• Conviértase en un profesional en el portal de soporte
• Descargar
• Imprimir
• Mis descargas ()

• Soporte
• Documentación técnica
• Foglight Agent Manager 7.1.0
• Foglight Agent Manager 7.1.0 - Foglight Agent Manager Guide

Foglight Agent Manager 7.1.0 - Foglight Agent Manager Guide

Navegación de contenido  

Configuring the embedded Agent Manager

Getting started Interacting with the embedded Agent Manager

Automatic configuration of the Management Server host name and port number

Installing external Agent Managers

Understanding how the Agent Manager communicates with the Management Server

Syntax conventions

Deploying the Agent Manager cartridge Downloading the Agent Manager installer Installing the Agent Manager

Installing the Agent Manager using the installer interface

Configuring Management Server URLs using the installer interface

Installing the Agent Manager from the command line

Configuring Management Server URLs from the command line

Using the Agent Manager silent installer Installing the Agent Manager as a Windows service

Starting or stopping the Agent Manager process

Identifying the Agent Manager process About platform-specific identification

Frequently asked questions

How do I upgrade the Agent Manager? How do I uninstall the Agent Manager? Where can I find the Agent Manager installation log files? Why does the message "Created system preferences directory in java.home" appear after I finish installing the Agent Manager on AIX? Are the passwords that are stored in the configuration file, fglam.config.xml, encrypted? How can I see what parameters are available for the silent installers? Why are two URLs displayed for localhost when I search for HA peers? I tested the connection between the Agent Manager and a Management Server, but the Management Server URL failed the connectivity test. Why did this happen? When I try to install the Agent Manager using the installer interface on Solaris x86 VMware, it fails and a warning message related to fonts appears. Why does this occur? Why does an AIX compatibility warning appear when I run the Agent Manager installer?

Configuring the Agent Manager

Operating system patches Launching the Agent Manager installation interface Configuring the Agent Manager to run in FIPS-compliant mode Configuring the Agent Manager from the command line Configuring the Agent Manager to use SSL certificates Configuring an Agent Manager instance as a Concentrator

Configuring the concentrator Configuring downstream Instances Creating a secure connection with downstream instances Excluding SSL ciphers from upstream or downstream Connections Excluding Specific SSL Protocols from Downstream Connections

Configuring the Agent Manager to accept connections from the Management Server Configuring the Agent Manager to execute commands on remote hosts Configuring multiple Agent Manager instances

Example: Running multiple instances in a cluster environment

Controlling the polling rate Configuring the Agent Manager to work in HA mode

Assigning Agent Managers to HA partitions Adding cartridges to the HA deployment whitelist About agent fail-over About non-HA deployments

Negotiating Agent Manager resources at runtime

Disabling runtime resource negotiation

Disabling agent-specific changes to the upstream queue

Configuring credentials

Managing lockboxes Releasing lockboxes to the Agent Manager

Configuring anti-virus exclusion settings Troubleshooting

Errors related to Windows WMI and DCOM configuration Resolving DATA_COLLECTION_FAILED errors Adjusting the maximum polling interval

Advanced system configuration and troubleshooting

Configuring Windows Management Instrumentation (WMI)

WMI IPv6 connection support Windows Firewall interference Minimum requirements for Windows Management Instrumentation

Promoting remote users to administrators on local machines through the Domain Controller Granting required permissions to individual remote users

WMI access violation and OS connectivity verification failure WMI and Quota Violation error Known WMI issues in Windows Server 2008 Tuning WMI connections Modifying registry key ownership on Windows Server 2008 R2 Configuring registry settings for Windows Server 2008 R2 and Windows 7 Resolving Access Denied errors when connecting to Windows XP Professional OS collection fails with a Local_Limit_Exceeded error Access to DCOM objects and registry is denied Configuring registry settings for WinShell access through DCOM Permissions on registry keys to configure DCOM command shell connection Enabling agents to connect from UNIX machines

Disabling UAC Granting access to dllhost.exe when Windows Firewall is enabled

Enabling agents to connect locally on Windows Releasing a locked MySQL process

Configuring Windows Remote Management (WinRM)

WinRM IPv6 connection support

About the cross-realm negotiate authentication behavior Enable DNS reverse lookup

About WinRM authentication and the Agent Manager Configuring the target (monitored) system Configuring the Agent Manager (monitoring) system Generating a configuration file required for WinRM Negotiate authentication Configuring command-shell connection settings About WinRM connection ports Troubleshooting

Enabling specific TLS protocols Verifying setup Identifying common causes of WinRM failures Reviewing application event logs Enabling connection type debugging

UNIX- and Linux-specific configuration

Agent Manager service can't start automatically when the operating system restarts SSH IPv6 connection support About supported remote monitoring protocols Configuring the Agent Manager to run as a daemon

Locating the init.d script Obtaining the Agent Manager daemon status

Configuring Agent Manager agent privileges

Using sudo to configure secure launcher permissions Using setuid_launcher to configure secure launcher permissions

Using the HP patch checking tool About Agent Manager installations on AIX Preventing Agent Manager core dumps on Linux

Monitoring the Agent Manager performance

Investigating Agent Manager diagnostics

Exploring the Adapter Details tab

Message Processing tab XML Serialization tab Servlets tab

Exploring the Client Details tab

Agent Manager Clients view Message Processing tab Clock Skew tab Bandwidth tab Misbehaving Clients tab XML Serialization tab CPU Usage tab Memory Usage tab CDT Submission tab Queue Utilization tab

Deploying the Agent Manager to large-scale environments

Using Agent Manager silent installer Parameters Example: Deploying the Agent Manager to multiple UNIX hosts

Working with this example

Before you begin

Example: Creating and running an Agent Manager deployment script

Part 1: Create the working directory and script file Part 2: Create a list of hosts Part 3: Add the script parameters Part 4: Specify the script commands Part 5: Run the script

Example: Deploying the Agent Manager to multiple Windows hosts

Example: Using a software deployment tool and silent installer parameters

Part 1: Provide the silent installer parameters Part 2: Make the Agent Manager installers accessible Part 3: Run the software deployment tool

Next steps

• Visualización de Temas 101 - 104 de 149

×

Reviewing application event logs

WinRM logs activity to an event log on the target machine. This includes both success and failure messages for authentication.

To view application event logs:

1	On the target machine, right-click My Computer and select Manage.

2	In the navigation tree on the left, choose System Tools > Event Viewer > Applications and Services Logs > Microsoft > Windows > Windows Remote Management > Operational.

The default Operational log contains the most common events.

To enable additional debug logging information:

1	Click View.

2	Click Show Analytic and Debug Logs.

3	Right-click the log file you want to view.

4	Select Enable Log.

Enabling connection type debugging

If the only information you are interested in is the types of connections that are being established, there is a command-line setting that enables logging the connection types.

Run the Agent Manager with the following switch:

-Dquest.debug.windowsinfo.types

 

NOTE: This logging occurs every time a connection is established and can be very verbose. It is recommended for debugging purposes only.

UNIX- and Linux-specific configuration

This contains platform-specific configuration information for configuring the Foglight Agent Manager on UNIX® or Linux®.

If your database is installed on an HP-UX server, regardless of the operating system, see Using the HP patch checking tool .

This section provides solutions for the following issues:

•	Agent Manager service can't start automatically when the operating system restarts

•	SSH IPv6 connection support

•	About supported remote monitoring protocols

•	Configuring the Agent Manager to run as a daemon

•	Configuring Agent Manager agent privileges

•	Using the HP patch checking tool

•	About Agent Manager installations on AIX

•	Preventing Agent Manager core dumps on Linux

Agent Manager service can't start automatically when the operating system restarts

When the Agent Manager service is running in the following platforms, it might not be able to start automatically when the operating system restarts.

Operating system platform	Operating system version
CentOS Linux	8.0 8.1 8.2
Red Hat Linux	8.1 8.2
Oracle Linux	8.0 8.1 8.2
SLES Linux	15 15 SP1 15 SP2

To fix this issue, follow the instructions provided below:

Use the ausearch utility to check the Access Vector Cache (AVC) messages and see if SELinux denies any of the FglAM actions:

# ausearch -m AVC,USER_AVC -ts today
time->Wed Nov 4 11:18:11 2020 type=AVC msg=audit(1604459891.164:117): avc: denied { open } for pid=1311 comm="fglam" path="/root/ 5981fips/jre/1.8.0.265/jre/lib/jce.jar" dev="dm-0" ino=11429653 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file permissive=1

The -m option specifies what kind of information ausearch returns. The -ts option specifies the time stamp. For example, -ts today returns messages from the whole day.

•	If any FglAM action has been denied, there are two options to fix the issue:

•	Disable SELinux service.

•	If you don’t want to disable SELinux, do the following:

a

Open the /etc/selinux/config file and change SELinux mode to permissive. Using permissive mode will force SELinux to accept all FglAM actions. SELinux will log all the denials regarding to FglAM actions that would have been denied in enforcing mode, by identifying them one at a time as the FglAM gets permissions granted individually.

b	Restart FglAM machine.

c

Ensure FglAM service starts automatically. Then try all of the functions that FglAM and agents would perform, such as deploying agent gars, creating agent instances, releasing lockbox to FglAM, and so on. Therefore, it will reveal all the FglAM actions that would have been denied by SELinux if running in enforcing mode.

d

Use the 'journalctl -t setroubleshoot --since= [time]' utility to view more information about the AVC message: # journalctl -t setroubleshoot --since=11:18 – Logs begin at Tue 2020-11-03 10:37:14 CST, end at Wed 2020-11-04 11:19:27 CST. – Nov 04 11:18:30 centos82-s1 setroubleshoot[1416]: SELinux is preventing quest-fglam from execute access on the file fglam. For complete SELinux messages run: sealert -l 06149362-e530-4f52-a081-53751a98eab7 Replace [time] with the machine restart time.

e	Use the 'sealert -l [AVC message ID]' utility to further inspect the AVC message:

# sealert -l 06149362-e530-4f52-a081-53751a98eab7
SELinux is preventing quest-fglam from execute access on the file fglam.
***** Plugin catchall (100. confidence) suggests****
If you believe that quest-fglam should be allowed execute access on the fglam file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing:
# ausearch -c 'quest-fglam' --raw | audit2allow -M my-questfglam
# semodule -X 300 -i my-questfglam.pp
[trimmed for clarity]

f	Perform actions according to suggestions provided in Step e.

g	Repeat Step e to Step f for all FglAM action denials AVC messages found in Step d.

h	Restore SELinux to enforcing mode and restart FglAM machine.

i	Check if there are still denials about FglAM actions. If yes, repeat Step a to Step i until no denials to FglAM actions are found.

•	If it is not caused by SELinux, perform below command to check if it works.

systemctl enable quest-fglam.service

If it doesn’t work, fix the issue according to the error. For example, it may report below error, which instructs to install the tool insserv first and then run above command again to fix this issue.

Executing: /usr/lib/systemd/systemd-sysv-install enable quest-fglam

/sbin/insserv: No such file or directory

•  Anterior
• Visualización de Temas 101 - 104 de 149
• Siguiente 

Buscar este documento Buscar todos los documentos

×

 Bienvenido al portal de soporte

Puede encontrar ayuda de soporte en línea para el *producto* Quest en un sitio de soporte afiliado. Haga clic en Continuar para ser dirigido al contenido de soporte y a la asistencia adecuados para el *producto*.

Documentos relacionados

The document was helpful.

Seleccionar calificación

I easily found the information I needed.

Seleccionar calificación

© ALL RIGHTS RESERVED. Términos de uso Privacidad Cookie Preference Center