This section describes the various tasks involved with administering the Configuration Change Console server and agents.
Note:
You must be using a Configuration Change Console account with the super-administrator role to use all of the screens described in this chapter.The Server Configuration and Reports section of the Administrative menu helps you manage the Configuration Change Console server and database.
The Agent Configuration and Reports section helps you monitor agent status and schedules, remotely pause, stop or start agents, and upgrade agent software versions.
The following sections describe the server configuration options available, including:
Configuring the email server connection information for notification emails
Configuring the SNMP server connection information for SNMP traps
Managing database size with size thresholds and automated purging
Disabling/enabling team device limitation settings
Configuring agent archive file limits
Configuring administrative alerts
Configuring dashboard thresholds
Viewing server/database statistics
Configuration Change Console uses email to send and receive responses to notifications generated by audit actions or threshold rules. Use the Email Configuration screen to specify the email address used in email notifications, along with the necessary mail server connection information. This account will be used to both send email notifications and receive notification confirmations.
Warning:
Use an email account dedicated to Configuration Change Console notification. The software will purge email from this account on a regular basis.To access this screen, navigate to Administration --> Server Configuration --> Email Administration.
To configure email, follow these steps:
Enter the login name and password for the email account to use.
Use an account that is dedicated to Configuration Change Console notifications, as the software will regularly purge the email from the account.
Enable or disable email notifications using the Email Send enabled check box.
Enter the mail server and mail store information, and the account to send emails from.
Enabled or disable acknowledgements using the Email acknowledgements enabled check box.
Enter the mail server type for receiving acknowledgements and the mail store information.
The system sends a confirmation email to the selected administrator to confirm that the settings are correct. If authorization fails, the screen appears with the same information. In this case you must update the information or cancel the changes.
Click Save to save the changes.
The Configuration Change Console can generate SNMP traps for notifications generated with audit actions, threshold rules, or administrative alerts. Use the SNMP Administration screen to configure or change information about your available SNMP servers. You can configure more than one SNMP server in your environment to receive SNMP traps.To access this screen, navigate to Administration --> Server Configuration --> SNMP Administration. The screen displays information about any configured SNMP servers.To modify an existing SNMP server, select the link under the Instance Name column. To add an SNMP server, click the Add SNMP Server button. Either way, the Add/Edit SNMP Server screen is displayed.Enter or modify the SNMP server information by following these steps:
Assign an instance name for the SNMP server. This is a name you will see when you configure audit actions, threshold rules or administrative alerts and want to choose an SNMP server to send traps to.
Enter the host name or IP address of the SNMP server.
Enter the server's Trap Listen Port. This is the port that the SNMP server is listening to traps on. This port is typically 162.
Optionally, add a description of the instance.
Select Save to save changes.
After you configure your server, you also must import the two MIBs that are listed in Appendix A of the Install Guide into your software that receives the SNMP traps. This allows the OIDs published to be converted into readable text.
After you set up these SNMP servers, you can choose this SNMP server to send a trap to when a notification would normally happen.
When your SNMP trap receiver gets a trap, the content will typically look like this:
Table 12-1 SNMP Trap Receiver Content
| OID | Type | Value |
|---|---|---|
|
SysUpTime.0 |
TimeTick |
17 days 10h:03m:48s |
|
snmpTrapOID |
OID |
occNotifNotificationSent |
|
occNotifInfoMessage |
String |
File c:\oracle\configurationchangeconsoleagent\config\probe.properties of application component Oracle EMCCC Agent on device SERVERABC was modified by user nt authority\system at 05/04/2009 17:07:35 GMT (Local OCC Time 05/04/2009 13:07:35 EDT). |
Configuration Change Console provides administrators with tools for managing database size. The database size protection feature sets a threshold for the Configuration Change Console database. You can configure notifications to occur when the database size reaches this threshold. Database purging configuration automatically delete older data from the database based on retention rules.
The Database Size Protection screen sets a notification threshold to protect the database from filling up with collected events and running out of space.
Set the minimum amount of free space as a percentage of total allocated space for the tablespace. When the available free space falls below this threshold, the software writes an entry to the server log. You can configure a threshold rule to notify an administrator when this event occurs.
To access this screen, navigate to Administration --> Server Configuration --> Database Size Protection.
To configure a threshold rule, follow these steps:
Enter a threshold as a percentage of total allocated space. Allowed percentage values range from 0 to 20. The tablespace name is set at installation and should not be changed unless the tablespace settings have been changed.
Click Save to save changes.
Configuration Change Console automatically purges database data after a predefined period, whether or not the database is full. This period can vary according to the type of data.
The Database Purging screen displays purging details for select types of change data stored in the database. Details include the number of days that the data will be kept in the database and the date and time of the last purge.
The following Data Types are displayed:
App Internal Events -- Member tables contain information related to internal application events, such as registry and database changes.
File Events -- Member tables contain information related to file changes, including creations, modifications, and deletions.
Notifications -- Member tables contain information related to notifications generated by the 2 solution.
Outbound Tickets -- Member tables store information related to Outbound Tickets.
Process Events -- Member tables contain information related to process changes, including starts and stops.
Process Running -- Member table contains information related to processes currently running in the monitored environment.
Product Logging -- Member tables contain information related to Configuration Change Console log files.
SQL Queries -- Member tables contain information related to data returned by SQL Queries run against monitored database instances though SQL Inventory, Snapshot, and SQL Trace agent modules.
System Resource Stats -- Member tables contain information regarding system resource usage, including CPU, memory, and disk space utilization.
User Events -- Member tables contain information related to changes initiated by users.
To change the default retention period for a specific data type, click on the link in the Days to Keep column for a specific category and table. This displays a screen in which you can set a new limit for the data retention period.
The Team Device Limiting feature lets you limit the Configuration Change Console so that team members can view only the configurations and data for devices assigned to their team. This configuration screen enables or disables team device limiting, but configuration of Team Support Assignments must also be done for this change to take affect.
Team Device Limiting is enabled by default, but only takes effect if you create Team Support Assignments. To disable this feature, use Administration --> Server Configuration --> Team Device Limiting.
You can configure Configuration Change Console to automatically archive critical files when they change.
Use the Archived Files Configuration screen to set the maximum number of files that can be archived, and the maximum number of copies for any specific archived file. This is used to ensure that not too many copies are stored on the agent-monitored machine.
You can configure the Configuration Change Console to automatically notify an administrator of critical events, requiring direct administrator actions, occurring within the Configuration Change Console. Once enabled, an email will be sent to the specified administrator when such a critical event is encountered. The email notification will list the date and time of the event, any applicable event trace information (for example, a stack trace), and escalation options for the notification.
To access this screen, navigate to Administration --> Server Configuration --> Administrative Alerts. Available Alerts include:
Database column precision is too low. Occurs when an attempt is made to insert a value into a column that is larger than the value type allowed by the column. For example, when a string of 100 characters is inserted into a column handling only 64, or a decimal number is inserted into a column that only accepts whole numbers.
Database Shutdown in progress. Occurs when a database operation is attempted during a database shutdown.
Database Size Exceeded Threshold. Occurs when database table space usage exceeds the threshold specified on Database Size Protection screen.
Database Unique Constraint Violation. Occurs when an attempt is made to insert a repeat value (non-unique) into a tablespace column that accepts only unique values.
Database Table Usage Rate Exceeded Threshold. Occurs when database table space usage growth is exceeding a calculated growth rate.
Database Value too large for column. Occurs when the value selected to be written to the database is too large for the selected column.
Database Snapshot too old. Occurs most often when the database rollback segments have been sized too small.
Fatal Error in Report. Occurs when a scheduled report fails to generate.
Outbound Email volume exceeded threshold. Occurs when too many emails are sent during a specific time period.
Agent Internal Monitoring connectivity error. Occurs when the agent is unable to successfully perform an application-internal monitoring operation due to a lack of a connection.
Agent SQL Trace/DB2 Data loss. Occurs when the data pipe within DB2 becomes clogged, thus causing interrupted, or restricted data flow to the agent.
Report PDF Run-Time Exceeded Threshold. Occurs when data for a generated report exceeded the maximum size. In this case, only the data up to the size limit would be included in the report.
State Change on Agent. Occurs when an agent changes its status, for example when an agent changes from "Running" to "Hold".
Agent command failure. Occurs when an agent attempts to run a native command, such as sysinfo or filewatch, and fails.
Notifications: outbound E-mail volume exceeded threshold. Occurs when too many emails are sent during a specific time period.
To activate administrative alerts:
Checkmark the Active box for the alert.
Select an administrator to receive notifications.
Select an SNMP server through which to send email notifications (optional).
Select an escalation priority level for the notification. For a description of these priorities, see Escalation Priorities.
Click Save.
If the alert requires a device assignment, click the Device Assignments count link.
Assign the policy to the devices through the Assign Device to Policy screen.
Update the agents on the associated devices.
Use the Dashboard Threshold Configuration screen to establish the thresholds that are used on the dashboards for policy compliance. Control thresholds affect how the dashboard dials report event activity.
To access this screen, navigate to Administration --> Server Configuration --> Dashboard Thresholds.
Select a framework and associated policy. See Frameworks and Policies for a list of the available framework and policy combinations that come with the product.
Set the low and high thresholds for each of the listed summaries. Each summary maps to either a dashboard dial or a tab in a dashboard screen. For a control's Summary Dial, the low threshold defines when the needle appears in the green section of the dial, while the high threshold defines when the needle moves to the red portion of the dial. The values between the low and high threshold would indicate the needle would be in the yellow region.
Note:
Threshold values cannot be below 0 or above 100. Also, the low threshold cannot be equal to or greater than the high threshold. All threshold fields are required.For rule creation for components, the user can optionally get user based rules from an integrated LDAP server. The Configuring LDAP Integration screen lets the user integrate their installation of Configuration Change Console with one or more LDAP servers.
Clicking on the Add New Instance button or clicking on a linked instance name will take you to the screen to add or update an LDAP Server.
The following administrator screens (reports) are available from Administration --> Server Reports.
Table 12-2 Administrator Reports
| Report | Description |
|---|---|
|
Active Sessions |
Provides information about the people currently logged into the Configuration Change Console server. |
|
System and Database Log |
Displays system and database error messages encountered during a specified time period. |
|
Log files |
Lists all logs generated by the system and allows you to view or download individual log files. For the ar-server.log file, you can also empty the log and copy its contents to another file (provided by the Roll Over link.) |
|
Specification Change Log |
Displays logs of changes to policy specifications, based on policy assignment types and monitoring methods, during a user specified time frame. |
|
Data Growth Trends |
Displays data growth over time for selected Configuration Change Console agent modules, during a user specified time period. |
|
Diagnostics Report |
Displays configuration and current monitoring info for the monitored environment that can be used to diagnose issues with the deployment. |
Configuration Change Console agents, installed on each monitored server collect change events from the monitored server and report these changes back to the Configuration Change Console server. The agent communicates with the server through a JMS (Java Messaging Services) bus.
If an agent's connection to the JMS bus is lost for any reason, the agent buffers the data on the local monitored device until the connection is restored. The collected data buffered in the agent will then be sent to the server and the agent will resume normal operation. There is a limit to the maximum size of the buffer. Each agent can hold 5MB or 2 hours' worth of data, whichever occurs first. This size limit can be configured during the agent installation.
The agents collect and send data to the database according to a schedule, which varies according to the type of agent and information being monitored. An agent schedule template defines the intervals for agent data collection/transmission and which modules are used in monitoring. These modules are described in the following section.
An agent schedule group is a group of agents assigned to a specific schedule template.
The Agent Schedule Template Group Assignment screen allows an administrator to specify which device groups use each Agent Schedule Template. Each schedule group can have only one template associated with it at a given time.
The following agent modules are used in Agent Schedule Templates:
HostConfig -- Collects basic system information
CPUConfig -- Takes inventory of processor configuration
CPURunning -- Tracks processor resource usage
MapiMonitor --Tracks all MAPI related system and notification information
MemConfig -- Takes inventory of physical and virtual memory configuration
MemRunning -- Tracks all physical and virtual memory resource usage
FSConfig -- Takes inventory of the existing file system structure
FSRunning -- Tracks all file system resource usage
IPConfig -- Takes inventory of network configurations
FileRunning -- Track changes to files
UserRunning -- Tracks user logins and logouts
ProcessRunning -- Tracks process starts, stops, and resource usage
Configuration Change Console comes prepackaged with the following default agent schedule templates:
Performance and Change -- Tracks all performance and change-related issues. Comprised of all modules
Performance Only -- Tracks resource usage related to performance
Change Only -- Tracks all change-related issues. Comprised of Change Modules only: HostConfig, FSConfig, FSRunning, IPConfig, FileRunning, UserRunning, and ProcessRunning modules
MAPI Broker -- Tracks all MAPI related issues
NT Lite -- Tracks performance and change related issues on Windows NT based devices. Comprised of a minimal set of modules meant for NT devices that do not have WMI 1.5 installed. Includes HostConfig, FSConfig, and FileRunning modules
OS/400 -- Tracks performance and change related issues on OS/400 based devices. Includes all modules supported by the OS/400 agent: HostConfig, FSConfig, and FileRunning
Default -- Tracks basic system information. Includes only the HostConfig module
To access this screen, navigate to Administration --> Agent Configuration --> Schedule Templates.
To view the schedule details for each module, click on the link in the # of Enabled Modules column. This displays a screen that lists the interval and offset for each module and contains the following fields:
The interval (in seconds) is how frequently the agent sends the data.
The offset is the time offset for the initial run of the module. For example, if the Interval is 60 and the offset is 30, the initial process will take 90 seconds to complete a cycle, but adhere to the regular 60 second interval thereafter.
The intervals that are defined on this screen can be changed by clicking on the link on the agent module name. The interval and offset values that are set by default are the recommended intervals. There are some times however that it is desired to extend the interval so that the agents are not reporting events as often.
There are some caveats though to setting the intervals to be too long. For instance, the AppRunning interval is used to control reporting and monitoring intervals for all component internal modules such as Database monitoring and Active Directory Monitoring. If you extend the interval too long, events that may have occurred may roll off of the audit log and may not be available to be reported against anymore.
The Agent Schedule Groups screen displays the agent schedule groups and the number of devices in each group.
To access this screen, navigate to Administration --> Agent Configuration --> Schedule Groups.
Each managed device must belong to a schedule group. Devices can belong to only one group at a time, and each group can be assigned only one schedule template. The assigned schedule template will apply to all devices within the schedule group.
To modify an agent schedule group, click the link in the Group Name column.
To add a new schedule group, click Add a Schedule Group.
Either way, the Add or Update a Schedule Group screen will be displayed. From this screen you can name the group and select devices to assign to the schedule group.
Use the Schedule Template Group Assignment screen to assign a schedule group to a schedule template. In the Agent Schedule Templates screen, click the link for the # of Schedule Groups to add a schedule group to a specific schedule template.
A schedule template can be assigned to multiple schedule groups, but each group can only be assigned one schedule template. The assigned schedule template will apply to all devices within a schedule group.
To access this screen, navigate to Administration --> Agent Configuration --> Schedule Templates: # of Schedule Groups link.
Administrators can stop, pause, hold, resume or restart the agent service from a centralized location without having to access the machine directly.
Note:
An agent that has been stopped must be restarted manually from the device on which it is installed.The available options are:
Hold -- The agent continues collecting data and buffering it locally, but does not send the data until you resume the agent's communications
Pause -- Pauses the agent; the agent does not collect data nor send data until you resume the agent's communications
Resume -- Causes an agent which is in a Pause or Hold state to resume collecting and sending data
Restart -- Restarts a running agent
Stop -- Stops the agent. The agent must be restarted manually on the managed device after this command
The Manage Agents screen allows you to change the current state of an agent by device(s) or device group(s).
To access this screen, navigate to Administration --> Agent Configuration --> Manage Agents.
Manage agents by following these steps:
Select the device group or devices to manage.
Select either Hold, Pause, Resume, Stop, or Restart.
Click Submit to put the operation into effect on the agent.
A confirmation message will appear asking you to confirm the action; click OK.
The Configuration Change Console allows for upgrading agents remotely from the primary server's web-based interface. The server installation already comes packaged with the agent upgrade code to match the version of the server. When upgrading your environment, you would upgrade the repository and servers first and then perform the upgrade to the agents from the new version of the server. This means that for some time between server upgrade and agent upgrade, the agents will still be running the previous version.
To access this screen, navigate to Administration --> Agent Configuration --> Upgrade.
On this screen you can filter your device list by the device groups and select one or more devices to upgrade. The table that shows the devices lists the device name, operating system, current agent version and the most recent version available to upgrade to. The status column lists the upgrade status. The agent for 10.2.0.4 has a version of 5.1.0 and the agent for 10.2.0.5 has a version of 5.1.1.
From the table, you can choose a single device to upgrade or select to upgrade all. After choosing the devices to upgrade, you can schedule the time to upgrade or perform the upgrade now.
Depending on the scheduling and success of an upgrade, the following may display in the Status column of the Upgrade screen.
Pending. The upgrade has been scheduled, but has not yet been executed.
Executing. The upgrade is currently in progress.
-- (Normal status). Following a Pending or Executing status, the -- indicates that the upgrade has completed successfully.
Cancelled. The scheduled agent upgrade has been cancelled. The agent status will remain in this state until another upgrade is scheduled.
Failed. There was no response from the agent after 15 minutes of executing an agent upgrade.
Configuration Change Console offers a number of read-only screens that provide you with information about agent availability and statistics, and allow you to view agent log files.
Available agent reports include:
Statistics -- The Agent Statistics screen provides information about processes run by the agent on managed devices. The screen displays a count of messages and instances sent since the counters were last cleared. Each instance represents a single change. You can clear the counters from this screen.
Log Files -- Lists all or a group of agent devices, and lets you retrieve zipped log files from specific devices.
Availability Report -- This screen provides a graphical representation of an agent's availability on a specific device over a specified time period.