Nextel to Receive Emails

Tuesday, April 26th, 2005

Nextel to Receive Emails

Created 2005-04-26 by Hamid Ali Raja

I am using Nextel services. Is it possible to receive MonitorWare Alerts on my mobile device?

If you are enjoying Nextel services, you can use your mobile devices to receive alerts and emails from MonitorWare Products.

You just specify your email using the Nextel phone number in the Forward via Email action properties. For example: 7033311111@messaging.nextel.com). See the screen shot below for more reference:

For more information, please visit Nextel.

A complete step by step guide on setting up SETP Server Service

Thursday, April 14th, 2005

How To setup SETP Server Service

Article created 2005-04-04 by Hamid Ali Raja.

1.
First, right
click on "Services", then select "Add Service" and the "SETP
Server".

Once you have done so, a new wizard starts.

2.
Again, you can use either the default name or any one you like. We will use "My SETP
Server" in this sample. Leave the "Use default settings" selected and
press "Next".

3.
As we have used the default, the wizard will
immediately proceed with step 3, the confirmation page. Press "Finish" to
create the service. The wizard completes and returns to the configuration
client.

4.
Now, you will
see the newly created service beneath the "Services" part of the tree view.
To check its parameters, select it:

As you can see, the service has been created with the default parameters.

5.
To use the
"Database Logging" RuleSet we have created in Step 4, select it as rule set
to use.

6.
Last, save the
change and then restart the application. This procedure completes the
configuration of the SETP server.

Application cannot dynamically read changed configurations. As such, it
needs to be restarted after such changes.

How To setup Windows centralized Monitoring

Tuesday, April 5th, 2005

How To setup Windows centralized Monitoring

Article created 2005-04-05 by Hamid Ali Raja.

Monitoring Windows NT/2000/XP/2003 is important even for small environments. This article is strictly task focused. It does not describe why the systems should be monitored nor does it provide any further background. Please see the respective backgrounders or product documentation on this. This article is a step-by-step description of what you need to do in order to centrally monitor your Windows NT/2000/XP and 2003 systems.

This article has been extracted from the MonitorWare Agent documentation. Please be sure to check the MonitorWare Agent online help if a newer version is available.

Centralized Event Reports

In this step-by-step guide, MonitorWare Agent is configured to work together with Adiscon’s MonitorWare Console to automatically generate event summaries for the monitored servers and other devices.

This guide focuses on a typical small to medium business topography with a single geographical location and 5 Windows clients and a central hub server. All systems are well connected via a local Ethernet. Event reports from all machines should be stored in a database. The administrator shall receive daily consolidated event reports.

What you need

In this guide, I am focusing on building a solution with Adiscon’s MonitorWare Agent and MonitorWare Console. This combination allows you to centralize all your event logs and report events from them. Free 30 day trial versions are available at the respective product sites (links below), so you can try the system without the need to buy anything.

You need to run the following products:

  • 1 MonitorWare Agent for each system that is to be monitored. In our scenario, this means 6 copies, one for each client and one for the central hub server to be monitored.
  • 1 MonitorWare Console to generate consolidated reports based on the gathered log data.
  • To deliver MonitorWare Console’s reports, you need a local web server (for example Microsoft’s IIS or Apache) and a mail server capable of talking SMTP (most modern servers support this)

You need administrative privileges on each of the machines. This is required both for installation and configuration. Make sure you log on with a sufficiently privileged user account.

Step 1 – Download Software

As you read the MonitorWare Agent manual, you most probably downloaded the MonitorWare Agent. If you haven’t, please visit www.mwagent.com/en/download to do so. In addition to the agent, you also need MonitorWare Console. A free, full-featured 30 day trial is available at http://www.mwconsole.com/en/download/.

Step 2 – Install MonitorWare Agent

Run the MonitorWare Agent setup program on all systems that should be monitored. This means you need to run it on all 5 clients and the central hub server. Take a note of the central hub server IP address or host name. You’ll need this value when configuring the agents on the client machine. For our example, we assume this system has an IP address of 192.168.0.1.

For larger installations (with many more servers) there are ways to set it up in a simpler fashion, but in a scenario like ours, it is faster to install it on each machine manually. You can install it with the default settings. When setup has finished, the program automatically is configured to operate as a simple syslog server. However, it does not yet create the log in our database we need. So we will go ahead and change this on each of the machines or by launching it on one machine and remotely connecting to the others. It is your choice. In this sample, I use the MonitorWare Agent on each machine (it is easier to follow).

Step 3 – Create a RuleSet for Forward by SETP

The steps to configure the agents are as follows (repeat this on each of the 5 client machines). This step needs not to be done on the central hub server!:

Forward via SETP Steps

Step 4 – Create a RuleSet for database logging

This step needs only to be done on the central hub server!

Database Logging Steps

Step 5 – Create an Event Log Monitor Service

The steps to configure the MonitorWare Agents are as follows (repeat this step on each of the 5 client machines and the central hub server!):

Event Log Monitor Service Steps

Step 6 – Create a SETP Server Service

The steps to configure the agents are as follows (only central hub server!):

SETP Server Service Steps

Step 7 – Preparing Web Server for MonitorWare Console

MonitorWare Console publishes its reports through the local web server (central hub server).

To avoid confusion, we recommend creating a separate directory on the web server for MonitorWare Console. Let us assume you use Microsoft Internet Information Server and run it in the default configuration. Then, you web pages are stored in the c:\inetpub\wwwroot directory. Create a subdirectory "MonitorWareConsole" directly beneath this directory.

Step 8 – Installing and Configuring MonitorWare Console

MWConsole- Installation and Configuration Steps (1.1)
MWConsole- Installation and Configuration Steps (2.0)
MWConsole- Installation and Configuration Steps (3.0)

Step 9 – Generating Reports with MonitorWare Console Manually

This section explains how the reports can be generated with MonitorWare Console manually. Since "System Status" Report is most comprehensive report that tells a detailed description about the network, in this section I will explain this report only. Please note that, the procedure for generating any report is almost the same.

Generating Windows Reports with Console 1.1 Manually
Generating Windows Reports with Console 2.0 Manually
Generating Windows Reports with Console 3.0 Manually

Step 10 – Scheduling the Generation of Reports with MonitorWare Console

This section explains how the reports can be generated with MonitorWare Console automatically using Job Manager. With Job Manager, you can generate all the reports based on a pre-defined schedule and ask it to either store it in some location on the hard disk or send it to specified recipient via email. Once again, I will explain the scheduling of System Status Report in this section. Please note that, the procedure for scheduling any report is the same.

Scheduling Reports with Console 1.1
Scheduling Reports with Console 2.0
Scheduling Reports with Console 3.0

You are done!

Well, this is all you need to do to configure the basic operations. Once you are comfortable with the basic setup, you can enhance the system with local pre-filtering of event, enhanced logging and alerting (with MonitorWare Agent) and changing report options (with MonitorWare Console).

We hope this article is helpful. If you have any questions or remarks, please do not hesitate to contact us at support@adiscon.com

2005-04-04 MonitorWare Agent 3.0 Released

Monday, April 4th, 2005

MonitorWare Agent 3.0 Released

Adiscon is proud to announce the release of MonitorWare Agent 3.0. Principal features enhancements include new probe services, more user friendly user interface, MonitorWare configuration wizard and many more. (more…)

2005-04-04 MonitorWare Agent 3.0

Monday, April 4th, 2005

MonitorWare Agent 3.0 Released

Build-IDs: Service 3.0.274, Client 3.0.838

New Major Additions

  • Added New ServicesA bunch of new probe based services has been added. These new services include FTP, HTTP, IMAP, NNTP, POP3 and SMTP probe services. These services keep all features and filters specialized for there specific protocols. (more…)

How do I Update filters for MonitorWare Agent?

Monday, April 4th, 2005

How do I Update filters for MonitorWare Agent?

Article created 2005-04-04 by
Hamid Ali Raja
.

2. In order to update a filter it’s necessary that you have a previously saved configuration in
which you had applied filters. Click here
if you wish to learn "How to add filters for MonitorWare Agent?"

Note:String comparison in Filter Conditions are "Case Sensitive". For example, if the
Source System name is "ws01″ and you had written "WS01″ while applying the filter, then this filter
condition would "NEVER" evaluate to True! Please double check before proceeding further!

How to Update Filters?

1. Lets say that initially we were interested in getting an e-mail alert in a given time period
for the following filter condition:

( (Event ID is 500 OR 1000 OR 2000 OR 3000) ) AND ( FromHost is not equal to WS01 ) )

AND

( ( Event Source is equal to Security ) OR ( Priority is greater than 5 ) )

And the filter form looked like this:

2. Lets assume that you wish to update this filter condition string to this now:

( ( Event ID is not equal 500 OR 1000 OR 2000 OR 3000) ) AND ( FromHost is not equal to WS01 ) )

OR

( ( Event Source is equal to Security ) OR ( Priority is greater than 5 ) )

You would have to follow the following steps in order to accomplish this.

3. We need the Boolean "OR" operator in the top-level node for the above said filter condition,
not the default "AND". Thus, we need to change the Boolean operator. There are different ways to do
this. Either double-click the "AND" to cycle through the supported operations or select it and
click "Change Operator". In any way, the Boolean operation should be changed to "OR". This can be
seen in the screen shot below:

We will be working on this part of the filter condition.

( ( Event ID is not equal 500 OR 1000 OR 2000 OR 3000) ) AND ( FromHost is not equal to WS01 ) )

4. In order to update the actual values of the Event ID, select each of the filter. A small
dialog opens at the bottom of the screen and update the required values. In our sample, these are
Event ID 500, 1000, 2000, and 3000.

5. Click on the filter property "Event ID", from the "Compare Operation" combo box, select "is not
equal". Repeat this step for the next three filters. When you have made the updates, you screen
should look as follows:

6. Don’t forget to save the settings by clicking the (diskette-like) "Save" button. This procedure
completes the updation of the filter form. Once done your configuration looks like the following:

7. Last, save the changes if you haven’t done it before and then restart the MonitorWare /
WinSyslog or EventReporter service.

MonitorWare / WinSyslog or EventReporter cannot dynamically read changed configurations. As
such,it needs to be restarted after such changes.

How do I Delete filters for MonitorWare Agent 3.0?

Monday, April 4th, 2005

How do I Delete filters for MonitorWare Agent 3.0?

Article created 2005-04-04 by
Hamid Ali Raja
.

In order to update a filter it’s necessary that you have a previously saved configuration in
which you had applied filters. Click here
if you wish to learn "How to add filters for MonitorWare Agent?"

Note: String comparison in Filter Conditions are "Case Sensitive". For example, if the
Source System name is "ws01″ and you had written "WS01″ while applying the filter, then this filter
condition would "NEVER" evaluate to True! Please double check before proceeding further!

How to Delete Filters?

1. Lets say that initially we were interested in getting an e-mail alert in a given time period
for the following filter condition:

( (Event ID is 500 OR 1000 OR 2000 OR 3000) ) AND ( FromHost is not equal to WS01 ) )

AND

( ( Event Source is equal to Security ) OR ( Priority is greater than 5 ) )

And the filter form looked like this:

2. Lets assume that you wish to delete some filter so the filter condition looks like:

( ( Event ID is not one of (500,1000,2000,3000) ) AND ( FromHost is not equal to WS01 ) )

You would have to follow the following steps in order to accomplish this.

3. There are two ways to accomplish this scenario. You can either delete the filters one-by-one
or you can delete the whole "OR" operator. In this sample we guide you how to do these.

Deleting Filters One by One

4. This approach is recommended when you want to retain some part of the filter condition and to
delete some part of the fiter in a more complex filter condition. Right Click on the filter property
"Syslog Priority", a pop up menu appears. Select delete from the menu.

When you have deleted the filter, your screen should look as follows:

5. Right Click on the filter property "Event Source", a pop up menu appears. Select delete from
the menu.

When you have deleted the filter, your screen should look as follows:

6. Right click on the lower OR. a pop up menu appears. Select delete from the menu.

When you have deleted the OR operation, your screen should look as follows:

Don’t forget to save the settings by clicking the (diskette-like) "Save" button.

Deleting Filters Completely in a Single Selection

7. This approach is recommended when you don’t need the entire part of the filter condition.
Right click on the lower OR. a pop up menu appears. Select delete from the menu.

This process deletes the whole lower "OR" along with the filter conditions. When you have deleted
the OR operation, your screen should look as follows:

Don’t forget to save the settings by clicking the (diskette-like) "Save" button.

8. Last, save the changes if you haven’t done it before and then restart the MonitorWare Agent service.

MonitorWare Agent cannot dynamically read changed configurations. As
such,it needs to be restarted after such changes.

How do I Add filters for MonitorWare Agent?

Monday, April 4th, 2005

How do I Add filters for MonitorWare Agent?

Article created 2005-04-04 by
Hamid Ali Raja
.

Once you go to start -> programs -> MonitorWare -> MonitorWare Client to run the program, you see a screen-shot similar to the one below:

Facility Required

Email alert

Conditions Applicable

Email Alert should be generated on events with ( (Event ID is 500 OR 1000 OR 2000 OR 3000) ) AND ( FromHost is not equal to WS01 ) )
AND( ( Event Source is equal to Security ) OR ( Priority is greater than 5 ) ), all other messages should be written into a text file.

Filter Processing Steps

  • Rule 1: Looks for the filter conditions stated above and makes sure that they are reported only once within a given period. Later on when the required filter condition(s) is evaluated to true,
    an e-mail alert is generated.
  • Rule 2: Processes all other incoming message and log them into text file.

Important Note: String comparison in Filter Conditions are "Case Sensitive"!. For example, if the
Source System name is "ws01″ and you had written "WS01″ while applying the filter, then this filter
condition would "NEVER" evaluate to True! Please double check before proceeding further!

Step 1 – Create a Syslog Server

1. In the configuration program, right click on Running Services. A menu is opened up, select
"Add Service". Choose "Syslog Server". Once done it looks like as below:

Once you click on the "Syslog Server" a dialog box similar to the one displayed pops up:

In this tutorial first we create the service and then we would make the required Rule Set.
So we choose the "Create Service" option. You can opt for otherwise.

Once you have done so, a new wizard starts.

2. You can use either the default name or any other you like. I use "My Syslog
Server" in this sample. Leave the "Use default settings" selected and
press "Next".

3. As we have used the default settings, the wizard immediately proceed with step 3, the
confirmation page. Press "Finish" to create the service. The wizard completes and returns
to the configuration client.

4. You see the newly created service beneath the "Services" part of the tree
view. To check its parameters, select it:

As you can see, the service has been created with the default parameters. Please note that
there is no rule set bound to this service.

Step 2 – Create a Rule Set for Email Alert Generation and File Logging

3. Define a new Rule set, right click
"Rule set". A pop up menu appears. Select "Add Rule set" from this
menu. On screen, it looks as follows:

4. Then, a wizard starts. Change the name of the rule to whatever name you like. We use
"Email Alert Generation & File Logging" in this example. The screen looks as follow:

Click "Next". A new wizard page appears.

5. Select only "Send Email". Do not select any other options for this sample. Also, leave the
"Create a Rule for each of the following actions" setting selected. The screen looks as
follow:

6. Click "Next". You see a confirmation page. Click "Finish" to create
the Rule set.

7. As you can see, the new Rule set "Email Alert Generation & File Logging" is
present. We would create the "File Logging" Rule later on. Please expand the Rule Set in the tree
view until the action level of the "Send Email" Rule and select the "Send
Email" action to configure.

8. I have used factual values in the sample. In this sample I assume that the Mail Server IP
address is 192.168.0.1. The Sender and Recipient email addresses are "sender@yourdomain.com" and
"admin@yourdomain.com" respectively. Please replace these values and configure it according to your
environment.

9. Once the "Send Email" settings are configured, we setup the filter condition. The Filter
Condition would be something like the one below:

( (Event ID is 500 OR 1000 OR 2000 OR 3000) ) AND ( FromHost is not equal to WS01 ) )

AND

( ( Event Source is equal to Security ) OR ( Priority is greater than 5 ) )

10. Click on the filter condition of the "Send Email" Rule to set up the filter condition.

11. Right click on the AND button. A pop up menu appears. Select Add Operation and then choose
the "AND" Operator. Your filter condition look like this:

Once done, repeat the same process again. But this time Select the "OR" Operator. "AND" or "OR"
Operator are at the same level. Your filter condition look like this:

12. Select the lower AND from the tree view and right click on the AND button. Choose "Add
Operation" from the pop up menu. Then select the OR operator. This is done to cover this part of the
filter condition "(Event ID is 500 OR 1000 OR 2000 OR 3000)".

Right Click on the OR button. Click on the "Add Filter" from the pop up menu. Or you can use the
Add Filter Button. Select "Event Log Monitor" and then "Event ID". This can be seen in the screen
shot below:

13. I prefer to add all four Event ID’s property filters first and later on change the
Event ID’s to the actual values in the sample. When you have added them, it should look as
follows:

14. In order to enter the actual values, select each of the four filters. A small dialog opens
at the bottom of the screen. There you enter the values you are interested in. In our sample, these
are Event ID 500, 1000, 2000, and 3000. As we are only interested in exactly these values, we do a
comparison for equality, not one of the other supported comparison modes. When you have made the
updates, you screen should look as follows:

15. Right click on the lower AND in the tree view (under which you want to add another condition
now) and click on the "Add Filter" from the pop up menu. Or you can use the Add Filter Button.
Select "General" and then "Source".

Once the filter is added, from the "Compare Operation" combo box, select "is not equal" and
then set the value as "WS01″. When you have made the updates, you screen should look as
follows:

16. So far we have accomplished this part of the filter conditions.

( (Event ID is 500 OR 1000 OR 2000 OR 3000) ) AND ( FromHost is not equal to WS01 ) )

AND

We work on the second part of the filter condition in the upcoming step i.e. on the
following filter:

( ( Event Source is equal to Security ) OR ( Priority is greater than 5 ) )

17. Select the lower OR from the tree view and right click on the OR button. Click on the "Add
Filter" from the pop up menu. Or you can use the Add Filter Button. Select "Event Log Monitor" and
then "Event Source". This can be seen in the screen shot below:

Once the filter is added, from the "Compare Operation" combo box, select "is equal" and
then set the value as "Security". When you have made the updates, you screen should look as
follows:

18. Select the lower OR from the tree view and right click on the OR button. Click on the "Add
Filter" from the pop up menu. Or you can use the Add Filter Button. Select "Syslog" and
then "Priority". This can be seen in the screen shot below:

Once the filter is added, from the "Compare Operation" combo box, select "greater than" and
then set the value as "5″. When you have made the updates, you screen should look as
follows:

Don’t forget to save the settings by clicking the (diskette-like) "Save" button.

19. We have now selected all events that we would like to get email alerts. In order to prevent
this rule from firing too often we would enable "Minimum Wait Time". This makes sure that (the
Syslog Facilities defined in the filter condition) in "Send Email" Rule are only forwarded once
within a specified period. Click on the Filter Conditions you would see an option called as "Global
Condition". Select the "Minimum Wait time" and configure it. In this sample I have set the "Minimum
Wait time" to 1800 Seconds (i.e. 30 minutes). Please replace this value as you like it.

Click
here
to know the difference between the Fire only if Event occurs and Minimum Wait Time.

20. We are almost done! Now we have to create a Rule for File Logging. Please note that we
are creating a "Rule" and not a "Rule Set"!
The reason is that each Rule Set can have as many
Rules as you like and only one Rule Set can be associated with any service at a time (i.e My Syslog
Server in this case). Each Rule in turn can have one filter condition but as many actions as you
like. All the Rules that are part of a specific rule set are executed in a sequential manner.

In order to create a new Rule, right click on "Email Alert Generation & File Logging"
RuleSet, and select "Add Rule". The screen looks as follow:

You can use either the default name or any other you like. I use "File Logging" in
this sample.

21. You would see that the "File Logging" Rule has been created. If you expand the Rule in the
tree view until the action level of the "File Logging" Rule, you would notice that the
"File Logging Action" is missing. This is by default. We would create this action in the next
coming steps.

22. In order to create a "File Logging" Action, right click on the Action of the "File Logging"
Rule. A pop up menu appears. Select "Add Action." Then opt for "Write To File". The screen looks as
follow:

23. Then, a wizard starts. Change the name of the action to whatever name you like. We use
"Write to File" in this example. Leave the default settings. The screen looks as
follow:

Click "Next". You see a confirmation page. Click "Finish" to create the
action.

24. Please select the "Write to File" action to configure.

25. The default File Path and File Base Name is "C:\temp" and "MonitorWare". I am
using these values in this sample. You can configure it according to your environment.

26. Leave the filter condition of "File Logging" Rule as it is. Global Conditions apply to the
rule as whole. They are automatically combined with a logical AND with the conditions in the filter
tree. The reason behind doing this is to processes all other incoming message and getting them
logged into the text file.

27. Last, save the changes if you haven’t done it before and then restart the MonitorWare Agent service. This procedure completes the configuration of the Syslog
server.

MonitorWare Agent cannot dynamically read changed configurations. As
such,it needs to be restarted after such changes.