Chatta subito con l'assistenza
Chat con il supporto

Foglight for Infrastructure 5.9.2 - User Guide

Using Foglight for Infrastructure Monitoring log files with Foglight Log Monitor Monitoring IBM PowerVM environments
Before you begin Managing PowerVM HMC agents Monitoring your PowerVM environment
Advanced system configuration and troubleshooting Reference
Advanced System Configuration Foglight for Infrastructure views Foglight Log Monitor views Rules Metrics
Appendix: Building regular expressions in Foglight

About the WindowsAgent

The WindowsAgent monitors Windows® systems and collects the following information:

There are views, rules, and data associated with this agent. For more information, see Reference.

Windows Management Instrumentation (WMI) and Windows Remote Management (WinRM) are two different mechanisms that monitoring agents can use to establish remote connections. In most scenarios, only one of these mechanisms needs to be configured. Due to limitations in scalability for WMI that cannot be overcome, the preferred mechanism for monitoring Windows resources is via WinRM. For platform-specific information for configuring the Foglight Agent Manager on Windows, when using WMI or WinRM for remote monitoring access, see sections “Configuring Windows Management Instrumentation (WMI)” and “Configuring Windows Remote Management (WinRM)” in the Foglight Agent Manager Guide.

Services data collection (Win32_Service class)
Event log data collection (Win32_NTLogEvent class)
Cluster data collection (MSCluster_* classes)

For more details, see these topics:

Supported platforms

For a list of platforms supported for the WindowsAgent, see the “System Requirements” section in the Foglight for Infrastructure Release Notes.

Agent properties

When an agent connects to the Foglight Management Server, it is provided with a set of properties that it uses to configure its correct running state. For more information about working with agent properties, see Creating agent instances.

The WindowsAgent is shipped with default properties that can be modified to suit your system requirements. The properties specific to the WindowsAgent are illustrated in the following screenshot.

 

You can configure the following settings for this agent:

Host: host name or IP address.
Host name override: host name to be used to store this host’s data in the Foglight data model.
Top CPU Processes: number of top CPU processes to be monitored. Default value = 5.
Top Memory Processes: number of top memory processes to be monitored. Default value = 5.
Top IO Processes: number of top IO processes to be monitored. Default value = 5.
Collect Top N processes only: Default value = False. When set to True, the agent collects data for Top CPU Processes, Top Memory Processes, and Top IO Processes only.
Collect process metrics: Default value = True. When set to True, the agent collects process metrics.
Collect CPU metrics: Default value = True. When set to True, the agent collects performance metrics about the system’s CPUs.
Collect disk metrics: Default value = True. When set to True, the agent collects performance metrics about the system’s disks.
Include mounted remote filesystems: Default value = False. When set to True, the agent collects metrics about remotely mounted disks.
Collect memory metrics: Default value = True. When set to True, the agent collects performance metrics about the system’s memory.
Collect network metrics: Default value = True. When set to True, the agent collects performance metrics about the network.
TIP: If you are collecting basic host metrics using Foglight for VMware and/or Foglight for Hyper-V, you may need to set the Collect CPU/disk/memory/network metrics options to False, to prevent different or conflicting values from being reported. For Foglight for VMware, consider setting all four flags to False. In the case of Foglight for Hyper-V, consider setting CPU to False, and possibly memory as well. In some cases, Foglight for Hyper-V can collect memory data more accurately than Foglight for Infrastructure, however that depends on the version of Foglight for Hyper-V.
Collect System ID: Default value = True. This property indicates to the agent whether or not to collect a unique system ID from this system. This is not always desirable when monitoring Hyper-V® systems, as some Hyper-V systems use the same ID for multiple systems and are not unique.
Collect cluster information: Default value = False. This property indicates to the agent whether or not to collect additional metrics about Windows® clusters.
Treat cluster resource groups as virtual host: Default value = False. This property indicates to the agent whether or not hosts in a Windows cluster are be treated as virtual machines or distinct physical hosts.
Collect service metrics: When set to the default value, Collect only specified services, the agent collects metrics only for the services specified in the Services to Monitor list. When set to Collect all services, all service metrics are collected. When set to Do not collect services, no service metrics are collected.
Services collect type: When set to the default value, Collected services by display name, the agent collects services by service display name. When set to Collected services by name, the agent collects services by service name.
Submit changed services only: Default value = False. When set to the default value, the agent submits all collected services. When set to True, the agent only submits the changed services.
Collect log events: Default value = True. When set to True, the agent collects log events information.
Report only aggregate process metrics: Default value = True. When set to True, the agent collects metrics from all processes, aggregates the information, and presents it in a unified report. When set to False, the agent still collects aggregate data, but it also includes details about every process. This could result in a lot of data sent to the Management Server and may have a performance impact.
Collect Top N Process Details: Default value = True. When set to True, the agent collects data for the Top CPU Processes, Top Memory Processes, and Top IO Processes. Details about these top processes are accessible from the Infrastructure Environment dashboard (for example, to see the top CPU processes, in the Monitoring tab, select a host on the Quick view, click the Explore button in the Resource Utilizations view, and click any metric indicator in the CPU area; the top CPU consumers are displayed in the CPU Details dashboard.)
When set to False, some extra details (owning username/domain) are unavailable for processes reported in the various “Top N” collections. Gathering this information can be expensive if the connection to the remote machine is slow or the “Top N” collections are configured to be very large.
Use ping to validate host availability: Default value = False. When set to True, the agent is configured to use ping to detect if the monitored host is unavailable. If the agent fails to make a connection to the monitored host, and this property is set to True, the agent sends a ping command to the host. If the host does not respond, the Host.monitored observation is set to UNAVAILABLE (for more details, see Host availability alerting).
Excluded Drives: A list of drives that are excluded from monitoring. You can modify, clone, and delete lists of excluded drives, as necessary. The list contains two columns: Host Name Expression and Drive Name Expression. An entry in the list consists of two regular expressions that together identify one or more drives that are excluded from monitoring. For example:

tor.*

All hosts starting with “tor” such as tor.test.com or tor.prod.com

[ST]:.*

Drive letters starting with either S or T, followed by a colon ‘:’, followed by any other characters (typically a backslash ‘\’), such as S:\ and T:\

IMPORTANT: Failing to provide a valid regular expression can result in data loss. A list containing invalid expressions (for example, [ST]:* instead of [ST]:.*) causes the loss of all OS metrics collected from the hosts associated with that list.
Click Edit to modify the entries in the list. In the HostAgents - WindowsAgent - ListName dialog box that appears, you have several options: add or delete rows, edit the existing entries, select drives to be excluded, save or revert changes. To exclude one or more drives from monitoring, add table rows entries and populate them with regular expressions, as required.
Click Clone to clone the selected exclude list. In the Clone ListName dialog box that appears, enter a name for the new list, and click OK to save the it. The new exclude list is added to the drop-down list.
Click Delete to delete the selected exclude list. In the Delete ListName dialog box that appears, confirm the deletion by clicking Yes. The exclude list is deleted from the drop-down list.
Process Availability Config: A list of monitored processes and their expected instance counts. The list contains three columns: Process Name, Command Line, and Expected Process Count, and can be edited, as required. The agent compares the number of actual processes with the number of expected processes, found in this list. Results are displayed in the Processes > User Defined Processes (Process Availability Config) view (for details, see User Defined Processes (Process Availability Config)).
Hours of backlog events to read: controls how much historical data is collected by the agent when it is first activated.
Event Logs to Monitor: provides the list of event logs that users want to monitor. Windows® automatically maintains a few different event logs. Users can modify, clone, and delete these event logs, as necessary.
Click Edit to modify the log selected from the drop-down list. In the HostAgents - WindowsAgent - LogName dialog box, you have several options: add or delete rows, modify fields, select logs to be monitored, save or revert changes. The Event Log Name is the name of the log to monitor; this column is pre-populated with a few default values; users who want to monitor other logs can add new rows. The Monitor check boxes instruct the agent whether to monitor that log or not.
Click Clone to clone the log selected from the drop-down list. In the Clone LogName dialog box, enter a name for the new event log, and click OK to save the it. The new event log is added to the drop-down list.
Click Delete to delete the log selected from the drop-down list. In the Delete LogName dialog box, confirm the deletion by clicking Yes. The event log is deleted from the drop-down list.
Event Log Filter: provides the ability to filter out the events that should not be monitored (for example, messages that are present in the event log but are irrelevant to users, therefore users should not be alerted of them). Windows provides a default log filter. Users can modify, clone, and delete this filter, as necessary.
Event Throttle Count: When set, this ensures that one event in every count (the event log entry occurrence that the filter applies to) is submitted to the Management Server. When If the count is one or less, then every event log entry occurrence is submitted and no throttling is done. The default is zero ‘0’.
Event Throttle Duration (seconds): This value represents the duration in seconds for the throttle count to be applied. When set, the throttle count is applied within a duration. After the duration expires, the throttling restarts from the beginning regardless of the current throttle state. If the count is one or less, then only one event log entry the filter matches is submitted within the specified duration. If the count is larger than one, then only one in every count (the event log entry occurrence that the filter matches) is submitted, and the agent starts counting pattern matches from zero after the duration. The default value is zero '0', which means the duration is not applied.
