Foglight 5.9.1 - Administration and Configuration Guide


	TIP: For more information about problems that you may encounter when configuring LDAP with Active Directory, see Common Active Directory configuration problems.

This setting uses the following syntax:

ldap://host:port

Where:

•

host is the fully qualified domain name or IP address of the LDAP server.

•

port is the port number of the LDAP server.

•

Secondary LDAP server URL: The URL to the secondary LDAP server.

If you are using Active Directory, and the primary LDAP server (specified by the Nearest LDAP server URL setting) fails, Foglight searches the domains that are the children of the secondary LDAP server.


	TIP: For more information about problems that you may encounter when configuring LDAP with Active Directory, see Common Active Directory configuration problems.

This setting uses the same URL syntax as the primary server URL: ldap://host:port.

External directory settings

•

Account is anonymous: If set to true, Foglight uses an anonymous service account to search for users in the extended directory. The default user name for anonymous service accounts is __anonymous__. Enabling this option sets the Distinguished name of the service account to __anonymous__.

•

Distinguished name of the service account: The distinguished name (DN) of the service account for further user searching, or a special account, such as __anonymous__. In Active Directory, typically, a common name (CN) is used instead of DN.

•

Group attribute for nested group searching: Specifies the name of the attribute of groups (for example, member) that contains nested groups’ distinguished names. It is used for resolving nested group membership in indirect Mode of group searching.

•

JAAS LoginModule Name: This setting is internal and as such should never be modified.

•

Match on User DN: Indicates if user distinguished names are matched.

•

Maximum level of group nesting: Specifies the maximum number of nested groups that can be queried.

•

Parent group attribute ID: Specifies the name of the attribute of users and groups (for example, memberOf) that holds the containing groups’ distinguished names. Used for resolving group membership of users and recursive groups in direct Mode of group searching.

•

Password: The password of the service account used for user searching in the external directory.


	IMPORTANT: Whenever you change any of the setting on this page, you must re-enter the password in order for these settings to take effect.

•

LDAP query prefix, LDAP query suffix: An LDAP query searches for user accounts in the external directory. It takes the user information provided on the Foglight login page (see Logging in to the Foglight browser interface) and searches for user information in the external directory. The directory tree typically contains multiple levels. Searching individual parts of the directory tree makes the authentication process shorter and more efficient as opposed to searching the entire directory tree which can result in request time-outs. You can narrow down to the specific groups that you want the LDAP queries to use by setting the prefix and suffix of the query.

If you are using Active Directory, point the LDAP query suffix to the root of the domain to search the entire domain. For example, in Active Directory, if the CN user accounts are defined in the sAMAccount=Users group, and the Active Directory domain is 2K3.DOM, apply the following settings:

•

LDAP query prefix: CN=

•

LDAP query suffix: ,CN=Users,DC=2k3,DC=dom


	IMPORTANT: LDAP authentication can also be configured if the LDAP query prefix is set to “sAMAccountName=”.

When the prefix and suffix are specified, they are appended to the LDAP queries.

•

Role attribute ID, Is Role attribute a DN: Groups in the external directory are objects with attributes. Each attribute has an ID and a value.

The setting Role attribute ID specifies the name of the attribute that uniquely identifies the name of the role in the external directory. LDAP queries use the role attributes to authenticate users.

Is Role attribute a DN specifies if the role attribute is a distinguished name.

Tip

In Active Directory, this setting should always be set to false.

•

Mode of group searching: Indicates the direction in which groups are searched:

•

disabled: Do not search for groups.

•

direct: Search for groups using the Parent group attribute ID (for example, memberOf).

•

indirect: Search for groups in the scope to using the User attribute ID to search for groups and Group attribute for nested group searching.

•

The scope(s) to search for groups, The second group namespace, and The third group namespace: These settings indicate the groups in the external directory tree that are queried for a specific user whose authentication information is provided on the Foglight login page. You can specify up to three groups in the external directory, as required. The order in which the groups are searched is determined by the order these settings are listed: first, the query searches the group specified by the The scope(s) to search for groups setting, then the group specified by The second group namespace, and finally, the group specified by The third group namespace.

If you are using Active Directory, there are two basic scenarios:

•

Environments with up to three or four users: There is no need to assign these groups. Instead, have the Foglight administrator assign the required roles after the initial user logins.

•

Larger environments: In Active Directory, create the same set of groups that exist in Foglight: Foglight Administrators, Foglight Security Administrators, and Foglight Operators. Add Active Directory user accounts that you want to integrate with Foglight to these groups, and set the The scope(s) to search for groups to point to the OU contaning these groups.

Alternatively, if your Foglight users are already in an Active Directory group, in Foglight, create a group with the same name, and set the The scope(s) to search for groups to point to the OU contaning this group.

•

LDAP search timeout (milliseconds): Specifies the maximal duration of an LDAP search, in milliseconds. LDAP searches that take longer than that result in time-outs.

•

Name of JAAS security domain: This setting is internal and as such should never be modified.

•

User alias attribute ID: User accounts in an external directory can have aliases. This setting specifies the name of the attribute associated with the user alias.

•

User attribute ID to search for groups: Specifies the name of the attribute of groups (for example, member) that contains users’ distinguished names. It is used for resolving group membership through groups in indirect Mode of group searching.

•

The LDAP context for user searching: Similar to specifying the groups in the directory tree, this setting provides a way for selecting a portion of the directory tree, giving a context to the query.

If you are using Active Directory, this value should match the LDAP query suffix setting without the leading comma. For example:

•

LDAP query suffix: ,CN=Users,DC=2k3,DC=dom

•

The LDAP context for user searching: CN=Users,DC=2k3,DC=dom

Examples of external directory settings

Table 5. The table below shows types of LDAP directory servers.
Setting	Active Directory	Oracle Directory Server Enterprise Edition/OpenLDAP	Novell eDirectory
Nearest LDAP server	ldap://ukdatemea01:389
Secondary LDAP server URL	ldap://uklonemea01:389
Account is anonymous	No	Yes	No
Distinguished name of the service account	CN=JW admin,OU=EMEA Admins,DC=emea,DC=corp,DC=apax,DC=com	__anonymous__	CN=foglight_admin, O=services
Group attribute for nested group searching	member	uniqueMember	member
JAAS LoginModule Name	com.quest.nitro.service.security.auth.spi.NitroExtendedLdapLoginModule
JAAS LoginModule Name	NOTE: Do not change this setting.
Match on User DN	true
Maximum level of group nesting	5
Parent group attribute ID	memberOf
Password	********
LDAP query prefix	CN=	uid=	CN=
LDAP query suffix	,CN=Users,DC=emea,DC=corp,DC=apax,DC=com	,OU=Employees,DC=example,DC=com	,O=novell
Role attribute ID	name	cn	cn
Is Role attribute a DN	false
Mode of group searching	direct	indirect	direct
The scope(s) to search for groups	OU=Foglight Admins,DC=emea, DC=corp,DC=apax,DC=com Note: Setting the scope to search for a group with the ldap root DN may cause a javax.naming.PartialResultException during searching. To search from the root DN, change the ldap url to use a global category. For example, setting the Nearest LDAP server as ldap://ukdatemea01:3268 should prevent a javax.naming.PartialResultException.	OU=Groups,DC=example,DC=com	O=novell
The second group namespace	OU=EMEA Admins, DC=emea,DC=corp,DC=apax,DC=com	OU=Dynamic Groups,DC=example,DC=com	N/A
The third group namespace	CN=Foglight,OU=EMEA Admins,DC=emea,DC=corp,DC=apax,DC=com	N/A
LDAP search timeout (milliseconds)	10000
Name of JAAS security domain	fgl-web-console
Name of JAAS security domain	NOTE: Do not change this setting.
User alias attribute ID	sAMAccountName	uid	uniqueId
User attribute ID to search for groups	memberOf	uniqueMember	member
The LDAP context for user searching	OU=EMEA Admins,DC=emea,DC=corp,DC=apax,DC=com	OU=People,DC=example,DC=com	o=novell

Common Active Directory configuration problems

Integrating Active Directory with Foglight can sometimes result in configuration problems. This topic lists the common configuration problems and provides the suggested solutions.

•

The Service Account is improperly configured

•

The 'LDAP context for user searching' setting is too specific

•

A setting on the LDAP account in the LDAP Directory prevents Foglight from doing a simple check and return request

•

The configuration syntax is incorrect

•

Observe the login attempt results

The Service Account is improperly configured

The Service Account must use the distinguished name (DN) format. The syntax must match exactly how the LDAP directory sees the object. You can use an LDAP browser (free LDAP browsers are available for download) to inspect your LDAP directory.

You can use the Active Directory dsquery command to see the DN for a Service Account.

dsquery user –limit 1000 | dsget user –dn > dn.txt

This command creates a text file that you can search for proper Service Account DNs.

For example:

CN=fog5svc1,CN=Managed Service Accounts,DC=example,DC=com

The 'LDAP context for user searching' setting is too specific

Foglight uses the LDAP context for user searching setting to determine where to start looking for LDAP users in the LDAP directory when an LDAP user logs into Foglight. Foglight searches for that user in that location, and every container level under that starting point. If the user account is at a higher level than what is set by the LDAP context for user searching, the login fails.

To test this behavior, simply set the context to the highest level of the LDAP tree. In Microsoft Active Directory, this is the Domain. For example, if the AD domain is example.com, the .LDAP context for user searching can be set to DC=example,DC=com.

You can adjust this setting later after ensuring that Foglight integration with LDAP works.

A setting on the LDAP account in the LDAP Directory prevents Foglight from doing a simple check and return request


	NOTE: The Service Account does not have to exist in or under the directory specified by the LDAP context for user searching setting. The Service Account is specified by the Distinguished name of the service account setting on the Configure Directory Services page.

Foglight can only handle any check and return requests coming from LDAP. For example, Foglight cannot process requests for changing passwords that occur during login. Other types of requests that are also not handled by Foglight include: prevention of logon hours, prevention of logon to (specific workstations), password expirations, disabling accounts, and proprietary security requests. See your LDAP Administrator to help you inspect the Service Account.

To test this, log in to a Windows machine, to the Domain using the specified LDAP account. If anything is presented other than a successful login, Foglight will have a problem with this when it tries to submit an authentication. See your LDAP administrator to resolve your LDAP account issues.

If LDAP authentication is not working in Foglight, try configuring the LDAP query prefix setting to force using older NTLM authentication. Do this by changing the LDAP query prefix from “CN=” to “sAMAccount=” .

The configuration syntax is incorrect

Cross-reference your Configure Directory Services settings with those on another Management Server that are not edited. Compare the formats of the entries. Check the settings that you think have not changed. Examples of incorrect formatting include:

•

Missing the leading comma in the LDAP query suffix setting. The valid format looks like this:

,OU=Employees,DC=example,DC=com

•

Changes to the JAAS LoginModule Name setting. The valid format looks like this:

com.quest.nitro.service.security.auth.spi.NitroExtendedLdapLoginModule

Observe the login attempt results

Observing the result of a login attempt can often tell you if LDAP is successfully configured.

To do that, log in to the Foglight browser interface using your Active Directory account. If LDAP is successfully configured, you see the following message:

Error: The LDAP account fog5svc1 was imported into the Management Server successfully. However, you cannot log in until an administrator grants permissions to your account. Please contact your administrator. Would you like to log in as another user?

This message confirms that the LDAP configuration is successful. You just need to log in as a Foglight Security Administrator and add the newly added LDAP (External) user to a Foglight group which has the appropriate abilities (roles) granted.

If LDAP is not configured correctly, you see the following message:

Invalid username and/or password. Please try again.

You can return to the beginning of this topic and go through the troubleshooting steps to determine the problem.


	NOTE: Active Directory passwords do not need to conform to Foglight password policies. Password policy settings specified on the Password Settings page only apply to internal Foglight accounts. External (LDAP) accounts do not need to follow these settings.

Copy and create an LDAP configuration

Starting with the Foglight Management Server 5.7.5.7, it is possible to configure multiple LDAP directories and you are allowed to select any of the LDAP configurations for user authentication.

To leverage an existing LDAP configuration and create a new one:

On the navigation panel, under Dashboards, click Administration > Users & Security.

On the Users and Security Management dashboard that appears in the display area, click Directory Services Settings.

The Configure Directory Services view appears.

From the Configuration for drop-down list, select an LDAP configuration to be used for leverage.

Click Copy & Create on the upper right corner of the Configure Directory Services view.

The Copy Configuration dialog box appears.

Click OK to copy and create a new LDAP configuration based on the selected one.

Activate an LDAP configuration

You are allowed to activate an LDAP configuration for authenticating the user login to Active Directory, as needed.

To activate an LDAP configuration:

On the navigation panel, under Dashboards, click Administration > Users & Security.

On the Users and Security Management dashboard that appears in the display area, click Directory Services Settings.

The Configure Directory Services view appears.

From the Configuration for drop-down list, select an LDAP configuration that you want to use for the user authentication.

Click Activate.

The Update Directory Services Status dialog box appears, and the selected LDAP configuration is activated.

Once an LDAP configuration is activated, the Activate button will be changed to Deactivate. You can repeat the above workflow to deactivate this LDAP configuration when needed.

Delete an existing LDAP configuration

To delete an existing LDAP configuration:

On the navigation panel, under Dashboards, click Administration > Users & Security.

On the Users and Security Management dashboard that appears in the display area, click Directory Services Settings.

The Configure Directory Services view appears.

From the Configuration for drop-down list, select an LDAP configuration that you want to delete.

Click Delete.

The Delete Configuration dialog box appears.

Click OK.

The Configure Directory Services view refreshes automatically and removes the selected LDAP configuration.

Reorder existing LDAP configurations

With the support of multiple LDAP configurations, the Foglight Management Server enables you to sort the LDAP query configurations for more effective user authentication.

To reorder existing LDAP configurations:

On the navigation panel, under Dashboards, click Administration > Users & Security.

On the Users and Security Management dashboard that appears in the display area, click Directory Services Settings.

The Configure Directory Services view appears.

Click Reorder on the upper right corner of the Configure Directory Services view.

The Sort LDAP Configurations dialog box appears.

Click the arrow under the Move Up or Move Down column to sort LDAP configurations, as needed.

Click Save.

The LDAP query configurations update in the background.

Edit and test external directory settings

Use the Configure Directory Services view to enable Foglight to access user information that is stored in an external directory and to test these settings.

To edit,sort, and test external directory settings:

Obtain all of the service account information required to edit the settings in the Configure Directory Services view.

On the navigation panel, under Dashboards, click Administration > Users & Security.

On the Users and Security Management dashboard that appears in the display area, click Directory Services Settings.

The Configure Directory Services view appears.

Sort the LDAP query configurations to improve the efficiency of user authentication.

On the Configure Directory Services view, click Reorder.

The Sort LDAP Configurations dialog box appears.

Click Move Up or Move Down to sort LDAP configurations, as needed.

Editing one setting at a time. On the Configure Directory Services view, click the Value column of the setting you want to edit.

Type the desired value into the dialog box and click Save. A message box opens, indicating that your changes are being saved.

After a few moments, the message box closes, indicating success. The Configure Directory Services view refreshes, showing the updated setting.

Editing multiple settings.

To edit the LDAP server’s URL, in the LDAP Locations view, click Edit.

Replace the default Nearest LDAP server URL and Secondary LDAP server URL entries with the valid values, as applicable. To test the connectivity to the nearest and secondary LDAP servers, click Test. When done, save your changes by clicking Save.

The URLs Editor dialog box closes and a message box opens, indicating that your changes are being saved.

After a few moments, the message box closes and the LDAP Locations view refreshes, showing the newly-edited values.

To edit the remaining settings, in the Settings view, click Edit.

Replace the default entries with the valid values, as applicable. When done, click Save to save your changes.

The Settings Editor dialog box closes and a message box opens, indicating that your changes are being saved.

After a few moments, the message box closes and the Settings view refreshes, showing the newly-edited values.


	IMPORTANT: Whenever you change any of the settings on this page, you must re-enter the password in order for these settings to take effect.

Test your newly configured LDAP settings.

In the Settings view, click Test Configuration.

The Test Configuration dialog box opens.

In the Test Configuration dialog box, type the name of a user account that exists in the newly integrated external directory, and click Test.

The Name Lookup Tracker message box opens.

After a few moments, the Name Lookup Tracker message box closes and the Test Result message box opens, listing the user names that start with the provided text.

Change the user session time-outs

Use the User Session Settings link on the Users & Security Management dashboard to configure the period of time after which Foglight logs out inactive users. You can set it to a desired number of minutes, or to an infinite period, as required. The time-out session minimum is five minutes.

To change the user session timeout:

On the navigation panel, under Dashboards, click Administration > Users & Security.

On the Users and Security Management dashboard that appears in the display area, click User Session Settings.

The Change User Session Timeout dialog box opens.

Configure the period of inactivity after which Foglight logs out users.

•

To define a specific user session timeout, in the Number of minutes after which user should be logged out box, type the number of minutes.

•

To set the user session timeout to an infinite period, select the Session Never Times Out check box.

In the Change User Session Timeout dialog box, click OK.

The Change User Session Timeout dialog box closes and the User Session Settings task entry refreshes, indicating the newly configured timeout.

Disable global search

By default, global search is enabled for the Managememt Server. In some cases, you may want to disable global search, either for individual users, or for the entire Management Server. You can disable global search by following this procedure.

To disable global search:

•

Start the Management Server with the option:

-Dcom.quest.wcf.disableGlobalSearch=true

After you have disabled global search, you can enable it for specific users. Any users that require access to global search must have the WCF permission globalSearch set on their account. This allows you to control what users can access in their designated environment.

To enable global search for a specific set of users:

•

Run the following script from a user account with the Security role:

import com.quest.nitro.service.security.core.SecurityConsts;

def securitySrv = server.SecurityService;

def defaultRoleWithGlobalSearch = securitySrv.findRoleByName("Console User");

securitySrv.setResAceByIds(SecurityConsts.SEC_RES_UUID_ACTION_GLOBAL_SEARCH, defaultRoleWithGlobalSearch .getId(), 0, true,"Console user role allowed to do global search");

def newRoleWithGlobalSearch = securitySrv.findRoleByName("**Some other Role**");

securitySrv.setResAceByIds(SecurityConsts.SEC_RES_UUID_ACTION_GLOBAL_SEARCH, newRoleWithGlobalSearch.getId(), 1, true,"Console user role allowed to do global search");

Where **Some other Role** is a role that you have created and assigned to users or groups that you want to be able to perform global search.

Blackout Configuration

Getting started: view and manage blackouts

There are several starting points available form the Blackouts page that you can use to view and manage blackouts. Choose the dashboard that best suits your needs. For example, to quickly see a list of all blackouts and delete the ones that you no longer need, navigate to the Manage Blackouts dashboard, and select and delete the desired blackouts.

•

Manage Blackouts. Use this dashboard to view, create, and delete blackouts. For more information, see Explore and manage blackouts.

•

View Blackouts by Object. Use this dashboard to view topology blackouts. Topology blackouts do not interrupt the data collection for the object to which the blackout is assigned. For more information, see View a list of blacked out objects.

•

View Blackouts by Agent. Agent blackouts are events during which the agent ceases to collect data for the duration of the blackout period. For more information, see View a list of blacked out agents.

Explore and manage blackouts

The Manage Blackouts dashboard allows you to view and manage existing blackouts. This dashboard lists all existing blackouts, including topology and agent blackouts. It also provides quick access to workflows for creating new blackouts.

By default, the following columns are displayed:

•

Name contains the blackout name.

Expanding a node in this column shows additional information about the blackout. For example, for topology blackouts, expanding the node shows the names of the topology objects affected by the blackout. Click the name of the topology object to open a dialog box that displays a list of the child objects that are affected by the blackout.

Figure 26. Example of child objects included in a topology blackout.

•

Schedule, Name contains the name of the schedule associated with the blackout.

•

Schedule, Currently Blacked Out indicates whether the blackout is currently in effect: Yes or No.

•

Schedule, State indicates if the blackout schedule is in effect (Current), expired (Expired), or set to occur at a later time (Future).

•

Includes Children indicates whether the blackout is inherited by the descendents of the affected type (topology blackouts only): Yes or No.

•

Type shows the blackout type: agent blackout

or topology blackout

In addition to these columns, the following columns can also be displayed by clicking and selecting them from the Show Columns dwell that appears.

•

Next Start shows the date and time on which the next instance of the blackout period starts.

•

Next End shows the date and time on which the next instance of the blackout period ends.

•

Duration shows the length of time during which the next blackout period will be in effect.

Click Create One-Time Blackout or Create Scheduled Blackout to start the Create Blackout Wizard that allows you to quickly add a new blackout to the existing collection. For more information about the available flows, see Create one-time agent blackouts, Create scheduled blackouts for alarms, and Create scheduled blackouts for agents by selecting objects.

The left-most column in the list contains check boxes that allow you to select one or more blackouts, and delete them, as required. Click Select All and Select None to select all variables or clear all selections, respectively.

View a list of blacked out objects

The View Blackouts by Object dashboard lists all topology objects that are blacked out. Use this dashboard to quickly identify the objects whose alarms are suspended.

Figure 27. The View All Objects with Alarms Suspended dashboard.

To access this dashboard, on the Blackouts page, click View Blackouts by Object. For each topology object, the following columns are displayed.

•

Name contains the name of blacked out topology object.

Expand a node in this column to show the names of the blackouts assigned to this object. Click or hover over the blackout name to see additional information about the blackout.

•

Type contains the name of the topology type of the blacked out object.


	IMPORTANT: This column is populated only in the rows containing topology objects.

•

Includes Children indicates whether the blackout is inherited by the descendents of the affected type (topology blackouts only): Yes or No.


	IMPORTANT: This column is populated only in the rows containing blackout instances.

•

Monitored Host contains the name of the host associated with the blacked out object.


	IMPORTANT: This column is populated only in the rows containing topology objects.

•

Schedule contains the name of the schedule associated with the blackout.


	IMPORTANT: This column is populated only in the rows containing blackout instances.

•

Currently Blacked Out indicates whether a blackout is currently in effect: Yes or No.

•

Schedule State shows if the blackout schedule is in effect (Current), expired (Expired), or set to occur at a later time (Future).


	IMPORTANT: This column is populated only in the rows containing blackout instances.

View a list of blacked out agents

The View Blackouts by Agent dashboard lists all agents that have blackouts. Use this dashboard to quickly identify the agents for which blackouts are configured.

Figure 28. The View All Agents with Data Collection Suspended dashboard.

To access this dashboard, on the Blackouts page, click View Blackouts by Agent. For each topology object, the following columns are displayed.

•

Name contains the name of blacked out agent instance.

Expand a node in this column to see the names of the blackouts assigned to this agent. Click or hover over the blackout name to see additional information about the blackout.

•

Type contains the type of the blacked out agent instance.


	IMPORTANT: This column is populated only in the rows containing agent instances.

•

Host contains the name of the host the blacked out agent is monitoring.


	IMPORTANT: This column is populated only in the rows containing agent instances.

•

Schedule contains the name of the schedule associated with the blackout.


	IMPORTANT: This column is populated only in the rows containing blackout instances.

•

Currently Blacked Out indicates whether the blackout is currently in effect: Yes or No.

•

Schedule State shows if the blackout schedule is in effect (Current), expired (Expired), or set to occur at a later time (Future).


	IMPORTANT: This column is populated only in the rows containing blackout instances.

Getting started: create blackouts

There are two types of blackouts that can be assigned to agent or topology object instances:

•

One-time blackouts have specific start and end times, or a specific start time with no end time, which means that they can run indefinitely. These types of blackouts are useful for unscheduled maintenance periods.

•

Scheduled blackouts have specific start and end times, and a recurrence pattern by which they are applied. These types of blackouts are useful for scheduled maintenance periods.

To create one-time blackouts, click Create a One-Time Blackout on the Blackouts page. To create scheduled blackouts, click Create a Scheduled Blackout.

The resulting workflow is in wizard form. You can navigate between the steps in the wizard using the navigation buttons that appear in the bottom-right corner of the display area (Previous, Next, Finish, and Cancel), or use the bread crumb trail to return to the Blackouts page.

The type and range of steps that you complete in the wizard depend on the type of blackout you want to create. For example, to suspend data collection for a period of time, you can identify agent instances that you want to black out and specify the blackout period. To prevent alarms from being generated during specific periods of time, identify the objects that you want to black out, and associate the blackout with a specific schedule.

For more information about the workflows in the Create Blackout Wizard, see the following topics:

•

Create one-time agent blackouts

•

Create scheduled blackouts for alarms

•

Create scheduled blackouts for agents by selecting objects

Create one-time agent blackouts

Creating one-time agent blackouts suspends the agents’ data collection for a specific period of time. This can be done by selecting specific agent instances whose data collection you want to suspend and specifying the time range during which the blackout is in effect.[FDOC-378] One-time blackout periods are added to the list of Foglight schedules, and automatically deleted from there when the one-time blackouts with which they are associated expire.

To create a one-time blackout for agents:

On the navigation panel, under Dashboards, click Administration > Setup > Blackouts.

On the Blackouts page, click Create a One-Time Blackout.

Indicate that you want to black out agents. Select Suspend Data Collection, then click Next.


	IMPORTANT: Blacking out an agent instance stops the data collection for that instance.

Indicate that you want to choose agents by selecting specific agent instances. Ensure that Select the Agents Directly from a List is selected, then click Next.

Choose the agent instances whose data collection you want to stop.

In the Create Blackout Wizard, select one or more rows containing the agent entries, then click Next.


	IMPORTANT: Selecting an agent instance stops the data collection for that instance.


	TIP: To select all agent instances, use the check box at the top of the list.

Set the duration of the blackout period.

The one-time blackout schedule that you specify in this step is added to the list of schedules[FDOC-378], and remains there until the related blackout expires, after which the schedule is deleted from the list.

Specify the blackout’s start time.

In the Select the Start Time boxes, type the desired start date and time.

Choose the option for setting the blackout’s end time.

Specify the duration, end time, or for permanent blackouts, indicate that you do not want the blackout period to end.

For example, to end the blackout at a specific time, select Choose the End Time, then click Next.

Type the desired end time and click Next.

Optional — Specify a different name or a reason for the blackout.


	IMPORTANT: Specifying a reason for the blackout is not mandatory, but is strongly recommended.

For example:

•

Blackout Name: One-time blackout for infrastructure agents

•

Reason for Blackout: Daily maintenance

Click Finish.

The display area refreshes, showing the blackout summary.

Click Go to Manage Blackouts Page.

The Manage Blackouts dashboard appears in the display area. The newly-created blackout appears in the list.

Create scheduled blackouts for alarms

Creating scheduled topology blackouts suspends the alarms for specific periods of time. This is be done by selecting specific topology objects whose alarms you want to suspend.

To create a scheduled blackout for alarms:

On the navigation panel, under Dashboards, choose Administration > Setup > Blackouts.

Indicate that you want to create a scheduled blackout. On the Blackouts page, click Create a Scheduled Blackout.

Indicate that you want to black out alarms. Ensure that Suspend Alarms is selected, then click Next.


	IMPORTANT: Blacking out a topology object does not stop its data collection. It only prevents rules from analyzing that object, which means that no alarms are generated for the duration of the blackout.

Choose a category that best describes the object type that you want to black out.

•

Select one of the available types. The type and nature of types depends on the range of the object groups that exist in your environment. For example, to find object instances associated with a particular service, select Services.

•

Use an advanced search to look for specific objects by selecting Advanced Search (All Types).


	NOTE: Selecting this option displays all object types in the next step.

Click Next.

Choose one or more topology objects for which you want to suspend alarms.

•

Use the navigation tree to select one or more objects.


	IMPORTANT: By default, topology blackouts are applied to all child objects of the selected topology object. This setting can be controlled with the check box Include Child Objects: Black out alarms for the children of the selected objects as well, selected by default.

•

Search for specific objects using the advanced search.

For example, if you selected Services in Step 4, and you want to select the CPU for a specific host object, in the object tree, expand the Windows > Windows Hosts node, and from the entries that appear, select a desired host object.

Click Next.

The list shows the schedules that exist in your Foglight installation and their descriptions. This includes default schedules packaged with Foglight, any schedules that you create, and any one-time blackout periods that have not yet expired.

Select the schedule that you want to associate with the topology blackout.

Review the list of schedules.

If you do not find a schedule that meets your needs, you can create a new one.


	IMPORTANT: Choosing to create a schedule causes you to exit the wizard.

To create a new schedule, click New Schedule and follow the flow in the Simple New Schedule Wizard. When done, select the newly-created schedule. For more information, see Create a new schedule.

Select the schedule that you want to assign to the topology blackout and click Next.

Optional — Specify a different name or a reason for the blackout.


	IMPORTANT: Specifying a reason for the blackout is not mandatory, but is strongly recommended.

For example:

•

Blackout Name: Scheduled blackout for my Windows host

•

Reason for Blackout: Daily maintenance

Click Finish.

The display area refreshes, showing the blackout summary.

Click Go to Manage Blackouts Page.

The Manage Blackouts dashboard appears in the display area. The newly-created blackout appears in the list.

Create scheduled blackouts for agents by selecting objects

Creating scheduled agent blackouts suspends the agents’ data collection for specific periods of time. This can be done by selecting topology objects associated with these instances.

To create a scheduled blackout for agents by selecting objects:

On the navigation panel, under Dashboards, choose Administration > Setup > Blackouts.

Indicate that you want to create a scheduled blackout.

On the Blackouts page, click Create a Scheduled Blackout.

Indicate that you want to black out agents.

In the Create Blackout Wizard, select Suspend Data Collection, then click Next.


	IMPORTANT: Blacking out an agent instance stops the data collection for that instance.

Indicate that you want to choose agents by selecting topology objects.

In the Create Blackout Wizard, click Select Monitored Elements and Let Foglight Find Related Agents, then click Next.


	IMPORTANT: Selecting monitored objects instead of specific agent instances can result in the data collection being stopped for additional topology objects.

Choose the category that best describes the object type associated with the agents that you want to black out.

•

Use an advanced search to look for specific objects by selecting Advanced Search (All Types).


	NOTE: Selecting this option displays all object types in the next step.

Click Next.

Choose one or more topology objects associated with the agent instances whose data collection you want to suspend.


	IMPORTANT: Selecting topology objects causes Foglight to stop the data collection for all topology objects associated with the agents you want to black out, including the selected objects.

•

In the Create Blackout Wizard, use the navigation tree to select one or more objects.

•

Search for specific objects using the advanced search.

For example, if you selected Services in Step 4, and you want to select agent instances that are monitoring a particular Windows Host object, in the object tree, expand the Windows > Windows Hosts node, and from the entries that appear, select a desired host objects.

Click Next.

The list shows the agent instances associated with the newly-selected monitored elements.


	IMPORTANT: To remove an agent entry from the list, click a selected agent.

Ensure that the list of selected agents is correct, then click Next.

The display area refreshes, showing the next step in the wizard.

Choose from the list of blackout schedules.

Select the schedule that you want to associate with the agent blackout.

Review the list of schedules.

To create a new schedule, click New Schedule and follow the flow in the Simple New Schedule Wizard. When done, select the newly-created schedule. For more information, see Create a new schedule.

Select the schedule that you want to assign to the agent blackout and click Next.

Optional — Specify a different name or a reason for the blackout.


	IMPORTANT: Specifying a reason for the blackout is not mandatory, but is strongly recommended.

For example:

•

Blackout Name: Scheduled blackout for my Windows agents

•

Reason for Blackout: Daily maintenance

Click Finish.

The display area refreshes, showing the blackout summary.

Click Go to Manage Blackouts Page.

The Manage Blackouts dashboard appears in the display area. The newly-created blackout appears in the list.

Create a new schedule

Schedules are used in different parts of Foglight, such as in blackouts, reports, registry variables or derived metrics definitions. A schedule consists of schedule items. Schedule items have specific start and end times, and a recurrence pattern.

Foglight includes a number of pre-defined schedules that you can use. If you do not find a schedule that meets your needs in the collection of existing schedules, you can create a new one using the Simple New Schedule Wizard. When you create a new schedule this way, that schedule is added to the master schedule collection and is accessible by all components that make use of schedules. You can access this wizard from the workflows for creating or editing blackouts and reports.

Another way to create a new schedule is using the Create Schedule dashboard. For more information about this workflow, see Create schedules.

To create a new schedule:

From the workflow for creating or editing blackouts or reports, click Create New Schedule.

In the Simple New Schedule Wizard dialog box, in the Select a schedule pattern type area, select one of the available schedule patterns.

There are four types of schedules that you can create: Once, Periodical, Daily, Weekly, Monthly, and Yearly. For details about each type, see Edit schedule items.

For example, to create a schedule that occurs only once, select Once, and click Next.


	IMPORTANT: The appearance of the Simple New Schedule Wizard dialog box and the options that appear depend on the selected schedule pattern.

Follow the workflow to specify the start and end times, and any recurrence patterns, if applicable, then click Next.

The range of steps that you perform here depend on the selected recurrence pattern. For example, creating a schedule that occurs only once requires only a start and end date. For a schedule that occurs weekly, you need to specify the number of subsequent weeks in which the schedule occurs, the days of the week, and the effective daily duration, along with start and end dates.

When you finish specifying the schedule pattern, click Next.

Type the schedule name and description and click Finish.

A message box opens, indicating the schedule creation is in progress.

After a successful schedule creation, the message box closes, and the newly-created schedule appears in the workflow.

Edit agent blackouts

Editing agent blackouts is useful in situations when you need to quickly change one or more properties such as the blackout’s agents, or schedules associated with the blackout. For example, to suspend the data collection for more agents than originally defined in the blackout, simply open the agent blackout for editing, and select the additional agent instances.

To edit an existing agent blackout:

On the navigation panel, under Dashboards, choose Administration > Setup > Blackouts.

On the Blackouts page, click Manage Blackouts.

On the Manage Blackouts dashboard that appears in the display area, in the blackout table, locate the entry containing the agent blackout that you want to edit.


	TIP: The Type column indicates if a blackout is an agent blackout or topology blackout .

Click the Name column.

The Blackout Agent Details view appears in the display area.

To edit the name and reason for the blackout, in the Basic Details area, click Change.

The Edit Name and Reason dialog box opens.

To change the blackout name, in the Name box, type the new name.

Default blackout names assigned by Foglight are based on the agent name and schedule and are often truncated in the views. For example, if an agent name has 15 characters or more, it appears truncated. Updating the blackout name causes the entire name to appear on the Manage Blackouts dashboard and Blackout Agent Details view without being truncated, assuming that the name length does not exceed the field/column in the display area in which the blackout name appears. Defining a meaningful name can help you quickly locate the blackout on the Manage Blackouts dashboard. For example, using agent names is useful to easily identify the parts of Foglight that are affected by the blackout. You can use any combination of alphabetical, numeric, and special characters. There are no length restrictions for to the blackout name, but it is worth noting that any text strings whose length exceeds the space allotted to the updated blackout name in the display area can appear truncated.

To change the reason for the blackout, in the Reason box, type the new reason.

Click Apply.

The Edit Name and Reason dialog box closes and the Basic Details area refreshes, showing the updated details.

To associate the agent blackout with a different schedule, in the Schedule Information area, click Change.

The Change Schedule dialog box opens. It shows the list of all schedules that exist in your Foglight installation, including the schedules included with the server, and any schedules that you create. The schedule that is currently assigned to the agent blackout appears selected in the list. For more information about schedules, see Associate Metric Calculations with Schedules.

To assign an existing schedule to the agent blackout, select the schedule entry in the list.

To create a new schedule, click Create New Schedule and follow the flow in the Simple New Schedule Wizard. When done, select the newly-created schedule. For more information, see Create a new schedule.

In the Change Schedule dialog box, click Apply.

The Change Schedule dialog box closes and the Schedule Information area refreshes, showing the updated details.

To remove agents from the blackout, in the Blacked Out Agents area, click Remove.

The Select Items to Remove dialog box opens. It shows a list of the agents that are affected by the current blackout.

Select one or more agents that you want to remove and click Remove Selected.

The Select Items to Remove dialog box closes and the Blacked Out Agents area refreshes, no longer showing the newly-removed agent in the list.

To add more agents to the blackout, in the Blacked Out Agents area, click Add.

The Add Agents to Blackout dialog box opens. It shows a list of the agents that are affected by the current blackout.

Select the agents that you want to add. The flow for adding agents is the same as the flow for selecting agents when creating a new blackout. For detailed instructions, see Create one-time agent blackouts, starting with Step 4, or Create scheduled blackouts for agents by selecting objects, starting with Step 5. When you finish, the Add Agents to Blackout dialog box closes and the Blacked Out Agents area refreshes, showing the newly-added agents in the list.

To return to the Manage Blackouts dashboard, click Go to Manage Blackouts Page, or use the breadcrumb trail.

Edit topology blackouts

Editing topology blackouts is useful in situations when you need to quickly change one or more properties such as the blackout’s topology objects, or schedules associated with the blackout. For example, to suspend the data collection for more objects than originally defined in the blackout, simply open the topology blackout for editing, and select the additional object instances.

To edit an existing topology blackout:

On the navigation panel, under Dashboards, choose Administration > Setup > Blackouts.

On the Blackouts page, click Manage Blackouts.

On the Manage Blackouts dashboard that appears in the display area, in the blackout table, locate the entry containing the topology blackout that you want to edit.


	TIP: The Type column indicates if a blackout is an agent blackout or topology blackout .

Click the Name column.

The Blackout Object Details view.

To edit the blackout name and reason, in the Basic Details area, click Change.

To change the blackout name, in the Name box, type the new name.

Default blackout names assigned by Foglight are based the on object name and schedule and are often truncated in the views. For example, if an object name has 15 characters or more, it appears truncated. Updating the blackout name causes the entire name to appear on the Manage Blackouts dashboard and Blackout Object Details view without being truncated, assuming that the name length does not exceed the field/column in the display area in which the blackout name appears. Defining a meaningful name can help you quickly locate the blackout on the Manage Blackouts dashboard. For example, using object names is useful to easily identify the parts of Foglight that are affected by the blackout. You can use any combination of alphabetical, numeric, and special characters. There are no length restrictions for the blackout name, but it is worth noting that any text strings whose length exceeds the space allotted to the updated blackout name in the display area can appear truncated.

To change the reason for the blackout, in the Reason box, type the new reason.

Click Apply.

To associate the topology blackout with a different schedule, in the Schedule Information area, click Change.

The Change Schedule dialog box opens. It shows the list of all schedules that exist in your Foglight installation, including the schedules included with the server, and any schedules that you create. The schedule that is currently assigned to the topology blackout appears selected in the list. For more information about schedules, see Associate Metric Calculations with Schedules.

To assign an existing schedule to the topology blackout, select the schedule entry in the list.

In the Change Schedule dialog box, click Apply.

The Change Schedule dialog box closes and the Schedule Information area refreshes, showing the updated details.

To remove topology objects from the blackout, in the Blacked Out Topology Objects area, click Remove Items.

The Select Items to Remove dialog box shows a list of the topology objects that are affected by the current blackout.

Select one or more topology objects that you want to remove and click Remove Selected.

The Select Items to Remove dialog box closes and the Blacked Out Topology Objects area refreshes, no longer showing the newly-removed objects in the list.

To add more topology objects to the blackout, in the Blacked Out Topology Objects area, click Add.

The Add Items to Blackout dialog box opens. It shows a list of different object categories. The contents in the list depend on the complexity of your environment and the range of the installed cartridges.

Select the categories containing the objects that you want to add. The flow for adding topology objects is the same as the flow for selecting new objects when creating a new blackout. For detailed instructions, see Create scheduled blackouts for alarms, starting with Step 4. When you finish, the Add Items to Blackout dialog box closes and the Blacked Out Topology area refreshes, showing the newly-added items in the list.

To return to the Manage Blackouts dashboard, click Go to Manage Blackouts Page or use the breadcrumb trail.

Run the Blackouts Report

Some Foglight dashboards have reports associated with them. This allows you to run a report based on the current dashboard. You can generate the report using the Reports menu in the top-right corner.

The Blackouts dashboard is associated with the Blackouts Report. Run this report by choosing Blackout Report from the Reports menu, and specifying the input parameters in the report wizard.

Figure 29. The Bloackouts page with the Reports menu selected.

The report wizard provides more information about the Blackouts Report. For more information about reports in Foglight, see the Foglight User Help.

Manage Support Bundles

Create and download server support bundles

Server support bundles contain diagnostic data gathered from the Management Server. Support bundles can be created upon request by Quest Support to help you solve a problem in your environment.

The Manage Support Bundles dashboard allows you to create server support bundles, and to retrieve server and Foglight Agent Manager support bundles. To create Agent Manager support bundles, use the Agent Manager Support Bundle dashboard. For more information about this dashboard, see Create and download Agent Manager support bundles.

When you create a host support bundle, Foglight generates a ZIP file in the <foglight_home>/support/<user_name> directory on the machine hosting the Management Server. The support bundle file name uses the following syntax:

support_bundle_<Management Server host>_<user name>-<yyyy-mm-dd>-<hh-mm-ss>.zip

For example:

support_bundle_Host1_jsmith_2011-10-06_11-36-39.zip

To create a server support bundle:

On the navigation panel, under Dashboards, click Administration > Support > Support Bundles.

Click Create Management Server Support Bundle.

Optional — Describe the support bundle that you are about to create. If you create multiple bundles, a description can help you can identify the correct bundle at a later time. If there are a large number of Agent Managers, you can use the Search box.

In the Create Bundle dialog box, in the Description box, type the description of the support bundle.

The Create Bundle dialog box closes and the Create Bundle message box opens, indicating progress.

After a few moments, the Create Bundle message box closes, and the Support Bundle Generated message box opens.

In the Support Bundle Generated message box, click Download Bundle.

A dialog box opens.


	IMPORTANT: The appearance of the dialog box varies, depending on the type and version of your web browser.

Save the generated ZIP file to disk.

The newly-generated support bundle appears in the Support Bundle Inventory view.

To retrieve a server support bundle:

On the navigation panel, under Dashboards, choose Administration > Support > Support Bundle.

On the Support dashboard, in the Support Bundle Inventory view, locate the support bundle that you want to retrieve.

In the row containing the support bundle, click the Name column. A dialog box opens.


	IMPORTANT: The appearance of the dialog box varies, depending on the type and version of your web browser.

Save the file to disk.

Upload a Server support bundle

Server support bundles contain diagnostic data gathered from the Management Server. Support may ask you to upload these bundles to a Support server. Before uploading a Support bundle, your Quest Support contact will provide you with several registry variable values which will need to be set, including:

•

SupportBundle_Upload_Host

•

SupportBundle_Upload_Password

•

SupportBundle_Upload_Port

•

SupportBundle_Upload_Protocol

•

SupportBundle_Upload_Username

For information on how to create or edit registry variables, see View and edit registry variable settings .

To upload a support bundle:

On the navigation panel, under Dashboards, choose Administration > Support > Support Bundle.

On the Support dashboard, in the bundle inventory table, locate the support bundle that you want to retrieve.

In the row containing the support bundle, click the checkbox.

Click Upload to Support.

The Upload Support Bundles Confirmation dialog opens.

Click Upload.

The Upload Bundle progress dialog appears.

On the Upload Bundle progress dialog, click Close to close the dialog. The upload will continue. Click Cancel to cancel the upload.

When the upload is completed, a notification will appear in your browser.

Explore the server support bundle

Each server support bundle contains several files. The following list illustrates a file collection sample that may appear in a server support bundle. This list does not include the entire collection of files that are typically contained in a server support bundle. It is a partial listing that illustrates the directory structure and describes some of the common files that appear in the support bundle. To explore the contents of an Agent Manager Support Bundle, see Explore the Agent Manager support bundle .

Table 6. A partial list of files and directories contained in a support bundle.
AuditingLog_*.xml					A listing of recent changes to the FMS/registry/rules/cartridges/security/etc. It contains information about the before and after states of a configuration object, including rules, registry variables, agent properties, schedules, derived metrics, or thresholds, for changes that occur within the applicable default time range.
DiagnosticSnapshot_*.txt					A diagnostic snapshot consisting of service status, agent status, thread dump, and other indicators.
DirectoryListing_*.txt					A full file listing for all files in the server installation directory.
Foglight_<version>_InstallLog.log					Server installation log
InstalledCartridges_*.xml					A listing of all installed cartridges, and their versions.
MonitoringPolicies_*.xml					An export of the server’s monitoring policies.
support_bundle_foglight_*.xml					Brief description of this support bundle
config/
	agent-weight.config				Defines the “weight” of attached agents. Used to help determine the server load
	log.config				Configuration parameters for the server logging process.
	remote_monitor.config				Various configuration options for running the Management Server as a service
	remote_monitor.log.config				Various log configuration options for the Management Server.
	restart_monitor.config				Server restart configuration parameters (if running as a service).
	server.config				Server configuration parameters and their values
	server_restarter.log.config				Server logging parameters.
logs/
	ManagementServer_*.log				The three most recent server logs.
	PerfReport.pdf				A comprehensive performance report that contains detailed information about the monitoring environment, its configuration and overall health. In addition to the copy of this file in the support bundle, Foglight places another copy of this file to the logs directory, under <foglight_home>/logs. The report is also known as Management Server Performance Summary. It is primarily for use by Quest Support.
server/
	jboss/ OR tomcat/
		com/
			jacorb.properties		Server’s JacORB configuration parameters.
		deploy/
			nitro-dyn-ds.xml		Server’s data source definition.
			jbossweb-tomcat55.sar/
				context.xml	A JBoss application configuration file.
				server.xml	A JBoss application configuration file.


	NOTE: The “*” indicates a date/time stamp of the format “YYYY-MM-DD_HH-MM-SS”“.

Create and download Agent Manager support bundles

Agent Manager support bundles contain diagnostic data gathered from the monitored host. Support bundles can be created upon a request by Quest Support to help you solve a problem in your environment.

The Support dashboard allow you to create and download Agent Manager support bundles. To download previously created Agent Manager support bundles, use the Support dashboard. For more information about this dashboard, see Create and download server support bundles.

Alternatively, Agent Manager support bundles can be created using the support-bundle command. For syntax information, see the Command-Line Reference Guide.

When you create an Agent Manager bundle, Foglight generates a ZIP file in the <foglight_home>/support/<user_name> directory on the machine hosting the Management Server. The support bundle file name uses the following syntax:

support_bundle_FglAM_<Agent Manager host>_<Management Server host>_<user name>-<yyyy-mm-dd>-<hh-mm-ss>.zip

For example:

support_bundle_FglAM_Host1.example.com_Host2.example.com_jsmith_2011-10-06_11-36-39.zip

To create and retrieve an Agent Manager support bundle:

On the navigation panel, under Dashboards, choose Administration > Support > Support Bundle.

On the Support page, click Create Agent Manager Support Bundle.

After the process finishes, a dialog box opens. Do one of the following:

•

Click Download Bundle to immediately download the generated bundle.

•

Click Cancel to close the dialog box. You can download the support bundle later by clicking the download icon in the row corresponding to the bundle you want.

Save the file to a location on your computer.

Upload Agent Manager support bundles

Agent Manager support bundles contain diagnostic data gathered from the monitored host. Support may ask you to upload these bundles to a Support server. Before uploading a Support bundle, your Quest Support contact will provide you with several registry variable values which will need to be set, including:

•

SupportBundle_Upload_Host

•

SupportBundle_Upload_Password

•

SupportBundle_Upload_Port

•

SupportBundle_Upload_Protocol

•

SupportBundle_Upload_Username

For information on how to create or edit registry variables, see View and edit registry variable settings .

To upload a support bundle:

On the navigation panel, under Dashboards, choose Administration > Support > Support Bundle.

On the Support dashboard, in the bundle inventory table, locate the support bundle that you want to retrieve.

In the row containing the support bundle, click the checkbox.

Click Upload to Support.

The Upload Support Bundles Confirmation dialog opens.

Click Upload.

The Upload Bundle progress dialog appears.

On the Upload Bundle progress dialog, click Close to close the dialog. The upload will continue. Click Cancel to cancel the upload.

When the upload is completed, a notification will appear in your browser.

Explore the Agent Manager support bundle

Each Agent Manager support bundle contains several files. The following list illustrates a file collection sample that may appear in a host support bundle. This list does not include the entire collection of files. It is a partial listing that illustrates the directory structure and describes some of the common files that appear in the support bundle. To explore the contents of a Server Support Bundle, see Explore the server support bundle .

Table 7. The directory structure and common files in an Agent Manager support bundle.
agentstate/
	<cartridge_name>/
		<cartridge_version>/
			config/
				<agent_type>/
					<agent_type>AttributeDefs.xml	Attributes for the agent package
					<agent_type>ConfigDefs.xml	Property configuration definitions for the agent package
					<agent_type>LogDefs.xml	Log definitions for the agent package
					<agent_type>Manifest.xml	Manifest for the agent package
					<agent_type>ProcedureDefs.xml	Procedure definitions for the agent package
common/
	jvminfo.txt					Java VM information
	jvmthreaddump.txt					Java thread dump information
	mbean-info.txt					MBean information
glueconfig/
	fglam.config.xml					Foglight Agent Manager configuration information
	log.config					Log configuration
	process.config					Process configuration
	tools.config					Tools information
	client.config					Internal Agent Manager configuration
	baseline.jvmargs.config					VM configuration
logs/
	FglAM-<yyyy>-<mm>-<dd>T<hh>-<mm>-<ss>.log					Successful startup logs
	failed-startup-<yyyy>-<mm>-<dd>T<hh>-<mm>-<ss>.log					Failed startup logs
	<cartridge_name>/
		<cartridge_version>/
			<agent_type>/
					<agent_name>_<yyyy>-<mm>-<dd>_<hhmmss>_001.log	Agent log
system/
	<os>-system-info.txt					OS information

Foglight Configuration

Explore the Federation view

The Federation view contains information about the server federation. Federation is a Foglight feature that addresses the needs of customers who monitor large-scale environments that are naturally partitioned into logical units. Each of these partitions is traditionally served by one Foglight Management Server instance and its distributed clients/agents. Federation enables the use of one Management Server to operate, while using other Management Servers as the data source. The Federation Master Server manages the operation of those units, merging their data into a central model. Clicking an entry in this view drills down to the Foglight Server Topology view.

Figure 30. The Federation view section of the Management Server Configuration dashboard.

This view displays the following information:

•

Mode tells you whether the current Management Server installation is a Federated Child or a Federation Master in a federated system.

•

Standalone indicates that your monitoring environment is not federated.

•

Master indicates that the server is a Federation Server.

•

Children contains the number of children of the current Management Server installation in a federated system. If this setting shows zero ‘0’, combined with the Mode value of Child/Standalone, that is a good indicator that your monitoring environment is not federated.

Explore the High Availability view

The High Availability view indicates if Foglight is running in High Availability (HA) mode. Configuring Foglight in HA mode allows you to run multiple servers in a JBoss partition offering HA. For more information on starting Foglight in High Availability mode, see the High Availability Field Guide.

Figure 31. The High Availability view section of the Management Server Configuration dashboard.

This view displays the following information:

•

Status shows if Foglight is running in HA mode (

) or not (

•

Peers shows the number of servers in the cluster, not including the current server.

Explore the Server view

The Server view displays information related to the Foglight Management Server.

The view shows the following settings:

•

Version. The version number of the Management Server whose configuration items you are viewing.

•

Build. The build version of the Management Server whose configuration items you are viewing.

•

Foglight Home. The installation directory of the Management Server on the computer on which it is installed.

•

JBoss Server Directory. The installation directory of the JBoss application server that is running the Management Server, on the computer on which the Management Server is installed.

Explore the Federation Configuration view

This view contains information about federation settings. The federation settings are defined in the file <foglight_home>/config/federation.config. For more information about this file, see the Federation Field Guide.

Figure 32. The Federation Configuration view section of the Management Server Configuration dashboard.

The Federation view displays the following settings:

•

Connection URLs. The JNDI-provider URLs for federated servers. These URLs should use the JNDI JNP port (see Explore the Ports view ), as configured in <foglight_home>/config/server.config on the corresponding federated server. This setting is defined by the JndiURLs parameter in the file <foglight_home>/config/federation.config.

•

Max Alarm Update Delay (millis). The maximal delay in milliseconds that is allowed for the federation server to check all federated servers for alarm changes. This setting is defined by the MaxAlarmUpdateDelay parameter.

•

Max System Time Difference (millis). The maximal acceptable difference in system time between federated servers and the federation server, in milliseconds. This setting is defined by the MaxSystemTimeDifference parameter.

•

Topology Queries. A list of one or more topology queries that identify topology objects that are be merged with the federated topology model. This setting is defined by the TopologyQueries parameter.

•

Topology Refresh Period (millis). The number of milliseconds between major topology refresh operations. A major topology refresh operation involves re-fetching all relevant topology objects from all federated servers and merging them into the local topology model. This setting is defined by the TopologyRefreshPeriod parameter.

Explore the Database view

This view contains information about database settings. The database settings are defined in the file <foglight_home>/config/server.config. For more information about this file, see the Installation and Setup Guide set.

Figure 33. The Database view section of the Management Server Configuration dashboard.

The Database view displays the following settings:

•

Database Name. The name of the database. This setting is defined by the server.database.name parameter.

•

Embedded. Indicates if the Management Server is using an embedded or external database. Possible values are true or false.This setting is defined by the server.database.embededd parameter.

•

Hibernate Dialect. The name of the component that defines the database hibernate dialect.

•

Host. The name of the database host. This setting is defined by the server.database.host parameter.

•

Port. The port number used by the database. This setting is defined by the server.database.port parameter.

•

Secure Connection. Indicates if the Management Server is using a secure connection. Possible values are true or false. This setting is defined by the server.database.secureconn parameter.

•

Type. The type of the database. This setting is defined by the server.database.type parameter.

•

User. The database user name. This setting is defined by the server.database.user parameter.

Explore the JVM view

This view contains information about JVM settings.

The JVM view displays the following settings:

•

Name. The name of the Java Virtual Machine (JVM) of the computer in which the Management Server is running.

•

Version. The version number of the JVM.

•

Vendor. The name of the JVM vendor.

•

Architecture (bit). The bit architecture of the JVM.

•

Options: Add JVM settings to the server.config file by entering and saving them in this field.

For example, if you have a lot of data in your environment, you may see a "Out of Memory" problem when running the Management Server. You may decide to increase the JVM heap size by specifying the JVM options -Xms1280m -Xmx1280m. Restart the server and these settings will take effect.

The JVM settings that appear in this view are not the full set. By default, the Foglight launcher sets a number of additional JVM settings. To see all of the JVM parameters, look for them under VM Options in the log file for the current session, <foglight_home>/logs/ManagementServer_<date>_<time>_001.log, as shown in the code listing below that illustrates the default JVM settings.

VM Options:

-dsa

-da

-Djava.net.preferIPv4Stack=true

-Xrs

XX:+UseAltSigs

exit

-Dsun.java.command=org.jboss.Main

-Xms782m

-Xmx782m

-XX:MaxPermSize=195m

-Djava.endorsed.dirs=C:\Quest\Foglight\lib\endorsed

-Djava.awt.headless=true

-Dsun.rmi.dgc.client.gcInterval=86400000

-Dsun.rmi.dgc.server.gcInterval=86400000

-XX:+ForceTimeHighResolution

-XX:+UseConcMarkSweepGC

-XX:+CMSClassUnloadingEnabled

-Dsun.lang.ClassLoader.allowArraySyntax=true

-Djava.security.manager

-Djava.security.policy=C:\Quest\Foglight\config\

server.policy

Explore the OS view

The OS view contains information about the OS of the machine on which the Management Server is running.

Figure 34. The OS view section of the Management Server Configuration dashboard.

The view displays the following settings:

•

Type. The name and version of the operating system on which the Management Server is running.

•

Patch. The patch level of the operating system on which the Management Server is running.

Explore the WCF view

The WCF view contains information about the Web Component Framework (WCF) included with the Management Server.

Figure 35. The WCF view section of the Management Server Configuration dashboard.

The view displays the following settings:

•

Version. The version number of the Web Component Framework that is included with the Management Server.

•

Build. The build version of the Web Component Framework that is included with the Management Server.

Explore the Mail (Global Settings) view

This view shows the email settings that are used by Foglight to send messages to specified recipients. For example, you can configure Foglight to generate and send reports to a specified mail recipient, or email warning messages to Foglight administrators when certain thresholds are reached. For information on how to configure email actions in Foglight, see Configuring email notifications.


	IMPORTANT: In some situations you need to create or receive email alerts that contain a URL to the browser interface. To ensure the URL points to the computer on which the Management Server is running, ensure that the CATALYST_URL registry variable contains the correct computer name and port number.For example: http://MyHost.MyDomain.com:8080/For information on how to look up Foglight registry variables, see Working with Foglight Registry Variables.

Figure 36. The Mail (Global Settings) view section of the Management Server Configuration dashboard.

The Mail (Global Settings) view displays the following settings:

•

Connection Timeout. The default connection timeout for sending emails to specified email recipients. This setting is defined by the global value of the mail.connection.timeout Foglight registry variable.


	IMPORTANT: The mail.connection.timeout variable does not come with Foglight. To configure the global connection timeout, you need to create this variable and set it to a desired value.

•

From. The default email address used by Foglight from which emails are sent. This setting is defined by the global value of the mail.from Foglight registry variable.

•

SMTP Host. The default email host name used by Foglight from which emails are sent when required. This setting is defined by the global value of the mail.host Foglight registry variable.

•

SMTP Port. The default port number of the email server used by Foglight from which emails are sent when required. This setting is defined by the global value of the mail.port Foglight registry variable.

•

Recipient. The default email address used by Foglight to which emails are sent when required. This setting is defined by the global value of the mail.recipient Foglight registry variable.

•

Socket Timeout. The default socket timeout for sending emails to specified email recipients.


	IMPORTANT: The mail.socket.timeout variable does not come with Foglight. To configure the global socket timeout, you need to create this variable and set it to a desired value.

•

User. The default user name for logging into the email server that is used by Foglight to which emails are sent when required. This setting is defined by the global value of the mail.user Foglight registry variable.

•

Use STARTTLS. Indicates whether the STARTTLS protocol is enabled. Possible values are true or false. This setting is defined by the global value of the mail.smtp.starttls.enable Foglight registry variable.

•

Use SSL. Indicates whether you want to enable the SSL protocol and use encryption when sending emails from Foglight. Possible values are true or false. This setting is defined by the global value of the mail.use.ssl Foglight registry variable.

Explore the Ports view

This view lists the ports used by Foglight.

Figure 37. The Ports view section of the Management Server Configuration dashboard.

The Ports view displays the following ports:

•

•

•

•

•

HA Pooled Invoker Port

•

HA JNDI UDP Group Port

•

•

•

•

•

•

•

For complete information about the above ports, such as their default numbers or communication points involved, see Default port assignments.

Default port assignments

The following table shows the default port assignments for the ports listed in the Ports view along with a few other ports that are used for communication with the database or internal application ports. The port numbers can be specified at installation time, or after the installation using the configuration parameters in the file <foglight_home>/config/server.config. For more information, see the Installation and Setup Guide set.


	NOTE: In addition to the ports listed below, in some configurations, the Management Server may use additional ports, such as the ports used by JGroups which is the underpinning component of Foglight HA. JGroups is a toolkit for reliable multicast communication. In a default configuration, it dynamically allocates some UDP ports for the communication between cluster members. Network traffic from those ports does not go beyond the local subnet. Therefore, no special firewall configuration is needed.

Table 8. Default port assignments for Foglight.
Port		Server/Client Communication
Default Number	Name	Listens On	Used By	Firewall Impact?	Communication Direction
1098	JNDI RMI Port	N/A
NOTE: This port is not involved for server/client communication.
Description: Port for the Remote Method Invocation (RMI) naming service.
Configuration parameter: foglight.jndi.rmi.port
1099	JNDI JNP Port	N/A
This port is not involved for server/client communication.
Description: Port for the bootstrap JNP service.
Configuration parameter: foglight.jndi.jnp.port
1100	HA JNDI JNP Port	Management Server	Management Server	No	From HA Management Server Primary to HA Management Server Secondary and the other way around
NOTE: Foglight does not support a firewall between two server instances.
Description: Port for the bootstrap JNP service when Foglight is running in the High Availability (HA) mode. For more information about the HA mode, see the High Availability Field Guide.
Configuration parameter: foglight.ha.jndi.jnp.port
1101	HA JNDI RMI Port	Management Server	Management Server	No	From HA Management Server Primary to HA Management Server Secondary and the other way around
Description: Port for the Remote Method Invocation (RMI) naming service when Foglight is running in HA mode. It can be used to observe the network traffic between the Management Server and other computers on the same network. If it finds another JBoss server, it checks the partition name to see if the JBoss server is a primary or a secondary server. For more information about the HA mode, see the High Availability Field Guide.
Configuration parameter: foglight.ha.jndi.rmi.port
1102	HA JNDI UDP Group Port	Management Server	Management Server	No	From HA Management Server Primary to HA Management Server Secondary and the other way around
Description: Port for the UDP group when Foglight is running in the HA mode. For more information about the HA mode, see the Installation and Setup Guide set.
Configuration parameter: foglight.ha.jndi.udpgroup.port
3528	ORB (IIOP) Port	Management Server	Foglight Client	Yes	From Foglight Client to Management Server
Description: Corba ORB port used by the Foglight Client.
Configuration parameter: foglight.orb.port
3529	ORB (IIOP) SSL Port	Management Server	Foglight Client	Yes	From Foglight Client to Management Server
Description: Corba ORB SSL port used by the Foglight Client.
Configuration parameter: foglight.orb.ssl.port
4444	JRMP Invoker Port	N/A
NOTE: This port is not involved in server/client communication.
Description: Port for the RMI/JRMP invoker.
Configuration parameter: foglight.jrmp.invoker.port
4446	HA Pooled Invoker Port	Management Server	Management Server	No	From HA Management Server Primary to HA Management Server Secondary and the other way around
Description: Pooled invoker port when Foglight is running in the HA mode. For more information about the HA mode, see the High Availability Field Guide.
Configuration parameter: foglight.ha.pooled.invoker.port
4447	HA JRMP Invoker Port	Management Server	Management Server	No	From HA Management Server Primary to HA Management Server Secondary and the other way around
Description: Port for the RMI/JRMP invoker when Foglight is running in the HA mode. For more information about the HA mode, see the High Availability Field Guide.
Configuration parameter: foglight.ha.jrmp.invoker.port
8080	HTTP Port	Management Server	Browser interface and Agent Manager	Yes	From the browser interface to the Management Server and from the Agent Manager to the Management Server
Description: HTTP/1.1 connector used for HTTP connections.
Configuration parameter: foglight.http.port
8443	HTTPS SSL Port	Management Server	Browser interface and Agent Manager	Yes	From the browser interface to the Management Server and from the Agent Manager to the Management Server
Description: HTTP/1.1 connector used for HTTPS connections.
Configuration parameter: foglight.https.port
The Management Server uses the HTTP port for local access even if you are accessing the browser interface through an HTTPS connection. If that is the case, both ports are open: the HTTPS port for external requests coming from the browser interface and the HTTP port for local requests. For example, the reporting service accesses the Management Server through the HTTP port while external requests use HTTPS.
8448	QP5 Application Port	Management Server	Management Server	No	Local to Management Server
Description: Port for the SQL parser.
Configuration parameter: foglight.qp5app.port
41705	JavaEE Agent	Management Server	JavaEE Agent	Yes	From JavaEE Agent to Management Server
Description: Port used by the JavaEE Agent. For more information about the JavaEE Agent, see your Cartridge for Java EE Technologies documentation.
Configuration parameter: Unlike other configuration parameters that are described in this table, whose values can be viewed and edited in the server configuration file, <foglight_home>/config/server.config, this port can be set in the configuration file that ships with the JavaEE Agent. For more information about this file, see your Cartridge for Java EE Technologies documentation.
45566	Cluster Mcast Port	Management Server	Management Server	No	From HA Management Server Primary to HA Management Server Secondary and the other way around
Description: Cluster multi-cast port. It is used when Foglight is running in the HA mode. For more information about the HA mode, see the High Availability Field Guide.
Configuration parameter: foglight.cluster.mcast_port

Import a new language for PDF Reports

The Foglight Management Server supports to configure a new language for a PDF report. Once this language is imported, users can view the PDF report without installing this language as it has been embedded into the report by default.

To import a new language for PDF reports:

On the navigation panel, under Dashboards, click Administration > Setup > Management Server Configuration.

The Management Server Configuration dashboard appears in the display area, showing a list of views that are associated with the Management Server.

In the Report section, click the Edit button next to Import a new language for PDF.

The Import Language Font dialog box appears.

Each field contains specific information about the imported language that is used to view the PDF reports.

•

Font Name: Specifies the name of the imported language, for example, Garuda.

•

Character Start Range: Specifies the start range of Unicode characters. The value of this field must be integer, for example, 3584 (for Thai). Search for Unicode character ranges yourself and enter the corresponding start range in this field.

•

Character End Range: Specifies the end range of Unicode characters. The value of this field must be integer, for example, 3711 (for Thai). Search for Unicode character ranges yourself and enter the corresponding end range in this field.

•

Font Path: Specifies the file folder under which the language file (.ttl) locates. for example, C:\temp. This field is mandatory for the languages that are not installed on your operating system (OS). If you are going to import a language that has been installed on your OS, leave this field blank.

Run the Management Server Configuration Report

Some Foglight dashboards have reports associated with them. This allows you to run a report based on the current dashboard. You can generate the report using the Reports menu in the top-right corner.

The Management Server Configuration dashboard is associated with the Management Server Configuration Report. Run this report by selecting Management Server Configuration Report from the Reports menu, and specifying the input parameters in the report wizard.

Figure 38. The Management Server Configuration page with the Reports menu selected.

The report wizard provides more information about the Management Server Configuration Report and instructions on how to set the input values. For more information about reports in Foglight, see the Foglight User Help.

Please select your product:

To serve you better, please complete the Purpose of your Chat:

Recommended Solutions for Your Problem

Foglight 5.9.1 - Administration and Configuration Guide

Configure Directory Services

Blackout Configuration

Manage Support Bundles

Foglight Configuration