Converse agora com nosso suporte
Chat com o suporte

Foglight for Exchange 7.1.0 - User Guide

Navigation basics Exploring the Foglight for Exchange dashboards Managing Exchange agents Reporting on your Exchange environment Foglight for Exchange views
Role views Exchange Server views Site views Cluster views Description of Embedded views
Agent State view Alarms view Auto Attendant Calls view Auto Attendant Directory Access view Auto Attendant General view Auto Attendant Transfers view Cached LDAP Searches/sec view CAS AB Load view CAS AB Service view CAS Control Panel Load view CAS Load view CAS OAB Download view CAS RPC Client Access view CAS RPC Client Access Load view CAS RPC HTTP view Client Access Features view Cluster Database Details view Cluster Storage Group Details view Cluster Summary and Resource Information view Cluster Summary view Clusters Listing view CPU view Disk view Domain Controllers view Edge Agent view Edge Transport Features view Exchange Roles Server Summary view Exchange Server Roles view (reference information) Exchange Servers in This Cluster view Exchange Servers view (Exchange Cluster Environment Summary) Exchange Servers view Host Monitor view Hub Transport Features view IP Address view Mailbox Features view Mailbox Store Assistant view Managed Availability Recovery Action Results view Memory view Network view Processes LDAP Read Time view Resource Utilization view Roles Listing view Roles Explorer view Role Features State view Roles Top 3 view Server Health view Server Listing view Servers in Site view Servers In This Site view Site By Category view Site Listing view Store Calendar Attendant view Store Client Search view Store Content Indexing view Store Database view Store Public Load view Store Resource Booking view Store RPC Client Throttling view Store Transport view Store User Load view Summary and Resource Information view Top 3 CPU Consumers view Top 3 Memory Consumers view Top 3 Network Consumers view Top 3 Storage Consumers view Total LDAP Read Time On All DCs view Total Long-Running LDAP Operations On All DCs view Transport Dumpster view Transport Edge Sync view Transport Extensibility Agent view Transport Load Store Drivers view Transport Queues view UM Availability view UM Call Answer General view UM Call Answer view UM Fax view UM General Current view UM General view UM Subscriber Access Calendar view UM Subscriber Access Directory view UM Subscriber Access General view UM Subscriber Access Message view Unified Messaging Features view Windows Services view
Foglight for Exchange rules Running diagnostic tests Managing Exchange metrics

Agent Management view

Once Exchange agent instances are added, the Agent Management view displays all of the agent instances configured to monitor Exchange metrics.

The Agent Management view contains the following information for each configured Exchange agent instance.

Use the selection check boxes to select agent instances for activation/deactivation, starting/stopping data collection, editing properties, or removal.

Exchange Server

Displays the name of the servers being monitored by an Exchange agent instance.

Active

Indicates whether the agent instance for an Exchange server is activated. A green check mark in this check box indicates that the agent is active.

Data Collection

Indicates whether the agent instance is currently collecting data. A green check mark in this check box indicates that the agent is collecting data.

Agent Name

Displays the name of the agent instance created for an Exchange server.

Foglight Agent Manager Host

Displays the name of the Foglight Agent Manager Host assigned to each Exchange agent instance.

Alarms

Displays the number of alarms outstanding for a select Exchange agent. Clicking an alarm opens the Alarms for <agent_name> view, which provides more details about these alarms.

Private Properties

Click the Edit icon in this column to update the private agent properties using the Agent Edit wizard. For more information, see Edit private agent properties.

Secondary Properties

Click the Edit icon in this column to open the Shared Properties dialog box and review the properties defined. To enable / disable a powershell cmdlet, select / clear the Monitor check box for that cmdlet.

Download Log

Click the icon in this column to download the agent log.

Agent Version

Displays the agent version. A green check mark icon indicates that the agent version is up to date.

Use the buttons at the top of this list to manage your Exchange agent instances, as described in the following table.

Select to launch the Agent Setup wizard to add and configure new Exchange agent instances. For more information, see Add and configure new agents.

Select to refresh the information displayed in the Agent list.

Select to activate the selected agent instance(s).

Select to deactivate the selected agent instance(s).

Select to start collecting data on the selected agent instance(s).

Select to stop collecting data on the selected agent instance(s).

Select to remove the selected agent instance(s).

