Translations of this page:

Osmius

Osmius Agent for IIS 6.0 microsoft_logo.jpg
Agent name: osm_ag_MSIISV60 Agent code: MSIISV60
Content: Osmius Agent for Internet Information Server User Manual
Date: 04/10/2009 Revision Date: / /

General Information

This agent can monitor various parameters of Internet Information Server using WMI technology. It has been tested in different environments. However, we recommend checking its functionality before implanting it in a production environment.

IIS 6.0 agent has been developed using functionalities and enhancements of Osmius framework and ACE libraries, so it is necessary to install the ACE libraries for the proper deployment and operation of IIS 6.0 Osmius agent. See chapter: installation.

MSIISV60 agent provides up to 17 basic events with configuration parameters to allow scaling of a very simple way, in addition 2 informative events provides details of the monitored system. Events have been selected by the Research and Development Osmius Team as the most interesting for this first development.

Events are based on WQL statements, so local and remote monitoring is possible.

HEYYY!!: As shown in official Microsoft doc http://msdn.microsoft.com/en-us/library/aa393720%28VS.85%29.aspx
The connection timeout can not be changed and can reach up to 120 seconds (2 minutes). This means that,
if there is no availability of the instance there may be some latency in the # appearance of
Osmius critical events in the web console and as standalone mode, due to it is a external Osmius limitation.

IIS 6.0 Instance

As a general rule each Osmius agent can monitor one instance type. If you are not familiar with these concepts check out the glossary. Each instance is individually defined in the configuration file (if you want further information go to agents and instances); depending on agent type is the instance type and depending on instance is the connection info.

CONNECTION_INFO

The connection information or connection_info is data that the agent needs to know to connect to the instance. (See more about the connection_info

For IIS 6.0 Osmius agent the connection_info prototype would be:

CONNECTION_INFO= -h HOST -d DOMAIN -u USER -p PASSWORD

Replace the following:

  • HOST: IP address or host name where IIS 6.0 server is. Optional. About firewall settings
  • DOMAIN: Domain or WorkGroup name. Mandatory if HOST has been declared.
  • USER: Username with WMI permissions. Mandatory if HOST has been declared. About user permissions settings
  • PASSWORD: password for user specified above. Mandatory if HOST has been declared.

For local monitoring (monitoring the system where the agent is installed) connection_info must be empty, because we don't need connect anywhere.

Examples:

CONNECTION_INFO= -h 192.168.1.1 -d WORKGROUP -u admin -p pass
CONNECTION_INFO=

TYPE

The type defines the instance type to be monitored. Every declared instance must be associated with a type as you can see here

For IIS 6.0:

TYPE= MSIISV60

Event summary table for IIS 6.0

Here's briefly the capabilities of this agent, further down on this page each event is described in more detail.

EVENT DESCRIPTION c w a tseconds Extra parameters / Remarks
ISUPTIME Uptime in seconds 1 600 300 60 No
ISCURCON Current connections 0 50 100 60 Interesant parameter for capacity plannings
ISANONYM Current anonymous users 0 50 100 300 Silent mode ( -s) recommmended
ISRECBYS Received bytes per second 0 512 1024 300 Interesant parameter for capacity plannings
ISSNTBYS Sent bytes per second 0 512 1024 300 Interesant parameter for capacity plannings
ISCGIREQ CGI requests per second 0 25 100 300 Silent mode ( -s) recommmended
ISDELREQ DELETE requests per second 0 5 10 300 Silent mode ( -s) recommmended
ISGETREQ GET requests per second 0 75 100 300 Silent mode ( -s) recommmended
ISHEAREQ HEAD requests per second 0 75 100 300 Silent mode ( -s) recommmended
ISAPIREQ ISAPI Extension requests per second 0 2 5 300 Silent mode ( -s) recommmended
ISLCKREQ LOCK requests per second 0 2 5 300 Silent mode ( -s) recommmended
ISLOGONS Logon attempts per second 0 10 25 300 Silent mode ( -s) recommmended
ISNONANO Non anonymous users connected per second 0 100 200 300 Silent mode ( -s) recommmended
ISPUTREQ PUT requests per second 0 25 100 300 Silent mode ( -s) recommmended
ISSCHREQ SEARCH requests per second 0 2 5 300 Silent mode ( -s) recommmended
IS404ERR NOT FOUND errors per second 0 2 5 300 Silent mode ( -s) recommmended
ISPSTREQ POST requests per second 0 10 25 300 Silent mode ( -s) recommmended

Information Events

Info events retieve general data about instance, usually this data doesn't change over time. This kind of events have no severity, simply provides instance details.

