MonitorIT Online Help Guide

Transcription

The Complete Server & Network Monitoring System
Monitor, Detect, Alert, Diagnose, Measure, Collect & Report on
Windows Servers/Workstations, SNMP & SYSLOG Servers & Devices
User’s Guide
Sentry II version 8.0
Table of Contents
Introduction.............................................................................................................................7
Overview .............................................................................................................................8
Sentry II's Internet Explorer Based ‘Console’..............................................................13
Accessing Sentry II with a Remote ‘Console’ ...............................................................14
Sentry II Licensing...........................................................................................................14
Installation Instructions .......................................................................................................15
Upgrade Your Current Sentry II to the Latest .............................................................15
Installing the Sentry II Server ........................................................................................15
Sentry II Server as a Windows Service..........................................................................16
Optional Microsoft SQL Server Installation Steps.......................................................17
Sentry II Agent Installation Steps ..................................................................................18
Uninstalling the Sentry II Agent.....................................................................................20
Feature Overview ..................................................................................................................22
Sentry II Menus ...............................................................................................................22
Introduction Options .......................................................................................................28
Online Help.......................................................................................................................29
What Next After Installation ................................................................................................30
Performance Tips..................................................................................................................33
Internet Explorer Console...............................................................................................33
Default Access Database..................................................................................................33
SQL Server Database ......................................................................................................33
Hardware Platform..........................................................................................................34
Frequently Asked Questions.................................................................................................35
Configure Servers/Agents & Devices ...................................................................................42
Licensing Note ..................................................................................................................43
Current Selected Server/Device Buttons .......................................................................47
Eligible Watches...............................................................................................................48
Assign Watches ................................................................................................................49
Track Hardware Asset/Configuration Details ..............................................................50
Properties..........................................................................................................................50
Sentry II 8.0 User’s Guide
p. 2
Version 8.0.12 July 2006
IP Services Tab.................................................................................................................50
Windows Tab....................................................................................................................54
SNMP Tab ........................................................................................................................55
Global Configuration Buttons ........................................................................................56
Manage Agents .................................................................................................................57
Discovery Processing .......................................................................................................59
Manage SNMP .................................................................................................................62
Import ...............................................................................................................................64
Configure Groups .................................................................................................................66
Configure Security ................................................................................................................69
Active Directory View for Selecting User or Group.....................................................72
Global Security Settings ..................................................................................................73
Session Logon Report ......................................................................................................74
User Security Report .......................................................................................................74
Configure SNMP Trap Definitions ......................................................................................75
Configure Domain Information ...........................................................................................78
Configure Watches/Alerts.....................................................................................................80
Watch/Alert Type Views .................................................................................................83
IP Service Tab................................................................................................................83
PROCESS Tab ...............................................................................................................86
SERVICE Tab................................................................................................................89
EVENTLog Tab.............................................................................................................90
FILE Tab........................................................................................................................93
COUNTER Tab .............................................................................................................96
CUSTOM Tab................................................................................................................98
SNMPTrap Tab............................................................................................................100
SYSLOG Tab...............................................................................................................101
USER Tab ....................................................................................................................104
Schedule View.................................................................................................................104
Actions View ...................................................................................................................107
User Alerts ......................................................................................................................121
Cycle Multiple Displays ......................................................................................................122
Network Status Display.......................................................................................................123
Groups View ...................................................................................................................124
Devices View ...................................................................................................................124
p. 3
Device Alert Details Dialogue Box................................................................................126
ServerWatch Display...........................................................................................................128
Server Status Log View .................................................................................................128
Specify Status Log Display Filter Dialogue Box .........................................................130
AlertWatch Display .............................................................................................................132
Alert Log View ...............................................................................................................132
Alert Log Filter View.....................................................................................................134
Configure Alert Log Filter Dialogue Box ....................................................................135
EventLogWatch Display .....................................................................................................137
EventLogWatch Display View ......................................................................................137
EventLogWatch Display Filter View ...........................................................................139
Configure EventLogWatch Display Filter Dialogue Box...........................................139
SYSLOGWatch Display ......................................................................................................141
SYSLOGWatch Display View ......................................................................................141
SYSLOGWatch Display Filter View............................................................................143
Configure SYSLOGWatch Display Filter Dialogue Box ...........................................143
SNMPTrapWatch Display ..................................................................................................145
SNMPTrapWatch Display View...................................................................................145
Configure SNMPTrapWatch Display Filter View......................................................146
Configure SNMPTrapWatch Display Filter Dialogue ...............................................147
System Monitor ...................................................................................................................149
Memory Monitor .................................................................................................................151
HDD Monitor ......................................................................................................................153
Registry Monitor .................................................................................................................155
Manage Registry Monitoring Specifications Dialogue Box .......................................156
CounterWatch Graphs ........................................................................................................159
Monitored Objects Tree View ......................................................................................159
Creating and Configuring Charts ................................................................................159
Chart Configure Wizard ...............................................................................................162
Dynamic Chart Play ......................................................................................................163
Fine Tune Chart Play ....................................................................................................165
Schedule CounterWatch Monitoring .................................................................................167
p. 4
Schedule View.................................................................................................................167
Status View .....................................................................................................................168
Manage CounterWatch Monitoring...................................................................................171
Current Counters Monitored View..............................................................................171
Monitor Objects Tree View ..........................................................................................173
Server/Device Monitor Schedule Property Sheet .......................................................174
Counter Value Summary Report .................................................................................175
Create CounterWatch Reports............................................................................................177
Review Mode ..................................................................................................................177
Edit and Update Mode...................................................................................................178
Customizing Collection Sets..........................................................................................180
Schedule Periodic Reports..................................................................................................184
Schedule View.................................................................................................................184
Queued View...................................................................................................................188
Brand View .....................................................................................................................189
Run/Analyze & View Reports .............................................................................................190
Report Types ..................................................................................................................190
Status View .....................................................................................................................191
Service Report Analysis.................................................................................................193
Results View ...................................................................................................................195
Event Log View/Archive & Report .....................................................................................198
View Archived Event Logs............................................................................................198
View Monitored Events .................................................................................................200
View Current Event Logs..............................................................................................200
Event View......................................................................................................................200
Manage Archive Schedules ...........................................................................................203
Set Maximum File Size ..................................................................................................204
Syslog View/Archive & Report ...........................................................................................205
View Archived Syslogs...................................................................................................205
Content Search Substring(s) Filter ..............................................................................206
View Monitored Syslogs ................................................................................................206
Messages View................................................................................................................207
p. 5
Server/Device Maintenance................................................................................................209
Current Maintenance Schedules ..................................................................................209
Specify Maintenance Schedule for Servers/Devices ...................................................210
Net Toolbox .........................................................................................................................212
Trace Route Parameters ...............................................................................................212
SNMP Parameters .........................................................................................................213
Database Maintenance .......................................................................................................215
AutoPurge Tab ...............................................................................................................215
Objects Tab ....................................................................................................................216
Purge Tab .......................................................................................................................217
Sentry II Server Log............................................................................................................219
Sentry II Server Control Center .........................................................................................221
Appendix A – Local SQL Server Database ........................................................................227
Installing the Sentry II MDF File on a Local SQL Server.........................................227
Sentry II Security Issues for Accessing SQL Database ..............................................230
Appendix B – Remote SQL Server Database .....................................................................231
Sentry II Security Issues for Accessing SQL Database ..............................................234
Appendix C–SQL/ORACLE Requirements........................................................................235
Microsoft SQL Server Checking ..................................................................................235
Oracle Database Checking ............................................................................................235
Appendix D–Moving from Access to SQL Server..............................................................236
Revision
Version 8.0.12 - 7/ 10 /2006
p. 6
Introduction
Sentry II® is the complete and affordable Server and Network Monitoring System for any business.
It is designed as an intranet / internet based, comprehensive Windows, SNMP and SYSLOG
monitoring, alerting, diagnosing, collecting and reporting tool for managing availability and
performance of servers, workstations, and network devices in IP based networks.
Sentry II itself requires Microsoft Windows NT / 2000 / XP / 2003, and for its centralized database
operations, it supports Microsoft Access, which by default is installed with the included Access
database engine, or optionally Microsoft SQL Server. Sentry II uses Microsoft Internet Explorer to
provide easy, remote, secure console access to the Sentry II Server’s built in HTTP server (you do
not need IIS or any other web server software), and is best viewed with at least a screen resolution of
1024 x 768 and 16-bit color.
Sentry II provides nine monitoring components to accomplish the monitoring, and ties all the
monitoring together with its alerting, graphing and reporting components. All monitoring, alerting,
diagnosing, graphing, collecting and reporting is centrally available at the Sentry II Server, which in
turn can be accessed from anywhere with Sentry II’s remote IE based console.
p. 7
Overview
ServerWatch Sentry II’s ServerWatch component ensures the smooth operation of all network
infrastructure devices, and IP services on any server/device, regardless of the operating system.
ServerWatch monitors your WEB, Email and Database services for proper operation --- it lets you
monitor and check server IP services such as SNMP, HTTP, FTP, SMTP, POP3, DNS, TELNET,
Lotus NOTES servers, and SQL & ORACLE database servers. PING is also available for testing
general machine & device availability, and you can create a custom TCP check called USER to
connect to any specified port with the option to send a request string and check for a specific
response string.
With Sentry II’s flexible and powerful alert notification component, you define how, when, and if
you are alerted when ServerWatch detects failures of any of your IP services being monitored.
When defining ServerWatch watches, you can optionally specify time periods throughout the week
when monitoring is automatically suppressed, to accommodate maintenance down-time periods, for
example, and/or you can define watches that are dependent on other watches (primary) so that if the
primary watched device is down, alert notifications and actions are suppressed on the dependent
watched device; for example, suppress alert notifications from servers/devices from half your
network if they become unreachable when a particular router or switch is down.
ServerWatch provides a dynamic display for “at-a-glance” view of availability and performance of
all servers & devices being monitored. Optionally, always display down or failed services at the top
of the display to insure visibility. ServerWatch also provides a Discovery feature that automatically
locates servers & devices and associated IP services based on servers/workstations in your Windows
Domains/Workgroups, and/or based on an IP address range scan. Servers/devices found in the IP
address range scan can optionally determine the domain name for identification purposes.
ServerWatch Discovery makes Sentry II extremely easy to configure.
All ServerWatch monitoring results are logged to Sentry II’s Access or SQL Server database and
there is an “IP Service Availability & Performance” report available for either a summary or detailed
report on “up-time” and performance of all or selected servers/devices and IP Services, for any timeframe you specify. You can also use the “Alert Notifications” report to see the details of all failures,
whether they resulted in an alert notification or not according to your specifications, and view these
details on a selected server/device & IP service basis for any selected time frame.
For all of ServerWatch’s features and benefits, it is just the tip of the capability of Sentry II for
monitoring your Windows servers, and network infrastructure devices. Read on and see the other
capabilities that Sentry II provides, and the benefits of implementing this powerful, yet affordable,
Server and Network Monitoring System.
CounterWatch for Windows & SNMP. Sentry II’s CounterWatch proactively monitors both
Windows and SNMP Counters. CounterWatch for Windows monitors the performance of your
Windows servers and workstations via the available performance counters installed with Windows,
all Microsoft applications, and from various 3rd party applications that take advantage of the
performance counter option in Windows. You selectively monitor and gather detailed data about
virtually every aspect of server/workstation operation via these available performance Counters.
Performance Counters are available for all aspects of the hardware, including CPU, Disk, Memory,
and Network, and software including applications such as IIS, SQL Server and Exchange Server.
CounterWatch for SNMP, proactively monitors via a poll any SNMP Counter. SNMP Counters are
derived via server/device MIBs that you provide to Sentry II for parsing. By default, the Sentry II
Server component provides the SNMP CounterWatch polling. However, you can now optionally
p. 8
designate one or more deployed Sentry II Agents to act as remote, distributed SNMP CounterWatch
polling monitors that forward the SNMP CounterWatch data to the Sentry II Server via the Agent
connection.
For both Windows and SNMP CounterWatch monitoring, you can optionally have Sentry II use this
comprehensive performance data to trigger alerts if specified thresholds are exceeded, and you can
generate consolidated performance reports, or dynamic graphs. There is an option to export the raw
graph data to a CSV file, which can be viewed and processed by Microsoft Excel.
Create your own custom CounterWatch report collection set/templates to monitor, analyze,
troubleshoot/diagnose, and report, and make recommendations for improving performance and for
solving operational problems. All CounterWatch data is logged to Sentry II’s Access or SQL Server
database, giving you centralized control of all the monitoring results, and providing baseline and
trending data.
EventLogWatch Sentry II’s EventLogWatch monitors your Windows servers and workstations
in real-time for entries into the various available Event Logs. This provides you with the ability to
monitor virtually any and every event of significance that occurs. You can choose to be alerted for
those selected, critical events that you want to know about and act on immediately.
When you enable Windows auditing, you can monitor for a variety of auditing events to the Security
Event log to significantly increase your server security monitoring. These types of security events
include a variety of events for Logon actions, Account Login actions, Account Management actions,
Privilege Use actions, and Policy Change actions.
EventLog monitoring now takes advantage of Sentry II’s Active Directory integration so that now
you can use an Active Directory Groups as a parameter so that any event whose User parameter is a
member of the selected Active Directory Group(s) is considered a match.
You can centralize your Event Log management by capturing all events or just selected events to
Sentry II’s Access or SQL Server database, and run the “Alert Notifications” report to see the
captured events for all servers, or selected servers, for a selected time frame. Use the
EventLogWatch Display feature to view received, monitored Events dynamically as they occur, and
to display up to the previous 24 hours of previously received, monitored Events.
For Sarbanes-Oxley and HIPAA compliance assistance with respect to the Event Logs, Sentry II
provides a very flexible and powerful Event Log file archiving feature. You define one or more
schedules or conditions when the Events Logs on your selected servers and workstations are
automatically backed-up and optionally archived to a central storage that you specify. Archived
Event Log files are automatically saved in a GZIP compressed format that is very economical on
storage requirements.
A powerful Event Log Viewer is provided where you can view selected events based on filters that
you easily define for: 1) events in the Archived Event Log files, or 2) events in Monitor’s database
that were captured with your real-time EventLog Watches, or even 3) events in the actual current
Event Log files. You can filter the monitoring and viewing of Event Log data by Log type
(Application, System, Security, DNS Server, File Replication Service & Directory Service) and
specific Event types (Error, Warning, Information or Audit Success or Failure events), as well as
filter based on Event Source, Event IDs, Event Category, User Name or substring in the Event
Descriptions; and you can Save your filters and easily Load them again to use them next time you
are back in the Viewer. For any events that match your view filter, you have the options to Print,
Email, or Export to a CSV file.
p. 9
ProcessWatch Sentry II’s ProcessWatch monitors your selected Windows processes to make
sure they continue running; and also monitor for ‘rogue’ processes that should not be running.
Define alert notifications so you know when critical Windows processes are not running, or ‘rogue’
processes are running. You can optionally have Sentry II attempt to restart the processes not running,
or terminate the ‘rogue’ processes that are running. For running processes, you can optionally
specify CPU & Memory utilization thresholds, and be alerted if these thresholds are exceeded. Or
have ProcessWatch monitor all running processes, and be alerted if any CPU & Memory utilization
thresholds you specify are exceeded by any running process, and optionally have ProcessWatch
terminate processes that exceed your thresholds. All ProcessWatch alerts are logged to Sentry II’s
database, and you can view the history of ProcessWatch alerts in Sentry II’s “Alert Notifications”
report.
WinServicesWatch Sentry II’s WinServicesWatch monitors your selected Windows services to
make sure they are running. Define alert notifications so you know when critical Windows services
are not running, including services that are ‘hung’ during startup. You can optionally have Sentry II
attempt to restart these services that are not running or ‘hung’. All service failures are logged to
Sentry II’s database, and you can view the history of service failures in Sentry II’s “Alert
Notifications” report.
FileWatch Sentry II’s FileWatch monitors your select Windows server & workstation files. You
choose the files you want Sentry II to watch. You can specify wild-cards to monitor groups of files,
or even specify a folder name and monitor the whole folder for any changes including file additions
and deletions. You can optionally choose to be alerted, using Sentry II's standard alert notification
options, when watched files or folders have met one of the optional conditions you specify. These
options are: the file is created and exists, the file has exceeded a specified maximum size, the file
size changes from its current size, the file last modified date/time changes, or the file contains a
specified substring. There is a powerful ‘NOT’ option to check for the inverse of all of the above
conditions, including watching for files to be deleted. The substring search is optimized to only
check when new data is added to the file. Use FileWatch to monitor 3rd party application log text
files, watch for “hacked” files that should not have changed, or monitor key files that you expect to
change and be updated on a regular basis. And when you have appropriate Windows auditing
enabled, you can know not only what, when, and where but also WHO caused the FileWatch alert.
CustomWatch Sentry II’s CustomWatch monitors your Windows servers/workstations by
executing any Windows program, command, script, or batch file executable that you provide. It
runs the executable periodically on the monitored server/workstation according to a schedule that
you specify. You can optionally specify a comparison of the executable’s Exit Code to an exit code
you specify, and generate an alert notification if the comparison fails. You can optionally specify
an Executable Time-Out value and Sentry II will terminate the executable if it does not complete on
its own before the time-out expires; you can optionally specify Logon credentials and Sentry II will
start the executable under the user context of these credentials; and the specification for the
executable, and for the optional command-line options, support Environment Variable substitution
when bracketed with the percent character; for example, %SystemRoot%.
Use the powerful CustomWatch to create your own custom monitors but also use CustomWatch as a
central Windows Job Scheduler, and easily manage the scheduled execution of all your jobs across
all your servers and workstations from the central Sentry II Server.
Logical Drive, Page File, Registry & HW Configuration, and Server Reboot Check
In addition to the various Windows ‘Watch’ monitoring features described above, Sentry II also
provides the ability to easily monitor and dynamically display select Registry values, and Logical
Drive & Page File information including available Free Space.
p. 10
For the Logical Drive & Page File monitoring, you can easily enable an alert notification and be
notified when available Free Space drops below a threshold you define.
For the Registry & Hardware Configuration monitoring, you optionally choose to be alerted when
Hardware Configuration changes are detected, or select Registry Key/Value additions, changes, or
deletions are detected.
For the Server Reboot Check, you optionally choose to be alerted when a monitored server
reboot/restart check is detected.
SNMPWatch Sentry II’s SNMPWatch monitors your SNMP enabled servers and network
devices for SNMP Traps. You specify the SNMP Traps that are monitored and the acceptable
servers and network devices where they can originate. Optionally define alert notifications that are
executed upon receipt of specific SNMP Traps. Review the history of all or selected SNMP Traps
received in the Sentry II “Alert Notifications” report.
There is a MIB parsing feature to extract and make available the SNMP Trap OIDs from your server
and device MIBs, to make it simple to define the watches for SNMP Traps. Use the
SNMPTrapWatch Display feature to view received, monitored Traps dynamically as they occur, and
to display up to the previous 24 hours of previously received, monitored Traps.
Similar to the SNMP CounterWatch monitoring, there is now an option to designate one or more
Agents to act as remote distributed SNMP Trap monitors. Traps that match your defined watches
are forwarded on to the Sentry II Server over the existing Agent connection for logging to the
database and any alert notification processing.
SYSLOGWatch Sentry II’s SYSLOGWatch monitors SYSLOG messages transmitted from your
selected servers and network/infrastructure devices such as firewalls and routers. The Sentry II
Server listens on the standard SYSLOG UDP port for these messages and processes them according
to your specified SYSLOG Watch/Alerts. You can be alerted when selected SYSLOG messages are
received, and you can use SYSLOGWatch to centralize your SYSLOG collection, management and
reporting. Review the history of all or selected SYSLOG messages received in the Sentry II “Alert
Notifications” report. Use the SYSLOGWatch Display feature to view received, monitored
SYSLOG messages dynamically as they occur, and to display up to the previous 24 hours of
previously received, monitored SYSLOG messages.
For Sarbanes-Oxley and HIPAA compliance assistance with respect to the SYSLOG messages,
Sentry II provides a very flexible and powerful SYSLOG message archiving feature. You optionally
define in a SYSLOG Watch/Alert whether you want the SYSLOG messages archived for long term
storage and saving. Archived SYSLOG messages are automatically saved in a GZIP compressed
files that are very economical on storage requirements.
A powerful SYSLOG Archive Viewer is provided where you can view selected Archived SYSLOG
messages based on filters that you easily define for: 1) SYSLOG messages in the Archived SYSLOG
files, or 2) events in Monitor’s database that were captured with your real-time SYSLOG Watches.
You can filter the monitoring and viewing of SYSLOG messages based on content with the ability to
specify compound/complex search string criteria. For any SYSLOG messages that match your view
filter, you have the options to Print, Email, or Export to a CSV file.
Now there is an option to designate one or more Sentry II Agents as remote, distributed Syslog
collectors/servers. Agents so designated will optionally forward received Syslog messages to the
Sentry II Server over the encrypted Agent connection for logging and alert notification processing,
depending on your SyslogWatch rules. Archiving to flat text GZipped compressed files can also be
optionally enabled to storage available from the Agent machine.
p. 11
Alert Options Sentry II’s Alert options provide for Email, Pager, Beeper, SYSLOG, and/or
SNMPTrap alert notifications. And you can optionally execute any program, command, or batch
file, with macro substituted input arguments at run time, when an alert condition occurs. The
execution can be local on the Sentry II Server, or remote on the Windows server/workstation that
caused one of an EventLogWatch, ProcessWatch, WinServicesWatch, FileWatch, CustomWatch or
CounterWatch alert.
There is an Email Group feature so that it is very easy to manage sending Email alerts to multiple
Email recipients. When defining the Alert notification action, you simply reference the Email Group
name. There is a custom Email text option so you can compose the text for an Email alert the way
you want it. Both the custom Email text and the Email subject parameter support the same macros
as the program arguments, so that the specific information such as server/device name, IP address,
date/time, status, and Watch/Alert name are substituted.
Report Options Sentry II’s Report options include an “Alert Notifications” report where you can
report on all logged occurrences of your active Watch/Alerts, including IP Service checks, EventLog
events, ProcessWatch alerts, WinServicesWatch alerts, FileWatch alerts, CustomWatch alerts,
SNMP Trap alerts, SYSLOG messages, and report on all or selected servers/devices, for any selected
time-frame.
There is an ”IP Services Availability & Performance” report where you can report on the up-time
percentage and the response performance of all your active IP Services ServerWatch checks such as
PING, HTTP, SMTP/POP3, and others. There is a summary option, and an option to report on all or
selected servers/devices, for any selected time frame
You can create any number of custom “CounterWatch” reports, for Windows or SNMP, and analyze
monitored counter values from any one or more selected servers/devices, for minimum, maximum,
and average values over any selected monitored time-frame, and including a Graph so you can
pinpoint spikes and other periods of abnormal behavior.
There is an “Exclude Time-Period” feature so that you can specify time-of-day and day-of-week
time-periods that you want to exclude from the report analysis so that you can easily create reports
consistent with your Service Level Agreements.
All Sentry II reports can be optionally scheduled to run periodically, and automatically, with
complete flexibility in selecting the servers/devices reported on, and for what time frame; and you
can easily manage your queue of currently scheduled reports. Report output can be optionally
emailed, or a link to the HTML report output can be emailed, to one or more recipients. The Email
Group feature is supported for specifying recipients of the report Email.
Graph Options With Sentry II’s Graph options you can create and save any number of Graph
templates to view any selected set of Windows and SNMP Counters, from one or more
servers/devices, for any time-frame, historic or current. Graphs can be customized and saved in
terms of look, density, type and a number of other properties. Graph playback of historic or current
data is dynamic, and can be stopped, played in fast speed, or reverse, to easily analyze any
monitored period. The Graphs are a powerful tool for viewing and analyzing all your Windows and
SNMP CounterWatch monitored data.
Graphs, as previously mentioned, are included with all your CounterWatch Reports so that you can
easily pinpoint unusual behavior of each monitored Counter for the time-frame being analyzed and
reported
Hardware Asset/Configuration Information With Sentry II’s WMI (Windows Management
Instrumentation) support, you can now easily and automatically track the hardware
asset/configuration details of all your Windows servers/workstations. View and optionally print the
p. 12
hardware details report per server/workstation, and optionally choose to be alerted automatically
when Sentry II detects changes to the Hardware Configuration.
Security Options Sentry II provides very flexible Security options. You can define authorized
Users, with different security and rights to access and use the various Sentry II features. You can
restrict select Users to have access to only a subset of the various Groups of servers/devices you
define. This way you limit different Users to different subsets of your monitored network. You can
also assign ‘Ownership’ rights to Sentry II Reports and Graphs so that Users only can access and
view Reports and Graphs that they own or are owned by ‘All’.
Now with Sentry II’s Active Directory integration, you can specify an Active Directory Group so
that any User who is a member of the Group is considered an authorized User. And if you choose,
Sentry II will authenticate your LoginName/Password with Active Directory so you can use your
standard Windows login for Sentry II’s console.
Sentry II's Internet Explorer Based ‘Console’
You access the Sentry II Server and its associated Access or SQL Server database to observe the
monitoring, track alerts, watch server status, and run performance reports and dynamic graphs from
anywhere you have Internet Explorer and IP access to the Sentry II Server. (Sentry II is best viewed
with a screen resolution of 1024x768 and 16-bit color or better. See Performance Tips below for
more information about optimizing Sentry II use and access.)
The Sentry II Server component manages the Sentry II Access or SQL Server database and functions
as an HTTP web server. This capability is built in to Sentry II and you do NOT need any other web
software such as IIS. The Sentry II user interface is designed and implemented around this web
server feature. For this reason, you use Microsoft Internet Explorer installed on any computer,
acting as the Sentry II console, for access to the Sentry II Server. (Note: The first time you connect
from any particular machine acting as the Sentry II you must allow the secure and signed ActiveX
console components to be downloaded and installed.)
The Sentry II ‘Console’ uses HTTP to request and download the various user interface pages, and
once the page is loaded, a secure encrypted and compressed TCP connection, using technology in
the downloaded ActiveX Control, is created back to the Sentry II Server and all subsequent
transmissions between the ‘Consol’ and the Sentry II Server are done over this ecure TCP
connection.
The Sentry II Server component also contains an "embedded" Internet Explorer browser that
communicates with the built-in web server. When you run the Sentry II Server the first time as a
foreground/desktop application the default view is with the embedded browser. (See the next section
on Installation to setup running the Sentry II Server as a Windows service; and see Sentry II Server
Help for more information about the other Server Views when running as a foreground/desktop
application.). This intranet, web-based technology provides you with the ultimate flexibility,
security, and control when using Sentry II.
Your access to the ‘Console’ is also secure; you define authorized users with appropriate rights, and
with Sentry II’s Active Directory integration, you can specify an Active Directory Group so that any
User who is a member of the Group is considered an authorized User. If you choose, Sentry II will
authenticate your LoginName/Password with Active Directory so you can use your standard
Windows login for Sentry II’s console.
p. 13
Accessing Sentry II with a Remote ‘Console’
You can access the Sentry II Server remotely from any computer that has Microsoft's Internet
Explorer and TCP/IP connectivity. This remote access provides full access to Sentry II's features,
such as graphs, monitoring, alerts, reports and administration. Connect to the Sentry II Server's built
in web server just like you would connect to any web site. In IE’s URL address line, put the IP
address of the Sentry II Server machine or its Domain name, and use port 81.
For example,
http://n.n.n.n:81
or, http://Sentry IIMachineName:81
The first time you do this from another computer, Sentry II will download and register the
appropriate secure and signed ActiveX components from the Sentry II Server installation directory
(see “...\Sentry II\Controls folder). For subsequent access to the Sentry II Server from this
computer, all components are stored locally, eliminating the need to download them again.
Sentry II uses ports 81 and 82 by default but these can be reconfigured to avoid port conflicts with
other applications. See the Properties description in the Sentry II Server Control Center section
later in this document on how to change the port assignments; or run the ‘Sentry II Server Config
File’ utility
Problems in successfully connecting to the Sentry II Server from another machine using Internet
Explorer are usually related to 1) Proxy Server settings in IE; or 2) Firewall restrictions. It is also
possible there is a port conflict with Sentry II’s default ports 81 & 82, and some other application
using the same ports.
Sentry II Licensing
Sentry II is licensed based on the number of servers, workstations, and devices you are monitoring at
unique IP addresses. All of Sentry II’s available monitoring features can be configured for a single
server or device at a unique IP address, and this only counts as one license.
It is also permitted to add multiple server, workstation, and device entries, such that the total number
of uniquely named entries exceeds your license count. This is permitted so long as the total number
of unique IP addresses for these entries, plus Sentry II Agents where there is more than one Agent
registered per unique IP address, does not exceed your maximum license count.
You can, for example, have more than one Agent entered and registered at the same IP address, but
each additional Agent beyond the first at an IP address counts toward the license. (More than one
Agent at the same IP address occurs when the monitored servers and workstations are “behind” a
NAT device, a shared Cable Modem or DSL WAN router that presents a single IP address to the
world).
This feature of the licensing is actually quite useful. For example, if you want to perform several
different HTTP checks to your web server at a particular IP address, you can add multiple server
entries, each with a different name but with the same IP address. Configure the IP Service HTTP
parameters for each entry according to the type of check you want to perform; then go to Configure
Watches/Alerts to configure a watch on each, with their own special schedule & action parameters.
There is no cost for the Sentry II Server component itself, only for the number of servers/devices, at
unique IP addresses as described above, that it is monitoring. There is also no cost for the number of
IE based local and remote Sentry II consoles you have running at any one time.
p. 14
Installation Instructions
This section includes the steps for upgrading your current Sentry II version to the newest version, as
well as the steps for installing the:

Sentry II Server
Using Microsoft SQL Server (Optional)
Sentry II Agent (Optional)
Uninstalling Sentry II Agent
Upgrade Your Current Sentry II to the Latest
There is a single, simple Upgrade if your current Sentry II version is 6.0.00 or greater. Contact
Support if you are using an earlier Sentry II version.
Only if your current Sentry II version is 6.0.00 or greater, then:
Run “Sentry II_FullSetup.exe”, from the folder where you downloaded and saved, to start
the installation program for the new version, and follow the on-screen install directions.
Choose the same directory to install the new version over the current version; your current
configuration and database information are preserved.
Your upgrade is now complete! At the prompt at the end of Setup about restarting the
Sentry II Server service (if you were previously running the Sentry II Server as a service),
choose OK, and your Sentry II Server service is restarted and back up and running with the
new version.
Installing the Sentry II Server
The Setup program will install the Sentry II Server and Agent applications on the computer you
want to be designated as the Server computer.
⇒ Exit all programs.
⇒ To install Sentry II, simply run the Setup_Sentry II.exe program from the CD, or Sentry
II_FullSetup.exe from your download folder where saved. Note: If your system does not meet
Sentry II requirements, it will notify you of each aspect throughout installation.
⇒ You will see the Sentry II Welcome Screen. Click Next.
⇒ Now you are brought to the License Agreement. Click Yes if you agree to the terms of the
agreement. Click No to exit Sentry II setup.
⇒ The Read Me file will be displayed (it is also accessible prior to installation). Read through the
notes and click Next to continue.
p. 15
⇒ Sentry II will provide a default directory for installation, which is C:\Program Files\Sentry II. If
you wish to change this directory, click Browse to choose a different folder. Choose Next to
continue.
⇒ Sentry II will determine whether you have enough free disk space to install the program. If you
do not, then you must choose another drive or create enough space for the program.
⇒ Sentry II will ask to create the Program folder for you. Click Yes.
⇒ The next screen provides you with some various configuration and startup options. The options
are as follows:
-Add Server shortcut to the desktop
-Add Sentry II Console shortcut to the desktop
By default, both options are checked. Select the options you wish to have, and
choose Next.
⇒ Sentry II will display a summary page so that you can review your installation options and
settings. Take a moment to read through them. You can change any of the settings by clicking
on the Back button and returning to the appropriate dialog to make changes. Click Next to return
to the summary page. Once you have determined your settings, click Next. Sentry II will copy
the necessary program files to your system.
⇒ If a “Media Error” is reported at this point, the most likely reason is that the Sentry II Server or
Agent is still running, or an IE instance with a Sentry II access is active. Insure the Server,
Agent, and any local IE Sentry II displays are stopped.
⇒ When Sentry II has finished installing all the necessary files, you will be brought to a screen to
perform Electronic Registration. Click Finish when done.
⇒ After Sentry II has finished, it may ask you if you wish to restart your computer. Restart the
computer, and you can now begin to use the product.
⇒
Start the Sentry II Server by double-clicking the spider-web icon called Sentry II Server on
the desktop, and run the Sentry II Server as a foreground/desktop application. (See the next
section for details on how to configure the Sentry II Server to run as a Windows service). When
the Sentry II Server completes loading and starting up, select the Quick Start option from the
Introduction screen by clicking on the “check-list” icon shown above.
Sentry II Server as a Windows Service
After you run the Sentry II Server the first time as a foreground/desktop application, you can select
the Sentry II Server menu item Service, and then Settings to enable the Sentry II Server service.
p. 16
If the Sentry II Server Service is created successfully, you exit the Sentry II Server component,
running as a foreground/desktop application, and the Server Service will automatically restart the
Server component under its control and without the 'console' interface. Thereafter, when you log-out,
or reboot the machine and on restart, the ‘Sentry II Server Service’ runs, and in turn, it runs the
Server component.
Control the Server Service
You stop and start the Sentry II Server component via the 'Sentry II Server Service’ using the
Windows Services applet.
You access the Sentry II Server component by double-click on the 'Sentry II Console' icon to start
the 'console' interface.
Service Logon Property
By default, the ‘Sentry II Server Service’ runs under the ‘Local System Account’. Hence, there
may be scenarios when you may need to set the Sentry II Server Service 'Logon' Property to
'Administrator'. For example, if you are using a remote SQL Server for Sentry II’s database, you
will need to set the ‘Logon’ Property to an Administrator or equivalent. You will also likely need to
set the ‘Logon’ property if you want to use Sentry II’s Active Directory integration.
Sentry II Server Self-Monitoring
When the Sentry II Server component is running under the auspices of the Sentry II Server Service,
the Service monitors the Server component process called RPMCCS.EXE to make sure it is running.
The Service also expects to receive timely ‘keep-alive’/’heart-beat’ signals from the Server
component process. If the Service does not receive the timely ‘keep-alive’/’heart-beat’ signals
indicating the Server component process is not functioning correctly, or if the Server component
process RPMCCS.EXE is not running at all, the Service terminates the Server component process
and then restarts it.
Optional Microsoft SQL Server Installation Steps
The first time the Sentry II Server is run it will attempt to open its database. If the
database names have not yet been defined through the ODBC Data Sources (located on
the Control Panel or in Administrative Tools), a dialog will appear. If SQL Server is
installed on the same computer as the Sentry II Server, you will be presented with 3 options.
Otherwise you are presented with two.
If you are going to use the default Access or SQL database locally, reply to the prompts accordingly
and Sentry II will configure itself to use Access or SQL automatically. If you choose to use
Microsoft SQL Server as the remote Sentry II database several additional steps are required.
p. 17
For detailed installation steps of configuring Sentry II for use of a remote SQL database, see
Appendix B.
Sentry II Agent Installation Steps
Install the Sentry II Agent on those Microsoft Windows NT / 2000 / XP / 2003 based server and
workstation computers in your network when you want CustomWatch, ProcessWatch,
WinServicesWatch, EventLogWatch, FileWatch and/or Windows CounterWatch monitoring. The
Sentry II Agent installs and runs as a service.
The Sentry II Agent is not required for using the ServerWatch, SYSLOGWatch, SNMP
CounterWatch, or SNMP Trap Watch features (see Configure Servers/Agents & Devices and
Configure Watches/Alerts).
You can optionally designate and use one or more deployed Sentry II Agents as Syslog and SNMP
Trap & Query collector/monitoring servers for monitoring your remote infrastructure devices. This
is transparently integrated into all the standard Sentry II Watches, Displays, and Reports after you
make the appropriate Agent designations and Device assignments in Configure Servers/Agents &
Devices.
The Agent requires port 82 by default and uses port 82 outbound to initial a secure TCP connection
to the Sentry II Server. All transmissions between the Agent and Sentry II Server are sent encrypted,
and if necessary compressed over this TCP connection.
