1 / 30

Alerting and Monitoring

Alerting and Monitoring. Design, Process, and Review for LANDesk 8.8. Overview. Core Side Setup and Configuration Alert.exe Overview System and Server Manager Specific Core Side Alerts Specific Client Side Alerts General Issues. Core Side Setup and Configuration. Differences

magar
Download Presentation

Alerting and Monitoring

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Alerting and Monitoring Design, Process, and Review for LANDesk 8.8

  2. Overview • Core Side Setup and Configuration • Alert.exe Overview • System and Server Manager • Specific Core Side Alerts • Specific Client Side Alerts • General Issues

  3. Core Side Setup and Configuration • Differences • In 8.7 System Manager was a separate component • System Manager had it’s own Web Console that was used to configure alerts • The Core Server had a separate 32-bit interface to configure alerts for the core only. • Several actions were available: Log, Email, Fax, Page, etc. But most of these options were largely never used. • In 8.8 System Manager and the Core interface were combined on the core and a new interface was born: Flash Console • All alerting rulesets are now edited through the Flash Console • Actions have changed: Intel vPro, Log, Email, Run an application on the core, Send an SNMP Trap • More options for ruleset deployment are available: Add, Remove All, or Replace.

  4. Core Side Setup and Configuration (Cont.) • Similarities • The same 3 alert requirements are in place. • Alert: What is it you want to alert on? • Action: What action(s) do you want to take when the alert happens? • Time: When do you want to monitor and alert on the event? • A System or Server Manager License is still required for most alerts on the client. • Core side alerts and abilities are basically the same. • Health can be changed for certain alerts • Example: If a device can no longer be detected with a PING then it’s icon in inventory can be changed to “critical” and will have a red bang icon next to it. Once the device comes back online the health status returns to normal.

  5. Core Side Setup and Configuration (Cont.)

  6. Core Side Setup and Configuration (Cont.)

  7. Core Side Setup and Configuration (Cont.)

  8. Core Side Setup and Configuration (Cont.) • Alerting Configuration Process • Configure the alert • Save the alert ruleset • Publish the alert ruleset • Distribute the alert ruleset to clients

  9. Core Side Setup and Configuration (Cont.) • Distributing Alerts: • Alerting rulesets need to be saved and published before distribution can take place. • Alertsync.exe is called and a pull takes place

  10. Core Side Setup and Configuration (Cont.)

  11. Core Side Setup and Configuration (Cont.) • Email • Common mistakes and problems • Multiple % symbols are used. %%D=%D where as %D = Description • Incorrect spaces % space D • Variables are used somewhere besides Subject and Body • Log files • Alertservice.log • C:\Progam Files\LANDesk\ManagementSuite • This log will display the exact command sent to the email server. This can help with formating. • Sendemail.log • C:\Program Files\LANDesk\ManagementSuite • This log will report errors when communicating with the email server

  12. Alert.exe Overview • Alert.exe is like a subsystem. Various applications call alert.exe with command line parameters about what alert they want logged. • Alert.exe references the ruleset XML files for details about the alert. • Alert.exe attempts to transmit the alert to the core or in the case of a core side alert it’s logged in the database. • If the core server or the inventory server is busy then the alert is saved as an XML file in a queue folder. Alert Queue folders reside on the client and core. After a short period of time alert.exe or alertservice.exe (core server) will check the queue and process the alert.

  13. Alert.exe Overview (Continued) • What calls alert.exe? • Services • LDINV32 (Core Inventory Server), Vulscan, etc. • Providers • LDmemory.exe • LDdrives.exe • LDapplication.exe • Etc.

  14. Alert.exe Overview (Continued)

  15. Alert.exe Overview (Continued) • http://clientnameORIP:9595/ldclient/ldprov.cgi/index

  16. Alert.exe Overview (Continued) • LDMemory (addremovememorymonitor)

  17. Core Side Alerts • What alerts are available on the core? • A detailed list is contained in the core alert ruleset • Device Monitoring • Sends a ping to a device and will alert when a device is not responsive. • Configured in two pieces • What devices to monitor? • Configuration of the actual alert. Note: This alert is enabled by default in 8.8 SP2 with a log action • This ability should be limited to important servers as it uses the same system as Agent Discovery and can interfere if too many pings are going out too rapidly. Many devices can be monitored but the entire inventory shouldn’t be monitored. • Monitoring of this alert relies on PING and therefore DNS etc.

  18. Core Side Alerts (Continued) • Device Monitoring • Configure – Services Menu on the core

  19. Core Side Alerts (Continued) • Inventory Changed Alert • Alerts when a pre-selected inventory item has changed since the last inventory scan. • Configured in two spots • Inventory History (to select what inventory items to monitor) • Inventory Changed Alert itself

  20. Core Side Alerts (Continued) • Inventory Changed Alert • Configure – Inventory History on the core • Inventory = Logs changes in the devices Inventory History Diaglog • NT Log = Logs changes in the NT Event Log • Alert = Send an alert

  21. Core Side Alerts (Continued)

  22. Client Side Alerts • What alerts are available for the client? • All alerts are listed in the LDMS Default Ruleset • Some alerts are configured in other locations • Example: Security and Patch has an “alert” group. If a definition is discovered on a particular device then an alert can be fired to show that device as needing the patch in the alert group • Logs • Most client logs are reported in C:\Program Files\LANDesk\Shared Files\

  23. Client Side Alerts (Continued) • Example client alert: Service Monitoring • This alert is part of the Server Manager add-on. • The alert fires when a previously specified service is started or stopped. • Process Walkthrough…

  24. System and Server Manager • System Manager • Designed for desktop systems and interacting with general hardware • Can alert on memory, hard drive space, CPU usage, etc. • Server Manager • Designed for server class systems with added hardware chipsets and sensors. • IPMI alerting capabilities for temperature, fan speeds, etc. • Enhanced alerting (which includes all System Manager Alerts) • Example: The ability to alert when a service has started or stopped.

  25. General Issues • Log’s Tab fails to display any results or an Application Error occurs while loading the Tab. • Cause: • Too many alerts logged in the Alert Log table • Resolution: • http://community.landesk.com/support/docs/DOC-5036 • Resolution involves removing records from the Alertlog Table in the database and then configuring clients so that the “Agent Started” alert is not triggered. • “Management Agent Started” Alert • Designed for System Manager to update the health status.

  26. General Issues • An Email Action is configured and the alert is logged at the core but an email is not received. • Cause: • Email authentication was changed in 8.8 and by default doesn’t allow Plain Authentication. • Resolution: • Enable Plain Authentication by changing the “NonExtended” database entry in the AlertEmail Table from “0” to “1” for each configured Email Alert Action. • http://community.landesk.com/support/docs/DOC-2849

  27. General Issues • Troubleshooting email configuration • Email Servers can vary • Sendemail.exe performs a “fire and forget” action • Using “helo” and “ehlo” • Some type of authentication is needed on the email server. • http://community.landesk.com/support/docs/DOC-2687 • SMTP mail uses a reserved port number (25) to handle the protocol. SMTP servers can accept un-authenticated mail or they may impose a variety of user/password schemes. In order to invoke authentication, the SMTP server must accept extended commands. So instead of using the HELO command to start an SMTP session, the EHLO (Extended HELO) command is used. Authentication is only available in the Extended SMTP case. Here is an example of both the HELO and EHLO commands submitted to an SMTP server:

  28. General Issues • When selecting Alerting in the 32-bit console some of the rulesets are missing • Cause: Server or System Manager wasn’t installed on the core when the core was initially configured. • Some alerts are designed for the enhanced capability of Server or System Manager. If these components are not installed then some rulesets will be missing • Resolution: None. Unless Server or System Manager is desired. These rulesets can be added later with the help of the following document: • http://community.landesk.com/support/docs/DOC-2775

  29. General Issues • Sometimes when using the “Inventory Change Alert” to alert when a specific inventory item has changed the Node/Name appears blank • Cause: • The inventory server processes the alert and calls alert.exe with all of the alert information added as part of the command line. This is accomplished while the scan is being processed and before it’s recorded in the database. During this process the node is checked in the database which appears blank when the scan is received from a new device. • Resolution: • An escalation is filed to change this behavior in the future. For now any alerts received in this state simply indicate that the scan came from a new device.

  30. Further Questions/Contact Information • Name: John Trafelet, PSE Console • Email: john.trafelet@landesk.com

More Related