EVENT DESCRIPTION tseconds Observations
ISINFHST Host name) 43200 (12 hours) Unique name of a device connected to a network
ISINFVER IIS version 43200 (12 hours) IIS version data

IIS 6.0 agent events

ISUPTIME

ISUPTIME event returns uptime measured in seconds.

Return values:

VALUE MEANING
-1 Error
X Uptime seconds

Recommended parameters:

Comparison type Inverse. The lower value the higher severity (-c 1)
Monitoring interval 60 seconds – 1 hour –> depends on instance importance
Warning threshold 600
Alert threshold 300

Parameter setting example

ISUPTIME = -t 60 -c 1 -w 600 -a 300 -T "Uptime seconds"

Comment:

ISCURCON

ISCURCON event returns number of current connections to IIS.

Return values:

VALUE MEANING
-1 Error
X Current connections

Recommended parameters:

Comparison type Direct. The higher value the higher severity (-c 0)
Monitoring interval 60 seconds – 1 hour –> depends on instance importance
Warning threshold X - Consult with your IIS 6.0 administrator
Alert threshold Y - Consult with your IIS 6.0 administrator

Parameter setting example

ISCURCON = -t 60 -c 0 -w 50 -a 100 -T "Current connections"

Comment: This event is very useful for capacity plannings.

ISANONYM

ISANONYM event returns number of current anonymous users connected.

Return values:

VALUE MEANING
-1 Error
X Anonymous users

Recommended parameters:

Comparison type Direct. The higher value the higher severity (-c 0)
Monitoring interval 60 seconds – 1 hour –> depends on instance importance
Warning threshold Consult with your IIS 6.0 administrator
Alert threshold Consult with your IIS 6.0 administrator

Parameter setting example

ISANONYM = -t 300 -c 0 -w 50 -a 70 -T "Current anonymous users"

Comment:

ISRECBYS

ISRECBYS event returns average received bytes per second.

Return values:

VALUE MEANING
-1 Error
X (received bytes)/second

Recommended parameters:

Comparison type Direct. The higher value the higher severity (-c 0)
Monitoring interval 60 seconds – 1 hour –> depends on instance importance
Warning threshold Consult with your IIS 6.0 administrator
Alert threshold Consult with your IIS 6.0 administrator

Parameter setting example

ISRECBYS = -t 300 -c 0 -w 512 -a 1024 -T "received bytes per second"

Comment: This event is very useful for capacity plannings.

ISSNTBYS

ISSNTBYS event returns average sent bytes per second.

Return values:

VALUE MEANING
-1 Error
X (sent bytes)/second

Recommended parameters:

Comparison type Direct. The higher value the higher severity (-c 0)
Monitoring interval 60 seconds – 1 hour –> depends on instance importance
Warning threshold Consult with your IIS 6.0 administrator
Umbral de alarma Consult with your IIS 6.0 administrator

Parameter setting example

ISSNTBYS = -t 300 -c 0 -w 512 -a 1024 -T "sent bytes per second"

Comment: This event is very useful for capacity plannings.

ISCGIREQ

ISCGIREQ event returns average CGI requests per second to IIS.

Return values:

VALUE MEANING
-1 Error
X (CGI requests)/second

Recommended parameters:

Comparison type Direct. The higher value the higher severity (-c 0)
Monitoring interval 60 seconds – 1 hour –> depends on instance importance
Warning threshold Consult with your IIS 6.0 administrator
Alert threshold Consult with your IIS 6.0 administrator

Parameter setting example

ISCGIREQ = -t 300 -c 0 -w 50 -a 100 -T "CGI requests per second"

Comment:

ISDELREQ

ISDELREQ event returns average DELETE requests per second to IIS

Return values:

VALUE MEANING
-1 Error
X (DEL requests)/second

Recommended parameters:

Comparison type Direct. The higher value the higher severity (-c 0)
Monitoring interval 60 seconds – 1 hour –> depends on instance importance
Warning threshold Consult with your IIS 6.0 administrator
Umbral de alarma Consult with your IIS 6.0 administrator

Parameter setting example

ISDELREQ = -t 300 -c 0 -w 10 -a 20 -T "DELETE requests per second"

Comment:

ISGETREQ

ISGETREQ event returns GET requests per second to IIS.

Return values:

VALUE MEANING
-1 Error
X (GET requests)/second

Recommended parameters:

Comparison type Direct. The higher value the higher severity (-c 0)
Monitoring interval 60 seconds – 1 hour –> depends on instance importance
Warning threshold Consult with your IIS 6.0 administrator
Alert threshold Consult with your IIS 6.0 administrator

Parameter setting example

ISGETREQ = -t 300 -c 0 -w 500 -a 1000 -T "GET requests per second"

Comment:

ISHEAREQ

ISHEAREQ event returns HEAD requests per second to IIS.

Return values:

VALUE MEANING
-1 Error
X (HEAD requests)/second

Recommended parameters:

Comparison type Direct. The higher value the higher severity (-c 0)
Monitoring interval 60 seconds – 1 hour –> depends on instance importance
Warning threshold Consult with your IIS 6.0 administrator
Alert threshold Consult with your IIS 6.0 administrator

Parameter setting example

ISHEAREQ = -t 300 -c 0 -w 500 -a 1000 -T "HEAD requests per second"

Comment:

ISAPIREQ

ISAPIREQ event returns number of ISAPI Extension requests per second.

Return values:

VALUE MEANING
-1 Error
X (ISAPI Extension requests)/second

Recommended parameters:

Comparison type Direct. The higher value the higher severity (-c 0)
Monitoring interval 60 seconds – 1 hour –> depends on instance importance
Warning threshold Consult with your IIS 6.0 administrator
Alert threshold Consult with your IIS 6.0 administrator

Parameter setting example

ISAPIREQ = -t 300 -c 0 -w 10 -a 25 -T "ISAPI Extension requests per second"

Comment:

ISLCKREQ

ISLCKREQ event returns number of LOCK requets per second.

Return values:

VALUE MEANING
-1 Error
X (LOCK requests)/second

Recommended parameters:

Comparison type Direct. The higher value the higher severity (-c 0)
Monitoring interval 60 seconds – 1 hour –> depends on instance importance
Warning threshold Consult with your IIS 6.0 administrator
Alert threshold Consult with your IIS 6.0 administrator

Parameter setting example

ISLCKREQ = -t 300 -c 0 -w 1 -a 5 -T "Lock Requests per second"

Comment:

ISLOGONS

ISLOGONS event returns number of LOGON attemptsper second against IIS.

Return values:

VALUE MEANING
-1 Error
X (LOGON attempts)/second

Recommended parameters:

Comparison type Direct. The higher value the higher severity (-c 0)
Monitoring interval 60 seconds – 1 hour –> depends on instance importance
Warning threshold Consult with your IIS 6.0 administrator
Alert threshold Consult with your IIS 6.0 administrator

Parameter setting example

ISLOGONS = -t 300 -c 0 -w 3 -a 10 -T "Logon attempts per second"

Comment:

ISNONANO

ISNONANO events returns number of non anonymous users connected per second.

Return values:

VALUE MEANING
-1 Error
X (Non anonymous users)/second

Recommended parameters:

Comparison type Direct. The higher value the higher severity (-c 0)
Monitoring interval 60 seconds – 1 hour –> depends on instance importance
Warning threshold Consult with your IIS 6.0 administrator
Alert threshold Consult with your IIS 6.0 administrator

Parameter setting example

ISNONANO = -t 300 -c 0 -w 50 -a 100 -T "Non anonymous users per second"

Comment:

ISPUTREQ

ISPUTREQ event returns number of PUT requests per second to IIS.

Return values:

VALUE MEANING
-1 Error
X (PUT requets)/second

Recommended parameters:

Comparison type Direct. The higher value the higher severity (-c 0)
Monitoring interval 60 seconds – 1 hour –> depends on instance importance
Warning threshold Consult with your IIS 6.0 administrator
Alert threshold Consult with your IIS 6.0 administrator

Parameter setting example

ISPUTREQ = -t 300 -c 0 -w 5 -a 15 -T "PUT requests per second"

Comment:

ISSCHREQ

ISSCHREQ event returns number of SEARCH requests per second to IIS.

Return values:

VALUE MEANING
-1 Error
X (SEARCH requests)/second

Recommended parameters:

Comparison type Direct. The higher value the higher severity (-c 0)
Monitoring interval 60 seconds – 1 hour –> depends on instance importance
Warning threshold Consult with your IIS 6.0 administrator
Alert threshold Consult with your IIS 6.0 administrator

Parameter setting example

ISSCHREQ = -t 300 -c 0 -w 1 -a 3 -T "SEARCH requests per second"

Comment:

IS404ERR

IS404ERR returns number of “Not found” (404) errors per second in IIS.

Return values:

VALUE MEANING
-1 Error
X (404 error)/second

Recommended parameters:

Comparison type Direct. The higher value the higher severity (-c 0)
Monitoring interval 60 seconds – 1 hour –> depends on instance importance
Warning threshold 1 - Consult with your IIS 6.0 administrator
Alert threshold 3 - Consult with your IIS 6.0 administrator

Parameter setting example

IS404ERR = -t 300 -c 0 -w 1 -a 3 -T "404 error per second"

Comment:

ISPSTREQ

ISPSTREQ event returns number of POST requests per second to IIS.

Return values:

VALUE MEANING
-1 Error
X (POST requests)/second

Recommended parameters:

Comparison type Direct. The higher value the higher severity (-c 0)
Monitoring interval 60 seconds – 1 hour –> depends on instance importance
Warning threshold Consult with your IIS 6.0 administrator
Alert threshold Consult with your IIS 6.0 administrator

Parameter setting example

ISPSTREQ = -t 300 -c 0 -w 20 -a 30 -T "POST requests per second"

Comment:

IIS 6.0 agent prerequisites

In order to compile, this agent requires a set of prerequisites, which are generic to compile any Osmius agent, you can see these prerequisites.

Verify that your system supports WMI.

IIS 6.0 agent makefiles and compilation

  • Make Project Creator (MPC) is used by Osmius, so creating Makefiles is a trivial task. If you want to learn more about MPC and Osmius check out the section of Makefiles on Osmius.
  • In the particular case of IIS 6.0 Osmius agent and Visual C 8 you can easily generate Makefile as follows:

From the agent directory using console or terminal.

%ACE_ROOT%\bin\mpc.pl -type vc8 osm_ag_iis6.mpc
  • Now that you created the Makefile, agent compiling is extremely simple.
Double click on Osm_Ag_Iis6_Osmius.vcproj and the project will be opened with Visual C.
Select the Rebuild option to compile.

Binaries are automatically installed in the bin directory of OSM_ROOT base directory.

Run IIS 6.0 agent

IIS 6.0 agent have the same running features of the other Osmius agents. You can check it out int he section Start and Stop Agents.

To run IIS 6.0 agent without Osmius web console:

osm_ag_MSIISV60.exe -c osm_ag_MSIISV60.ini -m MASTERAG -p 1950 -d » [>> osm_ag_iis6.log]1)

Running in standalone mode

IIS 6.0 Osmius agent, like the others Osmius agents, allows the execution in standalone mode. This option may be particularly useful when developing a new agent or to perform specific agent tests.

Basically you have to add a new value, called SNDCMD, to IIS 6.0 Osmius agent configuration file (osm_ag_MSIISV60.ini) as shown here.

Then you must run the IIS 6.0 Osmius agent setting Master Agent communications port to zero, for example:

osm_ag_MSIISV60.exe -c osm_ag_MSIISV60.ini -m 00000000 -p 0 -d

Tests list

Performed test for IIS 6.0 Osmius agent.

Date: / /
Test Results Comment
Creating an instance with all its events in silent mode - -
Creating an instance with all its events with custom text - -
Creating an instance with all its events but no custom text - -
Declaration of 3 instances with all its events to 5 seconds and keep it
running for 48 hours
- -
Declare 2 instances, cause a disconnect and then reconnect - -
Declare 1 instance and test each event - -
Elimination of general parameter and check unbootable - -
Elimination of instance CONN_INFO and check unbootable - -

APPENDIX

User permissions settings

To set up an user to access WMI without adding the user to an Administrative group, follow the next steps.

  1. Click Start, click Run, type wmimgmt.msc in the Open box, and then click OK.
  2. Right-click WMI Control, and then click Properties.
  3. Click the Security tab.
  4. Expand the Root folder, select the CIMV2 folder, and then click Security.
  5. Click Add. Type the user name you wish to use in the Enter the object names to select box, click Check Names to verify your entry or entries, and then click OK.
  6. In the Permissions for User list, click the Allow check box next to the following permissions:
    1. Execute Methods
    2. Enable Account
    3. Remote Enable
    4. Read Security
  7. Click Advanced. In the Permission entries list, select the user you added in step 5, and then click Edit.
  8. In the Apply onto box, click This namespace and subnamespaces.
  9. Click OK three times.
  10. Quit the WMI Control snap-in.
  11. Click Start, click Run, type dcomcnfg.exe in the Open box, and then click OK.
  12. Select Component Services and then expand it. Then expand Computers. Right-click My Computer and select Properties.
  13. Select the COM Security tab.
  14. In the Access Permissions section, click Edit Limits….
  15. Click Add. Type the user name you wish to use in the Enter the object names to select box, click Check Names to verify your entry or entries, and then click OK.
  16. In the Permissions for User list, click the Allow check box next to the following permissions:
    1. Local Access
    2. Remote Access
    3. Click OK.
  17. In the Launch and Activation Permissions section, click Edit Limits….
  18. Click Add. Type the user name you wish to use in the Enter the object names to select box, click Check Names to verify your entry or entries, and then click OK.
  19. In the Permissions for User list, click the Allow check box next to the following permissions:
    1. Local Launch
    2. Remote Launch
    3. Local Activation
    4. Remote Activation
    5. Click OK twice.
  20. Expand My Computer and expand DCOM Config.
  21. Right-click Windows Management and Instrumentation and click Properties.
  22. Click the Security tab.
  23. In the Access Permissions section, click Edit….
  24. Click Add. Type the user name you wish to use in the Enter the object names to select box, click Check Names to verify your entry or entries, and then click OK.
  25. In the Permissions for User list, click the Allow check box next to the following permissions:
    1. Local Access
    2. Remote Access
    3. Click OK twice.
  26. Quit the Component Services snap-in.
  27. Restart the target computer.

Firewall settings

To enable or disable WMI traffic using Windows firewall user interface

  1. Control Panel - Security - Windows Firewall.
  2. Click Change Settings and then click the Exceptions tab.
  3. In the Exceptions window, select the check box for Windows Management Instrumentation (WMI) to enable WMI traffic through the firewall.


You can do it at the command prompt.

  1. To enable WMI traffic through the Windows firewall.
    • netsh advfirewall firewall set rule group=“windows management instrumentation (wmi)” new enable=yes
  2. To disable WMI traffic through the Windows firewall.
    • netsh advfirewall firewall set rule group=“windows management instrumentation (wmi)” new enable=no


If you have another firewall other than Windows, is good to know that DCOM communications (used by WMI) are usually made using port 135.

1) Optional, to store agent messages in a file
 
en/agentes/msiisv60.txt · Last modified: 2012/12/05 19:14 by osmius
 
Recent changes RSS feed Creative Commons License Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki