Chatee ahora con Soporte
Chat con el soporte

KACE Systems Management Appliance 14.0 Common Documents - Administration Guide

About the KACE Systems Management Appliance Getting started
Configuring the appliance
Requirements and specifications Power-on the appliance and log in to the Administrator Console Access the Command Line Console Tracking configuration changes Configuring System-level and Admin-level General Settings Configure appliance date and time settings Managing user notifications Enable Two-Factor Authentication for all users Verifying port settings, NTP service, and website access Configuring network and security settings Configuring session timeout and auto-refresh settings Configuring locale settings Configuring the default theme Configure data sharing preferences About DIACAP compliance requirements Configuring Mobile Device Access Enable fast switching for organizations and linked appliances Linking Quest KACE appliances Configuring history settings Configuring Content Security Policy
Setting up and using labels to manage groups of items Configuring user accounts, LDAP authentication, and SSO Deploying the KACE Agent to managed devices Using Replication Shares Managing credentials Configuring assets
About the Asset Management component Using the Asset Management Dashboard About managing assets Adding and customizing Asset Types and maintaining asset information Managing Software assets Managing physical and logical assets Maintaining and using manual asset information Managing locations Managing contracts Managing licenses Managing purchase records
Setting up License Compliance Managing License Compliance Setting up Service Desk Configure the Cache Lifetime for Service Desk widgets Creating and managing organizations Importing and exporting appliance resources
Managing inventory
Using the Inventory Dashboard Using Device Discovery Managing device inventory
About managing devices Features available for each device management method About inventory information Tracking changes to inventory settings Managing inventory information Finding and managing devices Registering KACE Agent with the appliance Provisioning the KACE Agent Manually deploying the KACE Agent Using Agentless management Adding devices manually in the Administrator Console or by using the API Forcing inventory updates Managing MIA devices Obtaining Dell warranty information
Managing applications on the Software page Managing Software Catalog inventory
About the Software Catalog Viewing Software Catalog information Adding applications to the Software Catalog Managing License assets for Software Catalog applications Associate Managed Installations with Cataloged Software Using software metering Using Application Control Update or reinstall the Software Catalog
Managing process, startup program, and service inventory Writing custom inventory rules
Deploying packages to managed devices
Distributing software and using Wake-on-LAN Broadcasting alerts to managed devices Running scripts on managed devices Using Task Chains
Patching devices and maintaining security
Using the Security Dashboard About patch management Subscribing to and downloading patches Creating and managing patch schedules Managing patch inventory Managing Windows Feature Updates Managing Dell devices and updates Managing Linux package upgrades Manage quarantined file attachments
Using reports and scheduling notifications Monitoring devices
Getting started with monitoring Working with monitoring profiles Managing monitoring for devices Working with alerts
Using the Service Desk
Configuring Service Desk Using the Service Desk Dashboard Managing Service Desk tickets, processes, and reports
Overview of Service Desk ticket lifecycle Creating tickets from the Administrator Console and User Console Creating and managing tickets by email Viewing tickets and managing comments, work, and attachments Merging tickets Using the ticket escalation process Using Service Desk processes Using Ticket Rules Run Service Desk reports Archiving, restoring, and deleting tickets Managing ticket deletion
Managing Service Desk ticket queues About User Downloads and Knowledge Base articles Customizing Service Desk ticket settings Configuring SMTP email servers
Maintenance and troubleshooting
Maintaining the appliance Troubleshooting the appliance
Appendixes Glossary About us Legal notices

Working with monitoring profiles

Working with monitoring profiles

Monitoring profiles describe the criteria for creating an alert, by identifying text to search for in the device's log and associating that text with a defined alert level.

The appliance provides a set of default profiles for log monitoring of devices with supported operating systems, and also for SNMP trap devices. Beyond that, you can modify existing monitoring profiles, create your own profiles, and upload profiles created by other users. In addition, you have access to standard Log Enablement Packages (LEPs) to enable application and threshold monitoring.

The available monitoring profiles are listed on the Monitoring Profiles page

TIP: To display only the log monitoring profiles, in the top-right corner, click View By > Type > Log. To display the monitoring profiles for SNMP trap devices, click View By > Type > SNMP Trap.

As an example, the default profile for creating alerts for Mac OS X devices indicates that /var/log/system.log is the log that the monitoring function scans, looking for text that would trigger an alert. The following table describes the default search text in the Include Text field and the associated alert levels.

Text searched for in log

Alert level

critical

Critical

error

Error

fatal

Error

fail

Error

appliance monitor alert

Error

warn

Warning

unavailable

Warning

You can add other alerts customized to your operational needs.

The default profiles cover the following supported operating systems:

For devices with Linux operating systems, there are several different log paths for MySQL and Apache logs, depending on the version of the OS. See Profile log paths for MySQL and Apache.