Global Agent Management for Automatic Push Agent Installation
The recommended method for installing, or updating, the Sentry II Agent service on your Windows
NT / 2000 / XP / 2003 servers and workstations is to use the 'One-Button' Push feature for
installation. This feature is available in Configure Servers/Agents & Devices from a single screen,
called Manage Agents, where you mange all your Agents centrally. You can view installed Agent
versions, view servers and/or workstations in all your Windows Domains and Workgroups that are
not currently configured in Sentry II, and you can select one or more NT / 2000 / XP / 2003
servers/workstations for a batch install/update with a single click. (See the Configure Servers/Agents
& Devices for managing the servers, workstation, and network devices that you want to monitor).
This 'One-Button' click to push the Sentry II Agent files down to selected NT / 2000 / XP / 2003
servers/workstations, installs or updates the Sentry II Agent service and starts the service, all without
requiring a server reboot. This feature does require that you have Administrative Share rights to the
server where you want to install the Sentry II Agent. Use the Logon feature available on Manage
Agents to specify your Administrator logon credentials, or configure and save them in the Configure
Domain Information function. On subsequent updates of connected Agents, no share rights or
Logon credentials are required since the Sentry II Server signals the selected connected Agents to
download the updated files and update them selves.
See Configure Servers/Agents & Devices -> Manage Agents for more information on using this
preferred approach for installing and managing your Sentry II Agents.
Alternative Automatic Pull Agent Installation
If due to geographic limitations or other security restrictions, you cannot use the ‘Push’ method to
install the Agent the first time; an alternative for the Agent installation is to pull the Agent down
p. 18
from the Sentry II Server. Follow these two steps, if you have Internet Explorer on your server or
workstation, which automate most of the steps for "pulling" the required Agent files to the server:
⇒ At your server or workstation, run Internet Explorer version 5 or higher and connect to the
Sentry II Server computer using the following URL:
http://nn.nn.nn.nn:81/InstallAgent.asp
where nn.nn.nn.nn is the IP address of the Sentry II Server computer. If you currently use a
remote control program such as CoSession, pcAnywhere, or Terminal Server, you can use it to
connect to the target server to run IE and connect back to the Sentry II Server.
⇒ When you connect to the above URL on the Sentry II Server, it checks to make sure the machine
name and IP Address is unique in Sentry II, and if a duplicate named entry already exists at a
different IP Address, you are prompted to enter a unique name to be used for this
server/workstation. Once the unique name is verified, you will be prompted to confirm the
download of the Sentry II Agent software. Press the OK button, and the Sentry II Agent
software will be downloaded and installed. The Agent is installed and runs as a service. After
the installation, it will load the Sentry II Agent and automatically register your server to the
Sentry II Server database. Sentry II can now do CustomWatch, ProcessWatch,
WinServicesWatch, FileWatch, CounterWatch and EventLogWatch monitoring of your NT /
2000 / XP / 2003 servers and workstations.
Alternative Manual Agent Installation
If you cannot use the Push or Pull Agent installation options, you can manually install the Sentry II
Agent. Follow these steps:
⇒ Copy the Sentry II Agent, RpmAgent.exe, the Sentry II AgentService.exe and
AgentEvents.dll, and Sentry II User Alert support, Sentry IIAlert.exe, from the Bin folder of
the Sentry II Server install directory to "\WINNT\SYSTEM32" (or \PROGRAM
FILES\Sentry II) folder on the server or workstation you want to monitor. If you currently
use a remote control program such as CoSession, pcAnywhere, or Terminal Server, you can
use it to connect to your server and remotely perform these steps.
⇒ Next run: AgentService.exe –i arg1 82 arg2 arg3
to install the Agent as a service.
Arg1 is the Sentry II Server IP address (e.g. 192.168.1.100) so the Agent knows where to
connect; 82 is the default port that the Sentry II Server listens for Agents; arg2 is the fully
qualified path name for the RpmAgent.exe (e.g. C:\WINNT\SYSTEM32\RpmAgent.exe);
and arg3, which is optional, and if specified, is the name that the Agent uses for this
server/workstation when it connects and registers with the Sentry II Server.
⇒ For example,
AgentService.exe –i 192.168.1.100 82 c:\winnt\system32\RpmAgent.exe
⇒ When this completes then run "AgentService.exe -s" to start the Sentry II Agent Service.
There is no need to reboot the server.
p. 19
The Sentry II Agent will automatically attempt connection to the Sentry II Server after about a 30
second delay. Once the Sentry II Agent connects, it will automatically register.
Automatic Agent Registration
Once the Sentry II Agent connects to the Sentry II Server the first time, it will automatically register
itself in the Sentry II database, using its predefined computer name. Its available counters and
services for monitoring are also uploaded and revealed to the Sentry II Server
If you have previously used the Configure Servers/Agents & Devices to add this server or
workstation to the Sentry II Server database, under a different name, you will have duplicate entries,
and will have to use Configure Servers/Agents & Devices to manually resolve this.
You can inhibit Automatic Agent Registration with a setting in Configure Security.
Uninstalling the Sentry II Agent
The Sentry II Agent is uninstalled when you ‘Delete’ the corresponding server/workstation entry in
Configure Servers/Agents & Devices at the Sentry II Server. As part of the delete processing, the
Sentry II Server sends a message to the Agent to uninstall itself.
Alternatively, for example if the Agent was not connected when deleting the server entry, there are
two options for manually uninstalling the Agent:
Manual Uninstall Option 1
⇒ At your server or workstation, run the “RpmAgent.exe” with the following command-line
argument: /UnregServer
For example: RpmAgent.exe /UnregServer
⇒ Then, run the “AgentService.exe”, normally it is stored in the \WINNT\SYSTEM32 (or
\PROGRAM FILES\Sentry II) folder, with the following command-line argument: -u
For example: AgentService.exe –u
⇒ Next, delete the “RpmAgent.exe”, “AgentService.exe”, “AgentEvents.dll”.and “Sentry
IIAlert.exe” from the folder where you copied them originally.
Manual Uninstall Option 2
⇒ At your server or workstation, run Internet Explorer and connect to the Sentry II Server
computer using the following URL:
http://nn.nn.nn.nn:81/UninstallAgent.asp
where nn.nn.nn.nn is the IP address of the Sentry II Server computer. If you currently use a
remote control program such as CoSession2000, pcAnywhere, or Terminal Server, you can
use it to connect to your server to run IE and connect to the Sentry II Server.
⇒ When you connect to the above URL on the Sentry II Server, you may be prompted to
confirm the download of required Sentry II software. Press the OK button and the Sentry II
Agent software will be uninstalled.
p. 20
⇒ It may be necessary to restart in order to complete the deletion of all Agent files.
p. 21
Feature Overview
Access all functions of Sentry II in one of two ways, (1) by clicking on the down-arrow button in the
upper-right-hand corner to display a drop-down menu of functions, or (2) from the "Microsoft
Outlook" style menu on the left.
Sentry II Menus
Drop-down Menu
The first item in the drop down, "Open in New
Window", defines whether the selected
function is opened in a separate window.
Click it to toggle the state. (You may need to
change your IE setting “Reuse Windows for
launching shortcuts” under the “Tools->
Internet Options->Advanced” and uncheck
this setting).
Using the mouse, highlight the desired
function, and click to choose it. It will open in
the same window or a new window based on
the state of "Open in New Window".
p. 22
"Outlook" Style Menu
Click the "Configure", "Monitor", “Display”, "Report", “Archive” or "Utilities" tab to scroll the
associated functions into view. The Sentry II “Outlook” menu is always available, so you can select
another function or tab at any time.
Configure
From the "Configure" tab menu, you can select functions to:
•
Discover and Define the Servers, Workstations, & Devices in your
network that you will be monitoring, and manage the install/update
of the Sentry II Agent on your NT/2000/XP/2003 servers &
workstations.
•
Create and Edit the Watches & Alerts that you use to monitor and
action select Windows Services, Processes, Event Log events,
watched Files, SNMP & Windows Performance Counters, Custom
Watches, SNMP Traps, SYSLOG messages, and IP Services that
you decide are critical.
•
Define Groups to organize these Servers/Devices into meaningful
groupings.
•
Define your Domains and Workgroups, and optionally User logon
credentials
•
Define SNMP Trap definitions for SNMPWatch and/or parse MIBs
for SNMP Trap information.
•
Enable Security by defining your authorized Administrators and
Analysts.
p. 23
Monitor
From the "Monitor" tab menu, you can select functions to:
•
Use the System Monitor to view the status of deployed Sentry II
Agents on your servers/workstations as well as other parameters
such as system uptime, number of processes, number of threads,
percent Registry quota in use.
•
Use MemoryWatch Monitor to view and monitor the memory
utilization of all Windows servers/workstations with the Sentry
II Agent
•
Use HDDWatch Monitor to view and monitor the Hard Disk
Drives/Logical Disk Drives of all Windows servers/workstations
with the Sentry II Agent
•
Use RegistryWatch Monitoring to view and selected Registry
entries for all Windows servers/workstations with the Sentry II
Agent
•
Use CounterWatch Graphs to graphically display one or more
charts of dynamic and/or historic monitoring activity of your
Microsoft Windows servers and workstations & SNMP servers
and network devices
•
Manage CounterWatch monitoring that you are manually
controlling from the Tree view of all your available Windows
servers and workstations & SNMP servers and network devices
•
Schedule CounterWatch monitoring of your Windows servers
and workstations & SNMP servers and network devices using
your custom templates of the selected counters you are
interested in monitoring
p. 24
Display
From the "Display" tab menu, you can select functions to:
•
Cycle through the various Sentry II status displays on this
‘Display’ menu and the previous ‘Monitor’ menu. You select
which displays and what the cycle time is.
•
Watch current Network Status by Group or by Server/Device;
click to view outstanding alerts per server/device.
•
Watch current ServerWatch activity and status, and optionally
specify the status display of selected Servers.
•
Watch current EventLogWatch activity, and optionally define
filters to watch for only selected Events.
.
•
Watch current SYSLOGWatch activity, and optionally define
filters to watch for only selected SYSLOG messages.
•
Watch current SNMPTrap activity, and optionally define filters
to watch for only selected SNMP Traps
.
•
Watch current Alert activity, and optionally define filters to
watch for only selected Alerts.
p. 25
Report
From the "Report" tab menu, you can select functions to:
•
Create and maintain the set of CounterWatch Reports you use to
analyze the operation and performance of your Windows server
and workstation & SNMP servers and network devices
•
Schedule reports to run periodically and automatically with
complete flexibility in specifying selected servers/devices, and
time frame.
•
Run reports and Analyze the data from all the monitoring
activity, and server watch activity, then View, and/or print, the
Report results.
p. 26
Archive
From the "Archive" tab menu, you can select functions to:
•
View Event Logs of your Windows NT/2000/XP/2003 servers
and workstations that you have Archived, or on the actual
servers/workstations; or view events in the database captured
via your EventLog Watches; Print, Email, or Export your list of
events that match your specified filter(s).
•
View SYSLOG messages captured from your servers and
infrastructure devices that you have Archived; or view
SYSLOG messages in the database captured via your SYSLOG
Watches; Print, Email, or Export your list of SYSLOG messages
that match your specified filter(s).
p. 27
Utilities
From the "Utilities" tab menu, you can select functions to:
•
Easily define Maintenance periods when you want to disable
monitoring and alerting for select servers/devices for a one time
period or for repeat periods.
•
Use Net Tools for a Trace Route, DNS Lookup, SNMP Query
View or PING.
•
View the dynamic Sentry II Server log to watch the Sentry II
Server activity.
•
Database Maintenance, such as purging old information and
compacting to reclaim space.
•
Return to the Introduction page.
Introduction Options
The Introduction page offers a Quick Start option and tips on navigating Sentry II and getting help:
p. 28
•
Click the “QuickStart” or the
“Complete Checklist” alternative for
an overview of steps to get up and
running with Sentry II quickly and
easily.
•
Click the "Question Mark" button for
Help on any Sentry II feature.
•
Click the “Down Arrow” button for a
drop-down menu of Sentry II
functions.
Online Help
This User’s Guide is also available from the Sentry II ‘console’ interface. To
obtain context-sensitive help, simply click on the question-mark button in the
upper right-hand corner of the Sentry II screen.
The context-sensitive help is displayed in a separate display area. For example:
p. 29
What Next After Installation
Start the Sentry II Server, by double-clicking ‘web’ the icon on the desktop, or by going
to: “Start->Program Files->Sentry II->Server.”
After the Sentry II Server starts, select the Quick Start option from the Introduction
screen by clicking on the “check-list” icon shown at left. Follow the three steps, using
the active links, to set up ServerWatch of the servers, workstations, and network devices
you want to monitor.
After you complete Quick Start, choose the “complete checklist” option and follow the steps there,
using the active links, to get up and running with all of Sentry II’s features. These steps are
summarized below:
I. Configure Your Servers, Workstations, and Network Devices You Want to Monitor
•
Select Configure Servers/Agents & Devices , New, then Discovery to find and add your
servers/workstations, and network/infrastructure devices you want to monitor with
ServerWatch, SYSLOGWatch or SNMPTrapWatch.
•
Optionally, in Configure Servers/Agents & Devices , install the Sentry II Agent on your
Microsoft Windows servers and workstations that you want to monitor with
EventLogWatch, ProcessWatch, CustomWatch, FileWatch, WinServicesWatch and
CounterWatch.
•
Optionally, select Configure Groups , New feature to define groups for organizing your
servers, workstation and network devices. Then go back to Configure Servers/Agents &
Devices, Lookup, and then Edit each server/device you want to reassign to a new Group.
•
Optionally, select Configure Security to define one or more authorized users with a login
and password and various access and usage rights.
•
to define one or more SNMP Trap
Optionally, select Configure SNMP Trap Definitions
IDs used by Configure Watches/Alerts when defining SNMP Trap Watches.
•
Optionally, select Configure Domain Information to define your Windows Domain,
Workgroups and Standalones, and optionally the Logon credentials for each.
•
Select Configure Watches/Alerts , New to define your File Watch, ProcessWatch,
CustomWatch, WinServicesWatch, CounterWatch, EventLogWatch, ServerWatch,
SYSLOGWatch and SNMPTrapWatch monitoring. Specify optional alert actions to be
taken when monitored SNMP Traps are received, SYSLOG messages are received, Event
Log events occur, Servers are not available and/or when Windows and SNMP Counters
exceed your defined thresholds.
p. 30
II. Monitor Your Servers, Workstations and Network Devices
•
Select Network Status Display to display the status of your server & network devices and
by extension the Groups that they are members of. You can optionally ‘drill-down’ and
display the outstanding alerts for any server/device within a specified status interval.
•
Select AlertWatch Display to display all alerts as they occur; optionally use the
Configure Filter to specify only specific alert types that you want displayed as they occur.
•
Select ServerWatch Display to display the real-time status of your IP Services you are
monitoring; optionally use the Configure Filter to choose only specific servers/devices
and/or IP Services to display their real-time status.
•
Select EventLogWatch Display to display all watched for Events as they occur;
optionally use the Configure Filter to specify only specific watched for Event types that you
want displayed as they occur.
•
Select SNMPTrapWatch Display to display all watched for SNMP Traps as they occur;
optionally use the Configure Filter to specify only specific watched for Trap types that you
want displayed as they occur.
•
Select SYSLOGWatch Display to display all watched for SYSLOG messages as they
occur; optionally use the Configure Filter to specify only specific watched for SYSLOG
types that you want displayed as they occur...
For your Windows computers with the Sentry II Agent installed:
•
to view and monitor the memory utilization of all
Select MemoryWatch Monitoring
Windows servers/workstations with the Sentry II Agent.
•
Select HDDWatch Monitoring to view and monitor the Hard Disk Drives/Logical Disk
Drives of all Windows servers/workstations with the Sentry II Agent.
•
Select RegistryWatch Monitoring to view and monitor selected Registry entries of all
Windows servers/workstations with the Sentry II Agent.
•
Select CounterWatch Graphs to create, save/recall, and view dynamic, historic or realtime charts of your monitored CounterWatch counters.
•
Select Schedule CounterWatch Monitoring , using your predefined reports (see Create
CounterWatch Reports), and specify the start date/time and duration to monitor and
accumulate CounterWatch performance data.
•
Select Manage CounterWatch Monitoring , to see your current active CounterWatch
counters, or to manually select CounterWatch counters for monitoring.
p. 31
III. Analyze & Report Your Monitoring Data
•
For your Windows servers/workstations with the Sentry II Agent installed, and for your
SNMP servers/devices, select Create CounterWatch Reports
to create specific
CounterWatch reports, from among the built in collection-set templates or your custom
created collection-set templates. Use Schedule CounterWatch Monitoring to monitor and
gather data for the selected counters, from the specified servers/workstations/devices in the
report.
•
Then select Run/Analyze & View Reports , after the performance data gathering has
completed, to analyze, view and/or print the results of the CounterWatch performance
monitoring for your defined reports.
•
Select Schedule Periodic Reports and schedule any of the Sentry II reports to run
automatically and periodically with complete flexibility in specifying servers/devices and
time frames to report on.
•
For your servers/devices that are monitored with ServerWatch, select Run/Analyze & View
Reports , Service Availability & Performance to generate reports of the availability and
response performance for one or more of the servers/devices you are monitoring. Specify
the historical interval to analyze, then view and/or print the results.
•
For a report of failures on any or all of the servers, workstations, and devices you are
monitoring with any of Sentry II’s monitoring components, select Run/Analyze & View
Reports , Alert Notifications. Specify the historical interval to analyze, then view and/or
print the results.
•
Select Event Log View/Archive & Report
to display all, or selected, information from
your Windows NT / 2000 / XP / 2003 server and workstation actual or Archived Event
Logs; or display monitored events from the database captured via EventLogWatch.
IV. Miscellaneous Sentry II Operation Utilities
•
Select Net Toolbox to perform a Trace Route, do a DNS Lookup, query and view an
SNMP device, or do a one-shot PING.
•
Select Database Maintenance to purge records and compact the database. Periodically, it
is recommended that you purge and compact the Sentry II Server database to prevent it from
getting too large. The database file is saved in the Database folder of the Sentry II install
directory.
•
Select Sentry II Server Log to view the log data from the Sentry II Server, and to enable
Logging to Disk, which is very useful when troubleshooting Sentry II Server activity.
p. 32
Performance Tips
This section provides tips on optimizing Sentry II’s performance.
Internet Explorer Console
Set IE to look in its local cache first before downloading images. In Internet Explorer, go to
‘Tools->Internet Options->Settings->Check for newer versions of stored pages’ and select
‘Automatically’, and then OK to apply. This will have a big impact in improving the page
updating.
Default Access Database
If you are using the default Access as Sentry II’s database, go to your ‘Data Sources (ODBC)’
utility in Windows, usually found in the Control Panel or the Administrative Tools. In the
‘System DSN’ find the ‘BreakoutRPM’ DSN, click Configure and then Advanced. Under the
Options find MaxBufferSize and click it to change its value to 8192. Next, find Threads and
click it to change its value to 12. Click OK to save.
Once every 3 to 4 weeks, you should do a Compact & Repair operation on your Sentry II
database file,”…\Sentry II\Database\RPM.mdb”. First, you have to stop the Sentry II Server
service. Use the Windows Services utility from Administrative Tools to do this. Now would be
a good time to make a copy of the database file and keep a backup in a separate folder. Next, go
to your ‘Data Sources (ODBC)’ utility in Windows, usually found in the Control Panel or the
Administrative Tools. In the ‘System DSN’ find the ‘BreakoutRPM’ DSN, click Configure, and
then click Repair. Exit when done. This will reclaim space from deleted records and keep your
database file lean and optimal.
If you are monitoring more than 25 servers/devices (and less if you are doing heavy monitoring),
you should consider using SQL Server for the Sentry II database.
SQL Server Database
Be sure to define a ‘Maintenance Plan’ for your Sentry II SQL Server database. Using SQL
Server Enterprise Manager, under Management, go to Database Maintenance, and define a new
Maintenance Plan. Using the Database Maintenance Plan Wizard, select the Sentry II database,
then enable Reorganize data and index pages, and Reorganize pages with original amount
of free space and change the Schedule to run this optimization at least once per week. Pick a
time of day when you are not Auto-Purging the database (Sentry II’s default is 12AM for AutoPurge), and when you are not running your Scheduled Periodic Reports. Next, enable Check
database integrity and Include indexes. Do NOT check ‘Attempt to repair any minor
problems’ as this cannot be done while Sentry II is running and will cause this part of the
Maintenance Plan to fail. Schedule this to run 30 minutes after you run the optimization above.
Choose to Backup the database here if you are not doing it as part of another plan.
p. 33
Hardware Platform
The better the hardware platform, the better your Sentry II Server will perform. Today, for
under $600, from vendors such as Dell and HP, you can buy a 2.5GHz Pentium IV or better,
with Hyper-Threading technology, 512 to 1024 MB Ram and an 80GB hard drive. If you are
monitoring 50 or more server/devices, and are not running the Sentry II Server on such a
platform, you should invest the several hundred dollars and do so.
p. 34
Frequently Asked Questions
This section provides answers to some very frequently asked questions about how to do things in
Sentry II. Here is a list of the FAQs currently available. Refer to the subsequent pages to find the
answer to the FAQ:

What are the basic steps to get up and running with Sentry II?

I want to monitor Processor, Disk and Memory Performance and Free Disk Space
on my Windows servers. Also, I want to monitor performance and operation of my
SNMP enabled network devices. How can I do this?

I want to View and Report on monitored Counter data that I have captured to the
Sentry II database. How can I do this?

I want to have selected Sentry II reports run every morning automatically and then
have the report output Emailed to two colleagues and myself. How can I do this?

I want to send Email alert notifications to my cell phone and I want to customize
the Email text sent. How can I do this?

I want to send “NET Send” alert notifications to my workstation for certain type of
alert conditions. How can I do this?

I want to monitor for selected SYSLOG messages. How can I do this?

I want to monitor for selected SNMP Trap messages. How can I do this?

Are there any special characters that Sentry II reserves and cannot be used in the
various input fields?

What tools are available, such as logging, to assist in trouble-shooting Sentry II?
p. 35
Q. What are the basic steps to get up and running with Sentry II?
1) Go to Configure Servers/Agent & Devices on the Configure menu tab. Here you add those
servers and devices in your network that you want to monitor with Sentry II. You can add
entries one at a time using the New function, or you can have Sentry II discover your
servers/devices across a specified IP address range, or your servers/workstations in your
Windows Domains & Workgroups, using the Discover function. Configure the IP Services,
such as SNMP, HTTP, SMTP, and POP3 that you want to monitor on your various
servers/devices. If these are SNMP enabled servers/devices, provide their associated MIBs,
if any, to Sentry II for parsing, then select the various SNMP Objects you want to make
available for monitoring. Once you have entered the servers/devices you want to monitor,
use the Manage Agents function to display the Global Agent Management screen to easily
install the Sentry II Agent on your Windows NT/2000/XP/2003 servers & workstations
where you want to monitor their Event Logs, Processes, Services, Performance Counters,
and Files.
2) Once you have all your servers/devices entered and configured, go to Configure
Watches/Alerts to define the various watch, alert notifications and action parameters on your
servers & devices. Here you define and choose the watch parameters for all the various
Sentry II monitoring components: ServerWatch, SNMP & Windows CounterWatch,
EventLogWatch, ProcessWatch, WinServicesWatch, FileWatch, and SNMP Trap
Watch. Use the New button to define a new watch; select the watch type you want to define
from the pop-up, and then specify the parameters for that particular watch type.
3) Use the Quick Start feature to have Sentry II guide you through these two key functions for
using Sentry II.
Q. I want to monitor Processor, Disk and Memory Performance, and Free Disk Space
on my Windows servers. Also, I want to monitor performance and operation of my
SNMP enabled network devices. How can I do this?
There are several ways to accomplish this. There are two monitoring displays available for viewing
status of Memory and Logical Drive information of all your Windows servers/workstations that have
the Sentry II Agent installed. When these displays are opened they are updated once every few
minutes, and you can see at a glance the status of Memory and Logical Disk Drives. (See
MemoryWatch Monitoring and HDDWatch Monitoring on the Monitoring menu.) In addition, there
is a Watch that Sentry II automatically creates called ‘ServerWatch-AGENT Check’ for all installed
Sentry II Agents. This Watch, by default, monitors Logical Drive and Memory page File free space
at the 20% threshold level. Find and edit this Watch to define an alert notification and/or to modify
the threshold levels.
To set up alerts when performance exceeds specified thresholds, or to develop baselines and trends,
you use Sentry II’s CounterWatch monitoring. For Windows CounterWatch monitoring, it requires
the Sentry II Agent service be installed on your Windows NT / 2000 / XP / 2003 servers. See
Configure Servers/Agents & Devices for the details on accomplishing this. For your SNMP enabled
devices, Objects/Counters to be monitored are derived from MIBs. Sentry II includes the basic
MIBs, but if your server/device has specialized MIBs, you make these available to Sentry II to parse
and to derive the available Objects/Counters.
p. 36
There are basically three ways you can monitor specific counters and accumulate monitored values
to Sentry II’s database from which you can then run reports. These apply to both SNMP and
Windows CounterWatch monitoring.
1) If you want to monitor specific counters by watching for them to exceed your defined
thresholds, and then be alerted when your threshold values are exceeded, go to Configure
Watches/Alerts and create a new CounterWatch for each of the counters that you want to
monitor this way. Sentry II watches your selected counters by determining their value at the
default sample rate, and saves the value each time in the database. These values are then
available for reporting and graphing.
2) Go to Manage CounterWatch Monitoring and in the Tree view of all your servers and
devices, expand to the Objects (Memory, Processor, Disk, TCP, UDP, IP, etc), and then their
associated counters to see what is available for monitoring. You can select counters to be
monitored by setting the checkbox associated with the counter. See CounterWatch
Monitoring for more details on the features available here for monitoring this way.
3) You can create templates of counters you want to monitor, and then associate these
templates with one or more servers/devices you want to monitor. This association of
template and servers is called a report. Go to Configure CounterWatch Reports for details
on creating counter templates, and reports. Once you have created reports, you can then
schedule these for monitoring and accumulating monitored data to the database by going to
Schedule CounterWatch Monitoring.
Regardless of which of these three methods above you use for capturing and accumulating
monitored counter data to the database, you can run reports and/or graphs of this monitored data.
See View/Analyze & Run Reports on the Reports menu tab, and CounterWatch Graphs on the
Monitor menu tab for details on these operations.
Q. I want to View and Report on monitored Counter data that I have captured to the
Sentry II database. How can I do this?
Review the previous FAQ above about How to Monitor Processor, Disk, Memory Performance, Free
Disk Space and SNMP Counters. Once you have captured monitored data in any of the three ways
outlined in this FAQ above, there are also three ways you can view and/or report on this data as
outlined here in this FAQ:
1) In CounterWatch Graphs, press the New button to create a new Chart/Graph. Next, add
Counters to be graphed to a chart by selecting the Counter in the Tree view, by clicking on
its name, then pressing the Add button; or drag & drop the Counter onto the Chart. Once
Counters have been added to Charts, the charts can be named & saved. Then the charts can
be opened at any later time and specifying a start date/time to begin a view of the Counter
values from that start date/time forward, as long as the Counter values are in the database
from monitoring by one of the available methods.
2) Right-click on the Counter in the Tree view in Manage CounterWatchMonitoring or
CounterWatchGraphs and select 'Summary' to see a summary of the Counter values.
3) You can run a report of Counter data in the database, regardless of which of the methods
used to capture the Counter data, but you do require a Report be created first in Create
CounterWatch Reports with a template of the counters to be reported on. Then in
Run/Analyze & View Reports, you use this Report by selecting the New button. This pops-
p. 37
up a dialogue box where you select from among your Reports, and you "schedule" an
'instance' of it for past-time, namely the past period you want to report on. This creates a
report "instance" in Run/Analyze & View Reports that is immediately in the "Ready" state so
the counter data in the database can be analyzed and the Report generated.
You can schedule a CounterWatch report to run periodically and automatically in Schedule
Periodic Reports. As long as monitored data exists in the database for the period being
reported on, you schedule a report to run periodically and analyze the specified previous
period, and optionally Email the report results to one or more recipients.
In Schedule CounterWatch Monitoring, recall that it creates a report "instance" that runs
starting at current time or sometime in the future to capture data and only when it is done
capturing is this "instance" then "Ready" to be analyzed. (In Schedule CounterWatch
Monitoring, on the Status tab, there is an option to Stop an "instance' that is currently in the
monitoring state, or to change its stop date/time). Just as in Schedule CounterWatch
Monitoring where you can schedule many 'instances' of the same report to run at different
times in the future, using the New button feature in Run/Analyze & View Reports, you can
create as many different 'instances' of a Report with different past time-frames, that are
'Ready' to be analyzed.
One way to use this, for example, is let's say you create a Report in Create CounterWatch
Reports with a set of Counters you want to monitor on a group of servers and network
devices. In Schedule CounterWatch Monitoring, you "schedule" an 'instance' of this Report
to run for the next month, so that for the next month you are monitoring the Counters in the
Report's template. However, once a day you can go to Run/Analyze & View Reports, select
New button, then create an 'instance' of the Report with a schedule of the previous 24 hours
that is immediately 'Ready" so you can analyze and create a report on these monitored
counters for the previous 24 hours.
Q. I want to have selected Sentry II reports run every morning automatically and then
have the report output Emailed to two colleagues and myself. How can I do this?
On the Reports tab, select Schedule Periodic Report. Here you can select an ‘Alert Notifications’,
‘IP Services Performance and Availability’, the ‘Logical Drive Utilization’, ‘Memory Utilization’, or
any of your created CounterWatch reports, and schedule an instance that will run periodically and
automatically. You specify when it runs the first time, how frequently subsequently, what previous
time period is included in the report, which servers/devices, and optionally, who the Email recipients
should be for the report output. There is an option to ‘Exclude Time Periods’ consisting of time-ofday, and day-of-week, so that you can create reports with results that match the time-frames you care
about, for example, the time periods you are responsible for as part of your Service Level
Agreements (SLA).
You can create as many different report instances, as you like, with different parameters. Once you
schedule a report, you easily manage the queue of all your scheduled reports where you can delete
those you no longer want, or edit schedule parameters to change them for those already queued.
Q. I want to send Email alert notifications to my cell phone and I want to customize
the Email text sent. How can I do this?
p. 38
In Configure Watches/Alerts, press the New button to create a new watch/alert, or select an existing
watch/alert, then press the Edit button. Go to the Action tab, then Email tab to define the Email alert
notification parameters for this specific watch/alert.
1) Check the Email Notify checkbox to enable sending Email, and specify one or more Email
Addresses separated by a comma or semi-colon. Edit the default Email Subject to be what
you want.
2) Click the button to the right of the Email Subject field to pop-up a text edit box where you
specify the Email text you want to send. This overrides the default Email text that would be
sent otherwise.
3) Custom Email text supports six ‘macros’ that are substituted with the appropriate data for a
particular alert when it occurs. These ‘macros’ are: &N which is replaced by the name of
the server/device causing the alert; &A which is replaced by the IP Address of the
server/device causing the alert; &W which is replaced by the name of the Watch/Alert you
have defined here; &S which is replaced by the Status message associated with this failure
causing the alert; &D which is replaced by the date, and &T which is replaced by the time of
the alert. For a CounterWatch alert, &V is also a supported macro, and is replaced by the
Counter value that exceeded the threshold and caused an alert.
Q. I want to send “NET Send” alert notifications to my workstation for certain type of
alert conditions. How can I do this?
In Configure Watches/Alerts, press the New button to create a new watch/alert, or select an existing
watch/alert, then press the Edit button. Go to the Action tab, then Program tab to define the ‘NET
Send’ alert notification parameters for this specific watch/alert.
In the ‘Program Name’ field, enter ‘Net’ (without the quotes); in the ‘Program Args’ field, enter
‘send WorkstationName “Sentry II Alert Notification: &N &A &D &T &S &W” ‘ (without the
single quotes; the double quotes are around the message text sent).
In this example, substitute ‘WorkstationName’ with the machine name of your workstation where
you want the alert message sent. This example also shows the optional use of the special macros that
Sentry II supports. The macros are in the body of the ‘NET Send’ text, and at run-time are replaced
respectively with the server/device name causing the alert condition (&N), its IP Address (&A), the
date (&D), the time (&T), the specific status for the alert type (&S), and the Watch/Alert name
causing the alert (&W).
The macros are supported by Sentry II in the ‘Program Args’ field, and can be used when invoking
any batch, command, or program executable file. Use of the macros is optional and you can choose
to use some or all.
Q. I want to monitor for selected SYSLOG messages. How can I do this?
When the Sentry II Server starts-up, either the service or the foreground application, it starts
listening on the default SYSLOG UDP port 514. There are no special steps necessary to have this
occur. Be aware that if you already have a program running as a service, or as an application, that
has previously reserved port 514 to listen for SYSLOG messages, Sentry II will fail when it attempts
to issue its listen. Prior to starting the Sentry II Server, you can run the Sentry II Server Config File
Utility from “Start->Programs->Sentry II” and either change the SYSLOG listen port to something
other than 514, or disable SYSLOG listening altogether. When you run the Server Config File
p. 39
Utility, close the ‘Unnamed1’ entry and open the ‘Default.btc’ entry from your “…\Sentry II\Bin”
folder. Make any changes and save.
The Sentry II Server Log displays the status of its ‘Listening’ for Syslog, once per minute, as part of
the Sentry II Server uptime message. A status of 1 implies that Sentry II is successfully listening for
Syslog.
To have Sentry II process, and log, any received SYSLOG messages; you must define one or more
SYSLOGWatch Watch/Alerts in Configure Watches/Alerts. Go to Configure Watches/Alerts, press
the New button to create a new watch/alert, and select “SyslogWatch for SYSLOG Messages”.
Here you specify which SYSLOG Messages you want Sentry II to watch for, from which
servers/devices, and what actions to take, if any, when these watched for messages are received. All
“watched’ for messages are logged to the Sentry II database. Refer to the section on Configure
Watches/Alerts for more information on setting the various parameters.
Finally, be sure the servers and devices that generate SYSLOG messages are configured to send
them to the Sentry II Server’s machine IP address. The Sentry II Server Log found on the Utilities
menu, always displays an entry when any SYSLOG message is received so you should refer here to
see if Sentry II is seeing any SYSLOG messages. For those received SYSLOG messages that match
your Watch/Alert criteria, you can view these in the SYSLOGWatch Display found on the Display
menu. You can generate a report, either one time, or automatically and periodically, by running or
scheduling the “Alert Notifications” report and specifying the appropriate parameters.
Q. I want to monitor for selected SNMP Trap messages. How can I do this?
When the Sentry II Server starts-up, either the service or the foreground application, it starts
listening on the default SNMP Trap port. The Sentry II Server requires and uses the Windows
SNMP Service. Insure the Windows SNMP service is loaded and running. The Sentry II Server
Log displays the status of its ‘Listening’ for SNMP Traps, once per minute, as part of the Sentry II
Server uptime message. A status of 1 implies that Sentry II is successfully listening for Traps.
Windows defines various default port assignments for its different services in a text file found at
“C:\WINNT\SYSTEM32\DRIVERS\ETC\Services”. Check this file if not successfully seeing Traps
to make sure Windows is configured correctly for the SNMP Trap port.
To have Sentry II process, and log, any received SNMP Trap messages; you must define one or
more SNMPWatch Watch/Alerts in Configure Watches/Alerts. You may want to first go to
Configure SNMP Trap Definitions. Here you define the Trap types you will want to set watches on.
If you have the associated MIBs from the servers/devices that will be generating Traps, copy these
MIBs to the “…\Sentry II\MIBs” folder, and in Configure SNMP Trap Definitions, press the
“Process MIBs” button and Sentry II will extract all the defined Traps. And add them to the
available list.
Next, go to Configure Watches/Alerts, press the New button to create a new watch/alert, and select
“SNMPWatch for SNMP Traps”. Here you specify which SNMP Traps you want Sentry II to
watch for, from which servers/devices, and what actions to take, if any, when these watched for
Traps are received. All “watched’ for Traps are logged to the Sentry II database. Refer to the section
on Configure Watches/Alerts for more information on setting the various parameters.
Insure the servers and devices that generate SNMP Traps are configured to send them to the Sentry
II Server’s machine IP address. The Sentry II Server Log found on the Utilities menu, always
displays an entry when any SNMP Trap is received so you should refer here to see if Sentry II is
seeing any SNMP Traps. For those received SNMP Traps that match your Watch/Alert criteria, you
p. 40
can view these in the SNMPTrapWatch Display found on the Display menu. You can generate a
report, either one time, or automatically and periodically, by running or scheduling the “Alert
Notifications” report and specifying the appropriate parameters.
Finally, Sentry II can send an SNMP Trap as an option for an alert notification. You can use this,
and the ‘Test SNMP Trap’ option, in Configure Watches/Alert, and have Sentry II send Traps to
itself. This will test all the requirements.
Q. Are there any special characters that Sentry II reserves and cannot be used in the
various input fields?
Sentry II reserves and uses the tilde character ‘~’ as part of its protocol for sending and receiving
various parameters to and from the Sentry II Server and the client ‘console’ interface. If you
experience problems with parameter data verify that no tilde characters are involved as part of the
names, descriptions, passwords, etc, of the parameters involved. Please contact Breakout Support if
you encounter this problem and cannot work around it.
Q. What tools are available, such as logging, to assist in trouble-shooting Sentry II?
The Sentry II has the ability to log activity to disk at both the Sentry II Server and at the Agent.
To enable disk logging at the Sentry II Server, go to the Utilities menu, and select Sentry II Server
Log. Then click the Log to Disk checkbox to enable it. This is a global setting that enables the
Sentry II Server log to disk, and can be enabled or disabled from any Sentry II IE Console. The disk
log text file is called Sentry IIServer.log and is found in the “…\Sentry II\Bin” folder.
To enable disk logging at the Agent, you set a Registry setting. Run Regedit and go to
“HKEY_LOCAL_MACHINE\SOFTWARE\Breakout Technologies\Sentry II\Agent” and then set the
name DiskLogging to ON to enable or OFF to disable. The disk log text file is called Sentry
IIAgent.log and is found in the “…\Sentry II” folder, or the “…\System32” folder.
p. 41
Configure Servers/Agents & Devices
Use Configure Servers/Agents & Devices to define the servers, workstations, routers/hubs, firewalls,
switches, printers and other SNMP & SYSLOG compliant devices on your network that you want to
monitor. You add parameters for new servers/devices or modify the parameters for existing
servers/devices already defined.
With Configure Servers/Agents & Devices, you can:
•
Configure select IP Service (HTTP, SMTP, POP, FTP, DNS, TELNET, L_NOTES, SQL,
ORACLE and SNMP) parameters such as ports, timeouts and retries for your servers,
workstation, and devices to be monitored. (You set Watches/Alerts parameters for
monitoring these using Configure Watches/Alerts).
•
Add servers/devices easily by automatically discovering IP Services on your
servers/devices in your Windows Domains & Workgroups, and/or over a range of IP
addresses. Optionally, Import server/device parameters with a comma-delimited list. You
can also add servers/devices manually.
•
Install and/or Update the Sentry II Agent service remotely on your NT/2000/XP/2003
servers and workstations.
•
Organize the servers/devices into select Groups (See also Configure Groups).
p. 42
•
Easily and automatically track the Hardware Configuration details of your Windows
servers/workstations where you have installed the Sentry II Agent and View & Print this
information. The Agent automatically derives the hardware configuration details using
WMI (Windows Management Instrumentation), and uploads it to the Sentry II Server when
the Agent connects. The data is saved in the Sentry II Server database.
•
Configure SNMP for your relevant infrastructure devices.
•
Designate one or more Agents to act as remote, distributed Syslog and SNMP Trap &
Query collectors/monitors and then assign the appropriate devices to these Agents.
Licensing Note
Sentry II is licensed based on the number of servers, workstations, and devices you are monitoring at
unique IP addresses. All of Sentry II’s available monitoring features can be configured for a single
server at a unique IP address, and this only counts as one license.
It is also permitted to add multiple server, workstation, and device entries, such that the total number
of uniquely named entries exceeds your license count. This is permitted so long as the total number
of unique IP addresses for these entries, plus Sentry II Agents where there is more than one Agent
registered per unique IP address, does not exceed your maximum license count.
You can, for example, have more than one Agent entered and registered at the same IP address, but
each additional Agent beyond the first at an IP address counts toward the license. (More than one
Agent at the same IP address occurs when the monitored servers and workstations are “behind” a
NAT, a shared Cable Modem or DSL WAN router that presents a single IP address to the world).
This feature of the licensing is actually quite useful. For example, if you want to perform several
different HTTP checks to your web server at a particular IP address, you can add multiple
server/device entries, each with a different name but with the same IP address. Then configure the
IP Service HTTP parameters for each entry according to the type of check you want to perform.
Then go to Configure Watches/Alerts to configure a watch on each, with their own special schedule
& action parameters. Or, on multiple entries, at the same IP address, configure the IP Service PING
parameters for each entry with a different monitoring schedule, alert criteria, and associated alert
actions.
View Mode
In this mode, select a server/device from the Server/Device Name drop down list box to edit or
delete. If you choose edit by pressing the Edit button, you are then presented with fields to be
modified for the selected server/device (See Update Mode below). If you choose delete by pressing
the Delete button, you are prompted to confirm the delete of the selected server/device.
New / Edit Update Mode
When you press the New button you are brought to the Update Mode. Or you can also access the
Update mode by pressing the Edit button for a selected server/device. In this mode, you define new
server/device parameters or modify the existing server/device parameters. Save the new or modified
parameters by pressing the Save button. After pressing the Save button, the View Mode is the default
mode.
Pressing the Cancel button also takes you back to View Mode.
p. 43
Server/Device Name Field
•
Select the appropriate name to Edit an existing server/device, or enter the desired name
when defining a New server/device (See Edit and New Buttons below).
Server/Device Lookup Button
•
Just to the right of the Server/Device Name Field, click the Server/Device Lookup Button to
lookup one or more servers/devices, specifically by name, or by wild-card, or by Group.
IP Address Field
•
The IP address in the 'dotted quad' format of 'n.n.n.n' (for example: 205.207.92.150) for this
server/device.
IP Address Lookup Button
•
Just to the right of the IP Address Field, click the IP Address Lookup Button to lookup an
IP address based on domain name. The field is primed with the name from the
Server/device Name Field.
p. 44
Description Field
•
An optional description for the server/device defined in the Server/Device Name
field.
Verbose Description Notes Button
•
Click the button to the right of the Description field and pop-up a free-form text box where
you can enter optional verbose notes description for the server/device defined in the
Server/Device Name field.
•
These verbose notes are displayed in the pop-up tool-tip window when hovering with the
mouse over the server/device name in various Sentry II displays.
Member of Sentry II Primary Group Field
•
Select from among the available Primary Group names to assign a new or existing
server/device to the appropriate Group.
•
See Configure Groups for the option to assign multiple servers/devices to a selected Primary
Group
Select Secondary Group Assignments
•
Click the button to the right of the Primary Group filed to pop-up a display of available
Secondary Groups.
•
Select one or more Secondary Group names to assign a new or existing server/device to the
selected Secondary Group(s). Secondary Group assignment automatically applies any
Watches/Alerts and CounterWatch Reports assigned to the Secondary Groups (See
Configure Groups.)
Member of Windows Domain/Workgroup Field
•
This field defines the name of the Domain, Workgroup, or Standalone that a Windows
server or workstation belongs, or is blank for non-Windows devices.
(See Configure Domain Information for defining your Windows Domain and Workgroup
information and optional logon credentials).
•
This field must be set for a server to display in the Manage Agents screen. If you enter
servers/workstations manually or Import them, make sure this field is defined to something
if you want to install the Sentry II Agent via Manage Agents.
•
Member information is set automatically when the Sentry II Agent, on Windows servers and
workstations, connects to the Sentry II Server.
Have Agent Act as an Optional Remote Distributing Monitoring Server/Collector for:
•
These checkboxes apply to Windows Agents and give you the option to designate the
selected Agent as a Syslog collector/monitoring server and/or an SNMP Trap & Query
monitoring server.
p. 45
•
Click the configure button to the right of the checkboxes to pop-up a display of your
available non-Windows infrastructure devices and servers. You choose and assign
appropriate infrastructure devices and non-Windows servers that you want to be monitored
by the selected Agent.
•
In the pop-up display, if you hover with the mouse over a device/server name the pop-up
‘tool tip’ displays the current Syslog & SNMP assignments, if any. The default Syslog and
SNMP monitoring collector/sever is the Sentry II Server.
•
There are no other actions necessary to utilize the remote, distributed Syslog and SNMP
monitoring. You use the standard Watches as always to define your Syslog and SNMP Trap
& Query monitoring rules.
•
The SNMP Trap & Query monitoring results are forwarded encrypted to the Sentry II Server
by the Agent for logging to the database and for any alert notification processing;
•
The Syslog messages are forwarded encrypted to the Sentry II Server for Server by the
Agent for logging to the database and for any alert notification processing depending on the
p. 46
settings in the Syslog Watch(es) defined for the devices; if the ‘Archive Only’ checkbox is
checked in the Watch, then Syslog messages are not forwarded but stored to a flat text file in
the defined archive folder in the Watch; if the ‘Archive Never’ is checked, then all Syslog
messages are forwarded encrypted to the Sentry II Server for processing; if neither checkbox
is checked, Syslog messages are archived locally to a flat text file in the defined archive
folder in the Watch and also forwarded to the Sentry II Server for processing.
Use Optional selected Agent Act as a Remote Distributing Monitoring Server/Collector
for:
•
Here on a per device basis you can assign its Syslog and/or SNMP Trap & Query
monitoring to the designated Agent servers/collectors available. You can also make these
assignments via the pop-up configuration via the Agent entry described immediately above.
Current Selected Server/Device Buttons
These following buttons apply to the current selected server/device:
Edit Button
•
Press the Edit button to modify an existing server/device in the Sentry II database. Select a
Group name; fill in the optional Description and IP Address fields.
•
Choose the IP Services tab and select the IP Services you want and define their associated
parameters.
•
Press the Verify button to validate your services selections.
•
Choose the Windows tab and define the optional Port fields.
•
Choose the SNMP tab to enable SNMP CounterWatch monitoring feature and to define the
SNMP Objects, from your provided MIBs, that will be available for this server/device for
SNMP CounterWatch monitoring.
•
Press the Save button to save the parameters.
Duplicate Button
•
Starts the processing of a New server/device entry by starting with all the parameters of the
selected server/device being duplicated.
•
Press the Save to complete the New processing.
Delete Button
p. 47
•
Press the Delete button to remove a server/device from the Sentry II database. You are
prompted to confirm the delete.
Save Button
•
Press the Save button to save new or edited parameters for a server/device.
Cancel Button
•
Press the Cancel button to abandon any new or edited parameters and return to the Lookup
and New Mode.
Properties Button
•
Press the Properties button (see details below) to view the IP Services, Windows, and
SNMP Properties for the selected server/device.
Eligible Watches Button
•
Press the Eligible Watches button (see details below) to view all eligible Watches/Alerts that
the displayed server/device is currently defined as a member of or is eligible to be a member
of.
Assign Watches Button
•
Press the Assign Watches button (see details below) to abandon any new or edited
parameters and return to the Lookup and New Mode.
H/W Asset Details Button
•
Press the H/W Asset Details button (see details below) for a pop-up display of the hardware
asset configuration details for the currently selected Windows server/workstation.
Eligible Watches
You can easily add your servers/devices to existing Watches/Alerts using this feature.
Eligible Watches Button
•
Press the Eligible Watches button to view all eligible Watches/Alerts that the displayed
server/device is currently defined in or is eligible to be defined in.
•
Optionally, select or unselect to add or remove the currently selected server/device from/to
the eligible Watches/Alerts.
p. 48
Assign Watches
You can easily propagate Watches/Alerts from the selected server/device to one or more other
selected servers/devices to existing Watches/Alerts using this feature.
p. 49
Assign Watches Button
•
Press the Assign Watches button to view the displayed servers/devices that you can select
and then assign the existing Watches/Alerts from the current selected server/device.
Track Hardware Asset/Configuration Details
You can easily and automatically track the Hardware Asset/Configuration details of your Windows
servers/workstations where you have installed the Sentry II Agent and View & Print this
information. The Agent automatically derives the hardware configuration details using WMI
(Windows Management Instrumentation), and uploads it to the Sentry II Server when the Agent
connects. The data is saved in the Sentry II Server database.
H/W Asset Details Button
•
Press this button for a pop-up display of the hardware configuration details for the currently
selected Windows server/workstation.
•
Click the Print button to print the details.
•
Click OK to close the display.
Properties
Click the Properties button to view the IP Services, Windows, and SNMP Properties for the
selected server/device.
IP Services Tab
The IP Services Tab displays the optional, selected IP Services and associated parameters for the
currently selected server/device. These optional IP Services (PING, HTTP, SMTP, POP, FTP, DNS,
TELNET, L_NOTES, SQL, ORACLE, SNMP and USER) do not require the Sentry II Agent on the
server/device being monitored, and this server/device can be running any OS.
p. 50
IP Service Drop-down
•
Choose a specific service from the IP Services drop-down list and click the associated checkbox
to select this IP Service for this server/device. You can select any number of IP Services or none
at all.
Enable Checkbox
•
Check this checkbox to enable this IP Service. Use Configure Watches/Alerts to set a Watch on
the IP Service.
•
The parameters defined here below, including those that are specific to a particular IP Service,
are used when you activate a Watch/Alert on these.
Secure Checkbox
•
Check this checkbox to indicate that a secure (SSL, etc) protocol check should be made.
Port Field
•
Defines the Port number for the selected IP Service.
Timeout Field
•
Defines the Timeout for waiting for a positive response from the selected IP Service.
p. 51
Retries Field
•
Defines the number of retries to obtain a positive response from the selected IP Service.
Look for Field
•
Optional, for the HTTP service, defines a string to be looked for and checked on the default
web page or alternate specified page (See Page Name Field below). If the Look for string is
not found, the HTTP check fails.
•
If you precede the HTTP Look For string parameter with the characters ‘%!’ (without
quotes), then it is treated as an ‘Exclude’ directive meaning, the HTTP check is successful
only if the Look For string is not found.
•
Optional, for the HTTP service, you can specify multiple "Look For" entries, each separated
by a semi-colon, to correspond with multiple 'Page Names' (see below).
•
Optional, for the SNMP service, defines a string that will be looked for in the response to
the SNMP Query. If not found, the SNMP check will be treated as a failure. If this field is
left blank, any valid response is accepted as successful. The Query response is actually a
combination of fields separated by commas. When specifying the "Look For" substring, do
not define it to be more than any one field from the response. It cannot extend beyond one
field.
•
The SNMP check supports several directives for its Look For string parameter. All without
quotes, ‘%1’ is treated as ‘Exclude’, ‘%=’ as an exact match, ‘%<’ is treated as the Look For
being ‘less than’ the received value, and ‘%>’ is treated as the Look For being ‘greater than’
the received value.
Page Name Field
•
Optional, for the HTTP service, defines an alternate page to the default page, to check.
Page has to exist for the HTTP check to succeed.
•
Optional, for the HTTP service, use a percent followed by a URL and Sentry II will make
the HTTP connect attempt using the URL instead of the IP address. For example,
’%www.breakoutsoft.com’ (without the quotes). This is often useful to check redirected
URLs. In this case, Sentry II detects the redirection and verifies the redirected page.
•
Optional, for the HTTP service, you can specify multiple Page Names, each separated by a
semi-colon, and the HTTP check of each page must be successful for the check to be
successful.
OID(s) Field
•
Optional, for the SNMP service, defines one ore more OIDs, separated by a semi-colon, that
are queried when you activate a Watch/Alert. The default OIDs queried, if you leave this
field blank, are those for server/device name, description, uptime, etc.
p. 52
Resolve Name Field
•
For the DNS service, defines the name used to determine if there is a DNS server to resolve
it.
Request Field
•
For the USER and L_NOTES services, defines the optional request message sent to
determine if the service is available. Carriage-return and line-feed characters can be sent by
using '<CR>' and '<LF>', respectively.
Response Field
•
For the USER and L_NOTES services, defines the optional response message to be
received to indicate the service is available. The specified Response is treated as a partial
substring, that is, if found anywhere in the received response, the response is considered
positive.
Server Name Field
•
For the SQL service, defines the name of the Microsoft SQL Server to be checked.
•
For the ORACLE service, not used.
Database Field
•
For the SQL service, defines the optional database name to open on the check. If left blank,
the default database is opened. (See Appendix C for SQL requirements).
•
For the ORACLE service, defines the required Oracle database SQL*Net alias name or the
database instance SID. (See Appendix C for ORACLE requirements).
User Name Field
•
For the SQL service, defines the optional User login name used during the check if login is
required. The default User Name is "sa".
•
For the ORACLE service, defines the required User login name used during the check.
Password Field
•
For the SQL service, defines the optional User password used during the check if login is
required. The password is displayed as "*" characters.
•
For the ORACLE service, defines the required User password used during the check. The
password is displayed as "*" characters.
p. 53
Read Community Field
•
For the SNMP service, defines the required Read Community name. The default is
"public".
Verify Button
•
Press the Verify button to check the IP Services you have selected for this server/device.
The Server Verify Status display is shown. This display is similar to the Server Discovery
Status display described above. The Show All checkbox, Stop button, and Close button
function as described above in the Server Discovery Status Display
•
Note that the Verify is executed from the client side, not from the Server. Therefore, to most
closely verify the operation that will be carried out by the Server, you should use Verify
with a client that is executing on the Sentry II Server.
Windows Tab
The Windows Tab displays the Sentry II Agent associated parameters for this NT / 2000 / XP / 2003
server/workstation. In addition to ServerWatch IP Service monitoring, if appropriate, by installing
the Sentry II Agent, on Microsoft Windows based servers/workstations, EventLogWatch,
ProcessWatch, CustomWatch, Windows CounterWatch, WinServicesWatch, and FileWatch
monitoring features are available.
Install Agent / Update Agent Button
•
See the Global Agent Management below where you can manage the install/update process
of your entire NT / 2000 / XP / 2003 servers/workstations from a single screen.
•
If defining a new NT / 2000 / XP / 2003 server/workstation, or if viewing or editing an
existing server/workstation that does not currently have the Sentry II Agent installed, the
button text will be "Install Agent". If viewing or editing an existing server/workstation that
does currently have the Sentry II Agent installed, the button text will be "Update Agent".
•
Press this button to Install or Update the Sentry II Agent on the selected NT / 2000/ XP /
2003 server/workstation.
p. 54
•
If the Agent is not currently connected, you are prompted for the folder and drive share
where the Sentry II Agent files will be installed on the selected server/device.
Administrative share rights are required on this selected server/workstation to use this
install/update function.
•
Connected Agents are sent a message to initiate the download of the updated Agent files,
and to update themselves, and therefore no special share rights or security rights are
required, and the current folder for the Agent files is used.
•
If you get an “Access denied” error when attempting to use this feature and the Sentry II
Server is running as a service, you will need to define an ‘Administrator’ Logon for the
Sentry II Server service property. See the Sentry II Server as a Windows Service above. It
is also possible that your local security settings on the server/workstation that you are
attempting to install the Agent blocks this type of operation.
•
If you get an “RPC Not available” error message when attempting to use this feature, make
sure the machine name and path you specify when prompted by the Agent Install/Update is
correct.
Logon Button
•
Press this button to specify your Administrator equivalent User Name and Password
credentials so the Agent service can be remotely installed.
Agent Version Field
•
This is a read-only field that defines the Agent version that is installed on this
server/workstation.
OS Version Field
•
This is a read-only field that defines the operating system version for this
server/workstation. This field is defined automatically by the Sentry II Agent the first time
it runs on the selected server/workstation.
SNMP Tab
The SNMP Tab is used to enable or disable the SNMP CounterWatch monitoring feature for the
selected server/device. You also specify which Objects (and associated Counters) from your
provided MIBs are available for this server/device.
p. 55
Enable SNMP Checkbox
•
Set this checkbox to enable the SNMP CounterWatch monitoring feature for this
server/device.
•
See Configure Watches/Alerts, and 'New->CounterWatch for SNMP and Windows
Counters', as well as the other CounterWatch features such as CounterWatch Graphs,
Manage CounterWatch Monitoring, Create CounterWatch Reports, Schedule CounterWatch
Monitoring and Run/Analyze & View Reports for using the SNMP CounterWatch
monitoring feature.
MIB Objects Add/Remove Button
•
Press this button to select from among the list of SNMP Objects (and their associated
Counters), derived from your provided MIBs that are available for CounterWatch
monitoring for this server/device.
•
Copy your provided MIBs to the "...\Sentry II\MIBs" folder where they are accessed by
Sentry II.
Reprocess Button
•
Press this button to reprocess the MIBs in your "...\Sentry II\MIBs" folder if you have added
or deleted any since entering ‘Configure Servers/Agents & Devices’. The MIBs are always
processed automatically the first time you access the SNMP Tab on any particular entry to
‘Configure Servers/Agents & Devices’ but if you add or remove any to fix parsing errors,
for example, press the Reprocess button to parse the MIBs again.
•
Defines the required Read Community name. The default is "public".
Global Configuration Buttons
These following buttons invoke Global Configuration options when clicked, and do not apply to the
current selected server/device:
p. 56
New Button
•
Press the New button to add a new server/device to Sentry II's database. Select a Group
name; fill in the optional Description and IP Address fields.
Manage Agents Button
•
Press the Manage Agents button (see details below) to view the Global Agent Management
screen. See Manage Agents above.
Discovery Button
•
Press the Discovery button (see details below) to run a Discovery of the servers/workstations
and devices in your network. See Discovery above.
Manage SNMP Button
•
Press the Manage SNMP button (see details below) to view the Manage SNMP screen. See
Manage SNMP above.
Import Button
•
Press the Import button (see details below) to open the Import Text box display where you
can specify a comma-delimited list of servers/devices to add.
Manage Agents
Press the Manage Agents button to bring up the display screen for this function. With the Global
Agent Management you can see all your servers/devices in one view; see which ones currently have
the Agent installed, what Domain or Workgroup they belong, what the version number of the
installed Agent is, and if the Agent is currently connected.
•
This displays all servers/workstations & devices in the Sentry II database, along with the current
version of the installed Agent, if any, on the corresponding entry. Optionally, set the Discovery
checkbox to show all servers (optionally workstations, as well) in all or specific domains and
workgroups that are not currently in the Sentry II database. These are displayed in bold text to
highlight them. Press the Filter button to specify what you want displayed. The default is all
Servers in all your defined domains and workgroups. When you Discover, only
servers/workstations that are ‘visible’ through ‘browsing’ will be found. .If the Version for a
particular entry is blank, then no Agent is currently installed. If the Version is “Unknown”,
there is a legacy Agent version installed prior to the Agent having the feature to report its
version.
•
If the Domain display for an entry is in Red, the displayed domain name from the server
discovery that Manage Agents does, is different than the domain assignment configured for the
server. Hover with the mouse over the domain name and the tool tip shows the name of the
domain configured. If the Domain display for an entry is in Orange, the displayed domain name
is the configured domain name for this entry in the database. However the server was not found
during the server discovery that Manage Agents does. Hover with the mouse over the domain
name and the tool tip shows the name of the domain configured.
p. 57
•
The status column will display
if the Agent is currently connected. Select the checkbox next
to the NT / 2000 / XP / 2003 servers/workstations in the display that you want to install or
update to the latest Sentry II Agent. The latest Sentry II version is displayed on the status line.
•
Click the column header to sort accordingly; click again to reverse sort.
•
Connected Agents are sent a message to initiate the download of the updated Agent files, and to
update themselves, and therefore no special share rights or security rights are required.
•
Agents that are not connected or servers/workstations that do not have the Agent use the ‘Push’
method.
•
The remote Agent 'Push' requires Administrative share rights to copy the Agent files down, and
sufficiently strong security rights, such as Administrator or Domain Administrator, to remotely
install and start the Agent service. Press the Logon button to specify/verify User Name &
Password credentials for the various domains, workgroups, and standalones for the servers and
workstations where you want to install or update Agents. For User Name, you can specify
‘DomainName\UserName’.
•
The path displayed is the default path to install or update the Agent files. It does not necessarily
represent where the Agent files are currently residing if you previously installed the Agent to a
different folder.
•
Click the path name to pop-up a box to edit the folder name where you want to install the Agent
files for a particular server/workstation. You are prompted for the folder and drive share where
the Sentry II Agent files will be installed on the selected server/device. Administrative share
rights are required on this selected server/workstation to use this install/update function. If you
p. 58
check the ‘Set As Default for All’ checkbox, the path you enter (not including the machine name)
is propagated as the default path for all entries in the display.
•
Use the Select All or Unselect All buttons to choose the servers/workstation you want to install
or update.
•
Press the Install/Update Agents button to install or update the Sentry II Agent on the selected
servers/workstations. As the install/update process proceeds, the current entry being
installed/updated is highlighted. Those that are successful, display this image
in the Status
column; unsuccessful display . Hover with the mouse over these images, particularly , and a
tool tip displays the reason for the failure.
•
If you get an “Access denied” failure error, most likely the supplied credentials either do not
exist in the target server’s local security account, if it’s a member of a workgroup, or the
credentials are not member of Administrators.
•
If you get an “unknown username and/or bad password” failure error, most likely the supplied
credentials either do not exist in the Sentry II server’s local security account, if the target server
is a member of a workgroup, or the credentials do not exist in the Domain security database.
•
If you get a “Required privilege not held by user” failure error, most likely the Sentry II Server
service is not running under the ‘Local System’ account, or the Sentry II Server is running as a
foreground application. In either case, you need to make the ‘User Right Assignment’ called
“Act as part of the operating system” to the User name or Group you are using as the Sentry II
Server service logon, if running as a service, or your logon, if running as a foreground
application.
•
If you get an “RPC Not available” failure error message, make sure the machine name and path
you specify when prompted by the Agent Install/Update is correct. It’s possible the target server
is not currently running or connected to the network, or it is a W98/ME desktop.
•
Click the 'Refresh' button to refresh the display. Checking or unchecking the Discover
checkbox also refreshes the display automatically. You may need to wait several minutes to
allow the installed/updated Agents to connect to the Sentry II Server and register its updated
information.
•
Click the 'Close' button to exit the display.
Discovery Processing
Use the Discovery feature to add new servers/devices to your Sentry II database. With Discovery,
Sentry II will check your Windows Domains & Workgroups, and/or over a specified IP address
range, for your selected SNMP, HTTP, SMTP, POP, FTP, DNS and TELNET IP services &
servers. Or, choose PING or a custom TCP request/response, called USER, to find and validate your
servers. Sentry II supports any OS, and does not require its Agent, for these server types.
p. 59
Specify Discovery Options and Parameters Dialogue Box
Press the Discovery button to pop-up the Specify Discovery Options and Parameters dialogue box.
(For Microsoft Windows NT / 2000 / XP / 2003 based OS servers and desktops, you can use Sentry
II's Agent for additional, comprehensive, counter/performance monitoring, analysis, and alerting
with CounterWatch, EventLogWatch, ProcessWatch, WinServicesWatch and FileWatch).
Select the Discovery method to use. Use the Filter button to pop-up a filter specification and choose
to find servers, and optionally workstations, in your Windows Domains & Workgroups. In addition
to, or instead, choose to find servers/devices via an IP address scan. Specify the IP address range to
search. Next, click the appropriate check boxes to select some or all server services (PING, HTTP,
FTP, SMTP, POP, DNS, TELNE, SNMP, and USER) to validate and/or search for in your Windows
Domains/Workgroups and/or over your specified IP address range. Modify the associated Port if
necessary; press the Reset Defaults to restore the default port numbers. Also modify the time-out
(T/O) wait for a response to a value other than the default 1 second if on a slow network, or if it
appears false "unavailables" are occurring for devices you know should be found.
The Do Name Lookup of Found Servers/Devices via DNS checkbox is used to control whether a
lookup is done of each IP address for its Domain name, during the discovery. Check the Name
Lookup, and a Domain name lookup is done for each IP address; uncheck it, and no lookup is done,
and the IP address is used as the default server/device name. Bypassing the Domain name lookup
will speed up the discovery process.
Discovery of ORACLE databases and Lotus NOTES servers is currently not supported. (See
Appendix-C for configuring the Sentry II Server to communicate to your ORACLE servers.)
For SNMP, you must specify the Read Community name; the default name is Public.
p. 60
For DNS, you must specify a name to resolve in the Resolve Name field, for example,
www.breakoutsoft.com.
For USER (a custom TCP check), you can optionally specify a custom request to be sent and
expected response to be received, in the Request and Response fields, respectively. Modify the
USER Port if necessary. You can embed carriage-return and line-feed characters in your custom
request and/or expected response by using the '<CR>' for carriage-return and '<LF>' for line-feed.
The expected Response is treated as a partial substring of the response received, that is, if the actual
response received contains the specified Response anywhere within, the response is considered
successful.
Check the appropriate Secure Checkbox for HTTP, FTP, SMTP, POP3, and/or TELNET to check
using the secure (SSL, etc) protocol for these IP Services.
Once you have made all your specifications and selections, press the OK button to begin the
discovery, or press the Cancel button to exit discovery.
Server Discovery Status Display
The Server Discovery Status is displayed when you press the OK button. It displays the results of
the discovery process. Each line entry in the display is the result of the check of one of the selected
services for a found Windows servers/workstation or for an IP address in the specified IP address
range. In addition to status, each line shows the Type and Reason for the status.
If a Domain name exists, and is found in the lookup, the part of the name up to the first "dot"
becomes the default server name, with the Domain name as the tool tip when you hover with the
mouse over the name. If there is no Domain name, or no lookup is done, the IP address is the default
name.
•
This image indicates the server/device service is available, along with the IP address
displayed in green.
•
This image indicates the server/device service is unavailable, along with the IP
address displayed in red.
p. 61
Show All Checkbox
The Show All checkbox is used to control the discovery results display. Check the Show All, and
results of every discovery are shown; uncheck it, and only the successful discoveries are shown.
Stop Button
Press the Stop button to prematurely terminate the discovery process before it has worked through
the complete specified IP address range.
Select All / Unselect All Buttons
The Select All / Unselect All buttons provide a quick method to set the checkbox for each visible
discovery result to select it for adding to the Sentry II database, or to uncheck the checkbox for each
visible discovery result to unselect it and bypass adding it.
Click the individual checkboxes with the mouse, to select or unselect an entry, one at a time.
Add Button
The Add button is enabled when at least one discovery result entry is checked. Press the Add button
to begin the process of adding those checked servers/services to the Sentry II database. If
servers/devices are checked that Sentry II finds are already in its database, they are ignored. Use the
Edit function (see below) to modify existing entries. Pressing the Add button displays the Confirm
Server Add Option dialogue box.
The Confirm Server Add Option dialogue box displays the number of servers/devices selected for
adding, and provides a checkbox to choose the handling when adding. The default mode is
CHECKED, which allows you to edit each server/device entry before it is added; when
UNCHECKED, the addition proceeds for each server/device until complete. The associated Domain
name is used as the default name for the server/device adds. If you choose to add each server/device
without editing, you can always go back later and edit the server/device entry.
Press the OK button to proceed with the adding process, or press the Cancel button to return to the
Server Discovery Status display.
Print Button
Press the Print button to print the Server Discovery Status display.
Close Button
Press the Close button to exit the Server Discovery Status display.
Manage SNMP
Press the Manage SNMP button to bring up the display screen for this function. From this Global
SNMP Management screen you can:
1) Enable basic SNMP “interface” monitoring of routers, switches, hubs and other selected
communication devices for with a click on a single checkbox.
2) Set basic SNMP configuration parameters such as ‘Read Community’ string.
p. 62
3) Add and/or Remove SNMP Objects to one or more servers/devices. These Objects, used to
control monitoring, are parsed from the default MIBs included with Sentry II and the MIBs
you provide from your ‘managed’ devices.
•
Optionally, click the Configure the 'Interface' Object, and Discover & Add Ports for Key
Counters checkbox to enable the basic SNMP “interface” monitoring of the selected devices for
SNMP counters such as Bytes and Packets sent & received per second, Byes & Packets errors,
etc. All the interface ports on the selected devices are discovered, a default CounterWatch
Report object is created, and the monitoring is enabled.
•
Optionally, click the Select SNMP Objects to Add checkbox to enable the Add button; then click
the Add button to display the list of available SNMP Objects that Sentry II has parsed from the
MIBs found in the “…\Sentry II\MIBs” folder. Next, click the checkbox of one or more SNMP
Objects to Add.
•
Click the Reprocess MIBs button if you have copied MIBs into the “…\Sentry II\MIBs” folder
AFTER entering Configure Servers/Agents & Device.
•
Optionally, click the Select SNMP Objects to Remove checkbox to enable the Remove button;
then click the Remove button to display the list of available SNMP Objects that Sentry II has
parsed from the MIBs found in the “…\Sentry II\MIBs” folder. Next, click the checkbox of one
or more SNMP Objects to Remove.
•
Optionally, click the Set Read Community checkbox and then define the Read Community
string, and/or click the Set Monitoring Rate and specify how frequently you want the SNMP
monitoring to query counters.
p. 63
•
Finally, in the Groups: Servers/Devices Tree expand one or more Groups and select one or more
servers/devices where the SNMP Object Add and/or Remove, and optional Read Community
string, are to be applied.
•
Click the Apply button to apply the changes to the selected servers/devices. The SNMP Object
Add and Remove operation takes place in the background where the database is updated with the
SNMP Objects available for monitoring for the selected servers/devices.
•
Once the Add/Remove completes, the SNMP Objects and their associated counters and variables
are available for monitoring in the ‘Monitored Objects’ Tree view in CounterWatch Graphs and
Manage CounterWatch Monitoring, in Configure Watches/Alerts, and in Create CounterWatch
Reports->Manage Custom Templates. However, one additional step may be necessary for those
SNMP Objects, which include ‘ports’ or ‘instances’ such as the ‘interfaces’ SNMP Object used
to monitor routers, for example. These ‘ports’ or ‘instances’ are discovered and added by you
on a per counter basis in the ‘Monitored Objects’ Tree view in CounterWatch Graphs and
Manage CounterWatch Monitoring. Refer to CounterWatch Graphs and Manage CounterWatch
Monitoring for this additional step to complete the SNMP configuration.
Import
Use the Import function to easily add a group of servers/devices to Sentry II for monitoring.
p. 64
Import Button
•
Press the Import button to display the Import input text box.
•
Enter, or Copy & Paste, a comma-delimited list for importing and batch adding new
Servers/Devices
•
The format is one entry per line of:
Server/Device Name, IP Address, Description, Group Name, Server Domain/Workgroup
•
Import Groups first (See Configure Groups) if assigning Groups on the import Right-click
text box for editing options; only Server/Device Name and IP Address required
•
Click the OK button to import the specified servers/devices to the Sentry II database
p. 65
Configure Groups
Use Configure Groups to add a new Group or modify the name and/or description of an existing
Group. Use Groups to organize your Servers/Devices into meaningful collections that make it easier
to manage your network.
Group Name Field
•
Defines the name of a group used to organize Servers/Devices on your network.
•
Select the appropriate name to Edit an existing group or enter the desired name when
defining a New group (See Edit and New Buttons Below).
Group Description Field
•
An optional description for the group defined in the Group Name field.
Group Type Field
•
Select the type of Group being defined. A server/device is assigned to only one Primary
Group, but can be assigned to one or more Secondary Groups.
•
Primary Groups are special and used to ‘Group’ servers/devices in the various ‘console’
displays, reports, Watches/Alerts, and so on.
p. 66
•
Watches/Alerts and CounterWatch Reports can be assigned to both Primary and Secondary
Groups, and servers/devices assigned to these Groups are also then automatically assigned
the associated Watches/Alerts and CounterWatch Reports.
Default Secondary Checkbox
•
Select this option to designate a Secondary Group as a ‘Default’ Secondary Group which
means any new server/device added in Configure Servers/Agents & Devices is automatically
added to the designated ‘Default’ Secondary Groups.
Assigned Servers/Devices Field
•
A list box of all the Servers/Devices currently assigned to the selected group.
Assigned Watches/Alerts Field
•
A list box of all the Watches/Alerts currently assigned to the selected group.
Assigned Reports Field
•
A list box of all the CounterWatch Reports currently assigned to the selected group.
Servers/Devices Button
•
Press the Servers/Devices button to add or remove the select servers/devices as members in
the currently selected Group.
•
Unselecting a server/device to remove it from a Primary Group is not permitted since every
server/device must belong to one Primary Group. However, you can reassign
servers/devices to a different Primary Group by selecting those servers/devices and
assigning as members to a different selected Primary Group.
•
Servers/devices assigned to the currently selected Primary or Secondary Group also are
automatically assigned the Watches/Alerts and CounterWatch Reports assigned to the
selected Group.
•
Unselecting servers/devices to remove them as members of a Secondary Group will cause
the unselected servers/devices to be removed from the Watches/Alerts and the
CounterWatch Reports assigned to the selected Group.
Watches/Alerts Button
•
Press the Watches/Alerts button and select one ore more Watches/Alerts to assign them to
the currently selected Group. Watches/Alerts assigned to either a Primary or Secondary
Group are then automatically assigned to all servers/devices that are members of the selected
Group.
•
Unselecting Watches/Alerts to remove from a Group will cause the member servers/devices
in that Group to be removed from the unselected Watches/Alerts.
Counter Reports Button
p. 67
•
Press the Counter Reports button and select one ore more CounterWatch Reports to assign
them to the currently selected Group. CounterWatch Reports assigned to either a Primary or
Secondary Group are then automatically assigned to all servers/devices that are members of
the selected Group.
•
Unselecting CounterWatch Reports to remove from a Group will cause the member
servers/devices in that Group to be removed from the unselected CounterWatch Reports.
New Button
•
Press the New button to add a new group to the Sentry II database. Fill in the Group Name
and optional Description fields, and then press the Save button.
Edit Button
•
Select an existing group from the Group Name drop down field. Press the Edit button to
modify the Group Name or Description fields for an existing group.
Delete Button
•
Select an existing group from the Group Name drop down field. Press the Delete button to
remove a group from the Sentry II database. You are prompted to confirm the delete. In
addition, before performing a group delete, you will be notified that all servers/devices in
the group will also be deleted, and asked to confirm the delete.
Import Button
•
Press the Import button to open the Import Text box display where you can specify a
comma-delimited list of Groups to add.
Save Button
•
Press the Save button to save new or edited parameters for a group.
Cancel Button
•
Press the Cancel button to abandon any new or edited parameters.
p. 68
Configure Security
Use Configure Security to enable or disable secure access to the Sentry II Analysis and
Administration features, and to define the authorized Analysts and Administrators. When Security
is enabled (See Global Security Settings below) only authorized Analysts or Administrators may
gain access.
When you attempt to access the Sentry II server through your IE browser or Sentry II's embedded
browser, you are presented with a prompt requesting Login and Password. Once the appropriate
login/password are supplied, you will gain access to the Server features that have been enabled
(Administration, Analysis or both).
User/Group Name Field
•
Defines the Login name of an authorized user (Analyst or Administrator) to be supplied
when access to the Sentry II Server is attempted.
•
Optionally specify an Active Directory Group name and then any user who is a member of
the Group is authorized. An Active Directory Group is indicated by an open/close
parenthesis after the Group name.
p. 69
•
Select New to define a new user, or choose the appropriate name to Edit an existing user.
(See Edit and New Buttons below).
Description Field
•
Provide an optional description for each authorized user.
Verify via Active Directory Checkbox
•
Set this checkbox when defining a New User or Edit of an existing User to indicate that you
want the User to be authenticated via Active Directory
•
The Password and Verify Password fields are disabled since the authentication is done
against the credentials defined in Active Directory.
•
Sentry II does not store your password, and your login User name and password are only
used in an authentication call to Active Directory.
•
Setting this checkbox also enables the button to the right of the User Name field where you
can click to pop-up a Windows and view your Active Directory information where you can
select a User or a Group for the User Name. If you select a Group, then you can login with
any User Name that is a member of that Group.
•
The Group name is indicated by the including of a parenthesis pair as part of the name; for
example, ‘Administrator()’ is the ‘Administrator’ Group.
Password Field
•
Defines the authorized user Password to be supplied when access to the Sentry II Server is
attempted.
Verify Password Field
•
Same as Password field and used to verify that you have entered the Password as intended.
Allow Administration Checkbox
•
When checked, the selected user is granted access to Sentry II's Administration features
located on the Configure, Reports and Utilities tabs. They are:
o
Configure tab: Security, Groups, and, Servers/Agents &Devices, Watches/Alerts,
SNMP Definitions, Domain Information
o
Reports tab: Create CounterWatch Reports
o
Utilities tab: Sentry II Server Log, Net Tools and Database Maintenance
•
Full Rights radio button provides full Administration rights.
•
Limited Rights radio button provides full Administration rights EXCEPT no access to
Configure Servers/Agent & Devices and no access to Configure Security, and in assigning
ownership for Reports or Graphs, can only assign them to All users or their own logon
Name.
p. 70
Allow Analysis Checkbox
•
When checked, the selected user is allowed access to Sentry II's Analysis features located on
the Monitor, Display and Reports tabs. They are:
o
Monitor tab: CounterWatch Graphs, Schedule CounterWatch Monitoring and
Manage CounterWatch Monitoring
o
Display tab: Alert Watch Display, Server Watch Display, EventLogWatch Display,
SYSLOGWatch Display, and SNMPTrapWatch Display
o
Reports tab: Schedule Periodic Reports, Run/Analyze & View, and Event Log
Viewer
•
Full Rights radio button provides full Analyst rights to view, edit, and create Graphs,
Reports, and start/stop Monitoring.
•
View Only radio button provides restricted Analyst rights to view only on Graphs, Reports,
and not permitted to schedule reports, or start/stop monitoring.
Allow Server/Device Maintenance Checkbox
•
When checked, the selected user is allowed to define and enable Server/Device maintenance
plans that disable monitoring and alerting..
Allow Agent Install Download Checkbox
•
When checked, the selected user is allowed to initiate an Agent download installation via the
InstallAgent.asp page.
Restrict Access to Only These Groups Checkbox
•
When checked, the defined User is only allowed to view and work with the Groups specified
here. Groups and servers/devices assigned to those Groups not specified here are not visible
in any Sentry II function.
•
Click the Add/Remove button to select the Groups this User is allowed to view and work
with.
New Button
•
Press the New button to add a new authorized user (Analyst or Administrator) to the Sentry
II database. Fill in all fields (and optional Description field); then press the Save button.
p. 71
Edit Button
•
Select an existing user from the User Name drop down field, and then press the Edit button
to modify the User Name, Password, Verify Password, or Description fields.
Delete Button
•
Select an existing user from the User Name drop down field, and then press the Delete
button to remove the user as an authorized Sentry II Analyst or Administrator. You are
prompted to confirm the delete.
Save Button
•
Press the Save button to save the new or edited parameters for an authorized Sentry II
Analyst or Administrator.
Cancel Button
•
Active Directory View for Selecting User or Group
When in New or Edit mode, and the Verify via Active Directory checkbox is checked, the button
with the ellipse dots to the right of the User/Group Name field is enabled and clicking this opens the
Active Directory View so that you can select a User or Group name.
p. 72
Here you can navigate your Active Directory structure to find a User or Group to select or you can
click the Find button to pop-up the Find View.
Click the checkbox to select a User or Group; click the plus icon to expand a Group or a “Container”
to see the members. Hover with the mouse over a User or Group and view its ‘Account Name’,
‘Object Class’ and ‘Distinguished Name’ in the pop-up tool tip.
To use the Find function, click a “Container” name to select it and then click Find and you will
have the option to search the selected Container, or the whole Domain.
You can also specify a wild-carded name, to find just the Users and Groups that match your wildcard. The Find Name field automatically appends an asterisk to the end of the name you specify.
Click OK to use the selected User or Group name. Only one name is allowed here, and it
will be the last name checked. Click Cancel to return to the Tree view.
Global Security Settings
This section lets you enable or disable Sentry II's security settings on a global basis. You also
determine whether or not to allow Sentry II Agents to automatically register a user server or desktop
server/device.
p. 73
Enable Security Checkbox
•
Enable Security (checked): Users will be prompted for Login and Password when
attempting to access the Sentry II Server. Authorized users will gain access to previously
determined Server features (See Allow Administration Checkbox and Allow Analysis
Checkbox).
•
Disable Security (unchecked - default setting): All users have full access to Sentry II's
Server features.
Enable Automatic Agent Registration Checkbox
•
When checked (the default setting), Sentry II Agents can automatically register user server
or workstation computers to the Sentry II Server database.
•
When unchecked, you must manually set up the server or desktop computers that you wish
to monitor (See Configure Server/Agents & Devices).
Apply Button
•
Press the Apply button to save changed Global Security settings.
Session Logon Report
When Security is enabled, an entry is logged to the Sentry II database for every user who logs in to
use the Sentry II ‘Console’ and start a ‘Session’ with the Sentry II Server. There is a Report
available in Run/Analyze & View Reports called the Session Log that you can run that lists all the
‘Sessions’ with the User login name and the date/time the ‘Session’ was started.
User Security Report
There is a Report available in Run/Analyze & View Reports called the User Security that you can
run that lists all the defined User names and their security settings.
p. 74
Configure SNMP Trap Definitions
Use Configure SNMP Trap Definitions to add new SNMP Trap OIDs or modify the name,
description and/or OID of existing SNMP Trap OIDs for Sentry II's SNMPWatch feature. SNMP
Trap OIDs define those SNMP Traps that Sentry II can watch for and generate an alert if received.
Use this to also parse MIBs and extract the SNMP Trap OID information and automatically add to
the available definitions.
You must configure your Windows server/workstation where the Sentry II Server runs with the
Microsoft SNMP service.
For Windows 2000 / XP, go to Network and Dial-up Connections and select Advanced from the
menu bar. On the Advanced menu, choose Windows Optional Networking Components Wizard, then
Management and Monitoring Tools. Click the checkbox to add Simple Network Management
Protocol, and click the OK button.
For Windows NT, go to Control Panel, Network, and then select the Services tab. If the SNMP
Service is not already installed, choose and Add the SNMP Service. Once the SNMP Service is
available in the Services tab, select the SNMP Properties and check the configuration. Under the
Traps tab, insure the Community name matches the community of the SNMP devices you are
monitoring. Under the Security tab, check “Accept SNMP Traps from Any Host”.
Process MIBs Button
•
Press the Process MIBs button to analyze all the '.mib' files stored in the "...\Sentry II\Mibs"
folder. The '.mib' files found here will have the Trap OIDs automatically discovered and
placed in the Trap OID list (See Configure Watches/Alerts, New, 'SNMPWatch for SNMP
Traps').
•
The '.mib' files can be processed any number of times as duplicate Trap OIDs are looked for
and prevented.
p. 75
•
An error in any one '.mib' file will prevent the processing of any them. Refer to the error
message in the pop-up message box. Usual errors are 'unknown identifiers'. Look for a case
sensitive mismatch on the definition of the Object Type, and the later use of it in the Mib. If
the Object name is used but not identified in the Mib, you may be missing the base Mib
from the vendor where the Object Type identifiers are defined.
•
If unable to correct the problem with the Mib, remove it from the "...\Sentry II\Mibs" folder
(or rename it to something other than '.mib', for example, '.mi_') and run Process MIBs
again to process the other Mibs in the folder. After you correct the problem with the Mib,
place it back in the "...\Sentry II\Mibs" folder and rerun Process MIBs.
SNMP Trap Name Field
•
Defines the name of an SNMP Trap that will be available in Configure Watches/Alerts that
you can choose to watch for and if received, generate an optional alert.
•
Select the appropriate name to Edit an existing SNMP Trap or enter the desired name when
defining a New SNMP Trap (See Edit and New Buttons Below).
Description Field
•
An optional description for the SNMP Trap defined in the SNMP Trap Name field.
OID Field
•
Defines the Originating ID for an SNMP Trap that Sentry II can watch and monitor for
receiving.
•
Custom OIDs can be defined using a wild-card '*' as the last character which will match any
Trap OID received that includes the Custom OID as a base. For example: Custom OID =
"1.3.1.6*” would match on received Trap OIDs "1.3.1.6.5.1.3.5" and "1.3.1.6.5.1.2.4" and so
on since they contain "1.3.1.6" as a base.
•
OIDs may be specified with the 'Exclude' directive by preceding the OID with the characters
'%!' (without quotes). This is particularly useful when using a wild card. Using the wild
card in one definition and then excludes in one or more other definitions, you can set up to
process all Traps except those excluded.
New Button
•
Press the New button to add a new SNMP Trap to the Sentry II database. Fill in the SNMP
Trap Name, optional Description, and OID fields, and then press the Save button.
Edit Button
•
Select an existing group from the SNMP Trap Name drop down field. Press the Edit button
to modify the SNMP Trap Name, Description, or OID fields for an existing group.
p. 76
Delete Button
•
Select an existing SNMP Trap from the SNMP Trap Name drop down field. Press the Delete
button to remove an SNMP Trap from the Sentry II database. You are prompted to confirm
the delete.
Save Button
•
Press the Save button to save new or edited parameters for an SNMP Trap.
Cancel Button
•
p. 77
Configure Domain Information
Use Configure Domain Information to define your Windows Domains, Workgroups, and
Standalones, and optionally the User Name and Password credentials, for use in managing your
Sentry II Agents.
Domain Name Field
•
Defines the Domain, Workgroup, or Standalone name in your network.
•
Select the appropriate name to Edit an existing Domain entry, or enter the desired name
when defining a New Domain. (See Edit and New Buttons below).
Type Field
•
Defines whether the named entry is a Domain, Workgroup, or Standalone.
Description Field
•
An optional description for the selected Domain.
User Name Field
•
Optional User Name credential, with Administrator rights, for the named Domain.
•
In Manage Agents in Configure Servers/Agents & Devices, you can specify the Logon
credentials, at that time, for use in doing the Agent Install and Update operations.
Password Field
•
Optional Password credential, associated with the User Name above, for the named
Domain.
•
In Manage Agents in Configure Servers/Agents & Devices, you can specify the Logon
credentials, at that time, for use in doing the Agent Install and Update operations.
p. 78
Verify Password Field
•
Verify the optional Password entered in the Password field.
New Button
•
Press the New button to add a new Domain, Workgroup, or Standalone to the Sentry II
database. Fill in Domain Name, Type, optional Description, optional User Name and
Password fields, then press the Save button.
Edit Button
•
Select an existing Domain from the Domain Name drop down field, and then press the Edit
button to modify the Domain Name, Type, Description, User Name or Password fields.
Press the Save button to save the changes.
Delete Button
•
Select an existing Domain from the Domain Name drop down field, and then press the
Delete button to remove it from the Sentry II database. You are prompted to confirm the
delete.
Save Button
•
Press the Save button to save new or edited parameters for a Domain, Workgroup, or
Standalone.
Cancel Button
•
p. 79
Configure Watches/Alerts
Configure Watches/Alerts is the primary function for specifying all the different type of monitoring
you want to do, along with any associated rules for each “monitor”. Sentry II uses the term
“Watch”. Use Configure Watches/Alerts to specify Watch and Alert parameters for:
•
IP Services (ServerWatch) watch and alerting;
•
SNMP & Windows Performance Counters (CounterWatch) watch and alerting;
•
SNMP Traps (SNMPWatch) watch and alerting
•
SYSLOG Messages (SYSLOGWatch) watch and alerting;
•
Windows Processes (ProcessWatch) watch and alerting;
•
Windows Services (WinServicesWatch) watch and alerting;
•
Windows Files (FileWatch) watch and alerting;
•
Windows Event Logs (EventLogWatch) watch and alerting;
•
Custom Windows monitoring (CustomWatch) watch and alerting
Defined watches and alerts are applied to one or more servers/devices you specify. You define the
IP Service watch checking frequency, or Windows Processes, Windows Files, Windows Services,
Windows Event Log, SNMP Trap and SYSLOG watch parameters, or the CounterWatch threshold
p. 80
and duration for alert conditions; you define minimal notification intervals for alert conditions; and,
you define additional actions, such as send an Email, dial a Pager or Beeper, restart a stopped
Windows service, execute a program, or send a Trap or Syslog notification, that should be taken
when the alert condition occurs. The SNMP Trap and SYSLOG, Windows Service, File, Process
and Event Log alert events, IP Service watch events and all SNMP & Windows CounterWatch alert
events are always logged to the Sentry II Server database for reporting and later analysis.
Use AlertWatch Display to view the alerts you have defined as they occur in real-time. Use
ServerWatch Display to view the real-time current status of your monitored servers with IP Services.
Use EventLogWatch Display to view the watched Events you have defined as they occur in realtime; use SNMPTrapWatch Display to view the watched SNMP Traps you have defined as they
occur in real-time; use SYSLOGWatch Display to view the watched SYSLOG messages you have
defined as they occur in real-time. All these separate display functions are found on the Display
menu tab.
Review Mode
The Review Mode is the default view and is used to view the parameters for various watches and
alerts. In this view, you can choose to add new watches and alerts, edit existing watches and alerts,
or delete watches and alerts.
New / Edit Update Mode
To enter Edit and Update Mode, press the New or Edit buttons. In these modes, you can modify
parameters for existing watches and alerts or define parameters for new watches and alerts.
Watch/Alert Name Field
•
In Review Mode, you can select an existing watch or alert from the drop down list and view
its parameters, and then Edit or Delete it (See Edit and Delete Buttons below).
•
In Edit and Update Mode, modify an existing watch/alert name or enter the desired name
when defining a New watch or alert.
Description Field
•
An optional description for the watch or alert defined in the Watch/Alert Name field.
Verbose Description Notes Button
•
Click the button to the right of the Description field and pop-up a free-form text box where
you can enter optional verbose notes description for the server/device defined in the
Server/Device Name field.
•
These verbose notes are displayed in the pop-up tool-tip window when hovering with the
mouse over the server/device name in various Sentry II displays.
p. 81
Severity Field
•
This field works in conjunction with the Network Status Display. The Severity field
specifies how the particular Watch/Alert affects the status display. A Severity of 'Normal'
has no effect and is ignored; a Severity of 'Caution' would cause the status display Yellow
icon; a Severity of 'Critical' would cause the status display Red icon.
Suspend Watch/Alert Checkbox
•
Click the checkbox to suspend the particular Watch from checking and alerting.
•
This is not available for CounterWatch type Watches.
Watch Templates Button
•
Click the Watch Templates button and select a Select a Watch Template and click the OK
button and begin to create a New Watch.
•
Start with the Template's parameters; and make any desired changes, if necessary.
Usually you only need to select the servers/devices and any alert Action(s) desired.
Watch Report Button
•
Click the Watch Report button and select one or more servers/devices from the pop-up, and
display a report on all the Watch/Alerts, and associated details, that are defined for each
selected server/device.
p. 82
•
Optionally click the Print button to print the report.
Watch/Alert Type Views
This view is the default tab view and depends on the Alert Type. If the Alert Type is
WinServicesWatch, the SERVICES tab is displayed; if the Alert Type is EventLogWatch, the
EVENTLog tab is displayed; if the Alert Type is ProcessWatch, the PROCESS tab is displayed; if
the Alert Type is SNMPTrapWatch, the SNMPTrap tab is displayed; if the Alert Type is
SYSLOGWatch, the SYSLOG tab is displayed; if the Alert Type is ServerWatch for IP Services,
the IP Service tab is displayed; if the Alert Type is CounterWatch, the COUNTER tab is displayed;
if the Alert Type is FileWatch, the FILE tab is displayed; if the Alert Type is CustomWatch, the
CUSTOM tab is displayed; otherwise, if the Alert Type is User, the USER tab is displayed.
IP Service Tab
Choose the ServerWatch for IP Services View by selecting the IP Service tab.
In this view, if Review Mode, you view the parameters for IP Service Type and Selections for the
applicable servers/devices, for your various Watches/Alerts. In Edit and Update Mode (See New
and Edit Buttons below), you can modify these same parameters.
IP Service Field
In Review Mode, defines the IP Service name for this Watch/Alert. In Edit and Update Mode, this
field is hidden and the IP Service is selected from the tree displayed in the Selection(s) field (see
below).
Reboot Check Checkbox
•
AGENT Only; Select this to enable the reboot/restart monitor check and alert when server
Up Time is less than the previous check;.
HW/Config Check Checkbox
p. 83
•
AGENT Only; Select this to enable the HW/Configuration monitor check and alert when
any difference is detected.
Exclude Objects Field
•
AGENT Only; Optionally specify one or more WMI Hardware/Configuration Object names
to exclude from ‘HW/Config Check’.
•
Refer to the various Object Names in the ‘H/W Asset Details’ in ‘Configuration>Servers/Agents & Devices’; for example, “Printer; CDROMDrive;
NetworkAdapter” without the quotes. Object name check is NOT case sensitive.
Registry Check Checkbox
•
AGENT Only; Select this to enable the Registry monitor check and alert when any
difference is detected.
•
Specify which Registry keys and Values to monitor and how frequently in the Registry
Monitor Display.
Memory % Field
•
AGENT Only; Specify the percentage threshold for the virtual memory Page File and alert if
the free space drops below this threshold.
Logical Drive % Field
•
AGENT Only; Specify the percentage threshold for the Logical Drives and alert if the free
space drops below this threshold.
p. 84
Exclude Drives Field
•
AGENT Only; Optionally specify Logical Drive letters to exclude these drives from the
threshold check.
Selection(s) Field
•
The Review Mode displays the applicable server/device Names and Descriptions for the
selected watch / alert.
•
Hover with the mouse over the named computers to see the respective description, if
available.
•
Server/device Selection(s) in red text indicate a suspended watch / alert.
•
The Edit and Update Modes display a tree view of all available IP Service types from the
Sentry II database.
•
Press the
Expand button to view the Selection(s) display or Tree View display in an
expanded pop-up.
•
Expand any service by clicking the '+' to view the service's associated computers.
•
Collapse expanded services by clicking the '-'.
•
Define the watch / alert by selecting one or more servers/devices associated with an IP
Service.
•
Computers already assigned previously to an IP Services watch / alert use this icon
instead of a checkbox. IP Services servers/devices can only be assigned to one alert.
•
Attempting to select servers/devices associated with an IP Service when you already have
selected servers/devices for another IP Service will cause a prompt for you to choose which
IP Service and computer(s) to keep. Only one IP Service, with one or more servers/devices,
can be defined for each watch / alert.
p. 85
PROCESS Tab
Choose the ProcessWatch View by selecting the PROCESS tab.
In this view, if Review Mode, you view the parameters for Process Name and Process Path, options
Restarting or Terminating a monitored process, and optional CPU and Memory utilization
Thresholds.
In Edit and Update Mode (See New and Edit Buttons below), you may modify these same
parameters.
Process Name Field
•
Defines the name of the Process to be monitored.
•
The asterisk (‘*’) Wild Card character is supported, and when specified, all processes are
monitored against the specified CPU or memory thresholds. You can for example specify
‘act.exe*’ as the Process Name, and this will give you the option to terminate the process if
it exceeds your specified thresholds.
•
A Process can be monitored to be running or not running; and depending on your choice,
either optionally restarted, terminated, or just notified with an Email, or a Pager, or other
Action.
•
A Process can also be optionally monitored for CPU and Memory utilization thresholds.
Use the asterisk wild-card, for example specify ‘act.exe*’ as the Process Name, and this
will give you the option to terminate the process if it exceeds your specified thresholds.
•
In New or Edit mode, click the "..." button to see a list of the current running processes on a
selected server; if you select one of the displayed processes, then the Process Path filed is
also updated.
•
The Sentry II Agent checks processes every one (1) minute.
p. 86
Process Path Field
•
Required only if the Restart option is selected.
•
Defines the "fully qualified path" name for the Process being monitored. The path includes
the driver letter but does NOT include the machine name. For example, "C:\Program
Files\MyProcesses\Process.exe" is a correct specification.
Should Be 'Running' & 'Not Running' Radio Buttons
•
Choose the condition for the specified Process to be monitored
Notify Only Checkbox
•
Select this if you do not want the Sentry II Agent to attempt to restart or terminate the
monitored Process.
Delay Field
•
Optionally, specify a delay (duration) value in minutes that the Process is detected as
running (or not running) before the alert condition exists.
'Restart' & 'Terminate' Radio Buttons
•
If Notify Only is not checked, then either one or the other of these radio buttons is selected,
depending on whether the process is being monitored for running or not running.
Instance Count Field
•
Optional parameter, if specified it defines the minimum number of instances for a process
that should be running; if the number of instances of the specified process running is less
than this then an alert condition exists.
•
If the Not Running option is selected, then this count defines a 'ceiling' such that if the
instance count of the specified process is equal to or greater than this count, then an alert
condition exists; if the Terminate option is selected then instances of the specified process
will be terminated until the number of instances is less than this count.
Exclude From Wild Card Field
•
Applicable only if the Wild Card '*' is specified for the Process Name.
•
Optional parameter, if specified it defines one or more processes, separated by a semi-colon,
that are excluded from the process check.
Threshold Fields
•
Click the
button to view the optional Threshold parameters to monitor the CPU and
Memory utilization of a running Process.
Duration Field
p. 87
•
Optional parameter, if specified it defines the duration in minutes that any of the thresholds
specified must be exceeded for an alert condition to exist.
CPU (%) Field
•
Optional parameter, if specified it defines the maximum average CPU utilization of the
monitored Process over the monitored interval which by default is 1 minute. This can be
extended by use of the Duration parameter. If the computed average percentage exceeds
this parameter, then a Watch/Alert Action is executed.
•
For example, if the CPU (%) field is set to 50, then if the average CPU utilization for the
specified process (or any process if using the Wild Card '*') exceeds 50% for the default 1
minute interval (or 'n' continuous minutes if the Duration is set 'n'), then an alert condition
exists.
Memory(kb) Field
•
Optional parameter, if specified it defines the maximum Memory utilization in Kilobytes
(KB) of the monitored Process. If the current utilization by this Process exceeds this
parameter, then a Watch/Alert Action is executed.
•
This is the Task Manager 'Mem Usage' value for a process.
PageFile Field
•
Optional parameter, if specified it defines the maximum Page File (or Virtual Memory)
utilization in Kilobytes (KB) of the monitored Process. If the current utilization by this
Process exceeds this parameter, then a Watch/Alert Action is executed.
•
This is the Task Manager 'VM Size' value for a process
PPool Field
•
Optional parameter, if specified it defines the maximum Paged Pool utilization in Kilobytes
(KB) of the monitored Process. If the current utilization by this Process exceeds this
parameter, then a Watch/Alert Action is executed.
•
This is the Task Manager 'Paged Pool' value for a process.
p. 88
NPPool Field
•
Optional parameter, if specified it defines the maximum Non Paged Pool' utilization in
Kilobytes (KB) of the monitored Process. If the current utilization by this Process exceeds
this parameter, then a Watch/Alert Action is executed.
•
This is the Task Manager 'NP Pool' value for a process.
Selection(s) Field
•
The Review Mode displays the applicable Server/Workstation Names and Descriptions for
the selected Watch/Alert.
•
The Edit and Update Modes display a tree view of all server/workstations that have the
required Sentry II Agent installed.
•
Press the
expanded pop-up.
•
Expand any Group by clicking the '+' to view the Group's associated servers/computers with
the Sentry II Agent installed.
•
Collapse expanded Groups by clicking the '-'.
•
One or more servers/workstations must be selected.
SERVICE Tab
Choose the WinServicesWatch View by selecting the SERVICE tab.
In this view, if Review Mode, you view the parameters for Windows Services and Selections for the
applicable servers/workstations, for your various watches and alerts.
In Edit and Update Mode (See New and Edit Buttons below), you can modify these same
parameters.
p. 89
Display Services By Radio Button
•
In Edit and Update Mode, choose how you want to display servers/computers and associated
Windows Services, either ordered by Services or by Servers/Computers.
Attempt Service Restart Checkbox
•
When checked, the monitored Windows Service will be restarted when Sentry II detects it
has Stopped.
Delay Field
•
Optionally, specify a delay (duration) value in minutes that the Service is detected as
Stopped before the alert condition exists.
Selection(s) Field
•
The Review Mode displays the applicable Server/device Names and Descriptions, along with
their selected Windows services, for the selected watch / alert.
•
Hover with the mouse over the named servers/computers to see the respective description, if
available.
•
•
The Edit and Update Modes display a tree view of all available Windows Services displayed
by server/device or by service, based on the radio button selection.
•
Press the
expanded pop-up.
•
Expand any Window Service to see its associated servers/computers, or expand any
Server/device to see its associated Windows services, by clicking the '+'.
•
Collapse expanded services or server/devices by clicking the '-'.
•
EVENTLog Tab
Choose the EventLogWatch View by selecting the EventLog tab.
In this view, if Review Mode, you view the parameters for Event Log Name, Type, Source, Event ID,
User Name, Description ( Message)and Selections for the applicable servers/workstations.
In Edit and Update Mode (See New and Edit Buttons below), you can modify these same parameters.
Log Name Field
•
In Review Mode, defines the Event Log name for this watch/alert. In Edit and Update
Mode, this field is a drop-down with the names of the six Event Logs that can be watched;
p. 90
Application, Security, System, Directory Service, DNS Service, and File Replication
Service.
Type Field
•
In Review Mode, defines the Event Log type for this watch/alert. In Edit and Update Mode,
this field is a drop-down with the names of the five Event Log types that can be watched;
Error, Warning, Information, Audit Success, and Audit Failure; as well as the default
"empty" selection.
•
The "empty" selection is interpreted one of two ways. If there are other optional parameters
defined (see following), then the Event Log Type is ignored, as are other “empty”
parameters, when looking for a parameter match for an eligible alert. If there are NOT any
other optional parameters defined, then the "empty" Type is interpreted to mean "all" types,
and every event for the given Event Log will cause an alert.
Source Field
•
Optional text field defining the Source as a parameter to determine the specific Event Log
event to be watched for. The defined string is treated as an exact match. However, you can
use the asterisk wild-card so that the specified string is treated as a sub-string when checking
for a match with a Source parameter. You can specify multiple Source parameters by
separating with a comma. Parameter is NOT case sensitive.
p. 91
Event ID Field
•
Optional numeric field defining the Event ID as a parameter to determine the specific Event
Log event to be watched for. You can specify multiple Event IDs, separated by a comma,
and/or a range of Event IDs separated by a dash. For example, "1-100,150-200,250-275".
User/Group Name Field
•
Optional text field defining the User Name as a parameter to determine the specific Event
Log event to be watched for. You can specify multiple User Name parameters by separating
with a comma. Parameter is NOT case sensitive.
•
You can also enter an Active Directory Group Name so that any User that is a member of
the Group would be considered a Match. You can specify multiple Group Name parameters
by separating with a comma. You also mix User and Group names.
•
example, ‘Administrator()’ is the ‘Administrator’ Group.
•
Click the button to the right of this field to pop-up a display Windows and view your Active
Directory information where you can select one or more Users and/or Groups. Refer to the
Configure Security section for a description of the Active Directory View and Find function.
Description Field
•
Optional text field defining an Event Description as a parameter to determine the specific
Event Log event to be watched for. The defined string is treated as a sub-string when
checking for a match against the Event Description.
•
You can specify multiple Description parameters by separating with a comma. Parameter is
NOT case sensitive.
•
Use &T in a substring specification to represent a Tab character.
AND Params Checkbox
•
By default, the above parameter fields, when defined, will cause an Event Log alert if any of
the parameter fields match (Boolean "Or" check). This Optional checkbox, when checked,
requires all the defined parameter fields above to match (Boolean "And" check).
Exclude Checkbox
•
By default, when an Event matches (is included in) the criteria defined by the various
parameter fields above, an alert condition occurs. This Optional checkbox, when checked,
EXCLUDES any Event matching the criteria defined by the various parameter fields above,
and no alert condition occurs.
p. 92
All Except Checkbox
•
By default, when an Event matches (is included in) the criteria defined by the various
parameter fields above, an alert condition occurs. This Optional checkbox, when checked,
reverses the logic so that all Events NOT matching the criteria defined by the various
parameter fields above, an alert condition occurs.
Not Received in X Minutes Checkbox
•
Use this feature to monitor for the absence of an occurrence of one or more events
matching the Watch parameters within the specified time-frame in minutes.
Precedence Field
•
Specifies how this Watch/Alert is handled if the received Event Log event satisfies the
criteria of multiple Watches/Alerts. A higher-precedence (1 is higher than 2, etc.) trumps
Watches/Alerts with a lower precedence.
Selection(s) Field
•
The Review Mode displays the applicable Server/device Names and Descriptions for the
•
Hover with the mouse over the named servers/computers to see the respective description, if
available.
•
•
The Edit and Update Modes display a tree view of all Groups (see Configure Groups) and
eligible servers/computers running Windows NT or 2000 and the Sentry II Agent.
•
Press the
expanded pop-up.
•
Expand any Group by clicking the '+' to view the Group's associated eligible computers.
•
•
FILE Tab
Choose the FileWatch View by selecting the FILE tab.
In this view, if Review Mode, you view the parameters for File Path Name, Size Change, Date/Time
Change, Search String, Maximum Size, and Selections for applicable servers/workstations.
parameters.
p. 93
File Path Name Field
•
Defines the "fully qualified path" name for the file to be checked in this watch/alert. The
path includes the driver letter but does NOT include the machine name. For example,
"C:\MyApplication\MyLogFiles\Log.txt" is a correct specification.
•
This parameter fully supports wild-cards for defining a Watch on a group of files matching
the specification; this parameter also accepts a directory/folder name as a specification to
monitor the entire folder for the specified conditions.
•
If none of the other optional parameters below are defined then Sentry II watches for the
creation and existence of the specified file(s). If the ‘NOT Check’ checkbox is checked,
Sentry II watches for the deletion of the file(s).
•
Files are checked every one (1) minute by the Sentry II Agent, which is required on the
selected servers/workstations.
Size Change Checkbox
•
Optional parameter, if checked, the file's current size is determined, and any subsequent
change to that size results in an alert condition.
D/T Change Checkbox
•
Optional parameter, if checked, the file's current last-modified date/time is determined, and
any subsequent change to that last-modified date/time results in an alert condition.
Search String Field
•
Optional parameter, if specified, the file is scanned for this sub-string, and if found, results
in an alert condition. The file scanning is optimized so that only new data added to the file
is scanned on each check.
Maximum Size(KB) Field
p. 94
•
Optional parameter, if specified, the file size in kilobytes (KB) is checked against this
parameter and if it exceeds it, results in an alert condition.
File Count Threshold Field
•
Optional parameter, if specified, the count of the files in the specified directory, or if the
count of files matching the specified wild-carded file name, exceed the specified threshold,
results in an alert condition.
NOT Check Checkbox
•
Specifies, when set, that all the defined parameters are tested in the NOT condition.
•
The simple example is the specified file does not exist (perhaps it has been deleted).
•
For the Size Change, D/T Change, Maximum Size, and Search String parameters, if
specified imply, the NOT of the parameter. For example, the Size and/or D/T have NOT
changed, the File is less than the specified Maximum Size, or the File does NOT contain the
specified Search String.
Duration Minutes Field
•
Optional parameter, if specified, defines the Duration in Minutes that the File conditions
must exist in the 'matched' (that is, the Alert state) before the Alert notification is actually
triggered.
AND Params Checkbox
•
Specifies, when set, that a match must occur on all of the parameter fields above that have
been specified (Boolean AND); otherwise, if not set, a match can occur on any of the
parameter fields above that have been specified (Boolean OR).
File Audit and Optional WHO Information
•
FileWatch alert information on Files/Folders being monitored for changes and deletions will
contain WHAT, WHEN, and WHERE by default. You can optionally have the WHO
information included if you enable Windows Auditing on the File/Folder being monitored.
•
To enable File or Folder Auditing, perform the following steps:
(1) Run the ‘Local Security Policy’ tool found in ‘Administrative Tools’
(2) Under ‘Security Settings->Local Policies->Audit Policy’, enable ‘Audit object
access’ for Success and Failure
(3) Next, right-click on the File or Folder name in Windows Explorer, and select
‘Properties’
(4) Next, on ‘Properties’, click ‘Security’, then ‘Advanced’, then ‘Auditing’, then
‘Add’
(5) Select ‘Everyone’ and then check all the Access option checkboxes for success
and failure
•
Repeat steps (1) and (2) for each server/workstation as appropriate, or use a ‘Global
Policy Setting’.
p. 95
•
Repeat steps (3) through (5) for each File and/or Folder where you want to capture
the WHO information.
Selection(s) Field
•
selected alert.
•
The Edit and Update Modes display a tree view of all server/devices that have the required
Sentry II Agent installed.
•
Press the
expanded pop-up.
•
Expand any Group by clicking the '+' to view the Group's associated servers/computers with
the Sentry II Agent installed.
•
•
COUNTER Tab
Choose the CounterWatch View by selecting the COUNTER tab.
In this view, if Review Mode, you view the parameters for Threshold, Duration, and Selections for
Object/Counter and applicable computers, for your various alerts.
parameters.
Counter Field
•
In Review Mode, defines the counter name for this watch/alert. In Edit and Update Mode,
this field is hidden and the Counter is selected from the tree displayed in the Selection(s)
field (see below).
Object Field
•
In Review Mode, defines the object name for this watch/alert. In Edit and Update Mode,
this field is hidden and the Counter is selected from the tree displayed in the Selection(s)
field (see below).
p. 96
Threshold Field
•
Defines the value for the counter selected. If this value is exceeded, either over or under
(See Over checkbox) for the specified duration (See Duration parameter), the alert condition
will be met.
•
The value is dependent on the counter and can represent percentage or quantity.
Over Checkbox
•
Works in conjunction with the Threshold parameter and the Duration parameter.
•
When checked, the counter value must be over the Threshold value for the specified
Duration for the alert condition to be met.
•
When unchecked, the counter value must be under the Threshold value for the specified
Duration for the alert condition to be met.
Duration Field
•
Works in conjunction with the Threshold and the Over checkbox parameters.
•
Define how long, in seconds, that the counter value must exceed the Threshold value, either
over or under based on the Over checkbox setting, for the alert condition to be true.
Selection(s) Field
•
selected alert.
p. 97
•
The Edit and Update Modes display a tree view of all available objects from the Sentry II
database.
•
Press the
expanded pop-up. Expand any object by clicking the '+' to view the object's associated
counters.
•
Expand any counter by clicking the '+' to view the counter's associated computers.
•
Collapse expanded objects or counters by clicking the '-'.
•
Define the alert by selecting one or more computers associated with a single counter.
•
Attempting to select servers/workstations associated with a counter when you already have
selected servers/workstations for another counter will cause a prompt for you to choose
which counter and servers/workstations to keep. Only one counter, with one or more
servers/workstations, can be defined for each alert.
CUSTOM Tab
Choose the CustomWatch View by selecting the CUSTOM tab. Sentry II’s CustomWatch monitors
your Windows servers/workstations by executing any Windows program, command, script, or batch
file executable that you provide. It runs the executable periodically on the monitored
server/workstation according to a schedule that you specify.
You can optionally specify a comparison of the executable’s Exit Code to an exit code you specify,
and generate an alert notification if the comparison fails.
You can optionally specify an Executable Time-Out value and Sentry II will terminate the
executable if it does not complete on its own before the time-out expires.
You can optionally specify Logon credentials and Sentry II will start the executable under the user
context of these credentials; and the specification for the executable, and for the optional commandline options, support Environment Variable substitution when bracketed with the percent character;
for example, %SystemRoot%.
p. 98
Use the powerful CustomWatch to create your own custom monitors but also use CustomWatch as a
central Windows Job Scheduler, and easily manage the scheduled execution of all your jobs across
all your servers and workstations from the central Sentry II Server.
In this view, if Review Mode, you view the parameters for Program Name, Command-line Options,
Execute Time-out, Exit Code, and optional User Name & Password. You also specify the
servers/workstations where the CustomWatch should execute.
parameters.
Program Name Field
•
Defines the fully qualified path name to the executable on the target server/workstation. For
example, C:\Program Files\CustomWatch\Custom.exe
•
Supports Environment Variable substitution when bracketed with the percent character; for
example, %SystemRoot%.
Command-line Options Checkbox
•
Optionally, specify the command-line options that are past to the executable.
•
Supports Environment Variable substitution when bracketed with the percent character; for
example, %SystemRoot%.
Execute Time-out Field
•
Optionally, specify a time-out value in seconds that Sentry II Agent will use to terminate the
executable if it has not ended execution on its own prior to the time-out.
Exit Code Field
p. 99
•
Optionally, define an exit code and a comparison that the Sentry II Agent will make against
the executable’s exit code, and generate an alert if the comparison fails.
Optional User Name Field
•
Optionally, define a User Name that the Sentry II Agent will use to run the executable in this
User’s security context.
Password Field
•
Password for the User Name that the Sentry II Agent will use to run the executable in this
User’s security context.
Selection(s) Field
•
The Review Mode displays the applicable Server/Workstation Names and Descriptions for
the selected CustomWatch.
•
The Edit and Update Modes display a tree view of all servers/workstations that have the
required Sentry II Agent installed.
•
Press the
expanded pop-up.
•
Expand any Group by clicking the '+' to view the Group's associated servers/workstations
with the Sentry II Agent installed.
•
•
SNMPTrap Tab
Choose the SNMPTrapWatch View by selecting the SNMPTrap tab. In this view, if Review Mode,
you view the parameters for Trap OID(s) and Selections for the applicable servers/devices for your
various Watches.
In Edit and Update Mode (See New and Edit Buttons below), you can modify these same parameters.
Trap OID(s) Drop-down
•
In Review Mode, defines the Trap OID(s) for this watch/alert. In Edit and Update Mode,
clicking the Add/Remove button immediately to the right can modify this drop-down list.
•
Clicking the Add/Remove button displays a pop-up box with all available Trap OIDs. Check
or uncheck the associated checkbox to include or exclude the OID from this watch/alert.
•
Click the Custom button to define a new SNMP Trap OID, and optionally add it to the
SNMP Trap OID Definitions. (See Configure SNMP Definitions to administer all the
available SNMP Trap OID Definitions, parsing MIBs to extract Trap information, and for
descriptions of some available options for defining OIDs such as wild cards, and
exclusions.)
p. 100
Selection(s) Field
•
•
Hover with the mouse over the named computers to see the respective description, if
available.
•
•
The Edit and Update Modes display a tree view of all available Groups and associated
Server/devices from the Sentry II database.
•
Press the Expand button to view the Selection(s) display or Tree View display in an
expanded pop-up.
•
Expand any Group by clicking the '+' to view the Group's associated servers/computers.
•
Collapse expanded Group by clicking the '-'.
•
Define the watch / alert by selecting one or more server/devices.
SYSLOG Tab
Choose the SYSLOGWatch View by selecting the SYSLOG tab.
In this view, if Review Mode, you view the parameters for Facility codes, Severity codes, Tag search
string, Content search string, Precedence, AND Check Field and Selections for applicable
servers/devices.
parameters.
Anatomy of a Syslog Message
p. 101
•
Syslog message format calls for each message to start with a ‘Message’ code (also called a
‘Priority’ code) in angled-brackets. For example, “<23>Jan 11 16:06:10…”
•
In this example “<23>Jan 11 16:06:10…”, ‘23’ is the ‘Message Code’, and from this you
can also derive the ‘Facility’ and ‘Severity’ codes as follows: ‘Message Code’ divided by 8,
with the Quotient equal to the ‘Facility’ code and the Remainder equal to the ‘Severity’
code.
•
In the example “<23>Jan 11 16:06:10…”, 23/8 equals a Quotient of 2 and a Remainder of 7,
so the Facility code is 2 which is ‘Mail System’, and the Severity code is 7 which is
‘Debug’.
•
In the pop-up selection checkbox list for Facility and Severity codes, accessed by clicking
the associated button with the three dots, the codes are zero-relative.
Message Code(s) Field
•
Defines the eligible Message codes to watch for in received SYSLOG messages. Is optional
as long as at least one Facility code, or a Severity code, or Match All is specified.
p. 102
Facility Field
•
Defines the eligible Facility codes to watch for in received SYSLOG messages. Is optional
as long as at least one Message Code, or a Severity code, or Match All is specified.
•
See Anatomy of a Syslog Message above for how one determines the Facility code.
Severity Field
•
Defines the eligible Severity codes to watch for in received SYSLOG messages. Is optional
as long as at least one Message Code, or a Facility code, or Match All is specified.
•
See Anatomy of a Syslog Message above for how one determines the Severity code.
Tag Field
•
Optional parameter, if specified, the Tag field in the received SYSLOG message is scanned
for this string, and if found, results in a match condition.
Match All Checkbox
•
Set this checkbox to easily define this Watch as matching all received SYSLOG messages.
Is optional as long as at least one Message Code, or a Severity code, or Facility code is
specified.
Content Field
•
Optional parameter, if specified, the Content portion of the received SYSLOG message is
scanned for this string, and if found, results in a match condition.
Precedence Field
•
Specifies how this Watch/Alert is handled if the received SYSLOG message satisfies the
criteria of multiple Watches/Alerts. A higher-precedence (1 is higher than 2, etc.) trumps
Watches/Alerts with a lower precedence.
AND Params Checkbox
•
Specifies, when set, that a match must occur on all of the parameter fields above that have
been specified (Boolean AND); otherwise, if not set, a match can occur on any of the
parameter fields above that have been specified (Boolean OR).
Archive Only Checkbox
•
Use this option for high-volume collection, if there are no alert 'Actions' Specified. By
default, any SYSLOG Message matching the Watch is both written to an Archive file and
written to the Database. With this 'Archive Only' option, you increase Performance by
writing to the Archive file only, and by-passing the Database. See 'Syslog View/Archive &
Report' on the 'Report' Menu.
Archive Never Checkbox
p. 103
•
Use this option to skip the write to the Archive file when you do not have high-volume
collection requirements and/or if you don't require saving SYSLOG messages for long term.
Messages are only written to the Database. Specify an alternate Archive folder for this
Watch versus the default folder '...\\Sentry II\\SyslogArchive'
Archive Path Field
•
Optionally specify an the path to an alternate Archive folder for the SYSLOG messages that
match this Watch versus the default folder '...\Sentry II\SyslogArchive'. Format is Drive:\....
or UNC path, for example, \\MachineName\c$\SyslogAlternate; Drive can be a mapped
drive. The Sentry II Server component needs to have access rights to the specified folder.
Selection(s) Field
•
The Review Mode displays the applicable Server/Device Names and Descriptions for the
selected alert.
•
The Edit and Update Modes display a tree view of all servers/devices defined to Sentry II.
•
Press the
expanded pop-up.
•
Expand any Group by clicking the '+' to view the Group's associated servers/devices.
•
•
One or more servers/devices must be selected.
USER Tab
Choose the User View by selecting the USER tab. There are no parameters to define or edit in the
User View. See User Alert below for more information.
Schedule View
Choose the Schedule View by selecting the Schedule tab.
p. 104
If Review Mode, you view the parameters for your various watches / alerts such as Every Time,
Minimal Notification Interval, Server Check Frequency if a Services alert type. In Edit and Update
Mode (See New and Edit Buttons below), you may modify these same parameters.
Alert Every Time Checkbox
•
Defines whether an alert is generated every time the conditions are met, or only after the
Minimal Notification Interval time specification elapses.
•
When checked the alert is generated every time the conditions are met.
•
Applies to all Watch/Alert types except User,
•
When unchecked, the alert is only generated if the alert conditions are met, and the Minimal
Notification Interval is exceeded since the last alert for this type.
Minimal Notification Interval Field
•
Defines the minimal interval that must elapse between events for this alert before another
alert will be generated. The Every Time checkbox must be unchecked.
•
For ServerWatch IP Services, this also defines the minimum elapsed time since a service is
first detected as down or failed before an alert is generated.
•
When in Edit and Update Mode, this is a "point & click" field; click the field to display the
interval choices. You specify this value in seconds, minutes, or hours.
•
Applicable to all watch/alert types except User. However, each alert occurrence for any
watch/alert type is considered unique based on the details. For example, an EventLog
watch/alert can be defined that can encompass any Event type from any server/workstation.
For purposes of the Minimal Interval determination, an EventLog alert is considered the
same based on being the same Event Type and ID, from the same server/workstation; a
WinServices alert is considered the same based on being the same service from the same
server/workstation; a FileWatch is considered the same based on being the same file name
from the same server/workstation; an SNMP Trap is considered the same based on being
p. 105
the same Trap type from the same server/device; and a SYSLOG is considered the same
based on being the same SYSLOG Message type received from the same server/device.
Service Check Frequency, Every Field
•
Applicable only to IP Service alert types.
•
Defines the frequency with which the service specified for this watch/alert is checked. An
alert condition occurs when the watch check fails.
Maximum Alert Notifications Field
•
Applicable only to ServerWatch IP Service, CounterWatch, ProcessWatch,
WinServicesWatch and CustomWatch alert types.
•
Defines the maximum number of times you want to be notified during a continuous failure
situation.
o
A value of 0 means no maximum defined so you will continue to be notified
according to your Every Time and Minimal Notification Interval settings.
o
A non-zero value means that after you have been notified the number of times
defined in the Maximum Alert Notifications, and according to your Every Time and
Minimal Notification Interval settings, you will not be notified again.
Notify On Restore Checkbox
•
Applicable only to CounterWatch, ProcessWatch, WinServicesWatch and
CustomWatch watch/alert types.
•
Defines whether a 'Restore' alert is generated if you have previously been alerted due to a
failure for one of the applicable watch/alert types.
•
There is always a Notify on Restore for a ServerWatch for IP Service.
Watch/Alert Dependency Field
•
Applicable only to IP Service alert types.
•
Optional association to another existing ServerWatch watch/alert ("Primary") that this
watch/alert is "dependent". If any server/device defined in the "Primary" watch/alert is
down/unavailable, then alert notifications and actions for this "dependent" watch/alert are
suppressed on any of its check failures.
•
This provides a means where you can minimize alert notifications and actions on
server/device failures if these servers/devices are guaranteed to fail their checks if one or
more servers/devices in the "Primary" watch/alert are down and unavailable.
Suppress Monitoring Field
•
Applicable only to ServerWatch IP Service, CounterWatch, ProcessWatch,
WinServicesWatch and CustomWatch alert types.
p. 106
•
Specify one or two time periods when you want the monitoring for this watch/alert to be
suppressed.
•
Specify by day-of-the week, start and end, and time, in HH:MM, start and end.
•
Choose specifications by clicking either field, and then selecting the appropriate parameters
from the drop-downs.
Run Program Every Field
•
Applicable only to CustomWatch alert types.
•
Define how frequently the CustomWatch executable should run.
Start At Date/Time Field
•
Applicable only to CustomWatch alert types.
•
Defines the starting point for the executable. The Sentry II Agent attempts to always run the
executable at a periodic rate that is an even increment from the Start Date/Time plus the Run
Program Every rate.
When Any Single Event/Trap/Message Occurs Field
•
Applicable only to EventLogWatch, SNMPTrapWatch, and SYSLOGWatch alert types.
•
Acts as an additional filter so that an alert condition exists only after a specific event, trap, or
message occurs the defined amount of times within the specified time frame.
•
Each event, trap, or message that matches the Watch criteria is treated discretely when
counting. For example, an event with ID 500 is counted separately from ID 501, even
though both match the Watch. However, if the Combine All checkbox is checked, then
matching events, traps, or messages are not treated discretely and are combined together
when counting.
Actions View
Choose the Actions View by selecting the Actions tab.
If Review Mode, you view the parameters for the various alert notification actions available, for your
alerts.
parameters.
There are six possible alert notification actions that can be taken. When an alert occurs, choose one
or more of these notification actions to be carried out:
•
Send an Email to one or more Email addresses;
•
Dial an Alpha Pager or PCS Phone and send an alpha-numeric text string up to 220
characters
p. 107
•
Dial a Beeper and send a numeric text string;
•
Execute any program, script, batch on the Sentry II Server computer, passing an optional
argument string. Optionally, execute a program, script, batch on the failing
server/workstation.
•
Send an SNMP Trap message to another management console or Trap server.
•
Send a SYSLOG message to another management console or SYSLOG server.
•
You select the appropriate action tab to navigate to each of the six alert notification setup
screens contained within the Actions tab view.
Email
Email Notify Checkbox
•
Defines whether an Email is sent when an alert condition exists for the Watch.
•
When checked and alert conditions are met, an Email is sent to the Email address specified
in the Email Address field. Multiple Email addresses may be specified, separated by a
comma. The subject line is specified in the Email Subject field.
•
When unchecked, no action is taken to send an Email.
•
To send email, the Global SMTP Server (See below) must be defined.
Email Address Field
•
Defines the address where an alert Email is sent when an alert condition exists for the
Watch. The Email Notify checkbox must be checked.
•
Multiple Email addresses can be defined and must be separated by a comma.
p. 108
•
You can also define and use "Email Group" names in the Email address field. Email Group
names represent one ore more Email addresses. See Email Group Button below.
•
You can use the &G or &N macro as part of an Email Address, and these are substituted
with the name of the Group (&G) the alerting server/device belongs to or the name of the
alerting server/device itself (&N), respectively. Use in conjunction with Email Groups
where you define an Email Group to represent each server/device Group, and then have an
alert Email notification only go to addresses in the Email Group you have defined to handle
servers/devices in the associated Group.
Email Subject Field
•
Defines the Email subject line if an Email is sent on an alert condition.
•
The Email Subject field supports "macro substitution" based on ten different macro
parameters. The parameters are case sensitive and must be upper case. These parameters
are:
&D for Date,
&T for Time,
&N for Name of the server/device causing the alert condition,
&G for the Name of the Group that the server/device belongs,
&A for IP Address of the server/device causing the alert condition,
&W for the Watch/Alert ‘Name’ responsible for the alert,
&R for the Watch/Alert ‘Description’ text,
&L for the Watch/Alert ‘Severity’ level,
&S for Status message or code associated with the alert,
&O for the Server/Device Notes,
&E for the Watch/Alert Notes,
&V for the CounterWatch value that exceeded a threshold in this type alert.
Email Group Button
•
Press the Email Groups button
to select and or manage your Email Groups.
p. 109
•
From the Select and Manage Email Groups pop-up, select an Email Group name to add to
the Email Address field by pressing the Select button
•
Press the Manage button for the Create and Manage Email Groups pop-up. From this
screen you can create new Email Groups; edit existing Email Groups by adding, editing or
deleting to the list of associated Email addresses; or delete existing Email Groups
•
Use the Duplicate button to clone an Email Group with all the associated addresses where
you the can Edit it give it a new name.
•
Press the Report button to pop-up a report display of all your Email Groups, and from there,
select Print to print the report.
•
When you select Add Address or Edit Address, the pop-up includes a drop-down ‘Pick List’
that displays all previously entered Email addresses so you can pick and reuse addresses
when you have them defined in more than one Email Group.
Customize Email Text Button
•
Press the Customize Text button
default text provided by Sentry II
to define custom Email text to be used in place of the
p. 110
•
The Custom Email Text supports the same "macro substitution", based on six different
macro parameters, as the Email Subject field. See the Email Subject field description above
for the definition of the macros supported.
•
When custom Email text is defined, there is this check mark
Email Text button to indicate this
to the right of the Customize
SMTP Server Parameters for all Email Button
•
Press the SMTP Parameters for all Email button
to define the global SMTP parameters,
which apply to all Email. This pops-up the Edit Global SMTP Server and Originating
Email Addresses (See below) dialogue box.
SMTP Servers, Such as Exchange Server, and Possible Settings You May Need to Make
•
If you are using a local Microsoft Exchange Server (or other SMTP Email Server), and you
are specifying Email recipients, who are external to your Exchange Server, you may need to
set some Exchange properties to allow rerouting of the "incoming" Email from Sentry II to
the external recipients.
•
On the "Routing" tab in MS Exchange Manager, under “Internet Mail”, you may need to
select the radio button to "Reroute incoming SMTP mail".
•
In order to lock down rerouting to only authorized "Hosts and Clients", go to the "Routing
Restrictions" properties, and check the checkbox for rerouting only for "Hosts and Clients
that successfully authenticate". If you do this, define a Login and Password in Exchange for
Sentry II's use, and then use these as the parameters for setting the Global SMTP
Authentication here in Sentry II.
Edit Global SMTP Server(s) & From Addresses, and Authentication Parameters Dialogue Box
•
Press the configuration button
to pop-up this dialogue box. Specify the SMTP server
address for where Emails should be sent for transmission. This can be an IP address or a
domain name. This is a global setting and applies to all alerts, not just to the alert being
defined here. The default port for the SMTP server is 25. To override this default port,
p. 111
append a colon character followed by the override port number. For example, to use port 26
versus the default port 25, "192.168.1.100:26" or "mail:26".
•
Specify multiple SMTP server addresses, separated by a semi-colon, as alternates. The first
SMTP server address specified is treated as the primary, and all Email alerts will be sent to
this server first. If sending an Email is unsuccessful, then the second SMTP server address
specified is tried as an alternate, and so on.
•
Specify your originating Email address. This field is optional as not all SMTP servers
require it. The format is: [email protected]. This is a global setting and applies to all
alerts, not just to the alert being defined here.
•
Check the associated checkbox and specify your SMTP authentication Login and
Password parameters. These fields are optional as not all SMTP servers require it.
This is a global setting and applies to all alerts, not just to the alert being defined
here. The Login and Password parameters are used for all of the SMTP servers defined.
•
Press the OK button, and the SMTP Server address you specify is checked as a valid SMTP
server. Press the Cancel button to exit the dialogue box and leave the settings unchanged. .
Test Email Button
•
Press this button to test your Email specifications. Using the information you have defined,
a test Email is sent. Status messages will indicate whether there was correct information and
the Email(s) were successfully sent to the SMTP Server. If everything is correct, you should
receive the test Email(s) at the destination address(es).
•
You can view details of the Test Email in the Sentry II Server Log display.
Program
Run Program Checkbox
p. 112
•
Defines whether to run a program when an SNMP Trap, Event Log, IP or Win Services
watch fails; the alert meets the conditions specified in the Counter View or File Check; or a
User Alert is received.
•
When checked, and alert conditions have been met, the program, batch, or command file
name specified in the Program Name field is executed either on the Sentry II Server, or the
alerting server. See the At Field radio buttons below.
•
When unchecked, no action is taken to run programs.
•
In order to run the specified program at the Monitored computer or to Restart the Monitored
computer, the Monitored computer must be a Windows NT or 2000 computer and it must
have the Sentry II Agent running.
At Field
•
Radio buttons provide the choice to run the specified program, batch, or command file,
either at the Sentry II Server, at the Monitored computer, or to Restart the Monitored
computer. The Run Program checkbox must be checked.
Also Run Program On a 'Restore' Notification
•
When checked and if the alert notification is due to a service up or a ’Notify On Restore’
option, then the program is executed. It is up to the user to insure that the executed program
takes the appropriate action for a failure or for a restore. Also, the Run Program checkbox
must be checked.
Program Name Field
•
Defines the name of a program, batch, or command file to be run when a Sentry II watch
fails; the alert meets the conditions specified in the Counter View; or a User Alert is
received. The Run Program checkbox must be checked.
p. 113
•
NOTE. See the Frequently Asked Questions section earlier in this manual for an example of
using the ‘Program’ action to use ‘Net send’ to send an alert notification to a workstation.
Program Args Field
•
Defines an 'Argument' string passed to the program, batch, or command file named in the
Program Name field when executed.
The 'Argument' string text supports "macro substitution" based on six different macro
are:
&D for Date,
&T for Time,
Test Program Button
•
Press this button to test your Program specifications including macro substitution on the
Program Args. If run program on the “Monitored server/device” or “Restart monitored
server/device” is selected, the test only process the Program Args macros, if any, and returns
a message.
p. 114
Pager/PCS
Alpha Pager/PCS Checkbox
•
Defines whether to dial an Alpha Pager or PCS Phone when an SNMP Trap, Event Log, IP
or Win Services watch fails or the alert meets the conditions specified in the Counter View or
File Check; or a User Alert is received.
•
When checked, and alert conditions have been met, the Alpha Pager/PCS Phone is dialed
and the specified alphanumeric text is sent.
•
When unchecked, no action is taken.
Access Number Field
•
Defines the Access Number of the Alpha Pager/PCS service provider. Usually this is an
'800' or '888' toll free number.
•
Define multiple Access Numbers, separated by a semi-colon, to send the Page to more than
one.
PIN/Pager Number Field
•
Defines the PIN number for your Alpha Pager or the number for your PCS Phone. Sentry II
supplies this number after connecting to the Alpha Pager/PCS service provider.
•
Multiple PIN/Pager Numbers supported, to call multiple Pagers, if PIN/Pager Numbers
separated by a semi-colon. A single Access Number above can be combined with multiple
PIN/Pager numbers, in which case, the same Access Number is called for each PIN/Pager
number.
p. 115
Password Field
•
This is an optional password field that is supplied if required by the Alpha Pager service
provider. A password is usually not required in the USA.
Text-To-Send Field
•
Defines the alphanumeric text that you want sent to your Alpha Pager or PCS Phone. There
is a maximum of 220 characters.
The Text-To-Send field supports "macro substitution" based on six different macro
are:
&D for Date,
&T for Time,
Global Pager Port Field
•
Defines the port on the Sentry II Server computer where the modem is attached, which is
used for dialing out to the Alpha. By default, the general TAPI device is chosen. If
necessary, you can specify a specific TAPI device or COM port from the drop-down select
box. This is a global setting and applies to all alerts, not just to the alert being defined here.
Test Pager Button
•
Press this button to test your Alpha Pager/PCS specifications. Using the information you
have defined, a test call is made and the alphanumeric text is sent. Status messages will
indicate whether there was correct information and the dial-out was successful. If
everything is correct, you should receive the alphanumeric text on your specified Alpha
Pager or PCS Phone.
Beeper
Beeper Checkbox
•
Defines whether to dial a Beeper when an SNMP Trap, Event Log, IP or Win Services watch
fails or the alert meets the conditions specified in the Counter View or File Check; or a User
Alert is received.
p. 116
•
When checked and alert conditions have been met, the Beeper is dialed and the specified
numeric text is sent.
•
When unchecked, no action is taken.
Beeper Number Field
•
Defines the phone number for your Beeper.
Numeric Text-To-Send Field
•
Defines the numeric text that you want sent to your Beeper. There is a maximum of 64
characters.
Global Beeper Delay Field
•
Defines the delay, in seconds that Sentry II waits after dialing your beeper number before
sending the numeric text data specified. This is a global setting and applies to all alerts, not
just to the alert being defined here.
•
Also verify that the Global Pager/Beeper Port field, located on the previous setup screen for
the Alpha Pager/PCS, is set correctly.
Test Beeper Button
•
Press this button to test your Beeper specifications. Using the information you have defined,
a test call is made and the numeric text is sent. Status messages will indicate whether there
was correct information and the dial-out was successful. If everything is correct, you should
receive the numeric text on your specified Beeper.
p. 117
SNMPTrap
SNMP Trap Notification Checkbox
•
Trap Target Address Field
•
Defines the IP address or machine name where the SNMP Trap alert notification is sent.
Enterprise OID Field
•
Defines the Enterprise OID for this originating Trap, and is used to form the Trap OID.
Specific Trap Number Field
•
Defines the specific Trap number for this Trap alert notification
•
This is combined with the Enterprise OID to form the complete Trap OID.
Community Field
•
Defines the Community name parameter which the Trap receiver may check before
accepting the Trap.
Test Program Button
•
Press this button to test your SNMP Trap Specification specifications. A SNMP Trap is sent
using the specified parameters.
p. 118
SYSLOG
Syslog Notification Checkbox
•
Syslog Server Address Field
•
Defines the IP address or machine name where the SYSLOG alert notification is sent.
Syslog Facility Field
•
Defines the so-called Facility that defines where the Syslog message is originating.
•
Used in conjunction with the Severity to form the Syslog Message Priority code
Syslog Severity Field
•
Defines the so-called Severity that defines where the severity level of the Syslog message.
•
Used in conjunction with the Facility to form the Syslog Message Priority code
Test Syslog Button
•
Press this button to test your Syslog specifications. A Syslog message is sent using the
specified parameters.
p. 119
Buttons
New Button
•
When in Review mode, press the New button to enter the Edit and Update Mode and add a
new watch or alert to the Sentry II database.
•
A Specify New Watch/Alert Type dialogue box pop-up is displayed. Choose the type of
watch/alert you are defining: ServerWatch, CounterWatch for Windows Counters,
EventLogWatch, ProcessWatch for Windows Processes, WinServicesWatch,
CustomWatch with a Windows Executable, FileWatch, CounterWatch for SNMP
Counters, SNMPWatch for SNMP Traps, or SYSLOGWatch.
•
Define the associated parameters for the watch/alert type selected. Then select the Schedule
and Action views, define appropriate parameters and then press the Save button to save and
return to Review Mode.
Edit Button
•
When in Review Mode, press the Edit button to enter the Edit and Update Mode. In this
mode you can modify an existing watch or alert in the Sentry II database. Change the watch
or alert parameters in the various fields on the SNMP Trap, Event Log, CUSTOM,
SERVICE, PROCESS, FILE or IP Services, Counter or User, Schedule, and Action
views, and then press the Save button to save and return to Review Mode.
Duplicate Button
•
Starts the processing of a New watch/ alert entry by starting with all the parameters of the
selected watch/ alert being duplicated. You have to specify the servers/devices for this new
Watch/Alert.
•
Press the Save to complete the New processing.
p. 120
Delete Button
•
When in Review Mode, press the Delete button to remove a watch or alert from the Sentry II
database. You are prompted to confirm the delete.
Save Button
•
When in the Edit and Update Mode, press the Save button to save new or edited parameters
for a watch or alert. You will then be returned to Review Mode.
Cancel Button
•
When in the Edit and Update Mode, press the Cancel button to abandon any new or edited
parameters and return to Review Mode.
User Alerts
The User Alert provides a means for your own program or batch file to notify personnel of an alert
condition. Each computer that wishes to use this facility must be running the Sentry II Agent
component. A utility program called Sentry IIAlert.exe is installed with each Agent component
automatically. This program communicates with this Agent whereby the alert notification is then
sent to the Sentry II Server.
The Sentry IIAlert.exe requires an input argument that is the name of the User Alert defined by you
here in Configure Watches/Alerts. For example, define a User Alert with the name “My Special
User Alert”, and specify the particular actions you want to occur when this alert is triggered. Then,
on one or more of your Microsoft OS based computers, running the Sentry II Agent, program your
application to invoke Sentry IIAlert.exe and passing the argument of “My Special User Alert” when
a condition occurs that requires alert notification.
C:\windows\system32\Sentry IIAlert.exe “My Special User Alert”
Sentry IIAlert.exe accepts an optional second argument, which is passed as part of the Email body
text if one of the alert actions includes sending an Email.
p. 121
Cycle Multiple Displays
Use the Cycle Multiple Displays feature when screen space for displays is at a premium and you
want to view multiple displays. You can control which of the Sentry II Displays are shown during
each cycle, and how long the cycle pauses on each shown Display.
Refer to the specific section on each of the available Displays for the details of how that particular
Display functions.
Cycle Display Properties Button
•
Press this button to pop-up the Cycle Display Properties dialogue screen, and here you can
select which Displays to show and what the Display Pause is on each.
Pause/Resume Cycle Button
•
Press this button to Pause the Cycle on the currently shown Display. The Pause button
changes to a Resume button.
•
Press the Resume button to restart the Cycle.
p. 122
Network Status Display
Use the Network Status Display to display the status of your server & network devices, and by
extension the Groups that they are members of. On the Groups View, an icon is displayed for each
Group representing the combined status of all the servers & devices that make up the Group. If all
servers and devices are 'Normal', then the Group icon is 'Normal' Green. If any server or device in
the Group has a critical alert outstanding for the Status Interval, which defaults to the previous 2
hours, then the Group icon is 'Critical' Red. Otherwise, if any server or device in the Group has a
caution alert outstanding for the status interval, and there are no critical alerts outstanding, then the
Group icon is 'Caution' Yellow.
You can expand the Group to view the individual status of the servers and devices in the Group.
The servers and devices are displayed on the Devices View. On the Devices View you can 'drilldown' to see the outstanding alerts for the Status Interval, by clicking the server or device status
icon. This displays the Device Alert Details. On the Device Alert Details Display, you can flag
via checkbox and 'Acknowledge' one or more of the outstanding alerts, and the status display is then
automatically updated appropriately.
Outstanding alerts older than the Status Interval are expired and the status display is updated
appropriately. ServerWatch alerts with the 'Server Up' alert, and CounterWatch alerts with the
'Return to Normal' option, will cancel their corresponding alert and the display is then automatically
updated appropriately.
When you exit the Network Status Display, the current view choice is saved and restored on the next
display. This is saved in the local registry and only applies to the Sentry II console on the particular
machine.
p. 123
Groups View
On the Groups View, an icon is displayed for each Group representing the combined status of all the
servers & devices that make up the Group. If all servers and devices are 'Normal', then the Group
icon is 'Normal' Green. If any server or device in the Group has a critical alert outstanding for the
Status Interval, which defaults to the previous 2 hours, than the Group icon is 'Critical' Red.
Otherwise, if any server or device in the Group has a caution alert outstanding for the Status
Interval, and there are no critical alerts outstanding, then the Group icon is 'Caution' Yellow.
Press the "Expand" icon
decrease the display area.
to toggle the hide and show of the Menu and Banner panes to increase or
Audio Alert Checkbox
•
Enables playing of a WAV file when any status in either the Groups or Devices views
changes.
•
Uses the Windows 'Asterisk' assignment. Refer to "Control Panel->Sounds and Multimedia
Properties" for changing the 'Asterisk' WAV assignment.
Expand All Button
•
Press this button to expand all the Groups and show the status of their servers and devices in
the Devices View.
•
Clicking the plus icon next to the Group’s status icon can expand the individual Group.
Collapse All Button
•
Press this button to contract all the Groups and hide the status of their servers and devices in
the Devices View.
•
Clicking the minus icon next to the Group’s status icon can contract the individual Group.
Devices View
On the Devices View, the status of servers and devices of any expanded Group in the Groups View
is displayed. If there are no outstanding alerts in the Status Interval, then the status icon for the
server/device is 'Normal' Green. If there is at least one critical alert outstanding for the Status
Interval, then the status icon for the server/device is 'Critical' Red. Otherwise, if there is at least one
caution alert outstanding for the Status Interval, and there are no critical alerts outstanding, then the
server/device icon is 'Caution' Yellow.
To view all the current alerts outstanding in the Status Interval, click the status icon for the
server/device. This will display the Device Alert Details dialogue box (see below).
Status Interval n Hours Selection
•
Select the number of hours between 1 and 120 (5 days) to define the 'window' of alerts that
will affect the status display.
•
Alerts older than the Status Interval are 'expired' and the status display is updated
appropriately.
p. 124
•
The selected value is saved globally on the Sentry II server and affects going forward all
Network Status Displays.
Wide Names Checkbox
•
Optional setting which allocates more space per server/device on the display to handle
situations where long names are used for servers/devices.
Large Icons Checkbox
•
Optional setting which displays large icons for the status..
Show Faults at Top Checkbox
•
Optional setting that positions entries in a fault state at the top of the display in severity
order with sort by name in each severity level.
p. 125
Device Alert Details Dialogue Box
The Device Alert Details dialogue box pops-up when you click the status icon of a server/device on
the Devices View tab. This view displays the list of all outstanding, and unacknowledged, caution
and critical alerts for the Status Interval. The details of each alert displayed are dependent on the
type of alert.
Acknowledge Button
•
Press this button to 'Acknowledge' the selected alerts listed.
•
'Acknowledge' of an alert implies you have reviewed and 'actioned' the alert, and it is
removed from the list of outstanding alerts for the Status Interval, and the server/device
status icon is updated as appropriate.
p. 126
•
Button is disabled if the user has ‘View Only’ rights.
•
Press either of these buttons to select or unselect all the listed alerts to be acknowledged.
•
Buttons are disabled if the user has ‘View Only’ rights.
Close Button
•
Press this button to close the Device Alert Details dialogue box and return to the Devices
View.
Print Button
•
Press this button to print the Device Alert Details display.
p. 127
ServerWatch Display
Use ServerWatch Display to display the current status of those server IP Services (SNMP, HTTP,
SMTP, POP3, FTP, DNS, SQL, ORACLE, TELNET, L_NOTES, PING, and USER) that you are
watching. You define those server IP Services to be watched in Configure Watches/Alerts. By
default, the status of all active server IP Services being watched is displayed. Select the Configure
Filter (see below), to limit the display to only those active server services you are interested in
seeing displayed.
Server Status Log View
The Server Status Log view is the default view. In this view, the most recent status for those server
IP Services are displayed that you have specified See Configure Filter below).
Press the "Expand"
icon to toggle the hide and show of the Menu and Banner panes to increase
or decrease the server status log display area.
p. 128
•
Displays the name of the specific server/computer whose status is displayed.
•
Hover with the mouse to see a detailed description of the server/computer, and the Alert
Group where it is assigned, displayed.
•
Click the Server/Computer Name column header to sort the display entries by
server/computer name.
IP Address Field
•
Displays the IP address of the specific server computer whose status is displayed.
•
Click the IP Address column header to sort the display entries by IP address.
Type Field
•
Displays the specific IP Service type (PING, HTTP, SMTP, POP, FTP, DNS, SQL,
ORACLE, TELNET, L_NOTES, SNMP, and USER) for this server.
•
Click the Type column header to sort the display entries by service type.
Last Field
•
Displays the time of the most recent status check.
•
Click the Last column header to sort the display entries by time.
•
Hover with the mouse to see the complete text of the last response message received for this
service.
%Up Field
•
Displays the percentage of uptime dynamically computed based on the total number of
ServerWatch checks that were successful divided by the overall total number of
ServerWatch checks made.
•
Hover with the mouse to see a display of the number of up checks and down checks used in
the calculation.
•
Click the %Up column header to sort the display entries by percentage of uptime.
Response Time Field
•
Graphic display of the last response time for this service; green bar indicates service is
available and the time of the last response up to a running average; orange bar indicates that
part of the last response time greater than the running average; and a red bar indicates the
service response failed on the last check.
•
Hover with the mouse to see a display of the last response time in milliseconds and
percentage of the Response Time Scale; the running average response time in milliseconds;
and the maximum response time in milliseconds.
p. 129
•
Click the Response Time column header to view a pop-up to set the Response Time Scale;
the default Response Time Scale is 500 milliseconds.
Failures At Top Checkbox
•
When checked, any failed or down server/IP service is displayed at the top of the display in
the current sort order.
Track Last Checkbox
•
Enables the highlight of the last line entry updated.
Clear Log Button
•
Press this button to clear the Server Status Log display.
•
This does not affect the data in the Sentry II Server database.
Configure Filter Button
•
Press this button to enable the Specify Status Log Display Filter (See below) pop-up
dialogue box.
Print Button
•
Press this button to print the Server Status Log display.
Specify Status Log Display Filter Dialogue Box
The Specify Status Log Display Filter dialogue box is enabled when the Configure Filter button is
pressed. This dialogue box displays the tree of all services and their associated computers that are
currently being watched as previously defined in Configure Watches/Alerts. From this tree of server
computers, choose the ones you want to display in the Server Status Log.
Service : Server/Computer Tree
•
All the available IP Services are displayed as nodes in the tree.
•
Press the + image to expand the service and see its list of associated computers that are being
watched; press the - image to contract.
•
Click the checkbox to check or uncheck the computer for display in the Server Status Log;
eligibility for display takes effect as soon as the check/uncheck is made.
•
When checked and eligible for display in the Server Status Log, the computer icon image
is replaced with the status watch image .
•
Hover with the mouse over the computer icon or watch icon
to display the computer
description and the Alert Group name where this service watch/alert is defined.
•
Computer names displayed in red text are currently suspended (See Configure
Watches/Alerts) and are not currently being watch.
p. 130
•
Press either of these buttons to select or unselect all the computers in the expanded IP
Services.
Close Button
•
Press either of these buttons to select or unselect all the computers in the expanded IP
Services.
p. 131
AlertWatch Display
Use AlertWatch Display to display Sentry II alert events for alerts that you have previously defined
(See Configure Watches/Alerts). These can be SNMP Trap alerts, Event Log alerts, SYSLOG alerts,
Win Services alerts, Windows & SNMP Counter alerts, IP Services alerts, FileWatch alerts, or User
alerts. By default, all alert events are displayed. Use Configure Filter and then only those alert
events are displayed that have been specified in the Alert Log Filter (See Configure Filter below).
Alert Log View
The Alert Log view is the default view. In this view, all alert events are displayed that match alerts
you have specified in the Alert Log Filter using the Configure Filter.
Press the "Expand"
icon to toggle the hide and show of the Menu and Banner panes to increase
or decrease the event log display area.
•
Displays the specific server/device for which the alert event occurred.
•
When you hover with the mouse over the server/device name, a detailed description of the
server/device, and the Alert Group where it is assigned, is displayed.
Audio Alert Checkbox
p. 132
•
Enables playing of a WAV file when a new alert is written to the display.
•
Alert Type Field
•
Displays the specific SNMP Trap OID, Event Log name & type, IP Service type (PING,
HTTP, etc), Win Service name, SYSLOG Tag field, File Check name, Counter name, or
"User", of the alert event which occurred.
•
When you hover with the mouse over the counter name, a detailed description of the
counter, and the Object to which it belongs, is displayed. In addition, if the counter name
does not fully fit in the width of the field, the full counter name is displayed, along with the
description and Object name.
Date/Time Stamp Field
•
Displays the date and time when the alert event occurred.
Status Field
•
Displays the status of the SNMP Trap, IP Service, Win Service, SYSLOG, File Check,
Event ID of an Event Log, or value of the Counter, that triggered the alert event. Not
applicable for a User alert.
•
When you hover with the mouse over the value for a Counter alert, the alert Threshold and
Duration parameter values are displayed; when you hover over the status for an IP Service
alert, the complete status message is displayed; when you hover over the status for a File
Check alert, the file size, last modified date/time, and search string is displayed; when you
hover over the ID for an Event Log alert, the Source, Category, and Event Description are
displayed; when you hover over the status for a SNMP Trap, the Variable Bindings
information, the originating server IP address, uptime, and the OID for the Trap are
displayed; when you hover over the status for a SYSLOG alert, the Facility & Severity
information and complete message text is displayed; and when you hover over the status for
a Win Service alert, the complete status message is displayed.
Action Taken Field
•
Displays the actions taken, if any are defined for the alert, as a result of the alert event.
•
Actions taken may be: No Actions Taken, or if some action was taken, Email Sent, Alpha
Pager Called, Beeper Called, Service Restarted and/or Program Run or Computer
Rebooted. All actions are dependent upon how the alert has been previously defined (See
•
When you hover with the mouse over the action, if it is Email Sent, the Email Address to
whom the Email was sent, and the Email Subject line are displayed; if it is Alpha Pager
Called, the Pager Number and Pager Text are displayed; if it is Beeper Called, the Beeper
Number and Beeper Text are displayed; and/or, if it is Program Run the Program Name of
the program run and whether it was run at the Sentry II Server or at the Monitored
Computer, is displayed.
p. 133
View Filter Button
•
Press this button to enable the Alert Log Filter view below the Alert Log view.
•
Only those events for alerts defined in the Configure Filter (See below) and displayed in the
Alert Log Filter are displayed in the Alert Log.
•
If no entries are defined in the filter, then all alert events are displayed in the Alert Log.
•
Press this button to enable the Configure Alert Log Filter pop-up dialogue box.
•
Only those events for alerts defined in the Configure Alert Log Filter (See below) and
displayed in the Alert Log Filter are displayed in the Alert Log.
•
If no entries are defined in the filter, then all alert events are displayed in the Alert Log.
Clear Log Button
•
Press this button to clear the Alert Log display.
•
This does not affect the alert event data in the Sentry II Server database.
Print Button
•
Press this button to print the Alert Log display.
Alert Log Filter View
The Alert Log Filter view is enabled when the View Filter button is pressed. This view displays the
parameters for alerts that have been defined (See Configure Alert Log Filter View below) as eligible
for display in the Alert Log.
Alert Group Name Field
•
Displays the name of the Alert as defined in Configure Watches/Alerts that is eligible
for display in the Alert Log.
•
When you hover with the mouse over the alert group name, the description for it is
displayed.
Alert Type Field
•
Displays the Alert Type, EventLog, SNMPTrap, IP Service, Win Service, Process, File
Check, Counter, or User plus the specific Event Log name, IP Service type (PING, HTTP,
etc), Win Service name, Counter name, or "User", for the alert events to be displayed in the
Alert Log.
•
When you hover with the mouse over the counter name, a detailed description of the
counter, and the Object to which it belongs, is displayed. In addition, if the counter name
does not fully fit in the width of the field, the full counter name is displayed, along with the
description and Object name.
p. 134
Delete Entry Button
•
Select an alert entry in the Alert Log Filter by clicking with the mouse anywhere on the
entry line.
•
Press this button to remove the selected alert entry from the Alert Log Filter and stop
displaying any more corresponding events for this alert in the Alert Log.
Collapse Button
•
Press this button to close the Alert Log Filter view.
•
Press the View Filter button (See above) to reopen the Alert Log Filter view.
Configure Alert Log Filter Dialogue Box
The Configure Alert Log Filter dialogue box pops-up when the Configure Filter button is pressed.
This view displays the list of all possible alerts previously defined (See Configure Watches/Alerts)
and their associated parameters. From this comprehensive list of alerts, in the Alert Group Name
drop-down list, choose the alerts you want to display in the Alert Log.
By default, all alerts are displayed until you configure the filter. Once the filter is configured,
then only those alerts are displayed.
Alert Group Name List Field
•
The names of all possible Alerts as defined in Configure Watches/Alerts are displayed in this
drop-down list.
Selection(s) Field
•
Displays the Group, if Event Log, Service, or the Counter and its associated Object, and the
specific server/devices defined (See Configure Watches/Alerts) for this alert. If this alert is a
User alert, just a single checkbox labeled "User Alert" is displayed.
•
For SNMP Trap, Event Log, IP Service, File Check, Win Service or Counter alerts, you can
choose to include alert events for display for some or all of the specific computers for this
alert. Click the checkbox preceding the computer name to check it (for inclusion) or
uncheck it (for exclusion).
•
When you hover with the mouse over the computer icon, a description of the computer is
displayed.
•
For a suspended IP Service alert, Win Service alert, File Check alert, SNMP Trap alert, or
Event Log alert (See Configure Watches/Alerts for suspending an existing service watch /
alert), the computer names are highlighted in red to indicate the watch / alert is currently
suspended and no alerts are generated.
Close Button
•
Press this button to close the Configure Alert Log Filter dialogue box.
p. 135
•
If there are servers/computers checked, they are added (or updated) to the Alert Log Filter
and corresponding events for this alert in the Alert Log will be displayed.
•
Press the Configure Filter button (See above) to reopen the Configure Alert Log Filter
dialogue box.
p. 136
EventLogWatch Display
Use EventLogWatch Display to display watched for EventLog Messages that you have previously
defined (See Configure Watches/Alerts). Only those EventLog Messages are displayed that have
been specified in the EventLogWatch Display Filter, or if nothing has been specified in the filter
then all watched for EventLog Messages received are displayed (See Configure Filter below)
EventLogWatch Display View
The EventLogWatch Display view is the default view. In this view, all received EventLog Messages
are displayed that match EventLog Message Watches you have specified in the EventLogWatch
Display Filter using the Configure Filter.
Log Field
•
Displays the specific Event Log type with Apl for Application Log, Sec for Security Log,
Sys for System Log, Dir for Directory Service Log, Dns for DNS Server Log and Rep for
File replication Service Log.
Type Field
•
Displays the specific Event type icon with
events, for Information type events, and
for Error type events,
for Warning type
for Security Check type events.
Server/Computer Name Field
p. 137
•
Displays the name of the specific server/workstation computer whose Event log entry is
displayed.
•
Hover with the mouse to see a detailed description of the computer displayed.
Source Field
•
Displays the Source for the event log entry displayed.
Date/Time Field
•
Displays the date and time of the displayed event log entry. Time is in 24-hour, "military"
time.
Event ID Field
•
Displays the Event ID for the event log entry displayed.
User Name Field
•
Displays the User Name for the event log entry displayed.
Event Description Field
•
Displays the Event Description, which is a detailed text description for the event log entry
displayed.
Alert Audio Checkbox
•
Enables playing of a WAV file when an EventLog Message event is written to the display.
•
View Filter Button
•
Press this button to enable the EventLogWatch Display Filter view below the
EventLogWatch Display view.
•
EventLogWatch Display Filter are displayed in the EventLogWatch Display.
•
If no entries are defined in the filter, then all received, watched for EventLog Message
events are displayed in the EventLogWatch Display.
•
Press this button to enable the Configure EventLogWatch Display Filter pop-up dialogue
box.
•
Only those events for alerts defined in the Configure EventLogWatch Display Filter (See
below) and displayed in the EventLogWatch Display Filter are displayed in the
EventLogWatch Display Log.
p. 138
•
If no entries are defined in the filter, then all received, watched for EventLog Message
events are displayed in the EventLogWatch Display.
Clear Log Button
•
Press this button to clear the EventLogWatch Display.
•
This does not affect the EventLog Message event data in the Sentry II Server database.
Print Button
•
Press this button to print the EventLogWatch Display Log display.
EventLogWatch Display Filter View
The EventLogWatch Display Filter view is enabled when the View Filter button is pressed. This
view displays the parameters for watched EventLog Messages that have been defined (See
Configure EventLogWatch Display Filter View below) as eligible for display in the EventLogWatch
Display.
•
Displays the name of the Watch/Alert as defined in Configure Watches/Alerts that is eligible
for display in the EventLogWatch Display.
•
When you hover with the mouse over the Watch/Alert name, the description for it is
displayed.
Watch/Alert Type Field
•
Displays the Alert Type of EventLog.
Delete Entry Button
•
Select an alert entry in the EventLogWatch Display Filter by clicking with the mouse
anywhere on the entry line.
•
Press this button to remove the selected alert entry from the EventLogWatch Display Filter
and stop displaying any more corresponding events for this alert in the EventLogWatch
Display.
Collapse Button
•
Press this button to close the EventLogWatch Display Filter view.
•
Press the View Filter button (See above) to reopen the EventLogWatch Display Filter view.
Configure EventLogWatch Display Filter Dialogue Box
The Configure EventLogWatch Display Filter dialogue box pops-up when the Configure Filter
button is pressed. This view displays the list of all possible EventLog Message Watch/Alerts
p. 139
previously defined (See Configure Watches/Alerts) and their associated parameters. From this
comprehensive list of Watches/Alerts, in the Watch/Alert Name drop-down list, choose the alerts you
want to display in the EventLogWatch Display.
Watch/Alert Name List Field
•
The names of all possible Watches/Alerts as defined in Configure Watches/Alerts are
displayed in this drop-down list.
Selection(s) Field
•
Displays the EventLog Message and its associated server/devices defined (See Configure
Watches/Alerts) for this Watch/Alert.
•
You can choose to include EventLog Message events for display for some or all of the
specific servers/devices for this Watch/Alert. Click the checkbox preceding the
server/device name to check it (for inclusion) or uncheck it (for exclusion).
•
When you hover with the mouse over the server/device icon, a description of the
server/device is displayed.
•
For a suspended EventLog Message Watch/Alert (See Configure Watches/Alerts for
suspending an existing Watch/Alert), the server/device names are highlighted in red to
indicate the Watch/Alert is currently suspended and no alerts are generated.
Show On Open Last n Hours Selection
•
Select the number of hours between 0 and 24 to search and display previously received
EventLog messages when first opening the EventLogWatch Display.
•
There is a limit on the number of the most recent messages displayed, computed as (N x 25)
where ‘N’ is the number of hours specified.
•
The selected value is saved locally for the next open, and also executes immediately
•
Press either of these buttons to select or unselect all the servers/devices in the expanded
Selections(s) Field.
Close Button
•
Press this button to close the Configure EventLogWatch Display Filter dialogue box.
•
If there are servers/devices checked, they are added (or updated) to the EventLogWatch
Display Filter and corresponding events for this Watch/Alert in the EventLogWatch Display
will be displayed.
•
Press the Configure Filter button (See above) to reopen the Configure EventLogWatch
Display Filter dialogue box.
p. 140
SYSLOGWatch Display
Use SYSLOGWatch Display to display watched for SYSLOG Messages that you have previously
defined (See Configure Watches/Alerts). Only those SYSLOG Messages are displayed that have
been specified in the SYSLOGWatch Display Filter, or if nothing has been specified in the filter then
all watched for SYSLOG Messages received are displayed (See Configure Filter below).
SYSLOGWatch Display View
The SYSLOGWatch Display view is the default view. In this view, all received SYSLOG Messages
are displayed that match SYSLOG Message Watches you have specified in the SYSLOGWatch
Display Filter using the Configure Filter.
•
Displays the specific server/device from which the SYSLOG Message originated.
•
server/device, and the Watch/Alert where it is assigned, is displayed.
Tag Field
•
Displays the specific Tag from the received SYSLOG Message.
p. 141
•
Displays the date and time when the SYSLOG Message was received.
Facility/Severity Field
•
Displays the Facility and Severity information values from the received SYSLOG Message.
Message Field
•
Displays the complete received SYSLOG Message text.
•
Enables playing of a WAV file when a SYSLOG Message event is written to the display.
•
View Filter Button
•
Press this button to enable the SYSLOGWatch Display Filter view below the SYSLOGWatch
Display view.
•
SYSLOGWatch Display Filter are displayed in the SYSLOGWatch Display.
•
If no entries are defined in the filter, then all received, watched for SYSLOG Message
events are displayed in the SYSLOGWatch Display.
•
Press this button to enable the Configure SYSLOGWatch Display Filter pop-up dialogue
box.
•
Only those events for alerts defined in the Configure SYSLOGWatch Display Filter (See
below) and displayed in the SYSLOGWatch Display Filter are displayed in the
SYSLOGWatch Display Log.
•
If no entries are defined in the filter, then all received, watched for SYSLOG Message
events are displayed in the SYSLOGWatch Display.
Clear Log Button
•
Press this button to clear the SYSLOGWatch Display.
•
This does not affect the SYSLOG Message event data in the Sentry II Server database.
Print Button
•
Press this button to print the SYSLOGWatch Display Log display.
p. 142
SYSLOGWatch Display Filter View
The SYSLOGWatch Display Filter view is enabled when the View Filter button is pressed. This
view displays the parameters for watched SYSLOG Messages that have been defined (See Configure
SYSLOGWatch Display Filter View below) as eligible for display in the SYSLOGWatch Display.
•
for display in the SYSLOGWatch Display.
•
displayed.
•
Displays the Alert Type of SYSLOG.
Delete Entry Button
•
Select an alert entry in the SYSLOGWatch Display Filter by clicking with the mouse
•
Press this button to remove the selected alert entry from the SYSLOGWatch Display Filter
and stop displaying any more corresponding events for this alert in the SYSLOGWatch
Display.
Collapse Button
•
Press this button to close the SYSLOGWatch Display Filter view.
•
Press the View Filter button (See above) to reopen the SYSLOGWatch Display Filter view.
Configure SYSLOGWatch Display Filter Dialogue Box
The Configure SYSLOGWatch Display Filter dialogue box pops-up when the Configure Filter
button is pressed. This view displays the list of all possible SYSLOG Message Watch/Alerts
previously defined (See Configure Watches/Alerts) and their associated parameters. From this
comprehensive list of Watches/Alerts, in the Watch/Alert Name drop-down list, choose the alerts you
want to display in the SYSLOGWatch Display.
•
p. 143
Selection(s) Field
•
Displays the SYSLOG Message and its associated server/devices defined (See Configure
•
You can choose to include SYSLOG Message events for display for some or all of the
specific servers/devices for this Watch/Alert. Click the checkbox preceding the
server/device name to check it (for inclusion) or uncheck it (for exclusion).
•
•
For a suspended SYSLOG Message Watch/Alert (See Configure Watches/Alerts for
suspending an existing Watch/Alert), the server/device names are highlighted in red to
indicate the Watch/Alert is currently suspended and no alerts are generated.
•
SYSLOG messages when first opening the SYSLOGWatch Display.
•
•
•
Close Button
•
Press this button to close the Configure SYSLOGWatch Display Filter dialogue box.
•
If there are servers/devices checked, they are added (or updated) to the SYSLOGWatch
Display Filter and corresponding events for this Watch/Alert in the SYSLOGWatch Display
will be displayed.
•
Press the Configure Filter button (See above) to reopen the Configure SYSLOGWatch
p. 144
SNMPTrapWatch Display
Use SNMPTrapWatch Display to display watched for Traps that you have previously defined (See
Configure Watches/Alerts). Only those Traps are displayed that have been specified in the
SNMPTrapWatch Display Filter, or if nothing has been specified in the filter then all watched for
Traps received are displayed (See Configure Filter below).
SNMPTrapWatch Display View
The SNMPTrapWatch Display view is the default view. In this view, all received Traps are
displayed that match Trap Watches you have specified in the SNMPTrapWatch Display Filter using
the Configure Filter.
•
Displays the specific server/device for which the Trap originated.
•
server/device, and the Watch/Alert where it is assigned, is displayed.
Trap Type Field
•
Displays the specific Name and OID of the received Trap.
p. 145
•
Displays the date and time when the Trap was received.
Variable Bindings Field
•
Displays the received Variable Bindings information, if any that was received with the Trap.
•
Enables playing of a WAV file when a Trap event is written to the display.
•
View Filter Button
•
Press this button to enable the SNMPTrapWatch Display Filter view below the
SNMPTrapWatch Display view.
•
SNMPTrapWatch Display Filter are displayed in the SNMPTrapWatch Display.
•
If no entries are defined in the filter, then all received, watched for Trap events are displayed
in the SNMPTrapWatch Display.
•
Press this button to enable the Configure SNMPTrapWatch Display Filter pop-up dialogue
box.
•
Only those events for alerts defined in the Configure SNMPTrapWatch Display Filter (See
below) and displayed in the SNMPTrapWatch Display Filter are displayed in the
SNMPTrapWatch Display Log.
•
If no entries are defined in the filter, then all received, watched for Trap events are displayed
in the SNMPTrapWatch Display.
Clear Log Button
•
Press this button to clear the SNMPTrapWatch Display.
•
This does not affect the Trap event data in the Sentry II Server database.
Print Button
•
Press this button to print the SNMPTrapWatch Display Log display.
Configure SNMPTrapWatch Display Filter View
The SNMPTrapWatch Display Filter view is enabled when the View Filter button is pressed. This
view displays the parameters for watched Traps that have been defined (See Configure
p. 146
SNMPTrapWatch Display Filter View below) as eligible for display in the SNMPTrapWatch
Display.
•
for display in the SNMPTrapWatch Display.
•
displayed.
•
Displays the Alert Type of SNMPTrap.
Delete Entry Button
•
Select an alert entry in the SNMPTrapWatch Display Filter by clicking with the mouse
•
Press this button to remove the selected alert entry from the SNMPTrapWatch Display Filter
and stop displaying any more corresponding events for this alert in the SNMPTrapWatch
Display.
Collapse Button
•
Press this button to close the SNMPTrapWatch Display Filter view.
•
Press the View Filter button (See above) to reopen the SNMPTrapWatch Display Filter
view.
Configure SNMPTrapWatch Display Filter Dialogue
The Configure SNMPTrapWatch Display Filter dialogue box pops-up when the Configure Filter
button is pressed. This view displays the list of all possible Trap Watch/Alerts previously defined
(See Configure Watches/Alerts) and their associated parameters. From this comprehensive list of
Watches/Alerts, in the Watch/Alert Name drop-down list, choose the alerts you want to display in the
SNMPTrapWatch Display.
•
p. 147
Selection(s) Field
•
Displays the SNMP Trap and its associated server/devices defined (See Configure
•
You can choose to include Trap events for display for some or all of the specific
servers/devices for this Watch/Alert. Click the checkbox preceding the server/device name
to check it (for inclusion) or uncheck it (for exclusion).
•
•
For a suspended SNMP Trap Watch/Alert (See Configure Watches/Alerts for suspending an
existing Watch/Alert), the server/device names are highlighted in red to indicate the
Watch/Alert is currently suspended and no alerts are generated.
•
SNMPTrap messages when first opening the SNMPTrapWatch Display.
•
•
•
Close Button
•
Press this button to close the Configure SNMPTrapWatch Display Filter dialogue box.
•
If there are servers/devices checked, they are added (or updated) to the SNMPTrapWatch
Display Filter and corresponding events for this Watch/Alert in the SNMPTrapWatch
Display will be displayed.
•
Press the Configure Filter button (See above) to reopen the Configure SNMPTrapWatch
p. 148
System Monitor
Use System Monitor to display the Agent status details of your servers & workstations that have the
installed Sentry II Agent.
You can expand the Group to view the individual System details of the servers and workstations in
the Group. The servers and workstations are displayed on the Servers View.
Once opened, the System Monitor display automatically refreshes every 5 minutes.
When you exit the System Monitor display, the current view choice is saved and restored on the next
machine.
Groups View
Use the Groups View to control which servers/workstations are displayed in the Servers View.
Expand All Button
•
Press this button to expand all the Groups and show the specified Registry values of all the
servers and workstations in the Servers View.
•
Clicking the plus icon next to the Group’s status icon can expand individual Groups.
p. 149
Collapse All Button
•
Press this button to contract all the Groups and hide the Registry value details of their
•
Clicking the minus icon next to the Group’s status icon can contract individual Groups.
Servers View
On the Servers View, the specified Registry details of all the servers and workstations of any
expanded Group in the Groups View are displayed.
Print Button
•
Press this button to print the System Status Details display.
Refresh Button
•
Press this button to refresh the System Status Details display.
p. 150
Memory Monitor
Use Memory Monitor to display the Memory utilization details of your servers & workstations that
have the installed Sentry II Agent. On the Groups View, each Group is represented by an icon that
includes the combined status of the Memory utilization of all the servers & workstations that make
up the Group. If the 'Free Pages' on each of the servers and workstations in the Group is greater than
20 Percent, then the Group icon is 'Normal' Green. If the Free Pages available is less than 20 Percent
but greater than 10 Percent on any server or workstation in the Group, then the Group icon is
'Caution' Yellow. Otherwise, if the Free Pages available is less than 10 Percent on any server or
workstation in the Group, then the Group icon is 'Critical' Red.
You can expand the Group to view the individual Memory details of the servers and workstations in
Once opened, the Memory Monitor display automatically refreshes every 5 minutes.
When you exit the Memory Monitor display, the current view choice is saved and restored on the
next display. This is saved in the local registry and only applies to the Sentry II console on the
particular machine.
Groups View
On the Groups View, each Group is represented by an icon that includes the combined status of the
Memory utilization of all the servers & workstations that make up the Group. If the 'Free Pages' on
each of the servers and workstations in the Group is greater than 20 Percent, then the Group icon is
'Normal' Green. If the Free Pages available is less than 20 Percent but greater than 10 Percent on
any server or workstation in the Group, then the Group icon is 'Caution' Yellow. Otherwise, if the
Free Pages available is less than 10 Percent on any server or workstation in the Group, then the
Group icon is 'Critical' Red.
p. 151
Expand All Button
•
Press this button to expand all the Groups and show the Memory details of all the servers
and workstations in the Servers View.
•
Collapse All Button
•
Press this button to contract all the Groups and hide the Memory details of their servers and
workstations in the Servers View.
•
Servers View
On the Servers View, the Memory details of all the servers and workstations of any expanded Group
in the Groups View are displayed.
Print Button
•
Press this button to print the Memory Details display.
p. 152
HDD Monitor
Use HDD Monitor to display the status of the Logical Drives of your servers & workstations that
have the installed Sentry II Agent. On the Groups View, each Group is represented by an icon
representing the combined status of the Logical Drives of all the servers & workstations that make
up the Group. If the 'Free Space' on all the Logical Drives of all servers and workstations in the
Group is greater than 20 Percent, then the Group icon is 'Normal' Green. If any Logical Drive Free
Space is less than 20 Percent but greater than 10 Percent, then the Group icon is 'Caution' Yellow.
Otherwise, if any Logical Drive Free Space is less than 10 Percent, then the Group icon is 'Critical'
Red.
You can expand the Group to view the individual Logical Drive details of the servers and
workstations in the Group. The servers and workstations are displayed on the Servers View.
Once opened, the HDD Monitor display automatically refreshes every 5 minutes.
When you exit the HDD Monitor display, the current view choice is saved and restored on the next
machine.
Groups View
On the Groups View, each Group is represented by an icon representing the combined status of the
Logical Drives of all the servers & workstations that make up the Group. If the 'Free Space' on all
the Logical Drives of all servers and workstations in the Group is greater than 20 Percent, then the
Group icon is 'Normal' Green. If any Logical Drive Free Space is less than 20 Percent but greater
than 10 Percent, then the Group icon is 'Caution' Yellow. Otherwise, if any Logical Drive Free
Space is less than 10 Percent, then the Group icon is 'Critical' Red.
p. 153
Expand All Button
•
Press this button to expand all the Groups and show the Logical Drive details of all the
•
Collapse All Button
•
Press this button to contract all the Groups and hide the Logical Drive details of their servers
and workstations in the Servers View.
•
Servers View
On the Servers View, the Logical Drive details of all the servers and workstations of any expanded
Group in the Groups View are displayed.
Print Button
•
Press this button to print the Logical Drive Details display.
p. 154
Registry Monitor
Use Registry Monitor to display selected Registry values from your servers & workstations that have
the installed Sentry II Agent. In conjunction with an optional setting in the “AGENT” ServerWatch
type (see Configure Watches/Alerts), you can optionally enable the Registry checking of your
selected Keys/Values and be alerted when Sentry II detects additions, changes, and/or deletions.
You specify which Registry values you want to monitor via the ‘Manage’ function.
You can expand the Group to view the specified Registry values of the servers and workstations in
Once opened, the Registry Monitor display automatically refreshes every 5 minutes.
Groups View
Use the Groups View to control which servers/workstations are displayed in the Servers View.
Expand All Button
•
Press this button to expand all the Groups and show the specified Registry values of all the
•
Collapse All Button
•
Press this button to contract all the Groups and hide the Registry value details of their
p. 155
•
Servers View
On the Servers View, the specified Registry details of all the servers and workstations of any
expanded Group in the Groups View are displayed.
Print Button
•
Press this button to print the Registry Details display.
Manage Button
•
Press this button to open the Manage Registry Monitoring Specifications display.
Manage Registry Monitoring Specifications Dialogue Box
The Manage Registry Monitoring Specifications dialogue box is displayed when the Manage button
is clicked. Here you specify the Registry values you want to monitor. You specify the Frequency
in minutes to check the Registry value; you specify the Value Name and Registry Key to identify
the specific Registry value to monitor; and you specify an optional Description to describe what the
value represents.
The settings are saved in the file called RegistryMonitor.txt found in the “…\Sentry II\Bin” folder. It
is possible to edit this file directly with Notepad in order to change the set of Registry values you are
monitoring.
p. 156
Add Button
•
Press this button to add a new Registry value to monitor.
•
Click the OK button to save the new entry; new entries are displayed at the top; or click
Cancel to abort the Add or Edit.
•
Sort entries by clicking the column header for Value Name or Registry Key to sort
accordingly.
Edit Button
•
Press this button to Edit the selected Registry value setting.
Duplicate Button
•
Press this button to Duplicate the selected Registry value setting. And create a new setting;
you have the opportunity to edit the setting.
Delete Button
•
Press this button to Delete the selected Registry value setting.
Save Button
•
Press this button to Save any of your Registry value setting changes.
p. 157
Cancel Button
•
Press this button to skip saving any of your Registry value setting changes.
Show Key Checkbox
•
Uncheck this checkbox and just display the subkey for the Registry values.
p. 158
CounterWatch Graphs
Use CounterWatch Graphs to create and view real-time and historical graphs of monitored Windows
& SNMP CounterWatch counter data from the servers/workstation and devices on your network.
There is an option to export the raw data on a graph to a CSV file that is easily viewed by Microsoft
Excel.
Windows CounterWatch Graphs requires the Sentry II Agent on Microsoft Windows 98/ME,
NT/2000/XP computers being monitored. There is no Agent required for SNMP devices; rather
Counter information is derived from your provided MIBs for the devices.
Monitored Objects Tree View
Refer to Manage CounterWatch Monitoring, on the Monitor menu tab, for Help on the Monitor
Objects Tree View in the left pane, and for a description of servers/devices and their associated
'counters'.
The Tree View provides you with a view of your network of servers/devices and their 'counters'.
The counters are registered with the Sentry II Server database and available for monitoring and
graphing.
Press the 'Tree"
icon to toggle between hiding and showing the Tree View in the left pane.
Press the "Expand"
icon to toggle the hide and show of the Menu and Banner panes.
Creating and Configuring Charts
New Chart
•
Press the New button to create a New Chart. The start date/time for any Counters added to
the chart is the current date/time that the new Chart is created. Save and close it, then
reopen it and specify an earlier start date/time if you want to see monitored data for the
charted counters starting at an earlier date/time.
p. 159
•
Press the Wizard button to activate the Chart Wizard (See Chart Configure Wizard below) to
configure the New Chart with Name, type of chart, and other properties. Use the Chart
Wizard to cut and paste your chart, or save it as a file for importing into other programs.
You can also print your chart from the Chart Wizard.
Open Existing Chart
•
Press the Open button to choose a previously saved chart. You are prompted with a Chart to
OPEN dialog box. Select the name of the chart to open and then press the "OK" button.
•
You are prompted for a Start Date/Time for the chart with the default being the current
date/time. If you want to see the monitored data for the charted counters starting with an
EARLIER date/time, specify it in the "Start Date/Time" prompt box.
•
You are also prompted for an End Date/Time for the chart with the default being the current
date/time plus 1 day. If you want to see the charted data ending with a different date/time,
specify it in the "End Date/Time" prompt box.
•
Press the Wizard button to activate the Chart Wizard (See Chart Configure Wizard below) to
configure the Opened Chart with Name, type of chart, and other properties. Use the Chart
Wizard to cut and paste your chart or save it as a file for importing into other programs.
You can also print your chart from the Chart Wizard.
Multiple Open Charts
•
Open or create new multiple charts simultaneously; the most recent opened or new chart has
the 'full-view', whereas the previously opened charts are positioned in the reduced picturein-picture or 'PIP' view (See Selecting the Active Chart below).
Add Counters to Chart
•
Click the counter name in the Tree View to select it to add to a chart. (You click the
counter's associated checkbox to enable monitoring).
•
Use the standard Shift and Ctrl keys when clicking on the counter name to select more than
one.
•
Selecting one or more counters enables the Add button.
•
Press the Add button to add the selected counter(s) to the chart.
•
Alternatively, drag and drop the selected counter(s) onto the chart.
•
Be cognizant of time differences for your different servers, locally, if the server clocks are
not synchronized, and particularly for remote servers in different time zones. Monitored
data is stored in the Sentry II database based on the local time of the server being
monitored. You have to take this time into account when setting up your charts to monitor
these counters. Allow for an appropriate start time and chart density (see below) to be sure
to view monitored counters from servers in different time zones.
Delete Counters from Chart
p. 160
•
•
Press the Stop button to stop the chart if running, then click the mouse on the graph edge line
on the chart (not on the Legend) to select it, and then press the Delete key to remove the
counter from the chart.
Graph edge line will change to black color or a broken line to indicate it is selected.
Delete Existing Chart(s)
•
Press the Delete button (enabled when at least one chart is open) to delete a previously saved
chart. You are prompted with a Select One or More Chart(s) to DELETE dialog box. Select
the name of one or more charts to delete and then press the "OK" button.
•
Use the standard Shift and Ctrl keys when clicking on a chart name to select more than one.
•
You are prompted to confirm the delete.
Close Chart
•
Press the Close button to close and save an open chart.
Save Chart
•
Press the Save button to save the Chart parameters you have configured
•
This does not save the chart data since the data for the chart is already saved in the Sentry II
database. See the Export function below for exporting and saving the raw chart data to a
CSV file.
•
If Security is enabled (See Configure Security), you also have the option to assign ownership
for the saved Chart. You can assign a Saved chart to either 'All' users, or to you, the current
logged-on User. Charts assigned to you are not available to other Users. Charts assigned to
'All' are available to all Users.
•
If Security is enabled and the current logged-on User has Full Administration Rights (see
Configure Security), then when saving a Chart, the User also has the option to assign
ownership for the Chart to any available User.
Export Chart
•
Press the Export button to export the raw chart data to a CSV file that is suitable for viewing
by Microsoft Excel and can be processed by any application that can handle importing a
comma-delimited file.
p. 161
Chart Context Menu
•
Right-click on an open chart, either the 'full-view' chart or a 'PIP' chart (See Dynamic Chart
Play below) to activate a context menu.
•
From the context menu, you can:
o
create a New chart,
o
Open an existing chart,
o
Save, Export or Close the clicked chart,
o
Delete the clicked chart,
o
Play, Reverse, or Stop the clicked chart,
o
invoke the Chart Configure Wizard
o
Fine Tune Properties for the clicked chart,
o
Export the chart data to a unique CSV file.
Chart Configure Wizard
Activated by pressing the Wizard button or selecting Wizard from the Chart Context Menu (See
above). Use the Chart Wizard to configure every aspect of your chart.
Chart Components
Each chart is divided into independently configurable components. The components of the chart are
Background, Title (top area of chart), Display (middle or main body area of chart), and Legend
(bottom area of chart). This is configurable on the Misc Tab (See below).
Selecting Chart Components
p. 162
On each Chart Wizard tab (See below), select the component of the chart you want to configure from
the Setting of drop down list, or press the shift key plus point to the component in the preview
window and click.
General Tab
•
Select the component of the chart you want to configure.
•
Specify the area rectangle size for each component in the Component Rect fields, and define
the meaning of the values from the Measure drop down list; the default is Percent.
•
Specify the Border and Shadow type for each component's area rectangle.
•
For the Title_B component, specify the Chart Title.
•
For the Display_C component, specify parameters regarding chart type (there are over
43 types); orientation of the axis, and style of grid lines.
•
For the Legend_D component, specify parameters regarding legend style and key style.
Fill Style Tab
•
•
For each component, specify fill style and colors.
Font Style Tab
•
•
For each component, specify font type, size, color, style, and alignment.
Misc Tab
•
Configure and position the chart components.
Chart Preview Window
•
Select a component to configure in each of the property tabs above by pressing the shift key
plus pointing to the component in the preview window, and then click.
•
Point and right-click on the preview window to display a context menu with options to Copy
Chart to clipboard, Save Chart As Dib file or Save Chart As Jpeg file. Use any of these to
'export' the chart to other applications to include in reports or documents or to print the chart
from within these applications.
Dynamic Chart Play
The "VCR"-type button controls, which are used to control the dynamic play of a chart, always
apply to the active chart (See Selecting the Active Chart below). Available options are Export, Save,
Play, Fast Forward (FF), Reverse (Rev), Fast Reverse (FR), and Stop.
Selecting the Active Chart
p. 163
•
When you have more than one chart open, the red border indicates the active chart.
•
To change the active chart or to change which chart has the full view, use the buttons on the
bottom right.
•
Press the Next button to make the top PIP chart the new active chart; the chart with the red
border is the active chart and the "VCR" button controls apply to it.
•
Press the Swap button to change the active chart to the full view.
•
Alternatively, Click a blue-bordered chart to make it the new active chart.
•
Double Click a blue-bordered chart to make it the new active chart and swap it to the full
view.
•
Point the mouse to a chart, and press the right mouse button to pop-up a context menu with
similar functions as the control buttons below (See Chart Context Menu above).
Full-View Chart Slider
•
Use the slider with the 'full-view' chart, to scroll forward and backward in time through the
chart data. Click on the slider 'tab' to 'grab' it and slide it left (backward in time) or right
(forward in time).
•
Click on the slider to the left of the 'tab' to move the chart backward, or to the right
of the 'tab' to move the chart forward, one chart image at a time.
p. 164
Plotted Point Information
•
Hover with the mouse over a plotted point on the graph to see a pop-up with information
about it.
•
Information displayed is the Group Name, Computer Name, Object Name, Counter Name,
Value, Average, and Date/Time for the plotted point.
Fine Tune Chart Play
Activated by pressing the Tune button or selecting Tune from the Chart Context Menu (See above).
Use the Fine Tune Chart Play to configure the performance of the chart playback.
General Tab
•
In Chart Density, specify the density of values displayed on the chart at one time. More
density shows a larger time slice but plays more slowly and takes longer to initially load and
scroll through.
•
Specify, in Server Polling Rate, the frequency with which the chart polls the Sentry II Server
for new data to add to the chart when playback is at present time.
•
Specify, in Playback Speed, how fast the chart playback is at past time.
•
Specify, in Playback Acceleration, how fast the chart plays in the fast forward and fast
reverse playback.
•
not synchronized, and particularly for remote servers in different time zones. Monitored
data is stored in the Sentry II database based on the local time of the server being
monitored. You have to take this time into account when setting up your charts to monitor
these counters. Allow for an appropriate start time and chart density (see below) to be sure
to view monitored counters from servers in different time zones.
p. 165
Advanced Tab
•
Specify a fixed vertical axis (y-axis) scale; by default the scale varies based on the data
currently being displayed.
p. 166
Schedule CounterWatch Monitoring
Use Schedule CounterWatch Monitoring to schedule the execution of Windows & SNMP
CounterWatch reports you have previously defined using Sentry II templates (See Create
CounterWatch Reports). In Schedule CounterWatch Monitoring mode, define the Start Date/Time
and Duration parameters for the monitoring phase. After the monitoring phase has completed, run
the Performance Wizard (See Run/Analyze & View Reports) to analyze results of the monitoring.
Schedule View
Select this tab for the Schedule view. In this view, select the report you want to execute, define the
start date/time to begin monitoring, and define how long the monitoring should occur.
Report Name Field
•
Drop-down list box displaying the names of all reports defined previously in Create
CounterWatch Reports and available to be executed.
Report Description Field
•
Description for the selected report.
Report Details Button
•
Press this button to pop-up a display that shows the selected report parameters as defined
previously in Create CounterWatch Reports.
p. 167
•
Collection Set Name and Collection Set Description are the name and description for the
collection set template used as the basis for the selected report.
•
Server/Device Name and Group Name are the name of all the servers/devices and the Group
to which each belongs and which the selected report will use for the monitoring phase.
•
Click the OK button to close the Report Details display.
Start Date/Time Field
•
For the selected report, define when the report should begin the counter-monitoring phase
for the specified computers. These are "point & click" fields.
o
Click the first field (Start Date) to view the current month calendar. "Point & click"
to select a date from this month or click the right-arrow icon to scroll to the next
month. Use the left- and right-arrow icons to scroll backward or forward to find the
calendar month you want, and then click the date for the Start Date.
o
Click the second field (Start Time), to display the start time choices. Specify the
time in hour and minute, AM or PM.
Duration Field
•
Define how long the monitoring phase should last (this is a "point & click" field).
o
Click the Duration field to display the duration choices. You specify this value in
minutes, hours, days, or weeks.
Exclude Time Periods Button
•
Press this button to pop-up a dialogue where you can specify selected times-of-day periods
and day-of-the-week where monitoring results will be ignored during the Report analysis
phase associated with this report (See Run/Analyze & View Reports).
Schedule Button
•
Once the Start Date/Time and Duration fields are defined, press this button to queue the
report and schedule it to execute when the Start Date/Time becomes current.
•
not synchronized, and particularly for remote servers in different time-zones. The schedule
Start Date/Time is based on the Sentry II Server's clock. However, once remote servers are
told to begin monitoring by the Sentry II Server, monitored data is stored in the Sentry II
database based on the local time of the server being monitored. You have to take this time
into account when running the analysis reports. You also have to take this time into account
when setting up your charts to monitor these counters. Allow for an appropriate start time
and chart density (see below) to be sure to view monitored counters from servers in different
time-zones.
Status View
Select this tab for the Status view. This view shows the status of all reports that have been
previously scheduled. It includes:
p. 168
Reports waiting to start the monitoring phase (Monitor Status Scheduled)
Reports currently in the monitoring process (Monitor Status InProcess)
Reports that have completed the monitoring phase (Monitor Status Completed) Reports that
have completed the monitoring phase are ready to be analyzed by the Performance Wizard (See
Run/Analyze & View Reports).
To activate a report, point and click a report entry and enable the appropriate buttons, which will
vary depending upon the report's status.
Scheduled Monitor Status Field
•
Scheduled - reports that are currently waiting to start monitoring. Their Start Date/Time is
in the future.
•
InProcess - reports that are in the process of monitoring. Their Start Date/Time has past and
their End Date/Time is in the future.
•
Completed - reports that have completed monitoring. Their End Date/Time has past.
Date/Time Fields
•
The Start Date/Time and End Date/Time define the period for which monitoring has or will
occur for the counters and computers defined in the report (See Create CounterWatch
Reports).
p. 169
Remove Button
•
Use this button to remove a selected report entry from the waiting queue before it has started
the monitoring phase (Monitor Status is Scheduled) or to remove it from the completed
queue after it has completed the monitoring phase (Monitor Status is Completed). Once
removed, the report is no longer accessible.
Stop Now Button
•
Use this button to stop the monitoring process for a selected report that is currently in the
monitoring phase (Monitor Status is InProcess). You can still analyze the monitoring data
accumulated to date through the Performance Wizard (See Run/Analyze & View Reports).
Edit Stop Button
•
Use this button to modify the monitoring phase end date/time for a selected report that is
waiting to start the monitoring phase (Monitor Status is Scheduled), or for one that is
currently in the monitoring phase (Monitor Status is InProcess).
•
A "point & click" calendar and hour/minute drop-downs are displayed to specify a new end
date/time.
p. 170
Manage CounterWatch Monitoring
The Manage CounterWatch Monitoring feature lets you view the Windows & SNMP
CounterWatch counters you have previously manually selected and are now currently actively
monitoring. Also, optionally view your entire network of servers, workstations, and devices, and
the associated "counters" registered with Sentry II that are available for monitoring. Monitoring
these performance counters requires the Sentry II Agent be installed on each Windows NT/2000/XP
server/workstation for Windows CounterWatch monitoring; no Agent is required for SNMP
CounterWatch monitoring.
Current Counters Monitored View
The Current Counters Monitored View is the default view. All servers/devices, which have one or
more counters manually selected for monitoring, are displayed. Each server/device is displayed
along with the Group it is assigned and its operating system (See Monitor Objects Tree View below
for details on manually selecting counters for monitoring).
To see a pop-up description of the Server/Device or Group, hover over the name with the mouse.
Press the 'Tree"
icon to toggle between showing and hiding the Monitor Objects Tree View in
the left pane. Press the "Expand"
icon to toggle the hide and show of the Menu and Banner
panes.
p. 171
Expanding/Contracting Server/Device Line Display
•
The default display is with each Server/Device's active counter details hidden. Click
anywhere on the server/device line display to expand it to see all the details of the associated
counters that are currently active in monitoring.
•
The active Counters are displayed by name and with associated Object name.
•
To see a pop-up description of the Counter or associated Object, hover over the name with
your mouse.
Unselecting Active Counters
•
With the expanded detailed Counter view, you can unselect one or more Counters, and press
the Apply button to set inactive and stop monitoring.
•
Press the Unselect All button, and press the Apply button, to unselect all the expanded,
displayed Counters, and to set inactive and stop monitoring. Note that the Unselect All
button does not affect the unexpanded, non-displayed Counters.
Unselect All Button
•
Press the Unselect All button to unselect all the expanded, displayed Counters. Note that the
Unselect All button does not affect the unexpanded, non-displayed Counters.
Apply Button
•
Press the Apply button to set inactive and stop monitoring, all the unselected Counters.
Refresh Button
•
Press the Refresh button to refresh the display with all the current Servers/Devices with
active Counters.
p. 172
Print Button
•
Press this button to print the Current Counters Being Monitored display.
Properties Button
•
Press this button to show the Properties display where you can set the Global CounterWatch
Sampling Rate for Windows and SNMP, separately.
•
Setting the Sample Rate is a Global setting and overwrites any individual server/workstation
setting.
Monitor Objects Tree View
The Tree View is created and updated automatically whenever server/device are added to the Sentry
II database, either manually or through Sentry II Agent's auto-registration (See Configure
Servers/Agents & Devices).
The Tree View organizes your Network, top down, from your Groups (See Configure Groups) to
your Servers/Devices in the Groups (See Configure Servers/Agents & Devices), to the Hardware and
Software resource "Objects" on the Servers/Devices, to the detailed performance "Counters" within
each of the resource Objects.
Counters, when monitored, provide rich detail for measuring and observing the performance and
operation of your network of Windows servers, workstations and devices (See Create CounterWatch
Reports, Schedule CounterWatch Monitoring, and Run/Analyze & View Reports; also see
CounterWatch Graphs). Counters also provide the basis for defining alerts to signal real-time
performance and operation situations that you want to be aware of (See Configure Watches/Alerts
and Alert Watch Display).
Expanding/Contracting the Tree
•
Expand items on the Tree by clicking the '+' icon; collapse items on the Tree by clicking the
'-' icon.
•
Expand the Group to view its associated Servers/Devices.
p. 173
•
Expand any Computer in a Group to view the associated resource Objects.
•
Expand the Objects for any Server/Device to view the associated detailed Counters.
Tree Operations
•
To see a pop-up description of any item (Group, Server/Device, Object, Counter), hover
over any Tree item with the mouse.
•
To activate a Server/Device pop-up menu, right-click with your mouse over a Server/Device
item; choose Properties to access the Monitor Schedule property sheet (See below).
•
To activate a Counter pop-up menu, right-click with your mouse over a Counter item;
choose Summary to access the Value Summary for the Counter's monitored data in the
database (See below). For SNMP Counters, the pop-up menu also contains a SNMP Get
command and a SNMP Set command to query the Counter's value or to set the Counter,
respectively.
•
For SNMP Table entries in the Tree, distinguished by the empty meter icon, the pop-up
menu contains an Add Instance; choose Add Instance to query the device to determine the
available 'Instances' where you can then select 'Instances' to add to the Tree for monitoring;
the menu for these added 'Instances' contains a 'Delete Instance' to remove these Counters
Manual Control of Counter Monitoring
•
To manually begin the monitoring process, click the checkbox to the left of a counter to set
it according to its defined Monitor Schedule (see Computer Schedules Property Sheet,
below). To stop the monitoring process, click the checkbox to remove the checked item.
•
Counter monitoring may also occur automatically due to a Scheduled Report (See Create
CounterWatch Reports and Schedule CounterWatch Monitoring) or a defined Alert (See
Server/Device Monitor Schedule Property Sheet
Activate by right-click with the mouse over a Server/Device item.
Monitor Schedule Tab
•
Choose the Monitor Schedule tab to specify the monitoring schedule for this server/device's
counters when you have manually activated counter monitoring (See Tree Operations
above).
•
Set the Schedule for Daily, Weekly, or Monthly monitoring.
•
Set the Beginning and Ending dates for which the schedule applies.
p. 174
•
Set the Starting at and Stopping at time for each day that monitoring occurs within the
Daily, Weekly, or Monthly schedule.
•
Set the sampling rate of the counter to Repeat every "x" number of Seconds, Minutes, or
Hours.
Counter Value Summary Report
Activate by right-click with the mouse over a Counter item.
Value Summary Tab
•
The Value Summary tab displays:
o
the date and time of the first value in the database for the counter selected.
o
the date and time of the last value in the database for the counter selected.
o
the highest value in the database for the counter selected.
o
the lowest value in the database for the counter selected.
o
the average for all values in the database for the counter selected.
p. 175
o
the last value in the database for the counter selected.
p. 176
Create CounterWatch Reports
Sentry II provides built in CounterWatch report templates that specify the counters for monitoring
and analyzing various aspects of NT / 2000/ XP / 2003 server/workstation system operation. For
example, there are collection set templates for analyzing: General NT / 2000 / XP / 2003 Server and
Workstation, NT Server As File Server, Microsoft Internet Information Server, and TCP/IP. In
addition, you can create your own custom collection set templates for monitoring and reporting on
those specific aspects of your Windows based servers and workstations, and SNMP network
servers/devices that you are interested in analyzing.
Use Create CounterWatch Reports to create reports that use one of the built in report collection set
templates listed above, or with your custom created collection set templates, together with one or
more of the servers and workstations in your network. Once you have created your reports, you can
schedule them to execute so that the associated servers/workstations are appropriately monitored
(See Schedule CounterWatch Monitoring). Then the monitored information can be subsequently
analyzed to pinpoint problems and help you fine tune performance and operation (See Run/Analyze
& View Reports).
Review Mode
In Review Mode, the default view, you can view the various reports to see which analysis collection
set template is used and the computers to which the reports apply. In this view, you can add new
reports, edit existing reports, or delete existing reports.
p. 177
Report Name Field
•
Select from among the list of reports in the drop down list to view the parameters, Edit, or
Delete an existing report (See Edit and Delete Buttons below), or enter the desired name
when defining a New report.
Description Field
•
An optional description for the report defined in the Report Name field.
Collection Set Field
•
The name / description of the collection set template used for this report.
Selections Field
•
The name / description of all the servers/computers that this report applies.
New Button
•
Press the New button to create a new report. You are presented with the Edit and Update
Mode view (See Edit and Update Mode below).
Edit Button
•
Select an existing report from the Report Name drop down field, and then press the Edit
button. You are presented with the Edit and Update Mode view (See Edit and Update Mode
below).
Delete Button
•
Select an existing report from the Report Name drop down field, and then press the Delete
button to remove the report from your list of reports. You are prompted to confirm the
delete.
Custom Collection Sets Button
•
Press this button to manage your custom created report collection set templates. Create new
collection set templates, edit existing custom collection set templates, or delete no longer
wanted collection set templates. (See Custom Collection Sets below)
Edit and Update Mode
In Edit and Update Mode, you can modify the parameters for existing reports or define parameters
for newly created reports.
Report Name Field
•
The current name of the existing report (it can be modified), or the name for a newly created
report.
Description Field
p. 178
•
An optional description for the report defined in the Report Name field.
Collection Set Field
•
The name and description of the collection set template used for this report. Choose one, by
clicking on the drop-down, from among the list of built-in and custom collection set
templates.
Groups : Servers/Workstations Selections Field
•
By clicking the checkbox, select the servers/computers to which the new report will apply.
Save Button
•
Press the Save button to save new or edited parameters for the report.
•
If Security is enabled (See Configure Security), you also have the option to assign ownership
for the saved Report. You can assign a Saved Report to either 'All' users, or to you, the
current logged-on User. Reports assigned to you are not available to other Users. Reports
assigned to 'All' are available to all Users.
•
If Security is enabled and the current logged-on User has Full Administration Rights (see
Configure Security), then when saving a Report, the User also has the option to assign
ownership for the Report to any available User.
•
If a New report object is being saved, you are prompted as to whether you want to start the
monitoring of the counters for the servers in the report object. Click OK to strat the
monitoring. You mange monitoring report objects in Schedule CounterWatch Monitoring.
p. 179
Cancel Button
•
Press the Cancel button to abandon any new or edited parameters and return to the Review
Mode.
Customizing Collection Sets
In Customizing Collection Sets, you manage your custom created report collection set templates.
Create new templates, edit existing custom templates, or delete no longer wanted templates.
Collection Set Name Field
•
The current name of an existing collection set template, which can be edited or deleted, or
the name for a newly created template.
Description Field
•
An optional description for the collection set template defined in the Collection Set Name
field.
Counters Tab
•
In Review Mode, the default view, all the Objects, Counters, and Counter Descriptions for
the selected Collection Set Template are displayed.
•
In Edit and Update Mode, a tree view of all the available Objects and associated Counters is
displayed. If Editing an existing custom template, the Objects are expanded and appropriate
Counters checked to reflect the current Object-Counter selections for the selected collection
set template
p. 180
•
Click the "+" icon to expand an Object and view its associated Counters. Click the "-" icon
to contract the Object.
•
Click the checkbox associated with a Counter to select it for the collection set. Only
checked Counters are applied to the collection set.
Parameters Tab
In Review Mode, the default view, all the configurable parameters for the Counter selected in the
Object-Counter drop-down, for the selected Collection Set, are displayed.
•
In Edit and Update Mode, all checked Counters in the Counters Tab tree view, are available
for selection in the Object-Counter drop-down. Select a Counter from the Object-Counter
drop-down to view its associated collection set parameters. These are:
p. 181
•
Section Header - Optional Report Section Header for the selected Counter. All
Counters with the same Section Header are grouped together in the Report. If no
Section Header is specified, the Counter is grouped in the 'General' section.
•
Annotation - Optional text that follows the Counter's Report data on a separate line.
•
Exclude Graph - Check this checkbox to exclude the Graph for the selected Counter
in the Report output. By default, the Report output for every Counter is
Minimum/Maximum/Average as text and a Graph of all the monitored data for the
Counter over the Report interval.
•
Sample Rate - Rate at which Counter value is sampled during monitoring. Default
value is 30 seconds.
•
Report Last Value Only - Check this checkbox to have the Report output display on
the last monitored value for the selected Counter instead of the default information
of Minimum/Maximum/Average. In addition, there is no Graph included. If the
selected Counter is an SNMP counter than the Counter value is queried for its value
during the Report generation.
•
Sample Rate - Rate at which Counter value is sampled during monitoring. Default
value is 10 seconds.
•
Suggested Average Value - During the analysis of the Counter data accumulated
during monitoring, this value is used as a base-line average for comparison and
deriving some recommendations, which can be specified in the Comment
parameters, described below.
•
Suggested Maximum Value - During the analysis of the Counter data accumulated
during monitoring, this value is used as a base-line maximum for comparison and
deriving some recommendations, which can be specified in the Comment
parameters, described below.
•
Comment 0 - Report analysis comment if Counter value equals zero.
•
Comment 1 - Report analysis comment if Counter value is greater than zero and less
than one-half the Suggested Average Value.
•
Comment 2 - Report analysis comment if Counter value is greater than one-half, and
less than, the Suggested Average Value.
•
Comment 3 - Report analysis comment if Counter value equals the Suggested
Average Value.
•
Comment 4 - Report analysis comment if Counter value is greater than the
Suggested Average Value and less than the Suggested Maximum Value.
•
Comment 5 - Report analysis comment if Counter value equals to or greater than the
Suggested Maximum Value.
New Button
p. 182
•
Press the New button to create a new collection set. You are presented with the Collection
set Edit and Update Mode view (See Counters Tab and Parameters Tab descriptions
above).
Edit Button
•
Select an existing collection set from the Collection set Name drop-down field, and then
press the Edit button. You are presented with the Collection set Edit and Update Mode view
(See Counters Tab and Parameters Tab descriptions above).
•
Built-in collection sets that come with Sentry II cannot be edited or deleted. If one of these
collection sets is selected in the Collection set Name drop-down field, the Edit and Delete
buttons are disabled.
Delete Button
•
Select an existing collection set from the Collection set Name drop-down field, and then
press the Delete button to remove the collection set from your list of available collection
sets. You are prompted to confirm the delete.
•
Built-in collection sets that come with Sentry II cannot be edited or deleted. If one of these
collection sets is selected in the Collection set Name drop-down field, the Edit and Delete
buttons are disabled.
Save Button
•
Press the Save button to save new or edited parameters for the collection set.
Cancel Button
•
Press the Cancel button to abandon any new or edited parameters and return to the
Collection set Review Mode.
Close Button
•
Press the Close button to exit the Customize Collection set mode and return to the Report
Review Mode.
p. 183
Schedule Periodic Reports
Use Schedule Periodic Reports to schedule the execution of selected CounterWatch, IP Service, and
Alert Notifications reports on a repeat, periodic and fixed schedule, to analyze and generate a Report
for any previous specified period. The report output, or a link to the HTML report output, can be
optionally Emailed to one or more recipients. Previously Scheduled Reports can be managed by
subsequently editing their schedule parameters, or by deleting and removing them from the schedule
report queue.
Schedule View
Select this tab for the Schedule view. In this view, select the report you want to schedule for
execution, from your list of created CounterWatch Reports plus the five fixed reports: Alert
Notifications, IP Service Performance and Availability, Logical Drive Utilization, Memory
Utilization, and HW/Configuration Reports. Here you also define the schedule parameters for when
and how frequently the Report executes, for what time period it reports on, and where the Report
output should go.
Report Name Field
•
Drop-down list box displaying the names of all reports defined previously in Create
CounterWatch Reports and available to be scheduled, as well as the always available Alert
p. 184
Notifications, IP Service Performance and Availability, Logical Drive Utilization, Memory
Utilization, HW/Configuration, Registry Monitor, and Watches/Alerts Status Reports.
Report Description Field
•
A display, read-only field showing the assigned description for the selected Report.
Report Details Button
•
Press this button to pop-up a display that shows the selected report parameters as defined
previously in Create CounterWatch Reports. This is not available for the Alert
Notifications, IP Service Performance and Availability, Logical Drive Status, and Memory
Utilization Reports since the parameters for these are defined at the time of scheduling.
•
Collection set Name and Collection set Description are the name and description for the
collection set used as the basis for the selected report.
•
Server/Device Name and Group Name are the name of all the servers/devices and the Group
to which each belongs and which the selected report will use for the monitoring phase.
•
Click the OK button to close the Report Details display.
Optional Notes Field
•
These are your user specified notes for annotating the Queue entry for this report to help you
identify and track it on the Queued status display tab. Particularly for the Alert
Notifications, IP Service Performance and Availability, Logical Drive Status, and Memory
Utilization Reports, which you can schedule multiple instances with different reporting
parameters, they will have the same Report name, so these Optional Notes provide a way for
you to annotate some specific and unique information for each scheduled report.
•
Data in the Optional Notes field, up to the first colon character (‘:’) if any, are appended to
the Report Name instances that are created whenever the report runs. This helps to
distinguish among multiple instances of the same type of report when they are displayed in
the Queued display and also in Run/Analyze & View Reports where the created report
instances are available for viewing.
Run Report Every Field
•
Define how frequently the report is run. This dictates the next data/time for running the
report when it is automatically rescheduled. (This is a "point & click" field).
o
Click the Run Report Every field to display the frequency choices. You specify this
value in minutes, hours, days, weeks, or months.
•
For the selected report, define when the report should first execute. Thereafter, the report is
rescheduled based on the 'Run Report Every' parameter. These are "point & click" fields.
o
Click the first field (Start Date) to view the current month calendar. "Point & click"
to select a date from this month or click the right-arrow icon to scroll to the next
p. 185
month. Use the left- and right-arrow icons to scroll backward or forward to find the
calendar month you want, and then click the date for the Start Date.
o
Click the second field (Start Time), to display the start time choices. Specify the
time in hour and minute, AM or PM.
For Previous Period Field
•
Define the time-period prior to the Start Date/Time that the report should cover in its
analysis and results. (This is a "point & click" field).
o
•
Click the For Previous Period field to display the duration choices. You specify
this value in minutes, hours, days, weeks, or months.
Not applicable for the Logical Drive Status, and Memory Utilization Reports.
•
phase associated with this report.
Optional Report Output To Field
•
The report output for each scheduled report instance is always available for viewing and
printing in Run/Analyze & View Reports. However, optionally here you can specify a fully
qualified path to a folder where the Sentry II Server will, in addition, write the report output.
•
You can use this additional report output location in conjunction with the Optional Link to
Report Output that is used with the Email, 'Link Only' option, to provide access to the report
data via an alternate Internet/Intranet address.
Optional Report Name Field
•
The report output for each scheduled report instance is always available for viewing and
printing in Run/Analyze & View Reports. However, if you are specifying Optional Report
Output and/or are using the Email options, you can optionally specify the name for the
Report output.
•
Since the Report is running periodically, each new output will overwrite the previous output
when using this specified name. You can, however, include the macros &D and or &T in
the optional Report Name, and when the Report output is created &D is substituted with the
current date, and &T is substituted with the current time, creating a unique name for each
output.
Email Report Checkbox
•
Set the checkbox to enable optional Emailing of the Report output results.
•
Then choose to Email the 'Link Only' or the 'Full Report' as well as the other Email details.
Email Link Only / Full Report Radio Buttons
•
By default, the Email 'Link Only' to the Report output is enabled.
p. 186
•
Set the 'Full Report' radio button if you want to Email the complete report output, in HTML
format, to the Email recipient(s).
Specify Email Details Button
•
Press this button to pop-up a dialogue where you can specify the addresses for the Email
recipients as well as the Email Subject line.
•
You may use any of your defined Email Groups, and here you can also choose to 'Manage'
your Email Groups by adding new ones, editing or deleting existing ones.
•
The Email Subject line supports an '&D' and '&T' macros that are substituted with the date
and time, respectively, at the time of the report generation.
Optional Link to Report Output Field
•
This is an optional 'link', usually expected to be an "HTTP://...“style link that can be used to
point to the folder where you have specified the report output should be placed using the
Optional Report Output To parameter.
Choose IP Service & Servers/Devices, Choose Alert Type & Servers/Devices and Choose
Groups Buttons
•
One of these buttons is available depending on whether the selected report is the Alert
Notifications, IP Service Performance and Availability, Logical Drive Status, or Memory
Utilization Reports.
•
Press the displayed button, based on the report, to choose the Groups, or to specify the type
of IP Service or Alert Notifications, plus the servers/devices, to report on.
Query Button for Event Log Report Filter
•
Press this button to pop-up a dialogue where you can specify an additional filter for the
Event Log data portion of the report.
•
Each of the parameters are optional, and each will take multiple, comma-delimited values if
you choose to filer on one or more of the specific parameters such as Event ID, Source,
User/Group, and/or Description.
•
In the User/Group field, you can also enter an Active Directory Group Name so that any
User that is a member of the Group would be considered a Match. You can specify multiple
Group Name parameters by separating with a comma. You also mix User and Group names.
example, ‘Administrator()’ is the ‘Administrator’ Group. Click the button to the right of this
field to pop-up a display Windows and view your Active Directory information where you
can select one or more Users and/or Groups.
Schedule Button
•
Once all the required fields are defined, press this button to queue the report and schedule it
to execute the first time when the Start Date/Time becomes current. Thereafter, the report is
automatically rescheduled based on the 'Run Report Every' parameter.
p. 187
Queued View
Select this tab for the Currently Scheduled Reports view. This view shows the status of all reports
that have been previously scheduled. The reports are sorted based on the Start Date/Time so that the
next reports to run are at the top.
•
To activate the Edit and Delete buttons, point and click a report entry to select it.
•
Hover with the mouse over a report entry and the tool tip will display with the 'Optional
Notes' you assigned to the entry when first creating it. These 'Optional Notes', if any, are
also displayed as part of the queued entry's information. Scroll the window to the right to
see all the parameter information for each queued report entry.
Refresh Button
•
Click an entry to select it, and enable the Edit and Delete buttons. Press Edit to
modify the report schedule parameters.Use this button to refresh the display. While
the display is open, scheduled reports may come due, execute, and then be
rescheduled with new date/times. The display is NOT updated automatically. Use
Refresh to see the latest parameters.
Edit Button
•
Click an entry to select it, and enable the Edit and Delete buttons. Press Edit to modify the
report schedule parameters.
•
Clicking Edit automatically switches the view to the Schedule view with the reports current
defined parameters. Here you can modify them. Click OK to apply your changes, or Cancel
to abort. Either OK or Cancel switches the view back to the Queued tab's view.
p. 188
Delete Button
•
Click an entry to select it, and enable the Edit and Delete buttons. Use this button to remove
a selected report entry from the currently scheduled queue.
•
Once removed, the report is no longer scheduled.
Print Button
•
Use this button to Print a copy of the Queued reports and their parameters.
Brand View
Select this tab for the Brand Reports view. This view shows available fields that you can define that
Sentry II will use to Brand all report output at the end of the output.
p. 189
Run/Analyze & View Reports
Use Run/Analyze & View Reports to run the Performance Wizard and analyze the three types of
reports provided in Sentry II. The Performance Wizard results can then be viewed and printed.
Report Types
The three report types are: ServerWatch Service Reports, Windows & SNMP CounterWatch
Counter Reports, and Inventory Reports. The Service and Inventory Reports, highlighted in blue, are
special in that they are not scheduled and cannot be deleted, and are always available. You define
and schedule the Counter Reports.
Service Reports
There are two special Service reports included. They are the Service Availability & Performance
report, and the Alert Notifications report. These Service reports provide detailed availability and
performance, and alert metrics for the HTTP, SMTP, POP, FTP, DNS, SQL, ORACLE, TELNET,
SNMP, PING, AGENT and USER specified IP Services on those servers you previously selected for
monitoring (see Configure Watches/Alerts for service monitoring).
The Alert Notifications Report provides a view of any or all failures for selected Watches or all
Watches. See Service Report Analysis below for more information on these two Service Reports.
p. 190
Inventory Reports
There are four special Inventory reports included. They are the Operating System Inventory, Group
Inventory, User Security, and Session Log. These Inventory reports provide a convenient way to
display Sentry II Server database information for various items that you define using the Sentry II
Configure functions (See Configure tab). These Inventory reports are unique in that they are not
scheduled and cannot be deleted. When analyzed, they provide information about the Sentry II
Server system. Standard Sentry II reports provide information on the monitoring of one or more
user server or workstation computers.
Counter Reports
You define Counter reports from the provided collection sets (See Create CounterWatch Reports),
and then schedule Counter reports (See Schedule CounterWatch Monitoring) to gather countermonitoring results, or press the New button to specify date/time and duration parameters for report
data already in the database.
Status View
Select this tab for the Status view. This view shows the status of all Counter reports that have been
previously scheduled (See Schedule CounterWatch Monitoring) to execute the monitoring phase,
and, the always available, Inventory and Service reports.
Analysis Status Field
•
Monitor Scheduled - Counter reports that are currently waiting to start monitoring because
their Start Date/Time is in the future.
•
Monitor Processing - Counter reports that are in the process of monitoring; their Start
Date/Time has past and their End Date/Time is in the future.
•
Ready - Counter reports that have completed monitoring but have not yet been analyzed by
the Performance Wizard; their End Date/Time has past; also Service Availability &
Performance and special Inventory reports that can be analyzed.
•
Started - Counter, Service, and Inventory reports that are waiting for analysis by the
Performance Wizard.
•
Processing - Counter, Service, and Inventory reports that are currently being analyzed by the
Performance Wizard.
•
Stopping - Counter, Service, and Inventory reports in the process of being analyzed by the
Performance Wizard that are cancelled by the User.
•
Complete - Counter, Service, and Inventory reports with completed analysis results from the
Performance Wizard.
p. 191
Date/Time Fields
•
The Start Date/Time and End Date/Time define the period for which monitoring has or will
occur for the counters and computers defined by the report (See Create CounterWatch
Reports).
•
Reports that have completed the monitoring phase are eligible for analysis by the
Performance Wizard. Select one or more reports with Analysis Status of Ready, and press
the Analyze button to start the Performance Wizard.
•
not synchronized, and particularly for remote servers in different time-zones. The Start
Date/Time is based on the Sentry II Server's clock. However, once remote servers are told
to begin monitoring by the Sentry II Server, monitored data is stored in the Sentry II
database based on the local time of the server being monitored. You have to take this time
into account when running the analysis reports. You also have to take this time into account
when setting up your charts to monitor these counters. Allow for an appropriate start time
and chart density (see below) to be sure to view monitored counters from servers in different
time-zones.
Last Status Message Field
•
This is a dynamic display of last status message from the Performance Wizard while it is
analyzing the report.
Show All Checkbox
•
When unchecked, only those reports that have completed the monitoring phase (Analysis
Status is Ready, Started, Processing, Stopping, or Complete) are shown.
•
When checked, the Status View will show Counter reports that are currently waiting to start
monitoring or are in the process of monitoring (Analysis Status is Monitor Scheduled, or
Monitor Processing), as well as all those reports that have completed the monitoring phase.
New Button
•
Press the New button to pop-up a display where you pick from your previously created
CounterWatch reports (See Create CounterWatch Reports), and specify date/time range,
earlier than current time, in order to create an entry that you can then Analyze for
CounterWatch data already available in the database.
Analyze Button
•
Press to run the Performance Wizard to analyze the selected Service, Counter, and/or
Inventory report(s).
•
Select one or more reports that have completed monitoring (Analysis Status is Ready),
and/or have completed monitoring and already have been analyzed (Analysis Status is
Complete).
p. 192
•
When attempting to analyze a report that has already been analyzed (Analysis Status is
Complete), you are prompted to confirm since the previous generated analysis result is
deleted and replaced by the new analysis results about to be generated.
Delete Button
•
Select one or more Counter reports to delete. Service and Inventory reports cannot be
deleted.
•
Deleting reports that are waiting to monitor or currently monitoring (Analysis Status
is Monitor Scheduled, or Monitor Processing), aborts this process. Deleting
reports that have already been analyzed by the Performance Wizard (Analysis Status
is Complete) deletes both the report and the analysis results.
•
You are prompted to confirm the delete.
Cancel Button
•
Select one or more reports currently being analyzed (Analysis Status is Started or
Processing) by the Performance Wizard to terminate this process.
•
You are prompted to confirm the cancel
Refresh Button
•
Press this button to refresh the Status display with any new updated report information.
•
The Status display is updated dynamically for reports that you manually start the analysis.
However, report instances created via the 'Schedule Periodic Report' process are not
dynamically added to the Status display.
Service Report Analysis
Select the Service Availability & Performance report to see the metrics and graphs for any of the
available services: HTTP, SMTP, POP, FTP, DNS, SQL, ORACLE, TELNET, SNMP, PING,
AGENT and USER; or select the Alert Notifications to see the history of the alert events and failures
for all your configured Watches. (See Configure Watches/Alerts).
•
Select either or both reports with the mouse to highlight them.
•
Press the Analyze Button to run the Performance Wizard and start the analysis.
•
For the Service Availability & Performance, a pop-up dialogue box appears and you are
prompted to select the Service Type from a drop-down containing the available IP Services;
select the range, Report On, in Days and Hours, for the report analysis, and a Starting at
Date/Time. There is a Total Availability Summary option, if selected, provides a sorting
option choice, and when run yields a summary report, with one line per server. You can run
the report on just specific server/devices rather than all, which is the default. Press the
Select button to view the available Watches and the associated servers/devices for the
selected IP Service. There is also a Include Maintenance Periods option, if selected,
includes the maintenance periods where the server/device was not being monitored during
the report period.
p. 193
•
For the Alert Notification, you can select the report on ServerWatch, FileWatch,
WinServicesWatch, EventLogWatch, and/or SNMPWatch type alerts; select the range,
Report On, in Days and Hours, for the report analysis, and a Starting at Date/Time.
•
There is an option to limit the number of report entries, Max Report Lines/Server, for any
alert type per server. There is also a Notified Only checkbox to limit the report entries to
those alert failures that resulted in a notification. You can run the report on just specific
server/devices rather than all, which is the default. Press the Select button to view the
available Watches and the associated servers/devices for the selected Watch type.
•
Press the OK button to confirm your choice and continue with the report analysis or press
the Cancel button to terminate the report analysis. When the report analysis is complete,
select the Results View, defined below, to review the results.
p. 194
•
phase associated with this report.
Query Button for Event Log Report Filter
•
Press this button to pop-up a dialogue where you can specify an additional filter for the
Event Log data portion of the report.
•
Each of the parameters are optional, and each will take multiple, comma-delimited values if
you choose to filer on one or more of the specific parameters such as Event ID, Source, User
Name, and/or Description.
•
In the User/Group field, you can also enter an Active Directory Group Name so that any
User that is a member of the Group would be considered a Match. You can specify multiple
Group Name parameters by separating with a comma. You also mix User and Group names.
example, ‘Administrator()’ is the ‘Administrator’ Group. Click the button to the right of this
field to pop-up a display Windows and view your Active Directory information where you
can select one or more Users and/or Groups.
Results View
Select this tab to review the report analysis results. This view shows the results of all selected
reports in the Status view that have been analyzed by the Performance Wizard (Analysis Status is
Complete). When more than one Complete report in the Status view is selected, the results of the
first selected report will be shown in the Results view first.
Full View Buttons
p. 195
•
Use this button to see a nearly full-screen view in a separate browser window of the current
Performance Wizard results being displayed.
•
From the Full View, you can print, save, and even Email, the report results.
Next & Previous Buttons
•
Use these buttons to scroll forward to the Next or Backward to the previous Performance
Wizard results when more than one Complete report in the Status view is selected.
p. 196
Print Button
•
Press this button to Print the currently displayed report output. You can also go to the Full
View (See above) and use the browser’s Print button to print the report.
p. 197
Event Log View/Archive & Report
Use the Event Log View/Archive & Report to: Manage your Event Log Archive schedules; View
events in your Archived Event Log files, as well as View Monitored events in the Sentry II database;
and/or View events in the actual Event Log files of selected servers/workstations.
You can create one or more Archive Schedules to automatically upload and archive native Event
Log EVT files and save them in a central storage in a compressed format. There are a variety of
conditions that you can specify to trigger the upload.
The Viewer supports setting very flexible filters, which you can Save and then Load later to reuse,
so that you can view just the events that you are interested in viewing. You have the option to Print,
Email, or Export the view results. And the Viewer is designed to be very interactive, making it easy
to change your filter and view a different result set of events.
Click the appropriate button to View Archived Event Logs, View Monitored Events, View Current
Event Logs, Manage Archive Schedules, or Set Maximum Event Log File Sizes.
View Archived Event Logs
The View Archived Event Logs dialogue box is displayed when the associated button is pressed.
This dialogue box displays checkboxes to choose the Event Logs to view, the Event Types within
p. 198
the logs to view, and options to further filter based on Event ID, Source, User Name, and/or
Description. Each of these options accepts one or more comma-delimited, non-case sensitive
parameters, and in addition, the Event ID field also accepts a range (e.g. 532-550, 560-590).
In the User/Group field, you can also enter an Active Directory Group Name so that any User that
is a member of the Group would be considered a Match. You can specify multiple Group Name
parameters by separating with a comma. You also mix User and Group names. The Group name is
indicated by the including of a parenthesis pair as part of the name; for example, ‘Administrator()’ is
the ‘Administrator’ Group. Click the button to the right of this field to pop-up a display Windows
and view your Active Directory information where you can select one or more Users and/or Groups.
There are checkbox options to treat the filter options as a Boolean AND (“AND Params”); as an
inverse (“NOT Check”), and provide a Summary with Counts of like events rather than each
individual event.
Click the Save Filter button to save your filter selections so you can recall them at a later time; or
click the Load Filter to load a filter from your list of previously saved filters.
There are Start and End Date/Time fields to put a time-frame around the events you want to view.
Click the Specify Archive button to provide the path to the Archive storage folder you want to view.
The viewer will automatically uncompress and retrieve the events matching the filer specification
from the archive storage.
p. 199
Also displayed is the tree of all Windows NT / 2000 / XP / 2003 servers and workstations eligible,
organized by their associated Groups. From this tree of server and workstation computers, choose
the ones whose selected logs you want to view.
View Monitored Events
The View Monitored Events dialogue box is displayed when the associated button is pressed. This
dialogue box is the same as the View Archived Events Logs except the Sentry II database is searched
for events captured as a result of Event Log Watches (see Configure Watches/Alerts) that match the
specified filter.
View Current Event Logs
The View Current Event Logs dialogue box is displayed when the associated button is pressed. This
dialogue box is the same as the View Archived Events Logs except the Event Log files on the
selected servers/workstations are searched for events that match the specified filter.
Groups : Servers/Workstations Tree
•
All the eligible (Windows NT / 2000 / XP) servers and workstations are displayed as nodes
in the tree under their associated Groups.
•
Press the + image to expand a Group and see its list of associated computers; press the image to contract.
•
Click the checkbox to check or uncheck the computer to choose whether to display its Event
Logs of the type selected (See Select Event Logs to View above).
•
When checked and eligible for selected log display in the Event Log Viewer, the computer
icon image is replaced with the event log viewer image .
•
Hover with the mouse over the computer icon
computer description.
or event log viewer icon
to display the
View Button
•
Press this button to close the Filter dialogue box and to initiate the read and display of the
selected events.
Cancel Button
•
Press this button to close the Filter dialogue box without taking any action.
Event View
In the Event view, the events matching the specified filter are displayed.
decrease the server status log display area.
Click the column header to sort the display entries by the associated column.
p. 200
Displays the specific Event type icon with
for Error type events,
for Information type events, and for Security Check type events.
for Warning type events,
Menu Button
•
Click this button to redisplay the opening Menu screen.
Back Button
•
Click this button to return back to the filter screen you just created so that you can easily
change your filter and view another set of events.
Print Button
•
Press this button to print the Event display.
Email Button
•
Press this button to email the Event display to a specified recipient.
p. 201
Export Button
•
Press this button to export the Event display to a uniquely named CSV file in the “…\Sentry
II\Export” folder.
•
The CSV file can be opened in Excel.
Cancel Button
•
Press this button to Cancel an in progress search for events matching the filter.
p. 202
Manage Archive Schedules
The Manage Archive Schedules dialogue box is displayed when the associated button is pressed.
This dialogue box provides the option to create one or more Archive Schedules to archive and
optionally upload the selected archived Event Log files, from the selected servers/workstations,
based on 1 of 4 conditions.
Administrator rights are required for this function and the Set Maximum File Size function.
You can define multiple Archive Schedules for the same servers/workstations, and even for the same
Logs, based on different conditions. So for example, create a schedule that archives whenever the
Event Log file is 90 percent full, and then create another schedule that archives every 7 days at
1AM.
Each archive schedule can archive to the same or different central archive storage folders. The
default central archive storage folder is in the “…\Sentry II\Archive” folder; whereas archived files
are stored in a subfolder based on server/workstation name. You can override the default archive
folder and specify an alternative folder that can be on the same machine as the Sentry II Server, or
reachable from the Sentry II Server via a mapped drive, or via a UNC path.
Archived Event Log files are stored in a compressed GZIP format which achieves 20 to 1 and as
much as 30 to 1 compression. The files are automatically uncompressed by the Viewer, but can also
be manually decompressed by WinZip or any other Windows compression utility that supports the
GZIP format.
Archived Event Log files are named by appending the machine name where the file originated plus
the date/time the archive file was created. For example, a standard “AppEvent.evt” file name for an
Application Event Log would be named “AppEvent_MachineName_mmddyy_hhmmss.gz” after it
was uploaded in the native EVT format and compressed.
p. 203
Set Maximum File Size
The Set Maximum File Size dialogue box is displayed when the associated button is pressed. This
dialogue box provides the option to set the maximum log file size for selected Event Log files on
selected servers/workstations. The size is in KB and is rounded to the nearest 64KB increment
following the Windows behavior for these.
p. 204
Syslog View/Archive & Report
Use the Syslog View/Archive & Report to View Syslog messages in your Archived Syslog files, as
well as View Monitored Syslog messages in the Sentry II database.
The Viewer supports setting very flexible filters, which you can Save and then Load later to reuse,
so that you can view just the Syslog messages that you are interested in viewing. You have the
option to Print, Email, or Export the view results. And the Viewer is designed to be very interactive,
making it easy to change your filter and view a different result set of Syslog messages.
Click the appropriate button to View Archived Syslogs, or View Monitored Syslogs.
View Archived Syslogs
The View Archived Syslogs dialogue box is displayed when the associated button is pressed. This
dialogue box displays options to further filter based on Syslog Message content.
Click the Save Filter button to save your filter selections so you can recall them at a later time; or
click the Load Filter to load a filter from your list of previously saved filters.
There are Start and End Date/Time fields to put a time-frame around the messages you want to view.
p. 205
Click the Specify Archive button to provide the path to the Archive storage folder you want to view.
The viewer will automatically uncompress and retrieve the messages matching the filer specification
from the archive storage.
Also displayed is the tree of all servers and devices eligible, organized by their associated Groups.
From this tree of servers/devices, choose the ones whose selected logs you want to view.
Content Search Substring(s) Filter
With this parameter you can optionally specify a simple, or compound/complex filter based
on matching specified substrings versus the content of the Syslog messages.
Use ‘+’ for a Boolean AND; ‘,’ for a Boolean OR; and ‘-‘ for Boolean NOT. For example,
string1+strng2-string3; this would find all Syslog messages that included ‘string1’ AND
‘string2’ but NOT ‘string3’.
View Monitored Syslogs
The View Monitored Syslogs dialogue box is displayed when the associated button is pressed. This
dialogue box is the same as the View Archived Syslogs except the Sentry II database is searched for
messages captured as a result of a SYSLOGWatch with an alert notification option defined (see
Configure Watches/Alerts) and that match the specified filter.
Groups : Servers/Devices Tree
p. 206
•
All the eligible servers/devices are displayed as nodes in the tree under their associated
Groups.
•
Press the + image to expand a Group and see its list of associated servers/devices; press the image to contract.
•
Click the checkbox to check or uncheck the server/device to choose whether to display its
Syslog messages.
•
When checked and eligible for display in the Syslog Viewer, the computer icon image is
replaced with the Syslog viewer image.
•
Hover with the mouse over the computer icon or Syslog viewer icon to display the
server/device description.
View Button
•
Press this button to close the Filter dialogue box and to initiate the read and display of the
selected messages.
Cancel Button
•
Press this button to close the Filter dialogue box without taking any action.
Messages View
In the Messages view, the messages matching the specified filter are displayed.
Press the "Expand" icon to toggle the hide and show of the Menu and Banner panes to increase or
decrease the messages display area.
Click the column header to sort the display entries by the associated column.
p. 207
Menu Button
•
Click this button to redisplay the opening Menu screen.
Back Button
•
Click this button to return back to the filter screen you just created so that you can easily
change your filter and view another set of messages.
Print Button
•
Press this button to print the Syslog Message display.
Email Button
•
Press this button to email the Syslog Message display to a specified recipient.
Export Button
•
Press this button to export the Syslog Message display to a uniquely named CSV file in the
“…\Sentry II\Export” folder.
•
The CSV file can be opened in Excel.
Cancel Button
•
Press this button to Cancel an in progress search for messages matching the filter.
p. 208
Server/Device Maintenance
Use the Server/Device Maintenance function to specify schedules, either one time or repeated, where
you want to suppress ALL monitoring and alerting on selected servers/devices. Typically you would
do this when servers/devices are going to be unavailable due to some planned maintenance and you
do not want to monitor these nor generate any alert notifications during these maintenance down
times.
Current Maintenance Schedules
The Current Maintenance Schedules frame displays any current or scheduled maintenance periods
including the starting date/time, the duration, and whether the schedule is repeated. The
servers/devices affected by the particular maintenance schedule are listed in the drop-down box.
The schedules are sorted automatically by the ‘Starting Date/Time’ with the most recent first.
Hover over the Description parameter field to see the full description in the pop-up tool tip for the
particular schedule; hover over other fields in a particular schedule and see the list of selected
Watches in the pop-up tool tip that are part of the particular schedule
To terminate a schedule at any time, click the schedule line to select it, and then click the Delete
button. If you want to change a schedule, you just delete it and then specify it again.
p. 209
This frame is automatically updated while opened when any change occurs: either changes you
make; or changes that occur due to other users; or changes made automatically by the Sentry II
Server when schedules expire or are rescheduled.
to toggle the hide and show of the Specify Maintenance Schedule for
Servers/Devices frame to increase or decrease the Current Maintenance Schedules display area.
Specify Maintenance Schedule for Servers/Devices
The Specify Maintenance Schedule for Servers/Devices frame is where you specify new schedules..
•
Specify the date and time when you want the new maintenance schedule to be in effect.
Date is MM/DD/YYYY; and time is HH:MM in 24 hour format.
•
When current time on the Sentry II Server equals the Start Date/Time, the maintenance
period is automatically in effect and ALL monitoring and alerting is suppressed on the
associated servers/devices.
Duration Field
•
Click the Duration field to enable the drop downs and specify how long you want the
maintenance period to be in effect.
•
At the end of the Duration, the maintenance period automatically expires and all monitoring
and alerting is enabled for the associated servers/devices. If there is no Repeat Every
parameter defined, the schedule is deleted.
Repeat Every Field
•
Click the Repeat Every field to enable the drop downs and specify if you want the
maintenance schedule to be automatically repeated and rescheduled whenever it expires.
•
This field should be blank if you only want to define a maintenance schedule that is
effective one time. Schedules that do not repeat are automatically deleted when they expire.
•
The ‘Month’ choice reschedules for the same day of the month in the appropriate succeeding
month; for example, a Repeat Every of 1 month would reschedule say February 6 to March
6, and March 6 to April 6, and so on.
Description Field
•
Enter any optional text to describe this new Maintenance Schedule.
•
By default only approximately the 1st 50 characters of the Description entered will display;
click the Show Desc checkbox to display the full Description
All Watches / Select Watches Radio Button
•
Click the All Watches radio button to disable all monitoring and all alerting on all Watches
for this new Maintenance Schedule.
p. 210
•
Click the Select Watches radio button, and enable the Select button; then click the Select
button to select one or more Watches only that will be disabled by this new Maintenance
Schedule..
Groups : Servers/Devices Tree
•
All the eligible servers and devices are displayed as nodes in the tree under their associated
Groups.
•
Press the + image to expand a Group and see its list of associated servers/devices; press the image to contract.
•
Click the checkbox to check or uncheck the server/device to choose whether to include in
the new maintenance schedule.
•
When checked, the computer icon image is replaced with the server maintenance image.
Apply Button
•
Press this button to apply and save the new Maintenance Schedule. You will see the
Current Maintenance Schedules frame automatically updated with the new Maintenance
Schedule.
p. 211
Net Toolbox
Use the Net Toolbox to do a Trace Route, view/set an SNMP device, send a PING, or do a DNS
lookup for an IP address or Host name.
Select Tool Drop-down
•
Choose the net tool, Trace Route, DNS Lookup, SNMP Viewer or PING Server.
Name/IP Address Field
•
Specify either a Host name or IP address. Each of the selected tools will do the appropriate
lookup to derive Host name from IP address, or vice-versa.
Trace Route Parameters
If Trace Route is the net tool selected, additional parameter fields are displayed. All of these fields
are set with reasonable default values, good for most trace routes. However, changing these
parameters will affect the trace route performance and results.
Resolve IP Addresses Checkbox
•
Uncheck this and IP addresses will not be resolved to a Host name. Doing so usually speeds
up the trace route execution substantially.
p. 212
Probe Count Drop-down
•
Defines the number of times each intervening node in the route is probed and
checked. A Probe Count greater than 1 will slow down the trace route execution but
provide a better view of the average performance for each intervening node.
TimeOut Drop-down
•
Defines the time-out when waiting for a response from each intervening node of the route.
TimeToLive Drop-down
•
Defines the number of intervening nodes that the trace packet is allowed to traverse before it
will expire.
TypeOfService Drop-down
•
Defines the type of service, General, Low Delay, High Thruput, High Reliability, for the
trace route. General is the default.
SNMP Parameters
If SNMP Get, Get_Next, Walk_MIB, or Set is the net tool selected, additional parameter fields are
displayed.
•
'Get' queries the specified OID(s) and returns their values.
•
'Get_Next' queries the next lexicographic ordered Object to the one specified. The response
is displayed and the OID filed is automatically primed to the next one. Repeatedly pressing
the Start button walks the MIB one at a time.
•
'Walk_MIB' automatically walks the MIB starting with the next lexicographic ordered
Object to the one specified.
•
'Set' allows you to set a specified object with a value.
•
Define the "community" to which the device you want to view belongs. This acts as a level
of security, The default Read Community name is "public".
•
Used with the 'Get', 'Get_Next', and 'Walk_MIB' commands
Write Community Field
•
Define the "community" to which the device you want to set belongs. This acts as a level of
security. The default Write Community name is "public".
•
Used with the 'Set' command.
p. 213
Time-Out Field
•
Specify the time-out, in seconds, to wait for the response to the SNMP viewer inquiry.
OID(s) Field
•
Defines one or more OPTIONAL OIDs to be queried. Multiple OIDs are separated by a
semi-colon.
•
Either OIDs or the Group or Object name accepted. For example, 'sysDescr' or 'sysLocation'
for the System name and location objects, or 'system' for the MIB-II System Group.
•
If no OID(s) are specified, the SNMP query check is for default OIDs of System Name,
Description, Up-Time, Location, Services, Contact, and ObjectID.
Target OID Field
•
Defines the one OID or object name for the 'Set' command.
Set Value Field
•
Defines the value to be used in setting the target OID or named object in the 'Set' command.
The type of the value is specified in the Type field
Type Field
•
Defines the type of the Set Value in the 'Set' command. Default is 'String' type; the other
choices are: Integer, Long, Unsigned.
Start Button
•
Press this button after selecting the tool, and specifying the Host name or IP address to start
the tool execution. The result information for the tool execution is displayed in the Result
Log. The Result Log can be viewed or printed.
Cancel Button
•
Press this button to abort the selected tool operation.
Clear Log Button
•
Press this button to clear the Result Log view.
Print Button
•
Press this button to print the Result Log view.
p. 214
Database Maintenance
Use Database Maintenance to manage the Sentry II Server database monitoring contents and overall
size. You can schedule an automatic purge of monitored data to occur every day at a set time, and
you can specify the maximum amount of days of data to maintain. There is also an option to filter
out specific CounterWatch Objects from the Object/Counter tables in order to eliminate Objects of
no interest. You can also manually initiate the discard of monitored counter and service data that you
are no longer interested in and/or compact the database to reclaim all space from previously deleted
records and/or discarded counters.
AutoPurge Tab
Select the AutoPurge Tab to schedule an automatic purge of monitored data to occur every day at a
set time. Also specify the maximum amount of days of data to maintain.
Enable AutoPurge Checkbox
•
Select this checkbox to enable the database AutoPurge function.
Purge all Monitored data older than Drop-down
•
Select the number of day’s worth of monitored data in the database to keep. All data older
than the specified number of days is purged from the database.
p. 215
Purge all Report data older than Drop-down
•
Select the number of day’s worth of completed Report output in the database to keep. All
completed Report output older than the specified number of days is purged from the
database.
Run AutoPurge everyday at Drop-down
•
Select the hour of the day when the AutoPurge will run on a daily basis.
Objects Tab
Select the Objects Tab to enable and specify an Object Filter that will filter out and delete Objects
and associated Counters from the Sentry II database. You normally would filter out Objects such as
the NBT Connection objects and others that you would likely not want to ever monitor.
This aids in keeping the overall Object count under control and improves performance in those
screens and functions that deal with Objects. This is not an irrevocable step. If you decide later that
you want to monitor Objects that you previously filtered, change the filter and then next time the
Sentry II Agent(s) connect up to the Sentry II Server, the Agent(s) will refresh with the now
unfiltered Object(s).
Enable Object Filtering Checkbox
•
Select this checkbox to enable the database Object Filtering function.
p. 216
Object Filter List Field
•
Specify one or more Object names to be filtered. A semi-colon must separate multiple
Objects names.
•
Currently, instances of Objects are not supported. You can only specify the base Object
name that will result in all the Objects and its instances of the base name being filtered out.
For example, specify "Processor" as the object name, and Objects "Processor 0", "Processor
1","Processor _Total", and so on will be filtered out. Do not include the 'instance' as part of
the Object name, as that will result in no match. For example, do not specify "Processor 0"
•
An asterisk wild-card as the last character in an Object name specification is supported to
mean the Object name is a root, and any Object names including the root starting at the 1st
character in the name will result in a match. For example, "NBT*" will match and filter all
Object names that start with "NBT" as the first three characters.
Enable Obsolete Object Purging Checkbox
•
Select this checkbox to enable 'Obsolete Object Purging’. The default is checked.
•
This will cause the purging of any CounterWatch Performance Objects from the database
that are no longer being reported by the associated Agent when it reconnects based on the
Agent querying the system. Also any Objects without associated Counters are purged. Some
applications will remove their custom Objects and Counters when they are stopped. This
could lead to them being purged and losing historical data. In this case, you may want to
disable this feature.
Apply Button
•
Once you have defined the Object Filter parameters, press the Apply button. If the Enable
Object Filtering checkbox is checked, then a background process is scheduled to start within
1 minute to scan the database Object inventory and delete those Objects and associated
Counters that are now filtered. Also, when Agent(s) subsequently connect and upload
Object inventory, it is filtered at this point as well.
Purge Tab
Select the Purge Tab to manually initiate the discarding of monitored data older than a date/time that
you specify. Also, optionally initiate the database compact.
Date/Time Fields
•
Displays the date and time point for which all earlier service / counter data will be discarded
when the Apply button is pressed.
•
These are "point & click" fields.
•
"Point & click" to select a date from the month or use the left-arrow and right-arrow icons to
scroll backward or forward to find the calendar month you want, then click the date for the
discard date.
•
"Point & click" to the hour, minute, and AM/PM drop-down lists to select the time.
p. 217
Apply Button
•
Once you have defined the date and time for which you want to discard all earlier service /
counter data, press the Apply button to flag the data as discarded.
•
You must perform the Compact Now (see below) function to actually reclaim database
space.
Compact Now Button
•
Press the Compact Now button to reclaim Sentry II Server database space for all previously
deleted records and discarded monitor service / counter data. This function only applies to
the default Access database. If using SQL Server, a “No Status” is returned immediately.
Use the SQL Server tools available to reclaim freed database space.
•
You are asked to confirm the Compact before proceeding since it may take up to 1 hour for a
very large Access database (>750MB), and during that time the database is closed and no
monitoring is taking place.
•
When using the default Access database, it is a good practice to do a Compact once every 12 weeks. Compact reclaims deleted space, making the database smaller, repairs any
damaged links and contributes to overall good Sentry II performance.
•
With SQL Server, the standard tools will periodically reclaim unused space from deleted
records.
p. 218
Sentry II Server Log
Use the Sentry II Server Log to view the current activity log from the Sentry II Server in real-time.
The Sentry II server logs most activities and events to its activity log.
Clear Log Button
•
Press the Clear Log button to reset and clear the log view display.
Print Button
•
Press the Print button to print the log view display.
Pause/ Resume Button
•
Press the Pause button to halt the updating of the display so that it is easy for you to review
the display contents.
•
Press the Resume button to restart the display update from where it was last stopped.
Log To Disk Checkbox
•
Set this checkbox to begin logging the data to a disk file.
•
The file is called Sentry IIServer.log and is found in the “…\Sentry II\Bin” folder.
•
This is a global setting that always reflects the state of logging to disk.
p. 219
•
You are prompted to confirm the setting when changing it.
p. 220
Sentry II Server Control Center
The Sentry II Server Control Center menu items and their operation are described below. These can
only be accessed locally when you have direct access to the Sentry II Server computer. These are
not accessible remotely, using the IE browser.
Server
New
•
Creates a new '.BTC' file, applies the default settings to the current Server and automatically
restarts it.
•
See the Properties menu item below for a description of the default settings.
•
See the Restart menu item below for a description of restart.
Open
•
Opens an existing '.BTC' file, applies the default settings to the current Server and
automatically restarts it.
•
You are presented with an Open dialogue box where you navigate to select the name of the
'.BTC' file to open.
•
See the Properties menu item below for a description of the default settings.
•
See the Restart menu item below for a description of restart.
Save
•
Save the Server's current settings.
•
You are prompted for a file name if the settings were not previously saved; change to the
name and folder desired.
•
The default name is 'default.btc' and the default folder is the BIN folder of the Sentry II
install directory.
•
Use the saved '.BTC' file name as a desktop icon to start the Server.
Save As
•
Save the Server's current settings.
•
You are prompted for a file name for the settings; change to the name and folder desired.
p. 221
•
The default name is 'default.btc' and the default folder is the BIN folder of the Sentry II
install directory.
•
Use the saved '.BTC' file name as a desktop icon to start the Server.
Restart
•
Stops the Server and disconnects any active connections to Agents and to Administrators or
Analysts, if present.
•
Restarts the Server and reestablishes its connections.
Properties
This is the Sentry II Control Center Server property settings sheet. These settings are saved in your
named '.BTC' file; the default name is 'default.btc' (See Save and Save As menu items above).
•
Select the particular property page by clicking on the corresponding tab.
•
Click the '?' in the upper right-hand corner of the property sheet and move the '?' mouse
icon to any field and click again to get additional, detailed help information.
General Tab
•
Information on Sentry II: Version Number, Configuration File Version, Free Memory
available, Security state (default is disabled; See Configure Security), Product ID number,
and number of Agent Licenses allowed (See Upgrade Licenses on the Help menu item
below).
p. 222
TCP/IP Ports Tab
•
Specify HTTP Web Server port number (default 81), for using your IE Browser to connect to
the Server for Administrator and Analyst functions.
•
Specify Data Collection port number (default 82), for delivery of monitor data by the Sentry
II Agent.
•
Specify Database Access port number (default 83), for the WEB interface to the database.
•
Press corresponding Default button to restore the particular default value.
Web Server Tab
•
Specify use of Default Server Name or define a specific Server Name (or IP address).
•
Specify Root Directory for location of the Server executable, RpmCCS.exe; press the
Default button to restore the default setting.
•
Specify the Connection Queue Size (default is 255) for maximum number of simultaneous
requests for Sentry II Administrator or Analyst function pages.
•
Set the Enable Logging check box to log to a '.BTL' file, with date, all accesses to Sentry II
Administrator or Analyst function pages.
Database Tab
•
Specify Server database names, and optional login and password.
•
Press the Default button to restore default database name.
Automation Tab
•
Set the Start Agent when Server Loads checkbox to load the Server's own local copy of the
Agent when it starts up.
•
Set the Show Browser as default view when starting server checkbox to have the Server
switch to its embedded browser as the startup view (See View menu item).
•
Set the Launch browser in 'Standalone' mode checkbox to load the stand-alone Internet
Explorer and connect to the Server.
•
Specify the SMTP Server name or IP address for handling the transmission of the Alert
Email action (See Administer Alerts).
Exit
•
Stop all connections to any Agents or Administrators/Analysts and exit the Control Center
Server.
p. 223
View
The View menu items Status Bar, Shortcut Bar and Ticker, enable or disable a particular auxiliary
display (See immediately below for details). The Server main window always has one of a mutually
exclusive view among the choices of Web Details, Browser, and Server Monitor (See below for
details). Select from among the view choices to change the view.
Status Bar
•
When checked, displays a status bar at the bottom of the Server window which displays
standard IE browser status type messages on the left; and Server specific messages, such as
number of current Connections, number of Messages received, and total Server Uptime in
hours and minutes.
•
Hidden when unchecked.
Shortcut Bar
•
When checked, displays an 'Outlook' style menu on the left side of the Server window, with
two tabs, Views and Navigate. The Views selections are the same as present on this View
menu item (See immediately below), and the Navigate selections are the same as on the
Navigate menu item (See below).
•
Ticker
•
When checked, displays a 'marquee' like display, at the bottom of the Server window, above
the Status Bar if present; various Server events are displayed here in real-time, such as Alert
events (See Administer Alerts).
•
Web Details
•
Displays the Server log of all accesses to Sentry II Administrator or Analyst function pages,
in large icon view, when it is the selected Server view.
Browser
•
Displays the Server's embedded IE browser to use locally for accessing the Sentry II
Administrator and Analyst functions.
Server Monitor
•
Displays the Server Monitor log, with information on key Server events and actions,
including Server and Agent interaction.
p. 224
Clear View
•
Clears the display of the active Server view except the Browser view.
Navigate
The Navigate menu items apply to the Server Browser view and provide the same basic navigation
functions as the standard Internet Explorer.
Home
•
Redisplays the Sentry II Administer and Analyze Introduction page.
Refresh
•
Refreshes the current Sentry II Administer and Analyze page.
Stop
•
Stops the update of the current selected Sentry II Administer and Analyze page.
Back
•
Goes back to the previous Sentry II Administer and Analyze page.
Forward
•
Goes forward to the next Sentry II Administer and Analyze page in the history list.
Start
Agent
•
Start the Server's local Agent to provide monitoring of the Server itself.
Service
Settings...
•
Choose to run the Sentry II Server as a "service" on NT / 2000 computers.
Help
About Sentry II
•
Information on Sentry II: Version Number, Configuration File Version, Free Memory
available, Security state (default is disabled; See Configure Security), Product ID number,
and number of Agent Licenses allowed (See Upgrade Licenses immediately below).
p. 225
Upgrade License
•
Provides the means to dynamically upgrade the Sentry II Server from an 'Eval' to a fully
licensed version (default 5 Agent licenses) as well as adding additional Agent licenses.
p. 226
Appendix A – Local SQL Server Database
Follow these steps carefully to install and configure for use of a local Microsoft SQL Server
database:
Installing the Sentry II MDF File on a Local SQL Server
Copy the “Sentry II.mdf” file from the “…\Sentry II\Database” folder where Sentry II is installed to
the location that you wish the database file to exist. It may be the same directory in which the Sentry
II installation program placed the file. However, it simplifies subsequent Sentry II updating if you
move the file to the SQL Server folder, usually “C:\Program Files\Microsoft SQL
Server\MSSQL\Data” is where this file will reside.
You must make sure that the SQL Server is running. This may be determined via the SQL Server
Enterprise Manager. Then…
1) Launch the Data Sources (ODBC) configuration utility from:
Start->Settings->Control Panel->Administrative Tools
2) Next…Select the ‘System DSN’ tab and press the ‘Add’ button.
p. 227
3) Next… Select the ‘SQL Server’ entry from the list box and press the ‘Finish’ button.
4) Next… fill out the information as outlined below. Since you will be running SQL Server on the
same machine as the Sentry II Server, you must select (local) from the ‘Server’ dropdown.
p. 228
5) Next…make sure this next panel has the same set of options selected.
And, click the Client Configuration button and choose “Pipes” as the method Sentry II uses to
communicate with the SQL Server. For SQL2000 and later, Sentry II should use the “Shared
Memory” option automatically to communicate with SQL
Next, fill out the panel below. Edit and type into the “Change the default database to” field to the
string “Sentry II”. Although this is a drop-down field, you can edit and type into it. Then, substitute
the attached filename with the actual location of the “Sentry II.mdf” file.
p. 229
6) Finally…press the ‘Next’ button and complete the remaining panels as appropriate. The last
panel provides a means to test the Data Source.
Sentry II Security Issues for Accessing SQL Database
When Sentry II Server is running as a program after a user login, it accesses the SQL database with
the logged-in user’s credentials.
When the Sentry II Server is running as a service before user login, it accesses the SQL database
with “System” account credentials, or the credentials of the “LogOn” property of the Sentry II
Server service. Insure your SQL Server security is configured accordingly to allow the Sentry II
Server access based on the credentials it will be using.
p. 230
Appendix B – Remote SQL Server Database
Follow these steps carefully to install and configure for use of a remote Microsoft SQL Server
database:
•
Locate the file called “Sentry II.mdf”. It is stored in the Database folder under Sentry II
(usually C:\Program Files\Sentry II\Database).
•
Provide a copy of this file to your Database Administrator.
•
The Database Administrator should place this file in a location where the SQL Server
software may gain access. There should be a scheme already in-place.
•
To add this standalone “Sentry II.mdf” file to the known SQL databases, the ODBC Data
Sources utility should be run on the Sentry II Server computer.
•
Select the 'System DSN' tab.
•
Now select the 'Add…' button. You will see the following dialog:
p. 231
•
Select the driver named 'SQL Server' from the list. You may need to scroll down to find this
item. Then press the 'Finish' button.
•
You are presented with the following screen:
•
Type the information you see above. For the last input area (Server:), select the
computer/server that will host this SQL database. Click the 'Next' button.
•
You will be presented with the following dialog:
p. 232
•
Sentry II has been tested using 'Windows NT authentication'. Please make sure this first
radio button is selected. Then click the Client Configuration button and choose “Pipes”, if
possible, as the method Sentry II will use to communicate with the SQL Server. Complete
the panel as displayed above. Then press the button labeled 'Next'.
This next step will allow for the Sentry II.mdf file to be added to the list of databases within SQL
Server. Complete the panel below as displayed. The 'Attach database filename:' input field will
obviously vary depending upon the physical location of the “Sentry II.mdf” file. However, usually
“C:\Program Files\Microsoft SQL Server\MSSQL\Data” is where this file will reside. It is necessary
to change the default database to Sentry II. You can type this into the field.
•
You are now presented with the final configuration screen. Please confirm that the options
displayed match those in the dialog below.
p. 233
•
Press the 'Finish' button.
Notes:
1. We have tested using 'Windows NT authentication'.
2. When completing the rest of the panels, you want to make sure that the 'Sentry II.mdf' file is
selected rather than the default 'master'. The 'master' database contains important
information about your SQL Server environment that you should not alter during this
process.
Sentry II Security Issues for Accessing SQL Database
When Sentry II Server is running as a program after a user login, it accesses the SQL database with the
logged-in user’s credentials.
When the Sentry II Server is running as a service before user login, it accesses the SQL database with
“System” account credentials, or the credentials of the “LogOn” property of the Sentry II Server service.
Insure your SQL Server security is configured accordingly to allow the Sentry II Server access based on the
credentials it will be using.
p. 234
Appendix C–SQL/ORACLE Requirements
Microsoft SQL Server Checking
Run the Cliconfg.exe utility on the Sentry II Server computer in order to define to it where the
Microsoft SQL Server databases are that you want Sentry II to check with the ServerWatch SQL
check.
Set the Default Network Library to TCP/IP, and then click the Add button to define the location of
one or more SQL Servers to be monitored.
Oracle Database Checking
Run the Oracle Client Install (version 8i or 9i) to install the Oracle Client software on the Sentry II
Server machine. Consult your Oracle documentation. After you run the Oracle Client Installation,
you define the available Oracle databases using either ‘Service Naming’ or ‘Oracle Names Servers’.
The Oracle database names defined here are what are used in the ORACLE IP Service setup in
Configure Servers/Agent & Devices, in the Database parameter field.
p. 235
Appendix D–Moving from Access to SQL Server
If you want to move your Sentry II database from Access to SQL Server, follow these steps.
1) Stop the Sentry II Server if it is currently running. Use the Windows Services tool to stop the
Sentry II Server service if it is running as a service;
2) Use the ‘Data Sources (ODBC)’ to change the ‘BreakoutRPM’ System DSN that points to your
current Access database ‘RPM.mdb’ and rename it to ‘BreakoutRPM_MDB’;
3) Start Enterprise Manager, and expand the tree to the databases; find and right-click on the new
Sentry II database, and choose "All Tasks->Import Data" and run the "DTS Import Wizard";
4) The "Source" choice should be "Driver do Microsoft Access (.mdb)"" and the "User/System
DSN" choice should be the saved DSN to your original database "BreakoutRPM_MDB";
5) Click the Next button, and then the "Destination" choice should be "Microsoft OLE DB
Provider for SQL Server" and the "Database" choice should be your new Sentry II database,
"Sentry II “;
6) Click Next and select the radio button for "Copy tables from the source database";
7) Click Next and then Select All to select all the tables; you can choose to uncheck the ‘Value’
table and/or the ‘ServicesLog’ table if you want to leave behind your CounterWatch data
(Value table) and ServerWatch data (ServicesLog table);
8) Click Next and then check the "Run Immediately" checkbox; then click Next, confirm the
"Summary" and then click "Finish", and then "Done".
p. 236