_On_Success (true/false) – If true will generate an alarm if Symatec AV is fully operational and if virus updates have occurred within the Max_Days window.
Max Days (type in value) – The number of days that can elapse since the last virus definitions update. If this number of days is exceeded and alarm will be generated.
Scan_File (type in value) – The location of the Rtvscan.exe file on the computer’s hard disk. This value is retrieved from the registry so it only needs to be filled in if the value cannot be retrieved from the registry, or if the registry is incorrect for some reason.
Schedule (drop down) – the schedule upon which the Extension runs.
Symantec Backup Exec Extension Configuration and Monitoring Details
The Symantec Backup Exec Extension is contained in an Add-On Template named Symantec Backup Exec Enhanced. You can assign this template to any server or workstation in its default state. The default template and Extension will monitor the Symantec Backup Exec in the following manner:
The Extension will monitor the successful completion of all backup jobs known to Backup Exec, and alarm if any of them fail.
An alarm will also get generated if all jobs complete successfully (positive acknowledgement) The Extension will run once every hour to determine the status of the backups.
To change any of the above parameters, clone the Symantec Backup Exec Enhanced template and give the clone a unique name. Since there are no customer or server specific configurations required for the Symantec Backup Exec Extension you can use one or just a few clones to cover your entire customer base. If you are going to use just one clone to cover your entire customer base, you might want to create a clone that reflects your company name, like Symantec Backup Exec – Global Tech.
To make configuration changes, double click on the field containing the value you want to change. A drop-down box will appear that gives you the choices for the field unless it is a field that requires you to type in a value.
The following parameters can be configured for an Exchange Extension:
Alarm on Success (true/false) – if set to true will alarm if all backup jobs complete successfully Check (type in field) – a list of job ID’s to be checked. Used if the Check_All field is set to false Check_All (true/false) – if set to true, all backup jobs will be checked. If set to false, the list of jobs
to be checked must be specified in the Check field.
Ignore (type in field) – If you set Check_All to true, you can provide is list of job ID’s to be ignored Schedule (drop down) – The schedule upon which you want the Extension to run
Success (type in field) – The list of codes that constitute success. Code 2 is always included Timeout (type in field) – How long you want the Extension to run before it times out.
V120322 29
X. Managing Alarms in ProactiveWatch
ProactiveWatch is the only VAR oriented Managed Service monitoring solution that can monitor every process on the server for usage of key resources, monitor the server for changes in the state of the installed software, monitor servers for changes in desirable and undesirable ports, monitor web and Citrix servers for URL and ICA response time and monitor the Windows Event logs with the granularity required to catch critical events in a wide variety of applications and services.
With this tremendous ability to monitor deeply and broadly comes the prospect of a significant number of false alarms. ProactiveWatch includes an easy to use, but very powerful system that allows you to virtually eliminate false alarms:
1. Alarms may be Excluded by the Agent and never even set up to the back end database for analysis and reporting. Excluded alarms are treated as if they never occurred at all. An example of an alarm that is excluded in the Default Exclusions template is the Windows Performance Logs and Alerts service going down.
2. Alarms may be Marked As Normal. Marked As Normal alarms are recognized within the Console as having occurred and are marked in blue instead of red in the grid view. Alarms can be Marked As Normal for a specific time period. For example the nightly reboot of a set of servers in a farm can be Marked As Normal if it occurs within +/- 30 minutes of 2 AM, but the reboot alarm will be treated as normal otherwise.
3. Alarms and Notifications are treated separately. Notification Rules (which cause Email Alerts) are separately defined from Alarms themselves. So the VAR can easily create a rule that sends an email immediately if a site or a server is down, but that reserves all other alarms for a summary email in the morning.
4. Resource alarms (CPU, Memory, Disk Time, Handles, Threads) can be excluded based upon which process caused them. For example, on an Exchange Server, store.exe often uses all of the memory. So, if the threshold for a memory alarm is 90%, that alarm will always fire on an Exchange Server, since store.exe will always push total memory utilization above that point. ProactiveWatch allows you to define an Exclusion rule that masks out alarms having to do with the utilization of resources in total caused by specific processes. So, memory alarms caused by store.exe (and sqlserver.exe) cease to be a problem.
ProactiveWatch is also unique in that false alarms can be masked before they occur, and can be applied to computers upon which they have never occurred before they occur. Furthermore, specific alarms can be generalized, and then Excluded or Marked As Normal and applied to any set of monitored devices.
Exclusions in Manage Alarms
Any alarm that occurs can be right-clicked upon and excluded. Be default, Excluded Alarms are added to the Default Exclusions Template, which applies them to all monitored devices. Below is an example of the alarms that are excluded by default in ProactiveWatch.
Note that the Physical Memory alarm is excluded when it is caused by sqlserver.exe, but not by any other process and that the CPU usage alarm is excluded when it is caused by beremote (the backup process), but not when any other process causes it.
The asterisks in the screen shot below illustrate how easy it is to generalize and exclusion. A common system profile change is for the CPU Mhz to change as the CPU shifts up and down in speed. When this alarm occurs, it comes with specific values in the Old and New fields. Replacing these values with asterisks masks out all changes in CPU speeds from the alarm set.
Marked As Normal in Manage Alarms
Two alarms are marked as normal below. A regular task every Monday consumes a great deal of CPU. This task runs between Midnight and 7 AM depending upon other system load. So it is Marked As Normal on a weekly schedule with a start time and end time that cover the likely periods during which the task is running.
The second Marked As Normal alarm is a nightly reboot, which occurs within a few minutes of 1:13 AM. It is important to note the key differences between Excluded Alarms, and Marked As Normal Alarms. They are:
1. Excluded Alarms are treated by the system as never having happened. There is no record within the system of them having occurred. There is no time frame for exclusions. Either an alarm is excluded all of the time or it is not.
V120322 31 2. Marked As Normal alarms show up in the Grid View and therefore it is possible to verify that the task
that caused the CPU issue, or the scheduled reboot did in fact occur.
3. Marked As Normal alarms have a time frame associated with them being normal. So this feature is used for alarms that are normal at night, and not normal during the day.
XI. Notification Rules
The last layer in the system of deciding which alarms are “important” is to decide which ones should be the basis of email notifications. Note that Excluded alarms are masked out as never having occurred, and Marked As Normal alarms are noted in the Explorer, but are masked out from the set available for notifications.
The Add Notification Rule dialogs below, shows how you can pick which alarms should be the basis of an email notification rule. Select the alarm(s) of interest, then you can choose an Alarm Parameter to filter that alarm type. Alarm Parameters are: Contains, Starts With, Ends With and Matches Exactly.
The rule may be further filtered on the basis of Customers, Locations, or even individual computers. Finally you can choose whether you want the alarm immediately, or whether you want summaries of the outstanding alarms hourly or daily. You may also overtype the pre-defined selections using CRONTAB. There are two Notification Types:
(a) “New Alarms and Events since Last Notification” will send an email for Alarms or Events that have occurred since the rule last ran. If an alarm was active and cleared during the period, it WILL still trigger an email, but will show as “resolved.” Enable “Include Newly RESOLVED Alarms” if you want a second email sent when an active alarm is cleared/resolved. (b) “Currently Active Alarms Only” will send an email for any of the selected Alarms that are
currently in the active state the moment the notification engine runs. This is useful to continually send reminder emails on more critical alarms (e.g.-Site or Server Down). A best practice is top air this with a rule for “New Alarms and Events…” to be notified immediately on the first occurrence, then setup a “Currently Active…” rule with a Frequency of 15 or 30 minutes for continued reminders. Note that this setting is only for “Alarms” and will not send an email for an “Event.”
Four alert formats are supported. Default is designed for emails that would appear in normal email programs like Microsoft Outlook or Google Gmail. Compact is designed for emails destined for mobile devices. The format is abbreviated so that you are
unlikely to have to scroll to read an alert. You may also select “Autotask,” in which case a ticket will be created based on the assignment rules in Settings->Options/Autotask, covered later in this document. The “Customer” and “Filter By” dialogs allow you to create alerts for specific customers, locations, or on the basis of the data that you put in any custom custom column. If you choose a Customer, then Filter By Location on the left dialog and then Location in the right Filter dialog, you will create a notification rule that just sends emails about that customer ID with that “location” to the specified email address.
V120322 33
XII. Analytical Tools in the ProactiveWatch Explorer
All of the Tools discussed in this section are accessible from within the ProactiveWatch Explorer by either selecting a row (selecting a monitored device) and then pulling down the Tools menu, or right-clicking upon the selected row and choosing the tool.
Show Issues
Show Issues rolls up the alarms that have occurred on the selected devices for the last 24 hours, 3 days, or 7 days. In the image below, the breakout of the errors in the Application Event log by source is displayed. This can be very useful for determining the pattern in a series of problems on a server.
View Metrics
Since ProactiveWatch collects data every 10 seconds, the last 360 samples represents the last hour of data for a monitored device. That data is presented in a summary form in the View Metrics dialog shown below.
Creating a Time and Date Based Snapshot
You can select any set of rows in the Explorer, and create a time and date based snapshot for those servers, workstations, and network devices. To create the snapshot, select the rows of interest, right-click and choose Create Profile Snapshot. You can then compare the current state of any server,
workstation or network device to that Snapshot in System Compare, Applications Compare, and Published Applications Compare.
V120322 35
System Compare
Selecting any set of devices, and then selecting System Compare produces the comparison table below. This table allows you to compare the System Profile of any set of devices to each other, and to the a state at a previous point in time. In the example below, the current states of Panthro and Panthro2 are
compared to each other, and to a snapshot of Pantho that was made on 5/10/2007 at 11 AM. Snapshots can be made of any set of managed devices at any time, and can then be pulled up for comparisons.
Application Compare
Application Compare allows you to compare the installed software across any set of managed devices, and compare the currentlyinstalled set, to the set that was installed when you made a snapshot. In the example to the right, Panthro2 has Windows Server 2003 SP1 and a number of security updates that are not present on Panthro. Since both of these servers are load balanced web servers in a farm they are supposed to be identical. However you can also see that they have both been updated to the newest version of the ProxiAgent.
Event Log Analyzer
ProactiveWatch automatically collects the Applications and Systems logs from every monitored Windows Server and Workstation. This data is then summarized in the ProactiveWatch database, and can be browsed in the Event Log Analyzer. The Event Log Analyzer allows you to choose the day you want to browse, the computer you want to browse, the Windows Event Log to browse, and then your choice of all log sources or an individual one. The detail table can be sorted by any column heading to, for example quickly bubble up all of the errors.
Distribution Graph
The Distribution Graph allows you to compare key metrics across servers, and look at their average, minimum or maximum values. This graph accesses up to seven days of historical data. An extremely useful application of this graph is to find themaximum number of concurrent users across a set of terminal servers in the last N days.
V120322 37
Trend Graph
A Trend Graph for a wide variety of metrics going back up to seven days provides for a valuable look at upcoming problems. For example, the trend in physical memory utilization for Panthro is definitely both up and nearing the maximum acceptable level.