MonitorWare Agent 11.1 Released (Build-IDs: Service 11.1.0.494, Client 11.1.0.1576)

Monday, March 27th, 2017

MonitorWare Agent 11.1 Released

Build-IDs: Service 11.1.0.494, Client 11.1.0.1576

Features

  • Updated to OpenSSL 1.0.2k.
  • Configuration Reload: This is a big new core feature allowing the
    service to reload itself automatically after a configuration changed has
    been detected. The feature can be turned off in General-General Options if
    this new behavior is not wanted. By default auto reload will be enabled.
    The latest Configuration Client is required for the feature to fully work.
  • SNMP Receiver: Added new compressed output format for message property.
  • EventLog Monitor V2: Added new options to delay LastRecord save.
    Enabling this option will improve processing performance of machines with
    a high event volume.
  • EventLog Monitor V1: Added new option to delay LastRecord save. Enabling
    this option will improve processing performance of machines with a high
    event volume.
  • File Monitor: Added new option to delay LastFilePosition save. Enabling
    this option will improve processing performance when processing large
    growing files.
  • FileConfig: Changed datafile saving method, more reliable when the
    service is stopped unintentionally while updating data state files.
  • Send SNMP action: Added new variable for SNMPv1 AgentIP field. By
    default the property will be set to %source%.
  • Send Syslog Action: Added new option to enable/disable UTF8 BOM. Default
    is enabled like before, but it can be disabled now by configuration so the
    message won’t contain the UTF8 BOM.

Bugfixes

  • Property Engine: Fixed SystemID and CustomerID properties.
  • FileConfig: Due a missing property (FilterVersion), some of the global
    conditions in rule filters could not be used. This automatically fixes
    itself next time the configuration is saved with the Client.
  • Debug Logging: Completely rewritten debug output for Rule Engine
    (Filters) for better readability and analysis.
  • Fixed an compatibility issue on Windows 2003/XP (failed to start because
    WSAPoll API is missing).
  • FileConfig: Fixed an issue with invalid linefeeds when using includefile
    directive.
  • FileConfig: Fixed EnumRegkey emulation causing EventLog Monitor Services
    to load invalid eventlog channels.
  • Debug Logging: Moved RELP Debugging from minimal to internal
  • FileMonitor: Fixed issue rewriting filepointer updates each time when
    wildcards support was enabled.
  • SNMP Trap Receiver: Fixed handling of SNMPv1 Enterprise traps. All
    properties are now properly set.
  • SNMP Trap Receiver: Fixed shutdown of Service causing a problem when
    reloading configuration.

You can download Free Trial Version of MonitorWare Agent.

MonitorWare Agent 11.0 Released (Build-IDs: Service 11.0.0.480, Client 11.0.0.1570)

Thursday, December 8th, 2016

MonitorWare Agent 11.0 Released

Build-IDs: Service 11.0.0.480, Client 11.0.0.1570

Features

  • Added Windows 2016 Support.
  • Updated Syslog RFC3195 liblogging library
  • Updated librelp library to 1.2.11
  • Updated net-snmp library to 5.7.3. Net-snmp debug messages are also printed into the Adiscon debug log now.
  • File Monitor: Added support for UTF16 Big Endian
  • SNMP Trap Receiver: Added support to read UTF8, Shiftjis, EUC-JP encoded strings in SNMP variables.

Bugfixes

  • File Configuration: Fixed an issue loading file configuration when invalid characters where within config files like UTF8 BOM.
  • Syslog Server: Fixed internal issue when receiving empty syslog messages.
  • Adiscon SNMP Libs: Increased string length to 65536. Also fixed wrong datetimestamp in comments.
  • File Action: Fixed multiple issues in output format related to different file encodings.
  • SNMP Trap Receiver: OID’s are printed as numbers again if mib resolving is disabled.

You can download Free Trial Version of MonitorWare Agent.

2012-08-29 MonitorWare Agent 8.2 released

Wednesday, August 29th, 2012

Adiscon is proud to announce the 8.2 release of MonitorWare Agent. This is a minor release.

This release contains new features for the File Monitor, Database Monitor and the Write to File Action as well as a bugfix for the SNMP Trap Receiver.

For more details read the version history

Version 8.2 is a free download. Customers with existing 11.x keys can contact our Sales department for upgrade prices. If you have a valid Upgrade Insurance ID, you can request a free new key by sending your Upgrade Insurance ID to sales@adiscon.com. Please note that the download enables the free 30-day trial version if used without a key – so you can right now go ahead and evaluate it.

MonitorWare Agent 8.2 Released (Build-IDs: Service 8.2.418, Client 8.2.1358)

Wednesday, August 29th, 2012

MonitorWare Agent 8.2 Released

Build-IDs: Service 8.2.418, Client 8.2.1358

Features

  • File Monitor:
    Added support for the option "Skip all lines on Startup" when monitoring multiple files (Wildcard Option). The handling was originally designed when the File Monitor inly supported one single file.
  • Database Monitor:
    Added new option called "Close connection after each Check Interval". This option is needed for unstable ODBC Drivers. What happens is that MonitorWare Agent closes the Database connection after each iteration. This causes some performance overhead, but if used with sleep times above one second, this shouldn’t be a big problem.
  • Write File Action:
    Added new Option "Clear logfile instead of deleting (File will be reused)" used along with circular logging. When this option is enabled, Files are truncated instead of being deleted and recreated.

 

Bugfixes

  • SNMP Trap Receiver:
    Fixed missing source property for received SNMPv1 traps. This Bug was introduced in 8.0 due the IPv6 changes.

 

You can download Free Trial Version of MonitorWare Agent.

Centralized logging in a hybrid environment (Windows/Linux) – Step 3

Friday, March 11th, 2011

Step 3 – Setting up the other Windows Servers

We already have the central server and the regular Windows clients set up. We now need to set up the other Windows servers. We assume, that we have other Windows 2008 Servers. On these servers we want to monitor the local Event Log and textfile-based log files. The log messages shall be transferred to the central server via TCP again.

To achieve this, we need MonitorWare Agent installed on those servers. This is simply because it is able to monitor textfiles in addition to the regular Event Log. In addition to MonitorWare Agent, we need nothing to be installed. Since we want to monitor textfile-based log files, we assume there is an IIS running.

Step 3.1

First, we will set up the ruleset. By doing this, we can create the services and they will automatically bound to the ruleset.

centralized_monitoring_1002

Right-click on RuleSets in the left hand list. A context menu will appear. Click on Add RuleSet

centralized_monitoring_3001

The RuleSet Wizard will appear now. You can give your ruleset a name of course. We will use TCP Forwarding for this example. After that, click on "Next".

centralized_monitoring_3002

On the second page of the wizard we can specify what actions we want. Since we only want the log messages to be forwarded via syslog, check the box next to "Forward Syslog". After that, click "Finish" to create the ruleset and action.

Step 3.2

centralized_monitoring_3003

When you expand the treeview now, you will find a rule named "Forward Syslog" with an attached action of the same name.

centralized_monitoring_3004

Now click on the action "Forward Syslog. You can see the default values now.

centralized_monitoring_3005

We need to change some of those settings now. First of all we need to enter the IP or hostname of our central server into the field "Syslog Server". After that, change the port to 10514, since our central server will listen to syslog on this port. And we need to change the protocol type. Change is to TCP (persistent connection). That is all for now. Click on the Save button on the top so we can go on configuring the Service itself.

Step 3.3

Currently, when clicking on Configured Services you will not see a thing. But we will configure the services now. Without them, MonitorWare Agent is not able to get any log messages. We will setup 1 EventLog Monitor and 1 File Monitor.

centralized_monitoring_3009

When right clicking on Configured Services a context-menu will open. By moving your cursor to "Add Service" you can see a list of Services, that may be configured. The list seems pretty long, but we basically need 2 services of them.

centralized_monitoring_3006

Click on "EventLog Monitor V2″ first. The Services Wizard will open. Simply click on Finish for now. Repeat this again for the File Monitor.

centralized_monitoring_3010

In the end, you should have a list with 2 Services. For our example I renamed the services by doing a right-click on the Service name I wanted to change and the choosing "Rename Service".

Step 3.4

Settings for Event Log Monitor V2

centralized_monitoring_3007

The Event Log Monitor V2 needs no additional setup. Again the default values are ok. If you want specific Event categories not to be stored, you can disable the options. But the basic format is sufficient.

Step 3.5

Settings for File Monitor

centralized_monitoring_3008

The File Monitor needs some additional settings. First, enable the option "Allow Directories or read multiple files". You will see, that the use of wildcards will be automatically enabled and some other options completely being disabled.

Then we need to set the source files. For our example, we want to monitor the IIS logfiles. At the top of the File Monitor configuration you can see the option "File and path name". There is a Browse button right next to it. Click it.

A windows explorer window will open, where you can choose the file you want to monitor. Navigate to the path C:\inetpub\logs\LogFiles\W3SVC1\. This is the location where the log files are stored. Please note, that the file location could be different when using another version of IIS. Choose the first file in the list. (Note: Daily Internet Information Server log files are  named  “u_exyymmdd.log”, with yy being the 2 digit year, mm the month and  dd the  day of month. To generate the same name with file monitor, use  the  following name “u_ex%y%m%d.log”.)
Set the Logfile Type to “W3C WebServer Logfile”.

Please note, that this step can be easily adapted for other log files (e.g. DHCP log files) as well.

Step 3 – finished

We have now finished setting up the other server. You only need to Save the configuration and start the Service with the "Play" button at the top of the Configuration Client. MonitorWare Agent will pull the logs from the Event Log and the text files and forward them via TCP syslog to our central log server.

<< Go back to the main page

Centralized logging in a hybrid environment (Windows/Linux) – Step 1

Thursday, March 10th, 2011

Step 1 – Setting up the central log server:

The central log server is the most important part of our central log storage and thus will be configured as the first part. And due to all the things it needs to do, it has the most work of course. When selecting your machine to install the central log server on, please keep in mind, that you need quite a good machine for larger networks. If you have a very large environment, it might be a good idea to use multiple servers for this scenario with a load balancer and a separate database server. But in this guide, we will have it all on one machine.

Prerequisites:

The following should be installed and working:

  • Windows Server operating system (Windows Server 2008)
  • Database Server (MSSQL)
  • IIS Webservice
  • MonitorWare Agent Professional Server (V7.2)

The list holds the things necessarily needed. In the brackets is schon which we will use in this example. Please note, that this will work with other versions as well, especially with MonitorWare Agent.

As mentioned before, MonitorWare Agent will have multiple purposes. It should receive syslog via TCP and UDP, monitor the local EventLog and textbased logfiles as well as writing everything into a database and sending email messages in case of error and critical messages occuring.

Step 1.1

First of all, we will set up the processing rules and actions. We will start this way due to the design of MonitorWare Agent. Since the Services need to be bound to a ruleset upon creation, we will start this way, so the ruleset is there already when creating the service.

centralized_monitoring_1001

When starting MonitorWare Agent the first time, you will see on the lefthand side our overview of "Configured Services" and "Rulesets". Right now, there shouldn’t be any entries here.

centralized_monitoring_1002

Right click on "Rulesets". A context-menu will open.

centralized_monitoring_1003

Choose "Add Ruleset". The ruleset wizard will open. On this first screen, we can choose the name of the ruleset.

centralized_monitoring_1004

After choosing a name (in this example "Storage & Alert"), click on "Next". Here we can set, what we will need. Leave the marker for "Create a Rule for each of the following actions" and choose "Send Email" and "Database Logging".

centralized_monitoring_1005

You can now click on Finish. You will now see a new ruleset in the treeview on the left hand side. If you expand this view completely, you can see the two rules that have been created and the actions that are in there. You should have a rule "Database Logging" and a rule "Send Email".

Step 1.2

We will now start with configuring the action for "Database Logging". Expand the branch called "Database Logging" completely. Under actions you will find the "Database Logging" action. When you click it, you will see the configuration window.

centralized_monitoring_1006

Click on the button "Data Source (ODBC)". This will open the ODBC Data Source Administrator.

centralized_monitoring_1007

Go to System DSN and click "Add…".

centralized_monitoring_1008

Select SQL Server from the list and click "Finish".

centralized_monitoring_1009

Choose a name for the datasource and a description. In this case we choose MyMWDB as name. As server choose the name of the server where the database is. In our example we use localhost. Now click on "Next".

centralized_monitoring_1031

Select “SQL Server Authentication” and type in your MSSQL Login ID and Password. If you have Windows NT authentication like in our case, leave it as is. Click on “Next”.

centralized_monitoring_1010

Select “Change the default Database to:” and choose your new created Database, in our example we use “MyMWDB” which we created beforehand. Click on “Next”.

centralized_monitoring_1011

Leave all at default settings and click “Finish”, a test Window will appear:

centralized_monitoring_1012

Click on “Test Data Source”, normally the following Window should be displayed:

centralized_monitoring_1013

If not, go back and check your Settings, if yes, Click “OK” and exit the System-DSN Wizard.

centralized_monitoring_1014

Now we are back in MonitorWare Agent. Insert the DSN for your database, User-ID and Password.

centralized_monitoring_1015

After that, click the "Create Database" button. We still need the tables that the log messages will be stored in. After clicking the button, a small window will open. Insert the DSN, User-ID, Password and choose the type of database you are using, in our case MS SQL. By clicking on the "Create" Button, the tables needed for the default database format of the MonitorWare Products will be created. After that, close the window.

Since we want to log all messages into the database, there is no need to set up any filters.

Step 1.3

In the next step, we want to set up the Send Email rule. But since we only want error log messages, we need to set some filters. Click on the Filter Conditions. You will see the overview over the filters for this rule.

centralized_monitoring_1016

Right now, the view is empty except for a AND operator. Double-click it to change it into a OR operator.

centralized_monitoring_1017

Right-click on the OR operator. A context menu will open. Go to Add Filter -> Syslog -> Priority.

centralized_monitoring_1018

Click on the filter setting and change the property value to "Error (3)".

centralized_monitoring_1019

Again click on Add Filter -> EventLog Monitor V2 -> Event Severity.

centralized_monitoring_1020

Click on the second filter setting and change the property value to "[ERR]".

We are now finished with the filter settings. The filter will accept all log messages that are either of syslog proiority error or critical or Windows Event severity error. The OR operator ensures, that every of these cases will be accepted. When the messages are approved of fitting into the filter, the action will process them.

centralized_monitoring_1021

Click on the "Send Email" action now. You will see the configuration window on the right pane. Currently, there are only the default values in there.

centralized_monitoring_1022

We need to change some settings here, like the Mailserver, Sender and Recipient, the subject and the Mail Priority. If necessary for your mail server, you need to change the authentification settings at the bottom as well. in our example we need SMTP Authentication for that. If you want, you could even enable the backup mail server.

Now we have all actions fully configured. It is now time to setup the configured services.

Step 1.4

Currently, when clicking on Configured Services you will not see a thing. But we will configure the services now. Without them, MonitorWare Agent is not able to get any log messages. We will setup 2 Syslog Receiver, 1 EventLog Monitor and 1 File Monitor.

centralized_monitoring_1030

When right clicking on Configured Services a context-menu will open. By moving your cursor to "Add Service" you can see a list of Services, that may be configured. The list seems pretty long, but we basically need 3 services of them.

centralized_monitoring_1024

Click on "Syslog Server" first. The Services Wizard will open. Simply click on Finish for now. Repeat this again for Syslog Server, EventLogMonitor V2 and File Monitor.

centralized_monitoring_1025

In the end, you should have a list with 4 Services. For our example I renamed the services by doing a right-click on the Service name I wanted to change and the choosing "Rename Service". This was mostly to distinct the two Syslog Servers.

Step 1.5

Settings for Syslog Server UDP

centralized_monitoring_1026

We can leave the "Syslog Server UDP" on default settings. It is already listening to UDP on port 514. The rest of the default settings is just fine.

Step 1.6

Settings for Syslog Server TCP

centralized_monitoring_1027

We will now go to the "Syslog Server TCP" now. Here we need to change several settings. Change the protocol type to TCP and the Listener Port to 10514. Further, we need to enable the option "Messages are separated by the following sequence" in the TCP options. It should look like this now:

Step 1.7

Settings for Event Log Monitor V2

centralized_monitoring_1028

The Event Log Monitor V2 needs no additional setup. Again the default values are ok. If you want specific Event categories not to be stored, you can disable the options. But the basic format is sufficient.

Step 1.8

Settings for File Monitor

centralized_monitoring_1029

The File Monitor needs some additional settings. First, enable the option "Allow Directories or read multiple files". You will see, that the use of wildcards will be automatically enabled and some other options completely being disabled.

Then we need to set the source files. For our example, we want to monitor the IIS logfiles. At the top of the File Monitor configuration you can see the option "File and path name". There is a Browse button right next to it. Click it.

A windows explorer window will open, where you can choose the file you want to monitor. Navigate to the path C:\inetpub\logs\LogFiles\W3SVC1\. This is the location where the log files are stored. Please note, that the file location could be different when using another version of IIS. Choose the first file in the list. (Note: Daily Internet Information Server log files are named “u_exyymmdd.log”, with yy being the 2 digit year, mm the month and dd the day of month. To generate the same name with file monitor, use the following name “u_ex%y%m%d.log”.)
Set the Logfile Type to “W3C WebServer Logfile”.

Please note, that this step can be easily adapted for other log files (e.g. DHCP log files) as well.

Step 1 Finished

We have now finished the configuration for our central server. It will now be able to receive syslog either via TCP (port 10514) or UDP (port 514), monitor the local Event Log as well as the IIS logfiles. Once more click the "Save" button to save the configuration (if not done already) and start the service. All log messages will now be stored into the database as they arrive/occur. Further, administrators will be alerted via email once an error occurs.

<< Go back to the main page

2010-12-02 MonitorWare Agent 7.2a released

Thursday, December 2nd, 2010

Adiscon is proud to announce the 7.2a release of MonitorWare Agent. This is a bufixing release.

This release only consists of two bugfixes:

  • File Monitor
    Fixed issue an which caused message processing problems when the percent characters was within the loglines.
  • Core Engine
    Fixed string processing issues, partitially related to the SetProperty Action.

For more details read the version history

Version 7.2a is a free download. Customers with existing 6.x keys can contact our Sales department for upgrade prices. If you have a valid Upgrade Insurance ID, you can request a free new key by sending your Upgrade Insurance ID to sales@adiscon.com. Please note that the download enables the free 30-day trial version if used without a key – so you can right now go ahead and evaluate it.

MonitorWare Agent 7.2a Released (Build-IDs: Service 7.2.0.399, Client 7.2.0.1326)

Thursday, December 2nd, 2010

MonitorWare Agent 7.2a Released

Release Date: 2010-12-02

Build-IDs: Service 7.2.0.399, Client 7.2.0.1326

Bugfixes

  • File Monitor
    Fixed issue an which caused message processing problems when the percent characters was within the loglines.
  • Core Engine
    Fixed string processing issues, partitially related to the SetProperty Action.

You can download Free Trial Version of MonitorWare Agent.

How To setup File Monitor Service

Thursday, December 21st, 2006

How To setup File Monitor Service

Article created 2006-12-21 by Florian Riedl.

1. First, right click on "Services", then select "Add Service" and the "File Monitor".

Once you have done so, a new wizard starts.

2. Again, you can use either the default name or any one you like. We will use "My FileMonitor" in this sample. Leave the "Use default settings" selected and press "Next".

3. As we have used the default, the wizard will immediately proceed with step 3, the confirmation page. Press "Finish" to create the service. The wizard completes and returns to the configuration client.

4. Now, you will see the newly created service beneath the "Services" part of the tree view. To check its parameters, select it:

As you can see, the service has been created with the default parameters.

5. To make this Service work, we need to select a text file as source. To achieve this, click on the "Browse" button as you can see it marked in the screen above. A browsing window will open up. Move through your Files and choose one that you would like to monitor. For this example I chose a text file created by MonitorWare Agent.

6. Now we still need to set a ruleset for this service to work with. Since we have no configured ruleset available at the moment, simply use the Default Ruleset, if it’s not being used automatically.

7. Last, save the changes and then restart the application. This procedure completes the configuration of the FileMonitor Service.

The Application cannot dynamically read changed configurations. As such, it needs to be restarted after such changes.

How to setup file monitoring for ISA Server?

Friday, May 23rd, 2003

How to setup file monitoring for ISA Server?

Created 2003-05-23 by Lutz Koch.

How to setup file monitoring for ISA Server?

Since ISA Server logfiles are W3C based simple textfiles, they can be processed by MonitorWare Agent. To monitor the ISA logfiles, you just have to setup a File monitor service in the Agent:

Right-click on the services node and select "Add Service". Then, select the File monitor service from the list. In the File monitor options, select the ISA Server logfile for "File and path name". The File monitor service can be configured to check the file in very small time intervals, e.g. 1 second, so the monitoring is even near realtime.
The 2.x release of MonitorWare Agent has a special option for logging W3C-WebServer logfiles.

Once the file monitor is completely configured, you can setup MonitorWare Agent to perform various actions, such as sending an email or a syslog message. Please also see the FAQ "How can I forward IIS logs to a syslog deamon?" for information on IIS logfile monitoring and forwarding.