For Agentless devices that are monitored using the SNMP trap mechanism, you need to provide trap message formats and expressions to capture the specific trap elements. See Configure SNMP trap messages and alerting criteria.

In the Log Enablement Packages list page, Quest publishes a base set of Windows Reliability and Performance Monitor (PerfMon) templates and non-Windows open-source Perl scripts, so that users can extend their monitoring capability and identify system and application performance issues. These templates and scripts are available so that users do not have to create them from scratch. Monitoring on the appliance works without these additional templates and scripts, but the profiles that are created from the templates and scripts are helpful if you want to do performance threshold monitoring.

Edit a profile

Edit a profile

You can change, add, or remove alert criteria and log paths for any existing profile.

If you want to use an existing profile as a starting point for creating a profile, see Create a new profile using a default profile as a template.

To identify events that you want raised as alerts, use strings or regular expressions in Include Text to specify the appropriate message content. For instance, if you enter the string, Physical memory, an alert is raised for every message with that exact string.

To cover multiple possibilities, you can use a regular expression. For example, if you want alerts for any drive mount point that has drive errors, in the form, “Drive /dev/[any drive mount point] has drive errors”, you can use Drive /dev/[a-z]{1,} has drive errors in Include Text. Alerts are raised for any messages that contain "Drive /dev/" followed by any word of any length containing the characters a-z, followed by "has drive errors".

You can exclude specific events from being raised as alerts if you find them unnecessary or distracting. To filter the alerts you do not want to receive, you use Exclude Text to indicate the content that identifies an unwanted alert. You can use Exclude Text to filter whole categories of alerts, or use Exclude Text in conjunction with Include Text to refine a subset of an alert category. See Examples of Include Text and Exclude Text for monitoring profiles.

1.
Go to the Profiles list page:
a.
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Monitoring, then click Profiles.
2.
Select the check box for the existing profile that you want to edit, and select Choose Action > Edit to display the Profile Detail page.
3.
Optional: Change or modify the Name and Description of the profile to indicate the edits.
4.
Make changes to the Criteria settings, according to your needs.
Change Include Filter (SNMP traps only) or Include Text (all other monitoring profiles).
Optional. Change Exclude Filter (SNMP traps only) or Exclude Text (all other monitoring profiles).
If the provided search text is case sensitive, select Yes in the Case-sensitive drop-down list.
SNMP traps only. Create a Service Desk ticket automatically each time the appliance receives a specific SNMP alert.
On the line containing an SNMP include and exclude filter (as configured), in the Create Ticket column, click Select Queue, and select a ticket queue that you want to use to create a Service Desk ticket. The appliance will create a Service Desk ticket in the specified ticket queue when it receives an alert resulting from the specific include filter. The device associated with the alert will appear selected in the Service Desk ticket. The name and summary of the event that triggered the SNMP alert will appear in the ticket details. For more information about Service Desk tickets, see Managing Service Desk tickets, processes, and reports.
2.
In the Level drop-down list, select the level from among the five choices: Critical, Error, Warning, Info, and Recovered.
1.
On the Criteria category header, click the Add button: .
5.
Click Save at the bottom of the page.
NOTE: You can return a default profile to factory settings for its operating system by using the Reset to Factory Settings button at the bottom of the page.

Configure SNMP trap messages and alerting criteria

Configure SNMP trap messages and alerting criteria

You can configure SNMP trap messages and the alerting criteria using the Profiles page.

SNMP (Simple Network Management Protocol) is a protocol for monitoring managed devices on a network. This protocol is supported by Dell Open Manage and many third-party products. When you enable this feature on the appliance, and the related devices are also enabled for monitoring, the appliance can receive SNMP traps from the monitored Agentless devices using SNMP connections, such as printers, projectors, and routers.

SNMP traps are messages initiated by network devices and sent to the trap receiver on the appliance. For example, a router can send a message when its power supply fails. Or, a printer initiates a message when it runs out of paper. The appliance receives these traps and generates alerts when certain pre-defined thresholds are reached.

You can configure SNMP trap messages and the alerting criteria using the Profile Detail page.

You can include or exclude certain events from being detected, as needed.

1.
Go to the Profiles list page:
a.
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Monitoring, then click Profiles.
To create a new SNMP trap profile, select Choose Action > New> SNMP Trap Profile.
The Profile Detail page appears.
3.
Optional: Change or modify the Name and Description of the profile to indicate the edits.
4.
Make changes to the Trap Message Formats settings, according to your needs.
For example: %Td (%Tn => %To) %Vz

Element

Description

%Aa

The agent address.

%Ah

The agent host name.

%d

Local day.

%m

Local month.

%y

Local year.

%h

Local hour.

%i

Local minute.

%s

Local second.

%u

Unix timestamp.

%Td

Trap description.

%Tm

Trap MIB (management information base).

%Tn

Trap name.

%To

Trap OID (object ID).

%Tt

Trap type (0-5 Generic; 6 - Enterprise).

%Tv

Trap version (Inform, Trap v1, v2, or v3).

%Vd#

Variable binding description (where '#' is a number representing the element's position in the sequence).

%Vn#

Variable binding name (where '#' is a number representing the element's position in the sequence).

%Vo#

Variable binding OID (where '#' is a number representing the element's position in the sequence).

%Vt#

Variable binding type (where '#' is a number representing the element's position in the sequence).

%Vv#

Variable binding value (where '#' is a number representing the element's position in the sequence).

%Vz

Shows all variable bindings (Name: Value, Name: Value, Name: Value). If a Name is missing (due to a missing MIB file), the OID is displayed instead.

The following alert levels are available: Critical, Error, Warning, Info, and Recovered.
To add an alert level, under Criteria, click to add a new alert level.
<Field_Type> {TRAP_OID|TRAP_NAME|TRAP_DESCRIPTION|TRAP_TYPE|TRAP_MIB|VARBIND} {=|!=|>|<|>=|<=} <Field_Value> [<AND|OR> <Condition_A>] [<AND|OR> <Condition_B>] ...
TRAP_OID = “.1.3.6.1.4.1.8072.2.3.2.1”: An alert is generated when the trap OID contains ".1.3.6.1.4.1.8072.2.3.2.1".
TRAP_NAME = "acctngFileFull" AND VARBIND = "acctngFileName|ABC": An alert is generated when the trap name contains "acctngFileFull" and if one of the trap's variable bindings is "acctngFileName" with a value of "ABC".
7.
Click Save at the bottom of the page.
NOTE: You can return a default profile to factory settings for its operating system by using the Reset to Factory Settings button at the bottom of the page.

Create a new profile using a default profile as a template

Create a new profile using a default profile as a template

You can copy a default or existing monitoring profile and edit the copy to create a new profile.

You are not limited to one profile for each device. You can create additional profiles that generate different alerts and bind the profiles to devices that already have one or more profiles associated with them.

1.
Go to the Profiles list page:
a.
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Monitoring, then click Profiles.
2.
Select the check box for the existing profile that you want to start with as a template, and select Choose Action > Duplicate and Edit to display the Profile Detail page.
4.
Optional: Change or modify the Name and Description of the profile to indicate the edits.

The path can be the basic one for the operating system, as shown in the table.

Operating system

Log path

CentOS

/var/log/messages

Debian

/var/log/syslog

Fedora

/var/log/messages

FreeBSD

/var/log/messages

macOS

/var/log/system.log

openSUSE

/var/log/messages

Oracle Enterprise Linux

/var/log/messages

Red Hat Enterprise Linux

/var/log/messages

Solaris

/var/adm/messages

SUSE Enterprise Linux

/var/log/messages

Ubuntu

/var/log/syslog

Windows

application for Windows Application

NOTE: You must use the Full Name of the event log, as it appears in the properties for that log. To ensure you have the correct Full Name, open the Event Viewer. Expand Windows Logs, right-click the event log and select Properties. Use the version of the Full Name that appears in the field in the Log Properties dialog.

Microsoft-Windows-TaskScheduler/Operational for Windows Task Scheduler Operational

Raspberry Pi OS

/var/log/syslog

Alternatively, you can enter a path that defines a log that contains data beyond the basic event logs. For instance, if you had an application on SUSE that sends its data to a specific log such as /var/log/<myapplog>, you can use that path in a new profile, and define the search text and alert level as described in this procedure.

For devices with Linux operating systems, there are a number of different log paths for MySQL and Apache logs, depending on the version of the OS. See Profile log paths for MySQL and Apache.

6.
Make changes to the Criteria settings, according to your needs.
Change Include Text.
2.
Type the new search text, and, if necessary, select Yes in the Case-sensitive drop-down list.
3.
Click Save at the right of the row.
Optional: Change Exclude Text.
2.
Type the new exclude text, and, if necessary, select Yes in the Case-sensitive drop-down list.
3.
Click Save at the right of the row.
2.
In the Level drop-down list, select the level from among the five choices: Critical, Error, Warning, Info, and Recovered.
3.
Click Save at the right of the row.
1.
On the Criteria category header, click the Add button: .
4.
Optional: Reorder the new alert criteria using the Drag button: .
7.
Click Save at the bottom of the page.

The profile is available to be assigned to a device on that device's Monitoring Detail page.

Documentos relacionados

The document was helpful.

Seleccionar calificación

I easily found the information I needed.

Seleccionar calificación