Upload
others
View
10
Download
0
Embed Size (px)
Citation preview
Microsoft SharePoint Server EventTracker v9.x or above
Publication Date: March 15, 2019
1
Monitoring SharePoint 2016 Server
Abstract Abstract EventTracker allows you to effectively manage your systems and provides operational efficiencies –
reducing IT costs and freeing resources for other duties that increase the business value of your organization.
EventTracker’s built-in knowledge pack enables you to gather business intelligence providing increased
security, performance, availability, and reliability of your systems. With EventTracker, you can monitor all of
your servers running SharePoint from a single view. EventTracker checks the status and availability of
SharePoint Servers, critical server processes, and it centrally consolidates all the event logs. Through
consolidated logging you can monitor the performance, availability, and security of your servers running
SharePoint, alerting you to events that have a direct impact on server availability while filtering out events that
require no action. Through alerts, knowledge base solutions, and reports, EventTracker helps you correct
problems long before a catastrophic failure occurs. EventTracker also includes reports that allow you to
summarize server availability.
Scope The configurations detailed in this guide are consistent with EventTracker version 9.x and later, SharePoint
2013/2016.
The information contained in this document represents the current view of Netsurion. on the issues
discussed as of the date of publication. Because Netsurion must respond to changing market
conditions, it should not be interpreted to be a commitment on the part of Netsurion, and Netsurion
cannot guarantee the accuracy of any information presented after the date of publication.
This document is for informational purposes only. Netsurion MAKES NO WARRANTIES, EXPRESS OR
IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT.
Complying with all applicable copyright laws is the responsibility of the user. Without limiting the
rights under copyright, this paper may be freely distributed without permission from Netsurion, if
its content is unaltered, nothing is added to the content and credit to Netsurion is provided.
Netsurion may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Netsurion, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.
The example companies, organizations, products, people and events depicted herein are fictitious.
No association with any real company, organization, product, person or event is intended or should
be inferred.
© 2019 Netsurion. All rights reserved. The names of actual companies and products mentioned
herein may be the trademarks of their respective owners.
2
Monitoring SharePoint 2016 Server
Table of Contents Abstract ............................................................................................................................................................. 1
Scope ................................................................................................................................................................. 1
Overview ................................................................................................................................................................ 3
Turn on Appropriate Diagnostics Logging on SharePoint Server ...................................................................... 3
Diagnostic Logging File Monitoring(LFM) in EventTracker Agent ..................................................................... 4
Enable Diagnostic Logging Filter exception in EventTracker Agent .................................................................. 6
Enable IIS Logging on SharePoint Web Application Server ............................................................................... 8
Microsoft IIS Logs Filter exception in EventTracker Agent ............................................................................... 9
Microsoft SharePoint Server Knowledge Pack: ................................................................................................... 10
Flex Reports ..................................................................................................................................................... 10
Dashboards ...................................................................................................................................................... 11
Import Microsoft SharePoint Server knowledge pack into EventTracker .......................................................... 13
Token Template ............................................................................................................................................... 13
Import SharePoint knowledge pack into EventTracker ...................................................................................... 14
Flex Reports ..................................................................................................................................................... 15
Knowledge Objects .......................................................................................................................................... 16
Dashboards ...................................................................................................................................................... 17
Verify SharePoint Server knowledge pack in EventTracker ................................................................................ 18
Knowledge Object ........................................................................................................................................... 18
Flex Reports ..................................................................................................................................................... 19
3
Monitoring SharePoint 2016 Server
Overview EventTracker allows you to effectively manage your systems and provides operational efficiencies – reducing
IT costs and freeing resources for other duties that increase the business value of your organization.
EventTracker’s built-in knowledge base enables you to gather business intelligence providing increased
security, performance, availability, and reliability of your systems. With EventTracker you can monitor all of
your servers running Microsoft Office SharePoint Server from a single view. EventTracker checks the status and
availability of SharePoint Server’s critical processes and it centrally consolidates all the event logs, Web Server,
and Database Server logs. Through consolidated logging you can monitor the performance, availability, and
security of your servers running SharePoint, alerting you to events that have a direct impact on server
availability while filtering out events that require no action. Through alerts, knowledge base solutions, and
reports, EventTracker helps you correct problems long before a catastrophic failure occurs. EventTracker also
includes reports that allow you to summarize server availability.
Turn on Appropriate Diagnostics Logging on SharePoint Server To enable diagnostic logging in SharePoint Server you need to be a member of Farm Administrator’s Group.
Follow the steps given below to add a user in Farm administrators group:
1. Login to SharePoint Server Central Administration website.
2. Click Monitoring.
3. Click Diagnostics logging.
4. Check the All categories option.
Figure 1
4
Monitoring SharePoint 2016 Server
5. Select Warning/information as the Least critical event to report to the eventlog from the dropdown.
6. Click OK.
Figure 2
Diagnostic Logging File Monitoring(LFM) in EventTracker Agent 1. To Launch the EventTracker Agent Configuration Goto Program Files (x86)\Prism
Microsystems\EventTracker\Agent.
2. Find the etaconfig and double click.
3. In EventTracker Agent Configuration dialog box, click the Log file Monitor tab and click Logfile Monitor
button. Click Add File Name for new Log filter Monitoring.
Figure 3
4. Select Drive Name/Folder Name and tick Show all the files option and select files and click OK.
5
Monitoring SharePoint 2016 Server
Figure 4
5. Enter the Log file extension to proceed.
Figure 5
6. Verify the File name/Type and click OK.
Figure 6
6
Monitoring SharePoint 2016 Server
7. Select the file path and save.
Figure 7
Note: This option enables you to monitor multi-vendor log files with matching keyword entries. EventTracker
generates an event if any matching record is found. The Log file monitoring configurations can be done
through EventTracker Agent Configuration provided on the EventTracker Control Panel. In the EventTracker
Enterprise (Web GUI), you can only view the Logfile monitoring settings.
Enable Diagnostic Logging Filter exception in EventTracker Agent You can Filter Exception to monitor specific events if they match filter criteria.
Follow the steps given below to enable Logfile Monitoring:
1. To Launch the EventTracker Agent Configuration Goto Program Files (x86)\Prism
Microsystems\EventTracker\Agent.
2. Find the etaconfig and double click.
3. In EventTracker Agent Configuration dialog box, click the Event Filters tab.
7
Monitoring SharePoint 2016 Server
Figure 8
4. Click the Filter Exception tab and click Find tab.
Figure 9
Note: This option enables you to filter events being sent to the Manager. Select appropriate checkboxes under
Basic Logs, Special Logs, and Event Types. Event Logs is a dynamic list of Channels. Whenever a new Channel is
provided for subscription, EventTracker updates this list automatically. This option helps you to filter events
with exception. For example, had you configured agent to filter Information events, all events of ‘Information’
event type will not be forwarded to the Manager. However, if you wish to send specific events
of Information event type, you can exempt those events from filtering.
8
Monitoring SharePoint 2016 Server
Enable IIS Logging on SharePoint Web Application Server 1. Click Start > All Programs > Administrative Tools > Internet Information Services (IIS) Manager.
2. In the Connections pane, navigate to Default website, and then click Logging.
Figure 10
3. Select log file format as W3C from Format dropdown.
4. Click the Select Fields button. W3C Logging Fields dialog box appears on the screen.
5. Check all the field options, and then click OK. 6. In the Actions pane, click the Apply button.
Figure 11
9
Monitoring SharePoint 2016 Server
Figure 12
Microsoft IIS Logs Filter exception in EventTracker Agent You can Filter Exception to monitor specific events if they match filter criteria.
Follow the steps given below to enable Logfile Monitoring:
1. To Launch the EventTracker Agent Configuration Goto Program Files (x86)\Prism
Microsystems\EventTracker\Agent.
2. Find the etaconfig and double click.
3. In EventTracker Agent Configuration dialog box, click the Event Filters tab.
Figure 13
10
Monitoring SharePoint 2016 Server
4. Click the Filter Exception tab and click Find tab.
Figure 14
NOTE- For more details of Microsoft-IIS Events configuration to EventTracker refer:
https://www.eventtracker.com/knowledge-packs/iis/
Microsoft SharePoint Server Knowledge Pack:
Flex Reports
• Microsoft SharePoint Server Activities: This report provides information related to SharePoint Server
activity.
Figure 15
11
Monitoring SharePoint 2016 Server
Sample Log:
Dashboards
• Microsoft SharePoint Server Security Logon Failure Events:
Figure 16
• Microsoft SharePoint Server- Activities by User:
Figure 17
ENTRY:02/27/2019 07:08:45.06 w3wp.exe (0x1650) 0x56E4 SharePoint Foundation Topology atega Medium 1 file changes detected FILE:d:\SharePoint_LogFiles\CONTOSO-20190227-0702.log TYPE:TEXTLINE FIELD: * ENTRY:02/27/2019 07:08:44.86 NodeRunner.exe (0x16C0) 0x1CF0 SharePoint Foundation Config Cache umbj Medium Deserializing the type named Microsoft.Office.Server.Search.Administration.SearchServiceApplicationMonitoring, Microsoft.Office.Server.Search, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c and with id 2d7f14a4-289f-47bf-bd65-5a933fc13ea5. FILE:d:\SharePoint_LogFiles\CONTOSO-20190227-0702.log TYPE:TEXTLINE FIELD: *
12
Monitoring SharePoint 2016 Server
• Microsoft SharePoint Server Activities by Src IP:
Figure 18
• Microsoft SharePoint Server Activates by Extension:
Figure 19
• Microsoft SharePoint Server Activities by Application:
Figure 20
13
Monitoring SharePoint 2016 Server
• Microsoft SharePoint Server File Accessed by User:
Figure 21
Import Microsoft SharePoint Server knowledge pack
into EventTracker • Token Template
• Flex Reports
• Knowledge Objects
• Dashlets
Token Template 1. Open EventTracker Enterprise in the browser and log in.
2. Click Admin and select Parsing Rule.
3. And Select Template.
Figure 22
14
Monitoring SharePoint 2016 Server
4. Click Import icon and select the File Name.
Figure 23
5. Select Tokens name and click Import button.
Figure 24
6. Templets are now Imported successfully.
Figure 25
Import SharePoint knowledge pack into EventTracker
1. Launch EventTracker Control Panel.
2. Double click Export-Import Utility
Figure 26
15
Monitoring SharePoint 2016 Server
3. Click the Import tab.
Flex Reports On EventTracker Control Panel,
1. Click Reports option and select new(etcrx) from the option.
Figure 27
2. Locate the file named Reports_ SharePoint Server.etcrx and select all the checkbox.
Figure 28
16
Monitoring SharePoint 2016 Server
3. Click the Import button to import the reports. EventTracker displays a success message.
Figure 29
Knowledge Objects 1. Login to EventTracker console.
2. Click Knowledge objects under Admin option in the EventTracker manager page. 3. Locate the file named KO_SharePoint Server.etko
Figure 30
4. Now select all the checkbox and then click ‘Import’ option.
Figure 31
5. Knowledge objects are now imported successfully.
17
Monitoring SharePoint 2016 Server
Figure 32
Dashboards 1. Open EventTracker Enterprise in the browser and log in.
Figure 33
2. Navigate to My Dashboard.
3. Click on Import configuration icon on the top right corner.
4. In the popup window browse the file named Dashboard_SharePoint Server.etwd.
Figure 34
5. Now select all the checkbox and then click Import option
18
Monitoring SharePoint 2016 Server
Figure 35
6. Click ‘customize’ to locate and choose created dashlet.
7. Click Add to add dashlet to the dashboard.
Figure 36
Verify SharePoint Server knowledge pack in
EventTracker
Knowledge Object 1. In the EventTracker Enterprise web interface, click the Admin drop-down, and then click Knowledge
Objects.
19
Monitoring SharePoint 2016 Server
2. In the Knowledge Object tree, expand SharePoint group folder to view the imported Knowledge objects.
Figure 37
Flex Reports In the EventTracker Enterprise web interface, click the Reports icon, and then select Report Configuration
Figure 38
1. In Reports Configuration pane, select a Defined option.
2. Click the SharePoint Server group folder to view the imported SharePoint Server reports.
20
Monitoring SharePoint 2016 Server
Figure 39