Create and automatically assign credentials for Exchange agents created before version 5.6.6.

Verify agent configuration. For more information, see Inspect agent prerequisites.

Search for an Exchange agent using the Search filter.

The Agent Setup wizard guides you through the process of adding and configuring Exchange agent instances on one or more servers.

1
At the top of the Agent Management view, click Add to launch the Agent Setup wizard.
2
On the Prepare page, carefully read the instructions about the steps that you need to take before proceeding with the wizard.
3
On the Auto-Discovery or Manual page, indicate if you want to manually configure an agent to monitor a single Exchange server, or search your domain and auto-discover Exchange servers and create one or several agents. Click Next.
If you selected Auto-discover, continue with Step 4.
If you selected Manual, continue with Step 6.
4
On the Select the Search Domain page, specify the domain to be used to search for Exchange servers where Exchange agent instances are to be created and activated.
Domain: Type the fully qualified name (myDomain.com) of a domain to search for Exchange servers.
User Name: Type the user principal name of the account to be used to query Active Directory® on the selected domain.The following formats are accepted for the user principal name: myUser@myDomain.com, myUser, and myDomain.com\myUser.
User Password: Enter the password associated with the above user account.
Enable SSL For LDAP: Selecting this check box if security LDAP is required.
Click Next.
NOTE:
1. When selecting
Enable SSL For LDAP, import the root certificate of the monitoring domain into both FglAM and Foglight keystore.
2. Ensure that the Subject Alternative Name of the certificate used by LDAP service includes both server FQDN and Domain name.
For detailed information on how to import certificate into both FMS and FglAM keystore in FIPS-compliant mode, refer to Managing certificates for FglAM and Managing certificates for FMS in FIPS-compliant mode .
For detailed information on how to import certificate into both FMS and FglAM keystore in non-FIPS mode, refer to Managing certificates for FglAM and Managing certificates for FMS in non-FIPS mode .
5
On the Select Servers page, select one or more Exchange servers that you want to monitor.
Exchange Server: The name of the Exchange server found on the selected domain.
Exchange Agent Exists: Indicates whether an Exchange agent instance has already been created for an Exchange server. A green check mark in this check box indicates that an agent instance is already created to monitor the Exchange server. Servers already monitored by other Exchange agents are unavailable for selection in the list.
Click Next.
6
On the Configure Agent Properties page, review the Exchange agent properties, and edit them, as necessary.
Exchange Server(s): The name of one or more Exchange servers found on the selected domain.
Domain Controller: The name of the domain controller found on the selected domain.
Communication Protocol: Selects to run the WMI query through DCOM or WinRM.
WinRM Port: The WinRM port number on the monitored server. This property only appears if the Communication Protocol is set to WinRM through HTTP or WinRM through HTTPS.
NOTE:
1. When setting
Communication Protocol as WinRM through HTTPs, import the root certificate of the monitoring domain into FglAM keystore.
2. Ensure that the Subject Alternative Name of the certificate used by LDAP service includes both server FQDN and Domain name.
For detailed information on how to import certificate into FglAM keystore, refer to Managing certificates for FglAM .
LDAP Authentication Mechanism: The authentication scheme used to connect to the LDAP server: Simple (default) or Kerberos.
Enable SSL For LDAP: Indicates if the LDAP connection is secure or not (default).
NOTE:
1. When selecting
Enable SSL For LDAP, import the root certificate of the monitoring domain into both FglAM and Foglight keystore.
2. Ensure that the Subject Alternative Name of the certificate used by LDAP service includes both server FQDN and Domain name.
For detailed information on how to import certificate into both FMS and FglAM keystore in FIPS-compliant mode, refer to Managing certificates for FglAM and Managing certificates for FMS in FIPS-compliant mode .
For detailed information on how to import certificate into both FMS and FglAM keystore in non-FIPS mode, refer to Managing certificates for FglAM and Managing certificates for FMS in non-FIPS mode .
Is a Virtual Host?: Indicates if the selected Exchange server runs on a virtual host. If it runs on a physical host, by default the Windows Agent is delegated to collect host metrics
Virtual Environment: The type of the virtual environment: VMware or Hyper-V. This property only appears if the selected Exchange server runs on a virtual host.
Enable ActiveSync Collection: Indicates if the collection of ActiveSync Top N users is disabled or enabled.
IIS Log Folder: The file path to the IIS log on the Exchange Client Access Server.
ActiveSync Collection Time: The time when the ActiveSync collection task starts.
Top N Users: The number of top N users for which data is submitted to the Management Server.
Click Next.
7
On the Select the Agent Manager Host page, select the Foglight Agent Manager host to be used for the new Exchange agent instances.
The Exchange Agent Package Deployed column indicates whether the Exchange agent package is already deployed to the Agent Manager host(s). A green check in this column indicates that the Exchange agent package has been deployed.
The Windows Agent Package Deployed column indicates whether the Windows agent package is already deployed to the Agent Manager host(s). A green check in this column indicates that the Windows agent package has been deployed. This column is displayed only if the Exchange server runs on a physical host.
Click Next.
8
On the Assign and Validate Credentials page, review the available credentials, and edit them, as necessary.
To create a new credential, click Add host(s) to a new credential.
In the Create New Credential and Assign dialog box, create a credential that you want to use to access the monitored resource. Type a new credential name, domain, user name, password, and lockbox, and click Submit.
To select an existing credential, click Add host(s) to an existing credential.
In the Select Existing Credential dialog box, select an existing credential, and click Submit.
To bypass the prerequisites verification, select the Do not check for prerequisites check box.
Click Next.
9
On the Summary page, review the configuration settings chosen for the new agent, and its prerequisite diagnostics, including:
Exchange Agent: The name of the selected Exchange agent instance.
Windows Agent: The name of the selected Windows agent instance.
Success: The agent instance can connect to the monitored Exchange server and collect data.
Error: The agent instance cannot connect to the monitored Exchange server instance and collect data. Click this link to find out what causes this error. Carefully review the information in the popup that appears in order address the problem.
Click Finish.
The Agent Setup wizard closes. The Exchange agent is now added and configured, and appears in the Agent Management view, on the Administration tab.

The Agent Edit wizard guides you through the process of editing private agent properties.

2
In the Agent Edit wizard, on the Configure Agent Properties page, review the Exchange agent properties, and edit them, as necessary.
Exchange Server(s): The name of one or more Exchange servers found on the selected domain.
Domain Controller: The name of the domain controller found on the selected domain.
Communication Protocol: Selects to run the WMI query through DCOM or WinRM.
WinRM Port: The WinRM port number on the monitored server. This property only appears if the Communication Protocol is set to WinRM through HTTP or WinRM through HTTPS.
NOTE:
1. When setting
Communication Protocol as WinRM through HTTPs, import the root certificate of the monitoring domain into FglAM keystore.
2. Ensure that the Subject Alternative Name of the certificate used by LDAP service includes both server FQDN and Domain name.
For detailed information on how to import certificate into FglAM keystore, refer to Managing certificates for FglAM .
LDAP Authentication Mechanism: The authentication scheme used to connect to the LDAP server: Simple (default) or Kerberos.
Enable SSL For LDAP: Indicates if the LDAP connection is secure or not (default).
NOTE:
1. When selecting
Enable SSL For LDAP, import the root certificate of the monitoring domain into both FglAM and Foglight keystore.
2. Ensure that the Subject Alternative Name of the certificate used by LDAP service includes both server FQDN and Domain name.
For detailed information on how to import certificate into both FMS and FglAM keystore in FIPS-compliant mode, refer to Managing certificates for FglAM and Managing certificates for FMS in FIPS-compliant mode .
For detailed information on how to import certificate into both FMS and FglAM keystore in non-FIPS mode, refer to Managing certificates for FglAM and Managing certificates for FMS in non-FIPS mode .
Is a Virtual Host?: Indicates if the selected Exchange server runs on a virtual host.
Virtual Environment: The type of the virtual environment: VMware or Hyper-V. This property only appears if the selected Exchange server runs on a virtual host.
Host Info Provider: Indicates the host metrics collected by the Windows agent or the Exchange agent.
Enable ActiveSync Collection: Indicates if the collection of ActiveSync Top N users is disabled or enabled.
IIS Log Folder: The file path to the IIS log on the Exchange Client Access Server.
ActiveSync Collection Time: The time when the ActiveSync collection task starts.
Top N Users: The number of top N users for which data is submitted to the Management Server.
Click Next.
3
On the Assign and Validate Credentials page, review the available credentials, and edit them, as necessary.
To create a new credential, click Add host(s) to a new credential.
In the Create New Credential and Assign dialog box, create a credential that you want to use to access the monitored resource. Type a new credential name, domain, user name, password, and lockbox, and click Submit.
To select an existing credential, click Add host(s) to an existing credential.
In the Select Existing Credential dialog box, select an existing credential, and click Submit.
Click Next.
4
On the Summary page, review the newly updated configuration settings, then click Finish.
The Agent Edit wizard closes. The private properties are now updated.

If any monitoring agents are unable to collect data or connect to the monitored Exchange servers, you can inspect the underlying cause using the Prerequisites Diagnostic button on the Agent Management toolbar.

2
Review the results in the Prerequisites Diagnostic dialog box.
Agent Name: The name of the selected Exchange agent instance.
Monitored Host: The name of the host on which the monitored Exchange server is running.
Success: The agent instance can connect to the monitored Exchange server and collect data.
Error: The agent instance cannot connect to the monitored Exchange server instance and collect data. Click this link to find out what causes this error. Carefully review the information in the popup that appears in order address the problem.

Managing certificates

In order to successfully make use of the Foglight commands in your monitoring environment, review the syntax conventions before getting started. The syntax conventions are as follows:

<foglight_home> is a placeholder that represents the path to the Foglight Management Server installation.
<foglight_agent_mgr_home> is a placeholder that represents the path to the Foglight Agent Manager installation. This can be the location of the Foglight Agent Manager installation on a monitored host, or the home directory of the Foglight Agent Manager that comes embedded with the Foglight Management Server. For example:

Foglight Evolve agents use Foglight Agent Manager (FglAM) to manage certificates for SSL encryption connection.

All the certificate-related command line options require that FglAM be up and running.

bin/fglam --add-certificate "user alias 1"=/path/to/certificate/file

The alias is required and is used in the list and delete operations to refer to the certificate. It can be anything.

bin/fglam --list-certificates

Print out a list of certificates and the aliases that refer to them.

Refer to the example output below:

Remove a certificate referred to by an alias.

bin/fglam --delete-certificate "user alias 1"

Use the keytool utility shipped with Foglight to create, import, or export certificates. This utility can be found at: <foglight_home>\jre\bin\keytool.

There are two FMS running modes:

The KeyStore Foglight used under non-FIPS mode is located at: <foglight_home>/jre/lib/security/cacerts (default password: changeit)

Use the keytool command in FMS JRE located in <foglight>/jre/bin

keytool -import -trustcacerts -alias "<alias>" -file "<certificate path>" -keystore <foglight_home>/jre/lib/security/cacerts -storepass changeit

<alias>: The alias is required and is used in the list and delete operations to refer to the certificate. It can be anything.
<foglight_home>: The folder path where the Foglight is installed.
<certificate path>: Your custom certificate path.

keytool -list -keystore <foglight_home>/jre/lib/security/cacerts -storepass changeit

Remove a certificate referred to by an alias.

keytool -delete -alias <alias> -keystore <foglight_home>/jre/lib/security/cacerts -storepass changeit

The KeyStore Foglight used in FIPS-compliant mode is located at: <foglight_home>/config/security/trust.fips.keystore (default password: nitrogen)

Use the keytool command in FMS JRE located in <foglight>/jre/bin.

keytool -import -trustcacerts -alias "<alias>" -file "<certificate path>" -keystore "<Foglight_home>/config/security/trust.fips.keystore" -deststoretype BCFKS -provider org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -providerpath "<Foglight_home>/server/core/bc-fips.jar" -storepass nitrogen

<alias>: The alias is required and is used in the list and delete operations to refer to the certificate. It can be anything.
<Foglight_home>: The folder path where Foglight is installed.
<certificate path>: Your custom certificate path.

keytool -list -keystore "<Foglight_home>/config/security/trust.fips.keystore" -deststoretype BCFKS -provider org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -providerpath "<Foglight_home>/server/core/bc-fips.jar" -storepass nitrogen

Prints out a list of certificates and the aliases that refer to them.

Refer to the example output below:

Remove a certificate referred to by an alias.

keytool -delete -alias <alias> -keystore "<Foglight_home>/config/security/trust.fips.keystore" -deststoretype BCFKS -provider org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -providerpath "<Foglight_home>/server/core/bc-fips.jar" -storepass nitrogen

C:\Quest\Foglight\jre\bin>keytool -import -trustcacerts -alias "Evolve-Test" -file "D:/Evolve-test.crt" -keystore "C:/Quest/Foglight/config/security/trust.fips.keystore" -deststoretype BCFKS -provider org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -providerpath "C:/Quest/Foglight/server/core/bc-fips.jar" -storepass nitrogen

Owner: CN=CA, DC=ca, DC=local

Issuer: CN=CA, DC=ca, DC=local

Serial number: xxxx

Valid from: Sun Jan 06 23:07:06 CST 2019 until: Wed Apr 06 23:07:06 CST 2022

Certificate fingerprints:

...

 

Extensions:

...

Trust this certificate? [no]: yes

Certificate was added to keystore

Exchange agent properties

The primary properties for an Exchange agent instance are required to connect to the target server from which data is to be collected. These properties are either specified when the agent instance is configured or they have a pre-defined default value.

To display an agent’s properties page, use one of the following methods:

From the navigation panel, navigate to Dashboards > Administration > Agents > Agent Properties. On the Agent Properties dashboard, select an agent. The Properties panel is displayed, showing the current properties for the selected agent instance.
From the navigation panel, navigate to Dashboards > Administration > Agents > Agent Status. On the Agent Status dashboard, select an agent from the list and click Edit > Edit Properties. The Agent Status dashboard refreshes, showing the current properties for the selected agent instance.

For more information on using the Agent Status dashboard to edit agent properties, see the Foglight Administration and Configuration Help.

The following tables describe the properties that can be modified for either an individual or all Exchange agent instances, by clicking Modify the private properties for this agent or Modify the properties of all ExchangeAgent agents links, respectively.

Configuration

Use the properties in the Configuration panel to specify the target server from which data is to be collected, to define what cartridge is to be used to collect the host metrics, and specify whether the target server is a virtual machine.

Host Name

N/A

The fully qualified domain name (myServer.myDomain.com) of the target server from which data is to be collected.

Domain Controller Name

N/A

The fully qualified domain name (myServer.myDomain.com) of a domain controller, in the same domain where the Exchange server(s) reside. This domain controller is used to capture Active Directory® related information which Exchange is dependant upon.

Host Collector

 

The host metrics (CPU, Memory, Network, Storage) displayed in Foglight for Exchange can be collected by the Foglight for Exchange, Foglight for Hyper-V, Foglight for VMware, or Foglight for Infrastructure cartridge.

Select the host collector to be used to collect host metrics:

Exchange (included) - if selected, all host collections are collected based on the interval set in the collection schedule.
Hyper-V (must be installed) - if selected, the logical disk space metrics are collected based on the interval set in the collection schedule; all other host metrics are collected based on the settings in the Foglight for Hyper-V cartridge. The “Memory In Use” is not available and will be blank in this configuration.
VMware (must be installed) - if selected, the host collections are skipped regardless of the value in the collection schedule. That is, all host collections are collected based on the settings in the Foglight for VMware cartridge.
Infrastructure (must be installed) - if selected, the host collections are skipped regardless of the value in the collection schedule. That is, all host collections are collected based on the settings in the Foglight for Infrastructure cartridge.

Communication Protocol

DCOM

Selects to run the WMI query through DCOM, WinRM Through HTTP, or WinRM Through HTTPS.

WinRM Port

5985

Determines the WinRM port number in the monitored server.

Enable SSL For LDAP

False

Enables/ disables security LDAP connection.

LDAP Authentication Scheme

Basic

Supports both Basic and Kerberos authentication schemes, when connected to LDAP server.

Network Connection TimeOut

120,000

Specifies how long (milliseconds) the system waits for a response from the remote server before it times out. That is, this is the time in milliseconds that a data collection query will run before it is presumed to have failed and the network connection is terminated.

ActiveSync Activities Collection

True

Enable or disable the collection of ActiveSync topN users.

ActiveSync Activity Log Folder

 

Defines the IIS log path in the Exchange Client Access Server.

ActiveSync Activity Collection Time

 

Defines when to start the ActiveSync collection task.

ActiveSync Top Email Sender and Receiver

 

Determines the number of top N users for which data is submitted to the Management Server

Documentos relacionados

The document was helpful.

Selecione a classificação

I easily found the information I needed.

Selecione a classificação