Translations of this page:

Osmius

Osmius agent for Windows windows_logo.jpg
Agent name: osm_ag_WINDOWS1 Agent code: WINDOWS1
Subject: User manual: Windows Osmius agent
Date: 02/12/2008 Revision date: 02/02/2009

General Information

This agent can monitor several parameters of Windows Systems and has been tested on servers running Windows XP Service Pack 2 and on Windows 2003 servers. However, we recommend checking its functionality before using it in production environments.

The Windows Osmius agent has been developed using functionalities and enhancements of Osmius framewrk and ACE libraries, so it is necessary to install the ACE libraries for the proper deployment and operation of this Windows Osmius agent. See chapter: installation.

The WINDOWS1 agent provides up to 13 basic events with configuration parameters to allow scaling of a very simple way. Events have been selected by the Research and Development Osmius Team along with Microsoft experts as the most interesting for this systems.

All of this agent events are local ones, so the agent must be running in the same server you want to monitor. This agent uses solaris system calls as well as OS commands.

Windows Instance

As a general rule each Osmius agent can monitor one instance type. If you are not familiar with these concepts check out the glossary. Each instance is individually defined in the configuration file (if you want further information go to agents and instances); depending on agent type is the instance type and depending on instance is the connection info.

CONNECTION_INFO

The connection information or connection_info is data that the agent needs to know to connect to the instance. (See more about the connection_info)

In the specific case of this Windows agent the connection_info will be empty, and that's because we don't need to connect nowhere as we are already into the instance we want to monitor.

CONNECTION_INFO= 

TYPE

The type defines the instance type to be monitored. Every declared instance must be associated with a type as you can see here

For Windows instances:

TYPE= WINDOWS1

Event summary table for Windows

EVENT DESCRIPTION c w a tseconds Extra parameters / Remarks
WINUPTIM Seconds since last reboot 1 600 300 600 Silent mode ( -s) recommmended
WINPRMEM Used Memory % 0 60 75 300 Interesting parameter to capacity plannings
WINPRCPU CPU Load % 0 85 95 300 Interesting parameter to capacity plannings
WINUMPRC Number of Processes 0 Administrator Administrator 600 Silent mode ( -s) recommmended
WINUMCPU Detected CPUs 1 1 1 604800 Silent mode ( -s) recommmended
WINRETUP Uptime en seconds (compatible with Windows2000 or earlier releases) 1 600 300 600 Silent mode ( -s) recommmended
WINIP4IN Number of active IP4 interfaces 1 Administrator Administrator 600 Silent mode ( -s) recommmended
WINIP6IN Number of active IP6 interfaces 1 Administrator Administrator 600 Silent mode ( -s) recommmended
WINPRCDW Checks if the processes in the list are all running 0 1 1 600 Silent mode ( -s) recommmended
-L lista_de_procesos
WINSVCDW Checks if the Services in the list are all running 0 1 1 600 Silent mode ( -s) recommmended
-L service_list
WINPRCFS Checks free space from the list of drives 0 80 90 600 Silent mode ( -s) recommmended
-H drives_list
WINLOG01 Searches a string into files 0 1 1 600 Silent mode ( -s) recommmended
You can define from WINLOG00 hasta WINLOG99 (100 eventos)
-L log_file.txt -S string
WINELOG1 Searches a string into Windows Event Log0 1 1 600 Silent mode ( -s) recommmended
You can define from WINELOG0 to WINELOG9 (10 events)
-L “LogFileName” -N “SourceName” -E errorType

Windows Events

WINUPTIM

El evento WINUPTIM devolverá el tiempo medido en seconds desde el último reinicio del sistema Windows.

Return values:

VALUE MEANING
-1 Error
X Number of seconds

Recommended parameters:

Comparison type Inverse. The higher the value the lower the severity (-c 1)
Monitoring interval 300 seconds – 1 hour –> depends on instance importance
Warning threshold Contact your windows administrator
Alert threshold Contact your windows administrator

Parameter setting example:

WINUPTIM = -t 300 -c 1 -w 240 -a 60 -T "Windows uptime"

Remarks: The text associated with this event returns the uptime in an human readable format like [X] days [Y] hours [Z] minutes.

WINPRMEM

WINPRMEM returns the percentage of used memory consumed by all the processes into the system.

