Chat now with support
Chat with Support

Foglight 5.9.5 - Administration and Configuration Guide

Administering and Configuring Foglight Extending Your Monitoring Reach with Foglight Cartridges Administering Foglight Configure Rules and Metric Calculations to Discover Bottlenecks Customizing Your Foglight Environment with Tooling

Editing Agent Properties by Type

When an agent connects to the Foglight® Management Server, it is provided with a set of properties that it uses to configure its correct running state. Foglight stores agent properties on the Management Server.

You can edit the properties of agent types (global properties), or the properties of individual agent instances (private properties). Typically, after creating an agent instance, before its activation, you edit the agent properties. This causes the agent property values to become private. Agent instances with private properties are not affected by any subsequent changes made to its global properties. Changes to global properties are only carried over to new agent instances that are created after those changes.

Another classification of agent properties refers to their format, complexity, and shareability. Primary properties are typically text, number, or Boolean values. These types of values are easily specified and changed. Secondary or shared properties are in list form and contain multiple values organized into rows and columns. They can be easily cloned and modified to suit the needs of individual agent instances. The difference between primary and secondary (shared) properties is that secondary properties can be shared amongst multiple agent instances, meaning that a list can be associated with multiple agent instances of the same type. However, any changes made to a shared list affect all of those agents.

Any passwords that are defined in agent properties are encrypted. This feature is useful in situations when a database password is defined in agent properties, and there are multiple databases in your environment, for example, a Foglight database and a production database. Encrypting database passwords prevents unauthorized database administrators from accessing the database.

Agent properties can be edited using the Agent Properties dashboard. You can use it to edit the properties globally, for all instances of the same type, or only for a specific agent instance. To access this dashboard, from the navigation panel, click Dashboards > Administration > Agents > Agent Properties, or select an agent instance on the Agent Status dashboard and click Edit Properties.

Figure 4. The Agent Properties dashboard.

Moving FglAM agents

The Agent Status dashboard allows you to move the FglAM agents within various FglAM hosts, if needed. To access the Agent Status dashboard, from the navigation panel, click Dashboards > Administration > Agents > Status. For the detailed information about the Agent Status dashboard, see Explore the Agent Status dashboard on page 127.

To move an FglAM agent:

* 
NOTE: The agent movement function is only applicable for the FglAM agent which type is one of the following: FileLogMonitorAgent, UnixAgentPlus, WindowsEventLogMonitorAgent, MultiHostProcessMonitorAgent, PowerVMHMCAgent, UnixAgent, and WindowsAgent.
1
On the navigation panel, under Dashboards, click Administration > Agents > Status.
The Agent Status dashboard opens.
2
Select an agent that you want to move from the agents list, and click the move icon .
The Move selected agents to a different Agent Manager dialog box opens.
3
Use the group selector to select the target FglAM host from the Select Agent Manager drop-down list, and click Move.
* 
NOTE: The target FglAM host must have the same lockbox as the source FglAM host. For more information, see Managing lockboxes.

Several Operarting System (OS) and environment-specific issues, which include the following, may arise when moving an FglAM agent.
The WindowsAgent stops collecting the data, if this WindowsAgent is moved from FglAM-A (an FglAM host installed with the Windows environment) to FglAM-B (an FglAM host installed with the Linux environment). See the “Access to DCOM objects and registry is denied” section in the Foglight Agent Manager Guide to resolve this issue.
When moving an FglAM agent which ASP configurations include a value of “localhost”, it is strongly recommended that you change the corresponding ASP value to the name or IP address of the local host; otherwise the unexpected result may occur.
The agent movement fails if an FglAM agent is moved from Solaris OS to Windows 2008 OS. This issue is known to exist. For more information, see the Foglight 5.7.6 Release Notes document.
After moving an FglAM agent to an FglAM host that has the invalid lockbox, this FglAm agent cannot be moved to other Foglight hosts any more. The invalid lockbox of the target FglAM host causes that the target FglAM host cannot release any FglAM agent.
Before moving an FglAM agent, you need be aware that all lockboxs should be released from the source FglAM host to the target FglAM host, in order to achieve a successful FglAM agent movement.

For more information, see the following topics:
Restart an Agent Manager
Upgrade an Agent Manager

Viewing Agent Adapters

Foglight uses agent adapters to communicate with agents that collect information from monitored hosts. The majority of Foglight agents use the Foglight Agent Manager (FglAM). There are some agents that use other types of agent adapters.

The Agent Adapters dashboard allows you to view information about agent adapters and to activate or deactivate them, if instructed by Quest Support. To access this dashboard, from the navigation panel, click Dashboards > Administration > Agents > Adapters.

Figure 5. The Agent Adapters dashboard.

For more information, see the following topics:
View the agent adapters
Activate or deactivate agent adapters

Controlling System Access with Credentials

Foglight can monitor different resources in an organization. Some of these resources can be secured while others are not. Your organization has specific security policies for those resources that require authorized access. For example, Windows hosts are secured resources that require a Windows login. Unix hosts are also secured resources that require a valid Unix login. Foglight allows you to store system credentials for accessing secured resources in a central location.

A credential is a piece of information that an agent instance needs to gain access to the monitored system. For example, you can associate one client with a database server and another with a production server, and have an agent instance monitoring the database server connect using a user name and password. Another agent instance monitoring the production server can connect to it using Windows-based login information.

Different cartridges support different types of credentials. Some cartridges, for example, support the use of Windows and Unix credentials, while others can only authenticate local users. The credential type determines which parts of the monitored system are used to connect to a resource, such as host names or IP addresses. For complete information about cartridge-specific credential types, see your cartridge documentation.

Credentials are encrypted and stored in lockboxes. Lockboxes are released to credential clients, such as agent managers.

The Credentials dashboard provides quick access to credentials and lockboxes. This dashboard provides at-a-glance information about the current state of credentials, lockboxes, credential clients, the alarms they generate, and cartridge-specific credential views. Use it as a starting point for your credential management needs. To access this dashboard, on the navigation panel, click Dashboards > Administration > Credentials.

 
* 
TIP: Another way to access the Credentials dashboard is from the Administration dashboard, under Credentials > Credential Management.
 
* 
NOTE: In a federated environment, credentials can only be managed on Federated Child servers. Credentials cannot be administered from the Federation Master.
Managing credentials

A credential is a piece of information required to gain access to system resources. Foglight agents need access to this information when monitoring systems that require credential verification.

Foglight supports a set of commonly used credentials such as currently logged in user, password-based, user name with or without password, and Windows credentials. Each credential can have one or more authentication policies, based on the desired usage count, failure rate, the time range during which the credential can be used, and the amount of time during which the credential information is cached locally. Credentials can apply to specific parts of the monitored environment, such as hosts and ports.

You create and manage credentials, as well as edit their type, authentication policies, and target resources, using the Manage Credentials dashboard. To access this dashboard, on the main Credentials dashboard, click Manage Credentials.

For more information, see the following topics:
Explore the Manage Credentials dashboard
Add or delete credentials
Edit credential properties
Edit credential names
Edit credential resource mappings
Edit credential policies
Change the order of credentials
Query credentials
Monitoring credential alarms

Occasionally, credential clients may encounter errors. For example, a credential client can fail to start a monitoring agent due to a credential failure. The Monitor Credential Alarms dashboard lists all alarms that are raised by credential clients and provides additional information about each alarm, such as the severity, alarm message, event or rule that generated it, and other information. To access this dashboard, on the main Credentials dashboard, click Monitor Credential Alarms.

For more information, see the following topics:
Explore the Monitor Credential Alarms dashboard
Credential events generated by the Foglight Agent Manager
Acknowledging credential alarms
Clearing credential alarms
Managing lockboxes

A lockbox can be password-protected, and contains a collection of credential keys used for encryption and decryption.

You can create, edit, and manage lockboxes, change their passwords, and release them to credential clients using the Manage Lockboxes dashboard. To access this dashboard, on the main Credentials dashboard, click Manage Lockboxes.

For more information, see the following topics:
Explore the Manage Lockboxes dashboard
Add or delete lockboxes
Add or remove lockbox passwords
Change the password for a lockbox
Release lockboxes to credential clients
Viewing credential clients

The View Clients dashboard lists all credential clients that exist in Foglight, and provides additional information about each client, such as its name, type, and assigned lockboxes, along with other information. To access this dashboard, on the main Credentials dashboard, click View Clients.

For more information, see Explore the View Clients dashboard on page 166.

Using domain-specific credential views

In addition to the credential dashboards included with the Management Server, some cartridges may include their own credential views. If your system includes any domain-specific credential views, the links to these views are listed at the bottom of the Credentials dashboard.

 

 

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating