Upload
artica-st
View
223
Download
1
Embed Size (px)
DESCRIPTION
This is an Enterprise Plugin to monitor events from Forefront Identity Manager. For more information visit the following webpage: http://pandorafms.com/index.php?sec=Library&sec2=repository&lng=en&action=view_PUI&id_PUI=276
Citation preview
Pandora FMSAdministrator Manual
Plugin Forefront Identity Manager
Administrator Manual Plugin Forefront Identity Manager
© Artica Soluciones Tecnológicas 20052012
Index1Changelog...........................................................................................................................................32Introduction........................................................................................................................................43Compatibility Matrix..........................................................................................................................54Documentation provided by the requesting area................................................................................65Modules of Apache Webserver available...........................................................................................76Installing.............................................................................................................................................87Monitoring with the Plugin................................................................................................................9
7.1.Monitoring via WMI and Performance counters.......................................................................97.1.1.Performance Counters Verification...................................................................................9
7.2.Additional Configuration Fixes.................................................................................................97.2.1.Monitoring via Powershell..............................................................................................10
8Typical problems..............................................................................................................................11
1 CHANGELOG
Date Author Change Version
09/05/11 Luismi First Version v1r1
Page 3
2 INTRODUCTION
This document has as main objective the description of the server monitoring with Microsoft
Forefront Identity Manager incorporated. A serie of “base” modules have been selected based on our
experience in system monitoring and also in the necessities of some of our clients.
To extract the information the following things are used:
• The software already installed in the system (WMI, Powershell), for the monitoring done by
the plugin without having to install libraries or third part utilities.
• An already existing log parser (the one of Pandora) to process the FIM alert logs.
• A serie of basic checks “by default”, although they could be deleted or customized.
• An “open” interface (the one of Pandora, as extension of the administration section) to
specify free SQL queries.
• The system, that is integrated with the Windows agent and that has the capacity of
distribute file collections, so it is possible to distribute the plugin by one hand and the file
colections in an individual wayby agentand/or by policy.
It is necessary to mention that as with the rest of the monitoring with Pandora FMS, the FIM
monitoring plugin could be used to collect information kind “text string”(to manage it as events) or
kind numerical (to do performance management).
Page 4
3 COMPATIBILITY MATRIX
Was tested in these systems • Windows 2008 R2
It should work in these systems • Same system or higher
Depending on the operative system, the format in the Powershell scripts to extract the information
you want could change, so it will be necessary to adapt the plugin according to that circumstances.
Page 5
4 DOCUMENTATION PROVIDED BY THE REQUESTING AREA
The area which requires the monitoring must provide the following:
• Install a Pandora FMS Agent in machine to be monitored
• Install a FIM server with Powershell tools
• The user which executes Pandora FMS agents must have Local Administrator rights
• The execution policy for Powershell scripts must be “RemoteSigned” or less restricted
Page 6
5 MODULES OF APACHE WEBSERVER AVAILABLE
The parameters available to monitor are:
• Serv_FIMSynchronizationService
• Serv_TaskScheduler
• Serv_MSSQLServer
• Serv_MSSQLServer_VSS_Writer
• Serv_WindowsTime
• Perf_LogicalDisk_Avg_Disk_Queue_Length_F:
• Perf_LogicalDisk_Avg_Disk_Queue_Length_G:
• Perf_SQLServer_Databases_FIMSynchronizationService_Log_File_Size
• Perf_SQLServer_Databases_FIMSynchronizationService_Percent_Log_Used
• Perf_SQLServer_Databases_FIMSynchronizationService_Transactions/sec
• Eventos especificados en el documento de monitorización FIM.
Page 7
6 INSTALLING
Copy the plugin to the agent plugin directory, and distribute it through file collections. The call
from the agent will be similar to this, but using the path where the plugin is installed.
module_plugin "<ruta-powershell>\powershell.exe" -command C:\'<ruta-plugin>\Pandora_Plugin_FIMEvents_vx.y.ps1'
Page 8
7 MONITORING WITH THE PLUGIN
7.1. Monitoring via WMI and Performance counters
As we have lot of experience in Windows environments, we have decided that some modules, based on WMI and Performance Counters are interesting to consider in a monitoring and because of this they should be included in the monitoring policies to implement. These modules are included in this document.
7.1.1. Performance Counters Verification
It is important to consider that for all these Performance Counters checks from which we want to
get the monitors of all the instances of one counter (*), it will be necessary to create a perfcounter
module for each one of these instances.
This is due to that the Pandora perfcounter module doesn't accept the format (*) when monitoring
a counter, because we are giving it instructions to that it creates a single module for several
instances, but what we really want is to create one module for each value of each instance.
If we want the summatory of these values, we only have to use the counter (_Total) format.
Summarizing, when we install the Performance Counter monitoring modules, we should know all
instances for each counter to monitor and from each server.
Another option to monitor counters with format (*) is to pass them in a list format as a
Pandora_Plugin_PerfCounter_vx.y.ps Powershell agent plugin parameter. This plugin will extract
in a massive way the values of each one of the counters and of each one of their instances and it
will introduce them authomatically in their correspondant modules.
You can find more specific information about its use in the associated documentation:
(Pandora_Plugin_PerfCounter_vx.yrz.pdf)
7.2. Additional Configuration Fixes
NOTE: It is very important to consider that the configuration files though for the plugin in WINDOWS
should be edited and saved with carriage retursn type “WINDOWS” and that if we use carriage returns
type “UNIX” the plugin won't work well.
There are some specific checks that have their own configuration”tokens”. They are described here:
Page 9
7.2.1. Monitoring via Powershell Starting from the base that we have installed and configured both Pandora and the FIM server, we are going to explain how to get information about the general server state, from the activity of the different services to the Powershell event extraction that through different cmdlets are in charge of doing checks on critical elements of our systems.
For this case, we should install both the Pandora software agent and the FIM event monitoring plugin in the FIM server machine. The FIM plugin in Powershell is an agent plugin used by Pandora.
Summarizing, an agent plugin is one script that is executed in the local machine where the software agent is installed, and that extracts a useful information in XML format that the agent is going to send after to the Pandora server in order to be processed.
To do that, the Pandora software agent that we have installed in our server to monitor executes that script. We should edit the agent configuration file and to do the call to the plugin through the module_plugin configuration token.
Now we have to introduce the following at the end of the configuration file:
# Plugin for monitoring Microsoft Exchange Server
module_plugin "<ruta-powershell>\powershell.exe" -command C:\'<ruta-plugin>\Pandora_Plugin_FIMEvents_vx.y.ps1'
We save the file and restart the Pandora agent.
Page 10
8 TYPICAL PROBLEMS
It is recommendable to include the Powershell.exe in the file collection, because the agent
configuration file will do the call to the plugin through that Powershell, instead of the one included
in System32, in order to avoid the readdress to the SysWOW64 path in the 64 bits Operative
Systems.
Is recommendable to do this due to a problem reported in the Microsoft knowledge base according
to which when an application compiled in 32 bits does a call to another of 64 bits, the system
readress that call to its equivalent in 32 bits if it would exist, through which could be that would be
impossible to have access to the functions wanted in that application.
For more information check the following link:
http://support.microsoft.com/kb/942589
To solve this problem, you can install the patch that Microsoft offers, to do the calls pointing to the
“Sysnative” alias instead of the System32 to avoid the readressing, or to copy the destination
application in other location where no readressing is done.
Page 11