Return values:

VALUE MEANING
-1 Error
0 - 100 Used memory %

Recommended parameters:

Comparison type Direct. The higher value the higher severity (-c 0)
Monitoring interval 60 seconds – 1 hour –> depends on instance importance
Warning threshold Depends on system's load
Alert threshold Depends on system's load

Parameter setting example:

WINPRMEM = -t 300 -c 0 -w 60 -a 75 -T "Used memory %"

Remarks: This event uses Windows system libraries and system calls to retrieve information and statictics about server's memory.

WINPRCPU

WINPRCPU returns the CPU load percentage used by all the processes in the system.

Return values:

VALUE MEANING
-1 Error
0 - 100 CPU Load %

Recommended parameters:

Comparison type Direct. The higher value the higher severity (-c 0)
Monitoring interval 60 seconds – 1 hour –> depends on instance importance
Warning threshold 90 - Depends on system's load
Alert threshold 95 - Depends on system's load

Parameter setting example:

WINPRCPU = -t 300 -c 0 -w 85 -a 95 -T "CPU Load %"

Remarks: this event uses the windows system kernel32.dll library to the desired CPU information.

WINUMPRC

WINUMPRC returns the total number of processes into the system.

Return values:

VALUE MEANING
-1 Error
X Number of processes

Recommended parameters:

Comparison type Direct. The higher value the higher severity (-c 0)
Monitoring interval 60 seconds – 1 hour –> depends on instance importance
Warning threshold Contact your administrator
Alert threshold Contact your administrator

Parameter setting example:

WINUMPRC = -t 300 -c 0 -w 3000 -a 5000 -T "Total number of processes"

Remarks: This events uses Windows native function calls.

WINUMCPU

WINUMCPU returns the number of CPUs installed into the system. This can be usefull to check CPU failures.

Return values:

VALUE MEANING
-1 Error
X Number of detected CPUs

Recommended parameters:

Comparison type Inverse. The lower value the higher severity (-c 1)
Monitoring interval 1 week – 1 month or never –> depends on instance importance
Warning threshold Contact your Windows administrator
Alert threshold Contact your Windows administrator

Parameter setting example:

WINUMCPU = -t 604800 -c 1 -w 23 -a 12 -T "Num. CPUS"

Remarks: This event uses the Windows system SYSTEM_INFO to obtain the desired information.

WINRETUP

WINRETUP return the number of seconds since last windows reboot.

Advice: This event has been developed to get the Uptime in Windows 2000 and earlier releases of Windows because the WINUPTIME event uses a script that works only on Windows XP and newer releases.
You can use this event in any Windows OS, but be aware that because interal function limits the maximum value this event can return is 49'7 days de uptime. Beyond this time Windows will reset the counters to zero and this strange situation can lead to unwanted situations or mistakes.

Read more here: http://msdn2.microsoft.com/en-us/library/ms724408(VS.85).aspx

Due to restrictions of GetTickCount Windows function we only can return a maximun of 49.7 days
The elapsed time is stored as a DWORD value. Therefore, the time will wrap around to zero if the system is run continuously for 49.7 days

Return values:

VALUE MEANING
-1 Error
X Number of seconds

Recommended parameters:

Comparison type Inverse. The higher the value the lower the severity (-c 1)
Monitoring interval 300 seconds – 1 hour –> depends on instance importance
Warning threshold Contact your Windows administrator
Alert threshold Contact your Windows administrator

Parameter setting example:

WINRETUP = -t 300 -c 1 -w 240 -a 60 -T "Windows retro_uptime"

Remarks: The text associated with this event returns the uptime in an human readable format like [X] days [Y] hours [Z] minutes.
This event uses obsolete Windows system functions.

WINIP4IN

WINIP4IN returns the number of active IP4 Interfaces.

Return values:

VALUE MEANING
-1 Error
X Interfaces IP4

Recommended parameters:

Comparison type Inverse. The lower value the higher severity (-c 1)
Monitoring interval 600 seconds – 1 hour –> depends on instance importance
Warning threshold Number of needed IP4 interfaces
Alert threshold NNumber of needed IP4 interfaces

Parameter setting example:

WINIP4IN = -t 300 -c 1 -w 4 -a 4 -T "IP4 Interfaces"

Remarks: This events uses ACE portable libraries so you can use it over other platforms without changing the code. See the use of the ACE wrappers into the code if interested.

WINIP6IN

WINIP6IN returns the number of active IP6 Interfaces.

Return values:

VALUE MEANING
-1 Error
X Number of IP6 Interfaces

Recommended parameters:

Comparison type Inverse. The lower value the higher severity (-c 1)
Monitoring interval 600 seconds – 1 hour - never –> depends on instance importance
Warning threshold Number of needed IP6 interfaces
Alert threshold Number of needed IP6 interfaces

Parameter setting example:

WINIP6IN = -t 300 -c 1 -w 4 -a 4 -T "IP6 Interfaces"

Remarks: This events uses ACE portable libraries so you can use it over other platforms without changing the code. See the use of the ACE wrappers into the code if interested.

WINPRCDW

WINPRCDW events checks if all of the processes in the list are up and running.

Extra parameters:
This event need an extra parameter to work:

PARAMETER MEANING Mandatory
-L “proc1[,proc2,procN]” - Processes list. (Don't use space between them, only ”,”)

Return values:

VALUE MEANING
-1 Error
0 At least one of the processes in the list is down
1 OK. All the processes are running

Recommended parameters:

Comparison type Inverse. The lower value the higher severity (-c 1)
Monitoring interval 60 seconds – 1 hour –> depends on instance importance
Warning threshold 0
Alert threshold 0

Parameter setting example:

WINPRCDW = -t 300 -c 1 -w 0 -a 0 -L "explorer.exe,osm_ag_WINDOWS1.exe" - T "Checking processes"

Remarks: If one of the processes is not running the event associated text is like this: Process [procN] not found
This event uses internal Windows system calls.

WINSVCDW

WINSVCDW events checks if all of the services in the list are up and running.

Extra parameters:
This event need an extra parameter to work:

PARAMETER MEANING Mandatory
-L “svc1[,svc2,svcN]” - Services list. (Don't use space between them, only ”,”) Yes

Return values:

VALUE MEANING
-1 Error
0 At least one of the processes in the list is down
1 OK. All the processes are running

Recommended parameters:

Comparison type Inverse. The lower value the higher severity (-c 1)
Monitoring interval 60 seconds – 1 hour –> depends on instance importance
Warning threshold 0
Alert threshold 0

Parameter setting example:

WINSVCDW = -t 300 -c 1 -w 0 -a 0 -L "osmius,lanmanserver" - T "Checking services"

Remarks: If one of the serices is not running the event associated text is like this: #[svcN]:DOWN - NOT RUNNING#
This event launches an Osmius script.

WINPRCFS

WINPRCFS checks if the Drives supplied in the list are used more than the percentage threshold defined by the user.

Extra parameters:
This event need an extra parameter to work:

PARAMETER MEANING Mandatory
-L -L “fs1[,fs2,fsN]” - Filesystems or drives list (Don't use spaces between them, only ”,”) Yes

Return values:

VALUE MEANING
-1 Error
0 - 100 occupied % of the fullest filesystem

Recommended parameters:

Comparison type Direct. The higher value the higher severity (-c 0)
Monitoring interval 60 seconds – 1 hour –> depends on instance importance
Warning threshold 75
Alert threshold 90

Parameter setting example:

WINPRCFS = -t 600 -c 0 -w 80 -a 90 -L "C,E,F,G"

Remarks: The text associated with this event will return the char of the drive with the higher percentage of used space.
Este evento ejecuta un script.

WINLOG01

WINLOG01 searches for coincidences of the supplies string into text files.

Extra parameters:
This event needs two extra parameters.

PARAMETER MEANING Mandatory
-S -S “string” - String to search into the text file Yes
-L -L “text_file” - Complete path to the text file in which search for the string Yes

Return values:

VALUE MEANING
-1 Error
0 No coincidences found
1 At least 1 coincidence found in the text file

Recommended parameters:

Comparison type Direct. The higher value the higher severity (-c 0)
Monitoring interval 60 seconds – 1 hour –> depends on instance importance
Warning threshold 1
Alert threshold 1

Parameter setting example:

WINLOG01 = -t 60 -c 0 -w 1 -a 1 -S "error" -L "C:\osmius\osmius\test.txt"

Remarks: This event remembers the last position read from the text file and in next executions the search starts from the last point read. Use event names from SOLLOG00 to SOLLOG99, 100 different events.

WINELOG1

WINELOG1 searches for coincidences into the windows event log using the supplied parameters.

Extra parameters:
This event needs three extra parameters.

PARAMETER MEANING Mandatory
-L -L “LogFileName” - Allow us to define the branch to search for coincidences Yes
-S -S “SourceName” - Allow us to choose the event Originator (process) Yes
-E -E “ErrorType” - Numeric vaue to define the error type
1: ERROR
2: WARNING
4: INFORMATION
8: AUDIT ACCES SUCESS
16: AUDIT ACCES FAILURE
Yes

Return values:

VALUE MEANING
-1 Error
0 No coincidences found
1 At least 1 coincidence found in the text file

Recommended parameters:

Comparison type Direct. The higher value the higher severity (-c 0)
Monitoring interval 60 seconds – 1 hour –> depends on instance importance
Warning threshold 1
Alert threshold 1

Parameter setting example:

WINELOG1 = -t 300 -c 0 -w 1 -a 1 -T "Error in W32Time" -L "System" -N "W32Time" -E 1

Remarks: The first time this event is executed the search runs from the first event into the Windows event log to the last one. Following calls will only search over newer events than the number of seconds defined in the ”-t” parameter.
Use event names from WINELOG0 to WINELOG9, 10 different events.

Prerequisites

In order to compile, this agent requires a set of prerequisites, which are generic to compile any Osmius agent, you can see these prerequisites.

Be sure to have the osm_windows.vbs and osm_eventlog.vbs file in %OSM_ROOT%\bin.

Makefiles and Compiling

  • Make Project Creator (MPC) is used by Osmius, so creating Makefiles is a trivial task. If you want to learn more about MPC and Osmius check out the section of Makefiles on Osmius.
  • In the particular case of windows Osmius agent using MS Visual C++ 8 you can easily generate Makefile as follows:

From the agent directory using console or terminal.

%ACE_ROOT%\bin\mpc.pl -type vc8 osm_ag_windows.mpc
  • Now that you have created the Makefile, agent compiling is extremely simple.
Double click on Osm_Ag_Windows_Osmius.vcproj and wait for Visual C to open the project.
In Solution configuration choose "Release".
In Project Properties – Configuration Properties – Linker – Input add psapi.lib click Accept.
Select Rebuild to compile the agent.

Binaries are automatically installed in the bin directory of OSM_ROOT base directory.

Ejecutar el agente de Windows

The Windows Osmius agent have the same running features of the other Osmius agents. You can check it out in the section Start and Stop Agents.

If you want to run the Windows agent without using the complete Osmius web console:

osm_ag_WINDOWS1.exe -c osm_ag_WINDOWS1.ini -m MASTERAG -p 1950 -d » [>> osm_ag_windows.log]1)

Running in standalone mode

The Windows Osmius agent, like the others Osmius agents, allows the execution in standalone mode. This option may be particularly useful when developing a new agent or to perform specific agent tests.

Basically you have to add a new value, called SNDCMD, to Osmius agent configuration file agente de Osmius para Windows (osm_ag_WINDOWS1.ini) as shown here.

Then, run tje agent setting the Master Agent communications port to zero, for example:

osm_ag_WINDOWS1.exe -c osm_ag_WINDOWS1.ini -m 00000000 -p 0 -d

Tests list

Test performed to agent de Osmius para Windows.

Date: 03/ 03/2008
Test Result Remarks
Creating an instance with all its events in silent mode OK -
Creating an instance with all its events with custom text OK -
Creating an instance with all its events but no custom text OK -
Declare 3 different instances with all the events set to 5 seconds
and leave it running for 48 hours
- -
Declare 2 instances, cause a disconnect and then reconnectOK -
Declare 1 instance and test each event OK -
Elimination of general parameter and check unbootable OK -
Elimination of instance CONN_INFO and check unbootable OK -
1) Optional, to store agent messages in a file
 
en/agentes/windows1.txt · Last modified: 2012/12/05 18:19 by osmius
 
Recent changes RSS feed Creative Commons License Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki