Go to SettingsMonitoring Templates to see the default set of monitoring templates, shown in the image to the right. All of the Default Templates are locked and their settings cannot be changed. To change monitoring settings, clone a template, and change the settings in the clone (see the next section for how).
There are three types of templates within ProactiveWatch, Base Templates (in blue) and Add-On Templates (in green) and Extension Templates. Only one Base Template may be assigned to a monitored device at a time. Base Templates are also tied to an Agent Type (Gateway Server, Server or Workstation). You cannot assign a Base Template to an Agent of a different type than the Template. So, if you create a new Server Template by cloning the default Server Template, you will only be able to assign the new template you made to servers that have the Server Agent installed upon them (and not to Workstations or Gateway Servers).
Base Templates are the only place where you can set up monitors that have thresholds like CPU %.
This is so you only ever have one of those kinds of thresholds to worry about per monitor, and never have to figure out which CPU % threshold (in which template) is causing the alarm (since there can be only one template with a CPU threshold assigned to any server or workstation).
Add-On Templates are not typed (they can be assigned to any monitored device), and you can assign as many Add-On Templates to a server, workstation, or network device as you like. Add-On Templates are designed to let you handle the variation among devices at your customer sites without having to proliferate Base Templates. So, if you have two different kinds of backup software installed at your customer sites, each of which writes different events to the Event Log, you can create two different Backup Add-On Templates by setting up the Event Log monitoring appropriately in each, and then assigning those Templates to the appropriate servers.
Monitors in Base Templates, Add-On Templates and Extensions
As mentioned above, there are three different types of Templates in ProactiveWatch, Base Templates, Add-On Templates, and Extensions. The different monitors that are available in the three types of templates are summarized in the table below:
Template Type Base Add-On Extension
Site Down Monitor Yes No No
Application Install/Removal Yes No No
System Profile Change Yes No No
URL Availability and Response Time Yes Yes Yes
Excessive ICA Connect Latency Yes Yes Yes
Windows Event Log Alerting Yes Yes Yes
Specific Service Down Yes Yes Yes
Specific Process Down Yes Yes Yes
MS Exchange Extension No No Yes
Symantec Anti-Virus Extension No No Yes
Symantec Backup Exec Extension No No Yes
Microsoft Update Extension No No Yes
In general the best practice is to have a small number of Base Templates that you can reuse widely across similar servers in your customer base. Then use Add-On Templates to handle variation between similar
Changing the Monitoring Settings in a Template
To edit the settings for an existing template, you double-click on it and go to the settings for that template. To create a new template, select the appropriate starting point (remember the type of the template much match the installed agent type), right click and select “Clone”. To edit the settings within a template take the following steps:
1. The set of monitors in a template that are enabled are in green, disabled monitors are in gray. To turn a monitor on, select it, right click, and choose “Enable”.
2. For most monitors the settings are in the columns to the right of the Alarm name. These cells are editable, and you can simply type in the values you would like for each monitor.
3. Some monitors have thresholds that are the numerical value in the monitor that must be exceeded in order for the monitor to alarm. The value is either a count (a number of handles), a percentage (X % of CPU), or a time value (a certain number of seconds or milliseconds). The Unit of the threshold is specified in the Unit Column.
4. Timeframe is the duration in seconds that a monitor must surpass the threshold in order to alarm.
5. Certain monitors required advanced configuration. These monitors have blue “Configure” links in the Advanced column. Click on the Configure Link to access the advanced configuration dialog for these monitors. Information on how to configure the advanced settings in the optional monitors is contained in the “Optional Monitors” section later in this manual.
Assigning Monitoring Templates to Workstations, Servers and Network Devices
ProactiveWatch provides for an easy spreadsheet like user interface to assign monitoring templates to workstations, servers, and network devices. You access this interface by going to SettingsMonitoring Templates and selecting the Assign tab. All you have to do to assign a template to a device is to double-click in the cell that intersects that device row and the template column.
You can copy and paste template assignments en-masse so you can quickly assign a set of templates to a set of devices. To do this, select a cell, right-click and select copy. You can then select N rows, select paste and past that selection to those rows. You can also copy and paste an entire row of selections if you have one server set up just right, and want to copy that assignment to N other rows.
As mentioned before in the section on Monitoring Templates, you can only have one Base Template assigned to each server, workstation or network device. Furthermore, Base Templates have a type that matches the agent type you installed. You cannot assign a Base Template of one type to an agent of a different type. Only the allowed choices are in white in the Base Templates section of the Assign dialog.
The Default Exclusions Template is automatically assigned to all devices, which gives you one easy place to manage all of the alarms that are not desirable. Please see more detail on this feature in the Manage Alarms section of this manual.
Notice the in the case below, the HP Insight Manager, Symantec BackupExec, and All Event Log Errors Add-On Templates are assigned to all of the servers. This shows how easy it is to configure
ProactiveWatch for the different scenarios you encounter at customer sites.
The gray columns you selected in the main grid view determine the gray columns you see in the Assign dialog. If you are running out of real estate in this dialog, then go to Manage Columns and make a View called Assign Templates. Put the minimum columns you need in this view, and then select it before you come to this dialog.
Override Monitor Template
There are two main uses for the use of Override Monitor Template. One is when you need to change a limited number of settings for just a single machine and the remaining monitoring settings in the standard template are fine. For instance, on a legacy/slower system you might want to increase just the CPU % threshold and would prefer not to create a new template.
Another use is for setting specific variables in templates like Exchange Enhanced or the new [Round-Trip]
Mail Monitor, without having to create a new template (which was a necessary step prior to this new feature).
To use the “Override” feature, select the system from the main grid, and choose
Edit->Properties (F2) to bring up the Properties dialog box as shown to the right. Select the
“Override” checkbox, and choose Edit to bring up the selected Monitoring Template settings, make and save your changes.
You may perform Overrides for Base Templates and Add-On Templates.
A system that has Overrides applied will be shown with a Red dot in Monitoring Templates, Assign Tab, as shown in the system to the right.
Default ProactiveWatch Monitoring Templates and Features
When you install an agent, one of three Base Monitoring Templates is automatically assigned to that agent depending upon what type of agent you install. If you install a Gateway on a computer, then a Gateway Server Agent is also installed upon that computer, and the associated Gateway Server Base Monitoring Template is assigned to that Gateway Agent. If you install a Server agent upon a computer, the Standard Server Base Template will be assigned to that agent. If you install a Workstation agent upon a computer the Standard Client Base Template will be assigned to that agent. The agents in the default templates contain a set of default monitors shown in the table below. No configuration or customization is required to activate these monitors.
Differences in Monitors between Agent Types
The differences in the default monitors that are provided in the three default monitoring templates is shown in the table below:
Computer Type Gateway Server Server Workstation
Agent Type Gateway Server Server Workstation
Default Template Gateway Server Standard Server Standard Client
Site Down Monitor Yes No No
Internet Down Monitor Yes No No
Server Down Monitor Yes Yes No
LAN Latency Monitor No Yes No
Auto-Started Service Down Yes Yes Yes
Event Log Collection Yes Yes Yes
Total CPU Usage Yes Yes Yes
CPU Usage by a Single Process Yes Yes Yes
Low Disk Capacity Yes Yes Yes
Excessive Disk Time (Activity) Yes Yes Yes
Low Virtual Memory Yes Yes Yes
Low Physical Memory Yes Yes Yes
Excessive Threads used by a Process Yes Yes Yes
Excessive Handles used by a Process Yes Yes Yes
Registry Change Yes Yes Yes
Application Install/Removal Yes Yes Yes
System Profile Change Yes Yes Yes
Reboot Yes Yes Yes
Application Crash Yes Yes Yes
The Gateway Server agent is the only agent that implements the Site Down and Internet Down Monitors.
Since you typically have one Gateway at each customer site, these monitors serve to tell you if that site is up, and if the Internet is accessible from that site. The Server Down and LAN Latency Monitors are not
implemented. If you have a workstation that should be up all of the time, and you want to monitor it with the Server Down alarm, put a Standard Server Agent on that Workstation.
How the Default Monitors Work in ProactiveWatch
1. Site Down Monitor – The PW back end constantly monitors each GW to make sure that the GW is communicating back to the PW back end on the required intervals. If the GW fails to check in within the required interval (by default 60 seconds), the PW back end will issue a site down alarm. The PW back end will generate an email to the main support account at the VAR, notifying the VAR of the outage. This notification does not rely upon any infrastructure at the customer or the VAR except the ability on the part of the VAR to receive an email.
2. Internet Down – the PW Gateway measures the response time from the GW of www.google.com, and www.yahoo.com every 60 seconds. If both of these web requests fail, the GW sends an Internet Down alarm to the back end, which generates an Alarm and a Notification as described above. Alarms and Notifications will also be generated if both sites are slow to respond.
3. Server Down Monitor – the PW Gateway maintains a continuous connection with each monitored server. If that connection is broken, the Gateway sends a Server Down alarm to the PW back end, which generates an alarm and a notification as described above.
4. LAN Latency Monitor – The GW continuously checks the latency over the LAN between itself and the monitored servers. If the performance of the LAN degrades, an alarm is generated.
5. CPU Usage Monitor – If total CPU usage is above 95%, or usage by any single process is above 50% for the default time period, an alarm is issued.
6. Memory Usage Monitor – If Physical Memory usage is above 90% or Virtual Memory Usage is above 70%
for the default time period, and alarm is issued.
7. Disk Time Monitor – If Disk Time (the percentage of the last second in which the disk controller is actively accessing the hard disk) is above 50% for the default time period, and alarm is issued.
8. Disk Capacity Monitor – If the free space on any disk drive falls below 5% an alarm is issued.
9. Thread and Handle Usage Monitor – If any single process uses more than the desired number of threads or handles, and alarm is issued.
10. Event Log Monitoring – All Event Log entries written to the Applications Log and the System Log are automatically collected. These can be browsed with the Event Log Viewer that is part of the PW 1.6 Explorer. Alerts for any combination of severities and logs can be turned on for any combination of servers or workstations with one mouse click.
11. Installed Programs Monitor – Any change to the set of installed programs (including Windows Hot Fixes
13. Windows Service Monitor – if any automatically started Windows Service goes down, and alarm is issued.
14. Reboot Monitor – If a server reboots and alarm is issued. Normal reboots can be easily masked out with the Marked As Normal features of the system.
15. System Profile Monitor – If the profile of a monitored server changes (for example, the IP address of a server changes), an alarm will be issued.
Default (Out-of-the-Box) Network Device Monitoring
Any server agent can monitor any network device that it can access via ICMP and SNMP. If the VAR provides the information to the right about a Network Device, then ProactiveWatch will automatically monitor that network device.
The default Network Device template is shown below with the default settings for network device monitoring. The monitors that are on by default are:
6. ICMP Ping Failure –
ping exceeds the threshold, and alarm will be issued.
8. If the response time on the ping exceeds a latency threshold, an alarm will be issued.
9. If the profile of the network device (for example the version of its installed software) changes, and alarm will be issued.
10. If utilization of any of the inbound or outbound interfaces exceeds the threshold, an alarm will be issued.
The Connected Network Device monitor is off by default since it will alarm whenever the set of devices connected to a switch or router changes. This can be a very valuable monitor in certain circumstances, but it will generate a large number of false alarms for routers and switches that support workstation and laptop computers.
Optional Monitors in ProactiveWatch
ProactiveWatch contains a wide variety of monitors that you can enable by simply selecting them in a monitoring template and turning them on. Some of these monitors require some customer specific configuration. The optional monitors are detailed below:
11. Web Site (URL) Response Time Monitor – This monitor tests the availability and response time of any selected web site. This can be a public web site, a corporate intranet, or a Citrix Web Interface Server. Any agent can run this monitor against any web server that is accessible from the computer that the agent is running on.
12. ICA Port Response Time Monitor – This monitor tests how long it takes a Citrix server to respond to connect request on the ICA port from the agent making the port request. Any agent can run this monitor against any Citrix server that is accessible from the computer that the agent is running on.
13. Port Monitor – This monitor allows the VAR to specify ports that must be present (80 and 443 on a web server), ports that are allowed to come and go (135 the RPC port), and then either ban a specific “black list” of ports or, as is shown in the example to the right, ban all ports that are not either required, or specifically allowed.
14. Client2Server Monitor – This monitor tests the latency over a TCP/IP socket between any two sets of monitored devices. The C2S monitor is an excellent choice to watch the latency between the servers that constitute the tiers of an applications system (for example from web servers to applications servers, to database servers). The Client2Server Monitor is configured in two different places – server(s) that respond to (listen for) latency checks and server(s) that create (initiate) latency checks.
To configure the listener, clone the Generic Exclusions Template and make an Add-On Template named C2S listener. Enable the C2S Listener in that template. Use Monitoring TemplatesAssign to assign the C2S Listener Add-On Template to the servers that will be responding to latency checks.
To configure the initiator, create another Add-On Template named C2S Initiator. Configure it to send latency checks to the servers that you have applied the Listener template to. Assign this template in Monitoring TemplatesAssign to the servers or workstations that you want to test the latency to the target servers. Note that the configured port (29100 by default) must be open between the two sets of servers for this monitor to work.
15. Individual Service Monitor – By default ProactiveWatch monitors all automatically started services and alarms if any of them go down. If you wish to monitor services that are not automatically started, you can do so by configuring the Specific Windows Service Down Monitor. Please enter the Display Name of the service in the dialog when configuring this monitor.
16. Process Down Monitor – ProactiveWatch can be configured to watch any specific process. This monitor is enabled by default in the Exchange Server template to watch store.exe. Just enable the Process Down Monitor in the Template (Base or Add-On) of your choice and then add the process name you would like to have monitored.
17. Total Handle and Total Thread Usage Monitors – These monitors watch the total number of threads and handles in use. Since the acceptable number is highly dependent upon the type of work that a server is doing, these monitors should be turned on within a monitoring template dedicated to a specific type of server.
18. Memory Usage by a Process – This monitor can watch the memory usage by individual processes, and should be using in conjunction with application specific monitoring.
19. Extensions – 1.6 includes Extensions that provide very detailed monitoring of Microsoft Exchange, MS Update, Symantec Anti-Virus, and Symantec Backup Exec. Other extensions will be added over time.
You can even add your own extensions. Extensions are documented in Chapter XVII.
Threshold Timeframe for Windows Service Monitoring.
This allows you to avoid “false alarms” for services that are automatically restarted by setting a timeframe (in seconds) the service must be down before ProactiveWatch will alarm on “service down.”
Set the threshold Timeframe for Automatically Started Services in the Base Template (below), or for Specific Windows Service in either an Add-On or Base template from the Configure panel.
Round-Trip Email Monitor
There is a new enhanced monitoring template, Mail Monitor, that allows you to perform round-trip email monitoring of your client’s hosted (or non-Exchange) email systems. (This version will not work if SSL is required.) Clone the Mail Monitor template, or assign it to a system and use the aforementioned
“Override” feature, in order to configure the variables for the system.
“Override” feature, in order to configure the variables for the system.