NOTE: The Event Throttle Count and Event Throttle Duration (seconds) properties only apply to INCLUDE-type filters (and not EXCLUDE-type filters), since throttling is necessary only if a message is being included (and submitted).
Click Edit to modify the filter selected from the drop-down list. In the HostAgents - WindowsAgent - FilterName dialog box, you have several options: add or delete rows, modify fields, save or revert changes.
Click Clone to clone the filter selected from the drop-down list. In the Clone FilterName dialog box, enter a name for the new event log, and click OK to save the it. The new filter is added to the drop-down list.
Click Delete to delete the filter selected from the drop-down list. In the Delete FilterName dialog box, confirm the deletion by clicking Yes. The filter is deleted from the drop-down list.
Event Log Severity: allows users to map the severity levels that are defined in Foglight to the severity levels (or Type) that are defined in the Windows event log.
Services to Monitor: provides lists of services that users want to monitor. Windows provides a default list of services. Users can modify, clone, and delete lists of services, as necessary.
Click Edit to modify the selected service list. In the HostAgents - WindowsAgent - ListName dialog box, you have several options: add or delete rows, modify fields, select services to be monitored, save or revert changes. The Service Name is the Display Name of the service to monitor; this column is pre-populated with a few default values; users who want to monitor other services can add new rows. The Monitor check boxes instruct the agent whether to monitor that service or not. The check boxes in the Restart if Stopped column allow you to restart stopped Windows services, as required.
Click Clone to clone the selected service list. In the Clone ListName dialog box, enter a name for the new service list, and click OK to save it. The new list is added to the monitored services drop-down list.
Click Delete to delete the selected service list from the monitored services drop-down list. In the Delete ListName dialog box, confirm the deletion by clicking Yes. The service list is deleted from the monitored services drop-down list.
Collector Config: defines how quickly the agent collects data. Windows provides a defaultSchedule configuration. Users can modify, clone, and delete configurations, as necessary.
Click Edit to modify the configuration selected from the drop-down list. In the HostAgents - WindowsAgent - ConfigurationName dialog box, you have several options: add or remove rows (that is, collectors and their settings), modify fields, and save or revert changes.
Click Clone to clone the configuration selected from the drop-down list. In the Clone ConfigurationName dialog box, enter a name for the new configuration, and click OK to save the it. The new configuration is added to the drop-down list.
Click Delete to delete the configuration selected from the drop-down list. In the Delete ConfigurationName dialog box, confirm the deletion by clicking Yes. The configuration is deleted from the drop-down list.

About the UnixAgentPlus

The UnixAgentPlus monitors Linux® and Oracle Solaris® platforms and collects the following information:

NOTE: The UnixAgent monitoring Solaris platforms treated ZFS® pools (retrieved by executing the zpool list command) as LogicalDisks, however the UnixAgentPlus treats them as PhysicalDisk. Due to this change, when switching from UnixAgent to UnixAgentPlus, you may notice that certain filesystem-related alarms that were raised for LogicalDisks under UnixAgent are now raised for PhysicalDisks under UnixAgentPlus. Additionally, charts for ZFS Pools that used to be populated for LogicalDisks under UnixAgent are populated for PhysicalDisks under UnixAgentPlus.

For more details, see the following:

Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione