BMC PATROL For Microsoft Windows Servers Getting Started

BMC PATROL
for Microsoft Windows Servers
Getting Started
Supporting
BMC PATROL KM for Microsoft Windows Operating System 4.2
BMC PATROL KM for Microsoft Windows Active Directory 1.6
BMC PATROL KM for Microsoft Windows Active Directory Remote Monitoring
1.7
BMC PATROL KM for Microsoft Windows Domain Services 1.5
BMC PATROL KM for Microsoft Cluster Server 1.7
BMC PATROL Cluster Configuration Wizard 1.5
BMC PATROL KM for Microsoft COM+ 1.3
BMC PATROL KM for Microsoft Message Queue 1.4
BMC PATROL KM for Event Management 2.8
BMC PATROL KM for Log Management 2.5
BMC PATROL Wizard for Microsoft Performance Monitor and WMI 2.1
BMC PATROL Adapter for Microsoft Office 1.1
BMC PATROL Agent 3.7
September 2009
www.bmc.com
Contacting BMC Software

You can access the BMC Software website at http://www.bmc.com. From this website, you can obtain information
about the company, its products, corporate offices, special events, and career opportunities.
United States and Canada

Address
BMC SOFTWARE INC

2101 CITYWEST BLVD
HOUSTON TX 77042-2827
USA
Telephone
713 918 8800 or

800 841 2031
Fax
(01) 713 918 8000
Fax
713 918 8000
Outside United States and Canada

Telephone
(01) 713 918 8800
Copyright 2007, 2009 BMC Software, Inc.

BMC, BMC Software, and the BMC Software logo are the exclusive properties of BMC Software, Inc., are registered with the U.S. Patent
and Trademark Office, and may be registered or pending registration in other countries. All other BMC trademarks, service marks, and
logos may be registered or pending registration in the U.S. or in other countries. All other trademarks or registered trademarks are the
property of their respective owners.
DB2 is the trademark or registered trademark of International Business Machines Corporation in the United States, other countries, or
both.
Oracle is a registered trademark of Oracle Corporation.
UNIX is the registered trademark of The Open Group in the US and other countries.
All other trademarks belong to their respective companies.
BMC Software considers information included in this documentation to be proprietary and confidential. Your use of this information is
subject to the terms and conditions of the applicable End User License Agreement for the product and the proprietary and restricted
rights notices in the product documentation.
Restricted rights legend

U.S. Government Restricted Rights to Computer Software. UNPUBLISHED -- RIGHTS RESERVED UNDER THE COPYRIGHT LAWS OF
THE UNITED STATES. Use, duplication, or disclosure of any data and computer software by the U.S. Government is subject to
restrictions, as applicable, set forth in FAR Section 52.227-14, DFARS 252.227-7013, DFARS 252.227-7014, DFARS 252.227-7015, and
DFARS 252.227-7025, as amended from time to time. Contractor/Manufacturer is BMC SOFTWARE INC, 2101 CITYWEST BLVD,
HOUSTON TX 77042-2827, USA. Any contract notices should be sent to this address.
Customer support
You can obtain technical support by using the BMC Software Customer Support website or by contacting Customer
Support by telephone or e-mail. To expedite your inquiry, see Before contacting BMC.
Support website
You can obtain technical support from BMC 24 hours a day, 7 days a week at http://www.bmc.com/support. From this
website, you can
read overviews about support services and programs that BMC offers
find the most current information about BMC products
search a database for issues similar to yours and possible solutions
order or download product documentation
download products and maintenance
report an issue or ask a question
subscribe to receive proactive e-mail alerts when new product notices are released
find worldwide BMC support center locations and contact information, including e-mail addresses, fax numbers, and
telephone numbers
Support by telephone or e-mail

In the United States and Canada, if you need technical support and do not have access to the web, call 800 537 1813 or
send an e-mail message to customer_support@bmc.com. (In the subject line, enter SupID:<yourSupportContractID>,
such as SupID:12345). Outside the United States and Canada, contact your local support center for assistance.
Before contacting BMC

Have the following information available so that Customer Support can begin working on your issue immediately:
product information
product name
product version (release number)
license number and password (trial or permanent)
operating system and environment information
machine type
operating system type, version, and service pack or other maintenance level such as PUT or PTF
system hardware configuration
serial numbers
related software (database, application, and communication) including type, version, and service pack or
maintenance level
sequence of events leading to the issue
commands and options that you used
messages received (and the time and date that you received them)
product error messages

messages from the operating system, such as file system full
messages from related software
License key and password information

If you have questions about your license key or password, contact BMC as follows:
(USA or Canada) Contact the Order Services Password Team at 800 841 2031, or send an e-mail message to
ContractsPasswordAdministration@bmc.com.
(Europe, the Middle East, and Africa) Fax your questions to EMEA Contracts Administration at +31 20 354 8702, or send
an e-mail message to password@bmc.com.
(Asia-Pacific) Contact your BMC sales representative or your local BMC office.
BMC PATROL for Microsoft Windows Servers Getting Started
Contents
Chapter 1
Product components and capabilities
17
PATROL for Windows Servers features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Centralized event filtering and notification. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Ability to deploy configuration settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Built-in recovery actions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Predefined rulesets for common server types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Product components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PATROL KM for Microsoft Windows Operating System . . . . . . . . . . . . . . . . . . . .
PATROL KM for Microsoft Windows Active Directory . . . . . . . . . . . . . . . . . . . . .
PATROL KM for Microsoft Windows Active Directory Remote Monitoring . . .
PATROL KM for Microsoft Windows Domain Services . . . . . . . . . . . . . . . . . . . . .
PATROL KM for Microsoft Cluster Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PATROL Cluster Configuration Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PATROL KM for Microsoft Message Queue (MSMQ). . . . . . . . . . . . . . . . . . . . . . .
PATROL KM for Microsoft COM+. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PATROL KM for Log Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PATROL KM for Event Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PATROL Wizard for Microsoft Performance Monitor and WMI. . . . . . . . . . . . . .
PATROL History Loader KM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PATROL Adapter for Microsoft Office . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PATROL Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Related documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Where to go from here. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
18
18
18
19
19
20
21
22
28
30
30
31
31
31
32
34
34
35
35
35
35
36
37
Chapter 2
Installing and migrating PATROL for Windows Servers
39
Installation overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Verifying installation requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
System requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Additional component-specific requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Virtual machine support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Preparing for installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Turning off pop-up blocking software before installing . . . . . . . . . . . . . . . . . . . . .
Unsupported platform option in the installation utility user interface. . . . . . . . .
Extraneous target platform options available in the installation utility user
interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Checking for product patches or fixes before installing . . . . . . . . . . . . . . . . . . . . .
Determining how to install products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
40
41
41
42
46
51
52
52
52
Contents
53
53
53
5
Determining the version of the installation utility . . . . . . . . . . . . . . . . . . . . . . . . . . 54

Determining where to install the PATROL Agent . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Installing the PATROL Agent over an existing installation . . . . . . . . . . . . . . . . . . 54
Extracting installation files after download . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Determining where to install KMs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
PATROL Security levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Checking security levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Assessing and implementing a different security level . . . . . . . . . . . . . . . . . . . . . . 57
Default and custom installation types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
First-time installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Installing for the first time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
First-time installation using Distribution Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Distribution Server features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Importing a CD or customized installation package into Distribution Server . . . 64
Installing with the Distribution Server (overview) . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Upgrading from an earlier version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Automatic migration of console and agent customizations . . . . . . . . . . . . . . . . . . 66
Determining whether you can migrate KM customizations . . . . . . . . . . . . . . . . . . 66
Conditions for upgrading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Determining the location of PATROL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
PATROL for Windows Servers upgrade scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Upgrading without saving KM customizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Upgrading and preserving KM customizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Preparing to upgrade. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Migrating customizations with the PATROL Configuration Manager . . . . . . . . . 72
Creating an installation package of the migrated and merged KM . . . . . . . . . . . . 72
Moving files from the PATROL_CACHE directories. . . . . . . . . . . . . . . . . . . . . . . . 73
Migrating customizations manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Installing PATROL KM for Microsoft Cluster Server . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
External cluster-level agent architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Internal cluster-level agent architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
How to Install the PATROL KM for Microsoft Cluster Server . . . . . . . . . . . . . . . . 78
Considerations for using online Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Browser version required for viewing PATROL Console for UNIX Help . . . . . . 80
Additional considerations for using online Help for UNIX . . . . . . . . . . . . . . . . . . 80
Uninstalling PATROL for Windows Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Uninstalling PATROL for Windows Servers on Windows . . . . . . . . . . . . . . . . . . . 83
Where to go from here . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Chapter 3
Loading and configuring PATROL for Microsoft Windows Servers
89
Preparing to use PATROL for Windows Servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

Loading and preloading KMs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Loading the PATROL for Microsoft Windows Servers KMs . . . . . . . . . . . . . . . . . 93
Preloading KMs on the PATROL Agent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Requirements for configuring from the PATROL Console . . . . . . . . . . . . . . . . . . . 99
Configuring the PATROL KM for Microsoft Windows OS . . . . . . . . . . . . . . . . . . . . . 103
Enabling and disabling system monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Configuring Windows events monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
6
Configuring service monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

Configuring process monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Creating custom parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Viewing event logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Configuring Blue Screen monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Notifying when disks are not present . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Providing nonaggregate values for a drive instance . . . . . . . . . . . . . . . . . . . . . . . 128
Configuring recovery actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
About recovery actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
Built-in native recovery actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Configuring built-in native recovery actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Configuring e-mail notification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Using notification scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Defining notification servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Assigning notification servers for the remote agents. . . . . . . . . . . . . . . . . . . . . . . 140
Assigning notification targets for a PATROL alert. . . . . . . . . . . . . . . . . . . . . . . . . 142
Configuring the PATROL KM for Microsoft Active Directory . . . . . . . . . . . . . . . . . . 143
Configuring PATROL Wizard for Microsoft Performance Monitor and WMI . . . . 144
Loading the PATROL Wizard for Microsoft Performance Monitor and WMI . 144
Creating performance monitor parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Setting alarm thresholds. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
Creating WMI parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
Configuring the PATROL KM for Log Management . . . . . . . . . . . . . . . . . . . . . . . . . . 149
Stop and start monitoring all default log files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
Stop monitoring a log file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
Start monitoring a log file. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Change the setup of a monitored file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Filter log file messages (create a search string) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Generate a custom event when a search string is identified . . . . . . . . . . . . . . . . . 162
Configure recovery actions for a log file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
Configuring the PATROL KM for Microsoft Cluster Server . . . . . . . . . . . . . . . . . . . . 167
Using the PATROL Adapter for Microsoft Office to view reports . . . . . . . . . . . . . . . 169
Displaying PATROL data by using the PATROL Adapter for Microsoft Office 169
How to use the PATROL Adapter for Microsoft Office . . . . . . . . . . . . . . . . . . . . 170
Built-in report templates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
Removing KMs from your console and agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
Unloading KMs from a PATROL console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
Stopping preloaded KMs from running on the PATROL Agent . . . . . . . . . . . . . 176
Chapter 4
Using the PATROL Cluster Configuration Wizard
177
Using the PATROL Cluster Configuration Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . .

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Preparing to use the PCC Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Access requirements for running the PCC Wizard . . . . . . . . . . . . . . . . . . . . . . . .
Starting the PCC Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
How to use the PCC Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Post-PCC configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Manually configuring the PATROL Agent for clustering . . . . . . . . . . . . . . . . . . . . . .
Install the application on each cluster node . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents
178
178
179
179
179
180
185
185
185
7
Install the PATROL Agent on each cluster node. . . . . . . . . . . . . . . . . . . . . . . . . . . 186

Assign a unique port number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
Distribute license file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
Define the PATROL cluster-specific environment variables. . . . . . . . . . . . . . . . . 186
Create and register a new service for the PATROL Agent . . . . . . . . . . . . . . . . . . 187
Define the PATROL Agent as a member of the group . . . . . . . . . . . . . . . . . . . . . . 188
PATROL cluster-specific environment variables for history and configuration . . . 191
Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
Operation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
Unattended configuration of Cluster Configuration Wizard . . . . . . . . . . . . . . . . . . . 193
Chapter 5
Using the PATROL KM for Microsoft Windows Active Directory Remote

Monitoring
195
Using the PATROL KM for MS Windows Active Directory Remote Monitoring . . 196
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
Application classes, menu commands, InfoBox items, and parameters . . . . . . . 196
Chapter 6
Troubleshooting PATROL for Microsoft Windows Servers
201
PATROL KM for Microsoft Windows OS problems . . . . . . . . . . . . . . . . . . . . . . . . . . . 202

Process or job object data not displayed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
PATROL Generates Event 560 and 562 in the Windows security event log . . . . 203
Event filter parameters not automatically acknowledged . . . . . . . . . . . . . . . . . . . 203
Newly installed protocols are not discovered . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
Event log summary instance cannot be removed . . . . . . . . . . . . . . . . . . . . . . . . . . 204
Windows event log does not work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
Multiple processes are selected when you select a single process . . . . . . . . . . . . 205
PatrolAgent has DiscoveryStatus parameter in alarm . . . . . . . . . . . . . . . . . . . . . . 205
PATROL KM for Event Management problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
Too many e-mail alerts are being generated . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
Parameters settings lost after agent restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
PATROL KM for Event Management not working as expected. . . . . . . . . . . . . . 208
AS_AVAILABILITY application not displayed. . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
Problems with all other KMs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
Cannot add performance monitor counters with alarm ranges less than 1 . . . . 209
AdPerfCollector parameter display error message. . . . . . . . . . . . . . . . . . . . . . . . . 210
Recovery action problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
Recovery actions do not execute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
Even though I select Do not ask me again PATROL prompts before running
recovery action. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
Gathering diagnostic information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
Locations where you can find diagnostic information. . . . . . . . . . . . . . . . . . . . . . 212
Installation logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
Determining PATROL KM version number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
Appendix A
Accessing menu commands, InfoBoxes, and online Help
215
Accessing KM commands and InfoBoxes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216
Accessing online Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217

Appendix B
Agent configuration variables and rulesets
219
Managing configuration variables. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

PATROL for Windows Servers configuration variables . . . . . . . . . . . . . . . . . . . . . . .
PATROL KM for Microsoft Windows OS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PATROL KM for Microsoft Windows Domain Services . . . . . . . . . . . . . . . . . . . .
PATROL KM for Microsoft Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PATROL KM for Microsoft Cluster Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PATROL KM for Microsoft Windows Message Queue. . . . . . . . . . . . . . . . . . . . .
PATROL KM for Microsoft COM+. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PATROL Wizard for Microsoft Performance Monitor and WMI. . . . . . . . . . . . .
PATROL for Microsoft Windows Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PATROL for Microsoft Windows Servers rulesets . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PATROL KM for Event Management required . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using PATROL Configuration Manager to apply rulesets . . . . . . . . . . . . . . . . . .
Server roles with predefined rulesets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Ruleset reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using PATROL Configuration Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using PCM to apply configurations changes to other agents. . . . . . . . . . . . . . . .
Manually creating or changing configuration variables . . . . . . . . . . . . . . . . . . . .
220
220
220
236
239
242
248
249
250
251
252
252
252
253
255
265
265
266
Appendix C
277
PATROL for Windows .kml files
PATROL for Microsoft Windows Servers .kml files . . . . . . . . . . . . . . . . . . . . . . . . . . .

PATROL KM for Microsoft Windows Active Directory . . . . . . . . . . . . . . . . . . . .
PATROL KM for Microsoft Windows Active Directory Remote Monitoring . .
PATROL KM for Microsoft Message Queue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PATROL KM for Log Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PATROL History Loader KM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PATROL KM for Event Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PATROL for Microsoft Windows Servers rulesets. . . . . . . . . . . . . . . . . . . . . . . . .
278
278
282
283
283
284
284
285
285
286
286
286
287
Index
291
Contents
10
Figures
Upgrading overview for PATROL for Windows Servers . . . . . . . . . . . . . . . . . . . . . . . 69
PATROL KM for Microsoft Cluster Server with external CLA configuration . . . . . . 77
PATROL KM for Microsoft Cluster Server with internal CLA configuration . . . . . . 77
Shipped rulesets in PATROL Configuration Manager . . . . . . . . . . . . . . . . . . . . . . . . 255
Using the child_list and variable_list variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267
Figures
11
12
Tables
Monitored events - DNS name registration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Core Active Directory service monitored events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
File replication service/group policy monitored events . . . . . . . . . . . . . . . . . . . . . . . . 27
Time synchronization service monitored events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Kerberos monitored events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Netlogon monitored events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
PATROL for Microsoft Windows Servers Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
System requirements for installing and using PATROL for Windows Servers . . . . 41
Advanced user rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Removing rights and admin group membership from the PATROL Agent . . . . . . . 48
Versions that you can migrate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Choosing an upgrade procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Default values for PATROL location variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
KM file naming patterns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Monitoring configuration options for PATROL KM for Microsoft Cluster Server . . 76
PATROL for Microsoft Windows Servers .kml files . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Console functionality that requires local admin rights . . . . . . . . . . . . . . . . . . . . . . . . . 99
PATROL KM for Microsoft Windows OS configuration tasks . . . . . . . . . . . . . . . . . 104
Enabling and disabling system monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Event filter events:example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
Event filter options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
Default service monitoring flags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Service monitoring options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Configuration variable and service restart: combinations . . . . . . . . . . . . . . . . . . . . . 119
Process monitoring options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Regular expression syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Process control options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Event details displayed in the Windows Event Viewer dialog box . . . . . . . . . . . . . 126
Built-in recovery actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Selecting a recovery action instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Recovery action configuration options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Notification script location on Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Requirements for notification server when using Windows e-mail clients . . . . . . . 135
Quick Config - Notification Server dialog box properties . . . . . . . . . . . . . . . . . . . . . 139
Notification server properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
PATROL Wizard for Microsoft Performance Monitor and WMI Tasks . . . . . . . . . 144
Reports for PATROL KM for Microsoft Windows OS . . . . . . . . . . . . . . . . . . . . . . . . 170
Reports for PATROL KM for Microsoft Windows Domain Services . . . . . . . . . . . . 171
Reports for PATROL KM for Microsoft Message Queue . . . . . . . . . . . . . . . . . . . . . . 172
Reports for PATROL for Microsoft COM+ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
Tables
13
Information required by PCC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180

Cluster administration properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
PATROL cluster-specific environment variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
Operation of configuration and history environment variables . . . . . . . . . . . . . . . . . 192
Accessing KM Commands and InfoBoxes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216
PATROL KM for Microsoft Windows OS variables . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
PATROL KM for Windows Domain Services variables . . . . . . . . . . . . . . . . . . . . . . . 236
PATROL KM for Microsoft Active Directory variables . . . . . . . . . . . . . . . . . . . . . . . . 239
PATROL KM for Microsoft Cluster Server variables . . . . . . . . . . . . . . . . . . . . . . . . . . 242
PATROL KM for Windows Message Queue variables . . . . . . . . . . . . . . . . . . . . . . . . 248
PATROL KM for Windows COM+ variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249
PATROL Wizard for Performance Monitor and WMI variables . . . . . . . . . . . . . . . . 250
PATROL for Microsoft Windows Servers variables . . . . . . . . . . . . . . . . . . . . . . . . . . 251
Server roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
Configuration variable locations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
Application server ruleset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256
Terminal server ruleset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
Remote access / VPN server ruleset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
Print server ruleset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
Domain controller ruleset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
File server ruleset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260
Mail server ruleset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260
DNS server ruleset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
WINS server ruleset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
DHCP server ruleset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262
Streaming media server ruleset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262
SMS primary site ruleset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
SMS site ruleset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264
Special characters required for pconfig variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266
Example: adding a service to monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
Example: adding a process to monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270
Example: adding an event filter to monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
Example: changing parameter thresholds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
Understanding the THRESHOLDS rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
Example: Inactivating or deactivating a parameter . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
PATROL KM for Microsoft Windows OS NT_LOAD.kml file . . . . . . . . . . . . . . . . . . 278
PATROL KM for Microsoft Windows OS NT_BASE.kml file . . . . . . . . . . . . . . . . . . 280
PATROL KM for Microsoft Windows OS NT_HYPER-V.kml file . . . . . . . . . . . . . . . 282
PATROL KM for Microsoft Windows Active Directory .kml file . . . . . . . . . . . . . . . 282
PATROL KM for Microsoft Windows Active Directory Remote Monitoring .kml file
283
PATROL KM for Microsoft Windows Domain Services .kml file . . . . . . . . . . . . . . . 283
PATROL KM for Microsoft Cluster Server .kml file . . . . . . . . . . . . . . . . . . . . . . . . . . 284
PATROL KM for Microsoft COM+ .kml file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284
PATROL KM for Microsoft Message Queue .kml file . . . . . . . . . . . . . . . . . . . . . . . . . 285
PATROL Wizard for Microsoft Performance Monitor and WMI .kml file . . . . . . . . 285
PATROL KM for Log Management .kml file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286
PATROL History Loader KM .kml file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286
14
PATROL KM for Event Management .kml files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286

PATROL for Windows Ruleset .kml files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287
Tables
15
16
Chapter
Product components and capabilities

BMC PATROL for Microsoft Windows Servers Getting Started provides the necessary
information and instructions for installing and configuring the PATROL for
Microsoft Windows Servers product (also referred to as PATROL for Windows
Servers). This chapter provides a brief overview of PATROL for Windows Servers
and covers the following topics:
PATROL for Windows Servers features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Centralized event filtering and notification. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Ability to deploy configuration settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Built-in recovery actions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Predefined rulesets for common server types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Product components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PATROL KM for Microsoft Windows Operating System . . . . . . . . . . . . . . . . . . . .
PATROL KM for Microsoft Windows Active Directory . . . . . . . . . . . . . . . . . . . . .
PATROL KM for Microsoft Windows Active Directory Remote Monitoring . . .
PATROL KM for Microsoft Windows Domain Services . . . . . . . . . . . . . . . . . . . . .
PATROL KM for Microsoft Cluster Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PATROL Cluster Configuration Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PATROL KM for Microsoft Message Queue (MSMQ). . . . . . . . . . . . . . . . . . . . . . .
PATROL KM for Microsoft COM+. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PATROL KM for Log Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PATROL KM for Event Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PATROL Wizard for Microsoft Performance Monitor and WMI. . . . . . . . . . . . . .
PATROL History Loader KM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PATROL Adapter for Microsoft Office . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PATROL Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Related documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Where to go from here. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Chapter 1 Product components and capabilities
18
18
18
19
19
20
21
22
28
30
30
31
31
31
32
34
34
35
35
35
35
36
37
17
PATROL for Windows Servers features

The PATROL for Windows Servers product allows you to monitor and manage
Microsoft Windows servers. The versions of Microsoft Windows servers that are
monitored depend upon the version of the PATROL for Microsoft Windows Servers
that you are using. For a complete list of supported platforms and versions, see the
PATROL for Microsoft Windows Servers Release Notes.
Centralized event filtering and notification

With PATROL, you can centralize and correlate events. This ability enables you to
use paging and e-mail to bring issues to the experts' attention for quick resolution.
For more information, see Configuring e-mail notification on page 133.
Ability to deploy configuration settings

PATROL for Microsoft Windows Servers supports the PATROL Configuration
Manager, which allows you to configure and deploy KM configuration settings to
other servers in your environment. To support the PATROL Configuration Manager,
all PATROL for Microsoft Windows Servers configuration settings are stored as agent
configuration variables. For a complete list of the agent configuration variables for
PATROL for Microsoft Windows Servers, see Appendix B, Managing configuration
variables.
18
Built-in recovery actions

PATROL for Microsoft Windows Servers provides the following automated, built-in
recovery actions. Recovery actions are corrective actions taken by PATROL when a
parameter reaches a set value. You can configure these recovery actions to run
automatically or only with operator intervention.
terminating a run-away process

clearing the temp directory
backing-up and clearing event logs
restarting processes
restarting failed services
increasing available DFS connections when utilization is high
increasing share connections when utilization is high
initiating WINS scavenging when replication fails
restarting the Windows Management Instrumentation (WINMGMT.exe) service to
ensure that WMI data is available
restarting a PATROL Agent on a remote server
For more information about specific recovery actions, see the online Help, which you
can access from the PATROL console, or see Configuring recovery actions on
page 128.
Predefined rulesets for common server types

PATROL for Microsoft Windows Servers provides rulesets that provide appropriate
monitoring setups for common server types, such as a file server or an application
server. Using the PATROL Configuration Manager, you can automatically configure
the server monitoring by applying these provided rulesets to the appropriate server.
If necessary, you can then adjust your configuration and save it in the ruleset, which
you can then apply to other servers. For more information about the rulesets and
using the PATROL Configuration Manager to manage your configuration, see Using
PATROL Configuration Manager to apply rulesets on page 252.
19
Product components
Product components
The PATROL for Windows Servers product includes components and Knowledge
Modules (KMs) that manage and monitor elements of your server environment. A
KM is a set of instructions that the PATROL Agent uses to monitor objects in your
enterprise. PATROL for Windows Servers includes the following components and
KMs, which are described in the sections that follow.
20
PATROL KM for Microsoft Windows Operating System

PATROL KM for Microsoft Windows Active Directory
PATROL KM for Microsoft Windows Active Directory Remote Monitoring
PATROL KM for Microsoft Windows Domain Services
PATROL Cluster Configuration Wizard
PATROL KM for Microsoft Cluster Server
PATROL KM for Microsoft COM+
PATROL KM for Microsoft Message Queue
PATROL KM for Event Management
PATROL KM for Log Management
PATROL Wizard for Microsoft Performance Monitor and WMI
PATROL Adapter for Microsoft Office
PATROL Agent
PATROL History Loader KM
Product components

The PATROL KM for Microsoft Windows OS monitors the availability of your
servers, which includes the following elements:
disk space
disk drive usage
disk quotas and mount points
cache
CPU usage
memory usage
Windows event logs
Windows services
Window processes
printer status
registry values
network usage
hypervisor
logical processors
partitions
virtual processors
virtual hard disks
With the PATROL KM for Microsoft Windows OS you can also perform the following
functions:
monitor and manage services

monitor system Stop errors and manage dump files
create custom composite parameters that are based on existing parameters
For information about configuring these features, see Configuring the PATROL KM
for Microsoft Windows OS on page 103.
21
Product components

The PATROL Knowledge Module for Microsoft Windows Active Directory lets you
monitor and analyze your Microsoft Windows Active Directory environments.
Whether you choose to monitor and analyze one environment or many, PATROL KM
for Microsoft Windows Active Directory helps you
detect and notify if Microsoft Windows Active Directory generates errors or

performs slowly
monitor performance of system resources
plan for capacity and availability
monitor all domain controllers within a site
monitor all domain controllers between sites
anticipate and eliminate problems before they become apparent to users of the
monitored Active Directory environments
For a brief description of product features, see the sections that follow. For more
detailed information about how to use the product and complete descriptions of the
application classes and parameters, see the product online Help.
Managed systems
PATROL KM for Microsoft Windows Active Directory monitors the performance of
managed systems in a Microsoft Windows Active Directory environment. A PATROL
KM for Microsoft Windows Active Directory managed system is a Windows domain
controller onto which PATROL for Windows Servers has been installed.
A managed system provides a view of its Microsoft Windows Active Directory
environment. Each managed system is responsible for monitoring Microsoft
Windows Active Directorys key indicators that are required to ensure and maintain
the consistency of the Directory data and the desired level of service throughout the
Microsoft Windows Active Directory forest.
Replication monitoring
PATROL KM for Microsoft Windows Active Directory monitors the Microsoft
Windows Active Directory replication for errors and latency (to verify that replication
occurs within a reasonable time), both within a site (intrasite) and between sites
(intersite) in the configuration naming context and/or the domain context of the
current domain controller.
Directory replication is monitored at each managed system (domain controller). This
functionality includes monitoring basic replication by creating synthetic transactions
and verifying the replication of those transactions.
22
Product components
Intrasite replication monitoring

PATROL KM for Microsoft Windows Active Directory monitors the replication status
of the domain controller upon which it is installed. It determines whether updates
from each domain controller within the site have been replicated successfully and in a
timely manner.
Intersite replication monitoring

Intersite replication monitoring verifies that Microsoft Windows Active Directory
updates are successfully distributed between sites. Each bridgehead server in a site is
checked to determine if Microsoft Windows Active Directory updates from other
sites have been successfully replicated to the bridgehead server. The intersite
replication interval is automatically determined at each collection; it requires no
configuration. However, if desired, you can override the automatic replication
interval determination, on a site-by-site basis, by configuring the configuration
database (pconfig) variable,
/ActiveDirectory/Configuration/<site>/IntersiteReplicationSchedule. See the online Help
for more information.
Replication collisions monitoring

PATROL KM for Microsoft Windows Active Directory enables users to configure the
Active Directory object types that should be monitored for replication collisions. The
AD_AD_CNF application class monitors replication collisions that occur during
replication when an object with the same Relative Distinguished name is created in
the same container on two or more different domain controllers.
Replication health monitoring

Active Directory replication for the local server. The AD_AD_REPLICATION
application class monitors this activity.
FSMO monitoring
PATROL KM for Microsoft Windows Active Directory monitors the availability of
the forest-wide and domain-wide flexible single master operations (FSMO) roles.
23
Product components
FSMO role connectivity monitoring

PATROL KM for Microsoft Windows Active Directory monitors the connectivity
status of each of the five FSMO role holders from a domain controller. The
AD_AD_FSMO_ROLE_CONNECTIVITY application class monitors the domain
controllers ability to locate and establish an LDAP connection with the FSMO role
holder.
FSMO role placement monitoring

PATROL KM for Microsoft Windows Active Directory monitors the placement of
Active Directory FSMO roles in the domain and forest. The
AD_AD_FSMO_ROLE_PLACEMENT application class monitors the placement of
these roles.
LDAP monitoring
PATROL KM for Microsoft Windows Active Directory monitors Lightweight
Directory Access Protocol (LDAP) locally at each monitored system for connection
availability and response time. The AD_AD_LDAP application class monitors the
performance of these LDAP requests.
SAM monitoring
PATROL KM for Microsoft Windows Active Directory monitors the Security Account
Manager (SAM). SAM provides legacy NT authentication support. The
AD_AD_SAM application class monitors these security requests.
Address book monitoring

Address Book requests made against the Microsoft Windows Active Directory server.
The AD_AD_ADDRESS_BOOK application class monitors these requests.
Authentication monitoring
PATROL KM for Microsoft Windows Active Directory monitors Kerberos and NTLM
authentication requests made against the Microsoft Windows Active Directory
server. The AD_AD_AUTHENTICATION application class monitors these requests.
24
Product components
Domain Naming Service monitoring

PATROL KM for Microsoft Windows Active Directory verifies and monitors various
DNS record data for the Microsoft Windows Active Directory server. The
AD_AD_DNS application class monitors the DNS specific information.
File Replication Service monitoring

PATROL KM for Microsoft Windows Active Directory monitors various aspects of
file replication service health. The AD_AD_FRS application class monitors the FRS
specific information.
Group policy monitoring

PATROL KM for Microsoft Windows Active Directory detects when a user account in
one or more Group Policy Objects (GPO) cannot be resolved to a security identifier
(SID). The AD_AD_GPO application class reports this condition.
Lost and found objects monitoring

PATROL KM for Microsoft Windows Active Directory monitors for the presence of
objects in the LostAndFound container in the domain naming context of the domain
controller. The AD_AD_LOST_AND_FOUND_OBJECTS application class monitors
for lost and found objects.
Event monitoring
To measure the overall health of the domain controllers, PATROL KM for Microsoft
Windows Active Directory configures the PATROL KM for Microsoft Windows OS to
monitor various events pertaining to
DNS name registration

Core Active Directory service
File replication service and group policy
Time synchronization service
Kerberos
Netlogon
Events monitored by parameters

Some parameters now monitor specific Active Directory events. See the Help for the
PATROL KM for Window Active Directory for information about these parameters.
25
Product components
Events monitored for specific areas of failure

The following tables contain event information that is classified by specific areas of
failure.

To identify failures with the DNS name registration, PATROL KM for Windows
Active Directory configures PATROL KM for Microsoft Windows OS to obtain event
information, as shown in Table 1.
Table 1
Monitored events - DNS name registration
Event Log Source
Event
Significance
System
DNSAPI
11154, 11166 domain controller does not have rights to perform

a secure dynamic update.
System
DNSAPI
11150, 11162 DNS server timed out
System
DNSAPI
11152, 11153, Zone or currently-connected DNS server does not

11164, 11165 support dynamic update.
System
DNSAPI
11151,11155, A resource record for the domain controller is not

11163, 11167 registered in DNS.
System
NETLOGON
5773
DNS locator record is not registered because the

primary DNS server does not support dynamic
update.
System
NETLOGON
5774
A DNS domain controller locator record is not

registered.
Core Active Directory service

To identify failures with the core Active Directory service, PATROL KM for Microsoft
Windows Active Directory configures PATROL KM for Microsoft Windows OS to
obtain event information, as shown in Table 2.
Table 2
Core Active Directory service monitored events
Event Log
Source
Event
Significance
Directory
Service
all sources
Severity =
error
primary error events for Active Directory
System
LSASS
Severity =
error
Local security authority is the core security

subsystem for Active Directory.
File replication service and group policy

To identify failures with the file replication service and group policy, PATROL KM
for Microsoft Windows Active Directory configures PATROL KM for Microsoft
Windows OS to obtain event information, as shown in Table 3.
26
Product components
Table 3
File replication service/group policy monitored events
Event log
Source
Event
Significance
FRS
all sources
Severity =
error
synchronizes policy between all domain

controllers in the forest
Application
USERENV
Severity =
error
applies group policy and profiles on domain

controllers
User =
System
Application
SCECLI
Severity =
error
Security Configuration Engine error messages
Time synchronization service

To identify events that may indicate problems maintaining uniform time in the
Active Directory forest, PATROL KM for Microsoft Windows Active Directory
monitors the events shown in Table 4.
Table 4
Time synchronization service monitored events
Event log
Source
Event
Significance
System
W32TIME
Severity =
error
problem maintaining uniform time throughout

the Microsoft Windows Active Directory forest
Severity =
warning
Kerberos
To identify events that many indicate problems with Kerberos, the default
authentication protocol, PATROL KM for Microsoft Windows Active Directory
monitors the event shown in Table 5
Table 5
Kerberos monitored events
Event Log
Source
Event
Significance
System
KDC
Severity =
error
critical Kerberos Distribution Center service

error messages
Net Logon
To identify events that may indicate problems with Net Logon service and protocol,
which is required for proper domain controller functionality, PATROL KM for
Microsoft Windows Active Directory monitors the events shown in Table 6 on
page 28.
27
Product components
Table 6
Netlogon monitored events
Event log
Source
Event
System
NETLOGON Severity =
error 5705,
5723
Significance
critical NETLOGON service errors
PATROL KM for Microsoft Windows Active Directory Remote

Monitoring
The PATROL Knowledge Module (KM) for Microsoft Windows Active Directory
Remote Monitoring product provides remote enterprise monitoring of Active
Directory objects. The Active Directory is the core feature of distributed systems in
Microsoft Windows Servers.
The primary focus of PATROL KM for Microsoft Windows AD Remote Monitoring is
to monitor remote sites, domain controllers in those sites, and FSMO roles from
member servers of a domain in the network.
FSMO monitoring
PATROL KM for Microsoft Windows AD Remote Monitoring monitors both the
forest-wide and domain-wide Flexible Single Master Operation (FSMO) roles.
Active Directory supports multi-master replication of the directory data between all
domain controllers in the domain. This model takes domain configuration changes
made at any domain controller in the domain and automatically propagates those
changes to each of the domain controllers in the domain.
However some changes do not lend themselves to a multi-master environment. One
domain controller, the operations master, accepts requests for such changes. The
operations master roles can be moved between domain controllers within the domain
and are referred to as Flexible Single Master Operation (FSMO) roles. In any Active
Directory forest, there are five FSMO roles that are assigned to one or more domain
controller. Some FSMO roles must appear in every forest, while other roles must
appear in every domain within the forest.
The following operations master roles must appear in every forest:
28
schema master
domain naming master
Product components
The following operations master roles must appear in every domain:
relative ID master
infrastructure master
primary domain controller (PDC) emulator
NOTE
Domain controllers and the client must be able to locate and establish an LDAP connection
with the FSMO role holders.
LDAP monitoring
Lightweight Directory Access Protocol (LDAP) is monitored locally at the managed
node. LDAP response time is measured as the amount of time required to establish an
LDAP connection to a domain controller. Longer connect times may indicate a
heavily loaded domain controller. To eliminate network latency, response time for
performing an LDAP bind operation is measured on the domain controller being
tested.

This product monitors the Domain Name System (DNS) for the following records:
A DNS address record (A record) that matches the IP address of the domain
controller and is registered with the DNS server.
A DNS LDAP service location (SRV) record that matches the host name of the
domain controller and is registered with the DNS server.
To obtain information about this record, the KM sends the following query to the
default DNS server: _ldap._tcp.dc._msdcs.fullyQualifiedDomainName.
A global catalog LDAP SRV record that matches the host name of the global
catalog for the domain controller and is registered with the domain controller.
To obtain information about this record, the KM sends the following query to the
default DNS server: _ldap._tcp.dc._msdcs.fullyQualifiedForestRootDomainName.
Sites and domain controller

This product monitors sites and domain controllers from a member server machine of
the domain in which it resides. It monitors all the sites of the domain or any specific
site in the global catalog for the site. It also monitors values of site domain controllers.
The domain controller monitoring checks the connectivity and the response time to
the server using LDAP bind.
29
Product components

The PATROL KM for Microsoft Windows Domain Services monitors the availability
of the following Microsoft Windows domain controller resources:
domain controllers
member servers
PATROL KM for Microsoft Windows Domain Services monitors:
Distributed File System (DFS)

Dynamic Host Configuration Protocol (DHCP) service availability and lease usage
Domain Name Service (DNS)
remote server connectivity
replicated directories
shared directories
trust relationships
Windows Internet Naming Service (WINS)
For instructions on how to monitor these features, see the PATROL KM for Microsoft
Windows Domain Services online Help system.

The PATROL KM for Microsoft Cluster Server component monitors, analyzes, and
manages activities of a Microsoft server cluster. The PATROL KM for Microsoft
Cluster Server allows you to obtain the current status of all essential cluster objects
and perform cluster operations using a cluster-level agent that is installed on a server
that is outside of the cluster or on a node that is inside of the cluster. Using the
PATROL KM for Microsoft Cluster Server, you can monitor the following cluster
features:
30
all clusters in a domain (only available when the agent is outside of the cluster)
individual clusters
cluster communication networks
cluster network interfaces
cluster nodes
cluster objects and resources
cluster groups
workload data
group resources
quorum device
Product components
For more information about specific functionality that supports these features see the
PATROL KM for Microsoft Cluster Server online Help.
PATROL Cluster Configuration Wizard

The PATROL Cluster Configuration Wizard provides an easy-to-use interface with
which you can configure the PATROL Agent for failover in a Microsoft Cluster Server
environment. While guiding you through the process, the wizard collects the
required configuration data and updates the system environment to integrate the
PATROL Agent into the cluster.
Configuring the PATROL Agent for failover support allows you to record history
data for a clustered application in the same history database. This feature prevents
you from having to reconcile the two different history files that are normally created
when an application is failed-over from one node to another. For more information,
see How to use the PCC Wizard on page 180.
PATROL KM for Microsoft Message Queue (MSMQ)

The PATROL KM for Microsoft Message Queue monitors message activity and
status, which includes monitoring of
MSMQ service
MSMQ queues
MSMQ messages
MSMQ roundtrip message time
For instructions on how to monitor these features, see the PATROL KM for Microsoft
Message Queue KM online Help system.

The PATROL KM for Microsoft COM+ provides functionality to monitor Microsoft
COM+ (COM+) on a Windows Server.
31
Product components
The PATROL KM for Microsoft COM+ product monitors and manages the following
functions for Windows servers:
monitors the COM+ run-time environment

monitors the status of COM+ applications
manages the MS DTC service by providing the ability to start or stop the service
monitors Windows COM+ log events
monitors Windows log events related to the Microsoft Distributed Transaction
Coordinator (MS DTC) service and monitors the MSDTC service status
For instructions on how to use these features, see the PATROL KM for Microsoft
COM+ KM online Help system.

The PATROL KM for Log Management monitors text, script, named pipe, and binary
files in your environment. The KM provides the following monitoring features:
automatically monitors key log files

monitors files that do not currently exist on the system
monitors log files with dynamic names using wild card characters
monitors the size of log files
monitors the growth rate of log files
monitors the content of log files
monitors the state of log files
monitors the age of the log files
monitors log files using numeric comparisons
The PATROL KM for Log Management also provides the following management
features:
32
triggers alerts when a log file exceeds a specified size
triggers alerts when a text string or regular expression is discovered within a log
file
creates automated recovery actions when a log file exceeds an acceptable size or
growth rate
Product components
configures log searches to

ignore subsequent alerts for a specified number of polling cycles if the search
finds a matching string or regular expression in a log file
override an ignored alert if the search finds a matching string or regular
expression more than n times before the ignore setting is completed
specify the number of log scan cycles after which a WARN or ALARM state is
automatically changed to OK
creates robust searches by using NOT and AND statements with the text strings or
regular expressions in the log search
alerts for log file age
sets multiple schedules for multiple polling cycles per log file
disables/enables default log monitoring
You can set up the following predefined recovery actions to execute when monitored
log files exceed a specified size or growth rate.
clear and back up log files

delete files
run in attended and unattended modes
To get started with the PATROL KM for Log Management, see Configuring the
PATROL KM for Log Management on page 149. For detailed instructions, see the
BMC PATROL KM for Log Management User Guide and the PATROL KM for Log
Management online Help system.
33
Product components

PATROL for Windows Servers provides event notification and centralized alert
management features. With the PATROL KM for Event Management, you can
perform the following tasks:
configure notification (email, paging, trouble-ticket, or custom) for PATROL alerts

configure PATROL to send notifications to an enterprise console
configure recovery actions for alarm, warning, and information events
reword notification messages and customize message content
specify the maximum number of events displayed in the console
use wildcards to represent instance names when setting up parameters
configure PATROL to monitor the availability of hosts
manage PATROL parameter thresholds and polling schedules
configure blackout periods for notification and for availability monitoring
integrate with the AlarmPoint notification software using provided scripts
integrate with any command line email client, paging solution, compiled
executable, or script. Sample scripts are provided.
To get started with the PATROL KM for Event Management, see Configuring e-mail
notification on page 133. For more detailed instructions and reference information,
see the PATROL KM for Event Management User Guide.

The PATROL Wizard for Microsoft Performance Monitor and WMI is a powerful but
easy-to-use tool that allows you to create new, user-defined PATROL parameters
based on Microsoft's Performance Monitor counters or Windows Management
Instrumentation (WMI) data. You can also set alarm and warning thresholds for each
parameter you create.
This functionality allows you to monitor performance counters and WMI data that
are not typically monitored by PATROL. For more information, see Configuring
PATROL Wizard for Microsoft Performance Monitor and WMI on page 144, or the
PATROL Wizard for Microsoft Performance Monitor and WMI online Help.
34
Services

The PATROL History Loader KM extracts PATROL KM parameter history and loads
it into your relational database management system (RDBMS). Once PATROL history
data is stored in an RDBMS, you can perform complex analysis and statistical
planning on all monitored activity. For more information, see the PATROL History
Loader Knowledge Module User Guide.

The PATROL Adapter for Microsoft Office component allows you to connect to a
PATROL Agent and gather information without a PATROL Console.
With the PATROL Adapter for Microsoft Office, you can evaluate PATROL data by
using Microsoft Excel. The PATROL Adapter for Microsoft Office collects data from
PATROL parameters on local or remote hosts and displays the data as a Microsoft
Excel chart or graph. You also can create HTML output for Web display.
For more information, see the PATROL Adapter for Microsoft Office User Guide. For a
list of PATROL Adapter for Microsoft Office reports, see Displaying PATROL data
by using the PATROL Adapter for Microsoft Office on page 169.
PATROL Agent
PATROL for Windows Servers includes the PATROL Agent. The PATROL Agent
monitors a system according to the instructions provided by loaded PATROL KMs.
You can display the information gathered by the PATROL Agent on the PATROL
Console. For more information, see the PATROL Agent Reference Manual.
Services
The PATROL for Microsoft Windows Servers product uses the following services:
Table 7
PATROL for Microsoft Windows Servers Services
Service
Component or KM
Installed and Runs by Default?
PatrolAgent
PATROL Agent
yes
The PATROL MCS

Monitor Service
PATROL KM for Microsoft

Cluster Server
no
35
Related documentation
Related documentation
For additional information about PATROL for Windows Servers, see the online Help
for the component of interest and refer to the PATROL for Microsoft Windows
Servers release notes. For information about the PATROL for Windows Servers
parameters, see the product Help or the PATROL Parameter Reference Manual. For
additional information about PATROL, see the following documentation:
Help for your PATROL Console

PATROL Fundamentals Help
To view the complete PATROL documentation library, visit the support page on the
BMC Software Web site at http://www.bmc.com/support. Log on and select a
product to access the related documentation.
To log on if you are a first-time user and have purchased a product, you can request a
permanent user name and password by registering at the Customer Support page. To
log on if you are a first-time user and have not purchased a product, you can request a
temporary user name and password from your BMC Software sales representative.
36
Where to go from here

The following table suggests topics that you should read next:
If you want information about...
See...
how to install the PATROL for Windows Servers

product
Chapter 2, Installing and migrating PATROL for

Windows Servers
how to load and configure the components using a Chapter 3, Loading and configuring PATROL for
PATROL console
Microsoft Windows Servers
troubleshooting configuration problems
Chapter 6, Troubleshooting PATROL for Microsoft

Windows Servers
PATROL for Windows Servers agent configuration Appendix B, Agent configuration variables and
variables and predefined rulesets
rulesets
KMs included in each PATROL for Windows
Servers .KML file
Appendix C, PATROL for Windows .kml files
37
38
Chapter
Installing and migrating PATROL for

Windows Servers
2
This chapter provides the information that you need to install PATROL for Windows
Servers. For additional information about the PATROL installation process, see the
PATROL Installation Reference Manual. The following topics are discussed in this
chapter:
Installation overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Verifying installation requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
System requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Additional component-specific requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Virtual machine support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Preparing for installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Turning off pop-up blocking software before installing . . . . . . . . . . . . . . . . . . . . .
Unsupported platform option in the installation utility user interface. . . . . . . . .
Extraneous target platform options available in the installation utility user
interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Checking for product patches or fixes before installing . . . . . . . . . . . . . . . . . . . . .
Determining how to install products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Determining the version of the installation utility . . . . . . . . . . . . . . . . . . . . . . . . . .
Determining where to install the PATROL Agent . . . . . . . . . . . . . . . . . . . . . . . . . .
Installing the PATROL Agent over an existing installation . . . . . . . . . . . . . . . . . .
Extracting installation files after download. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Determining where to install KMs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PATROL Security levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Checking security levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Assessing and implementing a different security level . . . . . . . . . . . . . . . . . . . . . .
Default and custom installation types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
First-time installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Installing for the first time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
First-time installation using Distribution Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Distribution Server features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Importing a CD or customized installation package into Distribution Server. . .
Installing with the Distribution Server (overview) . . . . . . . . . . . . . . . . . . . . . . . . .
Chapter 2
40
41
41
42
46
51
52
52
52
53
53
53
54
54
54
54
55
56
56
57
57
58
58
63
63
64
65
39
Installation overview
Upgrading from an earlier version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

Automatic migration of console and agent customizations . . . . . . . . . . . . . . . . . . 66
Determining whether you can migrate KM customizations . . . . . . . . . . . . . . . . . . 66
Conditions for upgrading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Determining the location of PATROL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
PATROL for Windows Servers upgrade scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Upgrading without saving KM customizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Upgrading and preserving KM customizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Preparing to upgrade. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Migrating customizations with the PATROL Configuration Manager . . . . . . . . . 72
Creating an installation package of the migrated and merged KM . . . . . . . . . . . . 72
Moving files from the PATROL_CACHE directories. . . . . . . . . . . . . . . . . . . . . . . . 73
Migrating customizations manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Installing PATROL KM for Microsoft Cluster Server . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
External cluster-level agent architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Internal cluster-level agent architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
How to Install the PATROL KM for Microsoft Cluster Server . . . . . . . . . . . . . . . . 78
Considerations for using online Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Browser version required for viewing PATROL Console for UNIX Help . . . . . . 80
Additional considerations for using online Help for UNIX . . . . . . . . . . . . . . . . . . 80
Uninstalling PATROL for Windows Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Uninstalling PATROL for Windows Servers on Windows . . . . . . . . . . . . . . . . . . . 83
Where to go from here . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Installation overview
This chapter contains instructions for installing PATROL for Windows Servers. For
additional installation instructions, see the following documents:
Component
See
PATROL KM for Event Management User Guide
PATROL KM for Log Management User Guide
PATROL History Loader Knowledge Module User

Guide
PATROL Perform Agent for Microsoft Getting Started with PATROL for Microsoft Windows
Windows Servers
Servers Performance
40
Verifying installation requirements

Before installing PATROL for Windows Servers, verify that your environment meets
the following types of requirements:
system requirements
requirements for specific PATROL for Microsoft Windows Servers components
account requirements
System requirements
Verify that the target computer meets the installation requirements listed in Table 8
on page 41. These requirements apply to all PATROL for Windows Servers
components.
Table 8
System requirements for installing and using PATROL for Windows Servers (Part 1 of 2)
Resource
Requirements
Comments
operating
systems
For an updated list of supported operating

systems, see the PATROL for Microsoft Windows
Servers Release Notes.
security levels
All security levels are supported.

For more information about PATROL security,
see PATROL Security levels on page 56.
The PATROL Security Level is set during

the installation of the PATROL
infrastructure components. If your
product contains the PATROL Agent,
you are able to select the security level.
Make sure that the level that you select is
compatible with the rest of your
enterprises PATROL installation.
PATROL
products
For an updated list of supported operating

systems, see the PATROL for Microsoft Windows
Servers Release Notes.
license
You must have a valid demonstration license

(typically good for 30 days) or a permanent
license to run your PATROL products.
If you do not have a permanent license,

contact your BMC Software sales
representative or the BMC Software
Contract Administration department.
ports
(UDP/TCP)
If you are installing an agent or console with

PATROL for Windows Servers, you must
specify the port number to connect to all the
agent computers.
The default port number for agents is

3181.
Chapter 2
The default port number for the

RTServer is 2059.
41
Table 8
System requirements for installing and using PATROL for Windows Servers (Part 2 of 2)
Resource
Requirements
Comments
(UNIX only)
browser to
support online
Help for
PATROL
Console for
UNIX
Use Netscape Navigator version 3.014.78 to use Browser version required for viewing
online Help with PATROL for UNIX.
PATROL Console for UNIX Help on
page 80
browsers
This product uses an installation utility that

requires a browser. For a list of supported
browsers, see the PATROL Installation Reference
Manual.
disk space
151 MB for an agent
needed to install (without components and KMs)
151 MB for a console
(without components and KMs)
242 MB for an agent
(with all solution components and KMs)
116 MB for a console
(with all solution components and KMs)
Monitor
(for Console)
256-color display
File system
FAT or NTFS
Network
TCP/IP network protocol
800 x 600 resolution
Additional component-specific requirements

The following requirements are specific to the PATROL for Microsoft Windows
Servers components shown.

To monitor network protocols and to use the following domain monitoring
parameters and management features, you must have the SNMP service installed:
42
NT_DHCP parameters
WpReplicationFailures parameter
executing the WINS Database Scavenging menu command
As a default, the SNMP service is configured to accept SNMP packets from any host.
If the service is configured to accept packets from hosts, then the local host IP address
or hostname must be added to the list of hosts. It is not sufficient to add localhost or
the loopback address 127.0.0.1.
At a minimum, the SNMP community string must have READ permissions. To
initiate the WINS Database Scavenging menu command, the community string must
have WRITE permissions as well.
On Windows 2000 servers, the community string must be an ASCII character string.
Microsoft Windows 2000 does not support non-ASCII characters in community
strings.
For the NT_DHCP application class to work, the default PATROL Agent account
must have full access to %PATROL_HOME% and all subdirectories. On Windows
2003 and later, the default PATROL Agent account must also be a member of the
DHCP Users group.
PATROL KM for Microsoft Windows OS

This section contains additional requirements for using the PATROL KM for
Microsoft Windows OS.
Process monitoring
To monitor processes, the PATROL Agent must have access to the following hive and
all sub-keys:
HKLM\SOFTWARE\Microsoft\WindowsNT\perflib
Event log monitoring

To discover event logs, the PATROL Agent must have access to the following hive
and all sub-keys:
HKLM\CurrentControlSet\Services\Eventlog\
PATROL Agent 3.6 or later has access. No additional configuration is needed.

PATROL KM for Microsoft Windows Active Directory now requires the PATROL
KM for Microsoft Windows Operating System 3.9.20 or later for full support. If you
are running a release earlier than 3.9.20, the KM fails prediscovery and writes a
message to the mwd.log file, as well as to the system output window (SOW). If you are
running 3.9.x, the KM is discovered, but the Event Log parameters are not available.
Chapter 2
43
PATROL KM for Windows Active Directory requires that the Event Log component
of PATROL KM for Microsoft Windows Servers is active. By default the Event Log
component is active. For more information, see Configuring Windows events
monitoring on page 106.
PATROL for Windows Servers monitors Microsoft Windows Active Directory only
when Microsoft Windows Active Directory is running on domain controllers.
PATROL KM for Microsoft Windows Active Directory supports the Read Only
Domain Controller support on Microsoft Windows 2008.
PATROL default account required permissions

Monitoring replication within the configuration naming context requires that the
PATROL Agent defaultAccount have sufficient Active Directory permissions to
create a container object and child container objects in the configuration naming
context of the forest in which the domain controller resides. The account must have
full control of the created objects.
The PATROL Agent defaultAccount must be granted permission to Create Container
Objects in the Configuration NC and to give Full Control to the created container
object and its children.
Monitoring replication within the domain naming context requires that the PATROL
Agent defaultAccount have sufficient Active Directory permissions to create a
container object and child container objects in the domain naming context of the
domain in which the domain controller resides. The account must have full control of
the created objects.
The PATROL Agent defaultAccount must be granted permission to Create Container
Objects in each Domain NC and to give Full Control to the created container object
and its children.

PATROL KM for Microsoft COM+ now requires the PATROL KM for Microsoft
Windows Operating System 3.9.10 or later for full support. If you are running a
release prior to 3.9.10 the KM is discovered, but the Event Log parameters are not
available.
44

The PATROL KM for Microsoft Cluster Server requires that NT_BASE.kml or
NT_LOAD.kml is loaded. These files are included with PATROL KM for Microsoft
Windows OS.
BMC Software recommends that you preload NT_BASE.kml or NT_LOAD.kml on the
cluster agent machine. For more information about preloading, see Preloading KMs
on the PATROL Agent on page 96.

Remote Monitoring
The local node (or member server) provides a client view of the Active Directory
objects. The data provided for each managed node is collected within the context of
the domain of which the managed node is a member.
To display information about Active Directory objects, the managed node must meet
the following requirements:
PATROL Agent 3.6.00 or later must be installed.

Default account for the PATROL Agent must be a domain user account.

To use PATROL Adapter for Microsoft Office, you must load a supported version of
Microsoft Excel. To see which versions of Microsoft Excel are supported, see the
Release Notes for the version of PATROL Adapter for Microsoft Office that you are
installing or have installed.
Chapter 2
45
Accounts
This section describes how to set up a PATROL installation account for Windows.
PATROL Agent default account

PATROL requires a dedicated user account, known as the PATROL Agent default
account, in the Windows environment. The PATROL Agent default account must
exist in the Windows environment before you install PATROL. The PATROL Agent
default account can be either a local or a domain account:
Stand-alone workgroup servers must use a local user account as a PATROL Agent
default account.
Servers that are trusted members of a domain can use either a local or a domain
account.
Domain controllers must use a PATROL Agent default account that is also a
domain account.
NOTE
If you are not using the PATROL Agent default account as a Console connection account, you
will need to have the Log on locally account rights for the connection account.
PATROL Agent first tries to log on locally; if this fails, it tries to connect to the console by
using the network login rights.
KM functions performed
The PATROL Agent uses the PATROL Agent default account to perform the
following KM functions:
46
collect information from performance counters

collect information from the Windows event log
self-tune for peak performance and non-intrusive use of the processor
access system-level information
make debug-level output available from the PATROL KM applications
access the command interpreter for operating-system-level commands
create and remove processes in the process table for collecting performance data
Advanced user rights

To enable the PATROL Agent to perform these advanced functions, the PATROL
Agent default account might need the advanced user rights shown in Table 9. These
rights are not used during installation, but the PATROL Agent requires these rights
to operate and perform certain functions after installation. The installation utility
automatically grants these rights to the PATROL Agent default account.
Table 9
Advanced user rights
Advanced User Right
Agent Dependency
Act as part of operating system
enables PATROL to perform as a secure, trusted

part of the operating system
Debug programs
enables PATROL to debug low-level objects
Increase quotas
enables PATROL to increase object quotas
Log on as a service
allows the PATROL Agent to be started as a

service so that it will start on system boot
Log on locally (Windows 2000)

Allow log on locally (Windows 2003)
allows PATROL to log on at the computer
Manage auditing and security log
allows PATROL to monitor the Security event

log
Profile system performance
enables PATROL to use the Windows profiling

capabilities
Replace a process level token
enables PATROL to modify a security access

token for a process
Administrative rights
BMC Software recommends that you make the PATROL Agent default account a
member of the local Administrators group of the computer where the agent will
reside. On a domain controller, BMC Software recommends that you make the
account a member of the domain Administrators group.
However, you can choose to remove the PATROL Agent default account from the
local or domain Administrators group. You could also remove the advanced user
rights described in Table 9 on page 47. However, if you do so, the PATROL Agent
cannot perform all of its tasks. Table 10 on page 48 shows the PATROL for Microsoft
Windows Servers tasks that the Agent cannot perform when the following
restrictions are placed on the PATROL Agent default account:
The account is in a domain user group or local user group, but is not in the domain
or local administrators group.
The account does not have all of the advanced user rights noted in Table 9 on
page 47.
Chapter 2
47
Table 10
Removing rights and admin group membership from the PATROL Agent (Part 1 of 3)
KM
Effect
Workaround and notes
PATROL KM for
Windows Operating
System
Restart Service recovery action does not

execute. Message in system output
window indicates access denied and
inability to restart service.
The PATROL Agent default account

must be in the local or domain Admins
group. Granting a specific user right is
not a valid workaround.
If the PATROL Agent default account

lacks the Debug Programs right, cannot
monitor the status of processes.
Add the Debug Programs right to the

PATROL Agent default account.
Membership in the Administrators
group not needed.
The Terminate Process and Restart

Process recovery actions do not work.
Add the Debug Programs right to the

Backup Event Log and Clear Event Log

recovery action does not work.
Add the user right Backup files and

directories to the PATROL Agent
default account. For the security event
log, you must also add the user right
Manage auditing and security log.
Logical disk quotas and mount points

do not work.

group.
The Clean Temporary Directories

recovery action does not execute.
Assign read/write permissions on the

temp directory to the PATROL Agent
Default account.
Unable to monitor the security event

log. The NT_EVENTLOG application
displays a message in the
_DiscoveryStatus parameter.
Add the user right Manage auditing and

security log to the PATROL Agent
default account.
Blue Screen KM unable to detect a blue

screen condition.

group. Granting a specific user right is
not a valid workaround.
48
Table 10
KM
Effect
PATROL KM for
Microsoft Windows
Active Directory
AD disk space used does not work.
Grant the PATROL Agent default

account the following permission on
the DSA Working Directory and its
subdirectories: List Folder Contents/Read
Data.
The KM reads the registry to obtain the
DSA Working Directory. It needs
access to the following registry keys
and subkeys:
HKEY_LOCAL_MACHINE\SYSTEM\
CurrentControlSet\Services\NTDS
Configuration NC replication checking

does not work.

account sufficient Active Directory
permissions to create a container object
and child container objects in the
configuration naming context of the
forest in which the domain controller
resides.
Grant the PATROL Agent
defaultAccount permission to Create
Container Objects in the Configuration
NC and to give Full Control to the
created container object and its
children.
Domain NC replication checking does

not work.

account sufficient Active Directory
permissions to create a container object
and child container objects in the
domain naming context of the domain
in which the domain controller resides.
Grant the PATROL Agent
defaultAccount permission to Create
Container Objects in each Domain NC
and to give Full Control to the created
container object and its children.
PATROL KM for
Microsoft Cluster Server
The cluster KM does not function. No

authentication to the cluster can be
performed.
Chapter 2
To be fully functional, the agent outside

of the cluster can be in the admin group
and contain all of its rights, while the
agents within the cluster are removed
from the administrators group and do
not have the seven advanced user
rights. The monitoring user account
does not have the Logon As Batch Job
user right.
49
Table 10
KM
Effect
PATROL KM for
Microsoft Windows
Domain Services
Shares are not monitored. Parameters

are not discovered.
Add the PATROL Agent default

account to the Account Operators, Print
Operators, or Server Operators built-in
group.
The Increase connections allowed o

Share recovery action associated with
the ShConnPercent parameter does not
work.

account to the Account Operators, Print
Operators, or Server Operators built-in
group.
DFSRootReplica does not work when

checking alternate domain controller.
Parameters are unavailable and in
alarm.
Grant the advanced user right log on

locally to the PATROL Agent default
account.
On Windows 2003, the NT_DHCP

application class does not work.

account to the DHCP Users group.
Creating a separate account

Although you can use an existing Windows user account, BMC Software
recommends that you create a separate Windows user account for PATROL.
WARNING
Do not use a built-in Windows domain or local Administrator account as the PATROL default
account. Such account usage causes files created by PATROL to be owned by the
Administrator, which could result in security or file access problems.
PATROL KM for Microsoft Cluster Server account

The PATROL KM for Microsoft Cluster Server can be configured to use an external
cluster-level agent or an internal cluster-level agent (CLA). The account the KM uses
to connect to and manage a cluster depends upon which configuration you use.
Regardless of which configuration you use, however, the configuration must have the
following characteristics:
cluster account must be a domain account

cluster account must have access permission to the cluster
all local agents in the cluster must use the same port number
An external CLA configuration requires a user-defined cluster account separate from

the PATROL default account. This account must have cluster administrative
privileges. The PATROL MCS Monitor Service (McsService.exe) also runs under this
account.
50
An internal CLA configuration can use either a separate user-defined cluster account
(a domain account with cluster administrative privileges) or, when certain
requirements are met, it can use the PATROL default account.
When installed, if the PATROL KM for Microsoft Cluster Server does not discover a
separate cluster account, it checks the PATROL agent default account for the
following required characteristics:
it must be a domain account

it must have permission to access the cluster
If these requirements are in place, the Cluster KM uses the PATROL agent default
account to access the cluster and to communicate with the agents running on all other
nodes in the cluster, and the PATROL MCS Service runs under this account.
This account information is not replicated to other nodes so, if you want the Cluster
KM to use the PATROL agent default account to monitor the cluster, these
requirements must exist for every PATROL agent default account on every node in
the cluster.
To discover the PATROL KM for Microsoft Cluster Server you require the Logon as a
batch job privilege for cluster account and PATROL Default Account.
Console connection accounts

BMC Software recommends that you create a separate account, in addition to the
PATROL default account, for PATROL console operators who do not need
administrative privileges. Operators can use this account to connect the console to the
agent. If you want to configure KMs from the console, however, the console
connection account may need administrative rights. For more information, see
Requirements for configuring from the PATROL Console on page 99.
Virtual machine support

VMware provides technology that creates virtual infrastructures by providing a layer
of abstraction between the computing, storage, and networking hardware, and the
software that runs on it. This technology enables customers to run additional
operating systems in multiple windows called virtual machines. BMC Software does
not anticipate problems with the PATROL product family in virtual infrastructure
implementations, but products within these families have not been specifically tested
in this scenario. BMC Software will provide support for problems that are
reproducible without these complementary technologies.
Chapter 2
51
Preparing for installation

BMC Software recommends that you first install PATROL for Windows Servers on a
limited number of development or test machines, then configure and test PATROL
for Windows Servers before installing it onto production machines.
Before you install, you must
ensure that pop-up blocking software is turned off before installation (see page 52)
determine if you are using an unsupported platform option in the installation
utility user interface (see page 52)
determine the extraneous target platform options available in the installation
utility user interface (see page 53)
check for product patches or fixes before installing (see page 53)
verify if you are installing PATROL Agent on top of an existing installation (see
page 54)
determine the order in which you must extract the installation files after download
(see page 54)
determine how to install products (see page 53)
ensure you are using the appropriate version of the installation utility (see page 54)
understand where to install the PATROL Agent and KMs (see page 54)
understand PATROL security options (page 56)
choose between Default and Custom installation options (see page 57)
Turning off pop-up blocking software before installing

Before installing the PATROL for Microsoft Windows Servers solution or any of its
components, you must turn off pop-up blocking software. Pop-up blocking software
interferes with the functioning of the installation utility.
Unsupported platform option in the installation utility user

interface
If you use the installation utility to build an installable image, the Windows NT 4.0
(Intel) platform option is also displayed in the Select Platforms dialog box. This
platform is not supported by the PATROL for Microsoft Windows Servers solution.
52
WARNING
Do not select the Windows NT 4.0 (Intel) platform when building an installable image.
Extraneous target platform options available in the

installation utility user interface
If you use the installation utility to build an installable image, the following
extraneous target platform options are displayed in the Select Platforms dialog box:
Windows NT 4.0 (Intel)

Above Windows 2003 (Intel)
Above Windows 2003 (Itanium)
Above Windows 2003 (Opteron/EM64T)
None of the preceding platforms are supported by the PATROL for Microsoft
Windows Servers solution. Do not select these target platforms when building an
installable image.
Checking for product patches or fixes before installing

Product fixes or patches are often available through the BMC Software Web site.
Patches correct problems that are found after a product is released. BMC Software
recommends that you check the product page for PATROL for Windows Servers on
the BMC Software Customer Support Web page to determine whether a patch is
available before you begin installing a product.
Determining how to install products

You can install products on the computer on which you are running the installation
utility (local installation), create an installable image of products, use the -serveronly
option, or use the Distribution Server. An installable image is a fully configured
product image that you can use to install products to multiple computers. With an
installable image, you can create one product image with one pass through the
installation utility and then use that image to install to remote computers in your
environment.
For more information about creating, distributing, and installing installable images,
and about using the ctltool, see the PATROL Installation Reference Manual.
Chapter 2
53
Determining the version of the installation utility

The version of the installation utility included on the CD or Electronic Product
Download (EPD) image you use to install this product might differ from a version
included on another product CD or from a version that you downloaded from the
BMC Software Electronic Product Download (EPD) website. You should use the
version of the installation utility that comes with the product that you are installing.
To determine the version of an installation utility, perform the following steps:
1 Open a command prompt.

2 Navigate to the directory where the installation utility is located.
3 Enter Setup.exe -v (Windows) or setup sh -v (UNIX).
Determining where to install the PATROL Agent

Install the PATROL Agent on each computer that you want to monitor. When
installing the PATROL Agent, select Managed System as the system role during the
installation.
Installing the PATROL Agent over an existing installation

If you are installing the PATROL Agent over an existing installation, any manual
modifications that you made to the agent.reg file are not applied to the new
installation. You must manually reapply the modifications after the new installation.
Extracting installation files after download

This section is relevant only if you downloaded the PATROL for Microsoft Windows
Servers solution from the BMC Electronic Product Download (EPD) website,
http://www.bmc.com/ega/.
When extracting multiple components that you downloaded from the BMC EPD
website, you must extract them in the order shown:
1. installation utility (always extract first)
2. PATROL KM for Event Management
54
3. PATROL History Loader KM

4. PATROL KM for Log Management
5. PATROL Perform Agent for Microsoft Windows Servers
6. PATROL Agent for Microsoft Windows Servers
7. PATROL for Microsoft Windows Servers (always extract last)
EXAMPLE
If you downloaded the following components, you must extract them in this order:
1. installation utility (extract first)
2. PATROL KM for Log Management
3. PATROL Agent for Microsoft Windows Servers
4. PATROL for Microsoft Windows Servers (extract last)
Determining where to install KMs

You install the KMs to multiple target computers in the PATROL environment. Each
target computer requires different KM related files and information, depending on
the computers system role in the PATROL architecture. When you run the
installation utility on a target computer, you must select the appropriate system role
for that computer. The installation utility then installs the appropriate files to that
target computer based on the system role selected.
Install KMs that you want to use on
Computers hosting a PATROL Agent

Each computer that you want to monitor should, at a minimum, have the PATROL
Agent and the PATROL KM for Microsoft Windows OS. You might want to install
other KMs to monitor specific server types such as Exchange Servers, Microsoft
SQL Servers, Domain Controllers, Cluster Servers, Terminal Servers, and so on.
When installing these KMs on the PATROL Agent computer, select Managed
System as the system role during the installation.
Computers hosting a PATROL console

Install every KM that you want to use on each PATROL console computer.
Chapter 2
55
PATROL Security levels
When installing these KMs on a PATROL console computer, select Console Systems
as the system role during the installation.
Computers hosting a PATROL Console Server

If you use the PATROL Console Server, install every KM that you want to use on
the PATROL Console Server computer. Install the same KM and the same version
of the KM that is running on the PATROL Agents.
When installing these KMs on a PATROL Console Server computer, select Common
Services as the system role during the installation.
For more information about the PATROL consoles and PATROL Console Server or
RTserver, see the products respective online help systems and the following
documents:
PATROL Central Operator - Web Edition Getting Started

PATROL Central Operator - Microsoft Windows Edition Getting Started
PATROL Console Server and RTserver Getting Started
PATROL Configuration Manager User Guide
PATROL Console for UNIX User Guide
PATROL Console for Microsoft Windows User Guide - Understanding the Basics of
PATROL, Volume 1, 2, and 3
PATROL Security levels

You can secure the data passed between PATROL components and restrict
unauthorized users from accessing your data by implementing PATROL security.
You can select from five security levels when you install PATROL.
Agents, console servers, and consoles must operate at the same security level to
communicate with each other. When you install agents, console servers, or consoles
that need to communicate with previously installed versions of these components,
check the security level of the previously installed components and be sure to install
the new ones at the same level.
Checking security levels

To check the security level of a previously installed agent, console server, or console,
perform the following steps:
56
Default and custom installation types
1 From the command line switch to the path on the computer that you want to check:
%BMC_ROOT%\common\security\bin\Windows-x86
2 Run the following command to display the security policy of the current machine:
esstool policy -a
The security level is displayed in the security level field of the output.
Assessing and implementing a different security level

Review the security level definitions in the PATROL Security User Guide before
installing PATROL to determine the appropriate security level for your components.
If you want to implement a new security level after having previously installed
PATROL security, see the PATROL Security User Guide for instructions.
Default and custom installation types

The installation utility prompts you to select one of the following installation types:
The Default installation type uses default values for all optional configuration
information. It prompts you only for mandatory configuration information. This
type is for any or all of the following situations:
You are new to the PATROL product that you are installing and you have an
agent or console already installed in the default directories.
You are performing a first-time installation (you are not upgrading), and you
are installing into the default product installation directories.
NOTE
If you are installing PATROL for Windows Servers to an existing PATROL Agent or Console
environment that is not in the default installation directory, use Custom. Do not use Default.
Default will automatically install the agent or console with PATROL for Windows Servers and
overwrite your existing installation.
Chapter 2
57
First-time installation
With the Custom installation type, you can install individual components of the
product. It requires that you specify all configuration information. This type is for
any or all of the following situations:
You want to install individual components rather than the entire product.
You want to specify the following settings:
the port numbers that components use to communicate with each other
a security level greater than basic security
any other product settings that a user might want to change
You are upgrading PATROL for Windows Servers from a previously installed
version.
You are installing into an existing PATROL environment that is not in the
default installation directory.
With each installation type, you can always deselect any components that you do not
want to install.
The installation utility offers two types of installations: Default and Custom. For a
description of the two types of installations, see Default and custom installation
types on page 57.
Installing for the first time

You can install PATROL for Windows Servers using either the Default or Custom
installation type. Regardless of the type of installation you choose, you must repeat
this installation process for each computer on which you want to install PATROL for
Windows Servers.
NOTE
By default, the Default installation type configures the PATROL Agent to connect through
port 3181. If you want to connect the agent from a different port, you must use the Custom
installation type.
Before you begin
58
You first should install on a limited number of computers in the test environment,
test the installation thoroughly, and then install in your production environment.
You must have created the PATROL default account.
If you want to install PATROL for Windows Servers on a computer running

Windows 2000 with Citrix Metaframe, you must have access to a second computer
that runs a browser that is supported by the installation utility.
To install using the default installation type

1 Close the Service Control Manager window and the Control Panel window.
2 From the PATROL for Microsoft Windows Servers CD or from an installation
image that has been electronically downloaded from an EPD site and extracted,
run setup.exe.
When installing on a Windows Server in application mode or with Citrix
Metaframe installed, perform the following steps to launch the installation utility:
A From a command line, change to the directory where the installation utility is
located and enter the following command to change to installation mode:
change user/install
B Enter the following command to start the installation Web server

setup.exe -serveronly
A message box is displayed that shows the URL to use to connect to the
installation Web server.
C On another computer with a browser, start the browser.

D Connect to the installation Web server from the browser to start the installation
utility by using the URL that is displayed in the message box on the computer
on which you are installing the product.
3 In the Welcome to the Installation Utility window, click Next to begin your
installation.
4 Review the license agreement, select Accept, and click Next to continue.
5 In the Select Installation Option window, select I want to install products on this
computer now and click Next to continue.
6 In the Select Type of Installation window, select Default and click Next to continue.
7 In the Specify Installation Directory window, accept the default directory and click
Next to continue.
Chapter 2
59
8 In the Select System Roles window, select any or all of the following roles to
indicate the components that you want to install and click Next:
If you are installing to a computer that hosts or will host only a PATROL
Console for Windows, select Console Systems.
If you are installing to a computer that hosts or will host a PATROL Agent,
select Managed Systems.
If you are installing to a computer that hosts or will host the PATROL Central
Operator Web Edition, or the PATROL Console Server select Common Services.
9 From the Select Products and Components to Install window, select components
that you want to install or accept the defaults and click Next.
10 In the PATROL Default Account Properties window, enter the user name and
password that you want to use for your PATROL default account and click Next.
This window is displayed only when you are installing a product that requires a
PATROL logon.
You should have created this account manually before you began to install
PATROL. (For more information, see Accounts on page 46.)
11 In the Review Selections and Install window, review your selections and, to make
changes, click Back or, to start installing, click Start Install.
A status window opens that contains current messages, current milestones, and
percentage complete.
12 When the status window reports that the installation is 100% complete, click Next
to view the results window. (Next does not appear until the installation is 100%
complete.)
13 (Optional) In the results window, click View Log to review the details of the
installation.
14 Click Finish to close the installation utility.

To install using the custom installation type
1 Close the Service Control Manager window and the Control Panel window.
2 From the PATROL for Microsoft Windows Servers CD or from an installation
image that has been electronically downloaded from an EPD site and extracted,
run setup.exe.
60

Metaframe installed, perform the following steps to launch the installation utility:
change user/install
B Enter the following commands to start the installation Web server:

setup.exe -serveronly
C On another computer with a browser, start the browser.

utility by using the URL that is displayed in the message box on the computer
on which you are installing the product.
3 In the Welcome to the Installation Utility window, click Next.

4 In the Review License Agreement window, review the license agreement, select
Accept and click Next.
5 In the Select Installation Option window, select I want to install products on this
computer now and click Next.
6 From the Select Type of Installation Window, select Custom and click Next.
7 In the Specify Installation Directory window, enter the directory where the
products that you select will be installed and click Next.
The PATROL product directory is appended to the path that you enter in this step.
You will specify the PATROL product directory in step 10 on page 62.
8 In the Select System Roles window, select any or all of the following roles to
indicate the components that you want to install and click Next:
If you are installing to a computer that hosts or will host a PATROL Console,
select Console System.
If you are installing to a computer that hosts or will host a PATROL Agent,
select Managed System.
If you are installing to a computer that hosts or will host the PATROL Central
Operator Web Edition or the PATROL Console Server, select Common Services.
Chapter 2
61
For more information about the PATROL consoles and PATROL Console Server or
RTserver, see the following documents:
PATROL Central Operator Web Edition Getting Started

PATROL Central Operator Microsoft Windows Edition Getting Started
PATROL Console Server and RTserver Getting Started
9 From the Select Products and Components to Install window, select the items that
you want to install, and click Next.
10 In the Provide the PATROL 3.x Product Directory window, enter in the PATROL
3.x Product Directory field the directory in which you want to install PATROL for
Windows Servers as appropriate for your installation.
This directory is appended to the base directory path that is shown in the BMC
Products Installation Directory field entered in step 7 on page 59.
11 If the PATROL Default Account Properties window appears, enter the user name
and password that you want to use for your PATROL default account and click
Next. This window is displayed only when you are installing a product that
requires a PATROL logon.
You should have created this account manually before you started the installation
process. (For more information, see Accounts on page 46.)
12 In the Complete the Confirm BMC Product Startup Information window, perform
the following steps (this window does not appear if you are not installing into a
managed system):
A In the Specify the Current Agent Port Number field, enter the port number that
you want the PATROL Agent to use. The default is 3181.
NOTE
If your previous installation used a different port number, change the default to the
current port number for the PATROL Agent.
B In the Restart the PATROL agent automatically? field, click Yes or No.
13 In the Review Selections and Start Install window, review the selections and, to
make changes, click Back or, to start installing, click Start Install.
14 When the status window reports that the installation is 100% complete, click Next
to view the results window. (Next does not appear until the installation is 100%
complete.)
62
First-time installation using Distribution Server
15 (Optional) In the results window, click View Log to review the details of the
installation.
16 Click Exit to close the installation utility.
First-time installation using Distribution

Server
The PATROL for Windows Servers can be installed locally to a single computer or
remotely to multiple computers using the Distribution Server.
The details of how to install a product across an enterprise to multiple machines by
using Distribution Server are beyond the scope of this book. However, this section
does describe how to import the PATROL for Windows Servers product into the
Distribution Server. It also provides a high-level overview of the enterprise
installation process.
Distribution Server features

You use the Distribution Server to perform remote installations or uninstallations of
BMC Software distributed systems products across multiple systems from a central
location.
With the Distribution Server you can perform the following actions:
Install, uninstall, upgrade, and reinstall products on remote systems from one
central location.
Create collections of products and system groups to distribute multiple products

to multiple systems in one distribution.
Schedule a distribution for a specific date and time.
Maintain multiple product versions to be distributed.
View reports to check distribution status, gather distribution data, and diagnosis
problems.
To import PATROL for Windows Servers into the Distribution Server, perform the
following tasks: Importing a CD or customized installation package into
Distribution Server on page 64.
Chapter 2
63
Importing a CD or customized installation package into

Distribution Server
This task describes how to import components into the Distribution Server for
deployment to multiple locations.
Before you begin
The customized installation packages that resulted from Creating an installation

package of the migrated and merged KM on page 72 must be accessible to the
Distribution Server.
Ensure that you use the Distribution Server version 7.1.01 or later.
To import components in to the Distribution Server

1 Using the Distribution Server Manager, connect to the Distribution Server.
2 In the Distribution Server tab area, click the Components tab.
3 In the list area, click the Import button.
4 Navigate to the location where the components are located and click Next.
5 Select the directory that contains the Products directory (do not select the Products
directory itself).
If the components are not accessible on a local drive, you can specify them by using
the NFS name and path.
EXAMPLE
Assuming that you copied the CD image into a directory called merged_CD and then, after
migrating your customizations and creating a customized installation package, you copied the
updated package to the directory containing the CD image, the resultant directory structure
would resemble merged_CD\Products\pokchm. You would select the directory
merged_CD.
6 Select the check boxes for the components that you want to import and click OK.
7 Click Import to import the selected components.
64

To remotely install PATROL for Windows Servers throughout your enterprise, use
the instructions in the Distribution Server Getting Started Guide. For an overview of that
process, see Installing with the Distribution Server (overview).
Installing with the Distribution Server (overview)

Once you have imported the PATROL for Windows Servers into the Distribution
Server, you must perform the following tasks within the tool. The tasks can be
grouped into three stages.
To set up products
1 Import components into the Distribution Server repository on the Components tab
of the Distribution Manager.
2 Arrange components in collections on the Collections tab of the Distribution

Manager.
3 Configure the collections on the Configurations tab of the Distribution Manager.

To set up systems
1 Create accounts in the operating system of the computers to which you want to
distribute PATROL for Windows Servers.
2 Add accounts and create profiles for the systems on the Systems tab of the
Distribution Manager.
3 Add the systems and install the Distribution Client on the Systems tab of the
Distribution Manager.
4 Arrange systems in system groups on the Systems tab of the Distribution Manager.
To distribute products
1 Distribute configurations of collections to system groups on the Distributions tab of
the Distribution Manager.
2 Run reports to review distributions on the Reports tab of the Distribution Manager.
For detailed instructions about how to perform remote installations with the
Distribution Server, see the Distribution Server Getting Started Guide.
Chapter 2
65
Upgrading from an earlier version

If you have a previous version of PATROL for Windows Servers installed on the
target computer, you have the following options for upgrading to the new version of
PATROL for Windows Servers:
Upgrading without saving KM customizations on page 70

Upgrading and preserving KM customizations on page 70
Figure 1 on page 69 describes the general process of upgrading to a new version of

PATROL for Windows Servers and migrating any customizations.
Automatic migration of console and agent customizations

Only customizations to Knowledge Modules must be migrated.
Whether you choose to save and migrate your KM customizations or not, the
customizations you have made to the following components are preserved and
incorporated into the new version automatically:
agentsstored in the agent configuration file

consolesstored in the console cache files
NOTE
Customized Knowledge Modules and PSL files are also stored in the cache but they are not
automatically preserved and incorporated.
Determining whether you can migrate KM customizations

Before migrating customizations, you must determine whether or not your
customizations to PATROL for Windows Servers can be migrated to the new version
of PATROL for Windows Servers. See Table 11 to determine whether migration is
supported for your current version of PATROL for Windows Servers.
Table 11
Versions that you can migrate (Part 1 of 2)
Component
Version
PATROL for Windows Servers
2.1.01 and later
PATROL KM for Windows Operating

System
3.7.00 and later
PATROL KM for Windows Domain Services 1.1.00 and later
66
Table 11
Versions that you can migrate (Part 2 of 2)
Component
Version
PATROL KM for Microsoft Windows Active

Directory
1.5.00a, 1.5.01 and later
1.5.02 and later
2.7.08 and later
1.1.00 and later
1.1.00 and later
1.2.00 and later
PATROL Wizard for Microsoft Performance

Monitor and WMI
2.0.04 and later

If you created .km files and parameters using
an older version of this component, they will
continue to work, even after loading the new
KM.
When the PATROL KM for Microsoft Windows Active Directory is installed on a server that
has PATROL KM for Windows Domain Services 1.3.00, 1.4.00, or 1.4.01 installed, the
application classes that begin with NT_AD are automatically disabled. These disabled
application classes are recorded in the configuration variable /AgentSetup/disabledKMs.
Conditions for upgrading

Use Table 12 to help you choose an upgrade procedure.
Table 12
Choosing an upgrade procedure
Use this procedure

Upgrading without saving KM
customizations
Upgrading and preserving KM

customizations
If you have this situation
have not made any customizations to the KM files in your previous

version of PATROL for Windows Servers
want to overwrite customizations you made to the KM files with the

default values of the new version of PATROL for Windows Servers
have a currently installed version of PATROL for Windows Servers

that cannot be migrated (See Table 11 on page 66)
made customizations to the KM files in your previously installed version

of PATROL for Windows Servers and want to save those customizations
and migrate them to the new version of PATROL for Windows Servers
Chapter 2
67
Determining the location of PATROL

During the installation process, the PATROL installation utility records where it
installs PATROL components in environment variables. To function properly,
various components of the PATROL product require the information stored in these
variables. Two important variables are PATROL_HOME and PATROL_CACHE.
Throughout this section, all references to PATROL_HOME represent
%PATROL_HOME% and all references to PATROL_CACHE represent
%PATROL_CACHE%.
Default values for PATROL location variables

If you do not specify a location for the PATROL installation, the installer uses the
following pre-programmed default locations and stores these locations in
environment variables.
Table 13
Default values for PATROL location variables
Variable
Default value
PATROL_HOME
C:\Program Files\BMC Software\<PATROL_directory>
PATROL_CACHE
%HOMEDRIVE%\%HOMEPATH%\<PATROL_directory>
Viewing environment variables set by PATROL

To view the value of PATROL_HOME, PATROL_CACHE and other environment
variables, perform the following procedure:
Using the control panel

1 Select Control Panel using one of the following menu paths:
Start => Settings => Control Panel.

Start => Control Panel.
2 Open the System application.

3 Select the Advanced tab.
4 Click Environment Variables.
5 Scroll through the System Variable list box to view the variables.
The System application displays PATROL_CACHE only if it is set to a value other
than its default value.
68
PATROL for Windows Servers upgrade scenarios
PATROL for Windows Servers upgrade

scenarios
Figure 1 illustrates the following PATROL for Windows Servers upgrade scenarios.
Figure 1
not migrating customizations

migrating customizations manually
migrating customizations then installing the product using one of the following
tools:
Common Installation Utility for local installations
Distribution Server for remote installations
Upgrading overview for PATROL for Windows Servers

Upgrading without saving KM customizations on page 70
No
Saving
customizations?
Installing over an
existing PATROL for
Windows Servers
installation?
Yes
Shut down agent and

console, remove previous
version from
PATROL_CACHE and
PATROL_HOME directories
on agent and console
computer.
Install PATROL for

Windows Servers using
instructions in
Installing for the first
time on page 58
Yes
No
No
Can you migrate?
Determining whether you can migrate KM customizations on

page 66
Yes
migrating
manually
Import merged package into the Distribution Server and start installer using instructions in
Importing a CD or customized installation package into Distribution Server on page 64.
Migrating customizations manually on page 74

Back up PATROL_HOME
and PATROL_CACHE
directories and note all
customizations.
Shut down agent and console,

remove previous version of the
product from PATROL_CACHE
and PATROL_HOME directories
on agent and console
computers.
Chapter 2
Install PATROL for

Windows Servers using
instructions in on
page 58.
Manually change settings

or PSL files to match your
customizations for the
previous version.
69
Upgrading without saving KM customizations

If you do not want to save any customizations of .km files, PSL code, alarm
thresholds, or events, you can simply install the new version of PATROL for
Windows Servers over your previous version after moving or deleting PATROL for
Windows Servers files from the PATROL_CACHE. See First-time installation on
page 58 for instructions.
NOTE
Customizations applied using PATROL Configuration Manager or operator overrides are
automatically saved in the agent configuration database. They will take effect automatically
unless the parameter name or application name has changed. In either of those cases, you
must reapply the customizations.
When installing PATROL for Microsoft Windows Servers over an existing version, if
you stop PATROL services manually (not normally required) before running the
installation program, stop the PatrolAgent service (PatrolAgent.exe) first, followed by
any other PATROL services.
Upgrading and preserving KM customizations

Use the appropriate task in this section if you want to upgrade to the new version of
PATROL for Windows Servers and you want to preserve any customizations you
have made to the .km files in the previous version of PATROL for Windows Servers.
You must first migrate your customizations from the old version of PATROL for
Windows Servers to the new version, and then install the result into your
environment. You should complete this process on a limited number of computers in
the test environment first, test the merged KMs thoroughly, and then deploy them to
your production environment.
NOTE
To upgrade and preserve customizations, you must either migrate your customizations
manually or use the PATROL Migration Tools version 3.5 to create a customized installation
package. If you are using the Distribution Server to install the merged customization package,
ensure that you have the latest version of the product installed as well as any available
patches.
70
Preparing to upgrade
Whether you are upgrading and migrating customizations or simply upgrading, you
must first back up the current installation. If the .kml file or any of the .km files for the
new version of PATROL for Windows Servers has a different file name from the
previous version, you must remove those files from the list of KMs that are preloaded
on the PATROL Agent.
Before you begin

If you plan to migrate your customizations, determine whether you can migrate from
a previous version of PATROL for Windows Servers. See Table 11 on page 66 to
determine whether migration is supported for your current version of PATROL for
Windows Servers.
To back up the current installation

Back up your customizations so that you can restore the current installation if you
want to roll back your upgrade.
1 Shut down any PATROL Agents, consoles, and related services that are currently
running.
2 Ensure that no one is accessing any PATROL files or directories.

3 Perform a full backup of the directories where PATROL files are typically stored.
These directories are listed in the following table:
File type
Directory
executables and data
PATROL_HOME for agent and console installation directories
console customizations
PATROL_CACHE for the console working cache

If you are migrating customizations manually, go to Migrating customizations
manually on page 74.
Chapter 2
71
Migrating customizations with the PATROL Configuration

Manager
BMC Software recommends that if you have customized KMs that these
customizations should be migrated to PATROL Configuration Manager rulesets.
PATROL Configuration Manager rulesets allow you to manage customizations to
KMs, depending on the type of customization.
If you have localized parameters or global parameters that have customized poll
times or thresholds, use the AS_CHANGESPRING KM to migrate these
customizations into PATROL Configuration Manager rulesets as described in the
PATROL Configuration Manager User Guide.
If you have created custom recovery actions, follow these steps:

1. Ensure that you have made a record of your customizations and have backed up
the customized files in the PATROL_HOME and PATROL_CACHE directories.
2. Uninstall the old version of PATROL for Microsoft Windows Servers.
3. Install the new version of PATROL for Microsoft Windows Servers as described
in the section Installing for the first time on page 58.
4. Ensure that you have made a record of your custom recovery actions.
5. Use the Recovery Action Event Management commands as described in the
PATROL Configuration Manager User Guide to migrate your custom recovery
actions to the PATROL Configuration Manager.
Creating an installation package of the migrated and merged

KM
After you have migrated and merged your customizations, you must create an
installation package that can be used with the installation utility to install locally on
one computer or with Distribution Server to install remotely on multiple computers.
1 Copy the entire contents of the PATROL for Windows Servers CD to a temporary
directory on a hard drive on a server. You can delete this temporary directory after
you have successfully created an installable image.
2 Navigate to the packaged_results directory for the merged package and open the
.ppf file with a text editor. Write down the file name in the first line of the .ppf file.
This file name is the name of the directory that you will look for in the Products
directory of the CD image.

72
3 Rename the packaged_results directory with the file name that you found in the .ppf
file in the previous step.
EXAMPLE
If pokckm/8.5.00/030107-233044 was listed in the first line of the .ppf file, you would use
pokckm as the directory name.
4 Copy the renamed directory to the Products directory of the temporary directory
that you used in Step 1. You will be replacing the files there with the merged files
that contain your customizations.
5 Copy the PATROL for Windows Servers CD image to the server that you will use
to install PATROL for Windows Servers.
Remove the files in the PATROL_CACHE directory by following the instructions in

Moving files from the PATROL_CACHE directories.
Install PATROL for Windows Servers from the target server by following the
instructions in Installing for the first time on page 58.
Import the customized version of PATROL for Windows Servers into the
Distribution Server by following the instructions in Importing a CD or
customized installation package into Distribution Server on page 64.
Moving files from the PATROL_CACHE directories

Before you install, you must move the current PATROL for Windows Servers files
from the PATROL_CACHE directory for the console. If you do not, old product files
in PATROL_CACHE are loaded instead of the newly installed files from
PATROL_HOME.
Copy the PATROL for Windows Servers files with the naming patterns shown in
Table 14 to a directory outside the PATROL installation and delete them from
PATROL_CACHE\knowledge and PATROL_CACHE\psl:
Table 14
KM file naming patterns (Part 1 of 2)
Component
Naming pattern
NT_*
PATROL*
RECOVERY*
Com*
PATROL KM for COM+
Chapter 2
73
Table 14
KM file naming patterns (Part 2 of 2)
Component
Naming pattern
MQ*
MSMQ*
MSDM*
NT_*
NTD_*
AD*
MWD*
PATROL for Microsoft Cluster Server
MCS*
AS*
EVENT*
PATROL Wizard for Microsoft Performance Monitor and

WMI
LOG*
PMG*
H*.km
H*.psl
History-*
History_Loader*
Hist*
COM_DEB_*
COM_STAT_*
NT_WMI*
NT_PERFMON*
Migrating customizations manually

If you have made customizations to the PATROL Script Language (PSL) code, you
must manually migrate those customizations. This task contains a procedure for
manually migrating each kind of customization.
To migrate customizations to KM files manually

1 Ensure that you have made a record of your customizations and have backed up
the customized files in the PATROL_HOME and PATROL_CACHE directories.
2 Uninstall the old version of PATROL for Windows Servers.

3 Install the new version of PATROL for Windows Servers as described in the
section Installing for the first time on page 58.
4 Identify and record the coding changes, which represent your customizations, in
PATROL for Windows Servers by comparing the content of the ASCII files in the
newly installed PATROL for Windows Servers version with the content of the
customized ASCII files with the same name that is saved in the directory to which
you moved the old version.
74
Installing PATROL KM for Microsoft Cluster Server
5 Incorporate your customizations to the new PATROL for Windows Servers by

performing the following steps:
A Restart the PATROL console.

B Load the newly installed PATROL for Windows Servers.
C Using a PATROL developer console, enter the customizations that you
identified in step 4 on page 74, one by one.
To migrate customized PSL code

Customizations made to PATROL Script Language (PSL) code are not automatically
migrated. These customizations may be embedded in .km files or stored in separate
.psl files. Migrate these customizations manually, using the following guidelines:
If you modified .psl files that were shipped by BMC Software, you must manually
re-edit the PSL code in the new KM by using a PATROL developer console to
reapply your changes.
If you modified PSL code embedded in a .km file, that code will be overwritten
when you install a new version of the product. You must manually edit the new
.km files by using a PATROL developer console to reapply your changes.
If you created a new PSL file (not shipped by BMC Software) outside of a .km file,
Installing PATROL for Microsoft Cluster Server
Installing PATROL KM for Microsoft Cluster

Server
Install the PATROL KM for Microsoft Cluster Server component only if you plan to
monitor and manage a Microsoft server cluster.
The PATROL KM for Microsoft Cluster Server can monitor your Micrososft Cluster
Server environment using an external cluster-level agent or an internal cluster-level
agent (CLA). To help you decide which of these options is best for your environment,
Table 15 on page 76 provides you with the characteristics of each of these options.
Chapter 2
75
Table 15
Monitoring configuration options for PATROL KM for Microsoft Cluster

Server
Monitoring
configuration
Characteristics
external CLA
The following statements apply to an external CLA configuration:
internal CLA
allows you to use the same CLA to monitor multiple clusters

maintains both the configuration and history files outside of the
cluster; history is not interrupted during a failover
requires a CLA computer that resides outside of the cluster
The following statements apply to an internal CLA configuration:
monitors only the underlying cluster

does not provide an uninterrupted history; configuration and history
files are stored on a local drive and, therefore, are not shared with the
new quorum owner after a Cluster Group failover
automatically replicates the configuration information to all the nodes
in the cluster
does not require a computer that resides outside of the cluster to run
the CLA
allows the KM to use the PATROL agent default account when certain
requirements are satisfied
easier to set up and configure
External cluster-level agent architecture

The external CLA uses a three-tier architecture, as shown in Figure 2 on page 77, and
has components that you install inside and outside of a cluster. The external CLA
uses a cluster-level agent machine that resides outside the cluster to collect data from
the cluster nodes in all of the clusters you monitor.
Although the external cluster-level agent can monitor one or more clusters, BMC
Software recommends that you monitor no more than ten clusters from one clusterlevel agent for performance reasons. A cluster can be monitored by only one clusterlevel agent.
76
Figure 2
PATROL KM for Microsoft Cluster Server with external CLA configuration
Install the PATROL KM for

Microsoft Cluster Server and a
PATROL Console here.
Cluster 2
Cluster 1
Node 1
Node 1
Cluster-level
agent computer
Install the PATROL

KM for Microsoft
Cluster Server, PATROL
Agent, and OS KM here.
Install the PATROL KM for

Microsoft Cluster Server, and
PATROL Agent here.
Install the PATROL

KM for Microsoft
Node 2
Node 2
Install the PATROL

KM for Microsoft
Install the PATROL

KM for Microsoft
Internal cluster-level agent architecture

The internal CLA uses a two-tier architecture, as shown in Figure 3.
Figure 3
PATROL KM for Microsoft Cluster Server with internal CLA configuration

Install the PATROL Console here.
Cluster 1
Node 1 - quorum owner
Node 2
Install the Agent,

MCS KM, and
Microsoft Windows
OS KM on all nodes
in the cluster
While the PATROL KM for Microsoft Cluster Server (MCS KM) is loaded on all of the
agents on all of the nodes in the cluster, only the MCS KM on the quorum-owning
node actively monitors the cluster.
Chapter 2
77
How to Install the PATROL KM for Microsoft Cluster Server

Before you begin installing the PATROL KM for Microsoft Cluster Server, you must
have the following completed:
know the user name and password of the cluster connection account
installed the PATROL KM for Microsoft Windows OS and loaded the
NT_BASE.kml
installed the PATROL Agent
Cluster connection account

For each cluster, the cluster connection account (specified in the cluster
administrator) must have the appropriate permissions and trusts to establish a
session with the cluster. For more information about the cluster account, see
PATROL KM for Microsoft Cluster Server account on page 50.
You can verify that the cluster connection account has the appropriate permissions by
logging into the cluster-level agent with the selected account and connecting to the
cluster with either the Microsoft Cluster Administrator GUI or the cluster.exe
command-line tool.
For information about how the PATROL Agent supports an application in a cluster
environment and what type of failover tolerance the agent provides, see the PATROL
Agent Reference Manual.
Support for Quorum Configurations in a failover cluster

PATROL KM for Microsoft Cluster Server has added support for the Microsoft
Windows server 2008 cluster.
NOTE
If you use Windows Server 2008 as an external CLA, you must install Failover Clustering tools
from Server Manager. By default, the cluster.exe is not present in Windows 2008 non-cluster
computer.
Support for external CLA
78
Node and File share Majority

Node and Disk Majority
Node Majority
No Majority: Disk only
Considerations for using online Help
Support for internal CLA
No Majority: Disk only
Installation process
The PATROL KM for Microsoft Cluster Server installation process consists of the
following tasks:
WARNING
Do not load the PATROL KM for Microsoft Cluster Server on a virtual agent.
1 Install the following components on each cluster node:
PATROL Agent
PATROL KM for Microsoft Windows
2 This task is only required if you are using an external CLA. Install the following
components on each computer that contains an external cluster-level agent:
PATROL Agent
3 Install the PATROL KM for Microsoft Cluster Server on the computer that has
your PATROL Console. This component can exist on the same computer as the
external cluster-level agent or on a cluster node.

If you plan to install the UNIX version of PATROL for Windows Servers on a
PATROL Console for UNIX, you must install the supported version of the Help
browser separately if it is not already installed.
Chapter 2
79
Browser version required for viewing PATROL Console for

UNIX Help
The appropriate one of the following browsers is required to view PATROL Help in
PATROL version 3.x:
UNIX: Netscape Navigator version 3.01 through 4.78

Red Hat Linux: Netscape Navigator version 4.x
PATROL Help does not support Netscape Navigator 6.0.
Installation requirement
You must install Netscape Navigator on the computer where the PATROL console
resides. You can install Netscape anywhere on your UNIX computer as long as the
binary is in the path.
Download location
Netscape Navigator is supplied by Netscape Communications Corp. You can locate
the browser at http://home.netscape.com/download.
Additional considerations for using online Help for UNIX

When you select Help from the PATROL Console for UNIX, it may take a few
seconds for the Help browser to launch. Two windows will be displayed. First, the
Netscape Navigator window is displayed as an icon, and then a browser window that
contains the Help is displayed.
In addition, you must be aware of the following restrictions:
80
Netscape Navigator displays warning messages when it is invoked multiple times

within the same user account because of its file-locking mechanism. It will,
however, continue functioning.
By default, when Netscape Navigator starts, it uses a private color map. As a

result, you might experience color flashing on your workstation. If so, you can set
the value of PATROL_BROWSER so that the colormap option is not specified.
However, some subsequent color requests might fail and the online Help will be
improperly displayed.
The Exceed for Windows product by Hummingbird Communication Ltd. may not
always display the Help files properly.
Consult your Netscape Navigator documentation for specific platform requirements

and restrictions.
Required environment variables settings for the browser

The LANG, PATH, and PATROL_BROWSER environment variables must be set for
the Help browser to run properly. The following sections describe these variables.
LANG variable
The UNIX LANG environment variable must be set to C so that Netscape Navigator
will work properly. Otherwise, you might experience product failures.
Type of shell
Export command for LANG variable
Bourne
LANG=C
export LANG
Korn
export LANG=C
setenv LANG=C
PATH variable
The PATROL user account PATH variable must contain the location of the directory
containing the Netscape files. If the directory containing the Netscape files is not in
the path, add the directory to the PATROL user account path.
This requirement applies only to the PATROL user account on the PATROL console
computer.
Type of shell
Export command for PATH variable
Bourne
PATH=$PATH:/netscape_location
export PATH
Korn
export PATH=$PATH:/netscape_location
setenv PATH=$PATH:/netscape_location
PATROL_BROWSER variable
When PATROL starts the Help browser, it uses the command in the
PATROL_BROWSER environment variable. As a default, the PATROL_BROWSER
environment variable contains the following command:
Chapter 2
81
Type of shell
Export command for PATROL_BROWSER variable
Bourne
PATROL_BROWSER=netscape -display $DISPLAY -install -iconic

export LANG
Korn
export PATROL_BROWSER=netscape -display $DISPLAY -install iconic
setenv PATROL_BROWSER=netscape -display $DISPLAY -install iconic
To use different arguments, set the value of PATROL_BROWSER to the appropriate

string.
EXAMPLE
For a Korn shell:
export PATROL_BROWSER=/usr/local/bin/netscape -raise
82
Uninstalling PATROL for Windows Servers

To uninstall PATROL for Windows Servers, you can use the Windows Add/Remove
Programs functionality or the installation utility that you used to install the product.
WARNING
If you use a different version of the installation program to uninstall the product than the
version that you used to install the product, you might remove files that are needed to
perform uninstallation of other BMC Software products.
Determining the version of the installation utility

To determine the version of the installer, perform the following procedure.
1 Access a command prompt and navigate to the appropriate location:

(Windows) <BMC_ROOT>\Uninstall
(UNIX) <BMC_ROOT>/Uninstall
2 Type the following command and press ENTER.

(Windows) uninstall.exe -v
(UNIX) ./uninstall.sh -v
Uninstalling PATROL for Windows Servers on Windows

You can use the option that is appropriate for what you want to uninstall to uninstall
PATROL for Windows Servers. The following procedures describe how to uninstall
products from a Windows environment and all related log files.
Chapter 2
83
To uninstall individual products

1 From the Uninstall directory in your BMC Software product installation directory,
double-click uninstall.exe to launch the installation utility in uninstall mode.
NOTE
As an option, you can launch the installation utility in uninstall mode by choosing Start =>
Settings => Control Panel => Add/Remove Programs and double-clicking BMC Software
Tools in the Add/Remove Programs Properties dialog box.

Metaframe installed, perform the following steps to launch the installation utility
in uninstall mode:
change user/install
B Change to the Uninstall directory and enter the following command to start the
installation Web server:
uninstall.exe -serveronly
C On another machine with a browser, start the browser.

utility by using the URL that is displayed in the message box.
The Welcome window is displayed. Click Next.
2 Select the installation directory from which you want to remove a product, and
click Next.
3 Select the product or products that you want to uninstall, and click Next.
4 Review your selections and click Uninstall.
After the uninstallation is complete, a window is displayed that tells you whether
the uninstallation was successful.
84
To retain log files and configuration files

This task describes how to uninstall the PATROL product but retain log files, which
contain history for future analysis, and configuration files for redeployment.
1 Uninstall all products as described in To uninstall individual products on

page 84.
2 Locate the uninstall.ctl file in the following directory.

%PATROL_HOME%\Uninstall\Install\instdata
3 Open the uninstall.ctl file in a text editor, and edit the /BMC/Base variable to specify
the name of the directory from which you removed the products in step 1.
4 Open a command line prompt.

5 Change to the following directory.
%PATROL_HOME%\Uninstall\Install\ instbin
6 Enter the following command.

thorinst.exe -uninstall path to control file -log path to log file -output path to output log file
Use the following table to help determine the log file and output log file locations:
Option
Description
Value
-log
sends the log information to a standard

log file
any valid path and file name (with a .txt

extension)
This file contains all installation status

information.
If a space exists in the path, the entire

path must be enclosed in quotation
marks.
sends the log information to an output

log file
any valid path and file name (with a .txt

extension)
-output
This file contains all messages about the If a space exists in the path, the entire
progress of the installation that are
marks.
normally sent to standard output.
Chapter 2
85
Example
If C:\Program Files\BMC Software is your product installation directory, you would
change to the C:\Program Files\BMC Software\Uninstall\ Install\instbin directory and
enter the following command:
thorinst.exe -uninstall C:\Program Files\BMC
Software\Uninstall\Install\instdata\uninstall.ctl -log
Z:\NetworkLogs\MyLogs.txt -output Z:\NetworkLogs\MyLogs.out
This action would remove all installation files and directories except those that are
used by the utility at the time the uninstallation was performed. Log files,
configuration files, and user-modified files would also be retained.
To uninstall all log files and configuration files

This task describes how to remove all PATROL products and related log files and
configuration files from your Windows computer. Once these files have been
removed, you cannot recover them unless you have made a back-up copy of the
installation.
1 Uninstall all products as described in To uninstall individual products on

page 84.
2 Locate the uninstall-all.ctl file in the following directory.

%PATROL_HOME%\Uninstall\Install\instdata
3 Open the uninstall-all.ctl file in a text editor, and edit the /BMC/Base variable to
specify the name of the directory from which you removed the products in step 1.
4 Open a command line prompt.

5 Change to the following directory.
%PATROL_HOME%\Uninstall\Install\instbin
6 Enter the following command.

thorinst.exe -uninstall path to control file -log path to log file -output path to output log file
86
Use the following table to help determine the log file and output log file locations:
Option
Description
-log
sends the log information to a standard any valid path and file name (with a
.txt extension)
log file
-output
Value
This file contains all installation status

information.
If a space exists in the path, the entire

marks.
sends the log information to an output

log file
any valid path and file name (with a

.txt extension)
This file contains all messages about the If a space exists in the path, the entire
progress of the installation that are
normally sent to standard output.
marks.
Example
If C:\Program Files\BMC Software is your product installation directory, you would
change to the C:\Program Files\BMC Software\Uninstall\Install\instbin directory and
enter the following command:
thorinst.exe -uninstall C:\Program Files\BMC
Software\Uninstall\Install\instdata\uninstall-all.ctl -log
Z:\NetworkLogs\MyLogs.txt -output Z:\NetworkLogs\MyLogs.out
This action would remove all installation files and directories. The files that were
used to perform the uninstallation will be marked for deletion and will be removed
when the computer on which the products were uninstalled is rebooted.
Chapter 2
87

The following table lists other topics and where you can find them:
Topic
Source of Information
overview of the PATROL for Windows

Servers features
Chapter 1, Product components and capabilities
setting up and configuring PATROL for Chapter 3, Loading and configuring PATROL for
Windows Servers
Microsoft Windows Servers, and PATROL for
Windows Servers component online Help
88
instructions about how to access the

KM menu commands, InfoBoxes and
online Help
Appendix A, Accessing menu commands,

InfoBoxes, and online Help
information about PATROL for

Windows Servers configuration
variables and predefined rulesets
Appendix B, Agent configuration variables and

rulesets
listing of the KM included with each

PATROL for Windows Servers
component
Appendix C, PATROL for Microsoft Windows

Servers .kml files
step-by-step procedures and detailed

descriptions of the applications,
parameters, and InfoBoxes
PATROL for Windows Servers component online

Help
Chapter
Loading and configuring PATROL for

3
This chapter provides information about how to begin using and configuring the
PATROL for Microsoft Windows Servers components. The following topics are
discussed in this chapter:
Preparing to use PATROL for Windows Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Loading and preloading KMs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Loading the PATROL for Microsoft Windows Servers KMs . . . . . . . . . . . . . . . . . 93
Preloading KMs on the PATROL Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Requirements for configuring from the PATROL Console. . . . . . . . . . . . . . . . . . . 99
Configuring the PATROL KM for Microsoft Windows OS. . . . . . . . . . . . . . . . . . . . . 103
Enabling and disabling system monitoring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Configuring Windows events monitoring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Configuring service monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Configuring process monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Creating custom parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Viewing event logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Configuring Blue Screen monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Notifying when disks are not present . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Providing nonaggregate values for a drive instance . . . . . . . . . . . . . . . . . . . . . . . 128
Configuring recovery actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
About recovery actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
Built-in native recovery actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Configuring built-in native recovery actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Configuring e-mail notification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Using notification scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Defining notification servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Assigning notification servers for the remote agents. . . . . . . . . . . . . . . . . . . . . . . 140
Assigning notification targets for a PATROL alert. . . . . . . . . . . . . . . . . . . . . . . . . 142
Configuring the PATROL KM for Microsoft Active Directory . . . . . . . . . . . . . . . . . . 143
Configuring PATROL Wizard for Microsoft Performance Monitor and WMI . . . . 144
Loading the PATROL Wizard for Microsoft Performance Monitor and WMI . 144
Creating performance monitor parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Setting alarm thresholds. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
Chapter 3 Loading and configuring PATROL for Microsoft Windows Servers
89
Creating WMI parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146

Configuring the PATROL KM for Log Management . . . . . . . . . . . . . . . . . . . . . . . . . . 149
Stop and start monitoring all default log files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
Stop monitoring a log file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
Start monitoring a log file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Change the setup of a monitored file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Filter log file messages (create a search string) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Generate a custom event when a search string is identified . . . . . . . . . . . . . . . . . 162
Configure recovery actions for a log file. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
Configuring the PATROL KM for Microsoft Cluster Server . . . . . . . . . . . . . . . . . . . . 167
Using the PATROL Adapter for Microsoft Office to view reports . . . . . . . . . . . . . . . 169
Displaying PATROL data by using the PATROL Adapter for Microsoft Office 169
How to use the PATROL Adapter for Microsoft Office . . . . . . . . . . . . . . . . . . . . . 170
Built-in report templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
Removing KMs from your console and agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
Unloading KMs from a PATROL console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
Stopping preloaded KMs from running on the PATROL Agent . . . . . . . . . . . . . 176
90
Preparing to use PATROL for Windows Servers

NOTE
In this chapter, the term Knowledge Module (KM) is usually equivalent to a .kml file. A .km
file is equivalent to an application class, which is a subset of a KM or .kml file.
If PATROL for Windows Servers has not been installed, see Chapter 2, Installing
and migrating PATROL for Windows Servers. After installing, return to this section
for information about how to configure the components.
Before configuring the PATROL for Windows Servers components, you should verify
that the following software requirements are met:
A supported version of a PATROL Console version 3.x and PATROL for Windows
Servers must be installed on the computer you want to use for the PATROL
Console.
A supported version of the PATROL Agent and PATROL for Windows Servers
must be installed on the computer you want to monitor and manage.
If you are using PATROL Central Operator Microsoft Windows Edition or

PATROL Central Operator Web Edition, the KMs that you want to use must be
installed on the computer hosting the PATROL Console Server.
NOTE
For supported versions of PATROL products, see the release notes for the version of PATROL
for Microsoft Windows Servers that you are installing.
You should also verify that you have access to all required information about the
monitored domain controllers or Windows servers.
EXAMPLE
If you want to monitor the operating system, ensure that you have the PATROL Console and
the PATROL KM for Windows OS installed on the console machine and the PATROL Agent
and the PATROL KM for Windows OS installed on the agent machine.
91
Loading and preloading KMs

When you load a KM from the PATROL Console for Windows or the PATROL
Console for UNIX, the KM files are loaded on all the PATROL Agents to which the
console is connected. The KM icons appear in the console, usually under each agent
icon, during discovery. Each PATROL Agent then collects data based on the
instructions defined in the KM.
Preloading KMs is a PATROL Agent feature that causes KM files to continue to run
on the agent when no consoles are connected. KMs that are not preloaded collect data
only while a PATROL console is connected to the PATROL Agent.
Determining which KMs to load

Before you can use the KMs that you have installed, the KM files must be loaded into
the PATROL console so that the products applications, commands, and parameters
appear in the PATROL console. Table 16 lists the KM files in this product that you can
load. You can find the steps for loading KM files in Loading the PATROL for
Microsoft Windows Servers KMs on page 93.
Determining which KMs to preload

Preloaded KMs collect data as long as the PATROL Agent runs, even when no
PATROL console is connected. When you view a preloaded KMs data collection
history, you will not see any gaps that would otherwise occur (because of the
consoles absence).
By default, no .kml files are preloaded on the PATROL Agent. To use the .kml files
described in Table 16, add them to the preload list for the appropriate PATROL
Agents and load them on the console. You can find the steps for loading and
preloading KMs in the following sections:
Table 16
Loading the PATROL for Microsoft Windows Servers KMs on page 93

Preloading KMs on the PATROL Agent on page 96
PATROL for Microsoft Windows Servers .kml files (Part 1 of 2)
.kml file
Component
Description
COM.kml
loads application classes to monitor

COM+ packages
HISTORY.kml

PATROL KM parameter history
MSMQ.kml
PATROL KM for Microsoft Message

Queue

Microsoft Message Queue (MSMQ)
92
Table 16
PATROL for Microsoft Windows Servers .kml files (Part 2 of 2)
.kml file
Component
Description
NT_LOAD.kml
PATROL KM for Windows OS
loads application classes to monitor the

operating system
NT_BASE.kml
NT_HYPER-V.kml
MWD_ACTIVE_Dire PATROL KM for Windows Active
ctory_MN.kml
Directory
loads the application classes to monitor

Active Directory
NTD.kml
PATROL KM for Windows Domain

Services
loads application classes to monitor the

domain controller resources
MCS_Load.kml
PATROL KM for Microsoft Cluster Server loads application classes that are used to
monitor Microsoft server clusters
NT_PERFMON_WIZ PATROL Wizard for Microsoft

ARD.kml
Performance Monitor and WMI
loads application classes that are required

to use the PATROL PerfMon and WMI
Wizard
EVENT_MANAGEM PATROL KM for Event Management

ENT.kml
loads application classes required to

configure alerts, such as e-mail or paging
notifications
LOG.kml
loads application classes required to

configure log monitoring
Loading the PATROL for Microsoft Windows Servers KMs

This section provides instructions for loading the PATROL for Microsoft Windows
Servers KMs on each of the PATROL consoles.
Before you begin

Make sure you have met the following requirements:
the components that you want to load on the agent and console computers are
installed
the agents to which you want to load components are running
the PATROL Console is running
93
To load KMs on the PATROL Console for Windows Servers

1 Choose File => Load KM from the PATROL Console menu bar.
2 Select one or more of the .kml files in Table 16 on page 92 that correspond to the
components that you want to load. For detailed information about the application
classes that are loaded with these .kml files, see PATROL for Microsoft Windows
Servers .kml files on page 278.
3 Click OK.
NOTE
If you have installed PATROL KM for Microsoft Windows OS over a previous version, the
first time you load the KM, several minutes may be required to migrate forward existing
configuration settings. If the KM icons do not appear within 10 minutes, open and read the
information in the PATROL system output window.
NOTE
Unless you are an advanced PATROL user, use the .kml files to load product component
files. Loading individual .km files can break the interdependencies between the .km files.
To load the KM on a PATROL Console for UNIX

1 Choose File => Load KM from the PATROL Console menu bar.
2 Select one or more of the .kml files in Table 16 on page 92 that correspond to the
components that you want to load. For detailed information about the application
classes that are loaded with these .kml files, see PATROL for Microsoft Windows
Servers .kml files on page 278.
3 Click Open.
NOTE
If you have installed PATROL KM for Microsoft Windows OS over a previous version, the
first time you load the KM, several minutes may be required to migrate forward existing
configuration settings. If the KM icons do not appear within 10 minutes, open and read the
information in the PATROL system output window.
NOTE
Unless you are an advanced PATROL user, use the .kml files to load product component
files. Loading individual .km files can break the interdependencies between the .km files.
94
To load the KM on PATROL Central Operator - Windows Edition

1 In the Common Tasks tab of the Operator Console Module Taskpad, click the Load
Knowledge Module(s) icon.
PATROL Displays the Load Knowledge Module(s) Wizard.
2 To start the wizard, click Next.

3 From the Managed System screen, select the managed system that you want to
load KMs on.
4 From the Knowledge Modules screen, select the KMs that you want to load. For
detailed information about the application classes that are loaded with these .kml
files, see PATROL for Microsoft Windows Servers .kml files on page 278.
5 Click Finish.
The KMs that you selected are loaded on the managed system, added to your
management profile, and displayed in the PATROL Central Operator tab.
To load the KM on PATROL Central - Web Edition

PATROL Central - Web Edition has a Loading KMs feature that enables you to
control which KMs are loaded on which computers.
1 From the Monitored Systems page, click the Load/Unload KMs button.
The Load KMs page opens, listing each computer on which a PATROL Agent has
been installed.
2 Select the computers on which you want to load KMs, and click Next.
The Load KMs page displays a list of available .km and .kml files.
If you selected more than one computer, the only .km and .kml files that are listed
are the ones that have been installed on all of the selected computers. If a particular
.km or .kml file was installed only on one computer, you must choose that
computer by itself to load the file.
3 Select the .km or .kml files that you want to load.

4 Click Finish.
PATROL loads the selected KMs on the selected computers.
95
NOTE
If you want to load a .km or .kml file that was not listed in Step 2, ensure that the KM is
installed on the appropriate computer and select only that computer in Step 2.
Preloading KMs on the PATROL Agent

If you want your KMs to continue collecting data even when no console is running,
you must preload your KMs on the PATROL Agent. A preloaded KM is a KM that is
loaded by the PATROL Agent at startup and runs as long as the PATROL Agent runs.
To preload a KM, add it to the agents preload list. You can update the preload list by
using one of these methods:
use the PATROL Configuration Manager to apply one of the predefined rulesets to
the PATROL Agent (see PATROL for Microsoft Windows Servers rulesets on
page 252)
using the wpconfig or xpconfig utility
Preloading using the wpconfig utility

This section describes how to use the wpconfig utility to preload KMs on the
PATROL Agent. For information about the wpconfig ir xpconfig utility, see the
PATROL Agent Reference Manual.
Before you begin
The PATROL Agent must be running.
The wpconfig utility must be installed on a computer that can access machines that
are running the PATROL Agent over the network.
You must have permission to modify the configuration change file (.cfg).
To use wpconfig to preload a KM from the PATROL Console for Microsoft

Windows
1 From a Windows command window, type wpconfig.
The wpconfig window is displayed.
2 From the menu bar, choose Tools => Get Configuration.
96
The Get Configuration dialog box is displayed.
3 In the Host Name field, enter the name of a computer that is hosting the PATROL
Agent and click OK.
The wpconfig utility gets the PATROL Agents configuration.
4 In the left pane, click the AgentSetup folder.

The variables in the AgentSetup folder are displayed in the right pane.
5 Scroll down the variable list and double-click the preloadedKMs variable.
The Modify Variable dialog box is displayed.
6 In the Change Entries field, double-click the highlighted REPLACE line.

The Change Entry dialog box is displayed.
7 In the Type field, leave REPLACE.

8 In the Value field, use the comma-separated format without spaces to type the
names of the .kml files that you want to preload. See Appendix C, PATROL for
Windows .kml files for a list of the KMs that are available in this product.
For example, a valid and typical preloaded KMs list is as follows:
NT_BASE.kml,COM.kml,NT_PERFMON_WIZARD.kml
9 Click OK.
The Change Entry dialog box closes.
10 In the Modify Variable dialog box, click OK to close the box.

11 From the Tools menu, choose Apply Configuration.
The Apply Configuration dialog box is displayed, listing the PATROL Agent host
name to which you are connected.
12 Click OK to apply your updated configuration to the PATROL Agent.

13 Save your changes to the configuration change file by clicking the Save button.
14 Close the wpconfig window.
97
Using wpconfig to remove KMs from the Agent preload list

If you want to remove a KM or application class so that it no longer runs on the
PATROL Agent, remove the corresponding .kml or .km file from the agent preload
list, as described in this task.
Before you begin
The PATROL Agent must be running.
The wpconfig utility must be installed on a computer that can access machines that
are running the PATROL Agent over the network.
You must have permission to modify the configuration change file (.cfg).
To use wpconfig to remove a KM from the preload list in the PATROL Console
for Microsoft Windows
1 From a Windows command window, type wpconfig.
The wpconfig window is displayed.
2 From the menu bar, choose Tools => Get Configuration.

The Get Configuration dialog box is displayed.
3 In the Host Name field, enter the name of a computer hosting the PATROL Agent
and click OK.
The wpconfig utility gets the PATROL Agents configuration.
4 In the left pane, click the AgentSetup folder.

The variables in the AgentSetup folder are displayed in the right pane.
5 Scroll down the variable list and double-click the preloadedKMs variable.
The Modify Variable dialog box is displayed.
6 In the Change Entries field, double-click the highlighted REPLACE line.

The Change Entry dialog box is displayed.
7 In the Type field, leave REPLACE.
98
8 In the Value field, delete the .kml file names that you want to remove from the
preload list. See Appendix C, PATROL for Windows .kml files for a list of the
KMs that are available in this product.
9 Click OK to close the Change Entry dialog box.

10 Click OK to close the Modify Variable dialog box.
11 From the Tools menu, choose Apply Configuration.
The Apply Configuration dialog box is displayed.
12 Click OK to apply your updated configuration to the PATROL Agent.

13 Save your changes to the configuration change file by clicking the Save button.
14 Close the wpconfig window.
Requirements for configuring from the PATROL Console

When using the PATROL Console to configure or manage the PATROL KM for
Microsoft Windows OS, verify that the console connection account, the account that
you use to connect to the agent, meets the following requirements:
is a member of the local Administrators group on the agent computer

has the right Log on as a Batch Job assigned
If the console connection account does not meet these requirements, the features
described in Table 17 are not available.
Table 17
Console functionality that requires local admin rights (Part 1 of 5)
KM
Functionality
Menu command
Behavior
PATROL KM for
Microsoft Active
Directory
Running the AD
Operations report
AD Operations
Report
System Output details the need for a

sufficient connection account. One can
grant read/write permission to the
connection account to
%PATROL_HOME%\Patrol\tmp for
this to work or add the connecting user
to the Server Operators group on the
agent machine.
PATROL KM for
Microsoft Cluster
Server
Deleting account
information
Delete Access
Information
Message is displayed with failure to

remove account information.
99
Table 17
KM

Functionality
Menu command
Behavior
Availability Report
A blank report is displayed. This report

uses Agent history data. Give the
connecting account full access to the
%PATROL_HOME%\tmp directory
structure
Running a Server
Information report
with the Remote
Servers KM
Server Information
Report
A blank report is displayed. Give full

access to the %PATROL_HOME%\tmp
directory structure to the connecting
account.
Displaying
information about a
user using the Users
KM
Display User
Information
A blank report is displayed. Give the

connecting account full access to the
structure
Stopping or Starting
the WINS service
Start/Stop WINS
Service
A message is displayed detailing the

inability to access the resource. Add the
connecting account to the built-in
Administrators group on the Agent
machine.
Starting or stopping
the DFS service
Start/Stop DFS
Service
Message is displayed indicating inability

to access service. Add the connecting
account to the built-in Administrators
group on the Agent machine.
Running the DFS

Operations report
DFS Operations
Report
Report is blank. Give the connecting

account full access to the
structure, or add the account to the
Server Operators group on the Agent
machine.
PATROL KM for
Running an
Windows Domain availability report
Services
with the Remote
Servers KM
100
Table 17
KM

Functionality
Menu command
Behavior
Start/Stop Replica
DFS Service

Disconnecting DFS
users
View/Disc.
Connected Users
Users are not disconnected. Add the

PATROL Agent default account to the
Account Operators, Print Operators or
Server Operators built-in group.
Compressing the
DHCP database
Compress DHCP
Database

to access database. Add the connecting
the DHCP service
Start/Stop DHCP
Service

Stopping or Starting
the DNS service
Start/Stop DNS
Server Service
A message is displayed detailing the

inability to access the resource. Add the
connecting account to the built-in
Administrators group.
PATROL KM for
Windows Domain the DFS Replica
Services, continued service
Chapter 3
101
Table 17
KM
Functionality
Menu command
Behavior
PATROL KM for
Microsoft
Windows OS
Configuring Blue
Screen KM (NT_BSK)
system recovery
actions
Set System Recovery

Actions
A pop-up window displays a message

stating that the connecting user must
have administrator privileges.
Configuring Blue
Screen monitoring
(NT_BSK)
Configure BlueScreen You can use the three options provided

Monitoring
to configure the KM. The KM looks for
the crash dump file as well as the event
(ID 6008).
Configuring Windows Configure Operating

operating system
System Quotas
quotas
The KM prompts you to supply an

administrative account that includes the
user right Log on as batch job on the
PATROL Agent machine.
For more information, see Supplying an
impersonation account on page 103.
Managing Windows
services, such as
starting and stopping
services or changing
service startup
properties
Manage Windows
Operating System
Services

impersonation account on page 103.
Viewing the Windows Windows Event

security event log
Viewer
You can view event logs, other than the

security event log, but you cannot
change properties. Add the right Manage
Auditing And Security Log to the agent
account and the console connection
account.
Managing Windows
event logs

Windows Event
Viewer

impersonation account on page 103
Viewing server-based
reports
102
OS Reports
Blank Microsoft Excel spreadsheets are

displayed.
Configuring the PATROL KM for Microsoft Windows OS
Table 17
KM
Functionality
Menu command
Behavior
PATROL KM for
COM+
Starting or Stopping
the DTC
Start/Stop DTC
Service
Access Denied message is displayed.

Add the connecting account to the
built-in Administrators group on the
Agent machine.
Viewing application
properties
View application
properties
An unable to view message is displayed.

built-in Administrators group.
the MSMQ service
Start/Stop MSMQ
Service
Access Denied message is displayed.

built-in Administrators group on the
Agent machine.
PATROL KM for
MSMQ
Supplying an impersonation account

On Windows 2000, the user right Act as part of the operating system is also required by
the PATROL Agent when it impersonates an account. That is, when it uses an account
that you enter to perform the requested action. If the agent default account has this
right and it has the user right Log on as batch job, but PATROL still cannot perform the
request, you may need to also assign the user right Bypass traverse checking to the
Configuring the PATROL KM for Microsoft

Windows OS
The following section describes how to configure key features of the PATROL KM for
Microsoft Windows OS. For more detailed step-by-step configuration instructions,
see the PATROL KM for Microsoft Windows OS online Help.
For information about PATROL KM for Microsoft Windows OS configuration tasks,
see the referenced sections in Table 18 on page 104. For more information about
accessing KM menu commands, see Accessing KM commands and InfoBoxes on
page 216.
Chapter 3
103
Table 18
PATROL KM for Microsoft Windows OS configuration tasks
Tasks
Menu command
Page
configure Windows event

monitoring
From the PATROL Console, access the Windows Event

application and choose the KM menu command Configure
Windows Event Monitoring.
106
configure service monitoring From the PATROL Console, access the Services application
and choose the KM menu command Configure Service
Monitoring.
117
configure process
monitoring
From the PATROL Console, access the Processes application

and choose the KM menu command Configure Manual
Process Monitoring.
119
configure built-in recovery

actions
From the PATROL Console, access the host application and

132
choose the KM menu command Configure Recovery Actions.
create custom parameters
From the PATROL Console, access the CompositesColl

application and choose the KM menu command Create
Expressions.
125
view event logs
From the PATROL Console, access the Windows Event

application and choose the KM menu command Windows
Event Viewer.
125
configure blue screen

monitoring
From the PATROL Console, access the NT_BSK application

and choose the KM menu command Configure Blue Screen
Monitoring.
127
notify when disks are not

present
From the PATROL Console, access the NT_PHYSICAL_DISK_ 127

CONTAINER and the NT_LOGICAL_DISK_CONTAINER
applications and choose the KM menu command
Acknowledge.
Enabling and disabling system monitoring

This section describes how to enable and disable the monitoring of basic server
systems. By default, the monitoring for all discovered systems is enabled. To disable
or enable monitoring, use the menu command shown in Table 19. The menu
command displays a dialog that allows you to exclude or include systems from
monitoring. For additional instructions, click the Help button available on the dialog.
Table 19
Enabling and disabling system monitoring (Part 1 of 2)
System
Monitored by default
processors
all processors discovered on the From the PATROL Console, access the Processors application
system
and choose the KM menu command Enable-Disable
Processor Monitoring.
physical
disks
all physical disks discovered on From the PATROL Console, access the Physical Disks
the system
application and choose the KM menu command
Enable-Disable Physical Disk Monitoring.
104
To enable or disable
Table 19
Enabling and disabling system monitoring (Part 2 of 2)
System
Monitored by default
To enable or disable
logical
disks
all logical disks discovered on

the system
From the PATROL Console, access the Logical Disk

Enable-Disable Logical Disk Monitoring.
To monitor logical disks, PerfMon counters must be enabled.
For more information, see Monitoring logical or physical
disk drives.
pagefiles
all pagefiles discovered on the

system
From the PATROL Console, access the Pagefiles application

and choose the KM menu command Enable-Disable Pagefile
Monitoring.
event logs
all event logs listed in the

registry
From the PATROL Console, access the Windows Events

Enable-Disable Windows Event Log Monitoring.
To monitor the security event log, the PATROL Agent default
account must have the user right Manage auditing and security
log.
network
protocols
all network protocols that are

installed on the system
From the PATROL Console, access the Network Protocols

Enable-Disable Protocol Monitoring.
network
interfaces
all network interfaces

discovered on the system
From the PATROL Console, access the Network Interfaces

Enable-Disable Network Interface Monitoring.
printers
all printers discovered on the

system
From the PATROL Console, access the Printers application

and choose the KM menu command Enable-Disable Printer
Monitoring.
job objects
all job objects discovered on the From the PATROL Console, access the Job Objects application
system
and choose the KM menu command Enable-Disable Job
Object Monitoring.
Monitoring logical or physical disk drives

If no data appears for the NT_LOGICAL_DISK application class, run one of the
following diskperf commands from a command-line window to ensure that the
Microsoft diskperf counters are enabled:
diskperf -yv for Windows 2000 (restart required)
diskperf -y for Windows Server 2003 (no restart required)
For the platforms shown above, Microsoft requires that you restart the system after
running the diskperf command. For more information, see Microsoft Knowledge Base
article Q262937, PRB: RegQueryValueEx() May Not Return Disk Performance
Counters.
Chapter 3
105
Configuring Windows events monitoring

To monitor for specific Windows events, PATROL allows you to create event filters.
Event filters specify the type of events to monitor and how to monitor them. You can
create event filters by specifying the types of events that you want to monitor based
on the events source, ID, type, and content. However, before you can create a filter
for a Windows event, you must enable the monitoring of that Windows event log. If
the events you wnat to monitor have unregistered sources, but you can manually add
those events.
Once you have enabled the monitoring of the Windows Events, you can set up a filter
to scan the event log for specific events. For example, you might want to monitor the
WinMgmt events. The event filter options provided using the Configure Windows
Event Monitoring => Create Filter or => Modify Filter menu commands from a
Windows Event instance enable you to set up the monitoring of an event in many
different ways.
You can remove a Windows event filter at any time, and you can turn off an event
filter.
See the following topics for more information:
106
Enable and disable monitoring of Windows events on page 107

Display events with unregistered sources on page 107
Example: creating an event filter to monitor WinMgmt events on page 108
Event filter options on page 108
Turning off an event filter on page 116
Enable and disable monitoring of Windows events

Before you can create an event filter, you must enable the monitoring of the Windows
event log. By default, all Windows event logs are monitored if they are registered in
the Windows registry at the following location:
HKLM\SYSTEM\CurrentControlSet\Services\Eventlog
To enable or disable Windows event log monitoring, access the Windows Events
application and choose the KM menu command Enable-Disable Windows Event Log
Monitoring.
Display events with unregistered sources

When using the PATROL KM for Microsoft Windows OS graphical interface to create
an event filter, the events that you choose to monitor must have registered event
sources. Unregistered sources do not appear in the interface. To work around this
problem, follow these steps to display an unregistered source in the interface so that it
can be selected.
1 Using the Configure Windows Event Log Monitoring => Create Filter menu
command, create a new filter. In the Create Filter dialog box, select the Filter
Property - Source, and deselect the option to Automatically include new sources. This
sets the following agent configuration variable to 0:
/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config//EventLogMonitoring/eventlog/Ev
entFilters/filtername/IncludeAllSources
2 Using PATROL Configuration Manager or the wpconfig utility, manually add the
unregistered event source to the following agent configuration variable.
/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config//EventLogMonitoring/eventlog/Ev
entFilters/filtername/SourceList/list
3 Apply the change to the PATROL Agent.
Chapter 3
107
Example: creating an event filter to monitor WinMgmt

events
Assume that you want to create an event filter that monitors for the following events:
Table 20
Event filter events:example
Event
type
Event
Event source category
Event
ID
Error
WinMgmt
None
37
WMI ADAP was unable to load the

perfproc.dll performance library due to an
unknown problem within the library: 0x0
Error
WinMgmt
None
41
ADAP was unable to process the perfproc.dll

performance library due to a time violation in
the collect function
Error
WinMgmt
None
61
WMI ADAP was unable to process the

perfproc.dll performance library due to a time
violation in the open function
Description
You want to be notified immediately when these particular events occur. However,
you want to be notified only when the event is related to the perfproc.dll performance
library, not any other performance counter libraries.
In addition, you do not want to be flooded with events, so if these events are
generated multiple times within a short period, you want to be notified only once.
Finally, if these events are detected, you want PATROL to remain in alarm until the
alarm is acknowledged by an operator.
Using the Event filter options presented in the Configuring Windows Event Monitoring
=> Create Filter dialog boxes, you can create a filter with all of the properties proposed
in this example.
Event filter options

When you choose the Configure Windows Event Monitoring => Create Filter or =>
Modify Filter menu commands from a Windows Event instance, you are presented
with several filter options. Table 21 on page 109 provides you with the name,
description, and associated configuration variables for the event filter options you
can select.
108
Table 21
Event filter options (Part 1 of 8)
Option
Description
Configuration
variables
Filter name
A unique name that represents the event filter.
child_list
If you change the filter name, you will lose the historical data
stored under the old name.
For more
information, see
Using the child_list
variable on
page 267.
The filter name must contain fewer than 127 characters.

Description
A description of the event filter.
FilterDescription
You can change the description at any time.

Report the number If you select this option, PATROL monitors the number of
of events....
events that match the filter criteria during each collection cycle.
EventReport
Depending on which event types the filter monitors, the

following parameters are used to report this data:
Notify PATROL
immediately....
ELMError
ELMWarning
ELMInformation
ELMStatus
ELMSuccessAudit
ELMFailureAudit
ELMOtherTypes
NA
If you select this option, PATROL immediately updates the
appropriate parameter when an event matches the filter criteria.
following parameters are displayed in an alarm state when an
event matches the filter:
ELMErrorNotification
ELMFailureAuditNotification
ELMNotification (This parameter is active only when you
have selected both of the following options: Notify
immediately and consolidate event types. For more
information, see the description in Event Type tab section of
this table.)
ELMWarningNotification
For more information about these parameters, see the PATROL

KM for Microsoft Windows OS online Help.
Source filter properties
Source
Registered sources for which events can be monitored
NA
Select/Deselect
source(s) for this
filter
applications running on the server that PATROL is currently

monitoring
SourceList/list
Chapter 3
109
Table 21

Configuration
variables
Option
Description
Automatically
Include New
Sources
If you select this option, this event filter automatically monitors IncludeAllSources
any new applications that are added to the system
Disable Case
Sensitivity
If you select this option, the event filter makes filter comparisons FilterDisableCase
in a case-independent manner
Event Type filter properties

Select Event Types
to monitor
the Windows event types monitored by this event filter
EventType
Consolidate event
types...
If you select this option, events of different types (Warning,

Information, and Error, for example) are reported using one
parameter: ELMStatus (or ELMNotification if you have also
chosen to be notified immediately when the event occurs).
ConsolidateEventTy
pes
If you want to have separate parameters for each event type that
can alarm independently, deselect this option.
Event ID filter properties
EventIdList/list
Enter a Windows
The Microsoft Windows event IDs that you want to monitor
Event ID or a range with this filter.
of IDs
To specify a range of event IDs, separate the beginning and
ending of the range with a dash. For example, to monitor events
100 through 200, enter 100-200.
Include all
specifies that all of the Windows event IDs in the list are
Windows event IDs monitored by the event filter
in the list
IncludeAllEventIds
IncludeAllEventIds
specifies that all of the Windows event IDs except those in the
Include all
Windows event IDs list are monitored by the event filter
except those in the
Select this option when there are certain event IDs that you are
list
not interested in monitoring and you want to exclude them from
the event filter.
Event Handling filter properties
Annotate graph
parameter...
annotates the PATROL parameter graphs associated with this

event filter with information about the event
You can display the annotations by placing the cursor over the
graph data points.
110
Annotation
Table 21
Option
Description
Configuration
variables
Write event
details...
writes details about the events that occur to a parameter
EventReport

following parameters are used to report this data:
EvRptOfError
EvRptOfFailureAudit
EvRptOfInformation
EvRptOfStatus
EvRptOfSuccessAudit
EvRptOfWarning
ELMRptOfOtherTypes
ELMRptOfNotification (This parameter is active only when
you have selected both of the following options: Notify
immediately and consolidate event types. For more
information, see the description in Event Type tab section of
this table.)
For more information about these parameters, see the PATROL

KM for Microsoft Windows OS online Help.
Use event details...
saves information about the event in the agent configuration

variable RetainEventDescriptions so that you can use this
information in recovery actions
RetainEventDescripti
ons
For example, if you create a recovery action that generates an

e-mail when the event filter alarms, you could include the event
description in the e-mail.
If you do not use recovery actions or do not plan to use them,
deselect this option to limit use of the agent database space.
Chapter 3
111
Table 21
Option
Description
Report multiple
events...
When you select this option, PATROL reports a single event

when the event occurs many times within a short period.
Example
For example, if you select to report multiple events as one event
if 10 events occur within 3 seconds, then if 20 events occur in 2
seconds, the event filter generates an alarm. However, if only 5
events occur in 2 seconds, the event filter does not alarm.
Consolidating event types
If you select this option, event consolidation is also enabled.
This means that events of different types (Warning, Information,
and Error, for example) are reported using one parameter,
ELMStatus (or ELMNotification if you have also chosen to be
notified immediately when the event occurs).
Annotation details
Even though one data point may represent multiple events of
different types, the data point annotation contains information
about each of the events that occurred. For more information
about event consolidation, see the description for the Event
Type tab in this table.
Resetting to default setting
To return to the default setting, which is not reporting multiple
events as one event and not consolidating events, enter 0 as the
number of times that the event occurs.
112
Configuration
variables
ConsolidationNumbe
r and
ConsolidationTime
Table 21
Option
Acknowledge
Alarms
Configuration
variables
Description
Automatically change state to OK ...
AcknowledgeBy
If you select this option, PATROL returns the filter to an OK

state if the events you are monitoring do not occur during
the next collection cycle.
Remain in alarm until ...

If you select this option, PATROL keeps the filter in alarm
until an operator manually acknowledges the alarm.
Change state when the following event ...

If you select this option, PATROL changes the filter state
from an alarm state to an OK state when the criteria of a
second event filter are met.
Requirements for using: You must create an event filter
that monitors for the required event and select that event
filter from the drop-down list. In addition, the event filter
must be configured to notify PATROL immediately when an
event matches the filter criteria.
Advanced properties - Users

UserList/list
Enter the user
the user ID of a user whose events you want to monitor
associated with the
event
The user name cannot include commas. When entering a user
whose name includes special characters that are used in regular
expressions, such as a dollar sign ($), a period (.), a parenthesis
(), or a slash (/), you must escape each special character with a
slash. For example, if the user name is $Smith, you must enter
the category as \$Smith.
Include all users in specifies that all of the user IDs in the list are monitored by the
the list
event filter
Include all users
except those in the
list
IncludeAllUsers
specifies that all of the user IDs except those in the list are
monitored by the event filter
Select this option when there are certain user IDs that you are
the event filter.
Disable Case
Sensitivity
Chapter 3
113
Table 21
Option
Description
Configuration
variables
Advanced properties -- Category

Enter the category the event category that you want to monitor with this event
associated with the filter
event
Categories are defined by the application that generates the
event.
CategoryList/list
The category name cannot include commas. When entering a

category whose name includes special characters that are used
in regular expressions, such as a dollar sign, a period, or a
parenthesis, you must escape each special character with a slash.
For example, if the category name is (100), you must enter the
category as $100$.
Include all
categories in the
list
specifies that all of the categories in the list are monitored by the IncludeAllCategories
event filter
Include all
categories except
those in the list
specifies that all of the categories except those in the list are
IncludeAllCategories
Select this option when there are certain categories that you are
the event filter.
Disable Case
Sensitivity
Advanced properties - Strings

Enter strings
The text strings that you want to monitor with this event filter
StringList/list
The text string cannot include commas. When entering strings

which include special characters that are used in regular
expressions, such as a dollar sign ($), a period (.), a parenthesis
(), or a slash (/), you must escape each special character with a
slash. For example, if the user name is $Smith, you must enter
the category as \$Smith.
Include all strings
in the list
specifies that all of the strings in the list are monitored by the
event filter
StringList/list
Include all strings

except those in the
list
specifies that all of the strings except those in the list are
IncludeAllStrings
Select this option when there are certain strings that you are not
interested in monitoring and you want to exclude them from the
event filter.
Disable Case
Sensitivity
114
Table 21
Option
Configuration
variables
Description
Advanced properties - Enter a Regular Expression for Source

Enter a Regular
Expression for
Source
the regular expression that is used as a criteria for including or

excluding sources to be monitored with the Windows event
filter.
SourceList/list
If you have configured the sources for the filter and an event
occurs, the event is matched with the configured source list. If
the source generating the event does not exist in the configured
source list, the source generating the event is compared with the
specified regular expression.
For example, if the sources are Norton AntiVirus Client or
Symantec AntiVirus Client, the regular expression should be
configured as ^(Norton|Symantec) AntiVirus Client.
For more information about using regular expressions, see
Using regular expressions on page 120.
Advanced properties - Enter a Regular Expression for Event ID
the regular expression that is used as a criteria for including or
Enter a Regular
Expression for Event excluding event IDs to be monitored with the Windows event
ID
filter.
EventIdList/list
If you have configured the event IDs for the filter and an event
occurs, the event is matched with the configured event ID list. If
the event ID does not exist in the configured list, the event ID is
compared with the specified regular expression.
For more information about using regular expressions, see
Using regular expressions on page 120.
Chapter 3
115
Table 21
Option
Description
Configuration
variables
Advanced properties - Computer name

Computer name
enables you to create a filter that monitors events generated only ComputerNamesList
/list
by a specified computer.
Enter the name of the computer that you want the event log
filter to monitor.
You can also use the following new pconfig variables to
configure or to view the names of the computers that you want
the event log filter to monitor:
/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/Event
LogMonitoring/eventLog/EventFilters/filterName/Comput
erNamesList/list lists the names of the computers you
provided when creating the filter.
/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/Event
LogMonitoring/eventLog/EventFilters/filterName/Include
AllCompList indicates whether all computers are
monitored.
You can use the FilterDisableCase pconfig variable to disable

case sensitivity for the computer names. The pconfig variable
contains a field or bit for computer name.
Turning off an event filter

You can temporarily turn off an event filter and then turn it back on at a later time. To
turn an event filter on or off, edit the agent configuration variable FilterEnabled.
To turn off an existing event filter

1 Using the PATROL Configuration Manager or the pconfig utility, access the
following agent configuration variable:
/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config//EventLogMonitoring/ event
log/EventFilters/filter/FilterEnabled
where filter represents the name of the event filter
2 Change the value of the FilterEnabled variable to 0.

The event filter is disabled. It is no longer discovered and does not collect events. To
turn the filter back on, change the value of the FilterEnabled to 1.
116
Configuring service monitoring

By default, PATROL monitors the availability of all system services except those
whose startup type is disabled. You can change the monitoring properties of the
monitored services or add other services to monitor. Table 22 shows you how the KM
monitors each startup type by default.
Table 22
Default service monitoring flags
Startup type
Auto restart
Alarm
Automatic
Manual
Disabled
To change the default settings for services, choose the Configure Service Monitoring
menu command from a Services application instance to perform the following tasks:
To add services to the list of monitored services, choose the Configure Service
Monitoring => Add Service menu command.
To remove services to the list of monitored services, choose the Configure Service
Monitoring => Remove Service menu command.
To configure monitored services, choose Configure Service Monitoring => Configure

Service menu command.
By default, the Windows KM monitors all services with startup type as automatic or
manual.
If you want to monitor a disabled service, add the service by using the Configure
Service Monitoring => Add Service menu command. The Monitor pconfig variable
for the service is set to 1.
If you add a disabled service and later remove the service by using the Configure
Service Monitoring => Remove Service menu command, the Monitor pconfig
variable is not set to 0. However, the removedServiceList pconfig variable is
updated to contain this particular service.
Thus, Windows KM monitors a service only if the Monitor pconfig variable for the
service is set to 1 and the service is not included in the list of the removedServiceList
pconfig variable.
Chapter 3
117
Service monitoring options

When you select the Configure Service Monitoring => Configure Service menu
command, after you select the service you want to configure, you are presented with
the monitoring options. Table 23 provides you with names, descriptions, and default
values for these options, and the configuration variable associated with each option.
Table 23
Service monitoring options

Default
(yes/no)
Configuration
variable
Option
Description
Restart service
when stopped
Yes
If you select this option, PATROL automatically
attempts to restart the service when it is stopped (only
for services with a startup type of Automatic). To use
this option, you must also select the option Generate
a PATROL Alarm/Warn when the service is
stopped.
AutoRestart
Generate a
PATROL
Alarm/Warn
when the service
is stopped
Yes (Alarm)
By default, when a service is stopped, PATROL
generates an Alarm. However, for a particular service,
you can specify a Warning instead. This feature is
only for services with a startup type of Automatic.
WarningAlarm
Enable process
monitoring for
this service
By default, PATROL monitors only whether services No

are available. To monitor how much memory and
CPU a service executable consumes, you must enable
process monitoring for the service. When you enable
process monitoring, PATROL monitors the service
executable process and displays the monitored
process beneath the NT_SERVICE application.
MonitorProcess
Use specified
command to
check status of
non responsive
service
This feature is available for advanced users who have No

developed custom executables that can determine the
status of a service.
MonitorNotResp
ond
118
If you provide such an executable, the value returned

by the executable is assigned to the
SvcNotResponding parameter. To ensure that an
alarm is generated when the service is not responding,
you must set the alarm ranges for the
SvcNotResponding parameter to correspond to the
appropriate value returned by the executable. For
example, if the executable returns the value 1 when
the service is not responsive, enable the
SvcNotResponding Alarm2 as an Alarm and set the
alarm range as 1 to 1.
Ensuring that services are restarted as desired

If the services that you are monitoring are not restarted by PATROL as desired,
determine the values of the agent configuration variables that affect whether a service
is restarted when it goes down. Table 24 shows the possible combinations of values
for these variables and how each combination causes PATROL to restart (yes) or not
restart (no) a monitored service when it goes down.
Table 24
Configuration variable and service restart: combinations
Service configuration variable
Possible values
DisableServiceRestart (global)
AutoRestart (local)
OverrideGlobalServiceRestart (local)
Service is restarted? (yes/no)
No
No
Yes
Yes
No
No
No
Yes
For more information about these configuration variables, see Appendix B, Agent
configuration variables and rulesets.
Configuring process monitoring

This procedure describes how to configure PATROL to monitor processes. By default,
PATROL does not monitor any processes. When configuring monitoring for a specific
process, you can use the methods shown in Table 25.
Table 25
Process monitoring options
Method
When to use
Manual process monitoring
You want to select or specify the processes to monitor and

you want to customize how PATROL monitors them.
Automatic process monitoring
You want to monitor a process only if it exceeds a

specified CPU utilization percentage.
Chapter 3
119
Using regular expressions

When configuring the monitoring of processes, you can use regular expressions to
specify the process name only. A regular expression is a sequence of any of the
following items:
literal character
matching character
repetition clause
alternation clause
sub pattern grouped with parenthesis
Table 26 provides an overview of the regular expression syntax.

Table 26
Regular expression syntax
Symbol
Description
matches any character; used as a wildcard when creating a search string
matches zero or more instances of the previous pattern item
matches one or more instances of the previous pattern item
matches zero or one instances of the previous pattern item
()
groups sub pattern; repetition and alternation operators apply to the entire
preceding sub pattern
allows for alternation of a pattern

For example, to match Hello or hello in a string, the regular expression should
read: Hello|hello.
[]
delimits a set of characters; the range is specified as [x-y]

If the first character in the set is ^, there is a match only when the remaining
characters in the set are not present.
anchors the pattern to the beginning of the string; this character must be the first
character in the set
anchors the pattern to the end of the string; this character must be the last
character in the set
To configure manual process monitoring

1 Access the NT_PROCESS application menu (labeled Processes) as described in
Accessing KM commands and InfoBoxes on page 216, and choose the KM menu
command Configure Manual Process Monitoring => Add Process.
2 Select (highlight) the process that you want to monitor, or if the process is not
currently running, enter the process name and any appropriate command-line
arguments.
120
You can enter the process name using a regular expression. For more information
about regular expressions, see Using regular expressions on page 120.
3 Select the Select the process(es) using a regular expression for monitoring check box.
PATROL KM for Microsoft Windows adds all the processes for monitoring that
contain the name of the selected process.
However, if you do not select this check box, PATROL KM for Microsoft Windows
adds only the selected process instances for monitoring.
TIP
If you are specifying a process name and you want to ensure that only that specific process
is monitored (and not other processes that have that process name as part of their name),
use the ^ and the $ regular expression characters to enclose the process name, as shown
below.
^processname$
For more information about using regular expression characters, see Using regular
expressions on page 120.
NOTE
If you enter multiple regular expressions that match the same process, multiple process
instances are created for that process.
WARNING
When entering the process name, omit the extension. For example, enter processname
argument. Do not enter processname.exe.
Example: svchost -k rpcss
In addition, when entering a process whose name includes special characters that are used
in regular expressions, such as a dollar sign ($), or a period (.), you must escape each
special character with a slash. For example, if the process name is $abc.exe, you must enter
the process name as \$abc.
4 Select one of the following options:
monitor the process(es) only when it is running with the command line
arguments shown
monitor any occurrence of the selected process(es), regardless of the

command-line arguments
5 Click Apply.
Chapter 3
121
PATROL performs the following actions:
The processes you selected are removed from the list of running processes and
are added to the list of monitored processes that are shown on the left pane of
the Configure Process Monitoring window.
The processes you selected are added to the PATROL console, beneath the
NT_PROCESS application (labeled Processes).
The PATROL Agent begins monitoring the process.
To configure how the process is monitored and managed, see To configure

process control on page 123.
You can also perform the following functions using the Configure Manual Process
Monitoring menu command:
To stop monitoring a process, select Configure Manual Process Monitoring =>

Remove.
To modify a monitored process, select Configure Manual Process Monitoring =>

Process Settings.
To configure automatic process monitoring

command Configure Automatic Process Monitoring.
2 Change the length of time specified for high CPU utilization.

PATROL defines high CPU utilization as a value higher than 90% or the value
specified by the agent configuration variable AlarmThreshold. To use a different
threshold percentage, you must create or update the AlarmThreshold agent
configuration variable.
To disable this feature, enter any negative number in this dialog box.
3 Click Apply.
When any process consumes high CPU for a period longer than what you
specified, PATROL begins monitoring the process and adds the process to the
PATROL console, beneath the NT_PROCESS application (labeled Processes).
122
If a problem occurs
If the Processes folder is not displaying or it does not contain any processes, check the
annotation of _DiscoveryStatus and _CollectionStatus parameters of the NT_OS
application class.
To disable automatic process monitoring

To disable automatic process monitoring and monitor only the processes you
specifically select, follow this procedure.

command Configure Automatic Process Monitoring.
2 For the length of time specified for high CPU utilization, enter any negative
number.
3 Click Apply.
To configure process control
Accessing KM commands and InfoBoxes on page 216 and choose the KM menu
command Configure Process Monitoring.
2 From the Configure Process Monitoring window, select the monitored process that
you want to configure.
3 Select the appropriate options, described in Table 27 on page 124, and then click
Apply.
Chapter 3
123
Table 27
Process control options

Default
(yes/no)
Configuration
variable
No
StartupCommand
Option
Description
Restart the process using

the specified command
when the process is
stopped
If you check this option, you must supply the

path to an executable that restarts the process
and you must include any appropriate
command-line arguments.
Terminate the process

when the process CPU%
utilization exceeds the
defined PATROL
threshold
If you check this option, PATROL terminates the No

process when it appears to be in a run away
state. This state is defined by the following
criteria:
the CPU% utilization exceeds the threshold

specified by the agent configuration variable
AlarmThreshold. For more information
about this variable, see AlarmThreshold
on page 221.
the process exceeds this threshold for the

specified length of time
TimeLimitForKillR
unAwayProcess
When the process exceeds the threshold for the

specified length of time, the process is
terminated during the next collection cycle,
whose scheduling is determined by the
parameter PROCProcessColl. By default,
PROCProcessColl collects data every 5 minutes.
Generate a PATROL Alarm If you select this option, the PATROL
Yes
when the process is
NT_PROCESS parameter PROCStatus enters an
terminated
alarm state when the process is terminated.
EnableAlarmIfProc
essDown
Generate a PATROL Alarm If you select this option, the PATROL

No
when the process is started NT_PROCESS parameter PROCStatus enters an
alarm state when the process is started.
EnableAlarmIfProc
essStarts
124
Creating custom parameters

This topic describes how to create composite parameters, which are parameters
whose values are dependent on one or more existing PATROL parameters.
Before you begin

Composite parameters give you the capability to create parameters whose values are
dependent on one or more existing PATROL parameters. You can then use PATROL
alarm settings and recovery actions on the newly created parameters in the same way
that you use alarm settings and recovery actions on other parameters.
You can enter and edit composite parameter expressions manually or by using the
expression entry wizard.
To create custom parameters using the expression entry wizard

1 Access the NT_CompositesColl application menu as described in Accessing KM
commands and InfoBoxes on page 216, and choose the KM menu command
Create Expressions.
2 From the Create Expressions dialog box, enter a name for the expression
(parameter).
3 Follow the instructions provided in the wizard. For more information, click the
Help button.
After you complete the wizard, the new composite parameter is displayed on the
console beneath the NT_Composites application (labeled Composites).
Viewing event logs

1 Access the NT_EVENTLOG application menu (labeled Windows Events) as
described in Accessing KM commands and InfoBoxes on page 216, and choose
the KM menu command Windows Event Viewer.
The Windows Event Viewer dialog box is displayed.
2 Select the type of event log to be viewed.

3 Click View.
The Windows Event Viewer dialog box displays the latest 100 events associated
with the selected event log type.
Chapter 3
125
4 From the Select Event Range list, select the range for the number of events to
display.
The details of the latest events are displayed in the Windows Event Viewer dialog
box, as described in Table 28.
NOTE
For optimizing performance of event retrievals, the Windows Event Viewer dialog box
displays a maximum of 100 events at a time. By default, the Windows Event Viewer dialog
box retrieves the latest 100 events for the selected event type. If you select the range for the
events, the Windows Event Viewer dialog box retrieves the latest events for the selected
event type, based on the range.
5 To view details pertaining to a particular event, select the event in the Windows
Event Viewer dialog box and click View.
Table 28
Event details displayed in the Windows Event Viewer dialog box
Field
Description
Type
type of the event
126
Warning
Information
Error
Success audit
Failure audit
Other
Date
date of the event
Time
time stamp of the event
Source
application that triggered the event
Event
ID for the event
Category
category of the event
User
user account from which the event is generated
Computer
computer from which the event is generated
Configuring Blue Screen monitoring

You can configure the KM for blue screen monitoring. The product looks for the crash
Dump file as well as the event (ID 6008) for detecting Blue Screen.
To configure Blue Screen monitoring

1 Access the NT_BSK application menu as described in Accessing KM commands
and InfoBoxes on page 216, and choose the KM menu command Configure Blue
Screen Monitoring.
2 Select either of the three options:
Event (ID 6008) to monitor only the 6008 event id.
Crash Dump to monitor only the crash Dump.
Default to monitor crash dump or event as per registry configuration.
Notifying when disks are not present

PATROL KM for Microsoft Windows provides information about physical and
logical disks that are no longer present.
The PDStatus parameter goes into an alarm state when a physical disk is removed,
and it provides you the name of the removed disk.
The LDStatus parameter goes into an alarm state when a logical disk is deleted,
and it provides you the name of the deleted disk.
The RemovedPDList variable provides a list of the removed physical disk

instances.
The DeletedLDList variable provides a list of the deleted logical disk instances.
To acknowledge the alarms

1 Access the NT_PHYSICAL_DISK_ CONTAINER and the NT_LOGICAL_DISK_
CONTAINER applications menu as described in Accessing KM commands and
InfoBoxes on page 216.
2 Choose the Acknowledge KM menu command.

This allows you to acknowledge the alarms issued by the PDStatus and LDStatus
parameters.
Chapter 3
127
Configuring recovery actions
Providing nonaggregate values for a drive instance

The following parameters under the NT_LOGICAL_DISKS application class by
default provide the aggregate values of a particular drive and all of its mount drives:
LDldFreeSpacePercent
LDldFreeMegabytes
LDldDiskSpaceUsed
You can use the NonAggregateParamValue variable to change these parameters, so

that they do not consider the mount points on a particular drive instance. This
variable is located at
PSX_P4WinSrvs/PWK_PKMforMSWinOS_config/LogicalDiskMonitoring/NonAggregate
ParamValue.
The following values are valid:
1 = values shown for a particular drive instance do not consider the mount drives
0 = value shown is an aggregate of a particular drive instance and all of its mount
drives

This task describes how to configure the PATROL for Windows Servers built-in
recovery actions, which are corrective actions taken by PATROL when a parameter
reaches a set value or is in a warning or alarm state.
About recovery actions

For the sake of discussion, the recovery actions that you define in the KM using the
PATROL console are referred to as PATROL native recovery actions. The following
sections explain the differences between PATROL native recovery actions and
PATROL KM for Event Management recovery actions.
PATROL native recovery actions

When you define PATROL native recovery actions in the PATROL console, you
associate the recovery actions with alarm and border ranges. These recovery actions
run when the PATROL parameter value enters the specified range. The parameter
may be in an OK, WARN, or ALARM state when the recovery action runs, depending
on how you configure the parameter.
128
PATROL KM for Event Management recovery actions

Unlike PATROL native recovery actions, the PATROL KM for Event Management
Recovery actions run only when a parameter changes status. For example, when a
parameter goes from an OK state to a WARN or ALARM state, or even when a
parameter goes from an ALARM to an OK state.
If you do not want the parameter to alarm until recovery actions have been
attempted, you must use PATROL native recovery actions, rather than PATROL KM
for Event Management recovery actions. However, you can use both types. For
example, you could define PATROL native recovery actions and specify that the
parameter enters a WARN or ALARM state only after all recovery actions fail. Then
you could create a PATROL KM for Event Management recovery action that runs
only if the PATROL native recovery actions fail.
For more information about using PATROL KM for Event Management recovery
actions, see the PATROL KM for Event Management User Guide.
Built-in native recovery actions

The following built-in recovery actions, associated with the specified parameter, are
provided by default with PATROL for Microsoft Windows Servers.
Table 29
Built-in recovery actions (Part 1 of 3)

Description
Runs
automatically?
Recovery action
Parameter
Backup and Clear Event

Log
NT_EVLOGFILES\ELMEvFileF Backs up the event log file

reeSpacePercent
and clears all events.
Yes
NT_HEALTH\WMIAvailability Restarts the WINMGMT

service when PATROL
determines that it is
unavailable.
Yes
NT_LOGICAL_DISKS\LDldFre Clears the temp directory.

eSpacePercent
No
(PATROL KM for
Microsoft Windows OS)
Start Windows
Management
Instrumentation Service
Check
(PATROL KM for
Clean Temporary
Directories
(PATROL KM for
Chapter 3
129
Table 29

Runs
automatically?
Recovery action
Parameter
Description
Terminate Process
NT_PROCESS\PROCProcessor
TimePercent
Attempts to stop a runaway

process.
No
NT_PROCESS\PROCStatus
Attempts to restart the

process.
Yes
(PATROL KM for
Restart Process
(PATROL KM for
Restart Service
Note: The process is

restarted under the PATROL
Agent default account, even
if the process was previously
started under a different
account.
NT_SERVICES\ServiceStatus
Attempts to restart the

service.
Yes
(PATROL KM for
NT_REMOTE_SERVERS\MsPat Attempts to restart the
Restarting a PATROL
PATROL Agent on the
Agent on a remote server rolAgentStatus
remote machine after
recovery action
alarming for 2 collection
cycles.
(PATROL KM for
Windows Domain)
Increase connections to
DFS root recovery action
(PATROL KM for
Windows Domain)
NT_DFS_ROOT\DfsConnection Increases the connection

Percent
share limit to DFS Root after
alarming for 2 collection
cycles.
No
No
NT_WINS_PARTNER\WpRepli Cleans up the WINS

No
Replication Failure:
database after alarming for 2
Initiate WINS Scavenging cationFailures
collection cycles.
(PATROL KM for
Windows Domain)
130
Table 29

Runs
automatically?
Recovery action
Parameter
Description
Increase connections
allowed to share
NT_Shares\ShConnPercent
Increases the share

connection limit after the
ShConnPercent parameter
alarms for 2 consecutive
collection cycles.
No
PATROL_NT\PAWorkRateExec sets the scheduling policy

sMin
value to 9 (Schedule Force
Delta and Schedule From
End).
Yes
(PATROL KM for
Windows Domain)
PAWorkRateExecsMin
Recovery Action
(PATROL KM for
When the parameter goes out

of the alarm state, the
scheduling policy value
returns to the default value
of 1.
Chapter 3
131
Configuring built-in native recovery actions

This section describes how to configure the built-in native recovery actions.
Before you begin

The recovery actions that are available to be configured depend on the KMs that you
have loaded.
To configure recovery actions

1 Access the host application menu as described in Accessing KM commands and
InfoBoxes on page 216 and choose the KM menu command Configure Recovery
Actions.
2 From the list of recovery actions, highlight the desired recovery action and click
Accept.
3 From the list of recovery action instances, highlight the instance and click Edit. For
information about which instance to select, see Table 30.
Table 30
Selecting a recovery action instance
Purpose
Recovery action to select
configure the recovery action for a specific

instance (for example, a monitored process)
the recovery action instance that displays

the name of the application instance in
the INSTANCE column
configure the recovery action for all instances (for the recovery action that displays an
example, all monitored processes)
asterisk (*) in the INSTANCE column
4 From the Edit Recovery Action dialog box, choose from the settings described in
Table 31 on page 132.
Table 31
Recovery action configuration options (Part 1 of 2)
Setting
Description
Run automatically
If you select this mode, PATROL runs the recovery

action automatically, without prompting you.
Run only with

If you select this mode, PATROL prompts you
operator confirmation before running the recovery action.
Note: If you select this option, be sure to keep a
console connected to the PATROL Agent on the
managed machine. If you have no console
connection, PATROL is unable to prompt you.
132
Configuration
variable
Mode
Mode
Configuring e-mail notification
Table 31
Recovery action configuration options (Part 2 of 2)

Configuration
variable
Setting
Description
Do Not Execute
If you select this mode, PATROL does not perform

the recovery action.
Mode
Suspend Recovery
Action
If you select this option, PATROL temporarily

pauses the recovery action. When you resume the
recovery action (by deselecting this check box), the
previous settings take effect.
Suspend
Attended Mode
Dialog Timeout
If the recovery action is configured in Run Attended Wait

mode, this setting specifies the amount of time
PATROL waits for confirmation to run the recovery
action. If you do not provide confirmation within the
allotted time, PATROL does not run the recovery
action.
NOTE
For more information about the recovery action and its configuration options, click the
Help button.
5 To save your changes, click Accept.

If a problem occurs
If you experience a problem when configuring recovery actions, see Recovery action
problems on page 211.

With the PATROL KM for Event Management, you can configure PATROL to send
e-mail or pages when a PATROL parameter enters an alarm state. This section
describes how to configure the PATROL KM for Event Management to send an
e-mail notification.
NOTE
The PATROL KM for Event Management also provides you with the ability to configure other
types of notification, such as trouble-tickets or other custom alerts. You can also use it to
forward events to an enterprise console. For more detailed information about the functionality
provided by the PATROL KM for Event Management, see the PATROL KM for Event
Management User Guide.
The e-mail notification configuration steps are shown below:

Chapter 3
133
1. Define the notification script and edit as necessary.

2. Define the notification servers.
3. Assign notification servers to the remote agents.
4. Define notification targets for PATROL alerts.
Using notification scripts

The PATROL KM for Event Management provides sample notification scripts that
call command-line utilities to initiate notification (such as e-mail and page). This
section describes the Windows sample scripts, their locations, requirements for use,
and editing requirements. On Windows, the following script options are available:
a Windows batch file that you must edit before use, which can send any of the
following types of notification:
SMTP e-mail message by means of a Visual Basic (VB) script (provided)
MAPI e-mail message by means of a Visual Basic (VB) script (provided)
SMTP e-mail message by means of Blat (not provided)
Blat is a free command-line e-mail client, that you can download from the Web.
You can also use any other SMTP-based, command-line e-mail client if you edit the
batch file accordingly. For more information, see Editing scripts on page 136.
Perl script that sends e-mail notification by means of Blat
NOTE
The PATROL for Microsoft Windows Servers has been tested with Blat version 1.7.
Default script location on Windows

The Windows scripts are located in the %PATROL_HOME%\lib\psl\ directory and
are named as shown in Table 32.
134
Table 32
Notification script location on Windows
Script
Name
Batch File Script
AS_EVSLocalAlertNotify.bat
SMTP VB Script
sendmail.vbs
This VB script is called from AS_EVSLocalAlertNotify.bat. This
script uses an ActiveX control.
MAPI VB Script
send_mapi.vbs
This VB script is called from AS_EVSLocalAlertNotify.bat. This
script uses an ActiveX control.
Perl Script
AS_EVSLocalAlertNotify.pl
Script requirements
To use these Windows scripts, the server sending the notification must meet the
requirements shown in Table 33 on page 135.
Table 33
Requirements for notification server when using Windows e-mail clients
Script
Requirement
Batch File Script
If Blat is installed in a directory other than C:\Blat, you must move Blat
to this directory or edit AS_EVSLocalAlertNotify.bat to execute Blat
from the directory where it is installed.
Perl Script
The Perl script assumes the use of Blat. If Blat is installed in a directory
other than C:\Blat, you must move Blat to this directory or edit the Perl
script, AS_EVSLocalAlertNotify.pl, to execute Blat from the directory
where it is installed.
Associate the .pl extension with Perl. Otherwise, you must call the script
using the following syntax:
perl C:\PATROL3-4\lib\psl\AS_EVSLocalAlertNotify.pl
SMTP VB Script
The SMTP service must be running.
MAPI VB Script
Microsoft Outlook must be installed.
Chapter 3
135
Editing scripts
Before using the sample scripts, you must edit them.
Editing the Windows batch file

If you use AS_EVSLocalAlertNotify.bat, remove the REM comments from the mail
client that you want to use. The script provides sections for MAPI-based e-mail,
SMTP-based e-mail, and Blat. For example, to use Blat, in the script shown below,
remove the REM comments beginning with the line that starts with set and ending
with the line that reads goto BYE.
:EMAIL
rem -rem -- BLAT based eMail
rem -rem set email_file=c:\blat\mtext%AS_PARAMETER_NAME%_%AS_SSTIME%.txt
rem if ."%AS_USERDEFINED%"==."" echo "%nmsg%" > %email_file%
rem if not ."%AS_USERDEFINED%"==."" echo "%AS_USERDEFINED%" > %email_file%
rem if .%email_file%==. set email_file=c:\blat\default.txt
rem if exist c:\blat\blat.exe c:\blat\blat %email_file% -t %ntargets% -s %nmsg%
rem goto BYE
If you use a third-party command-line e-mail client or if you want to use the script to
perform other types of notification, such as paging or trouble tickets, you must add
the code to the script that calls the e-mail client or appropriate notification utility.
Editing Perl script for use on Windows

On Windows, you must edit the Perl script before you can use it to send e-mail
notifications with Blat. Find the following line in the Perl script and remove the
comment (# ):
#system("c:\\blat\\blat.exe $email_file -t \"$ntargets\" -s \"$nmsg\"");
Editing the SMTP VB script

To use the SMTP VB Script (sendmail.vbs), you must edit the script to add the
following information:
name of the e-mail server

the SMTP server port
Add this information in the script as shown below.
136
' Enter the Mail Server name [FQDN/IP Address]

iConf.Fields("http://schemas.microsoft.com/cdo/configuration/smtpserver") ="mail.bmc.com"
' Enter the SMTP Server Port number
iConf.Fields("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25
Editing scripts when using Blat

If you use Blat and Blat is not installed in the C:\Blat directory, you must edit the
script to indicate the appropriate path.
Before you can use PATROL for Microsoft Windows Servers, you must gather
information and plan your configuration. You should gather the following
information:
which servers will send notifications (act as notification servers)

to whom e-mail or paging notifications are sent (targets)
which servers will monitor the notification servers for availability
which notification servers will be monitored for availability
where to place notification rules (notification server or monitored agent)
Defining notification servers

A notification server is the managed system that performs notification and event
collection on behalf of other PATROL Agents.
Why use a notification server?

With a notification server, you can centrally manage your event filtering and
notification rules. For example, if you need to modify a notification script or change
notification rules, you make the change only on the notification servers and not on
each agent.
Notification servers also provide redundancy when you use a primary and backup
notification server.
Using primary and backup notification servers

To ensure availability, you should assign both a primary and a backup notification
for each remote agent. A notification server could be a primary notification server for
some remote agents and a backup notification server for other remote agents. Hence,
a server that acts as a backup notification server does not need to be idle.
To assure availability in critical environments, the backup notification server should
be on a separate machine and network segment.
Chapter 3
137
Once you have configured a primary and backup notification server, you can use the PATROL
Configuration Manager to copy the settings to the other notification servers. If you use this
method, make sure that you use the same notification script file name and directory path on
all notification servers.
Notification server connectivity

When identifying a notification server, make certain that there are no connectivity
problems between the notification server and the agents that it serves.
Providing security
To improve security, create an operating system account on the notification server
systems to be used specifically for remote notification. This configuration avoids
having to use the PATROL login, which may be common throughout your
environment. You can configure the notification server so that it is unable to fully
login to the notification server system by using the operating system. For example, on
UNIX, give the notification server login an invalid login shell, such as /bin/false.
Configuring a notification server

This section describes how to configure a server as a notification server.
To configure a notification server

1 From the PATROL console, access the managed system you are using as your
notification server and display the KM menu commands as described in
Accessing KM commands and InfoBoxes on page 216.
2 Choose the KM menu command Event Management => Quick

Config => Notification Server.
The Quick Config - Notification Server dialog box opens.
138
3 Use the Quick Config - Notification Server dialog box to specify the notification
server properties. These properties are described in Table 34:
Table 34
Quick Config - Notification Server dialog box properties
Property
Description
Default Email Account
the default e-mail address (notification target) that receives

e-mails when an object goes into an alarm or warning state
All events for PATROL objects that do not have defined
notification targets are sent to this e-mail address.
If you do not want any notifications sent until you configure
notification for specific PATROL applications or parameters, enter
NONE as your default e-mail account or leave this field empty.
Notification Command
the complete path and filename of the notification script or

command used to send notifications
Perform Alert Test
specifies whether you want to perform an alert test after the

changes are accepted
If this is your first time using the PATROL for Microsoft Windows
Servers, you should perform an alert test and verify that the
notifications are received.
4 Define the notification server properties and click Accept.

5 Repeat this task for the server you are using as the backup notification server.
Chapter 3
139
Assigning notification servers for the remote agents

You should assign a notification server for each remote agent that will generate
notifications. Assign both a primary and a backup notification server.
NOTE
Notification servers are not required. Remote agents can send their own notifications.
However, there are considerable benefits to using notification servers. For more information,
see Why use a notification server? on page 137.
Before you begin

You should configure and test the notification servers before configuring the remote
PATROL Agents served by the notification servers.
NOTE
You must use the PATROL KM for Event Management to complete this task. This
functionality is not available in PATROL Configuration Manager. However, once you
configure one notification server, you can use the PATROL Configuration Manager to copy
your configuration to other notification servers. The configuration settings are stored in the
following variables:
AS/EVENTSPRING/NOTIFICATION_SERVER1.defaultAccount (primary)
AS/EVENTSPRING/NOTIFICATION_SERVER2.defaultAccount (backup)
AS/EVENTSPRING/NOTIFICATION_SERVER1 (primary)
AS/EVENTSPRING/NOTIFICATION_SERVER2 (backup)
To assign notification servers to remote agents

1 From the PATROL console, access the remote agent menu commands, as described
in Accessing KM commands and InfoBoxes on page 216.
2 Choose the KM menu command Event Management => Quick Config => Remote
Agent.
The Notification Server Settings dialog box opens.
3 Click PRIMARY NOTIFICATION SERVER SETTINGS.

The Primary Notification Server Settings is displayed.
4 Use the Primary Notification Server Settings dialog box to specify the properties of
the primary notification server for the managed system. The properties are
described in Table 35 on page 141.
140
Table 35
Notification server properties
Property
Description
Notification Server Hostname the hostname or IP address of the primary notification server
for the selected managed system
To avoid DNS resolution problems, use the IP address.
Notification Server Agent
Port
the port number of the notification server that the selected

managed system will use
Notification Server User

Name
the user name that the selected managed system will use to
connect to the notification server
Notification Server Password the password that the selected managed system will use to
connect to the notification server
Verify Password
verify the password that the selected managed system will

use to connect to the notification server
Make Connection Persistent
indicates that the remote agent maintains a persistent

connection with the notification server agent so that the
remote agent does not need to create a new connection each
time it sends an event to the notification server
5 Define the primary notification server properties, and click Accept.

6 Click BACKUP NOTIFICATION SERVER SETTINGS.
Use the Backup Notification Server Settings dialog box to specify the properties of
the backup notification server for the managed system. The properties are
described on Table 35.
7 Enter the backup notification server properties, and click Accept.

8 Repeat this task for each remote agent.
Use the PATROL Configuration Manager to quickly configure all remote agents at one time.
See the PATROL Configuration Manager User Guide for more information about the PATROL
Configuration Manager.
Chapter 3
141
Assigning notification targets for a PATROL alert

You should set up specific targets for the PATROL for Microsoft Windows Servers
notifications to ensure that the proper people are notified when alerts occur. The
following procedure describes how to set the notification target for a parameter alert.
To assign notification targets

1 From the PATROL console, access the host KM menu commands, as described in
2 Choose the menu command Event Management => Alert Settings => Notification
Targets => Email => Local Targets ANY STATUS => Set For Parameters.
3 Select the application class of the parameter and click Accept.

4 Select the application instance of the parameter and click Accept.
5 Select the parameter and click Accept.
6 Enter the e-mail address of the target for this alert and click Accept.
You can set other types of notification targets using the same procedure, but you
choose a different menu command in Step 2. For example, Paging instead of Email.
If a problem occurs
If you have problems configuring e-mail notification, see the PATROL KM for Event
Management User Guide. This document contains detailed configuration instructions,
usage scenarios, and troubleshooting information.
142
Configuring the PATROL KM for Microsoft Active Directory

Active Directory
Replication monitoring within the configuration naming context is not enabled by
default.
To enable replication monitoring within the configuration naming context, create and
set the /ActiveDirectory/Configuration/ReplMonConfigNC configuration (pconfig)
variable.
Simultaneous replication monitoring of both the configuration and domain naming
context is supported, but not required.
To disable replication monitoring of the domain naming context, create and set the
/ActiveDirectory/Configuration/ReplMonDomainNC configuration (pconfig)
variable.
For inter operability with previous releases of the KM, replication monitoring of the
domain naming context must be enabled (the default).
PATROL uses the same parameters to monitor configuration naming context
replication as it uses to monitor domain naming context replication. The alarm
annotations report the following:
replication context
names of the domain controllers that failed to replicate or that did not replicate in a
timely manner
For example:
Replication Context: CN=Configuration,DC=cookies,DC=inc
Domain controllers that failed to replicate data to the local domain controller:
chocolate.factory.cookies.inc
lemon.factory.cookies.inc
pecan.cookies.inc
Replication Context: DC=factory,DC=cookies,DC=inc

Domain controllers that failed to replicate data to the local domain controller:
lemon.factory.cookies.inc
Chapter 3
143
Configuring PATROL Wizard for Microsoft Performance Monitor and WMI
Configuring PATROL Wizard for Microsoft

The PATROL Wizard for Microsoft Performance Monitor and WMI allows you to
quickly create your own parameters based on Microsofts Performance Monitor
(PerfMon) counters or Windows Management Instrumentation (WMI) data. You may
want to create a new parameter if you are interested in monitoring something for
which no PATROL parameter currently exists.
The tasks associated with the PATROL Wizard for Microsoft Performance Monitor
and WMI are listed in Table 33 on page 135.
Table 36
PATROL Wizard for Microsoft Performance Monitor and WMI Tasks
Task
Page
Loading the PATROL Wizard for Microsoft Performance Monitor and WMI
144
Creating performance monitor parameters
145
Setting alarm thresholds
146
Creating WMI parameters
146
Loading the PATROL Wizard for Microsoft Performance

Monitor and WMI
Before you can create new parameters by using the PATROL Wizard for Microsoft
Performance Monitor and WMI, you must load the KM files on your PATROL
console.
Load the NT_PERFMON_WIZARD.kml file as described in the Loading the PATROL
for Microsoft Windows Servers KMs on page 93.
The Performance Monitor Wizard and WMI Wizard application icons appear in the
console.
NOTE
After you have created new parameters on a particular PATROL Agent, other PATROL
console users will not be able to see the new parameters that you created until they load the
NT_PERFMON_WIZARD.kml file.
144
Creating performance monitor parameters

With the Performance Monitor Wizard, you can create new, user-defined parameters
based on Microsoft Performance Monitor counters.
1 Access the Performance Monitor Wizard application menu as described in

2 Choose the Create Parameter menu command to display the Create Performance
Monitor Parameter dialog box.
3 From the Select Performance Object to monitor dialog box, choose a Performance
Object from the list, and click Next.
Counters and instances for the selected performance object display in the Available
Counters and Available Instances tables.
4 Select the counters you want to monitor from the Available Counters table by
clicking the counter names.
Selected counters appear highlighted.
5 Select the instances you want to monitor from the Available Instances table by
clicking the instance names.
Selected instances appear highlighted.
6 Click Create to display the Select Performance Object to Monitor dialog box.
7 Click Done to create the parameters.
The dialog box closes and PATROL creates your new parameters.
If you want to create new parameters over again, click Next. Continue with step 3.
Chapter 3
145
Setting alarm thresholds

1 From the created parameters, choose the Set Alarm Thresholds menu command to
display the Set Alarm Thresholds dialog box.
2 Set a border range for an alarm or warning in the following fields, for the
parameters that need thresholds:
Border Minimum
Type the lower-bound warning value in the Warning Minimum field.

Type the lower-bound alarm value in the Alarm Minimum field.
Border Maximum
Type the upper-bound warning value in the Warning Maximum field.

Type the upper-bound alarm value in the Alarm Maximum field.
3 Click OK.
If a problem occurs
When monitoring a Performance Monitor counter whose value is normally less than
1, you cannot specify meaningful alarm ranges since alarm ranges must be integers.
However, you can customize the parameter so that the value displayed in PATROL is
an integer.
Creating WMI parameters

With the WMI Wizard, you can create new, user-defined parameters based on WMI
data.
1 Access the WMI Wizard application menu as described in Accessing KM

commands and InfoBoxes on page 216.
2 Choose the Create Parameter menu command.

3 In the WMI Wizard dialog box, type a name for the WMI-based parameter you
want to create in the Parameter Name field.
4 Type a valid statement in the Enter a WQL Query field.

The query must return a numerical value.
146
EXAMPLE
select NumberOfProcesses from Win32_OperatingSystem
or
select CurrentSize from Win32_Registry
For WMI classes that begin with Win32_PerfRawData, the query must return a
number for a single WMI property. For more information, see WMI queries for
the WMI classes that begin with Win32_PerfRawData on page 148.
EXAMPLE
select VirtualBytes from Win32_PerfRawData_PerfProc_Process where Name=Idle
5 Select the Formatted Data check box to normalize and display formatted
performance data.
NOTE
You can select this check box only for Win32_PerfRawData WMI classes. See
Performance counters supported through Win32_PerfRawData WMI class on page 148.
6 In the Scaling Factor text box, enter a value between 0 and 2147483647 to scale down
values that cannot be directly set to parameters, such as WMI queries that return
64-bit integer values.
EXAMPLE
If you specify the Select CommittedBytes from Win32_PerfRawData_PerfOS_Memory
WMI query for a parameter specific to memory, enter a scaling factor of 1024. Thus, the
returned value is divided by the specified scaling factor.
Similarly, if the parameter is specific to time, you can enter a scaling factor of 1000 to
convert a return value in milliseconds to seconds.
NOTE
By default, the scaling factor is 1. For 64-bit performance counters, if the return value of the
WMI query is greater than 32-bit, you must scale down the values to get appropriate
results.
7 Click Next to set alarm thresholds for the parameter that you are creating.
The Set Alarm Thresholds dialog box is displayed.
Chapter 3
147
8 For the parameter that needs warning and alarm thresholds:
Type the lower-bound warning value in the Warning Minimum field.

Type the upper-bound warning value in the Warning Maximum field.
Type the lower-bound alarm value in the Alarm Minimum field.
Type the upper-bound alarm value in the Alarm Maximum field.
9 Click Create to create the parameter according to the SQL Query that you entered
and close the dialog box.
10 Click Done to create the parameters.

The dialog box closes and PATROL creates your new parameters.
If you want to create new parameters over again, click Next. Continue with step 7.
Performance counters supported through

Win32_PerfRawData WMI class
The Win32_PerfRawData WMI class supports the following performance counters:
PERF_COUNTER_COUNTER
PERF_COUNTER_BULK_COUNT
PERF_COUNTER_LARGE_RAWCOUNT |
PERF_COUNTER_LARGE_RAWCOUNT_HEX
PERF_COUNTER_RAWCOUNT_HEX | PERF_COUNTER_RAWCOUNT
PERF_100NSEC_TIMER
PERF_100NSEC_TIMER_INV
PERF_ELAPSED_TIME
PERF_PRECISION_100NS_TIMER
PERF_COUNTER_100NS_QUEUELEN_TYPE
WMI queries for the WMI classes that begin with

Win32_PerfRawData
The KM enables you to execute the WQL queries for 64-bit counters and monitor the
counters by using the wizard. It helps you verify whether the system on which the
application is running is 32-bit or 64-bit, and correspondingly connect to a 32-bit or
64-bit WMI provider.
You must enter a valid WMI query in the Enter a WQL query text box of the WMI
Wizard dialog box. The query must return a number for a single WMI property.
148
Configuring the PATROL KM for Log Management
EXAMPLE
Valid WMI Query:
Select VirtualBytes from Win32_PerfRawData_PerfProc_Process where Name=Idle
This returns the result for VirtualBytes for Idle process.
Invalid WMI Queries:
Select * from Win32_PerfRawData_PerfProc_Process

This returns the data for all the properties of Win32_PerfRawData_PerfProc_Process wmi
class for all the instances. * indicates all the properties for a particular WMI class.
Select VirtualBytes, PageFaultsPersec from Win32_PerfRawData_PerfProc_Process

where Name=Idle
You cannot add two WMI properties such as VirtualBytes and PageFaultsPersec in a WQL
query. Comma separated queries are invalid.
To verify whether a particular query returns a single instance or multiple instances,

use wbemtest provided by Microsoft as shown in the following steps:
1 Go to Start => Run => wbemtest

2 Click Connect.
3 Enter the Namespace such as \\root\cimv2. Click Connect.
4 Click Query. Enter a query, Select * from Win32_PerfRawData_PerfProc_Process.
Verify the record set returned by wbemtest. If there are multiple instances, you need
to add the where clause appropriately.
Configuring the PATROL KM for Log

Management
NOTE
The PATROL KM for Log Management application classes appear under the PATROL KM for
Microsoft Windows OS. The PATROL KM for Microsoft Windows OS must be loaded or the
PATROL KM for Log Management application classes will not be visible.
If the PATROL KM for Microsoft Windows OS is loaded and the PATROL KM for
Log Management is loaded, the PATROL KM for Log Management will begin
collecting data immediately.
Chapter 3
149
For each log file, the KM monitors the following attributes:
file size - stored in the LOGFileSize parameter

growth rate - stored in the LOGGrowthRate parameter
content
age
The default list of monitored files may be added to or removed completely depending
on your needs. The PATROL KM for Log Management supports the following five
types of files:
Text Files Text files are only read if they have been modified since the last scan.
Command Scripts Command scripts are executed each scan cycle and the
resulting output is treated as a log file.
Named Pipe (or FIFO) Named pipes are opened and kept open for reading.
Only blocking pipes are supported. The data is read from the pipe a line at a time
and accumulated in a secondary log file. This secondary file is treated like a normal
log file.
Binary Files Binary files are read with the use of a user-specified filter program.
Binary files are only read if they have been modified since the last scan.
XML files XML files are only read if they have been modified since the last scan.
XML files are always read from the beginning.
This section describes how to configure the PATROL KM for Log Management so
you can begin monitoring log files in your environment. The following table lists the
topics covered in this section.
150
Task
Page
Stop and start monitoring all default log files
151
Stop monitoring a log file
151
Start monitoring a log file
152
Change the setup of a monitored file
158
Filter log file messages (create a search string)
159
Generate a custom event when a search string is identified
162
Configure recovery actions for a log file
166
Stop and start monitoring all default log files

By default, the PATROL KM for Log Management monitors the PATROL Agent error
log.
To stop or start monitoring this log file

1 Access the LOG application menu as described in Accessing KM commands and
2 Select Enable/Disable Default Log Monitoring.

3 In the Default Log Monitoring dialog box, to stop monitoring the default log file,
clear the Enable Default Log File Monitoring check box.
NOTE
The Default Monitoring dialog box only enables and disables monitoring for the log files
that the PATROL KM for Log Management monitors by default. This dialog box does not
control monitoring for log files that you add to the list of monitored files. To add or remove
log files to the list of monitored files, see Start monitoring a log file on page 152 and
Stop monitoring a log file.
Stop monitoring a log file

To stop monitoring a log file, you must remove the undesired log files from the list of
monitored files by following these steps:
1 Access the LOGT application menu for the log file that you no longer want to
monitor, as described in Accessing KM commands and InfoBoxes on page 216.
2 Select Delete Instance.

3 In the confirmation dialog box, click Yes.
PATROL stops monitoring the log file, but does not delete the file from your
system. The LOGMON instance icon for this log file disappears from the LOGS
container window during the next polling cycle.
Chapter 3
151
Start monitoring a log file

To start monitoring a log file that the PATROL KM for Log Management is not
monitoring, you must add that file to the list of monitored files. The product allows
you to monitor a text file or an XML file.
To monitor a text log file

2 Select Add Instance.

3 In the Add Instance dialog box, select TEXT Instance and enter a label for the text
log file that you want to start monitoring.
The log icon label must be 50 characters or less and cannot contain any spaces.
4 Click Accept.
5 In the Add File for Label: instanceName dialog box, enter the full path and file name
for the text file you want to monitor, in the File/Pipe Name text box.
NOTE
To monitor log files that have dynamic names, use the * and ? regular expressions to
define the file name.
For example, if a log file is named backup_date.log, where date changes each day,
enter the log file name as backup_*.log.
Regular expression characters are not accepted for named pipes.
6 Enter a logical name for the LOGMON instance that you want to monitor, which
appears in the event manager.
7 Select the Contains Environmental Variables check box to enter a path defined by an
environment variable that is resolved at runtime. If you select this check box,
environment variables in the text file path are resolved. Otherwise, the text file is
treated as a pure file name.
8 Select either of the File Type options: Text File, Script, Named Pipe, or Binary File.
9 In the Filter Program text box, enter the path and name of the filter program that is
reading the file specified in the File/Pipe Name field.
152
NOTE
In case of a Binary file type, PATROL KM for Log Management does not accept arguments.
10 (Optional) If you want to scan the entire text file on each scan, rather than scanning
only the new content, choose the Always Read at Beginning check box.
NOTE
The text file will only be scanned if the file changes.
11 (Optional) If you are monitoring a dynamically named file and you want to
monitor all of the files using the dynamic name specified in the File/Pipe Name
field, rather than just the latest file, choose the All option.
12 (Optional) Select the Generate Alarm if File not modified in check box if you want
the LOGMON instance to ALARM if the monitored file is not modified
periodically. Specify the time in minutes after which you want the KM to alarm if
the file is not modified, in the Minutes text box.
13 Specify the default settings for a search criterion. In the Threshold # 1 text box,
specify the minimum number of text search string matches in a polling cycle
required to produce a specified state.
To search for a minimum number of text strings across a number of polling cycles,
enter values in the x:y format; x represents the minimum number of text string
matches, and y represents the total number of polling cycles.
14 In the Threshold # 2 text box, specify the minimum number of text search string
matches required to produce a specified state. You can specify a different state and
a different number of matches from Threshold # 1. Threshold # 2 should be higher
than Threshold # 1. To search for a minimum number of text strings across a
number of polling cycles, enter values in the x:y format.
15 Select the state that you want the KM to exhibit when a threshold is
reachedNone, OK, Warn, or Alarm.
EXAMPLE
If you want the KM to go into Alarm when the search string is found 3 times in the
monitored file, then you would set the value of Threshold # 1 to 3 and select Alarm from
the State list.
Chapter 3
153
16 (Optional) In the Custom Event Message text box, specify the message that you want
displayed in the events when your search string conditions are satisfied.
17 In the Custom Event Origin text box, specify the customized origin for events. If you
do not specify the origin, the product uses the instance name as the default origin
of events, which is APPCLASS.INSTANCE.textFileName.
You can use built-in macros (except the %x[-%y] macro) as the customized origin
for events.
18 In the Number of Lines in Log Entry text box, specify the number of lines that you
want to be displayed when a match is found.
EXAMPLE
If you want to determine when a disk is full and where the disk is mounted, you would
enter Error: Disc Full as the search string and 2 as the value of Number of Lines in Log
Entry so that when a disk is full, the product displays a message similar to the following
one in LOGMatchString text parameter:
Id=id1
031605: Error: Disc Full
Id=;MatchedLines
/hd001 mounted as /opt
SUMMARY:id1=1;
NOTE
If either, the search string or the nullify string, occurs again within the number of lines
selected to be displayed, the KM does not find the instances of the search strings for all the
search identifiers.
19 In the Nullify Alarm/Warn String text box, specify the string that is used to nullify
the alarm for the dual search feature. You can configure dual search for an instance
so that the KM goes into the alarm state when any of the search criteria is found in
the monitored file and nullifies the alarm when the nullify string is found in the
monitored file.
You must specify the first string in the String1 text box (in the Configure Search
Criterion: instanceName dialog box) and the nullify string in the Nullify Alarm/Warn
String text box. For nullified customized events, the default custom event message
is used (as provided in the Custom Event Message text box).
EXAMPLE
If you specify Alarm up in the String1 text box and Alarm down in the Nullify
Alarm/Warn String text box, the KM goes into an alarm state when Alarm up is found in
the monitored file and the alarm is nullified when Alarm down is found in the monitored
file.
154
20 If the KM goes into an alarm or a warning state because the search string is found
and you want the KM state to return to OK if the search string is not found on the
next scan, select the Return to OK if no match found on next scan check box.
21 From the Scan Priority list, select a scan priority: Normal, Medium, or Low.
22 Click Continue.
23 (Optional) In the Configure Search Criterion: instanceName dialog box, in the Search
Criterion area, define a search criterion, specify a unique label in the Search
Identifier text box, and configure a search string to define what type of messages
the KM should search for.

The Search Identifier label appears in the search list and helps you identify the
search criterion.
24 In the String text boxes, enter the regular expression for the first search string that
you want to search in the text instance (4096-byte limit).
25 (Optional) If you want the KM to alarm if a string is not present in the file, select
the Not check box.
NOTE
This option displays all the lines in the file that do not match the search string.
26 In the First Number text box, specify a number to specify a starting position of a
search range in the matched file.
27 Select an operator from the Op list.

28 In the Begin token text box, specify a valid beginning token value.
29 In the End token text box, specify a valid ending token value.
30 Select an operator from the Op list.
31 In the Second Number text box, specify a number to specify an ending position of a
search range in the matched file line.
32 You can custom-define a search criterion with settings that are different from the
default settings in the Add File for Label: instanceName dialog box. To do so, select
the Override default setting check box and custom-define the settings for each
search criterion as described in step 13 through step 17 on page 154.
Chapter 3
155
33 Select the Add option and click Update for the KM to populate the search criteria in
the Search list.
34 Click Done.
Once the search string is found in the file, the KM generates an alarm.
NOTE
If you do not specify a search string, the LOGErrorLvl parameter will not be set. When the
LOGErrorLvl parameter is not set for a period of time, no data for specified range
messages are displayed in BMC PATROL history. If you did not specify a search string, this
message is benign.
35 PATROL adds the new log file name to the list of monitored files and displays the
new log instance in the Desktop tree tab.
36 (Optional) If you want to further configure the log file, access the LOGT
application menu as described in Accessing KM commands and InfoBoxes on
page 216.
37 (Optional) Select Advanced Features => Configure Size Actions to configure

automatic recovery actions to determine how the KM should respond when the file
reaches a defined size.
For more information about configuring recovery actions for a log file, see
Configure recovery actions for a log file on page 166.
38 (Optional) Select Advanced Features => Schedule Log Scan to configure the KM to
scan the file at different schedules.
39 (Optional) Select Advanced Features => Configure Log Monitoring Blackout to

prevent the KM from generating events for a file for a specified period of time
40 (Optional) Select Advanced Features => Configure Alarm to configure an alarm

when the size of the monitored file exceeds a specified threshold
41 (Optional) Select Advanced Features => Multiline Search to configure limits to

search a block of lines containing a match string.
NOTE
This option is not available if you are monitoring an XML file.
156
42 Click Accept.
PATROL adds the new log file name to the list of monitored files and displays the
new log instance in the Desktop tree tab.
For more information about monitoring text log files, see the BMC PATROL
Knowledge Module for Log Management User Guide.
To monitor an XML file

2 Select Add Instance.

3 In the Add Instance dialog box, select XML Instance and enter a label for the XML
file that you want to start monitoring.
The log icon label must be 50 characters or less and cannot contain any spaces.
4 Click Accept.
5 In the Add File for XML Monitoring dialog box, enter the full path and file name
for the XML file you want to monitor against XML elements that you provide, in
the XML File text box.
NOTE
To monitor log files that have dynamic names, use the * and ? regular expressions
to define the file name.
For example, if a log file is named backup_date.log, where date changes each day,
enter the log file name as backup_*.log.
6 Optional) If you are monitoring a dynamically named file and you want to monitor
all of the files using the dynamic name specified in the XML File field, rather than
just the latest file, choose the All file disposition option to monitor all of the files.
7 (Optional) In the Search Criteria area, enter an identification label for the XML
search criterionin the Search Identifier text box. This must be unique for an XML
instance. You can use the same search identifier in other XML instances, but not in
the same XML instance.
8 Configure a search string by specifying the combination of XML elements and

values that you want to find in the monitored file.
9 Define thresholds and states for each search XML search string.
Chapter 3
157
Once the search string is found in the file, and the match count is greater than or
equal to the threshold, the KM generates an alarm. For more information about
configuring search strings, see see Filter log file messages (create a search string)
on page 159.
10 In the Custom Event Message text box, define how you want the product to respond
when the specified search criteris is satisfied.
The custom event must consist of string literals and the elements in the XML
search string.
11 (Optional) Access the LOGT application menu as described in Accessing KM

commands and InfoBoxes on page 216.
12 (Optional) Select Advanced Features => Configure Size Actions to configure

automatic recovery actions to determine how the KM should respond when the file
reaches a defined size.
For more information about configuring recovery actions for a log file, see
Configure recovery actions for a log file on page 166.
13 (Optional) Select Advanced Features => Schedule Log Scan to configure the KM to
scan the file at different schedules.
14 From the Scan Priority drop-down list, select a scan priority: Normal, Medium, or
Low.
15 Select the Add option.

16 Click Update.
PATROL adds the new XML file name to the list of monitored files and displays
the new log instance in the Desktop tree tab.
For more information about monitoring XML files and the rules for configuring an
XML log instance, see the BMC PATROL Knowledge Module for Log Management
User Guide.
Change the setup of a monitored file

To change any of the log monitoring options that you have entered, follow these
steps:
158
1 Access the LOGT application menu for a text or XML instance, as described in
2 Select Modify Instance.

3 Depending on the type of log instance, on the Change file for Label: instanceName
or Change file for XML Monitoring, make any desired changes to the setup options
for the selected log file.
4 Click Update.
Filter log file messages (create a search string)

The PATROL KM for Log Management allows you to define what type of messages
the KM should search for. To filter the log file for a particular type of message, you
must define a search string for the monitored log file. When you define a search string
and associate it with a log file, the KM monitors the log for the following:
text or XML string, or pattern

multiple strings or patterns
numeric values
number of string matches per scan of the log file
corresponding alert severity (OK, WARN, or ALARM) when the specified string or
pattern is found
String attributes
The search string can consist of one or two regular expressions and/or a numeric
comparison. The results of these criteria are combined to determine a match. The
maximum length for a string is 400 characters.
What happens when the string is found

Once the search string has been defined, PATROL begins monitoring the log file for
the search string or regular expression that you specified. If the text string or regular
expression is found, PATROL sets the icon for the log instance to the alert state that
you specify and sets the values of the LOGSearchString parameter and LOGErrorLvl
parameter. In addition, the LOGMatchString parameter displays the text string or
regular expression that was returned by the log search.
Chapter 3
159
Before you begin
If you are adding a new log file to be monitored, follow the steps in Start
monitoring a log file on page 152.
If you want to define a search string for an existing log file, follow the steps in
Change the setup of a monitored file on page 158.
Define a search string for a text file

To define a search string for a new or existing monitored log file, follow these steps:
1 On the Add File for Label: instanceName dialog box or the Change File for Label:
instanceName dialog box, click Continue to go to the Configure Search Criterion:
instanceName dialog box.
2 Enter a unique identification label for a search criterion in the Search Identifier text
box.
3 Enter a search string or regular expression in the String 1 text box. Select the NOT
check box next to the String 1 field if you want to identify file entries in which the
string is not found.
You can search for a literal word or phrase or you can use regular expressions to
search for a type of message that has an identifiable format or pattern.
4 If desired, in the String 2 text box, enter a search string or regular expression. Select
the NOT check box next to the field if you want to identify files in which the string
is not found.
5 If desired, define a numeric comparison by specifying the starting and ending

positions of a search range in the matched file line, entering position numbers in
the First Number and Second Number text boxes, along with operators in the Op text
boxes. Enter valid Begin Token and End Token values.
The numeric comparison is used to determine if a file entry exceeds a threshold or
fits in a range. For example, you would use a numeric comparison to determine if
the number of jobs in a print queue exceeds 500. To see how you would define a
search string for this example, see Example: defining a search string for print
queue length on page 162.
Tokens specify beginning and ending locations of the search within a matched log
file line. Valid values start at 1 and run from left to right. Multiple adjacent white
spaces are treated as one position. Each white space-separated token in this search
range is examined to determine if it is a base 10 number. This number must be a
real number, not a percent.
160
The first number encountered is used. If no numbers are found, the numeric
portion of the search string is ignored. The converted number is used as variable X
in this mathematical statement:
A op1 X op2 B
A and B are fixed, user-supplied base 10 numbers. A is required, B is optional. 'op2'
only applies when B is supplied. 'op1' and 'op2' can be one of these operators:
less than, <

greater than, >
equal, =
less than or equal, <=
greater than or equal, >=
not equal to, !=
6 Fill out or modify the rest of the dialog box fields as described in To monitor a text
log file on page 152.
Define a search string for an XML file

To define a search string for a new XML file or an existing XML file that is being
monitored, follow these steps:
1 In the Add File for XML Monitoring dialog box or the Change File for XML
Monitoring dialog box, enter an identification label for the XML search criterion in
the Search Identifier text box. This label appears in the search list and helps you
identify the search criterion.
The label must be unique for an XML instance. You can use the same search
identifier in other XML instances, but not in the same XML instance. You can only
use aplha-numeric characters such as a-z, A-Z, 0-9, and up to a maximum of 20
characters.
2 In the XML Search String text box, enter the combination of XML elements and
values that you want to find in the monitored file.
3 Fill out or modify the rest of the dialog box fields as described in To monitor an
XML file on page 157.
Chapter 3
161
Example: defining a search string for print queue length

This example shows you how to define a search string that will monitor the print
queue length in a log file to identify print queues with more that 500 jobs.
The sample log file contains entries like the following:
Print Queue HOU7 contains 323 jobs
Print Queue HOU19 contains 605 jobs
Print Queue HOU1 contains less than 10 jobs
To identify log entries that contain print queues with more that 500 jobs, you would
define the search string as follows:
1 On the Add File for Label: instanceName dialog box, click Continue to navigate to
the Configure Search Criterion: instanceName dialog box.
2 In the First number field, enter 500.

3 From the Op drop-down list to the right of the First number field, select <.
4 In the Begin token field, enter 5.
5 In the End token field, enter 7.
The completed Search String section appears.
6 Complete the remaining fields as described in Start monitoring a log file on

page 152.
Generate a custom event when a search string is identified

The PATROL KM for Log Management allows you to generate a custom event when
the search string that you defined matches a log file entry. It also allows you to
specify a custom event origin. The custom event has the following characteristics:
Event class LOGGeneral

Event type WARN
Event severity 3
Event origin LOGMON.inst.fname, where inst is the user-defined label of the log
file and fname is the log file name.
Text entered in the Custom Event Message field can also be included in the event. Part
or all of the matching log entries can be included in the custom event message.
162
The words of the message (represented by tokens separated by white space) will be
identified by their ordinal position in the matched log file line, numbered left to right
starting with 1. Word substitution will be identified in the custom event message text
by using the % character. Ranges of words can be included, and are entered following
a single % (for example, %2-5 would identify tokens 2 through 5 inclusive).
NOTE
If you want to have the % character appear in the message, enter %%. For example, entering
Disk %3 is %5 %% full displays the 3rd and 5th strings in the match line, such as Disk
/dev/sd0 is 45 % full.
For example, you might want to create a custom event message that would display
when a service fails to initialize. To see how you would set up a custom event
message for this example, see Example: defining a search string for print queue
length on page 162.
NOTE
If you do not create a custom event message, you will still receive the standard event
generated by the LOGErrorLvl parameter when your search string is found.
Specify a custom origin for the events in the Custom Event Origin text box. If you do
not specify an origin, the KM uses the default origin, which is
APPCLASS.INSTANCE.textFileName.
You can use built-in macros (except the %x[-%y] macro) as the customized origin for
events.
Before you begin
If you want to set up a custom message for an existing log file, follow the steps in
Change the setup of a monitored file on page 158.
Chapter 3
163
Create a custom event message

To create a customized event message, follow these steps:
1 Depending on whether you are adding a new log file to be monitored or changing
an existing log file, access the either of the following:
Add File for Label: instanceName dialog box or the Change File for Label:
instanceName dialog box
Add File for XML Monitoring dialog box or the Change File for XML
Monitoring dialog box
2 In the Custom Event Message text box, enter the text that you want to display when
your search string conditions are satisfied.
3 In the Custom Event Origin text box, enter the origin for the events.
4 (Optional) For a text instance, in the Number of Lines in Log Entry text box, enter the
number of lines to include from the log file in the message returned when a search
string is found.
EXAMPLE
If you were searching for Disc Full errors, you could configure the KM to return two lines
so that when the string Error: Disc Full is found, the KM returns the line matching that
string and the next line, in the LOGMatchString parameter:
Id=id1
031605: Error: Disc Full
Id=;MatchedLines
/hd001 mounted as /opt
SUMMARY:id1=1;
NOTE
If either, the search string or the nullify string, occurs again within the number of lines
selected to be displayed, the KM does not find the instances of the search strings for all
the search identifiers.
For example, if you specify that the KM returns four lines when it finds the search
string Disc Full, and Disc full occurs in the first and third lines of the file, the KM
counts only the first instance of Disc Full as a match.
If you want to ensure that all matches are found, leave the Number of Lines in Log
Entry field blank.
5 In case of a text instance, if you want to define custom messages specific to a search
criterion, on the Add file for Label: instanceName dialog box, click Continue.
164
6 On the Configure Search Criterion: instanceName dialog box, add a unique

identification label in the Search Identifier text box.
7 Select the Override default setting check box.

8 Specify a custom event message for the search criterion in the Custom Event
Message text box.
9 Specify an origin for the events in the Custom Event Origin text box.
10 Complete the remaining fields as described in Start monitoring a log file on
page 152.
Example: creating a custom event message that displays

when a service fails to initialize
This example shows you how to create a custom event message to display the
following event message when a service fails to initialize:
GX6 component <ITD> failed initializing service it_execd,. See
logfile \var\opt\GX6\log\it_execd.log, for details.
The sample log file entry looks similar to this (with the exception that a real log file
entry would fit on one line):
"20030508_124352 <ITD> ExecInitialize failed (szServicesEntry:
it_execd, szAccessControlList:\opt\GX6\etc\it_execd.acl, szLogFile:
\var\opt\GX6\log\it_execd.log, usllSrv: 7)"
To create the custom event message, in the Custom Event Message Field, enter:
GX6 component %2 failed initializing service %6. See logfile %10 for details.
Example: Creating a custom event origin that displays the

event origin according to Macros specified in the
configuration
This example shows you how to create a custom event origin to display the event
origin according to macros specified in the configuration.
If you create an instance such as inst1 with a search identifier, id1:
%APPCLASS%.%INSTANCE%.%SEARCHID%
Chapter 3
165
The LOGGeneral and NOTIFY_EVENT Event Class will display the following Event
Origin:
LOGMON.inst1PN0.id1
Configure recovery actions for a log file

The PATROL KM for Log Management allows you to define recovery actions when a
log file reaches a specified size. The available recovery actions for log files are:
reduce the log file to 0 MB by deleting all the messages in the log file when the file
reaches the size limit
backup the file into the pmg_backup subdirectory located in the same directory as
the monitored log file and reduce the log file to 0 MB
Each time the file is backed up, the backup file is written to the same directory with
an incremental number appended to the log file name. For example, the first time that
the error_log.txt reaches its size limit, PATROL creates a backup file named
error_log.txt1. The next time that it reaches its limit, PATROL creates a backup file
named error_log.txt2 and so on.
NOTE
BMC Software recommends that you periodically move the backup files to another location.
The PATROL recovery action checks to make sure that the backup file name is not already in
use. If hundreds or even thousands of backup files exist in the log directory, PATROL may
take some time to complete this recovery action.
Recovery actions run automatically by default; however, you can configure them to
require user confirmation if the Run Attended option button is set to Yes.
Before you begin
166
If you want to configure a recovery action for an existing log file, follow the steps
in Change the setup of a monitored file on page 158.
Configuring the PATROL KM for Microsoft Cluster Server
Configure a log file recovery action based on file size

To define a recovery action that runs when the log file exceeds a defined file size,
follow these steps:
1 Access the LOGT application menu for a text or XML instance, as described in
2 Select Advanced Features => Configure Size Actions.

3 In the Configure Size Actions dialog box, in the Size Limit text box, enter the
number of bytes that the monitored file must exceed before PATROL executes the
recovery action. For example, if the limit is 100 bytes, enter 100 in the Size Limit
text box.
4 Select an Action option to specify a recovery action for PATROL to take when the
log file reaches the specified size limit:
NothingPATROL continues monitoring the log file but does not attempt to
reduce its size.
DeletePATROL reduces the log file to 0 MB by deleting all the messages in the
log file when the file reaches the size limit.
Backup and Delete PATROL backs up the existing log file and reduces the log
file to 0 MB
5 Click the Yes or No button to indicate whether PATROL runs attended (prompt an
operator for confirmation before performing a recovery action).
For more information about the features and functionalities in PATROL KM for
Log Management, see the BMC PATROL Knowledge Module for Log Management
User Guide.

Cluster Server
You can set up the PATROL KM for Microsoft Cluster Server to use one of the
following configurations:
internal cluster-level agent (CLA)

external cluster-level agent
Chapter 3
167
Configuring the PATROL KM for Microsoft Cluster Server
These configurations each offer advantages and disadvantages. To decide which

configuration best suits your environment, see Table 15 on page 76.
Before configuring the PATROL for Microsoft Cluster Server components, you
should verify that the software products are installed correctly. To verify that you
have installed the appropropriate software on the appropriate computers, see
Installing PATROL KM for Microsoft Cluster Server on page 75.
To configure the PATROL KM for Microsoft Cluster Server

Follow the following process to configure PATROL KM for Microsoft Cluster Server:
1 From the PATROL Console, add the managed system that corresponds to your
cluster by choosing Host => Add.
2 From the PATROL Console, load MCS_Load.kml. For instructions on how to load
KMs, see Loading the PATROL for Microsoft Windows Servers KMs on page 93.
3 If the KM is not already configured, Microsoft Clusters - Setup appears as the label
under the MCS_Clusters application instance icon.
4 From the Microsoft Clusters - Setup instance, choose PATROL Admin=>Maintain

Account Info.
5 In the Authorized Account dialog box, enter an account that is a member of the
Administrators group on the local computer or cluster node. This account allows
the cluster-level agent and external executables to access the cluster nodes you
want to monitor. For internal cluster-level agents configurations, when
requirements are met, the KM can use the PATROL agent default account.
For more information about setting up the Cluster account, see PATROL KM for
Microsoft Cluster Server account on page 50.
168
Using the PATROL Adapter for Microsoft Office to view reports
Using the PATROL Adapter for Microsoft Office

to view reports
If you install the PATROL Adapter for Microsoft Office, you can display PATROL
data in Microsoft Excel through the PATROL Adapter for Microsoft Office wizard.
For more information, see the following topics:
Task
Page
Displaying PATROL data by using the PATROL Adapter for Microsoft

Office
169
How to use the PATROL Adapter for Microsoft Office
170
Built-in report templates
170
Displaying PATROL data by using the PATROL Adapter for

Microsoft Office
This task describes how to start the PATROL Adapter for Microsoft Excel so that you
can view server-based PATROL reports.
Before you begin

To use PATROL Adapter for Microsoft Office, you must have one of the following
versions of Microsoft Excel loaded on the console machine:
Microsoft Excel 97 (SR1, SR2, and SR2b)

Microsoft Excel 2000 (SR1a, SP2, and SP3)
Microsoft Excel Office XP (SP1, SP2, and SP3)
Microsoft Excel Office 2003 (SP1)
To start the PATROL Adapter for Microsoft Office from Microsoft Excel
1 Start Microsoft Excel.
2 Choose File => New.
3 Choose the Spreadsheet Solutions tab.
4 Choose the Patrol Report.xlt template.
5 Click OK.
Chapter 3
169
The New dialog box is dismissed and the Microsoft Excel macros message appears.
6 Click Enable Macros.

To run the wizard, the Microsoft Excel security level must be either Low or
Medium. If the security level is High, the wizard does not run and displays no
error messages. To change the Microsoft Excel security level, start Excel and
choose Tools => Macro => Security.
7 See the PATROL Adapter for Microsoft Office User Guide for instructions on
generating a report.
How to use the PATROL Adapter for Microsoft Office

For more information about how to use the PATROL Adapter for Microsoft Office,
see the PATROL Adapter for Microsoft Office User Guide.
NOTE
History reports are not available for PATROL Agents that are version 3.2.09. Please see the
PATROL Adapter for Microsoft Office User Guide for more information regarding requirements
and limitations of PATROL Adapter for Microsoft Office.
Built-in report templates

Several products have predefined reports that you can use immediately. For a list of
these predefined reports, see the following sections.

If you are using the PATROL KM for Microsoft Windows OS, the predefined report
templates in Table 38 on page 171 are available when you use the PATROL Adapter
for Microsoft Office.
Table 37
Reports for PATROL KM for Microsoft Windows OS (Part 1 of 2)
Report Name
170
CPU Util - Weekly History

CPU Util - Daily History
Description
percentage of time that a processor is busy executing the threads of a
process (the value reported by the parameter
CPUprcrProcessorTimePercent)
Table 37
Reports for PATROL KM for Microsoft Windows OS (Part 2 of 2)
Report Name
Description
Logical Disk - Weekly History percentage of free space available on the selected logical disk drive (the
Logical Disk - Daily History
value reported by the parameter LDldFreeSpacePercent)
Memory - Weekly History
Memory - Daily History
number of megabytes of physical memory currently available to

processes (the value reported by the parameter
MEMmemAvailableBytes)

If you are using the PATROL KM for Microsoft Windows Domain Services, the
predefined report templates in Table 38 are available when you use the PATROL
Adapter for Microsoft Office.
Table 38
Reports for PATROL KM for Microsoft Windows Domain Services (Part 1 of 2)
Report name
Description
DHCP Lease Availability Daily History Report

DHCP Lease Availability Monthly History Report
DHCP Lease Availability Weekly History Report
NT_DHCP reports regarding the percent of

DHCP leases available each day, week, or
month
DHCP Server Utilization Daily History Report

DHCP Server Utilization Monthly History Report
DHCP Server Utilization Weekly History Report
NT_DHCP reports regarding the daily,

weekly, or monthly server utilization of the
DHCP service
DNS Server Response Time Daily History Report

DNS Server Response Time Monthly History Report
DNS Server Response Time Weekly History Report
NT_DNS reports regarding daily, weekly, or

monthly server response times for the Domain
Name Service (DNS)
DNS Server Utilization Daily History Report

DNS Server Utilization Monthly History Report
DNS Server Utilization Weekly History Report
NT_DNS reports regarding daily, weekly, or

monthly server utilization of the DNS service
NT_REMOTE_SERVERS reports regarding

Remote Servers Connect Response Time Daily History
daily, weekly, or monthly connection response
Report
times of remote domain servers
Remote Servers Connect Response Time Monthly
History Report
Remote Servers Connect Response Time Weekly History
Report
Remote Servers Connection Status Daily Outage Report
Remote Servers Connection Status Monthly Outage
Report
Remote Servers Connection Status Weekly Outage
Report
NT_REMOTE_SERVERS reports regarding

daily, weekly, or monthly connection outages
of remote domain servers
Shares Disk Usage Daily History Report

Shares Disk Usage Monthly History Report
Shares Disk Usage Weekly History Report
NT_SHARES reports regarding daily, weekly,

or monthly usage of network shares on the
managed server
Chapter 3
171
Table 38
Reports for PATROL KM for Microsoft Windows Domain Services (Part 2 of 2)
Report name
Description
Trust Domain Connectivity Daily Outage Report

Trust Domain Connectivity Monthly Outage Report
Trust Domain Connectivity Weekly Outage Report
NT_TRUST reports regarding daily, weekly,

and monthly connection outages between
trusted and trusting domains
WINS Server Utilization Daily History Report

WINS Server Utilization Monthly History Report
WINS Server Utilization Weekly History Report
NT_WINS reports regarding daily, weekly,

and monthly utilization of the Windows
Internet Naming Service (WINS) on Windows
servers

If you are using the PATROL KM for Microsoft Message Queue, the predefined
report templates in Table 39 are available when you use the PATROL Adapter for
Microsoft Office.
Table 39
Reports for PATROL KM for Microsoft Message Queue
Report name
Description
MSMQ Message Rate - Daily History Report
current rate that messages are received during a 24-hour

period
MSMQ Service Availability - Weekly History

Report
current rate that messages are received during a 7-day

period
MSMQ Sessions - Daily History Report
number of MSMQ sessions that occur during a 24-hour

period
MSMQ Sessions - Weekly History Report
number of MSMQ sessions that occur during a 7-day

period
MSMQ Total Msgs. Waiting - Weekly History

Report
total number of messages that waited for processing

during a 7-day period

If you are using the PATROL KM for Microsoft COM+, the predefined report
templates in Table 40 are available when you use the PATROL Adapter for Microsoft
Office.
Table 40
Reports for PATROL for Microsoft COM+ (Part 1 of 2)
Report name
Description
Process Count Daily Summary
total number of processes run during a 24-hour period
Package Status Daily Summary
line graph of the current status of a package (active or in-active)

during a 24-hour period
Package Status 30-Day Summary
line graph of the current status of a package (active or inactive)

during a 30-day period
172
Table 40
Reports for PATROL for Microsoft COM+ (Part 2 of 2)
Report name
Description
Active Packages Daily Summary
total number of packages active during a 24-hour period
Aborted Transaction Daily Summary
total number of transactions aborted during a 24-hour period
Aborted Transaction 30-Day Summary
total number of transactions aborted during a 30-day period
Chapter 3
173
Removing KMs from your console and agent

If you want to remove a KM from being displayed in your PATROL console, you can
unload its corresponding application classes (.km files) as described in Unloading
KMs from a PATROL console.
When you unload a .km file, its corresponding application class no longer appears in
your console. Unloading a .km file does not delete the file from the lib\knowledge or
psl directories on the PATROL console or PATROL Agent computer. If you want to
delete a KM completely from your system, you must uninstall the KM.
If a .km file was preloaded (whether as part of a .kml file or not), unloading it does not
stop the PATROL Agent from collecting data for that .km file. However, if the .km file
was not preloaded, then unloading it does stop the file from running and collecting
data on the PATROL Agent.
If you no longer want the PATROL Agent to run a KM that was preloaded, you can
remove its corresponding .kml file or .km files from the PATROL Agent preload list as
described in Using wpconfig to remove KMs from the Agent preload list on
page 98.
When you remove a KM from the PATROL Agent preload list, the agent does not run
the KM unless you load it with a running console. KMs that are not preloaded do not
run unless a console is running.
Unloading KMs from a PATROL console

If you no longer want to view a KM that currently appears in your console, you can
unload the corresponding application classes (.km files) that make up the KM.
To unload KMs with the PATROL Console for Microsoft Windows Servers
1 From the KM tab of the tree view, right-click the application class name that you
want to delete and choose Delete from the pop-up menu.
2 Click Yes to delete the application class.

The application class is removed from your cache directory and your console
session file.
3 Repeat Step 1 and Step 2 until you have deleted all of the application classes
associated with the KM that you want to delete.
4 From the console menu bar, choose File => Save KM to save your changes.
174
To unload KMs with the PATROL Console for UNIX

1 From the PATROL Main window, choose Attributes => Application Classes.
2 From the Lists of Application Classes window, click the name of the application
class that you want to delete.
3 From the List of Application Classes menu bar, choose Edit => Delete.
The application class is removed from your cache directory and your console
session file. The PATROL Console removes the application class name from the
List of Application Classes.
4 Repeat Step 2 and Step 3 until you have deleted all of the application classes
associated with the KM that you want to delete.
5 From the List of Application Classes menu bar, choose File => Save KM to save
your changes.
To Unload KMs with PATROL Central Operator - Windows Edition

1 In the Common Tasks tab of the Operator Console Module Taskpad, click the
Unload Knowledge Module(s) icon.
PATROL displays the Unload Knowledge Module(s) Wizard.
2 To start the wizard, click Next.

3 From the Managed System screen, select the managed system.
4 From the Knowledge Modules screen, select the KMs that you want to unload. For
a description of the PATROL for Microsoft Windows Servers KMs, see
Table 16PATROL for Microsoft Windows Servers .kml files on page 92.
5 Click Finish.
Chapter 3
175
To unload KMs with PATROL Central - Web Edition

PATROL Central - Web Edition has a feature that enables you to unload specified .km
files from specified computers.
1 From the Managed Systems page, click the Load/Unload KMs button.
The Load KMs page opens, listing each computer on which a PATROL Agent has
been installed.
2 Select the computers from which you want to unload .km files, and click Next.
The Load KMs page displays a list of .km files. Currently loaded .km files are
highlighted in the list.
3 Cancel the selection of the .km files that you want to unload.
4 Click Finish.
The console removes the .km files that you specified. These .km files will no longer
be in the current management profile.
Stopping preloaded KMs from running on the PATROL Agent

If you want to stop a KM or application class so that it no longer runs on the PATROL
Agent, remove the corresponding .kml or .km file from the agent preload list, as
described in Using wpconfig to remove KMs from the Agent preload list on
page 98.
176
Chapter
Using the PATROL Cluster

Configuration Wizard
4
This chapter provides you with information that you will need to use the PATROL
Cluster Configuration Wizard (also referred to as PCC). The following topics are
discussed:
Using the PATROL Cluster Configuration Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . .
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Preparing to use the PCC Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Access requirements for running the PCC Wizard . . . . . . . . . . . . . . . . . . . . . . . .
Starting the PCC Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
How to use the PCC Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Post-PCC configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Manually configuring the PATROL Agent for clustering . . . . . . . . . . . . . . . . . . . . . .
Install the application on each cluster node . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Install the PATROL Agent on each cluster node . . . . . . . . . . . . . . . . . . . . . . . . . .
Assign a unique port number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Distribute license file. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Define the PATROL cluster-specific environment variables . . . . . . . . . . . . . . . .
Create and register a new service for the PATROL Agent . . . . . . . . . . . . . . . . . .
Define the PATROL Agent as a member of the group . . . . . . . . . . . . . . . . . . . . .
PATROL cluster-specific environment variables for history and configuration . . .
Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Unattended configuration of Cluster Configuration Wizard . . . . . . . . . . . . . . . . . . .
Chapter 4 Using the PATROL Cluster Configuration Wizard
178
178
179
179
179
180
185
185
185
186
186
186
186
187
188
191
191
192
193
193
177
Using the PATROL Cluster Configuration

Wizard
Install the PATROL Cluster Configuration (PCC) Wizard to help you configure the
PATROL Agent for failover in a Microsoft server cluster environment.
Overview
The PCC Wizard allows you to easily configure the PATROL Agent to monitor
cluster-aware applications such as Microsoft Exchange Server. It does this by
configuring the agent to operate on a virtual server name and separate port
storing the agent history and configuration data on cluster-shared media
Thus, in the event of a node failure, the agent will failover to another node with the
monitored application, while providing a consistent view of the data being collected.
For example, the history data is kept intact.
The Wizard does not enable the monitoring of clustered resources. That functionality
is handled by the PATROL Agent and the PATROL KM for Microsoft Cluster Server.
The Wizard automates and simplifies cluster configuration of the PATROL Agent,
and eliminates configuring the agent manually.
178
Preparing to use the PCC Wizard

Before you begin using the PCC Wizard, you must
install PCC on any computer in the cluster domain

install PATROL Agent on all nodes in the cluster
know the user name and password of a cluster administrator account
identify a group to install the PATROL virtual Agent into; this group will need to
contain the following (at a minimum):
Physical disk
The PATROL virtual Agent stores history and configuration data on a standard
cluster-shared disk which, if possible, should not be the quorum disk.
Network name
A network name resource provides an identity to the group in the form of a
unique network name and IP address. This identity makes the group or the
PATROL virtual agent accessible from the PATROL Console.
NOTE
The node that you run the PCC Wizard from should be the current owner of the group you
select. This recommendation prevents some caution pop-up windows from appearing.
For information about how the PATROL Agent supports an application in a cluster
environment and what type of failover tolerance it provides, see the PATROL Agent
Reference Manual.
Access requirements for running the PCC Wizard

The account you use to run the PCC Wizard must be a member of the local
administrator group.
Starting the PCC Wizard

You can start the wizard by
From Windows Start menu, choosing Start => Programs => BMC PATROL =>
PATROL Cluster Configuration Wizard.
typing pcc from the Run command.
179
How to use the PCC Wizard

Once you have installed PCC Wizard on all nodes, use the following instructions to
use the PCC Wizard to configure the PATROL Agent resources. To configure all
nodes, you need to run the PCC Wizard just once, from a single node.
Information required by PCC

Use the table below to plan your configuration of each PATROL Agent resource.
Table 41
Information required by PCC (Part 1 of 2)
Required information
Your information
PCC
Cluster Name
adds the PATROL Agent resource to the cluster you select or

enter.
Group Name(s)
adds the PATROL Agent resource to one or more cluster

groups.
Resource Name
adds the PATROL Agent service as a Generic Service

resource type with this name. The resource name must be
unique for this cluster.
Service Name
creates registry entries for this PATROL Agent service name

on each node you select. The service name must be unique for
this system and comply with the rules for a service name.
Note: PATROL does not rename the PatrolAgent.exe.
Network Name
sets the PATROL_VIRTUALNAME_PORT# environment

variable to this network name, which the PATROL Agent
uses instead of the host name to store the PATROL
configuration and history data. For easy identification, this
name should be the virtual server name of the cluster group
with which the agent is bundled. For example, the network
name for an agent on port 3182 is
PATROL_VIRTUALNAME_3182=BMC_ExchangeHou.
Port Number
sets the port number that the PATROL Agent is using and
that is referenced by all environment variables. Each
PATROL virtual Agent must have a unique port number.
Shared Drive
sets the drive shared by a cluster on which the configuration

and history data will be stored. The PATROL Agent must be
able to access this shared drive at agent startup, and the
shared drive should belong to the cluster group with which
the PATROL Agent is bundled.
History Path
sets the PATROL_HISTORY_PORT# environment variable

to this path on the shared drive, which stores the agent
history files. For example, the history data location for an
agent on port 3182 is
PATROL_HISTORY_3182=X:\patrol\history.
180
Table 41
Information required by PCC (Part 2 of 2)
Required information
Your information
PCC
Config DB Path
sets the PATROL_CONFIG_PORT# environment variable to

this path on the shared drive, which stores the PATROL
Agent configuration database. For example, the
configuration database location for an agent on port 3182 is
PATROL_CONFIG_3182=X:\patrol\config.
RTSERVERS variable
sets the RTSERVERS environment variable associated with

the PATROL Agent. If you have not configured an RTserver
for your PATROL environment, you can leave this field
blank.
You may enter one or more known RTservers. Each entry is
separated by a comma and has the format of
protocol:hostname:port. For example,
tcp:tbrady3w2k.bmc.com:2059.
Node(s)
creates a registry entry for the PATROL Agent service on

each cluster node you select.
181
Configuring the PATROL Agent

Action
Dialog box
Notes
1. Click Next.
2. Select the appropriate

option and click Next.
If you are installing the

first resource, select Add
one or multiple PATROL
Agent resource(s). Adding
a PATROL Agent as a
cluster resource performs
the following actions:
3. Select the groups to

which you want to add the
agent and click Next.
Sets the required

environment variables
Registers the PATROL
Agent with a new
service name
Adds the PATROL
Agent to the cluster as
a Generic Service
resource type and sets
the resource properties
You can select multiple

groups.
In most cases, the groups
will correspond to the
applications you want to
monitor.
182
Action
4. Enter the appropriate
information and click
Node List.
Dialog box
Notes
If you do not know what
names to use, accept the
defaults.
The port number must be a
port that is not in use by
any other process.
5. Verify that all nodes that

you want to configure are
selected and click OK.
You can select a node by

clicking the node. All
nodes are selected by
default.
You are returned to the

PATROL Agent
configuration screen.
Click Next.
183
Action
Dialog box
Notes
6. Verify the configuration

information and click
Configure.
7. Click View Log or

Finish.
You have finished

configuring the agent.
Your configuration of the PATROL Agent using PCC performs the following actions:
184
Registers the PATROL Agent service with a new service name within the Service
Control Manager.
Sets the registry parameters and port number.
Sets the service startup to manual.
Creates the resource of type Generic Service in the cluster.
Sets the Generic Service resource properties to restart without affecting the cluster
group; remaining properties have default values.
Sets the service name parameter of the Generic Service and enables use Network
Name for computer name.
Creates PATROL Agent history and configuration files on shared disk.
Creates environment variables for cluster nodes.
Brings the newly created resource online if the selection box is checked.
Sets resource dependencies on the specified Physical Disk and Network Name.
Post-PCC configuration
Post-PCC configuration
Now that you have finished using PCC to configure multiple PATROL Agents, you
must perform some post-wizard configuration.
Each of the group agents in the cluster need to monitor resources that are a only part
of that group. The node agents should not monitor group resources. This generally
requires using wpconfig to modify the disabledKMs list for each group agent, and
configuring the remaining KMs to monitor only resources that are instances of that
group. This also means that you only need to modify the preloadedKMs list using
wpconfig to preload KMs that are appropriate for that node or group agent.
Manually configuring the PATROL Agent for

clustering
NOTE
BMC Software recommends that you use the PCC Wizard to cluster your PATROL Agent.
PCC simplifies the configuration process. However, the manual instructions have been
included in case you prefer manual configuration or want to know what the PCC Wizard is
configuring.
The information in this section provides a general idea of the processes involved in
setting up a Windows cluster environment and integrating PATROL into that
environment. Procedures and steps describing how to set up third-party software are
intended as a general outline of the process for that product and are not intended as
step-by-step instructions.
Setting up PATROL to run in a Windows cluster environment consists of several
standard tasks. The standard cluster administration tasks and the PATROL-specific
tasks are described in general terms. This section provides a high-level overview of
building a Windows cluster and integrating PATROL into that environment.
The manual process defined in this chapter requires you to run multiple PATROL
Agent executables on your CPU to monitor more than one application on the cluster.
Install the application on each cluster node

Install the cluster application on the local disk. In the Windows environment, the
executable must be installed on the local disk.
185
Manually configuring the PATROL Agent for clustering
Install the PATROL Agent on each cluster node

Install the PATROL Agent on the local disk of the node. You should have at least two
separate agent executables installed on the node:
one to monitor the nodes operating system

one to monitor the cluster application
Install the agent once. Include only those Knowledge Modules that support the
application and the operating system. Then see Create and register a new service for
the PATROL Agent on page 187 for information about setting up a second agent to
monitor the cluster application.
Assign a unique port number

During installation of the agent on each node, assign a unique, listening port number
to the PATROL Agent bound to the cluster application. This port must be the same
across all nodes within the cluster.
Distribute license file

Duplicate the license file on each node. Use the naming convention license without
the host name as an extension. During startup, the PATROL Agent searches for
license.hostname, using its own host name. If it cant find the file, it searches for
license without an extension.
If you duplicate a license file and do not delete or change the files host name
extension, the agent cannot find the license and will not start.
Define the PATROL cluster-specific environment variables

In this task, you will define the PATROL cluster-specific environment variables on
each node. This action ensures that all the agents in a cluster read their configuration
information and write their history information to the same set of files.
Perform the following tasks on each node in the cluster, then reboot each node.
Rebooting enables each system to read the new variables and store them in memory.
186
1 From the Windows Taskbar, select Start => Settings => Control Panel.
2 Double-click the System icon and select the Environment tab.
3 Enter the variable name and value in the appropriate fields and click Set. The
variables and their values are listed below. Repeat this step for the remaining
variables.
PATROL_VIRTUALNAME_PORT=VirtualServerName
PATROL_HISTORY_PORT=Drive:\History_Directory
PATROL_CONFIG_PORT=Drive:\Config_Directory
For more information about specific variables, see PATROL cluster-specific
environment variables for history and configuration on page 191.
Create and register a new service for the PATROL Agent

In this task, you will create a PATROL Agent executable and register it as a service so
that you can dedicate it to monitoring a cluster application. This task involves
copying and renaming the agents executable and then registering the service in the
Windows Services Applet.
Perform the following task on each node in the cluster.
1 Copy the PatrolAgent.exe in %PATROL_HOME%\bin directory.

2 Rename the executable. Use a name that indicates that the agent is an executable
dedicated to monitoring an application.
3 Paste the executable into the %PATROL_HOME%\bin directory.

NOTE
Name the executable the same on every node in the cluster.
PatrolAgent-application_name.exe
4 Install the executable at the command line, navigate to the %PATROL_HOME%\bin

directory, and enter the following command:
PatrolAgent-application_name -install
The system acknowledges that the service installed successfully.

187
Tue MON DD HH:MM:SS CCYY PatrolAgent-application_name PID 318 Success

1000:
The PatrolAgent Service was successfully installed.
The PatrolAgent COM Server registered sucessfully
NOTE
The PatrolAgent COM Server can be registered only once. Additional attempts to register it
will fail; however, the multiple agent processes will run.
5 From the Windows Taskbar, select Start => Settings => Control Panel.
6 Double-click the Services icon and select application_name service from the list box.
Click Startup.
7 In the Startup Type pane, select the Manual radio button and click OK. The service
displays Manual in the Startup column.
Define the PATROL Agent as a member of the group

In this task, you will add the new PatrolAgent service as a resource of type Generic
Service to the cluster. This task is commonly referred to as binding the agent to the
cluster application.
NOTE
This task description uses Windows Cluster Management Software as an example. The steps
describing how to set up the software are intended as a general outline of the process and are
not intended as step-by-step instructions.
Perform the following task on only the master node of the cluster. The cluster
software provides two methods for binding a service to a cluster: GUI or command
line. Regardless of the method you choose, you must provide the information listed
in Table 42.
Table 42
Cluster administration properties (Part 1 of 2)
Arguments
Description
cluster.exe
Cluster Administration Executable (command line only)
clusterName
User-defined name of the cluster
RES
Specifies the service as a resource of the cluster
"PatrolAgent for
MyApplication"
Description of the service
/CREATE /Group: /TYPE: Create a group and assign it a resource type.
188
Table 42
Cluster administration properties (Part 2 of 2)
Arguments
Description
/ADDEP
Establish a dependency between the service and the cluster.
/Prop:RestartAction
Determines what the cluster does (shut down, wait, etc.) if

PATROL Agent service fails and is unable to restart.
/Priv: ServiceName
Identify the service name of the PATROL Agent service bound

to the cluster application.
/Priv: StartupParameters
Specify startup characteristics such as port number.
/ON
Make the PATROL Agent service available (online) to the

cluster.
Using Cluster Administration GUI

Add the new PatrolAgent service as a resource of type Generic Service to the
cluster using the Cluster Administrator GUI.
Using the command line

To bind a PATROL Agent service to the cluster application, you must issue several
commands. Each command contains the name of the cluster registration executable,
the name of the cluster, RES, description of the service, and various attributes.
NOTE
For each command, you must reenter the name of the cluster executable, the name of the
cluster, the resource option, and the service name.
1 From the command line, issue the following command to name the service,
designate it as a resource of the cluster, create a group, and assign it a resource
type of Generic Service.
cluster.exe clusterName RES "PatrolAgent for MyApplication" /CREATE
/Group:MyGroup /TYPE:"Generic Service"
2 Add the disk that stores the PATROL Agent configuration and history information
as a dependency. This command instructs the cluster software to bring up the disk
with configuration information before it attempts to start the PATROL Agent.
cluster.exe clusterName RES "PatrolAgent for MyApplication"
/ADDDEP:"Disk MyGroupDisk"
189
3 Set the restart action. This command determines what the cluster does if an
application fails and is unable to restart. A value of one (1) indicates that if the
application is unable to restart, the cluster will continue to run.
cluster.exe clusterName RES "PatrolAgent for MyApplication"
/Prop:RestartAction=1
4 Identify the service name to the cluster software. The service name must be
identical to the service name assigned to the PATROL Agent executable on each
cluster node.
cluster.exe clusterName RES "PatrolAgent for MyApplication" /Priv
ServiceName="PatrolAgent-application_name"
5 Set the port number for the PATROL Agent bound to the cluster application. This
number must be the same as the number assigned as a suffix to the PATROL
cluster-specific environment variables.
For details about the PATROL cluster-specific environment variables, see Define
the PATROL cluster-specific environment variables on page 186.
cluster.exe clusterName RES "PatrolAgent for MyApplication" /Priv
StartupParameters="-p Port#"
6 Set the service to be available (online) when the cluster is running.

cluster.exe clusterName RES "PatrolAgent for MyApplication" /ON
190
PATROL cluster-specific environment variables for history and configuration
PATROL cluster-specific environment variables

for history and configuration
To take advantage of failover tolerance for history files, you must create and set the
value of three environment variables. When creating and writing to history files, the
PATROL Agent searches for information in these files.
Variables
Table 43 describes the purpose of PATROL cluster-specific environment variables.
Table 43
PATROL cluster-specific environment variables
Environment variable
Description
PATROL_HISTORY
PATROL_HISTORY_PORTa
the location of history files

If this variable is empty or doesnt exist, the agent
writes the history files to
PATROL_HOME\log\history\ host\portnumber.
PATROL_VIRTUALNAME
PATROL_VIRTUALNAME_PORTa
an alias for the host name

uses the host name to identify history data within
the history files.
PATROL_CONFIG
PATROL_CONFIG_PORTa
the location of the configuration files

stores the configuration file in
PATROL_HOME\config.
To manage multiple PATROL Agents running on separate ports, append the port number
to the variable name. This situation occurs when PATROL Agents are bound to individual
applications such as Oracle, Exchange, Sybase, etc. Each agent uses a separate port number.
191
PATROL cluster-specific environment variables for history and configuration
Operation
When searching for configuration information and creating and writing to the history
database, the PATROL Agent uses the following logic to check for the existence of
PATROL cluster-specific variables.
Table 44
Operation of configuration and history environment variables
Variable type
Exists? Description
Virtual Name
yes
PATROL_VIRTUALNAME_8888 exists, the agent writes history using the virtual

name as the host name. Using the virtual name provides continuous history for an
application regardless of which host the application is running on.
The agent also uses the virtual host name to identify the configuration file changes
and the history database. Configuration file changes are written to
PATROL_HOME\config\config_virtualname_port.cfg. The history database is
written to the subdirectory structure history\virtualname\port, which will be
located in the directory pointed to by PATROL_HISTORY_PORT.
Configuration
File
History
Database
192
no
The agent writes history using the actual host name. If the application fails over,
the agent writes history using the new agents name. Using the actual hostname
creates gaps in the results of any dump_hist commands because the command
does not recognize that the same application ran on different hosts.
yes
PATROL_CONFIG_8888 exists, then the agent reads configuration information

from the location specified by this variable.
no
The agent reads from the default directory,

PATROL_HOME\config\config_virtualname or hostname-port
yes
PATROL_HISTORY_8888 exists, then the agent writes history to the location

specified by this variable
no
the agent writes to the default directory,

PATROL_HOME\log\history\virtualname or hostname\port\
Unattended configuration of Cluster Configuration Wizard
Example
The following example illustrates how the environment variables would be named
for a host using port 8888. It also depicts the directory structure and file location.
Environment variables
PATROL_HISTORY=K:\doc\work\histdir
PATROL_VIRTUALNAME=AliasHostName
PATROL_CONFIG=K:\doc\work\config
Directory structure
For the values provided in the Environment Variables section of this example, the
PATROL Agent stores configuration information and records the history data in the
following directory structure:
K:\doc\work\histdir\AliasHostName\8888\annotate.dat
K:\doc\work\histdir\AliasHostName\8888\param.hist
K:\doc\work\config\config_AliasHostName-8888
If these variables do not exist or they are empty, the PATROL Agent stores
configuration information and records the history data in the following directory
structure:
%PATROL_HOME%\log\history\HostName\8888\annotate.dat
%PATROL_HOME%\log\history\HostName\8888\param.hist
%PATROL_HOME%\config\config_HostName-8888
Unattended configuration of Cluster

Configuration Wizard
The Cluster Configuration Wizard file, pcc.exe, enables you to specify the installation
values in the pcc.cfg file. This configuration process is separate from the setup wizard
installation.
In the Cluster Configuration Wizard, the CreateCfgFile button enables you to create
the configuration file, pcc.cfg, for silent installation. You can use this file as a
command line argument for the pcc.exe file for silent installation and uninstallation.
193
Unattended configuration of Cluster Configuration Wizard
You can edit the pcc.cfg file for the different cluster groups that you want to configure,
for example:
pcc.exe apply pcc.cfg
pcc.exe remove pcc.cfg
However, you need to specify the full path of the pcc.cfg file in the above commands.
194
Chapter
Using the PATROL KM for Microsoft

Windows Active Directory Remote
Monitoring
5
This chapter provides you with information that you will need to use the PATROL
KM for Microsoft Windows Active Directory Remote Monitoring. The following
topics are discussed:
Using the PATROL KM for MS Windows Active Directory Remote Monitoring . . 196
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
Application classes, menu commands, InfoBox items, and parameters . . . . . . . 196
Chapter 5
Using the PATROL KM for Microsoft Windows Active Directory Remote Monitoring
195
Using the PATROL KM for MS Windows Active Directory Remote Monitoring
Using the PATROL KM for MS Windows Active

Directory Remote Monitoring
The PATROL Knowledge Module (KM) for Microsoft Windows Active Directory
Remote Monitoring product provides remote enterprise monitoring of Active
Directory objects. The Active Directory is the core feature of distributed systems in
Microsoft Windows Servers.
Overview
PATROL KM for Microsoft Windows AD Remote Monitoring allows you to monitor
remote sites, domain controllers in those sites, and FSMO roles from member servers
of a domain in the network.
The managed node must meet a few requirements to display information about
Active Directory objects as described in PATROL KM for Microsoft Windows Active
Directory Remote Monitoring.
Application classes, menu commands, InfoBox items, and

parameters
The following sections describe the application classes, menu commands, InfoBox
items, and parameters available for PATROL KM for Microsoft Windows AD Remote
Monitoring.
196
Application classes for the PATROL KM for Microsoft

Windows AD Remote Monitoring
Application class
Description
AD_RMT_SERVER_CONT
This main container instance is displayed with the following

label: AD from Client View. Discovery for this application
class creates the following instances:
the AD_RMT_SERVER_CONT container
the AD_RMT_FSMO_ROLE_CONNECTIVITY_CONT
container
an AD_RMT_FSMO_ROLE_CONNECTIVITY
application class instance for each FSMO role
an AD_RMT_DOMAINSITE application class instance for

all Active Directory site instances selected for monitoring
an AD_RMT_DOMAINCONTROLLER application class

instance for each Active Directory Domain controller in
the site selected for monitoring
AD_RMT_FSMO_ROLE_
CONNECTIVITY_CONT
This container application class holds the AD_RMT_FSMO_

ROLE_CONNECTIVITY application class instances.
AD_RMT_FSMO_ROLE_
CONNECTIVITY
Each instance monitors the connectivity status of one of the

FSMO role holders for the domain controller.
Domain controllers must be able to locate and establish
connection with the FSMO role holders.
There will be one instance named after each FSMO role:
AD_RMT_DOMAINSITE
schema Master
domain naming master
relative ID master
PDC emulator
infrastructure master
An instance is created for each site in the domain that you

select for monitoring.
Each instance monitors the number of global catalogs and
domain controllers in the domain site it represents.
AD_RMT_DOMAIN
CONTROLER
An instance is created for each domain controller in the

environment that you select for monitoring.
Domain controller connectivity is verified by using LDAP
and DNS records also check the Domain Controller.
Chapter 5
197
Menu commands provided by PATROL KM for Microsoft

Menu command
Description
AD_RMT_SERVER_CONT application class

Select Sites for Monitoring
enables you to select the sites in the domain that you want to
monitor
Application Trace
enables you to enable and disable the application trace
AD_RMT_DOMAINCONTROLER application class

Refresh Parameters
refreshes the values of all parameters for the selected

instance
Remove Instance
enables you to remove a domain controller instance from

monitoring
Collection Trace
enables you to enable and disable the collection trace
AD_RMT_DOMAINSITE application class

Select Domain Controller For enables you to select domain controllers in the site that you
Monitoring
want to monitor
Refresh Parameters

instance
Collection Trace
AD_RMT_FSMO_ROLE_CONNECTIVITY_CONT application class

Refresh Parameters

instance
Collection Trace
InfoBox items provided by PATROL KM for Microsoft

InfoBox item
Description
AD_RMT_SERVER_CONT application class
198
Forest name
the name of the Active Directory forest for the server
Domain name
the domain name of the server
FSMO Schema Master
the name of the server that is the holder of this role
FSMO Domain Naming

Master
FSMO Relative ID Master
FSMO PDC Emulator
FSMO Infrastructure Master
Agent Version
the version number of the PATROL Agent
InfoBox item
Description
Product Version
the version number of the PATROL KM for Microsoft

Windows AD Remote Monitoring product when it was
installed (not including subsequent patches)

IP Address
the IP address of the server
Forest Name
the name of the Active Directory forest for the server
Domain Name
the domain name of the server
Site Name
the name of the site to which the domain controller belongs
Global Catalog
indicates whether the domain controller is a Global Catalog

server
Parameters provided by PATROL KM for Microsoft Windows

AD Remote Monitoring
Parameters
Description
AD_RMT_FSMO_ROLE_CONNECTIVITY_CONT application class

ADRMTFSMOCollector
collects data for the FSMO role holder parameters
AD_RMT_FSMO_ROLE_CONNECTIVITY application class

AdFsConnectivity
reports the connectivity and availability of LDAP

This parameter performs a simple LDAP bind operation
locally on the FSMO role holders.
AdFsRoleChanged
AdLdFsResponseTime
detects and reports the following operations or master role

changes:
an FSMO role is moved to a different domain

controller
the current server acquires the role
reports the amount of time required to issue an LDAP

bind operation
The bind operation is performed locally on the domain
controller to eliminate network latency. If the bind
operation fails, a data point is not reported for that
collection cycle.
AD_RMT_DOMAINSITE application class

ADSiteCollector
collects data for the site parameters
DcInSite
reports total number of domain controllers in the site
GcInSite
reports total number of global catalog servers in the site
Chapter 5
199
Parameters
Description
200
AdDcCollector
collects data for the AD_RMT_DOMAINCONTROLER

application class parameters and starts the PSL collector
process for each domain controller instance
AdDcConnectivity
checks connectivity to the domain controller by using an

LDAP bind and raises an alarm if the domain controller is
demoted to member server
AdDnsARecordExists
shows the status of the DNS address (A) record
AdDnsDcLdapSrvRecordExists
shows the status of the DNS domain controller LDAP SRV

record
AdDnsGcLdapSrvRecordExists
shows the status of the DNS Global Catalog LDAP SRV

record
AdLdDcResponseTime
checks connectivity to the domain controller using LDAP

bind and shows response time to connect to the domain
controller
Chapter
Troubleshooting PATROL for

6
This chapter contains information for troubleshooting PATROL for Microsoft

Windows Servers.
This chapter contains the following topics:
PATROL KM for Microsoft Windows OS problems. . . . . . . . . . . . . . . . . . . . . . . . . . . 202
Process or job object data not displayed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
PATROL Generates Event 560 and 562 in the Windows security event log. . . . 203
Event filter parameters not automatically acknowledged . . . . . . . . . . . . . . . . . . 203
Newly installed protocols are not discovered. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
Event log summary instance cannot be removed . . . . . . . . . . . . . . . . . . . . . . . . . . 204
Windows event log does not work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
Multiple processes are selected when you select a single process . . . . . . . . . . . . 205
PatrolAgent has DiscoveryStatus parameter in alarm. . . . . . . . . . . . . . . . . . . . . . 205
PATROL KM for Event Management problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
Too many e-mail alerts are being generated . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
Parameters settings lost after agent restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
PATROL KM for Event Management not working as expected . . . . . . . . . . . . . 208
AS_AVAILABILITY application not displayed . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
Problems with all other KMs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
Cannot add performance monitor counters with alarm ranges less than 1 . . . . 209
AdPerfCollector parameter display error message . . . . . . . . . . . . . . . . . . . . . . . . 210
Recovery action problems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
Recovery actions do not execute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
recovery action . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
Gathering diagnostic information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
Locations where you can find diagnostic information . . . . . . . . . . . . . . . . . . . . . 212
Installation logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
Determining PATROL KM version number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
Chapter 6
201
PATROL KM for Microsoft Windows OS problems

problems
This section contains troubleshooting information for PATROL KM for Microsoft
Windows OS.
Problem type
Paage
Process or job object data not displayed
202
PATROL Generates Event 560 and 562 in the Windows security event
log
203
Event filter parameters not automatically acknowledged
203
Newly installed protocols are not discovered
203
Event log summary instance cannot be removed
204
Windows event log does not work
204
Multiple processes are selected when you select a single process
205
PatrolAgent has DiscoveryStatus parameter in alarm
205
Process or job object data not displayed

In the PATROL console, the Processes or Job Objects containers are offline, do not
display any instances, are not discovered, or do not collect data. The
_CollectionStatus parameter displays a message stating that a performance object is
not loaded or enabled.
In addition, if service executables are being monitored, the instances for those service
executables are not displayed.
Explanation
Solution
The Microsoft Performance counter

collector perfproc.dll is disabled.
To resolve this problem, enable perfproc.dll.

After you enable perfproc.dll, you may need to restart the PATROL
Agent.

cannot read a registry key.
The following registry may be locked and cannot be read by the

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Perflib\009
To resolve this problem, grant read access for this registry key to the
202
PATROL Generates Event 560 and 562 in the Windows security

event log
PATROL generates the following events in the Windows security event log:
Event ID 560 - Object Open

Event ID 562 - Handle Closed
Explanation
Solution
PATROL generates these events

during normal data collection if
success auditing is enabled for object
access.
To prevent PATROL from generating these events, you can turn off
success auditing for object access. This setting determines whether to
audit user access to an object. An object could be a file, folder,
registry key, printer, or other system object. For more information,
see Microsoft KB article 149401.
Event filter parameters not automatically acknowledged

Event filter parameters are not automatically acknowledged even though the event
filter is configured to do so, as specified on the Event Handling tab of the Configure
Windows Event Monitoring window. This behavior occurs for the following
parameters:
Explanation
ELMErrorNotification
ELMFailureAuditNotification
ELMInformationNotification
ELMNotification
ELMOtherTypesNotification
ELMSuccessAuditNotification
ELMWarningNotification
Solution
These parameters cannot be

Deselect the option to notify PATROL immediately when an event that
automatically acknowledged. matches the filter occurs. You cannot use the auto-acknowledge feature if the
event filter is configured to notify immediately. For more information about
this setting, see Configuring Windows events monitoring on page 106.
Newly installed protocols are not discovered

Protocols that are installed on the server are not discovered by PATROL even though
counters for the protocols are displayed in Microsoft Performance Monitor.
Chapter 6
203
Explanation
Solution
The PATROL Agent does not detect the new

performance objects.
Restart the agent or refresh the performance counters.
Event log summary instance cannot be removed

Each Windows event log application contains an instance named Summary that
cannot be removed.
Explanation
Solution
Configuration variable
setting needs to be
changed.
To permanently remove Summary instances from the event log applications, set
the value of the agent configuration variable OverrideSummaryAutoCreate to 1.
For more information, see OverrideSummaryAutoCreate on page 226.
Alternatively, you can also permanently remove the Summary instance by
following these steps:
1. Executing the KM menu command Configure Windows Event Monitoring.
2. From the Configure Windows Event Monitoring window, right-click the
Summary instance and select Delete.
Windows event log does not work

The Windows event log does not work correctly.
Explanation
Solution
Windows event log does not

work correctly.
The BMC PATROL Agent default account credentials are stored in the
/AgentSetup/defaultAccount agent pconfig variable.
Set the BMC PATROL default account so that the
/AgentSetup/defaultAccount agent pconfig variable is not blank.
Alternatively, you can also set the account for event log by adding the
/AgentSetup/NT_EVENTLOG.OSdefaultAccount pconfig variable, and
setting the username and password required for the event log KM in the
pconfig variable.
204
Multiple processes are selected when you select a single

process
Processes with names that contain the same string are all selected when you select
any one of those processes.
EXAMPLE
If you select the ABC process, 123ABCxyz, ABC2, 2ABC, and any other process with a name
that contains ABC are also selected.
Explanation
Solution
Multiple process are selected

even if you select only one
process.
If you want the product to add all the processes for monitoring, for which
you have the name of the process selected, select the Process(es) using a
regular expression for monitoring check box.
If you do not select this check box, the product only adds the process
instances for monitoring.
PatrolAgent has DiscoveryStatus parameter in alarm

PatrolAgent displays the DiscoveryStatus parameter in an alarm state, and the
Services, Event log and Logical disks application class are not visible.
Explanation
Solution
PatrolAgent has the

DiscoveryStatus parameter in
alarm.
Verify that the Microsoft Visual C++ 2005 Redistributable Package (x86),
which is part of BPM for Servers installation, is installed correctly.
If it is missing, you can install it from
http://www.microsoft.com/downloads/details.aspx?familyid=32bc1bee-a
3f9-4c13-9c99-220b62a191ee&displaylang=en
Chapter 6
205
PATROL KM for Event Management problems

This section contains troubleshooting information for the PATROL KM for Event
Management:
Problem type
Page
Too many e-mail alerts are being generated
206
Parameters settings lost after agent restart
207
PATROL KM for Event Management not working as expected
208
AS_AVAILABILITY application not displayed
208
Too many e-mail alerts are being generated

PATROL is generating too many e-mail messages, or too many notifications in
general or you are receiving notifications for events that are not important to you.
Explanation
Solution
Parameters and thresholds need

tuning.
Begin baselining and adjusting parameter thresholds.

Review the e-mail alerts to determine which parameters are generating
alerts. Then adjust the parameter thresholds, deactivate threshold ranges,
or deactivate parameters, as necessary. You can make these changes on
one remote agent and then use the PATROL Configuration Manager to
deploy these changes to other agents.
Blackout periods are needed.
If you are receiving alerts because systems are down for maintenance, you
should configure blackout periods that specify when alerts are not
generated. For more information, see the PATROL KM for Event
The rule
Set the rule /AS/EVENTSPRING/ALERT/arsAction to 0.
/AS/EVENTSPRING/ALERT/a
rsAction is set to 4.
If the arsAction rule is set to 4 for all PATROL objects, notifications are sent
for all events. Instead, you may want to disable notification for all
PATROL objects, by setting /AS/EVENTSPRING/arsAction to 0 at the
remote agent. Then, enable notification only for the desired applications,
instances, or parameters.
When you enable notification for a specific PATROL object, the following
configuration variable is created:
/AS/EVENTSPRING/ALERT/object/arsAction
206
Parameters settings lost after agent restart

Parameter poll times that are set using the PATROL KM for Event Management are
not retained upon agent restart.
Explanation
Solution
The allowsendparamonly variable exists in

Remove the allowsendparamonly variable.For
%PATROL_HOME%\common\patrol.d\PATROL.conf instructions, see Removing the
file and is set to true.
allowsendparamonly variable.
If this variable exists and is set to True, then
state change events for applications and
instances are not generated. This reduces
network traffic, but it also prevents the PATROL
KM for Event Management from detecting when
parameters become active after an agent restart.
Thus, the PATROL KM or Event Management
threshold and poll time settings are not applied.
etc/patrol.d/PATROL.conf does not exist.
If Patrol.conf file doesn't exist then all the agent

variables get set to TRUE. To resolve this
problem, obtain a copy of the file Patrol.conf
and remove the allowsendparamonly variable,
if it exists, as described in Removing the
allowsendparamonly variable.
To obtain the Patrol.conf file, copy it from
another computer or contact BMC Software
Support.
Removing the allowsendparamonly variable

1 Move patrol.conf from %PATROL_HOME%\common\patrol.d to a secure location.
2 Using the PACFG (PATROL Agent Configuration) utility, specify that secured
location.
3 Using Notepad (with word wrap disabled) or Wordpad, open patrol.conf.

4 Underneath the [AGENT] stanza, remove the following line:
allowsendparamonly=true
5 Save and close the file.

6 Reinitialize the agent.
Chapter 6
207
PATROL KM for Event Management not working as expected

The PATROL KM for Event Management shows any of the following problems:
It does not send events.

The NotifiedEvents parameter is offline.
Errors are displayed in the console system output window
Parameter thresholds are not applied.
Explanation
Solution
The PATROL KM for

Event Management
catalog file has been
overwritten.
On Windows platforms, if the PATROL Agent is installed after the PATROL KM for Event
Management, a PATROL KM for Event Management catalog file is overwritten. The PATROL
KM for Event Management must be installed after the PATROL Agent for the PATROL KM
for Event Management to function.
If you are running PATROL KM for Event Management 2.5.x and you do not want to upgrade
to version 2.6.00, you must ensure that you are using the correct event catalog file. For more
information, see To Ensure the PATROL KM for Event Management 2.5x uses Correct Event
Catalog File.
To Ensure the PATROL KM for Event Management 2.5x uses Correct Event
Catalog File
1 Stop the PATROL Agent service.
2 Rename %PATROL_HOME%\lib\knowledge\StdEvents.ctg to
%PATROL_HOME%\lib\knowledge\StdEvents.ctg.bak
3 Rename %PATROL_HOME%\lib\knowledge\StdEvents.ctg.date_PID to
%PATROL_HOME%\lib\knowledge\StdEvents.ctg ensuring that the correct backup
file that corresponds to the PATROL Agent installation is renamed.
4 Restart the PATROL Agent service.
AS_AVAILABILITY application not displayed

The AS_AVAILABILITY application icon is not displayed in the PATROL Console.
Explanation
Solution
Availability targets have Add availability targets. For more information, see the PATROL KM for Event
not been added.
Management User Guide. The AS_AVAILABILITY application class instantiates only
when availability targets have been defined.
208
Problems with all other KMs

This section contains troubleshooting information for all other KMs in the PATROL
for Windows product:
Problem type
Page
Cannot add performance monitor counters with alarm ranges less than 1
209
Cannot add performance monitor counters with alarm ranges less than 1
209
AdPerfCollector parameter display error message
210
Cannot add performance monitor counters with alarm ranges

less than 1
The PATROL Wizard for Performance Monitor and WMI does not allow decimal
alarm ranges that are less than one, yet the Performance Monitor counters values are
normally in this range.
Explanation
Solution
This problem is due to a

PATROL limitation. See the
suggested solution.
To resolve this problem, you can manually multiply or divide the PerfMon
counter to get appropriate values for display so that you can set appropriate
alarm ranges. For more information, see Customizing performance monitor
counters.
Customizing performance monitor counters

Since PATROL alarm ranges must be integer values, you cant create useful alarm
ranges if the Microsoft performance monitor counter values are normally less than 1.
However, by following this procedure, you can multiply the reported value by a
specified amount. This allows you to create meaningful alarm ranges. You can also
use this approach if the value reported by the counter is too large. In that case, you
would multiply the reported value by a a number less than 1.
To customize performance counters

1 Use the PATROL Wizard for Performance Monitor and WMI to create parameters
for a Performance Monitor counter, as described in Creating performance
monitor parameters on page 145.
2 Using PATROL Configuration Manager or the pconfig utility, display the

following configuration variable:
Chapter 6
209
/Perfmon/NT_PERFMON_WIZARD/object/Counters
where object is the Microsoft Performance Monitor object.
3 Edit the configuration variable value by adding, after the counter name, *multiplier,
where multiplier is the numerical value by which you want to multiply the reported
value.
For example, to multiple the reported value of the counter Active Threads by 100,
add *100 to the variable, as shown: Active Threads*100.
If you are monitoring multiple counters for the object, you can also multiple the
other counters by a multiplier. For example:
counter1*100,counter2,counter3*0.1
WARNING
When entering a multiplier that is less than 1, you must include a leading zero. For
example, you must enter 0.1, and not .1.
4 Apply the configuration change to the agent.

The value reported by PATROL for the selected counter is adjusted by the multiplier
that you entered.
AdPerfCollector parameter display error message

When a Windows Server 2003 or Windows 2000 Server machine is promoted to a
domain controller (DC), the annotated data point for the AdPerfCollector parameter
may display the following error message:
ERROR- Error: WBEM_E_INVALID_CLASS
Explanation
Solution
The required Microsoft

Follow the instructions in Microsoft Knowledge Base Article 266416 to dredge
Performance Counters are not the performance counters from the registry and make them available in WMI.
available in WMI.
210
Recovery action problems
Recovery action problems

This section contains troubleshooting information about PATROL for Microsoft
Windows Servers recovery actions:
Problem type
Page
Recovery actions do not execute
211
recovery action
211
Recovery actions do not execute

The built-in recovery actions are enabled but they do not execute. A message
indicating that access is denied may be displayed in the PATROL console system
output window.
Explanation
Solution
The PATROL Agent default

account lacks the rights to
execute the recovery action.
Assign local administrator rights to the PATROL Agent default account on the host
where you want to execute the recovery action. For more information about the
account rights required, see Accounts on page 46.
Even though I select Do not ask me again PATROL prompts

before running recovery action
Even though you select the option Do not ask me again, PATROL prompts you again
before running a recovery action.
For example, you configure the recovery action that terminates a runaway process
and specify that the recovery action runs only with operator confirmation. When the
recovery action is triggered, PATROL prompts you whether to terminate the process.
You enable the recovery action and select the option Do not ask me again. The next
time that the process is triggered to be terminated, it runs with a different PID and,
therefore, PATROL prompts you again before terminating the process.
Explanation
Solution
The process runs with a

different PID (process
identification) number and
appears to PATROL as a
different process.
This is a known issue. As a workaround, you can configure the recovery

action to run automatically instead of with operator confirmation. For more
information about configuring recovery actions, see Configuring recovery
actions on page 128.
Chapter 6
211
Gathering diagnostic information

The following section provides information about where you can obtain diagnostic
information.
Locations where you can find diagnostic information

The following table lists locations where you can find diagnostic information for
problems with PATROL for Microsoft Windows Servers.
Type
Location
Description
Installation
logs
%USERPROFILE%\Application
Data\BMCINSTALL\
See Installation logs.
System Output See the documentation for your PATROL The system output window contains messages
Window
console.
relating to the operation of KMs, including error
messages.
PATROL
From the PATROL console, right-click
Event Manager the host and select Event Manager.
The PATROL Event Manager shows all of the

PATROL related events for the host. You can
check here to determine if NOTIFY_EVENTS are
being generated.
PATROL
Diags
PATROL Diags provides a variety of information

about your environment that support requires.
From the PATROL console, load KM

PSX_APPLICATION_DEBUG and
right-click Application Trace icon =>
KM Commands => Create Diagnostic
Report
Installation logs
One log file is created each time the installer is run. The name of the log file is a
combination of the computer name and a time stamp. The log file is located in the
%USERPROFILE%\Application Data\BMCINSTALL\ directory.
For example, a log file for user bhunter on a Windows Server computer BHUNT_1
could be:
C:\WINNT\Profiles\bhunter\Application Data\BMCinstall\BHUNT_1-1005340189.log.
212
Determining PATROL KM version number

Follow these steps to determine the PATROL KM version that is installed on the host
machine.
To determine the PATROL KM version

1 From the PATROL console, access the top-level KM application.
2 Right-click the application and select the menu command InfoBox and described in
The PATROL KM version is displayed next to KM Version.
Chapter 6
213
214
Appendix
Accessing menu commands,

InfoBoxes, and online Help
A
BMC Software offers several PATROL consoles from which you can view a PATROL
Knowledge Module (KM). Because of the different environments in which these
consoles run, each one uses a different method to display and access information in
the KM. This appendix provides instructions for accessing the KM menu commands,
InfoBoxes, and online Help on each of the PATROL consoles. See the PATROL for
Windows Servers online Help for more detailed information about navigation in the
PATROL Consoles.
Accessing KM commands and InfoBoxes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216
Appendix A
215
Accessing KM commands and InfoBoxes
Accessing KM commands and InfoBoxes

Table 45 provides information about how to access KM commands and InfoBoxes
from the various PATROL consoles.
Table 45
Accessing KM Commands and InfoBoxes

To access
menu commands
To access
InfoBoxes
PATROL Console for Microsoft

Windows Servers
In either the Desktop tree tab or

work area, right-click a computer
or application icon and choose KM
Commands from the pop-up
menu.
In either the Desktop tree tab or

the work area, right-click an
application class or parameter icon
and choose InfoBox from the
pop-up menu.
PATROL Console for UNIX
In the work area, right-click a

computer or application icon to
display a pop-up menu that
contains KM-specific commands.
With the middle mouse button,

click an application class or
parameter icon.
PATROL Central Operator Windows Edition
In the navigation pane, right-click a In the navigation pane, right-click a

PATROL object and choose
managed system or application
InfoBox from the pop-up menu.
icon and choose Knowledge
Module Commands from the
pop-up menu.
PATROL Central Operator - Web

Edition
In the tree view area, right-click an In the tree view area, right-click a
PATROL object and choose
application icon and choose
Infobox from the pop-up menu.
Knowledge Module Commands
from the pop-up menu.
Console
216
Accessing online Help

Table 46 provides information about how to access Help from each console.
NOTE
If you are trying to access Help from a UNIX console, see the PATROL Installation Reference
Manual for specific instructions about installing and setting up a browser in the UNIX
environment.
Table 46
Console
PATROL Console for
Microsoft Windows
Servers
To access
product help
To access
application class help
From the console menu

bar, choose Help => Help
Topics => PATROL
Knowledge Modules.
Double-click an
application class in the KM
tab of the console. From
the Application Properties
dialog box, click the Help
tab. Then click Show Help.
To access parameter help
Right-click a parameter
icon and choose Help
On from the pop-up
menu.
Double-click a
parameter icon; click
the ? icon or Help
button in the
parameter display
window.
Double-click a
parameter in the KM
tab of the console; from
the properties dialog
box, click the Help tab;
then click Show Help.
PATROL Console for

UNIX

bar, choose Help On =>
Knowledge Modules.
Choose Attributes =>

Application Classes and
double-click the
application name. Click
Show Help in the
Application Definition
dialog box.
Right-click a parameter
icon and click Help On.
PATROL Central
Operator - Windows
Edition

bar, choose Help => Help
Topics. In the Contents
tab, click the name of your
product.
In the Operator tab of the

navigation pane, select an
application icon and press
F1.
In the Operator tab of the

navigation pane, select a
parameter icon and press
F1.
PATROL Central
Operator - Web
Edition
In the upper right corner of In the tree view, right-click In the tree view, right-click
an application class and
a parameter and choose
PATROL Central, click
Help.
Help and choose PATROL choose Help.
KM Help.
Appendix A
217
218
Appendix
Agent configuration variables and

rulesets
B
The variables described in this appendix are PATROL for Windows Servers agent
configuration variables that are set in the PATROL Agent. To view these variables,
use the PATROL Configuration Manager or the wpconfig utility. Information about
using PATROL Configuration Manager is included in this appendix.
This appendix also describes the PATROL Configuration Manager rulesets that are
provided for PATROL for Microsoft Windows Servers.
WARNING
Changing any of these agent configuration variables can prevent some functions from
working properly and can affect your entire installation. Before you change a variable, make a
record of the original setting.
Managing configuration variables. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

PATROL for Windows Servers configuration variables . . . . . . . . . . . . . . . . . . . . . . .
PATROL KM for Microsoft Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PATROL KM for Microsoft Windows Message Queue. . . . . . . . . . . . . . . . . . . . .
PATROL for Microsoft Windows Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PATROL for Microsoft Windows Servers rulesets . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PATROL KM for Event Management required . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using PATROL Configuration Manager to apply rulesets . . . . . . . . . . . . . . . . . .
Server roles with predefined rulesets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Ruleset reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using PATROL Configuration Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using PCM to apply configurations changes to other agents. . . . . . . . . . . . . . . .
Manually creating or changing configuration variables . . . . . . . . . . . . . . . . . . . .
Appendix B
220
220
220
236
239
242
248
249
250
251
252
252
252
253
255
265
265
266
219
Managing configuration variables
Managing configuration variables

BMC Software recommends that you set agent configuration variables by using a
console to configure PATROL for Windows Servers KMs. Use the PATROL
Configuration Manager or the wpconfig utility only to view variable settings or
deploy them to others machines.
PATROL for Windows Servers configuration

variables
The following sections lists the agent configuration variables associated with each
PATROL for Windows Servers component.
NOTE
For information about the PATROL KM for Event Management agent configuration variables,
see the PATROL KM for Event Management User Guide.

Table 47 on page 221 lists the PATROL KM for Microsoft Windows OS (the KM)
component variable settings. All PATROL KM for Microsoft Windows OS variables
are located in the following pconfig directory:
/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config
In Table 47 on page 221, if the default value is shown as NA, the configuration
variable has no applicable default value because the variable is created only when the
product is configured.
220
PATROL for Windows Servers configuration variables
Table 47
PATROL KM for Microsoft Windows OS variables (Part 1 of 16)
Directory path and variable
Description
Values
InactiveonMissingPerfObj
specifies whether the KM inactivates 0, 1

itself when a Microsoft performance
object is disabled
Default
empty
(0)
This configuration variable can also

be associated with any other KM.
Migrate37
specifies whether the KM migrates

the configurations from the registry
at every discovery cycle
0, 1
AlarmThreshold
the alarm threshold used when

automatic monitoring is enabled
greater than 0
NA
AutoDiscoveryTimeLimit
the length of time that a process can

exceed the AlarmThreshold before
the KM automatically monitors the
process
/ProcessMonitoring
integer > = 0
NA
-1 turns off this
feature
CollectionCount
the number of processes that the KM integer greater

collects performance data for at one than 0
time
DisablePatrolGroup
specifies whether the KM

automatically creates instances for
the PATROL group
NA
empty
0 = instances
are created
1 = instances
are not created
Note: You must also remove the

instances from the list of monitored
instances using the Configure
Manual Process Monitoring =>
Remove Processes menu command.
DisablePatrolRestart
specifies whether the PATROL agent 0, 1

restarts if it exceeds the processor%
threshold
StatusNumberofProcessesToDisplay specifies how many processes the

KM displays in the View Process
Status dialog box
empty
integer > = 0
All
All
StatusSortKey
the column that is used for sorting

the View Process Status dialog box
StatusSelectedColumns/list
NA
comma-separated list of columns the User%,Memory
KM displays in the View Process
Usage,VM
Status dialog box
size,Page
Faults/sec,Handle
s,Threads,Argume
nts
Appendix B
an existing column Pid
221
Table 47
Description
Values
Default
/ProcessMonitoring/ProcessConfigurationList/instance
EnableAlarmIfProcessDown
specifies whether the KM generates

an alarm when a process terminates
Yes, No
Yes
EnableAlarmIfProcessStarts
specifies whether the KM generates

an alarm when the process starts
Yes, No
No
ProcessName
the name of the monitored process
process name
process
name
StartupCommand
path to an executable command,

including any appropriate
command-line arguments that the
KM uses to start the process when
the process goes down
directory path
empty
TimeLimitForKillRunAwayProcess
length of time (in minutes) that the

process can remain in a run-away
state before the KM terminates the
process
integer > = 0;
a number of
minutes
empty
A run-away process is defined as a

process that exceeds the
PROCProcessorTimePercent
parameter alarm threshold for the
length of time specified by this
variable.
GroupList/list
list of the groups to which the

process belongs
group names
NA
ArgumentList/list
list of arguments for the configured

process
arguments
NA
UserDefinedProcess
specifies whether the process is a

user-defined process
Yes, No
Yes
222
Table 47
Description
Values
Default
/ServiceMonitoring
AutoResetServiceConfig
DisableAnnotation
DisableServiceRestart
DisableServiceMonitoring
enables and disables the automatic

resetting of specific service
monitoring flags
specifies whether annotations are

enabled or disabled for the
NT_SERVICES application
parameters
global setting that specifies restart

properties for all services.
For more information about using

this variable, see Ensuring that
services are restarted as desired on
page 119.
global setting that specifies whether

services are monitored
MonitorManualServices
removedServiceList
specifies whether manual services

are monitored
0 = disabled
1 = enabled
empty
0 or blank =
enabled
1 = disabled
empty
0 = yes,
automatic
restart
1 = no
automatic
restart
0 = enable
monitoring
1 = disable
monitoring
empty
0 = enabled
1 or blank =
disabled
empty
NULL
contains a list of services that have

been removed by the PATROL user
Note: The default value NULL
indicates that no services are
removed.
UseBackwardCompatibleName
enables you to remove the SERVICES

prefix from NT_SERVICES instance
names
0 or blank =
prefix
1 = no prefix
NA
Note: You must enter this variable

manually; the KM does not create it.
In version 3.9.00 of PATROL KM for
Microsoft Windows OS, the
NT_SERVICES instance names were
changed; they were prefixed with
SERVICES. This naming convention
is not fully backward compatible.
Appendix B
223
Table 47
Description
Values
Default
/ServiceMonitoring/ServiceList/service name
Alarm
AutoRestart
IgnoreAutoResetConfig
Monitor
specifies whether to alarm when the

service goes down
specifies whether to restart the

monitored service
specifies whether the global auto

reset feature applies to this service
This variable can be set only through

PATROL Configuration Manager.
specifies whether to monitor the

service
By default, only automatic and

running manual services are
monitored.
MonitorProcess
MonitorNotRespond
specifies whether the process

associated with the service is
monitored
specifies whether the KM runs the

command specified by the
NotRespondCmd variable
0 = no alarm
1 = yes, alarm
0 = no restart NA
1 = yes, restart
0 = yes,
automatic
reset
1 = no
automatic
reset
0 = no
monitoring
1 = yes,
monitor
NA
0 = no
1 = yes
0 = no
1 = yes
NotRespondCmd
the path to an executable that the KM path to an

runs if the variable
executable
MonitorNotRespond has a value of 1
OverrideGlobalServiceRestart
specifies whether the AutoRestart

variable for the monitored service
overrides the global
DisableServiceRestart variable
NA
NA
0 = do not
override
1 = override
NA
0 = do not
override
1 = override
NA
0 = alarm
1 = warning
You can set this variable only by

using PATROL Configuration
Manager.
OverrideGlobalServiceMonitoring
specifies whether the MonitorProcess

variable for the monitored service
overrides the global
DisableServiceMonitoring variable
You can set this variable only by

using PATROL Configuration
Manager.
WarningAlarm
224
specifies whether the service triggers

a warning instead of an alarm
Table 47
Description
Values
Default
specifies the location of the backup

directory for the event log
directory path
NA
/EventLogMonitoring
BackupDir
Example: D:\temp
Note: If the directory entered for the
backup directory does not exist, the
Backup and Clear Eventlog recovery
action fails.
IncludeAll
OverrideParameterAutoActivate
specifies whether all event logs are

discovered or only those configured
to be monitored
specifies whether to automatically

activate and automatically inactivate
event log parameters based on the
current configuration
0 = only
configured
1 = all
0
0 = use auto
configure
1 = do not use
auto configure
You can also use this variable to

inactivate or activate other
parameters. For example, you could
use the following variable to
inactivate the NT_HEALTH
parameters:
.../HealthMonitoring/OverridePara
meterAutoActivate
OverrideParameterFileFreeSpacePct specifies whether the parameter
AutoActivate
ELMEvFileFreeSpacePercent
automatically activates and
inactivates based on the current
configuration
0
0 = use auto
configure
1 = do not use
auto configure
This variables applies to all event

logs. You can also apply this variable
to specific event logs.
UseCheckPoint
specifies whether the event log uses a

checkpoint value to guarantee that
no events are missed if the PATROL
Agent is not running or the KM is not
loaded for a period of time
0 = do not use
1 = use
This is a global setting that can be

overridden by individual event log
configurations.
MaxResourceIdleRetainPeriod
the maximum amount of time, since

last accessed, that an event
description resource DLL is held in
cache
greater than 0
300
seconds
InclusionList/list
list of event logs that are monitored
list of event logs
NA
Appendix B
225
Table 47
Description
Values
Default
ExclusionList/list
list of event logs that are not

monitored
list of event logs
NA
DisablePEMInfoEvents
specifies whether to disable

information events generated by
XPC (psx_server.xpc).
TogglePEMOriginData
determines whether the event is

displayed in the event log name
format or the detailed format in PEM
(PATROL Event Manager)
specifies whether all occurring

events are sent to PEM (PATROL
Event Manager)
specifies whether all events that

match the configured event filters for
the event log are sent to PEM
(PATROL Event Manager)
specifies whether the default

behavior to automatically create the
Summary instance is overridden
0 = do not
disable
information
events
1 = disable
information
events
0 = event log
name format
1 = detailed
format
0 = do not
send
1 = send
0 = do not
send
1 = send
0 = do not
override
(create)
1 = yes,
override (do
not create)
/EventLogMonitoring/event log/
ForwardAllNTEventstoPEM
ForwardFilteredNTEventstoPEM
OverrideSummaryAutoCreate
OverrideParameterFileFreeSpacePct specifies whether the parameter

AutoActivate
ELMEvFileFreeSpacePercent
automatically activates and
inactivates based on the current
configuration
0
0 = use auto
configure
1 = do not use
auto configure
This variable applies to a specific

event log. You can also apply this
variable globally to all event logs.
UseCheckPoint
specifies whether the event log uses a

checkpoint value to guarantee that
no events are missed if the PATROL
Agent is not running or the KM is not
loaded for a period of time
0 = do not use
1 = use
CheckPoint
the last event log record that was

successfully recorded
greater than 0
EventFilters/child_list
a list that details the defined event

filters
list of event filters
Summar
y
226
Table 47
Description
Values
Default
/EventLogMonitoring/eventlog/EventFilters/filter
FilterEnabled
specifies whether the event filter is

enabled
0 = not
enabled
1 = enabled
Disabled event filters are not

discovered and do not collect events.
CreateInstance
specifies whether an application

instance is created for the event filter
0 = not created 1
1 = created
An application instance is not

required to collect data. However, if
an instance is not created, the only
way to retrieve the data collected by
the event filter is too subscribe to the
event filter data.
ParentInstance
allows the parent application

instance of an event filter to be
changed.
path to valid
PATROL
application
instance
NA
manual,
automatic, or
filtername
automatic
If this value is set, the event filter

instance is created with the specified
parent instance.
AcknowledgeBy
specifies how the event filter is

acknowledged
If the value of this variable is the
name of another event filter, the
event filter is automatically
acknowledged when the referenced
event filter criteria is satisfied.
Annotation
specifies whether the parameter data

point is annotated with event text
ConsolidateEventTypes
specifies whether event types are

consolidated
0 = do not
annotate
1 = annotate
0 = do not
0
consolidate
1 = consolidate
ConsolidationNumber
number of events that occur within a integer less than

specified time and are reported as
35791394
one event
ConsolidationTime
the time period in which events must integer less than

occur to satisfy the consolidation
35791394
criteria
EventReport
specifies whether event descriptions

are reported by means of a text
parameter
Appendix B
0 = do not
report
1 = report
227
Table 47

EventType
Description
Values
Default
specifies the type of events that are

filtered
1, 2, 4, 8, 16, 32,
and the sums of
any or all of these
numbers
For
security
event
log: 25
1 = Error
2 = Warning
4 = Information
8 = AuditSuccess
16 = AuditFailure
32= OtherType
All other
event
logs: 1
A valid value is any summation of

these types. For example, to monitor
both Warning and AuditFailure
events, use a value of 18 (2 +16).
FilterDescription
text that describes the event filter
IncludeAllCategories
specifies whether all event categories

are monitored
no restrictions
NA
1
If all categories are monitored (1),

then the CategoryList variable
represents an exclusion list.
Otherwise, it represents an inclusion
list.
CategoryList/list
a list of event categories that are

included or excluded from
monitoring, depending on the value
of the variable IncludeAllCategories
IncludeAllEventIds
specifies whether all event IDs are

monitored
list of event
categories
0 = not
monitored
1 = monitored
NA
If all event IDs are monitored (1),

then the EventIdList variable
list.
EventIdList/list
a list of event categories that are

included or excluded from
monitoring, depending on the value
of the variable IncludeAllEventIds
IncludeAllSources
specifies whether all sources are

monitored
list of event IDs
If all sources are monitored (1), then

the SourceList variable represents an
exclusion list. Otherwise, it
represents an inclusion list.
228
0 = not
monitored
1 = monitored
NA
Table 47
Description
Values
Default
SourceList/list
a list of sources that are included or

excluded from monitoring,
depending on the value of the
variable IncludeAllSources
list of event
sources
NA
IncludeAllStrings
specifies whether all text strings are

monitored
0 = not
monitored
1 = monitored
If all text strings are monitored (1),

then the StringList variable
list.
StringList/list
a list of text strings that are included list of text strings

or excluded from monitoring,
variable IncludeAllStrings
NA
IncludeAllUsers
specifies whether all users are

monitored
0 = not
monitored
1 = monitored
If all users are monitored (1), then the

UserList variable represents an
exclusion list. Otherwise, it
represents an inclusion list.
list of text strings
UserList/list
a list of users that are included or

excluded from monitoring,
variable IncludeAllUsers
RetainEventDescriptions
specifies whether event descriptions

are stored in the PATROL Agent
namespace for retrieval
the type of collection used for

collecting event data
Scheduling
MaxRecords
0 = do not
retain
1= retain
0=
Notification
1 = Polling
2 = Both
the maximum number of records that greater than 0

are held in psx_server.xpc memory
for the filter
Appendix B
NA
3010
229
Table 47
Description
Values
Default
SubscriberList/list
lists the subscriptions that exist for

the parent event log and filter
subscribers
empty
DisplayName
specifies the label that the KM places label for filter

under the filter instance
NA
Note: You must manually enter this

variable; the KM does not create it.
Setting this variable does not change
the instance name/namespace. This
variable is read only at initial filter
creation or parent instance change.
FilterDisableCase
specifies whether the filter

comparisons are made in a caseindependent manner
This variable has five bit values,

depending upon case sensitivity, one
bit corresponding to each of Source,
User, Category, String, and
Computer name, respectively. If any
bit value is 1, a case-independent
filter comparison is made for the
corresponding field.
00000 = none 0000

checked
(default)
11111 = all 5
categories
checked
a combination
of 0s and 1s,
depending on
which of the 5
categories
were checked
/EventLogMonitoring/event log/EventFilters/filterName
ComputerNamesList/list
lists the computers that are included list of computers

for monitoring or the computers that
are excluded from monitoring,
IncludeAllCompList variable
IncludeAllCompList
indicates whether all computers are

monitored
230
0 = none of the
computers are
monitored by
default, and
the
ComputerNa
mesList
variable is an
inclusion list
1 = all of the
computers are
monitored,
and the
ComputerNa
mesList
variable is an
exclusion list
empty
Table 47
Description
Values
Default
/EventLogMonitoring/eventlog/Subscribers/subscriber
Enabled
specifies whether the subscriber

(subscription) is enabled
0, 1
Filter
specifies the name of the filter that

notifies the subscriber when
monitored events are detected
filter name
empty
Function
specifies the function that the

Subscriber calls when notified of
events
function name
empty
Library
specifies the location of the library

that contains the function that the
Subscriber calls
library name
empty
EventForwardingHeartbeat
specifies the heartbeat configuration

that is passed to the PEM API
number that is
calculated using
valid values:
5000 <= x <=
1800000
30000
EventForwardingRetries
specifies the number of times the KM number that is

attempts to send an event
calculated using
valid values:
2 <= x <= 10
EventForwardingTimeout
specifies the timeout configuration

that is passed to the PEM API
number that is
calculated using
valid values:
5000 <= x <=
1800000
30000
MaxFilterRecords
specifies the maximum number of

records that the KM holds in XPC
(psx_server.xpc) memory for any
filter
number > 0
3010
ReportAccountName
specifies whether the KM obtains

account names from the SID
0, 1
/EventLogMonitoring/_TUNING_/
Appendix B
231
Table 47
Description
Values
Default
/JobObjectMonitoring/
ManualAcknowledge
whether job object parameters are

automatically activated or
inactivated based on the current
configuration
whether the PROCStatus parameter

is manually acknowledged
MonitorProcess
whether job object assigned

processes are monitored
IncludeAll
whether all job objects are discovered

or only the job objects specifically
configured to be monitored
0
0 = auto
configure
1 = do not auto
configure
0 = auto
acknowledge
1 = manually
acknowledge
0 = do not
monitor
1 = monitor
0 = only
configured
objects
1 = all
InclusionList/list
the job objects that are monitored
list of job objects
NA
ExclusionList/list
the job objects that are excluded from list of job objects
monitoring
NA
CollectionCount
number of processes for which

performance data is collected at one
time
NA
AnnotateProcStatus
whether the PROCStatus parameter

is annotated
specifies whether to destroy

acknowledged process instances
specifies whether the parameter

NT_CPU/CPUprcrProcessorTimePe
rcent for the _Total instance is
annotated with the top N CPUconsuming processes
DestroyAcknowledgeProcess
greater than 0
0 = no
1 = yes
0 = no
1 = yes
0 = no
1 = yes
/ProcessorMonitoring/
AnnotateTopProcs
AnnotateProcCount
integer greater
number of top processes to include
than 0
when annotating the
NT_CPU/CPUprcrProcessorTimePe
rcent parameter
DisableAnnotation

enabled or disabled for the NT_CPU
(icon labled Processor) application
parameters
10
0 or blank =
enabled
1 = disabled
ExclusionList/list
the processors that are excluded from list of processors

monitoring
NA
IncludeAll
specifies whether all processors are

monitored (except for the ones
specifically excluded)
232
0 = no
1 = yes
Table 47

InclusionList/list
Description
Values
Default
the processors that are monitored
list of processors
NA
integer
This variable is ignored unless the

/ProcessorMonitoring/IncludeAll
variable is set to 0.
CPUprcrStatus
the last count of the processors that

are monitored
/PagefileMonitoring/
IncludeAll
InclusionList/list
whether all network interfaces (less

those excluded) are monitored
the pagefiles that are monitored
0 = no
1 = yes
list of pagefiles
NA
list of pagefiles
NA

/PagefileMonitoring/IncludeAll
variable is set to 0.
ExclusionList/list
the pagefiles that are excluded from

monitoring
/NetworkInterfaceMonitoring/
IncludeAll
InclusionList/list
whether all network interfaces (less

those excluded) are monitored
the network interfaces that are
monitored
0 = no
1 = yes
list of network
interfaces
NA
list of network
interfaces
NA

/NetworkInterfaceMonitoring/Inclu
deAll variable is set to 0.
ExclusionList/list
the network interfaces that are

excluded from monitoring
/PhysicalDiskMonitoring/
InclusionList/list
the physical disks that are monitored list of device

numbers
NA
ExclusionList/list
the physical disks that are excluded

from monitoring
NA
IncludeAll
whether all physical disks are

discovered
list of device
numbers
0 = no
1 = yes
integer > 0
MaxReloadCounters

times that the KM can issue the
%RELOAD_COUNTERS command
empty
(no
limit)
RemovedPDList
stores the physical disk instances that list of deleted

instances
have been removed under the
NT_PHYSICAL_DISKS_CONTAINE
R application class
NA
whether the NT_FTP KM is activated
/NetworkProtocolMonitoring/
FTP/Active
Appendix B
0 = no
1 = yes
233
Table 47

ICMP/Active
IP/Active
IPX/Active
NETBEUI/Active
NETBIOS/Active
TCP/Active
UDP/Active
Description
Values
specifies whether the NT_ICMP KM

is activated
specifies whether the NT_IP KM is

activated
specifies whether the NT_IPX KM is

activated
specifies whether the NT_NETBEUI

KM is activated
specifies whether the NT_NETBIOS

KM is activated
specifies whether the NT_TCP KM is

activated
specifies whether the NT_UDP KM is

activated
Default
0 = no
1 = yes
0 = no
1 = yes
0 = no
1 = yes
0 = no
1 = yes
0 = no
1 = yes
0 = no
1 = yes
0 = no
1 = yes
/LogicalDiskMonitoring/
InclusionList/list
the logical disks that are monitored
list of logical disks NA
ExclusionList/list
the logical disks that are excluded

from monitoring
list of logical disks NA
IncludeAll
whether all logical disks are

discovered
0 = no
1 = yes
MaxReloadCounters

times that the KM can issue the
%RELOAD_COUNTERS command
DeletedLDList
stores a list of the deleted logical disk list of logical disk

instances
instances
NonAggregateParamValue
changes the values generated by the

following parameters:
integer > 0
LDldFreeSpacePercent
LDldFreeMegabytes
LDldDiskSpaceUsed
1
empty
(no
limit)
1 = values
shown for a
particular
drive instance
do not
consider the
mount drives
0 = value
shown is an
aggregate of a
particular
drive instance
and all of its
mount drives
/RegistryMonitoring/
InclusionList/list
list of registry keys that are

monitored
AnnotateValueChange
whether the RegValueChanged

parameter is annotated
234
list of registry keys NA
0 = no
1 = yes
Table 47
Description
Values
Default
/PrinterMonitoring/
DisableAnnotation

enabled (0 or blank) or disabled (1)
for the NT_PRINTER application
parameters
0 or blank =
enabled
1 = disabled
NA
InclusionList/list
the printers that are monitored
list of printers
NA
ExclusionList/list
the printers that are excluded from

monitoring
list of printers
NA
IncludeAll
whether all printers are discovered
TestConnectivity
specifies whether the KM pings the

printer to test connectivity
0 = no
1 = yes
0 = no
1 = yes
/HealthMonitoring/
ProcessorContentionThreshold
threshold for resource contention
0 to 100
30
MemoryContentionThreshold
threshold for memory contention
0 to 100
80
whether the WMIAvailability

parameter is automatically activated
or inactivated based on the current
configuration on Windows NT 4
whether the
Win32_WMISetting.HighThreshold
OnEvents property is auto-corrected
using the HighThresholdOnEvents
configuration variable
OverrideAutoConfigUpdate
HighThresholdOnEvents
minimum required value for the

WIN32_WMISetting
0
0 = auto
configure
1 = do not auto
configure
0
0 = auto
correct
1 = do not auto
correct
greater than 0
2000000
/BlueScreenKM/
ConfigureOptionUsed
allows you to configure the KM by

using three options. The KM looks
for a crash dump file as well as the
event (ID 6008).
Appendix B
1 = Event (ID 3
6008) only
monitors the
event id, 6008.
2 = Crash
Dump only
monitors the
crash, Dump.
3 = Default
monitors crash
dump or event
as per registry
configuration.
235
Table 47
Description
Values
Default
/AgentSetup/
NT_EVENTLOG.OSdefaultAccount allows you to provide a valid user
name and password for the PATROL
Agent default account.
The KM functions without specifying
the PATROL Agent default account.
Except for the Windows event log
KM, the PATROL KM for Microsoft
Windows works with a blank user
name and password for the PATROL
Agent default account.
When you enter a blank user name
and password for the PATROL
Agent default account, XPC
(psx_server.xpc) runs under the local
system account. The Windows event
log KM requires a valid user name
and password to connect to the
PATROL Agent using PEMAPI.

Table 48 lists PATROL KM for Microsoft Windows Domain Services component
variable settings.
Table 48
PATROL KM for Windows Domain Services variables (Part 1 of 3)
Description
Values
Default
IterationCount
the number of times to perform a

DNS test
text string
10
ResolveTestList
comma-separated list of IP
addresses to attempt during DNS
test
text string
NA
ServerIPAddress
IP address for DNS Server
text string
<Local
PATROL
Agent IP
Address>
ServerPortNumber
port of DNS Server
text string
53
TCPorUDP
protocol for DNS Test
1 = TCP
0 = UDP
/DomainKM/DNS/
236
Table 48
Description
Values
Default
IterationCount
the number of times to perform a

DNS test
text string
10
ResolveTestList
comma-separated list of IP
addresses to attempt during DNS
test
text string
NA
ServerIPAddress
IP address for DNS Server
text string
<Local
PATROL
Agent IP
Address>
ServerPortNumber
port of DNS Server
text string
53
TCPorUDP
protocol for DNS Test
1 = TCP
0 = UDP
SCOPEADD
raises a PATROL event when a

DHCP Scope is added
0 = no
1 = yes
SCOPEDEL

DHCP Scope is removed
0 = no
1 = yes
DHCPBAK
raises a PATROL event when the

DHCP database is backed up
0 = no
1 = yes
MBREL
raises a PATROL event when a new

master browser is elected
0 = no
1 = yes
MBRADD

member server is added to the
domain
0 = no
1 = yes
MBRDEL

member server is removed from the
domain
0 = no
1 = yes
BDCADD
raises a PATROL event when a BDC 0 = no

server is added to the domain
1 = yes
BDCDEL
raises a PATROL event when a BDC 0 = no

server is removed from the domain 1 = yes
DHCPADD

0 = no
DHCP server is added to the domain 1 = yes
DHCPDEL

DHCP server is removed from the
domain
0 = no
1 = yes
WINSADD

0 = no
WINS server is added to the domain 1 = yes
WINSDEL

WINS server is removed from the
domain
/DomainKM/DNS2000/
/DomainKM/DHCP/Events/
/DomainKM/Domain/
0 = no
1 = yes
/DomainKM/Server/
Appendix B
237
Table 48

IdleServerTime
Description
Values
Default
the number of minutes a server is

inactive before it is considered idle
string
comma-separated list of domain

servers that should not be
discovered by NT_REMOTE_
SERVERS
string
NA
the maximum number of shares that string

can be discovered by NT_SHARES
300
/DomainKM/RemoteServer/
ServerExcludeList
/DomainKM/Shares/
MaxShares
Note: Increasing this value above

300 may affect PATROL Agent
performance.
ShareExcludeList
comma-separated list of shared

directories that should not be
discovered by NT_SHARES
string
NA
comma-separated list of trust

relationships that should not be
discovered by NT_TRUST
string
NA
maximum number of user accounts

that can be discovered by
NT_USERS
string
300
string
NA
/DomainKM/Trust/
TrustExcludeList
/DomainKM/Users/
MaxUsers
Note: Increasing this value above

300 may affect PATROL Agent
performance.
UserExcludeList
238
comma-separated list of user

accounts that should not be
discovered by NT_USERS
PATROL KM for Microsoft Active Directory

Table 49 provides PATROL KM for Microsoft Windows Active Directory variable
settings.
Table 49
PATROL KM for Microsoft Active Directory variables (Part 1 of 4)
Description
Values
Default
/ActiveDirectory/Configuration/
DbRequiredPercent
minimum percentage of size for the number > 0 < 100 20

(percentage)
percent
Active Directory database if the
database and log files reside on
separate logical drives
This value is used by the
AdDiskSpaceAvailable parameter.
DbRequiredSpace
minimum amount of free space

required in kilobytes for the logical
drive that holds the database file
DisableAnnotations
enables/disables parameter
annotation. By default annotation is
enabled. To disable annotation for
all PATROL KM for Active
Directory parameters, add this
variable to pconfig and set the value
to 1.
controls the creation of the old

format (1.5.x) Active Directory event
filters
determines whether the KM deletes

the obsolete AD 1.5.x event filters
DisableEventConfig
DisableObsoleteEventFilters
number > 0
(kilobytes)
500000
kilobytes
0=annotate
1=do not
annotate
0 = auto
configure
1 = do not
auto
configure
0 = do not
delete
1 = delete
number of hours 12 hours

DomainNamingMasterConnStatus interval for checking LDAP
greater than 0
Sched
connectivity to the domain
controller that is the FSMO Domain
Naming Master
EnableRA
IncludedCNFObjectTypes
determines whether the KM

executes the Restart File Replication
Service recovery action that is
associated with the
AdFrsSidResolution parameter
determines the Active Directory
object types that the KM monitors
for replication collisions
Appendix B
0 = do not
execute
1 = execute
text string (object empty

types)
239
Table 49
Description
Values
Default
InfrastructureMasterConnStatus
Sched
interval for checking LDAP

controller that is the FSMO
Infrastructure Master
number of hours 1 hour

greater than 0
LdapGcConnStatusSched
determines the collection schedule

for the AdLdGcConnectStatus and
AdLdGcResponseTime parameters
number of
3600
seconds between seconds
collections
(1 hour)
LogRequiredPercent
minimum percentage required of

the Active Directory size if the
database and the log files reside on
separate logical drives
percentage > 0
but < 100
20
percent
This percentage is used by the

AdDiskSpaceAvailable parameter
LogRequiredSpace
minimum amount of space required number of

in kilobytes for the Active Directory kilobytes > 0
log files if the log files and the
database reside on the same logical
drive
200000
kilobytes

AdDiskSpaceAvailable parameter
PDCEmulatorConnStatusSched

controller that is the FSMO PDC
Emulator

greater than 0

RelativeIDMasterConnStatusSched interval for checking LDAP
greater than 0
controller that is the FSMO Relative
ID Master
ReplMonConfigNC
ReplMonDomainNC
SchemaMasterConnStatusSched
240
determines whether configuration

naming context replication
monitoring is enabled
determines whether domain

naming context replication
monitoring is enabled

controller that is the FSMO Schema
Master
0 = disabled
1 = enabled
0 = disabled
1 = enabled
number of hours 12 hours

greater than 0
Table 49

AlertMSGForRepliCollector
Description
Values
enables you to include the

AlarmPoint annotation text in
the alert message of the
AdReplicationCollector
parameter
0 = default
value
1 = include
AlarmPoint
annotation
text in the
alert
message
Default
0
/ActiveDirectory/Configuration/fully-qualified-server-name_
time out in
milliseconds
5,000
PingTimeout
provides a way to configure (on a

per-server basis) the timeout that is
used when a server is pinged for
availability - servers that are
connected through a slower link
may need this value increased
PingCount
number of pings 3
provides a way to configure (on a
greater than 0
per-server basis) the number of
times that a server is pinged to test
its availability - servers that are
connected through a slower link
may need this value increased (a
server is considered available if any
one ping is successful)
/ActiveDirectory/RpcConnection/
DisableCheckPointOverrides
indicates whether the KM overrides

the check point enabling for the FRS
event log
0 = override
do not
override

AdFrsRpcConnectivity parameter.
MaxWaitTime
number > 0
indicates the maximum amount of
time the KM waits in seconds for a
13509 FRS event to occur after a
13508 FRS occurs before considering
the 13508 FRS event an issue
14400
seconds

AdFrsRpcConnectivity parameter
Do not manually change the values of the following variables.
These variables contain state information that is used internally by the product. If you change these variables
manually, the product cannot operate correctly.
/ActiveDirectory/AgentSiteInfo
Appendix B
241
Table 49
Description
Values
Default
prevDCName
contains the last known qualified

domain name of the domain
controller
Do not manually change the

value of this variable.
prevDCSiteName
contains the name of the last known Do not manually change the
site where the domain controller
resided
/ActiveDirectory/ReplConfig/replication context replication source/

replication context
contains information that specifies a ConfigNC

DomainNC
configuration naming context or a
domain naming context, for
example,
/ActiveDirectory/ReplConfig/Con
figNCwaternoose.monsters.inc/first
NonResponse
firstNonResponse
contains the UTC time when the KM Do not manually change the
determined that the replication source value of this variable.
was non-responsive
lastChangeTime
contains the UTC time when the

replication source last updated its
replication object
origChangeTime
contains the UTC time when the KM Do not manually change the
determined that the replication source value of this variable.
might have failed to replicate
prevObjectVersion
contains the last known version of

an object; the KM uses this
information to determine whether
or not a change was replicated



Table 50 provides PATROL KM for Microsoft Cluster Server variable settings.
Table 50
PATROL KM for Microsoft Cluster Server variables (Part 1 of 6)
Description
Values
Default
AccountInfo
stores the Cluster account

information
username/
encrypted
password
NA
ClaInsideCluster
indicates whether the cluster level

agent can run on a cluster node
0, 1
/MCS/
242
Table 50
Description
Values
Default
DisableServiceAutoRestart
indicates whether the McsService is

0, 1
automatically started and stopped by
the KM
DisableParmOverrides
indicates whether the MCS_Clusters

parameters, McsGwConAvailable,
McsGatewayStatus, and
McsServiceStatus, are automatically
activated and inactivated by the KM
0, 1
PingIpTimeout
specifies the amount of time the KM integer > 0

waits before timing out when pinging
an IP resource
5000
ServiceCollWaitTime
integer > 0 but

specifies the amount of time in
=< 300
seconds that the McsServiceStatus
parameter waits for the McsService to
start before generating an alarm
60
applicationClass_AnnotationMode
stores the annotation mode setting for On, Off, or

the following application classes:
Error
NA
MCS_Groups
MCS_Group_Resources
MCS_Nodes
MCS_Performance
The annotation mode is set through

the PATROL Admin => Configure
Annotation Mode menu command.
clusterInstance_CluDBBackupPath stores backup path for the Cluster
database.
directory path
NA
The path is not set by default, and

therefore the BackupClusterDatabase
parameter is offline. The path is set
through the Quorum Admin
(MCS_Quorum) => Set Backup Path
menu command.
list of file
clusterInstance_FileShareExclusion stores excluded file shares. If a file
List
share has been excluded, then it will shares
not be monitored by the
FileShareUnAvailable parameter.
Excluded file shares are displayed in
the Desktop tree and data is collected
from them by the ResourceStatus
parameter. You can exclude file
shares through the PATROL Admin
(MCS_Groups) => Maintain
Exclusion List => Exclude File
Shares menu command.
Appendix B
NA
243
Table 50

clusterInstance_IPExclusionList
Description
Values
Default
stores excluded IP addresses
list of IP
addresses
NA
If an IP address has been excluded,

then it will not be monitored by the
CheckIPResourceColl parameter.
Excluded IP addresses are displayed
in the Desktop tree and data is
collected from them by the
ResourceStatus parameter. You can
exclude IP addresses through the
PATROL Admin (MCS_Groups) =>
Maintain Exclusion List => Exclude
IP Address menu command.
244
clusterInstance_ResourceExclusion stores excluded resources. If a

List
resource has been excluded, then the
resource is not monitored and an
instance is not created. You can
exclude resources through the
PATROL Admin (MCS_Groups) =>
Maintain Exclusion List => Exclude
Resources menu command.
list of resources NA
clusterInstance_UpTimeBaseLine
time in seconds NA
stores the start date and time for the

ClusterAvailability parameter. You
can set the start date and time
through the PATROL Admin
(MCS_Cluster) => Set Available
Start Date menu command.
Table 50
Description
Values
clusterName_NetworkNameForFileS determine whether a network name

hares
has been designated for the file share
resources of the cluster. If a name has
been entered in the
/MCS/clusterName_NetworkNameFor
FileShares variable, the KM attempts
to map the file shares using that
network name.
Default
the name of
a network
null (the
KM maps
the file
share
resources
to a default
network)
The FileShareUnAvailable parameter

has been modified to read this
pconfig variable.
You can provide the network name
for the file shares through the
PATROL Admin (MCS_Group) =>
Assign Network Name menu
command.
Enter the network name in the dialog
box. The network name is stored in
the variable,
/MCS/clusterName_NetworkNameFor
FileShares.
Appendix B
245
Table 50

DomainInclusionList
Description
Values
Default
stores the domain name being

monitored.
domain name
NA
To monitor an additional domain,

you must add a variable to the agent
configuration database. Before
loading and configuring the KM,
verify that the domain with the
cluster nodes trusts the domain with
the cluster-level agent.
Adding a domain:
1. Create a change file as a plain text
file using any text editor with the
following content:
Note: wpconfig command options are
case sensitive.
PATROL_CONFIG
/MCS/DomainInclusionList = {
REPLACE = DomainName }
2. Execute on the command line:
wpconfig +Reload your-filename
246
hostName_LogMonKeyAlarm
stores keywords that the KM searches list of

for in the cluster log file. If any of the keywords
keywords are found, the
ClusterLogFileError parameter sends
an alarm. Define the keywords
(MCS_Nodes) => Maintain
Keywords menu command. By
default, no keywords are defined, and
the parameter is offline.
hostName_LogMonKeyDate
time in seconds NA
stores the date from which the KM
searches for defined keywords in the
cluster log file. If any of the keywords
are found, the ClusterLogFileError
parameter sends an alarm or
warning. Define the date and
keywords through the PATROL
Admin (MCS_Nodes) => Maintain
default, no date or keywords are
defined, and the parameter is offline.
NA
Table 50
Description
Values
Default
hostName_LogMonKeyWarn
stores keywords that the KM searches list of

for in the cluster log file. If any of the keywords
keywords are found, the
ClusterLogFileError parameter sends
a warning. Define the keywords
(MCS_Nodes) => Maintain
default, no keywords are defined, and
the parameter is offline.
NA
MenuCmdROMode
True, Fales
stores the read-only setting for the
Cluster Admin Commands. Change
the read-only setting through the
PATROL Admin (MCS_Clusters) =>
Configure Menu Cmd RO Mode
menu command. Read-only is
disabled by default.
NA
MonitoredClusterList
list of clusters
stores the clusters you are
monitoring. Change the list through
the PATROL Admin
(MCS_Clusters) => Select Cluster to
Monitor menu command.
NA
UptimeCollWaitTime
number >0
specifies in seconds the amount of
time that the Uptime Collector spends
waiting for the PATROL Uptime
resource to send data
300
Appendix B
247
PATROL KM for Microsoft Windows Message Queue

Table 51 provides PATROL KM for Microsoft Message Queue variable settings.
Table 51
PATROL KM for Windows Message Queue variables
Description
Values
Default
QueueMsgCountThreshold
the number of messages currently

managed by the MSMQ service
0-999999
450000
QueueMsgSizeThreshold
the size, in kilobytes, of all message

queues managed by the MSMQ
service
0-2000000
1600000
ScheduledServers
a text string that specifies the

scheduled servers and their
respective scheduled interval (in
minutes)
ServerName1,Ti NA
meInterval|Serv
erName2,TimeIn
terval2...
/MQ_SERVER/
Valid time intervals are 0-60

minutes. A value of 0 turns off
round-trip scheduling for the
specified server.
/MQ_QUEUES/
248
JournalMsgCountThreshold
the number of messages currently in 0-999999

the queue
450000
JournalMsgSizeThreshold
the number of kilobytes used by all

messages in the queue
0-2000000
1600000
QueueMsgCountThreshold
the number of messages in the

journal queue
0-999999
450000
QueueMsgSizeThreshold
the size in kilobytes of all messages

in the journal queue
0-2000000
1600000

Table 52 provides PATROL KM for Microsoft COM+ variable settings.
Table 52
PATROL KM for Windows COM+ variables
Description
Values
Default
/COM_PLUS/Applications/
ApplicationName
specifies the monitoring

properties for the COM+
application
X:Y:Z: <List>where,
1:1:5
X = 0; Do not monitor.
X = 1; Monitor.
Y = 0; Do not restart if the COM+
application is stopped.
Y= 1; Restart the COM+
application if it is stopped.
Z = The number of times the
COM+ application is restarted that
causes an alarm. Z is used only if Y
=1.
<List> Represents a comma
separated list of the methods being
monitored for this application in
format
<MethodName>\<InterfaceName
>\<ComponentName>
Appendix B
249

Table 53 provides the PATROL Wizard for Microsoft Performance Monitor and WMI
variable settings.
Table 53
PATROL Wizard for Performance Monitor and WMI variables (Part 1 of 2)
Description
Values
Default
Name
lists the NT_PERFMON_WIZARD

application class name
comma
separated list
NA
Objects
comma-separated list of objects to

monitor
comma
separated list
NA
/Perfmon/NT_PERFMON_WIZARD
/Perfmon/NT_PERFMON_WIZARD/object/
Counters
comma-separated list of counters

monitored for the object
comma
separated list
NA
Instances
comma-separated list of instance of

the object to monitor
comma
separated list
NA
/Perfmon/NT_PERFMON_WIZARD/object/counter
AlarmMax
the upper-level alarm threshold for a any integer

specific counter instance
NA
AlarmMin
the lower-level alarm threshold for a any integer

specific counter instance
NA
WarnMax
the upper-level warning threshold

for a specific counter instance
any integer
NA
WarnMin
the lower-level warning threshold

for a specific counter instance
any integer
NA
Parameters
comma-separated list of NT_WMI

parameters
comma
separated list
NA
ConnectAs32Bit
allows you to connect a 64-bit

Windows environment to a 32-bit
WMI provider.
/Perfmon/NT_WMI/
By default, this pconfig variable is

not present at the time of
installation.
You need to manually add the
/Perfmon/NT_WMI
/ConnectAs32Bit pconfig variable
and set it to a value of 1.
/Perfmon/NT_WMI/name
250
Table 53
PATROL Wizard for Performance Monitor and WMI variables (Part 2 of 2)
Description
Values
Default
Query
WQL query used in the created

NT_WMI parameter
string
NA
AlarmMax
the upper-level alarm threshold for a any integer

specific NT_WMI parameter
NA
AlarmMin
the lower-level alarm threshold for a any integer

specific NT_WMI parameter
NA
WarnMax
the upper-level warning threshold

for a specific NT_WMI parameter
any integer
NA
WarnMin
the lower-level warning threshold

for a specific NT_WMI parameter
any integer
NA
PATROL for Microsoft Windows Servers

Table 54 provides the PATROL for Microsoft Windows Servers variable settings.
These variables are applicable to any KM in the PATROL for Microsoft Windows
Servers solution.
Table 54
PATROL for Microsoft Windows Servers variables
Description
Values
Default
/RecoveryActions/application class/instance/parameter/
Description
The name of the recovery action.
HelpID
Help topic ID associated with the recovery integer

action. This variable is used internally.
NA
Mode
The mode under which the recovery action 1, 2, 3

runs:
NA
text description NA
Run automatically (1)

Run only with operator confirmation
(2)
Do not execute (3)
For more information about these modes,

see Configuring built-in native recovery
actions on page 132.
Suspend
whether to temporarily pause the recovery 0 = no

action
1 = yes
Wait
the amount of time PATROL waits for

confirmation to run the recovery action. If
you do not provide confirmation within
the allotted time, PATROL does not run
the recovery action.
Appendix B
number of
seconds
NA
NA
251
PATROL for Microsoft Windows Servers rulesets

rulesets
PATROL for Microsoft Windows Servers provides pre-configured rules that are
organized into rulesets for the major Microsoft server roles, such as the file server and
print server roles. A rule is an instruction applied to a PATROL Agent that instructs
the agent to change a variable in its agent configuration database. A ruleset is a
collection of rules, which are stored as text files with .cfg extension.
These PATROL for Microsoft Windows Servers predefined rulesets include the
following configuration settings:
preloaded KMs
services whose process monitoring is enabled
processes that are monitored
Windows events that are monitored
additional Windows Performance Monitor counters that are monitored (added as
parameters beneath the NT_PERFMON_WIZARD application class)
NOTE
PATROL automatically monitors services whose startup property is automatic. However,
PATROL monitors only whether the service is available. When process monitoring is enabled
for the service, PATROL also monitors how much memory and CPU a service executable
consumes. In the ruleset descriptions in this chapter, the services whose process monitoring is
enabled are noted.
PATROL KM for Event Management required

To use the PATROL Configuration Manager to view or manage a PATROL agent
configuration or to apply rulesets, the PATROL KM for Event Management must be
loaded on the PATROL Agent machine. For more information about loading KMs,
see .
Using PATROL Configuration Manager to apply rulesets

Instead of manually configuring the monitoring of each server, you can use the
PATROL Configuration Manager to apply these predefined rulesets to a server. If
you need to change a ruleset, you can do so on one server, save the ruleset, and then
apply the new ruleset to other like servers.
252
For more information about applying rulesets, see Using PATROL Configuration
Manager on page 265.
For more information about the PATROL Configuration Manager, see the PATROL
Configuration Manager User Guide.
Editing predefined rulesets prior to applying

With the exception of the SMS rulesets, you can apply the predefined rulesets directly
to any Windows server. For the SMS rulesets, you must first perform the following
minor edits and then apply the rulesets.
To edit SMS rulesets before applying

1 In a text editor, open the files Primary_Site_Role.cfg and Site_Role.cfg.
2 Replace all occurrences of %SITECODE% with the uppercase 3-character SMS site
code.
3 Replace all occurrences of %WMIPATH% as follows:
For SMS 2.x Servers cimv2\\sms

For SMS 2003 Servers sms
4 Save the files.
Server roles with predefined rulesets

The PATROL for Microsoft Windows Servers predefined rulesets are installed in the
following directory:
%PATROL_HOME%\pconfmgr\rulesets\Shipped\Operating_System_KMs\Windows_
KM
Rulesets are provided for the server roles shown in Table 55. Figure 4 on page 255
shows these rulesets as they appear in the PATROL Configuration Manager interface.
Table 55
Server roles (Part 1 of 2)
Role
Ruleset file
Description
File server ruleset
PRU_FileServer.cfg
provide and manage access to files
Print server ruleset
PRU_PrintServer.cfg
provide and manage access to printers
Application server
ruleset
PRU_ApplicationServer.cfg
provides key infrastructure and services to

applications hosted on a system
Appendix B
253
Table 55
Server roles (Part 2 of 2)
Role
Ruleset file
Description
Mail server ruleset
PRU_MailServer.cfg
provide e-mail services to users
Terminal server
ruleset
PRU_TerminalServer.cfg
can provide a single point of installation that gives

multiple users access to any computer that is running
a Windows Server 2003 operating system
Remote access/VPN PRU_RasVpnServer.cfg

server ruleset
provides a full-featured software router and both dialup and virtual private network (VPN) connectivity for
remote computers
DNS server ruleset
PRU_DNSServer.cfg
enables client computers on your network to register

and resolve user-friendly DNS names
Streaming media
server ruleset
PRU_MediaServer.cfg
provides Windows Media Services to your

organization
WINS server ruleset PRU_WINSServer.cfg
maps NetBIOS names to IP addresses and centrally

manages the name-to-address database
Domain controller
ruleset
stores directory data and manages communication

between users and domains, including user logon
processes, authentication, and directory searches
PRU_DomainServer.cfg
SMS primary site Primary_Site_Role.cfg

ruleset
stores SMS data for the primary site and all the sites
beneath it in a SQL Server database
SMS site ruleset
attaches to and reports to a primary site
254
Site_Role.cfg
Figure 4
Shipped rulesets in PATROL Configuration Manager
Ruleset reference
The following section describes the ruleset configuration settings. The rulesets define
monitoring that is enabled beyond what is enabled by default in the KM.
The configuration variables (rules) for each type of ruleset are stored in the agent
configuration database in the location shown in Table 56. For more information about
the specific configuration variables associated with each type of configuration setting,
see the page referenced in Table 56.
Table 56
Configuration variable locations (Part 1 of 2)
Configuration setting
Location of configuration variable(s) (rules)
See also
Preloaded KMs
\AgentSetup\preloadedKMs
NA
Services with process

monitoring enabled
\PSX_P4WinSrvs\PWK_PKMforMSWinOS_config\ServiceMonitori page 223

ng\ServiceList\servicename
Appendix B
255
Table 56
Configuration variable locations (Part 2 of 2)
Configuration setting
Location of configuration variable(s) (rules)
Processes monitored
\PSX_P4WinSrvs\PWK_PKMforMSWinOS_config\ProcessMonitori page 221

ng\ProcessConfigurationList\processname
Windows events
monitored
\PSX_P4WinSrvs\PWK_PKMforMSWinOS_config\EventLogMonit
oring\eventlog\EventFilters\filtername
page 225
Additional Windows
PerfMon counters or
WMI objects monitored
\PerfMon\NT_PERFMON_WIZARD\countername
page 250
See also
(The default polling interval for all added PerfMon or WMI

parameters is 10 minutes, unless otherwise noted.)
Preloaded KMs for all rulesets

The following KMs are preloaded for all of the rulesets. The ruleset descriptions that
follow list any additional KMs that are preloaded for the respective ruleset.
NT
NT_OS
NT_CACHE
NT_CPU*
NT_MEMORY
NT_PAGEFILE*
NT_SYSTEM
NT_LOGICAL_DISK*
PATROL_NT
NT_SERVICES*
NT_PROCESS*
NT_HEALTH
NOTE
An asterisk indicates that all KMs that start with the stem are included. For example,
NT_CPU* indicates both NT_CPU and NT_CPU_CONTAINER.
Application server ruleset

Table 57 shows the application server ruleset properties.
Table 57
Application server ruleset (Part 1 of 2)
Preloaded KMs
(PRU_ApplicationServer.kml)
256
COM_*
NT_EV*
NT_PERFMON*
Table 57
Application server ruleset (Part 2 of 2)
Services with Process

Monitoring Enabled
World Wide Web Publishing Service (process monitoring enabled)

IIS Admin Service
Simple Mail Transport Protocol (SMTP) Service
FTP Publishing Service
Network News Transfer Protocol (NNTP) Service
Distributed Transaction Coordinator
COM+ System Application (process monitoring enabled)
COM+ Event Service (process monitoring enabled)
Remote Services (COM and RPC)
Processes Monitored
inetinfo.exex
Error events from .NET Runtime source (application event log)

Error and warning events from ASP.NET (application event log)
Windows Events Monitored
Additional Perfmon Counters

Monitored
Active Server Pages Errors/Sec

ASP.NET Requests Rejected
ASP.NET Requests Queued
ASP.NET Application Errors Unhandled During Execution/Sec
ASP.NET Application Errors Total/Sec
.NET CLR Data Sqlclient: Total # failed commands
.NET CLR Exceptions # of Exceps Thrown/sec
.NET CLR Jit Standard Jit Failures
.NET CLR Loading Rate of Load Failures
Web Service Current Blocked Async I/O Requests
Web Service Locked Errors/sec
Web Service Not Found Errors/sec
Appendix B
257
Terminal server ruleset

Table 58 shows the terminal server ruleset properties.
Table 58
Terminal server ruleset
Preloaded KMs
(PRU_TerminalServe
r.kml)
Services with
Process Monitoring
Enabled
Processes
Monitored
NT_EV*
NT_PERFMON*
Terminal Services (process monitoring enabled)
Terminal Services Session Directory (process monitoring enabled)
None
Windows Events
Monitored
Additional Perfmon
Counters
Monitored
Error and warning events from TermService (system event log)

Error and warning events from TermServLicensing (system event log)
Error and warning events from TermServDevices (system event log)
Terminal Services Active Sessions
Terminal Services Inactive Sessions
Terminal Services Total Sessions
System Processes
Remote access/VPN server ruleset

Table 59 shows the Remote Access/VPN Server ruleset properties.
Table 59
Remote access / VPN server ruleset
Preloaded KMs
(PRU_RasVpnServer.kml)
NT_EV*
NT_PERFMON*
Services with Process Monitoring

Enabled
Remote Access Service (process monitoring enabled)
Processes Monitored
None
Error and warning events from Remote Access (system event log)

Monitored
258
RAS Total Total Connections

RAS Total Total Errors\Sec

Table 60 shows the Print Server ruleset properties.
Table 60
Preloaded KMs
(PRU_PrintServer.kml)
NT_EV*
NT_PRINT*

Monitoring Enabled
Spooler
Processes Monitored
spoolsv.exe
Error and warning events from Print source (system event log)
Additional Perfmon
Counters Monitored
None
Domain controller ruleset

Table 61 shows the Domain Controller ruleset properties.
Table 61
Domain controller ruleset
Preloaded KMs
(PRU_DomainServer.kml)
NT_EV*
NT_DOMAIN
NT_MEMBER_SERVER
AD_AD*

Monitoring Enabled
Windows Time (process monitoring enabled)
Processes Monitored
None

Additional Perfmon
Counters Monitored
Error and warning events from NT File Replication Service (file replication
service event log)
Error and warning events from source LSASERV (system event log)
Error and warning events from source SAM (system event log)
Error and warning events from source NetLogon (system event log)
Error and warning events from source Windows Time (system event log)
Error and warning events from source KDC (system event log)
Error and warning events from source UserEnv (application event log)
Error and warning events from DNS API (system event log)
None
Appendix B
259
File server ruleset

Table 62 shows the File Server ruleset properties.
Table 62
File server ruleset
Preloaded KMs
(PRU_FileServer.kml)
Services with Process Monitoring

Enabled
Processes Monitored

Additional Perfmon Counters Monitored
NT_DFS*
NT_EV*
NT_DOMAIN
NT_MEMBER_SERVER
NT_PHYSICAL_DISKS*
Netlogon
dmserver
services.exe
lsass.exe
svchost.exe (with any argument)
Error and Warning events from DfsSvc (system event log)
Error and Warning events from NtFrs (file replication service
event log)
None
Mail server ruleset

Table 63 shows the Mail Server ruleset properties.
Table 63
Mail server ruleset
Preloaded KMs
(PRU_MailServer.kml)

Monitoring Enabled
Processes Monitored

Monitored
260
NntpSvc
Pop3Svc (process monitoring enabled)
RpcSs (process monitoring enabled)
SMTPSVC (process monitoring enabled)
None
NT_EV*
NT_PERFMON*
Error and warning events from Pop3Svc (application event log)

Error and warning events from SMTPSvc (system event log)
POP3 Service Messages delivered/sec
POP3 Service Sockets in use
SMTP NTFS Store Driver Messages in the queue directory
SMTP Server Connection Errors/sec
SMTP Server Outbound Connections Refused
DNS server ruleset

Table 64 shows the DNS Server ruleset properties.
Table 64
DNS server ruleset
Preloaded KMs
(PRU_DNSServer.kml)
NT_DNS_2000
NT_DOMAIN
NT_MEMBER_SERVER
NT_EV*
NT_PERFMON*
Additional Active
Parameters
None

Monitoring Enabled
None
Processes Monitored
dns.exe
Additional Perfmon
Counters Monitored
Error and warning events from source DNS (DNS event log)
Error and warning events from source DNS API (system event log)
Error and warning events from source DNS Cache (system event log)
DNS Caching memory
DNS Dynamic Update Received/sec
DNS Total Query Received/sec
DNS Database Node Memory
DNS Dynamic Update Written to Database/sec
WINS server ruleset

Table 65 shows the WINS Server ruleset properties.
Table 65
WINS server ruleset
Preloaded KMs
(PRU_WinsServer.kml)
NT_DOMAIN
NT_MEMBER_SERVER
NT_EV*
NT_WINS*
Additional Active Parameters
None
Services with Process Monitoring Enabled
WINS
Processes Monitored
None
Error and warning events from WINS (system event log)
None
Appendix B
261
DHCP server ruleset

Table 66 shows the DHCP Server ruleset properties.
Table 66
DHCP server ruleset
Preloaded KMs
(PRU_DhcpServer.kml)
NT_DOMAIN
NT_MEMBER_SERVER
NT_EV*
NT_DHCP*
None
Services with Process Monitoring Enabled
DHCPServer
Processes Monitored
None
Error and Warning from DHCPServer (system event log)
None
Streaming media server ruleset

Table 67 shows the streaming media server ruleset properties.
Table 67
Streaming media server ruleset
Preloaded KMs
(PRU_MediaServer.kml)
NT_EV*
NT_PERFMON*
None
Services with Process Monitoring WMServer

Enabled
Processes Monitored
None
Error and Warning from WMServer (Application Event log)

Monitored
Windows Media Services Current Streaming Players

Windows Media Service Current Connected Players
Windows Media Services Current Connection Queue Length
Windows Media Services Current Stream Error Rate
The default polling time for each of these parameters is 5 minutes.
SMS primary site ruleset

Table 68 on page 263 shows the SMS primary site ruleset properties. These rulesets
apply to SMS 2.0 and SMS 2003 Primary Servers. Before applying this default ruleset
to an agent , you must edit the rulesets. For more information, see To edit SMS
rulesets before applying on page 253.
262
Table 68
SMS primary site ruleset
Preloaded KMs
NT_EV*
NT_PERFMON*
None
MSSQLSERVER
SMS Executive
SMS Site Backup
Services with Process Monitoring SMS Site Component Manager
SMS SQL Monitor
Enabled
Processes Monitored
sitecomp.exe (with any argument)

smsdbmon.exe (with any argument)
smsexec.exe (with any argument)
sqlservr.exe (with any argument)
Error, warning, and information events from source SMS (application

event log)

Monitored
Additional WMI Objects

Monitored
SMS Discovery Data Manager Total DDRs Enqueued

SMS Discovery Data Manager Total DDRs Processed
SMS Discovery Data Manager DDRs Processed/minute
SMS In-Memory Queues Total Objects Dequeued
SMS In-Memory Queues Total Objects Enqueued
SMS Inventory Data Loader Total MIFs Enqueued
SMS Inventory Data Loadaer Total MIFs Processed
SMS Inventory Data Loader MIFs Processed/minute
SMS Software Inventory Processor Total SINVs Enqueued
SMS Software Inventory Processor Total SINVs Processed
SMS Software Inventory Processor SINVs Processed/minute
SMS Standard Sender Average Bytes/sec
SMS Standard Sender Sending Thread Count
SMS Standard Sender Total Bytes Attempted
SMS Status Messages Written to SMS Database
SMS Status Messages Reported to Application Event Log
SMS Status Messages Replicated at Normal Priority
SMS Status Messages Replicated at Low Priority
SMS Status Messages Replicated at High Priority
SMS Status Messages Received
SMS Status Messages Processed/sec
SMS Status Messages Corrupt
SMS Advertisements Failed

SMS Advertisements Total
SMS Errors
SMS Informationals
SMS Machines Total
SMS Packages Failed
SMS Programs Failed
SMS Warnings
Appendix B
263
SMS site ruleset

Table 69 shows the SMS site ruleset properties. These rulesets apply to SMS 2.0 and
SMS 2003 Site Servers. Before applying this default ruleset to an agent, you must edit
the rulesets. For more information, see To edit SMS rulesets before applying on
page 253.
Table 69
SMS site ruleset
Preloaded KMs
NT_EV*
NT_PERFMON*
None
SMS Executive
Services with Process Monitoring SMS Site Backup
Enabled
SMS Site Component Manager
Processes Monitored
sitecomp.exe (with any argument)

smsexec.exe (with any argument)
Error, warning, and information events from source SMS (application

event log)

Monitored
264
SMS Discovery Data Manager Total DDRs Enqueued

SMS Discovery Data Manager Total DDRs Processed
SMS Discovery Data Manager DDRs Processed/minute
SMS In-Memory Queues Total Objects Dequeued
SMS In-Memory Queues Total Objects Enqueued
SMS Standard Sender Average Bytes/sec
SMS Standard Sender Sending Thread Count
SMS Standard Sender Total Bytes Attempted
SMS Status Messages Written to SMS Database
SMS Status Messages Reported to Application Event Log
SMS Status Messages Replicated at Normal Priority
SMS Status Messages Replicated at Low Priority
SMS Status Messages Replicated at High Priority
SMS Status Messages Received
SMS Status Messages Processed/sec
SMS Status Messages Corrupt
Using PATROL Configuration Manager

This section describes how to use the PATROL Configuration Manager (PCM) to
manage PATROL for Microsoft Windows Servers KM configuration settings.
NOTE
To use the PATROL Configuration Manager to view or manage a PATROL agent
configuration, the PATROL KM for Event Management must be loaded on the PATROL
Agent machine. For more information about loading KMs, see Loading the PATROL for
Microsoft Windows Servers KMs on page 93.
Using PCM to apply configurations changes to other agents

BMC Software recommends that you configure multiple agents using the following
method:
1. Using a PATROL console, configure monitoring on one agent.
2. Use the PATROL Configuration Manager to copy the agent configuration to the
other similar agents, using the procedure described below.
To copy configuration changes using PCM

1 Using the PATROL Configuration Manager, perform a get on the PATROL Agent.
2 Configure the PATROL Agent as desired.
3 Using the PATROL Configuration Manager, perform a get to obtain the new
PATROL Agent configuration.
4 In PATROL Configuration Manager, compare the last 2 configurations.

5 Save the differences between the 2 agent configuration as a new rule set.
6 Apply this rule set to the other PATROL Agents.
For more detailed information about using the PATROL Configuration Manager, see
the PATROL Configuration Manager User Guide or the PATROL KM for Event
Appendix B
265
Manually creating or changing configuration variables

Although not recommended, you can also use the PATROL Configuration Manager,
instead of the PATROL console, to directly update the agent configuration database
by manually entering rules or changing existing rules. However, you must be careful
to avoid typos and you must use the following syntax guidelines. For more
information, see the examples in the following sections, which show how to manually
configure several PATROL KM for Microsoft Windows OS features.
WARNING
When creating rules manually within PATROL Configuration Manager, you must follow the
syntax guidelines discussed here and avoid typos. Failure to do so could result in
unpredictable behavior.
Syntax guidelines
When manually creating rules, you must substitute special codes for certain
characters when those characters are part of a configuration variable name or value.
These characters are used for specific purposes within pconfig. For example, the
comma is used to separate values. For more information, see Table 70.
Table 70
266
Special characters required for pconfig variables
Character
Replace with
Example
comma (,)
(CO)
If the value of a variable is 142,156 you must express the

value as 142(CO)156. Otherwise, the value is interpreted as
two separate values, 142 and 156.
slash (/)
(SL)
If part of a configuration variable name includes the text

server1/outlook, where server1/outlook is the actual name of
an object, you must replace server1/outlook with
server1(SL)outlook.
equal sign (=)
(EQ)

hostname=test, where hostname=test is the actual name of an
object, you must replace hostname=test with
hostname(EQ)test.
double quote
()
(QU)

exampletext, you must replace exampletext with
example(QU)text.
Using the child_list variable

When manually creating rules, you may need to include the child_list variable. The
child_list variable specifies the configuration variables that apply to the configured
object. In the pconfig hierarchy, the child_list variable is placed one level higher up
than the configuration variables that it references. For example, as shown in Figure 5,
the child_list variable in the Example folder lists the configuration variables beneath
it in the hierarchy. Thus, in Figure 5, the child_list variable has the following value:
child_list = SourceList,EventIdList,UserList,StringList
If you are unsure how or when to use the child_list variable, use a PATROL console
to configure monitoring and then examine the child_list rules that are created.
Figure 5
Using the child_list and variable_list variables
Using the variable_list variable

When manually creating rules, you may also need to include the variable_list
variable. The variable_list variable lists the variables that are associated with the
configured object. In the pconfig hierarchy, the variable_list variable is placed at the
same level as the variables that is references. For example, in Figure 5, the
variable_list variable has the following value:
Appendix B
267
variable_list = FilterEnabled,FilterDescription,EventType,Annotation,EventReport,
RetainEventDescriptions,Scheduling,AcknowledgeBy,ConsolidationNumber,ConsolidationTi
me,ConsolidateEventTypes,IncludeAllSources,IncludeAllEventIds,IncludeAllUsers,IncludeA
llCategories,IncludeAllStrings,CreateInstance
If you are unsure how or when to use the variable_list variable, use a PATROL
console to configure monitoring and then examine the variable_list rules that are
created.
Adding a rule in PCM

When manually adding rules within PATROL Configuration Manager, follow this
general procedure.
1 Right-click the folder where you want to add the rule and select New => Ruleset.
A new ruleset is created called NewRuleSet.
2 Rename the ruleset.

3 Right-click the new ruleset and select New Rule.
4 From the Ruleset dialog, enter the ruleset, operation, and variable. For more
information about what to enter, see the examples that follow.
Adding a service to monitor: example

Assume that you want to set up the following service monitoring configuration:
268
monitor the DHCP Client service

restart the start the service when it stops
generate a PATROL Warning when the service is stopped
enable the monitoring of the process associated with this service
To manually create this configuration, you would create the rules shown in Table 71.
For more information about the configuration variable specified in these rules, see
PATROL for Windows Servers configuration variables on page 220.
Table 71
Example: adding a service to monitor
Rule
Operation
Value
/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/ProcessMonitoring/ Replace
ParentDefinedProcessList/child_list
empty
/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/ProcessMonitoring/ Replace
child_list
ProcessConfigurat
ionList
/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/ServiceMonitoring/ Replace
ServiceList/Dhcp/Alarm
Enabled
ServiceList/Dhcp/Monitor
ServiceList/Dhcp/variable_list
Alarm,AutoRestar
t,Monitor
Adding a processes to monitor: example

Assume that you want to set up the following process monitoring configuration:
monitor rtserver process with argument -service
terminate the process when the process CPU% exceeds a threshold value (defined
by the AlarmThreshold variable) for 15 minutes
generate a PATROL alarm when the process is not running
do not generate a PATROL alarm when the process is running
Appendix B
269
PATROL for Windows Servers configuration variables on page 220
Table 72
Example: adding a process to monitor
Rule
Operation
Value
/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/ProcessMonito Replace
ring/ProcessConfigurationList/RTSERVER_SERVICE/ArgumentList
/list
-service
ring/ProcessConfigurationList/RTSERVER_SERVICE/ArgumentList
/variable_list
list
ring/ProcessConfigurationList/RTSERVER_SERVICE/ProcessName
rtserver
ring/ProcessConfigurationList/RTSERVER_SERVICE/child_list
ArgumentList
ring/ProcessConfigurationList/RTSERVER_SERVICE/variable_list
ProcessName,TimeLimi
tForKillRunAwayProce
ss,EnableAlarmIfProces
sDown,EnableAlarmIfP
rocessStarts
ring/ProcessConfigurationList/child_list
RTSERVER_SERVICE
ring/ProcessConfigurationList/RTSERVER_SERVICE/EnableAlarmI
fProcessDown
ring/ProcessConfigurationList/RTSERVER_SERVICE/EnableAlarmI
fProcessStarts
ring/ProcessConfigurationList/RTSERVER_SERVICE/TimeLimitFor
KillRunAwayProcess
15
270
Creating an event filter: example

Assume that you want to set up the following event monitoring filter:
create an event filter named Example with the description Event Filter Example
monitor only Warning and Error event types; do not consolidate event types when
reporting. Report Warning and Error events separately.
monitor events from application sources PerfDisk and PerfProc
monitor event IDs 100 through 154
monitor events generated under the username of bhunter
monitor events that have the test string missing in the event text
monitor events in any event category
choose the option to write event details to a text parameter
choose the option to report multiple events as one event when 5 or more events
occur within 30 seconds
choose the option to notify PATROL immediately when an event filter matches the
filter criteria
when in alarm, remain in alarm until acknowledged by an operator
Appendix B
271
PATROL for Windows Servers configuration variables on page 220.
Table 73
Example: adding an event filter to monitor (Part 1 of 2)
Rule
Operation
Value
/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonit Replace
oring/Application/EventFilters/Example/AcknowledgeBy
Manual
oring/Application/EventFilters/Example/Annotation
oring/Application/EventFilters/Example/ConsolidateEventTypes
oring/Application/EventFilters/Example/ConsolidationNumber
oring/Application/EventFilters/Example/ConsolidationTime
30
oring/Application/EventFilters/Example/CreateInstance
oring/Application/EventFilters/Example/EventIdList/list
100-154
oring/Application/EventFilters/Example/EventIdList/variable_list
list
oring/Application/EventFilters/Example/EventReport
oring/Application/EventFilters/Example/EventType
oring/Application/EventFilters/Example/FilterDescription
EventFilterExample
oring/Application/EventFilters/Example/FilterEnabled
oring/Application/EventFilters/Example/IncludeAllCategories
oring/Application/EventFilters/Example/IncludeAllEventIds
oring/Application/EventFilters/Example/IncludeAllSources
oring/Application/EventFilters/Example/IncludeAllStrings
oring/Application/EventFilters/Example/IncludeAllUsers
oring/Application/EventFilters/Example/RetainEventDescriptions
oring/Application/EventFilters/Example/Scheduling
oring/Application/EventFilters/Example/SourceList/variable_list
list
272
Table 73
Example: adding an event filter to monitor (Part 2 of 2)
Rule
Operation
Value
oring/Application/EventFilters/Example/StringList/list
missing
oring/Application/EventFilters/Example/StringList/variable_list
list
oring/Application/EventFilters/Example/UserList/list
bhunter
oring/Application/EventFilters/Example/UserList/variable_list
list
oring/Application/EventFilters/Example/child_list
SourceList,EventIdList,
UserList,StringList
oring/Application/EventFilters/Example/variable_list
FilterEnabled,FilterDes
cription,EventType,An
notation,EventReport,R
etainEventDescriptions,
Scheduling,Acknowled
geBy,ConsolidationNu
mber,ConsolidationTi
me,ConsolidateEventT
ypes,IncludeAllSources
,IncludeAllEventIds,Inc
ludeAllUsers,IncludeAl
lCategories,IncludeAllS
trings,CreateInstance
oring/Application/EventFilters/child_list
Example
Appendix B
273
Updating parameter thresholds or poll times: example

Assume that you want to change the alarm thresholds for any instance of the
parameter NT_CPU/CPUprcrProcessorTimePercent to the following values:
Alarm Range 1: 8085
Alarm Range 2: 85100
NOTE
When you change parameter thresholds through the PATROL Configuration Manager or
through PATROL KM for Event Management, the changes are stored externally in the pconfig
database, not in the KM. To change parameter thresholds or poll times in this manner, you
must have the PATROL KM for Event Management loaded on the PATROL Agent. For more
information about loading KMs, see Loading the PATROL for Microsoft Windows Servers
KMs on page 93.
For more information about the this rule, see the detailed description in Table 75.
Table 74
Example: changing parameter thresholds
Rule
Operation
Value
/AS/EVENTSPRING/PARAM_SETTINGS/THRESHOLDS/
NT_CPU/__ANYINST__/CPUprcrProcessorTimePercent
Replace
1,0 0 0 0 0 0,1 80 85 0 0 1,1 85 100

002
The following table provides a detailed description of the THRESHOLDS

configuration rule.
Table 75
Understanding the THRESHOLDS rule (Part 1 of 2)
Item
Description
/AS/EVENTSPRING
variable folder
/PARAM_SETTINGS
variable folder
/THRESHOLDS
variable folder
/NT_CPU
application class
/__ANYINST__
a variable that indicates any instance of the application class. You

could also specify a specific instance instead.
CPUprcrProcessorTime parameter name

Percent
1
indicates that the parameter is active

Border settings
274
indicates that the border range is inactive
the border begin range
the border end range
Table 75
Understanding the THRESHOLDS rule (Part 2 of 2)
Item
Description
specifies when to trigger alarm; 0 means immediately on the first

occurrence
if the trigger value is non zero, this value specifies the number of
occurrences before triggering an alarm
specifies that the state is OK

Alarm1 settings
indicates that the Alarm 1 alarm is active
80
the Alarm 1 begin range
85
the Alarm 1 end range

occurrence
specifies that the state is WARN

Alarm 2 settings
indicates that the Alarm 2 alarm is active
85
the Alarm 2 begin range
100
the Alarm 2 end range

occurrence
specifies that the state is ALARM
Inactivating or deactivating a parameter: example

Assume that you want to deactivate any instance of the parameter
NT_LOGICAL_DISKS/LDldFreeSpacePercent. To manually create this
configuration, you would create the rules shown in Table 76.
Table 76
Example: Inactivating or deactivating a parameter
Rule
Operation
Value
/AS/EVENTSPRING/PARAM_SETTINGS/THRESHOLDS/N
T_LOGICAL_DISKS/__ANYINST__/LDldFreeSpacePercent
Replace
0,1 0 100 0 0 2,1 0 5 0 0 2,1 5

10 0 0 1
Appendix B
275
276
Appendix

This section contains a list of the KM files that are included in each of the PATROL for
Windows Servers .kml files.
PATROL for Microsoft Windows Servers .kml files . . . . . . . . . . . . . . . . . . . . . . . . . . .
PATROL KM for Microsoft Windows Active Directory . . . . . . . . . . . . . . . . . . . .
PATROL KM for Microsoft Windows Active Directory Remote Monitoring . .
PATROL KM for Microsoft Message Queue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PATROL KM for Log Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PATROL History Loader KM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PATROL KM for Event Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PATROL for Microsoft Windows Servers rulesets. . . . . . . . . . . . . . . . . . . . . . . . .
Appendix C
278
278
282
283
283
284
284
285
285
286
286
286
287
277
PATROL for Microsoft Windows Servers .kml files
PATROL for Microsoft Windows Servers .kml

files
PATROL for Windows Servers uses several .kml files, which load specific application
classes. For detailed instructions, see Loading the PATROL for Microsoft Windows
Servers KMs on page 93.

The PATROL KM for Microsoft Windows OS uses the following .kml files to load the
application classes provide in the KM:
NT_LOAD.kml
NT_BASE.kml
NT_HYPER-V.kml
NT_LOAD.kml
The PATROL KM for Microsoft Windows OS uses the NT_LOAD.kml file, which
loads the application classes shown in Table 77.
Table 77
PATROL KM for Microsoft Windows OS NT_LOAD.kml file (Part 1 of 2)
Component and .kml
Application classes

NT_LOAD.kml
NT_BASE.kml (see Table 78 on page 280)

NT_BSK
NT_Composites
NT_CompositesColl
NT_EVENTLOG
NT_EVINSTS
NT_EVLOGFILES
NT_FTP
NT_FTP_CONTAINER
Note: NT_LOAD.kml includes NT_BASE.kml
278
Table 77
PATROL KM for Microsoft Windows OS NT_LOAD.kml file (Part 2 of 2)
Component and .kml
Application classes
NT_ICMP
NT_IP
NT_IPX
NT_IPX_CONTAINER
NT_JOBS
NT_JOBS_CONTAINER
NT_JOBS_PROCESS_GROUP
NT_JOBS_PROCESS
NT_NETBEUI
NT_NETBEUI_CONTAINER
NT_NETBIOS
NT_NETBIOS_CONTAINER
NT_NET_PROTOCOLS
NT_NETWORK
NT_NETWORK_CONTAINER
NT_PHYSICAL_DISKS_CONTAINER
NT_PHYSICAL_DISKS
NT_PRINTER
NT_PRINTER_CONTAINER
NT_PRINTERJOB
NT_PRINTERJOBS
NT_PROCESS_CONTAINER
NT_PROCESS_GROUP
NT_PROCESS
NT_REGISTRY
NT_REGISTRY_KEYINST
NT_SECURITY
NT_SERVER
NT_SERVICES
NT_SERVICES_CONTAINER
NT_TCP
NT_UDP
Appendix C
279
NT_BASE.kml
The NT_LOAD.kml file includes the NT_BASE.kml file, which loads the application
classes shown in Table 78.
Table 78
PATROL KM for Microsoft Windows OS NT_BASE.kml file
Component and .kml
Application classes
PATROL KM for Microsoft Windows OS NT_BASE.kml
NT
NT_OS
NT_CACHE
NT_CPU
NT_CPU_CONTAINER
NT_HEALTH
NT_LOGICAL_DISKS
NT_LOGICAL_DISKS_CONTAINER
NT_MEMORY
NT_NTFS_MOUNT
NT_NTFS_MOUNT_CONTAINER
NT_NTFS_QUOTA
NT_NTFS_QUOTA_CONTAINER
NT_PAGEFILE
NT_PAGEFILE_CONTAINER
NT_SYSTEM
PATROL_NT
NT_HYPER-V.kml
Microsoft Windows provides virtualization called Hyper-V. PATROL KM for
Microsoft Windows allows you to monitor and gather information about of Hyper-V
entities by using the application classes and their parameters. The KM allows you to
monitor the following Hyper-V entities:
Hypervisor
The product reports information about the number of monitored notifications
registered with a hypervisor, the bootstrap and deposited pages, and the partitions,
virtual processors, logical processors, and the running partitions present.
Logical processors of the system

The product reports information about the rate of the virtual processor context
switches on a logical processor, the rate of hardware and hypervisor interrupts on a
processor, and the percentage of time that a processor spends in the guest and
hypervisor codes.
280
Partitions of the system

The product reports information about the partitions present in the system, and the
summary and state of all the partitions. It reports the number of virtual processors
associated with a partition, the total memory allocated to a partition, the qualified
domain name, the operating system and its version, the service pack, and so on. It
also displays the process ID of the worker process corresponding to the partitions,
and the uptime of the partition.
Virtual processors of the partition

The product reports information about the virtual processors such as the resources
available to a partition and the number of partitions that you can run at a time. It
displays the allocation of resources by the hypervisor to a partition when partitions
compete for resources. It reports the rate of hypervisor intercept messages. It also
reports the percentage of time that a processor spends in the guest and hypervisor
codes.
Virtual hard disks of a partition

The product reports information about virtual hard disks of a partition such as their
type, size on the physical disk, maximum size as viewable by the partition, and the
percentage of use of the types of virtual hard disks.
NOTE
To discover Hyper-V partitions and the data for each partition, the BMC PATROL
Agent default user must be added to the local administrator group.
The PATROL KM for Microsoft Windows OS uses the NT_HYPER-V.kml file, which
loads the application classes shown in Table 79.
NOTE
Ensure that the Hyper-V server role is installed on the computer.
Appendix C
281
Table 79
PATROL KM for Microsoft Windows OS NT_HYPER-V.kml file
Component and .kml
Application classes

NT_HYPER-V.kml
NT_HYPER-V
NT_HYPERV_HYPERVISOR
NT_HYPERV_LOGICAL_PROCESSOR_CONT
NT_HYPERV_LOGICAL_PROCESSOR
NT_HYPERV_PARTITION_CONT
NT_HYPERV_PARTITION
NT_HYPERV_PART_VIRTUAL_PRCR_CONT
NT_HYPERV_PART_VIRTUAL_PRCR
NT_HYPERV_PARTITION_VHD_CONT
NT_HYPERV_PARTITION_VHD

The PATROL KM for Microsoft Windows Active Directory uses the
MWD_ACTIVE_Directory_MN.kml file, which loads the application classes shown in
Table 80.
Table 80
PATROL KM for Microsoft Windows Active Directory .kml file
Component and .kml
Application classes
MWD_ACTIVE_Directory_MN.kml
AD_AD_SERVER.km
AD_AD_ADDRESS_BOOK.km
AD_AD_AUTHENTICATION.km
AD_AD_CNF.km
AD_AD_CNF_CONT.km
AD_AD_COLLECTOR.km
AD_AD_DNS.km
AD_AD_FRS.km
AD_AD_FSMO_ROLE_CONECTIVITY.km
AD_AD_FSMO_ROLE_CONECTIVITY_CONT.km
AD_AD_FSMO_ROLE_PLACEMENT.km
AD_AD_GPO.km
AD_AD_LDAP.km
AD_AD_LOST_FOUND_OBJECTS.km
AD_AD_REPLICATION.km
AD_AD_SAM.km
282
PATROL KM for Microsoft Windows Active Directory Remote

Monitoring
The PATROL KM for Microsoft Windows Active Directory Remote Monitoring uses
the REM_ACTIVE_DIRECTORY.kml file, which loads the application classes shown in
Table 81.
Table 81
PATROL KM for Microsoft Windows Active Directory Remote Monitoring .kml file
Component and .kml
Application classes
REM_ACTIVE_DIRECTORY.kml
AD_RMT_SERVER_CONT.km
AD_RMT_FSMO_ROLE_CONNECTIVITY_CONT.km
AD_RMT_FSMO_ROLE_CONNECTIVITY.km
AD_RMT_DOMAINSITE.km
AD_RMT_DOMAINCONTROLER.km

The PATROL KM for Microsoft Windows Domain Services uses the NTD.kml file,
which loads the application classes shown in Table 82.
Table 82
PATROL KM for Microsoft Windows Domain Services .kml file
Component and .kml
Application classes

(uses NTD.kml)
NT_DOMAIN
NT_MEMBER_SERVER
NT_DFS_LINK
NT_DFS_LINK_REPLICA
NT_DFS_ROOT
NT_DFS_ROOT_REPLICA
NT_DHCP
NT_DHCP_SCOPE
NT_DNS
NT_DNS_2000
NT_RAS
NT_RAS_DEVICE
NT_REMOTE_SERVERS
NT_REPLICATION
NT_REPL_DIR
NT_REPL_SVR
NT_SHARES
NT_TRUST
NT_USERS
NT_USER_ACCOUNTS
NT_WINS
NT_WINS_PARTNER
Appendix C
283

PATROL KM for Microsoft Cluster Server uses the MCS_Load.kml file, which loads
the application classes shown in Table 83.
Table 83
PATROL KM for Microsoft Cluster Server .kml file
Component and .kml
Application classes
MCS_Clusters
MCS_Cluster
MCS_Collectors
MCS_Groups
MCS_Group
MCS_Group_Resources
MCS_Networks
MCS_Network_Interfaces
MCS_Nodes
MCS_Quorum
MCS_Performance
MCS_Shares
(uses MCS_Load.kml)

PATROL KM for Microsoft COM+ uses the COM.kml file, which loads the application
classes shown in Table 84.
Table 84
PATROL KM for Microsoft COM+ .kml file
Component and .kml
Application classes
COM_PLUS
COM_APPLICATION
COM_APPLICATIONC
COM_DTC
COM_APP_COMPONENT
COM_APP_INTERFACE
COM_APP_METHOD
(uses COM.kml)
284

The PATROL KM for Microsoft Message Queue uses the MSMQ.kml file, which loads
the application classes shown in Table 85.
Table 85
PATROL KM for Microsoft Message Queue .kml file
Component and .kml
Application classes
MQ_CONTAINER
MQ_SERVER
MQ_QUEUES
MQ_QUEUESC
MQ_IS
MQ_ROUNDTRIP
MQ_SESSIONSC
MQ_SESSIONS
(uses MSMQ.kml)

The PATROL Wizard for Microsoft Performance Monitor and WMI uses the
NT_PERFMON_WIZARD.kml file, which loads the application classes shown in
Table 86.
Table 86
PATROL Wizard for Microsoft Performance Monitor and WMI .kml file
Component and .kml
Application classes
PATROL Wizard for Microsoft

NT_PERFMON_WIZARD (Performance Counter Wizard)

NT_PERFMON_OBJECT
NT_PERFMON_INSTANCE
NT_PERFMON_COUNTER
NT_WMI (WMI Wizard)
NT_WMI_PARAMETER
(NT_PERFMON_WIZARD.kml)
Appendix C
285

The PATROL KM for Log Management uses the LOG.kml file, which loads the
application classes shown in Table 87.
Table 87
PATROL KM for Log Management .kml file
Component and .kml
Application classes
LOGT.km
LOGMON.km
LOGTEMP.km
PMGCONVERT.km
PMGDEBUG.km

The PATROL History Loader KM uses the HISTORY.kml file, which loads the
application classes shown in Table 88.
Table 88
PATROL History Loader KM .kml file
Component and .kml
Application classes
HISTORY_Computer
HISTORY_Propagator
MSSQLSERVER_History_Loader
ORACLE_History_Loader
SYBASE_History_Loader
DB2UDB_History_Loader
(HISTORY.kml)

The PATROL KM for Event Management uses the AS_EVENTSPRING.kml file, which
loads the application classes in Table 89.
Table 89
PATROL KM for Event Management .kml files
Component and .kml
Application classes
EVENT_MANAGEMENT
AS_AVAILABILITY
AS_EVENTSPRING_ALL_COMPUTERS
(AS_EVENTSPRING.kml)
286

The server role rulesets provided with PATROL for Microsoft Windows Servers use
the .kml files shown in Table 90 on page 287 to specify which KMs are preloaded. For
more information about the rulesets, see PATROL for Microsoft Windows Servers
rulesets on page 252.
NOTE
An asterisk indicates that all KMs that start with the stem are included. For example,
NT_CPU* indicates both NT_CPU and NT_CPU_CONTAINER.
Table 90
PATROL for Windows Ruleset .kml files (Part 1 of 4)
.kml
PRU_ApplicationServer.kml
Application classes
PRU_TerminalServer.kml
NT
NT_OS
NT_CACHE
NT_CPU*
NT_MEMORY
NT_PAGEFILE*
NT_SYSTEM
NT_LOGICAL_DISK*
PATROL_NT
NT_SERVICES*
NT_PROCESS*
NT_HEALTH
COM_*
NT_EV*
NT_PERFMON*
NT
NT_OS
NT_CACHE
NT_CPU*
NT_MEMORY
NT_PAGEFILE*
NT_SYSTEM
NT_LOGICAL_DISK*
PATROL_NT
NT_SERVICES*
NT_PROCESS*
NT_HEALTH
NT_EV*
NT_PERFMON*
Appendix C
287
Table 90
.kml
Application classes
PRU_RasVpnServer.kml
PRU_PrintServer.kml
PRU_DomainServer.kml
288
NT
NT_OS
NT_CACHE
NT_CPU*
NT_MEMORY
NT_PAGEFILE*
NT_SYSTEM
NT_LOGICAL_DISK*
PATROL_NT
NT_SERVICES*
NT_PROCESS*
NT_HEALTH
NT_EV*
NT_PERFMON*
NT
NT_OS
NT_CACHE
NT_CPU*
NT_MEMORY
NT_PAGEFILE*
NT_SYSTEM
NT_LOGICAL_DISK*
PATROL_NT
NT_SERVICES*
NT_PROCESS*
NT_HEALTH
NT_EV*
NT_PRINT*
NT
NT_OS
NT_CACHE
NT_CPU*
NT_MEMORY
NT_PAGEFILE*
NT_SYSTEM
NT_LOGICAL_DISK*
PATROL_NT
NT_SERVICES*
NT_PROCESS*
NT_HEALTH
NT_EV*
NT_DOMAIN
NT_MEMBER_SERVER
AD_AD*
Table 90
.kml
PRU_FileServer.kml
Application classes
PRU_MailServer.kml
NT
NT_OS
NT_CACHE
NT_CPU*
NT_MEMORY
NT_PAGEFILE*
NT_SYSTEM
NT_LOGICAL_DISK*
PATROL_NT
NT_SERVICES*
NT_PROCESS*
NT_HEALTH
NT_DFS*
NT_EV*
NT_DOMAIN
NT_MEMBER_SERVER
NT_PHYSICAL_DISKS*
NT
NT_OS
NT_CACHE
NT_CPU*
NT_MEMORY
NT_PAGEFILE*
NT_SYSTEM
NT_LOGICAL_DISK*
PATROL_NT
NT_SERVICES*
NT_PROCESS*
NT_HEALTH
NT_EV*
NT_PERFMON*
PRU_DNSServer.kml
NT
NT_OS
NT_CACHE
NT_CPU*
NT_MEMORY
NT_PAGEFILE*
NT_SYSTEM
NT_LOGICAL_DISK*
PATROL_NT
NT_SERVICES*
NT_PROCESS*
NT_HEALTH
NT_DNS_2000
NT_DOMAIN
NT_MEMBER_SERVER
NT_EV*
NT_PERFMON*
Appendix C
289
Table 90
.kml
Application classes
PRU_WinsServer.kml
PRU_DhcpServer.kml
PRU_MediaServer.kml
290
NT
NT_OS
NT_CACHE
NT_CPU*
NT_MEMORY
NT_PAGEFILE*
NT_SYSTEM
NT_LOGICAL_DISK*
PATROL_NT
NT_SERVICES*
NT_PROCESS*
NT_HEALTH
NT_DOMAIN
NT_MEMBER_SERVER
NT_EV*
NT_WINS*
NT
NT_OS
NT_CACHE
NT_CPU*
NT_MEMORY
NT_PAGEFILE*
NT_SYSTEM
NT_LOGICAL_DISK*
PATROL_NT
NT_SERVICES*
NT_PROCESS*
NT_HEALTH
NT_DOMAIN
NT_MEMBER_SERVER
NT_EV*
NT_DHCP*
NT
NT_OS
NT_CACHE
NT_CPU*
NT_MEMORY
NT_PAGEFILE*
NT_SYSTEM
NT_LOGICAL_DISK*
PATROL_NT
NT_SERVICES*
NT_PROCESS*
NT_HEALTH
NT_EV*
NT_PERFMON*
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Index
Symbols
%PATROL_CACHE% 68
%PATROL_HOME% 68
.kml
COM.kml 92, 284
EVENT_MANAGEMENT.kml 93
HISTORY.kml 92, 286
LOG.kml 93
MSMQ.kml 92, 285
MWD_ACTIVE_Directory_MN.kml 93
NT_BASE 280
NT_HYPER-V 282
NT_LOAD.kml 93, 278
NT_PERFMON_WIZARD.kml 93
NTD.kml 93, 283
REM_ACTIVE_DIRECTORY.kml 283
.kml files
list of 92
vs. .km files 91
__ANYINST__ variable 274, 275
_CollectionStatus parameter 202
_DiscoveryStatus parameter 48
Numerics
560/562 events 203
A
account requirements
PATROL KM for Cluster Server 50, 78
PCC 179
AccountInfo variables 242
accounts
requirements 99
setting up for installation 46
Windows 46
AcknowledgeBy variable 227, 272
acknowledging alarms 203
Act as part of operating system (user right) 47, 103
activating parameters 275
Active Directory 22
ActiveX control 135
adding
event filters 271
Performance Monitor (PerfMon) counters 145

processes to monitor 120, 269
rules 268
services to monitor 268
WMI parameters 146
address book monitoring 24
addresses
default 139
email, specifying 142
administrator rights 102
AdPerfCollector parameter 210
advanced user rights, required 47
agents
assigning notification servers to 140
configuration variables 219252
configuring 140141
configuring in a cluster 178
PATROL 35
persistent connection to 141
Alarm variable 224
AlarmMax variable 250, 251
AlarmMin variable 250, 251
alarms
acknowledging 203
generating 118, 124
tuning 206
AlarmThreshold variable 124, 221
AlertMSGForRepliCollector variable 241
alerts
reducing number of 202
troubleshooting 206
allow log on locally (user right) 47
allowsendparamonly variable 207
AnnotateProcCount variable 232
AnnotateProcStatus variable 232
AnnotateTopProcs variable 232
AnnotateValueChange variable 234
Annotation variable 227, 272
AnnotationMode variable 243
application classes
NT_CompositeColl 125
NT_DHCP 42, 43, 171
NT_DNS 171
NT_FTP 233
NT_ICMP 234
NT_IP 234
291
NT_IPX 234
NT_LOGICAL_DISK 102
NT_NETBEUI 234
NT_NETBIOS 234
NT_PROCESS 120
NT_REMOTE_SERVERS 171
NT_SERVICES 102
NT_SHARES 171
NT_TCP 234
NT_TRUST 172
NT_UDP 234
NT_WINS 172
application server, rulesets for monitoring 253
arguments, process 124
arsAction variable 206
AS_AVAILABILITY application 208
AS_CHANGESPRING.kml 72
AS_EVSLocalAlertNotify.bat
editing 136
requirements for using 135
AS_EVSLocalAlertNotify.pl 135
Attended Mode Dialog Timeout field 132
auditing, disabling 203
authentication support 24
AutoDiscoveryTimeLimit variable 221
automatic process monitoring 119
AutoRestart variable 119, 224
availability, monitoring 208
B
backing up before migration 71
backup domain controllers, monitoring 30
backup notification servers 137
BackupClusterDatabase parameter 243
BackupDir variable 225
batch file 135
BDCADD variable 237
BDCDEL variable 237
blackouts 206
Blat
defined 134
version tested with 134
blue screen monitoring
crash dump 127
default 127
event id 6008 127
BMC Software, contacting 2
Bourne shell 81
Bypass traverse checking user right 103
C
C shell 81
catalog, event 208
292
changing
account rights 47
security levels 57
system monitoring 104
thresholds and poll times 274
characters, special 266
charting PATROL data 169
CheckIPResourceColl parameter 244
CheckPoint variable 226
child_list variable 267
CluDBBackupPath variable 243
cluster administrator account 50, 78, 179
cluster.exe 78
ClusterLogFileError parameter 246
clusterName_NetworkNameForFileShares variable 245
CollectionCount variable 221, 232
colormap option 80
COM.kml 92, 284
command-line arguments 124
commas, escaping 266
components
KM files 278286
PATROL Adapter for Microsoft Office 35
PATROL Agent for Microsoft Windows Servers 35
PATROL Cluster Configuration Wizard 31
PATROL Cluster Configuration Wizard (PCC) 31
PATROL History Loader KM 35
PATROL KM for Cluster Server 30
PATROL KM for Event Management 34
PATROL KM for Log Management 32
PATROL KM for Microsoft Cluster Server 30
PATROL KM for Microsoft COM+ 31
PATROL KM for Microsoft Message Queue 31
Directory 22
PATROL KM for Microsoft Windows Domain
Services 30
PATROL KM for Microsoft Windows OS 21
composite parameters, creating 125
compressing the DHCP database 101
ComputerNamesList/list variable 230
configuration variables 219252
configurations, component-based
PATROL KM for History Loader 286
PATROL KM for Microsoft Message Queue (MSMQ)
285
PATROL KM for Microsoft Windows Domain
Services 283
PATROL KM for MS Windows Active Directory
Remote Monitoring 283
ConfigureOptionUsed variable 235
configuring
blue screen monitoring 102, 127
composite parameters 125
custom parameters 125
e-mail notification 133
event log monitoring 117
event monitoring 106
in PCM, event monitoring 271
in PCM, process monitoring 269
in PCM, service monitoring 268
KM to look for crash dump file 102
monitoring of text files 150
PATROL in a cluster 178
process control 123
process monitoring 119124
quotas 102
remote agents 140141
service monitoring 117??
Windows event monitoring 106
ConnectAs32Bit variable 250
connection, persistent 141
ConsolidateEventTypes variable 110, 227, 272
ConsolidationNumber variable 227, 272
ConsolidationTime variable 227, 272
Core Active Directory service 25
core Active Directory service 26
Counters variable 250
counters, Performance Monitor 209
CreateInstance variable 227
creating
custom parameters 125
event filter to monitor events generated only by a
specified computer 116
rules 268
WMI parameters 34
custom installation option 58
customer support 2
customizations
migrating manually 74
customized PSL, migrating 75
customizing
monitoring of counters 144
scripts 136
text log monitoring 149
thresholds 209
D
database, parameter history 35
deactivating parameters 275
debug programs (user right) 47
default email account 139
defining
notification servers 137
remote agents 137
DeletedLDList variable 234
dependencies 94
deploying settings 138
DestroyAcknowledgeProcess variable 232
DFS (Distributed File System) 30

DFS users, disconnecting 101
DfsConnectionPercent parameter 130
DHCP (Dynamic Host Configuration Protocol) 30
DHCP reports 171
DHCPADD variable 237
DHCPBAK variable 237
DHCPDEL variable 237
diagnosing problems 201213
directory replication 22
DisableAnnotation variable 223, 232, 235
DisableAnnotations variable 239
DisableEventConfig variable 239
DisableServiceRestart variable 119, 223
disabling
event filters 116
KMs 174
parameters 275
disconnecting DFS users 101
discovery, problems with 202
diskperf 105
disks, monitoring 104
Distributed File System (DFS) 30
DNS name registration 25
DNS reports 171
DNS server, monitoring 26
dns.exe 261
domain controllers
rulesets for monitoring 254
domain controllers, monitoring 30
Domain Name Service (DNS)
monitoring 30
rulesets 254
DomainInclusionList variable 246
DomainNamingMasterConnStatusSched variable 239
double quotes, escaping 266
dynamic file names, monitoring 152, 157
Dynamic Host Configuration Protocol (DHCP) 30
dynamic update 26
E
editing
notification scripts 136
rulesets 253
ELMError parameter 109
ELMErrorNotification parameter 109, 203
ELMEvFileFreeSpacePercent parameter 129
ELMFailureAudit parameter 109
ELMFailureAuditNotification parameter 109, 203
ELMInformation parameter 109
ELMInformationNotification parameter 203
ELMNotification parameter 109, 203
ELMOtherTypes parameter 109
293
ELMOtherTypesNotification parameter 203
ELMRptOfNotification parameter 111
ELMRptOfOtherTypes parameter 111
ELMStatus parameter 109, 110
ELMSuccessAudit parameter 109
ELMSuccessAuditNotification parameter 203
ELMWarning parameter 109
ELMWarningNotification parameter 109, 203
e-mail notification 133
EnableAlarmIfProcessDown variable 222
EnableAlarmIfProcessStarts variable 222
enabling
event filters 116
parameters 275
environment variables
LANG 81
PATH 81
PATROL_BROWSER 81
PATROL_CACHE 68
PATROL_HOME 68
setting for Help browser 81
setting for the browser 81
equal sign, escaping 266
error messages 212
escaping special characters 266
event catalog 208
event log
windows event log 204
event logs
monitoring, enabling 105
troubleshooting 203
viewing 125
event monitoring
configuring in PCM 271
Core Active Directory service 25
domain controller health 25
file replication service and group policy 25
Kerberos 25
Netlogon 25
time synchronization service 25
EVENT_MANAGEMENT.kml 286
EventLogMonitoring
BackupDir variable 225
ExclusionList/list variable 226
IncludeAll variable 225
InclusionList/list variable 225
EventReport variable 227, 272
events
monitoring 106
reducing 202
EventType variable 110, 228, 272
EvRptOfError parameter 111
EvRptOfFailureAudit variable 111
EvRptOfInformation parameters 111
EvRptOfStatus parameters 111
EvRptOfSuccessAudit parameters 111
294
EvRptOfWarning parameter 111

eXceed 80
Excel, Microsoft 102
ExclusionList/list variable 226, 232, 233, 234, 235
expressions, regular 120
extracting
downloaded installation files 54
order 54
F
failover, cluster 31
FAT file system 42
file replication service and group policy 26
file server, rulesets for monitoring 253
file systems, supported 42
FileShareExclusionList variable 243
filter, event monitoring 106
FilterDescription variable 228, 272
FilterDisableCase variable 230
FilterEnabled variable 116
first time installation 58
Flexible Single Master Operations (FSMO) 23
ForwardAllNTEventstoPEM variable 226
ForwardFilteredNTEventstoPEM variable 226
FSMO monitoring 23
FTP/Active variable 233
G
graphing PATROL data 169
group policy monitoring 25
H
HighThresholdOnEvents variable 235
history reports 170
HISTORY.kml 92, 286
HPFS file system 42
I
ICMP/Active variable 234
IdleServerTime variable 238
InactiveonMissingPerfObj variable 221
IncludeAll variable 225, 232, 233, 234, 235
IncludeAllCompList variable 230
InclusionList list/variable 233
InclusionList/list variable 225, 232, 233, 234, 235
increase quotas (user right) 47
inetinfo.exe 257
InfrastructureMasterConnStatusSched variable 240
installation
backing up before migration 71
custom option 58
log files 212
PATROL KM for Cluster Server account requirements
50, 78
PATROL KM for Cluster Server overview 75
preparing for 52
setting up installation accounts 46
system requirements 41
typical option 57
verifying requirements 41
Windows account requirements 46
Installation logs 212
installing
checking for product patches or fixes 53
clearing cache 73
determining the version of the installation utility 54
extracting downloaded files 54
extraction order 54
extraneous target platforms in the installation utility
user interface 53
for the first time 58
installing PATROL Agent over an existing installation
54
turning off pop-up blocking software 52
unsupported platform in the installation utility user
interface 52
upgrading from an earlier version 66
where to install KMs 55
where to install PATROL Agent 54
Instances variable 250
integration with Blat 134
intrasite/intersite monitoring 23
IP/Active variable 234
IPExclusionList variable 244
IPX/Active variable 234
IterationCount variable 236, 237
J
job objects
missing 202
monitoring 105
JobObjectMonitoring
CollectionCount variable 232
JournalMsgCountThreshold variable 248
JournalMsgSizeThreshold variable 248
K
Kerberos 25, 27
KM configuration variables 219252
KM customizations
migrating manually 74
KMs
deploying 18
determining if migratable 66
determining versions of 213
included with product 277286
installing individual 58
installing QuickStart packages 57
loading 9395
preloading 92
unloading 174
upgrading from an earlier version 66
where to install 55
Korn shell 81
L
LANG environment variable 81
LDAP monitoring 24
LDldFreeSpacePercent parameter 129
license, required 41
loading KMs 9395
log files, monitored by default 151
Log on as a service (user right) 47
Log on as batch job user right 102
LOG.kml 93
LOGErrorLvl
not set if search string is not defined 156
logical disks, monitoring 105
LogicalDiskMonitoring
login accounts
requirements 46
Windows 46
logs
event, monitoring 105
installation 212
lsass.exe 260
M
mail servers, rulesets for monitoring 254
Make Connection Persistent option 141
managed system 22
manual
migration of KM customizations 74
ManualAcknowledge variable 232
MAPI scripts 135
MaxRecords variable 229
MaxResourceIdleRetainPeriod variable 225
MaxShares variable 238
MaxUsers variable 238
295
MBRADD variable 237
MBRDEL variable 237
MBREL variable 237
media, streaming 254
MemoryContentionThreshold variable 235
MenuCmdROMode variable 247
messages, error log 212
Microsoft Excel 102, 169
Microsoft Message Queue (MSMQ) 31
Microsoft Transaction Server COM+ 31
migrating
customized PSL 75
determining if KM is migratable 66
from an earlier version of the KM 66
KM customizations manually 74
Mode variable 251
monitor requirements 42
Monitor variable 224
MonitoredClusterList variable 247
monitoring
Active Directory 22
availability of agents 208
backup domain controllers 30
clusters 31
domain controllers 30
enabling and disabling 104
event logs 105
events 106, 117
files 117
files with dynamic names 152, 157
job objects 105
logical disks 105
logical or physical disk drives 105
logs 117
network interfaces 105
network protocols 105
pagefiles 105
physical disks 104
printers 105
processes 119
processors 104
service executables 118
services 117
strings 117
text files 150
MonitorManualServices variable 223
MonitorNotRespond variable 224
MonitorProcess 224
MonitorProcess variable 232
MSMQ.kml 92, 285
MsPatrolAgentStatus parameter 130
MWD_ACTIVE_Directory_MN.kml 93
N
Name variable 250
296
Net Logon 25, 27

NETBEUI/Active variable 234
NETBIOS/Active variable 234
Netscape Navigator 80
network interfaces, monitoring 105
network protocols, monitoring 105, 203
NetworkInterfaceMonitoring
new PATROL users
easy install option 57
installing for the first time 58
nonaggregate values for drive instance 128
NonAggregateParamValue variable 234
notification
scripts, using 134137
server 137
notification scripts
customizing 136
editing 136
specifying 139
notification servers
benefits of 137
configuring 137139
defining 137
primary and backup 137
providing security for 138
notification targets, defining 139
notification, e-mail 133
NOTIFICATION_SERVER1 variable 140
NOTIFICATION_SERVER1.defaultAccount variable 140
NOTIFICATION_SERVER2 variable 140
NotifiedEvents parameter 208
notifying
disks are not present 127
NotRespondCmd variable 224
NT authentication support 24
NT_BASE.kml 45, 280
NT_CompositesColl application class 125
NT_DHCP application class 42, 43
NT_EVENTLOG.OSdefaultAccount variable 236
NT_FTP application class 233
NT_HYPER-V.kml 280, 282
NT_ICMP application class 234
NT_IP application class 234
NT_IPX application class 234
NT_LOAD.kml 45, 93, 278
NT_LOGICAL_DISK application class 102
NT_NETBEUI application class 234
NT_NETBIOS application class 234
NT_PERFMON application class 93
NT_PROCESS application class 120, 202
NT_SERVICES application class 102
NT_TCP application class 234
NT_UDP application class 234
NTD.kml 93, 283
NTFS file system 42
O
Objects variable 250
operating system, monitoring 103
output window, system 212
OverrideAutoConfigUpdate variable 235
OverrideGlobalServiceMonitoring variable 224
OverrideGlobalServiceRestart variable 119, 224
OverrideParameterAutoActivate variable 225, 232, 235
OverrideParameterFileFreeSpacePctAutoActivate variable
226
OverrideSummaryAutoCreate variable 204, 226
P
PACFG (PATROL Agent Configuration) utility 207
PagefileMonitoring
pagefiles, monitoring 105
parameters 207
_DiscoveryStatus 48
activating and deactivating 275
AdPerfCollector 210
BackupClusterDatabase 243
CheckIPResourceColl 244
ClusterLogFileError 246
composite 125
creating 34
creating e-mail notifications for 133
creating PerfMon-based 145
creating WMI 146
customizing 125
data, storing and analyzing 35
DfsConnectionPercent 130
ELMError 109
ELMErrorNotification 109, 203
ELMEvFileFreeSpacePercent 129
ELMFailureAudit 109
ELMFailureAuditNotification 109, 203
ELMInformation 109
ELMInformationNotification 109, 203
ELMNotification 203
ELMOtherTypes 109
ELMOtherTypesNotification 203
ELMRptOfNotification 111
ELMRptOfOtherTypes 111
ELMStatus 109
ELMSuccessAudit 109
ELMSuccessAuditNotification 203
ELMWarning 109
ELMWarningNotification 109, 203
EvRptOfError 111
EvRptOfFailureAudit 111
EvRptOfInformation 111
EvRptOfSuccessAudit 111
EvRptOfWarning 111
history, viewing 92
LDldFreeSpacePercent 129
MsPatrolAgentStatus 130
NotifiedEvents 208
PAWorkRateExecsMin 131
PROCDown 124
PROCProcessColl 124
PROCProcessorTimePercent 130
PROCStatus 124, 130, 232
RegValueChanged 234
ServiceStatus 118, 130
ShConnPercent 50, 131
SvcNotResponding 118
SvcStatus 118
troubleshooting 207
tuning 202
WMIAvailability 129, 235
WpReplicationFailures 130
Parameters variable 250
ParentInstance variable 227
PATH environment variable 81
PATROL account, creating 46
description 35
installation requirements 169
PATROL Agent
configuring in a cluster 178
description 35
installing KMs to 55
installing over an existing installation 54
where to install 54
PATROL Central - Web Edition
loading KMs on 95
PATROL Central - Windows Edition 175
PATROL Configuration Manager
description 18
using 265273
PATROL consoles
and Netscape Navigator 80
installing KMs to 55
rulesets 287
PATROL for Windows Operating System Monitor service
35
description 35
PATROL KM for Cluster Server
account requirements 50, 78
architecture 76
description 30
installation overview 75
297
monitoring features 30
overview 75
.kml files 286
configuring 133142
PATROL KM for History Loader
KMs 286
.kml file 286
report options 172
troubleshooting 103
Windows configuration 284
KMs 285
report options 172
troubleshooting 103
description 22
installation requirements 43, 44
requirements 43, 44
troubleshooting 99
KMs 283
requirements 42
troubleshooting 100
configuring 103125
KMs 278
requirements 42
PATROL KM for MS Windows Active Directory Remote
Monitoring
application classes 197
InfoBox items 198
KMs 283
menu commands 198
overview 196
parameters 199
REM_ACTIVE_DIRECTORY.kml 283
using 196
PATROL KM for Windows Active Directory
required defaultAccount permissions 49
PATROL Perform Agent 40
PATROL security
overview of levels 56
requirements 41
PATROL Wizard for Performance Monitor and WMI
.kml file 285
configuring 144
creating Performance Monitor parameters 145
creating WMI parameters 146
description 34
loading 144
migration 67
performance counters supported 148
queries that begin with Win32_PerfRawData 148
setting alarm thresholds 146
298
Win32_PerfRawData WMI class 148

PATROL.conf 207
PATROL_BROWSER environment variable 81
PATROL_CACHE 68, 73
PATROL_HOME 68
PatrolAgent service 35
PAWorkRateExecsMin parameter 131
PCC (PATROL Cluster Configuration Wizard)
account requirements 179
description 31
overview 178
unattended configuration 193
using 180
pconfig
syntax rules for 266
variables 220252
PDCEmulatorConnStatusSched variable 240
Performance Counter (PerfMon) Wizard 34
Performance Monitor counters, customizing 209
perfproc.dll 202
persistent agent connection 141
physical disks, monitoring 104
PhysicalDiskMonitoring
PingCount variable 241
PingTimeout variable 241
planning
installation 52
notification 137
platforms, supported 41
poll times, changing 207, 274
preloading KMs 92, 96
preparing for installation 52
Primary_Site_Role.cfg 253, 254
print server, rulesets for monitoring 253
PrinterMonitoring
DisableAnnotation variable 235
printers, monitoring 105
problem resolution 201213
PROCDown parameter 124
process control, configuring 123
processes
_DiscoveryStatus and _CollectionStatus parameters
123
disabling monitoring of 123
missing 202
monitoring 119
multiple processes selected 205
restarting 48, 124
run-away 222
stopping 124
troubleshooting 202
ProcessMonitoring
StatusSelectedColumns/list variable 221
ProcessName variable 222
ProcessorContentionThreshold variable 235
ProcessorMonitoring
processors, monitoring 104
PROCProcessColl parameter 124
PROCProcessorTimePercent parameter 130
PROCStatus parameter 124, 130, 232
product
components 20
configuration tasks 103
product support 2
profile system performance (user right) 47
protocols
monitoring 105
troubleshooting 203
PRU_FileServer.cfg 253
PSL, migrating 75
psx_server.xpc 229
Q
Query variable 251
QueueMsgCountThreshold variable 248
QueueMsgSizeThreshold variable 248
quorum configurations
support in a failover cluster 78
quotas, configuring 102
quotes, escaping 266
R
RAS (Remote Access Service) 258
recovery actions
about 128
configuring 128133
troubleshooting 48
variables used for 251
redundancy 137
RegistryMonitoring
regular expressions 120
using to monitor dynamic file names 152, 157
RegValueChanged parameter 234
RelativeIDMasterConnStatusSched variable 240
Remote Access Service (RAS) 258
remote agents, assigning notification servers to 140
RemovedPDList variable 233
removedServiceList variable 223

removing
KMs 174
replace a process level (user right) 47
replication monitoring 22
reports 102, 170173
requirements
overview 41
PATROL KM for Cluster Server 78
PATROL KM for Cluster Server account 50, 78
Directory 43, 44
PCC 179
software 91
system 41
user right 47
Windows account 46
Windows script 135
ResolveTestList variable 236, 237
ResourceExclusionList variable 244
restarting
agent 207
processes 48, 124
RetainEventDescriptions variable 272
rights, required 47, 102
rules, adding 268
rulesets
applying 252
editing 253
PATROL for Microsoft Windows Servers 287
shipped 252264
run-away processes 222
S
SAM monitoring 24
SAM NT authentication support 24
ScheduledServers variable 248
Scheduling variable 229
SchemaMasterConnStatusSched variable 240
SCOPEADD variable 237
SCOPEDEL variable 237
scripts
batch file 135
customizing 136
editing 136
using 134137
search string 156
security
event log 102
notification server 138
overview of levels 56
Security Account Manager (SAM) 24
send_mapi.vbs 135
sendmail.vbs 135
ServerExcludeList variable 238
299
ServerIPAddress variable 236, 237
ServerPortNumber variable 236, 237
servers, deploying settings to 138
ServiceMonitoring
MonitorManualServices variable 223
removedServiceList variable 223
services
checking status of 118
monitoring 117
monitoring executables for 118
PATROL for Windows Servers 35
restarting 48, 118
services.exe 260
ServiceStatus parameter 118, 130
setting environment variables for Help browser 81
ShareExcludeList variable 238
ShConnPercent parameter 50, 131
shells
Bourne 81
C 81
Korn 81
Site_Role.cfg 253, 254
sitecomp.exe 263, 264
slashes, escaping 266
SMS (Systems Management Server), rulesets for 253
smsdbmon.exe 263
smsexec.exe 263, 264
SMTP scripts 135
SNMP service 43
SNMP, requirements 42
spoolsv.exe 259
sqlservr.exe 263
starting services 101, 118
startup properties, service 102
StatusNumberofProcessesToDisplay variable 221
StatusSelectedColumns/list variable 221
StatusSortKey variable 221
StdEvents.ctg 208
stopping
monitoring 104
processes 124
services 101
streaming media servers, rulesets for monitoring 254
success auditing 203
Summary instance 204
support, customer 2
Suspend Recovery Action field 132
Suspend variable 251
svchost.exe 260
SvcNotResponding parameter 118
SvcStatus parameter 118
syntax
pconfig 266
system output window 212
300
system requirements 41
system roles 55
T
TCP/Active variable 234
TCPorUDP variable 236, 237
technical support 2
templates, PATROL Adapter for Microsoft Office 171
terminal server 254
terminating processes 48, 124
text files, monitoring 150
thresholds
changing in PCM 274
customizing 209
rule for 274
tuning 202, 206
time synchronization service 25, 27
TimeLimitForKillRunAwayProcess variable 222
TotalMessageSizeThreshold variable 248
troubleshooting 201213
DiscoveryStatus parameter in alarm 205
multiple processes selected 205
windows event log 204
TrustExcludeList variable 238
typical installation option 57
U
UDP protocol 236, 237
UDP/Active variable 234
uninstalling products 84
unloading KMs 175
unresponsive services 118
upgrading 66
backing up current installation before 71
choosing a procedure 67
from an earlier version of the KM 66
UpTimeBaseLine variable 244
UseCheckPoint variable 225, 226
user account 81
user rights, required 47
UserExcludeList variable 238
using PCC 180
V
variable_list variable 267
variables
__ANYINST__ 274
child_list 267
FilterEnabled 116
NOTIFICATION_SERVER1 140
NOTIFICATION_SERVER2 140
PATROL KM for Microsoft Active Directory 239242
PATROL KM for Microsoft Cluster Server 242248
PATROL KM for Windows Domain Services 236239
PATROL KM for Windows Message Queue 248
PATROL KM for Windows OS 220236
PATROL Wizard for Performance Monitor and WMI
250251
PATROL_BROWSER 81
variable_list 267
wpconfig 18
VB (Visual Basic) 134
version, determining 213
View Process Status dialog box 221
viewing
event logs 125
virtual machines, support for 51
Visual Basic (VB) 134
VMware, support for 51
VPN (virtual private network) 254
W
Wait variable 251
warnings, generating 118, 124
WarnMax variable 250, 251
WarnMin variable 250, 251
WBEM_E_INVALID_CLASS error message 210
Win32_PerfRawData
performance counters supported 148
WMI queries for WMI class 148
WIN32_WMISetting 235
Windows 30
Windows account requirements 46
Windows Management Instrumentation (WMI) 34
Windows NT Workstation 135
WINS (Windows Internet Naming Service)
recovery actions 130
reports 172
rulesets for monitoring 254
WINSADD variable 237
WINSDEL variable 237
WMI parameters, creating 146
WMI Wizard 34
WMIAvailability parameter 129, 235
WMServer service 262
wpconfig utility 96
wpconfig variables 18
WpReplicationFailures parameter 42, 130
X
xpconfig utility 96
301
302
Notes
*104698*
*104698*
*104698*
*104698*
104698

BMC PATROL For Microsoft Windows Servers Getting Started

Uploaded by

Copyright:

Available Formats

BMC PATROL For Microsoft Windows Servers Getting Started

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

BMC PATROL For Microsoft Windows Servers Getting Started

Uploaded by

Copyright:

Available Formats

BMC PATROL

for Microsoft Windows Servers

Contacting BMC Software

United States and Canada

BMC SOFTWARE INC

713 918 8800 or

(01) 713 918 8000

713 918 8000

Outside United States and Canada

(01) 713 918 8800

Copyright 2007, 2009 BMC Software, Inc.

Restricted rights legend

Support by telephone or e-mail

Before contacting BMC

operating system and environment information

sequence of events leading to the issue

commands and options that you used

product error messages

License key and password information

BMC PATROL for Microsoft Windows Servers Getting Started

Product components and capabilities

PATROL for Windows Servers features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Installing and migrating PATROL for Windows Servers

Determining the version of the installation utility . . . . . . . . . . . . . . . . . . . . . . . . . . 54

Loading and configuring PATROL for Microsoft Windows Servers

Preparing to use PATROL for Windows Servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

BMC PATROL for Microsoft Windows Servers Getting Started

Configuring service monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

Using the PATROL Cluster Configuration Wizard

Using the PATROL Cluster Configuration Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . .

Install the PATROL Agent on each cluster node. . . . . . . . . . . . . . . . . . . . . . . . . . . 186

Using the PATROL KM for Microsoft Windows Active Directory Remote

Troubleshooting PATROL for Microsoft Windows Servers

PATROL KM for Microsoft Windows OS problems . . . . . . . . . . . . . . . . . . . . . . . . . . . 202

Accessing menu commands, InfoBoxes, and online Help

Accessing KM commands and InfoBoxes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216

BMC PATROL for Microsoft Windows Servers Getting Started

Accessing online Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217

Agent configuration variables and rulesets

Managing configuration variables. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

PATROL for Windows .kml files

PATROL for Microsoft Windows Servers .kml files . . . . . . . . . . . . . . . . . . . . . . . . . . .

BMC PATROL for Microsoft Windows Servers Getting Started

BMC PATROL for Microsoft Windows Servers Getting Started

Information required by PCC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180

BMC PATROL for Microsoft Windows Servers Getting Started

PATROL KM for Event Management .kml files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286

BMC PATROL for Microsoft Windows Servers Getting Started

Product components and capabilities

Chapter 1 Product components and capabilities

PATROL for Windows Servers features

PATROL for Windows Servers features

Centralized event filtering and notification

Ability to deploy configuration settings

BMC PATROL for Microsoft Windows Servers Getting Started

PATROL for Windows Servers features

Built-in recovery actions

terminating a run-away process

Predefined rulesets for common server types