Patrol For MS Window Server

PATROL for Microsoft Windows Servers v2.3.
00
Reviewers Guide
Contents
Welcome! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Management of Microsoft Windows Servers . . . . . . . . . . . . . . . . . . . . . . 3
Installation Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
PATROL Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Installing the Product . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Server Operating System Availability with Quick Value Statistics . . . . . 9
Advanced Features and Functionality. . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Alarm Thresholds. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Automated Recovery Actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Combination Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Custom Views and Graphs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Event Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Microsoft Performance Counters and PATROL Monitoring . . . . . . 18
Process Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Registry Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Services Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Text Log Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Environment-Specific Functionality. . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Active Directory/Domain Management . . . . . . . . . . . . . . . . . . . . . . 23
Cluster/Network Load Balancing Management. . . . . . . . . . . . . . . . 23
Datacenter Server Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Microsoft Certification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
MTS/COM+ Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
MSMQ Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Helping You Maintain Advantage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
About BMC Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
BMC Software, Inc., Confidential and Proprietary Information
PATROL for Microsoft Windows Servers v2.3.00 Reviewers Guide
Management of Microsoft Windows Servers
Welcome!
This reviewers guide outlines step-by-step instructions for you to quickly
install, configure, and evaluate the PATROL for Microsoft Windows
Servers product in a Microsoft Windows NT or Microsoft Windows 2000 test
environment.
The installation procedures in this guide assume that the product will be
installed locally on a single computer that does not already have PATROL
installed. For more advanced PATROL installations, including upgrades from
previous versions and remote installations, please consult the PATROL for
Microsoft Windows Servers Getting Started guide.

PATROL for Microsoft Windows Servers provides automated management
of Microsoft Windows servers and proactively manages server availability,
performance, and utilization. Through enterprise-level PATROL service
reporting or the easy-to-use Microsoft Excel-based reporting wizard, you can
create reports to assist administrators in maintaining an optimal environment.
In addition, the PATROL console provides management tools to ease
administration. The real-time graphs, alerting, and notification capability in
PATROL helps ensure that your servers are constantly available and running
at peak capacity. Having servers available and running at peak capacity is
critical to meeting service level agreements.
PATROL for Microsoft Windows Servers monitors Microsoft Windows NT,
Windows 2000, and .NET Server operating systems, printers, disk, memory,
and other core OS functions. Administrators also can scan event logs for
trouble and set PATROL to take corrective action, such as automatically
restarting a service. Operating system availability is critical to system
administrators because server failures can result in lost productivity and lost
revenue. All too frequently, administrators learn about server crashes after
irate users call. PATROL provides the administrator with proactive tools to
detect problems before they impact users.
Installation Requirements
Before installing PATROL for Microsoft Windows Servers, check that the
requirements listed in Table 1 have been met.
Table 1
PATROL for Microsoft Windows Servers Install Requirements
Resource
Minimum Requirements
Platform
Intel
Operating system
Windows 2000 Server (SP1 and SP2 are

supported)
Windows 2000 Advanced Server (SP1
and SP2 are supported)
Windows 2000 Datacenter Server (SP1
and SP2 are supported)
Windows NT Server 4.0 (SP5 and SP6A
are supported)
Windows NT 4.0 Enterprise Edition (SP5
and SP6A are supported)
Windows NT 4.0 Terminal Server Edition
(SP4, SP5, and SP6 are supported)
RAM
Comments
More memory is required to run

PATROL with larger applications.
32 MB for an agent
Disk space
48 MB for a console

PATROL simultaneously with other
Windows applications.
20 MB for an agent
(without components and KMs)

PATROL with larger applications.
50 MB for a console
(without components and KMs)

PATROL simultaneously with other
Windows applications.
148 MB for an agent

(with all solution components and KMs)
116 MB for a console
(with all solution components and KMs)
PATROL
PATROL Console 3.3.x or later

PATROL Agent 3.3.x or later
PATROL Terminology
The core components of PATROL include the PATROL Agent, which collects
data, the KMs or Knowledge Modules, which contain the application-specific
monitoring knowledge (they tell the agent what to monitor), and the PATROL
Console (the user interface). The PATROL Agent and several Windows
Knowledge Modules (KMs) are components of the PATROL for Microsoft
Windows Servers product. The console is a separately licensed product.
The console includes a tree view that you can expand to view the four levels
of monitoring provided by PATROL (Figure 1 on page 5). Traditionally,
under the PATROL main map, you can see these four monitoring levels:
Server or Host (represented by the computer name)

Application Class
Instance
Parameter
Each object has a menu of actions (menu commands) that you can view by
right-clicking the object in the tree or icon view.
Annotated data points in PATROL are data points in a PATROL graph,
represented by an asterisk, that provide additional details when an item is in
an alarm state. One example is an annotated data point for peak CPU usage.
By clicking on this annotated data point, you can see a list of the top ten
processes that were running at the time the CPU usage peaked.
Figure 1
PATROL window showing the expanded tree view with the four levels of monitoring.
Installing the Product

For your evaluation, install PATROL from the CD.
Before launching the install program, make sure to log into Windows with a
user account that has local administrative privileges for the machine on
which you are installing PATROL products.
Note:
Although you can use an existing Windows user account to install

PATROL, BMC Software recommends that you create a separate
Windows user account for PATROL. This account should be a
member of the local administrators group on the server where
PATROL is being installed. The minimum user rights that must be
assigned for PATROL to execute tasks are as follows:
Note:
act as part of OS
debug programs
increase quotas
log on as service
log on locally
profile system performance
replace a system token
Before attempting to view Microsoft Excelbased reports in

PATROL, please make sure you have Excel installed on the local
machine.
1. Insert the PATROL for Windows Servers CD into the CD-ROM drive
2. The installation procedure begins automatically by using the Microsoft
Windows auto-run functionality.
Note:
If the installation program does not start automatically, from the

Start menu, choose Run, and type the following command:
D:\Setup.exe where D is your CD-ROM drive.
3. Install console components, KMs, and PATROL Agent as discussed in

the following section.
To Install Console Components, Knowledge Modules, and PATROL Agent
The installation procedures in this guide assume the product will be installed
locally on a single computer that does not already have PATROL installed.
For more advanced PATROL installations, including upgrades from previous
versions and remote installations, please consult the PATROL for Microsoft
Windows Servers Getting Started guide.
Your first task is to decide which products to install on which machines. For
evaluation purposes, you can install all components and products on a single
test machine. In a production environment, you install the KMs and PATROL
Agents on all computers to be managed (Managed Systems) and install the
console components only on the few computers that will provide the
PATROL user interface (Console Systems).
By launching auto-run from a CD install, or by double-clicking on the
setup.exe file, you can begin the install program. As it launches, it displays in
a Web browser interface.
1. Click Next on the welcome screen.
2. Read the license agreement and select Accept, then click Next.
Note:
PATROL ships with a 30-day trial license. This license will

expire in 30 days if you do not purchase the product and enter a
permanent license key.
3. From the Select Type of Installation window, select Typical and click Next.
Note:
With a Typical installation, PATROL automatically selects the

default port number of 3181.
4. In the Specify Installation Directory window, enter the location where you
want to install PATROL or accept the default directory and click Next.
5. From the Select System Roles window, select Console Systems and
Managed System, then click Next.
6. Expand the PATROL Solutions for Microsoft Windows - QuickStart
Packages tab and select Manage Microsoft Windows Servers and click
Next.
7. Enter a valid Windows account log-in name with administrator privileges
and then type the password twice as requested and click Next.
8. On the PATROL 3.x Product Directory window, specify a subdirectory
location or accept the default directory and click Next.
9. Select the option to start the PATROL Agent automatically, then click
Next.
10. Review the installation summary screen, and click Start Install.
11. After successful installation, click Next.
12. To exit the install utility, click Finish.
13. Click OK, then Yes to close all browser windows.
To Set Basic Configuration
Complete the following steps to start monitoring and managing with

PATROL in your environment:
1. From the Windows Start menu, select Programs => BMC
PATROL => Developer Console.
Note:
You will need Developer Console authority to complete some of

the configuration and customization tasks in this guide. If you
only want to view PATROL data, you can use the Operator
Console.
To add the host (computer) that you want to monitor to the PATROL console,
2. Select Hosts => Add from the PATROL console main menu.
3. Next to Host Name, type the name of the local machine.
4. Type the Windows user name and type the password twice as requested.
Note:
The Interactive System Output Window is an optional feature

that might be helpful. The Interactive System Output Window
allows you to view real-time descriptions of PATROL Agent
activity from the console. To activate, right-click on the
computer (host) name in the PATROL tree view. Then, select
Show System Output Window.
5. Click OK.
Note:
When you selected the Typical install option, the minimal set of
monitoring parameters were automatically configured for you.
However, to do some of the advanced functions in this reviewers
guide, you need to load additional KMs.
6. Within the PATROL console, select File => Load KM.
Server Operating System Availability with Quick Value Statistics
7. Select the NT_LOAD.kml file, then click Open.

Note:
The NT_LOAD.kml is the most comprehensive (and the most

resource intensive) of the KM files. This file is loaded for
evaluation purposes so that you can see the full breadth of
PATROL capability. In a production environment, the Typical
install components may be sufficient for many servers.
Save your KMs so that PATROL automatically loads the selected KMs the
next time you start the PATROL Console.
To do so, select File => Save KM from the PATROL main menu. You are now
ready to monitor with PATROL.
To immediately view data (instead of waiting for PATROLs next scheduled
monitoring interval),
1. Right-click your computers (host) name in the PATROL tree view (right
under PATROL Main Map).
2. Select KM Commands => Utilities => Patrol => Force Discovery.
Note:
If you make a mistake, or later want to change the Windows user

account used for PATROL, you can do this from the PATROL
Console. Right-click on the computer (host) name in the
PATROL tree view. Select Properties, then select the Security
tab. Type a new user account and password with local
administrative privileges. Click OK.
For advanced featuresincluding notification, and enterprise-wide,

consolidated, service reporting and event managementcontact your BMC
Sales Representative for documentation on PATROL Operations Manager
and PATROL Service Reporting.
Server Operating System Availability with Quick

Value Statistics
The following table lists some of the statistics (parameters) available in
PATROL to ensure Windows server availability. The items are listed in the
order that they appear on the PATROL console.
To view the PATROL tree view,
1. Expand the PATROL MainMap icon in the top left corner of the console.
2. Expand the computer name and then expand Windows Operating System.
3. To view data for any item represented in Table 2 on page 10,
double-click the item in the tree view of the PATROL console
.
Table 2
How PATROL Ensures Server Availability (Part 1 of 3)
Parameter Name
by Application Class
How PATROL ensures server availability
Health At A Glance Container
This high level container includes a few of the most critical statistics
you need to monitor on each server
NT_PERFMON KM
This KM is used to create new custom KMs from any existing set of
Microsoft Performance Counters available on a server.
Windows Operating System KM
This high level container includes all of the operating system

application classes and parameters listed below and on the next
few pages.
NT_CACHE
The next two parameters monitor caching performance.
CACcachCopyReadHitsPercent
the percentage of cache copy read requests

A copy read is a file read operation that is satisfied by a memory
copy from a cache page to the applications buffer.
CACcachCopyReadsPerSec
the frequency of reads from cache pages that involve a memory

copy of the data from the cache to the applications buffer
NT_COMPOSITES Application Class
This application class is used to create new custom parameters by

combining multiple parameters into a single alarm. See
Combination Parameters on page 14.
NT_CPU
The next four parameters monitor CPU utilization.
CPUprcrInterruptsPerSec
the number of device interrupts encountered by the processor per

second
An interrupt occurs when a device has completed a task or when it
requires attention.
CPUprcrPrivTimePercent
the percentage of processor time spent in privileged mode in

non-idle threads
CPUprcrProcessorTimePercent
the percentage of time that a processor is busy executing the

threads of a process
Threads are units of work that make up a process. Consistently
high numbers (greater than 75 percent) can indicate performance
problems that can slow your system down.
CPUprcrUserTimePercent
the percentage of CPU time currently being spent in user mode

doing commands and tasks initiated by users
NT_EVENTLOG
This application class is used to monitor events in the Windows

event logs. See Event Monitoring on page 17.
NT_LOGICAL_DISKS
The next four parameters monitor logical disk availability.
LDldDiskQueueLength
the number of requests outstanding on the disk, including requests

currently in service
10
Table 2
Parameter Name
LDldDiskTimePercent
the percentage of elapsed time that the selected disk drive is busy
servicing read or write requests
LDldFreeMegabytes
the amount of unused space on the disk drive in megabytes (MB)
LDldFreeSpacePercent
the percentage of free space available on the selected logical disk

drive
Automated Recovery: PATROL can automatically clear the temp
directory when LdldFreeSpacePercent enters an alarm state.
NT_MEMORY
The next three parameters monitor memory availability.
MEMmemAvailableBytes
the number of megabytes of physical memory currently available to

processes (is not directly related to the amount of physical memory
installed in your server)
MEMmemPageFaultsPerSec
the number of hard and soft page faults in the processor
MEMmemPagesPerSec
the number of hard page faults for the processor; the value often
determines whether or not your system needs more RAM
NT_NETWORK
The next two parameters monitor TCP/IP network traffic.
NETniPktsOutboundErrors
the number of outbound packets that could not be sent as a result

of errors
NETniPcktsPerSec
the rate that packets are sent and received on the network
NT_PAGEFILE
PAGEpgUsagePercent
NT_PHYSICAL_DISKS
The next parameter monitors page file use.

the amount of the page file currently in use
The next two parameters monitor physical disk availability.
PDpdDiskQueueLength
the number of requests outstanding on the disk at the time the

performance data is collected
PDpdDiskTimePercent
the percentage of elapsed time that the disk spends servicing read
or write requests
Good disk performance enhances virtual memory performance and
reduces the elapsed time required to load programs that perform a
large number of I/O requests.
NT_PROCESS
The next four parameters are displayed after you configure specific
processes for monitoring. See Process Monitoring on page 19.
PROCPageFaultsPerSec
the number of page faults per second by the threads executing in

this process
A page fault occurs when a thread refers to a virtual memory page
that is not in its working set in main memory.
PROCPageFileBytes
the current number of bytes this process has used in the paging file
PROCProcessorTimePercent
the percentage of elapsed time the selected process used to

execute instructions
Automated Recovery: PATROL can automatically kill a process
when PROCProcessorTimePercent is in alarm for a specified
amount of time.
PROCStatus
the status of the associated process

A value of 0 indicates the process is running. A value of 1 indicates
that the parameter is not running.
11
Table 2
Parameter Name
NT_REGISTRY_GROUP
Total_UpdateFrequency
NT_SECURITY

The next parameter is displayed after you configure specific
registry keys for monitoring. See Registry Monitoring on page 20.
tracks all update activities of the keys in the group
The next three parameters monitor file access security.
SECsvrErrorsAccessPermissions
the number of times people attempted to open files and failed

because of insufficient permissions to the file
A high number of failures can indicate that someone is trying to
randomly access files that are not adequately protected.
SECsvrErrorsGrantedAccess
the number of times people attempted to open files and were

denied
A high number of denied-access errors can indicate that someone
is attempting to access files without the correct authorization.
SECsvrErrorsLogon
the number of failed logon attempts on the server

A high number of failed logon attempts can indicate that someone
is trying to guess passwords, possibly using a password-cracking
program, which could pose a breach in the security of the server.
NT_SERVER
The next two parameters monitor server process activity.
SVRsvrServerSessions
monitors the number of sessions currently active in the server
SVRsvrSessionsErroredOut
monitors the number of sessions that have been closed because of

unexpected error conditions
This value indicates how frequently network problems are causing
dropped sessions on the server.
NT_SERVICES
ServiceStatus
NT_SYSTEM
The next parameter monitors service availability.

indicates whether a service is up or down
Automated Recovery: PATROL can automatically restart a failed
service if it has a startup type of automatic.
The next three parameters monitor system performance.
SYSobjProcesses
the number of processes in the computer at the time of data

collection
SYSobjThreads
the number of processes in the computer at the time of data

collection
SYSsysSystemUpTime
the time, in seconds, that the computer has been up and running
12
Advanced Features and Functionality

The following sections highlight some key features you will want to review
in your evaluation of PATROL for Microsoft Windows Servers.
Alarm Thresholds
PATROL monitors server activity and sends alerts to the PATROL console
based on predefined threshold ranges. This procedure uses an example to
show you how to change these ranges to settings specific to your
organization.
1. Switch from the desktop to the KM tab on the console (tabs are at the
bottom of the tree view).
2. Once in the KM view, expand the Knowledge Module icon, then expand
the Application Classes folder.
3. Expand the NT_LOGICAL_DISKS application class.
4. Expand the Global folder.
5. Expand the Parameters folder.
6. For this example, double-click on the LDldFreeSpacePercent parameter.
The Parameter Properties are displayed.
7. Select the Alarm Ranges tab.
Alarm 1 is for alarms. Alarm 2 is for warnings. You can select Enable for
either or both alarm ranges and set the minimum and maximum ranges
for when an alarm should be sent to the console. Notice that
out-of-the-box PATROL gives you a warning when your free space gets
below 10 percent. Then it will go into alarm when the free space is below
5 percent.
13
Automated Recovery Actions

PATROL includes automated methods to recover from common failures. To
view the defaults for the automatic recovery action that automatically clears a
temp directory when the disk gets full:
1. Return to the Desktop tab, right-click the computer (host) name in the
PATROL tree view, and select KM Commands => Configure Recovery
Actions.
2. Select Clean Temp Directory and click Accept.

3. Select the NT_LOGICAL_DISKS application class and click Edit.
4. Select the mode Run Attended.
This setting lets you acknowledge all recovery actions before they take
place.
5. Click Accept.
6. Click Close twice to exit.
To activate the recovery action:
1. Right-click the NT_LOGICAL_DISKS icon, and select KM
Commands => Edit Recovery Action List.
2. Select Include All, then click Apply.

3. Click Close.
Combination Parameters
With PATROL, you can combine several individual parameters into a single
parameter (composite parameter) to see how events are correlated. For
example, you can create a composite parameter to alarm only when both
CPU and memory exceed predefined thresholds.
To create a composite parameter,
1. Right-click on the NT_CompositesColl application class, and select KM
Commands => Create Expressions.
2. Create a name for the new parameter. For this example, type MemCPU,
and click Create.
14
3. On the initial Edit screen, accept the default values and click Wizard.
4. Select Patrol KM parameter and click Continue.
5. Select NT_CPU and click Continue.
6. Select CPU_Total and click Continue.
7. Select CPUprcrProcessorTimePercent and click Continue.
8. Select Greater than or equal to and click Continue.
9. Select Constant value and click Continue.
10. Type 10, and click Continue.
You have now finished the first half of the procedureto set the alarm when
CPU utilization exceeds 10 percent. The following portion of the procedure
guides you through setting the limit for available bytes.
11. Click More, select And, and click Continue.
12. Select Patrol KM parameter and click Continue.
13. Select NT_MEMORY and click Continue.
14. Select MEMmemAvailableBytes and click Continue.
15. Select Less than or equal to and click Continue.
16. Select Constant value and click Continue.
17. Type 100 and click Continue.
18. Exit the remaining open windows by clicking the appropriate buttons in
this sequence: Done, Done, Save, OK, and Done.
You now have a new object that alerts only when both criteria are
metCPU greater than 10 percent and available bytes less than 100 MB.
15
Custom Views and Graphs

It may be useful to create custom views that represent domains, departments,
or other logical groupings of servers and parameters in the PATROL console.
To create a custom folder:
1. Select File => New => Folder from the PATROL main menu.
2. Give your custom folder a name and a title.
3. Click Browse and select an icon for the custom folder.
4. Click Open, then click OK.
The new folder is displayed below the PATROL Main Map icon in the
PATROL tree view.
5. To move specific servers to this new folder, drag and drop server icons
into the folder.
You can also create custom graphs of the parameters that are most important
to your organization.
1. Select File => New => Graph Folder.
2. Give your custom graph a name and a title.
3. Click Browse and select an icon for the custom graph.
4. Click Open, then click OK.
The new custom graph is displayed below the custom folder in the
PATROL tree view.
5. To move specific parameters to this graph, drag and drop parameter icons
into the graph. You can include multiple parameters in a single graph.
16
Event Monitoring
By default, PATROL for Microsoft Windows Servers monitors all Microsoft
event logs including
System Log
Security Log
Application Log
DNS Server
Directory Service
File Replication Service
PATROL can monitor all event levels including informational, warning, and
error. Howeverby defaultPATROL alarms only on errors. PATROL, also
by default, forwards all Windows error events to the PATROL event window.
You can forward additional filtered events to the PATROL console based on
event source, event type, text strings, users, event categories, and event IDs.
To view the PATROL event window, select Tools => Event Manager from the
PATROL main menu.
For this evaluation, use the example of monitoring the Windows application
log for a specific event source.
To create a new monitoring item (instance) that represents a particular source
in the Windows application log:
1. Double-click the NT_EVENTLOG application class in the tree view of
the PATROL console.
2. Right-click the Application icon in the display pane on the right.
3. Select KM Commands => Instances => Defined by Template.
4. Create a name for your new monitored object and type it in the Instance
Name box (for example, type MyEvents).
5. Select Create, then click Apply.
A screen is displayed where you can select different properties for event
filtering.
6. In the From Sources drop-down box, select an event source. For this
example, select DrWatson and select Add next to the source.
7. Change the annotation option to Yes so that any events that are found will
include the event details when they are forwarded to the PATROL event
window.
17
8. Click Apply and then click Close twice to exit.

To send additional Windows events to the PATROL Event Manager (PEM)
window in the PATROL console:
1. Double-click on the NT_EVENTLOG application class in the tree view
of the PATROL console.
2. Right-click the Application icon in the display pane on the right.
3. Select KM Commands => Utilities => Forward NT Events to PEM.
4. In the resulting window, select Yes to choose Forward filtered NT events
from the Application Log to PEM.
5. Click Apply, then click Close to exit.
Microsoft Performance Counters and PATROL Monitoring

Microsoft Windows NT and Microsoft Windows 2000 provide hundreds of
performance monitor counters that collect various data about the operating
system. By default, PATROL includes the industry-typical
performance-monitor counters.
If your organization has interest in additional counters, you can add them by
using the PATROL Perfmon Wizard tool in the PATROL Console NT_PERFMON.
To add Microsoft performance counters,
1. Within the PATROL Console, select File => Load KM.
2. Select the NT_PERFMON.kml file, then click Open.
Within a few minutes, NT_PERFMON will display in the PATROL tree
view.
3. Right-click on the NT_PERFMON application class icon and select KM
commands.
4. Select Update PerfMon Parameters.
5. Type a User ID and Password with administrative rights for the server
you want to monitor, and click Next.
A list of available performance groups is displayed.
18
6. Select a performance group (for example, Internet Information Services

Global, if it is listed).
7. Select the Create PATROL Application, then click Select.
A list of available counters in this performance group is displayed on the
left.
8. Select a performance counter such as File Cache Hits.
9. Select Add and click the Add/Delete/Explain.
The counter now appears in the selected counters list on the right.
10. Repeat these steps for each counter of interest in this
performance-monitoring group.
11. When you are finished adding counters, click Done, click Finish, and then
click OK on the resulting summary screen.
The new items you added to monitoring will be displayed under the
NT_PERFMON application class.
To load the new KM for monitoring by the PATROL console,
1. From the main menu on the PATROL console, select File => Load KM.
2. In the File Type box, change the kml files (*.kml) default to KmFiles
(*.km).
3. From the Look in drop-down list, find the lib folder, then open the
Knowledge folder.
4. Select the new KM that has a name starting with PERF, such as
PERF_InetInfoSvcGbl.km.
5. Click Open.
Process Monitoring
PATROL monitors processes out of the box by reporting on the top ten
processes consuming resources (PROCTopProcs). You can also customize
PATROL to view continuous historic usage for a specific process or group of
processes.
19
To monitor specific processes,

1. Right-click on the NT_PROCESS application class in the PATROL tree
view.
2. Select KM Commands => Process Monitoring.
3. From the list of running processes listed on the left, select a process that
you want to monitor.
Note:
If the process you want to monitor is not currently running, type

the exact process name in the Specify a Process Name field.
4. Next to action, select Add and then click Apply.

5. On the Select Process with Argument List, keep the default values and
click Apply.
6. Click Close twice to exit.
Registry Monitoring
PATROL can monitor for any changes in the Windows registry on the local
machine. This ability alerts administrators to changes that could negatively
affect the performance of their servers.
To begin monitoring a group of registry keys, you will need to create a
registry group monitoring object (instance) in PATROL.
To create a registry group monitoring object,
1. Right-click the NT_REGISTRY application, and choose KM
Commands => Define Registry Group.
2. Create a name for your new monitored object and type it in the Instance
Name box.
3. Select Create and then click Apply.
4. Select the item that you want to monitor from the Select Root Key
drop-down list (for example, HKEY_LOCAL_MACHINE to capture all
registry changes on the local machine).
5. Leave all the other options in their default states.
6. Click Apply, then click Close twice to exit.
20
Services Monitoring
By default, PATROL monitors availability of all services that are running on
the managed server. This functionality helps administrators ensure the
availability of their critical applications. You can customize this list of
monitored services to add services that are not yet running or to exclude
services that are of less concern. Also, PATROL will restart any services that
go down if they are configured to start automatically.
In addition to the default availability monitoring, you can customize
PATROL to monitor how much memory and CPU a service consumes.
To monitor memory and CPU for a specific service,
1. Right-click the NT_SERVICES application and choose KM
Commands => Service Executable Monitoring.
2. Select the name of the service that you wish to include for more detailed
monitoring.
3. Select Include Selected.
4. Click Apply and click Close.
Text Log Monitoring

PATROL includes the ability to monitor custom application logs or any text
file for file size, for file growth, and for a particular text string found in the
log. If the log file grows too large, PATROL also can automatically back up
and clear the log file.
To monitor a new text file:
1. Use Microsoft Windows Wordpad to create a text file with the letters
XYZ in it and save it as test.txt.
2. Double-click on the NT_EVENTLOG application class in the tree view
of the PATROL console.
3. Right-click on the TextLogs icon in the display pane on the right.
4. Select KM Commands => Edit List of Monitored Files.
5. Select Add and click Apply.
21
6. Type in the full name and path of the file that you want to monitor (for
example, C:test.txt) in the File Name box.
7. Type the maximum acceptable size for this file in Size Limit (Bytes).
Note:
PATROL alarms if the file grows beyond the size that you set.
8. For the automated recovery action, you can leave the default, No Action,
selected for now.
9. Click Apply, then Accept and Close to exit.
To search for a specific text string in the log file, go back to the TextLogs
icon in the display panel.
1. Right-click on TextLogs, and select KM Commands => Edit Search
Template.
2. Select Add, and click Apply.
3. Create a name for the new template you are creating (for example,
FindXYZ), and type XYZ for the Search String.
4. Select the name of the file to search for in the text string (c:test.txt).
5. Change the Alert Severity to 3 Alarm, then click Apply.
6. On the resulting Confirm screen, click Accept.
7. Click Cancel to exit.
You will now have a PATROL alert each time the text string XYZ is found in
the sample log file.
22
Environment-Specific Functionality
Environment-Specific Functionality
The following sections give information about functionality that is available
for PATROL for Microsoft Servers under specific environments.
Active Directory/Domain Management

PATROL for Microsoft Windows Servers ensures the connectivity,
replication, and overall health of the active directory. The PATROL solution
includes monitoring
the local Domain Controller directory

Local Security Authority Subsystem (LSASS) process
Lightweight Directory Access Protocol (LDAP) connectivity
Domain Name System (DNS)
In addition, PATROL uses synthetic transactions, performance counters, and

Windows Management Instrumentation (WMI) to ensure the availability of
the customer's Active Directory.
PATROL provides Dynamic Host Configuration Protocol (DHCP) and
Domain Controller monitoring to help administrators track domain usage.
For example, you can easily monitor DHCP lease usage to determine in
advance when you will need to allocate more addresses on particular DHCP
servers.
Cluster/Network Load Balancing Management

PATROL monitors and manages processes, network status, graphical views
of dependencies, and cluster health. This capability monitors the health of the
cluster services and cluster-resource status in addition to monitoring cluster
uptime, cluster-specific errors, resource types, and cluster-specific
connectivity.
The PATROL for Windows Servers product monitors, manages, and balances
the TCP/IP connection loads across clusters and nodes, improving network
throughput. PATROL for Microsoft Network Load Balancing (NLB) allows
you to obtain the following information:
status of the NLB cluster

status of nodes within the NLB cluster
cluster-related events
cluster performance data
23
Microsoft Certification
Datacenter Server Management

PATROL monitors and manages the advanced features in Microsoft Windows
2000 Datacenter Server including clusters and job objects, ensuring a highly
manageable, enterprise-computing platform. BMC Software has worked
closely with hardware vendors to ensure that PATROL maximizes customer
investments on the Microsoft Windows 2000 Datacenter Server platform. In
addition, PATROL for Microsoft Windows Servers has earned Microsoft
certification on the Datacenter Platform.
The job-object monitoring that PATROL for Microsoft Windows Servers
performs includes
monitoring process control service

alarming when job objects are created or control limits are changed
monitoring when a process tried to change its priority or affinity
alarming when applications are shut down or crash due to violating a
process-control limit
Microsoft Certification
BMC Software has earned Microsoft's approval to carry the Certified for
Microsoft Windows 2000 Server logo on BMC Software's PATROL for
Microsoft Windows Servers. BMC Software was the first enterprise systems
management vendor to earn this certification for Microsoft Windows 2000
Servers.
Certification assures our customers that PATROL will run predictably on
Microsoft Windows 2000 Servers, Advanced Servers and Datacenter Servers,
thereby reducing the overall time and cost spent implementing Microsoft
Windows 2000.
MTS/COM+ Management
PATROL monitors and manages Microsoft Transaction Server (MTS) by
monitoring processes, transactions, and events, and helping to manage
multiprocessing services for higher scalability and availability.
The PATROL for Windows Servers product provides functionality to monitor
the run-time environment for Microsoft Transaction Server (MTS) on a
Microsoft Windows NT 4.0 server and Microsoft COM+ (COM+) on a
Microsoft Windows 2000 Server.
24
MSMQ Management
The PATROL for Microsoft COM+ product performs the following actions
for Microsoft Windows 2000 servers:
monitors the COM+ run-time environment
monitors the status of COM+ applications
monitors Microsoft Windows 2000 log events related to the Microsoft

Distributed Transaction Coordinator (MS DTC) service and monitors the
MS DTC service status
manages the MS DTC service by providing the capability to start or stop

the service
monitors Microsoft Windows 2000 COM+ log events
MSMQ Management
PATROL monitoring of Microsoft Message Queue (MSMQ) enables
administrators to monitor and manage sessions, messages, and queues,
thereby ensuring the delivery of messages. The Microsoft MSMQ round-trip
time metric tracks round-trip message time of each use.
Reporting
PATROL provides easy-to-use, canned reports on performance and
availability of Microsoft Servers and applications. You can easily generate
customizable, business reports using Microsoft Excel. For more advanced,
enterprise-wide summary reports, you can install the PATROL Service
Reporting component.
25
Helping You Maintain Advantage
Helping You Maintain Advantage

BMC Software Professional Services helps your company maintain its
competitive advantage through a comprehensive suite of services that
includes service level management consulting, installation, implementation,
configuration, and customization. Our professional services and education
offerings are designed to ensure the ongoing availability of critical business
applications, maximize product potential, reduce project risk, deliver IT
value to your business, and improve your operations. For more information
about BMC Software Professional Services, visit
http://www.bmc.com/profserv.
About BMC Software

BMC Software, Inc. [NYSE: BMC], is the leading provider of enterprise
management solutions. Through its Assuring Business Availability
approach, BMC Software delivers control over infrastructure management
costs, control of market advantage and differentiation via service
management, and growth of business value with solutions for business
optimization. BMC Software is a member of the S&P 500, with fiscal year
2001 revenues exceeding $1.5 billion and offices worldwide. For more
information, please visit the BMC Software Web site at http://www.bmc.com.
26
About BMC Software
27
For more information visit

BMC Software on the Web at
www.bmc.com
BMC Software, the BMC Software logos and all

other BMC Software product or service names are
registered trademarks or trademarks of BMC Software, Inc. All other registered trademarks or trademarks belong to their respective companies.
2002, BMC Software, Inc. All rights reserved.
17444 6/02

Patrol For MS Window Server

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Patrol For MS Window Server

Uploaded by

Copyright:

Available Formats

PATROL for Microsoft Windows Servers v2.3.

BMC Software, Inc., Confidential and Proprietary Information

PATROL for Microsoft Windows Servers v2.3.00 Reviewers Guide

Management of Microsoft Windows Servers

Management of Microsoft Windows Servers

BMC Software, Inc., Confidential and Proprietary Information

Management of Microsoft Windows Servers

PATROL for Microsoft Windows Servers Install Requirements

Windows 2000 Server (SP1 and SP2 are

More memory is required to run

More memory is required to run

More memory is required to run

More memory is required to run

148 MB for an agent

PATROL Console 3.3.x or later

BMC Software, Inc., Confidential and Proprietary Information

PATROL for Microsoft Windows Servers v2.3.00 Reviewers Guide

Management of Microsoft Windows Servers

Server or Host (represented by the computer name)

BMC Software, Inc., Confidential and Proprietary Information

Installing the Product

Installing the Product

Although you can use an existing Windows user account to install

Before attempting to view Microsoft Excelbased reports in

If the installation program does not start automatically, from the

3. Install console components, KMs, and PATROL Agent as discussed in

BMC Software, Inc., Confidential and Proprietary Information

PATROL for Microsoft Windows Servers v2.3.00 Reviewers Guide

Installing the Product

To Install Console Components, Knowledge Modules, and PATROL Agent

PATROL ships with a 30-day trial license. This license will

With a Typical installation, PATROL automatically selects the

BMC Software, Inc., Confidential and Proprietary Information

Installing the Product

To Set Basic Configuration

Complete the following steps to start monitoring and managing with

You will need Developer Console authority to complete some of

The Interactive System Output Window is an optional feature

6. Within the PATROL console, select File => Load KM.

BMC Software, Inc., Confidential and Proprietary Information

PATROL for Microsoft Windows Servers v2.3.00 Reviewers Guide

Server Operating System Availability with Quick Value Statistics

7. Select the NT_LOAD.kml file, then click Open.

The NT_LOAD.kml is the most comprehensive (and the most

If you make a mistake, or later want to change the Windows user

For advanced featuresincluding notification, and enterprise-wide,

Server Operating System Availability with Quick

BMC Software, Inc., Confidential and Proprietary Information

Server Operating System Availability with Quick Value Statistics

How PATROL Ensures Server Availability (Part 1 of 3)

How PATROL ensures server availability

Health At A Glance Container

Windows Operating System KM

This high level container includes all of the operating system

The next two parameters monitor caching performance.

the percentage of cache copy read requests

the frequency of reads from cache pages that involve a memory

NT_COMPOSITES Application Class

This application class is used to create new custom parameters by

The next four parameters monitor CPU utilization.

the number of device interrupts encountered by the processor per

the percentage of processor time spent in privileged mode in

the percentage of time that a processor is busy executing the