P1246990920JReiF - PowerPoint PPT Presentation

1 / 43

About This Presentation

Title:

P1246990920JReiF

Description:

Microsoft Operations Manager 2000 - Integration And ... asus. Web. Services. CA. Integ. Netware agent. AIX agent. HP-UX agent. Solaris agent. OS. Exch ... – PowerPoint PPT presentation

Number of Views:54

Avg rating:3.0/5.0

Slides: 44

Provided by: chadver

Category:

more less

Transcript and Presenter's Notes

Title: P1246990920JReiF

1
(No Transcript)
2
Microsoft Operations Manager 2000 - Integration
And ConnectivityChad VerbowskiDevelopment
LeadMicrosoft Operations ManagerMicrosoft
Corporation
Session MGT308
3
Agenda

MOM Environment
MOM Event Architecture
Consuming events
From UNIX
IIS Event Log
Flat Log Files
WMI Architecture and Eventing
WMI Event Queries with MOM
SNMP traps with MOM
MOM Responses
Custom Actions

4
MOM Environment
Home Grown Systems
Trouble Ticketing
Other Mgmt Vendors Ex. Hp Openview, Tivoli, CA
Custom Actions
Microsoft Operations Manager
SNMP, Connectors
Paging, Email, Scripts, Cmd line
Responses
DB Access
Reporting/ Direct DB
Management Packs
Syslog, 3rd Party Agents
SNMP WMI
3rd Party Apps Oracle, Virus software
Other Systems Unix, Novell
Hardware Network Components
5
What Microsoft Provides
OS
Exch
SQL
IIS
Etc.
Windows 2000 Platform
Windows NT4 Platform
6
What Microsoft Partners Provide
NetIQ Partners
Microsoft
Others
Netware agent
AIX agent
HP-UX agent
Solaris agent
Legato NetWorker
VeritasBackup Exec
TrendScan Mail
RemedyInteg
Peg-asus
Web Services
CAArcServe
Tivoli Integ
VeritasBackup Exec
TrendScan Mail
RemedyInteg
Peg-asus
Web Services
CAInteg
NAINetShield
ExchPlus
NTPlus
NetCool Integ
MS .NetPlus
IISPlus
SQLPlus
NAINetShield
ExchPlus
OS Plus
NetCool Integ
MS .NetPlus
IISPlus
SQLPlus
BaseOS
Base Other.Net
Base IIS
Base SQL
BaseExch
Security
Oracle
Security
Oracle
OS
Exch
SQL
IIS
Etc.
Windows NT4 Platform
LotusDomino
SAP R/3
LotusDomino
SAP R/3
CompaqInsight
DellOpenManage
HPTopTools
IBMNetFinity
IBMMQSeries
TivoliInteg
CAInteg
CompaqInsight
DellOpenManage
HPTopTools
IBMNetFinity
IBMMQSeries
Legato Net Worker
CAArc Server
7
MOM Event Architecture
Rules Engine
Responses
Data Providers
COM Backplane
Timed Events
Missing Events
Execute Rules
Windows NT/2000 Events
Execute Scripts
Create Alert Object
Performance Thresholds
Capacity Planning Data
Send SNMP traps
SNMP Traps
Run Batch files
Send data to Consolidator
Application Events
UNIX Syslogs
WMI events
8
Consuming UNIX Events

SysLog facility on UNIX systems
Basics to setting it up
Configure UNIX system to forward SysLog to an
agent machine
Define a MOM provider that catches SysLog events
Build Processing Rules to use SysLog information
Best Practice Create a separate Computer Group
that collects SysLog events
Common scenarios

9
Consuming UNIX Events

To Configure the UNIX system
Edit syslog.conf (normally in /etc) to direct
selected SysLog entries to MOM agent
For all events to go to a particular IP address
add
. _at_10.10.31.56
or
. _at_momloghost
For only selected events (best practice)
.emerg _at_momloghost
Restart the SysLog daemon
ps -a grep syslog // to find the Process ID
kill -HUP // to restart using the new
syslog.conf file

10
Consuming UNIX Events

Define a MOM SysLog Provider

Rules -Advanced -Providers
Create a new provider
Choose Application Log
Give it a name and choose Syslog port as the
type

11
Consuming UNIX Events

Common SysLog scenarios
Alert on use of ROOT account
Alert on use of su
Alert on shutdown of sendmail or httpd daemons
Filter daemon.debug messages

12
Using IIS Event Logs With MOM

Rules - Advanced - Providers
Create a new provider
Choose Application Log
Give it a name and choose the IIS log of interest
(e.g., Web, FTP, Gopher, locator server)

13
Using Flat File Event Logs With MOM

Rules - Advanced - Providers
Create a new provider
Choose Application Log
Give it a name and choose Generic single-line
log file

14
Using Flat File Event Logs With MOM

Choose Add to specify the location of the log
files and their type
Specify a directory and a pattern of the kinds of
files to be monitored
Specify the format for the file(s) including
generic single line, IIS std., IIS W3C ext., IIS
hyper-ext. or SQL trace

15
WMI Architecture And Events
WMI Consumers (MOM, scripts, etc)
CIMOM
Common Information Model Repository
Event Service
Query Service
WMIProviders
NT Event Log
Exchange
.NET
SQL Server
SNMP
Active Directory
16
Using WMI Event Queries

Use WQL (a SQL subset) to define event
subscriptions
Queries specify
What kind of event you want to receive
What conditions are necessary for an event
If applicable, how often to watch for changes
State change events vs. system events
WMI events can be from Windows or .NET
applications there is no difference

17
State Change

Example Check every 10 minutes to see if any
logical drive has fallen below 10MB of free space
Select from __instancemodificationevent WITHIN
600 WHERE TargetInstance ISA Win32_LogicalDisk
AND TargetInstance.FreeSpace
PreviousInstance.FreeSpace 10000000
Event received is an __instancemodificationevent
object
There are also creation and deletion events
Polling is generally needed but there are
exceptions. Events come from monitoring changes
in instance data
The current/previous instance data is returned as
embedded objects for modification

18
System Events

Example Send an event when a power state event
occurs in the system
Select from Win32_PowerManagementEvent
Event received is a Win32_PowerManagementEvent
object
No polling required event is driven from an
actual notification/callback

19
Setting Up A WMI Event In MOM

Rules - Advanced -Providers
Create a new provider
Choose WMI Events
Give it
Name
Namespace
Query

20
Setting Up A WMI Event In MOM

After the provider is created, it will now exist
as one of the possible choices as an event source
when creating a new Event Processing Rule

21
Using SNMP Traps With MOM

SNMP traps are integrated with MOM via WMI.
SNMP data is mapped into WMI by the WMI SNMP
provider
Events can be either based on SNMP traps or
polling of SNMP data
Registration of events is the same as for WMI
Trap Example Select from SnmpLinkDownNotificat
ion
SNMP Data Example Select from
__instancecreationevent WITHIN 60 WHERE
TargetInstance ISA SNMP_RFC1213_MIB_ipRouteTable

22
Using SNMP Traps With MOM

What you need to do
If you need a standard RFC MIB, the WMI SDK
already contains 40 already converted to MOF
If you need to use an enterprise MIB or one not
in the WMI SDK
Convert the MIB to MOF using the SMI2SMIR tool
that comes with the SNMP provider
Load the MOF into WMI using MOFCOMP
Configure the target device address, community
string, etc. as per WMI SDK
Configure MOM to receive the traps/state changes
as WMI events as shown in the previous section

23
MOM Event/Alert Responses

Responses to Events or Alerts
Update a state variable
Execute a command or batch file
Launch a script
Send an email
Send a pager message
Fire an SNMP trap

24
MOM ResponsesUpdating a State Variable

Create a processing rule for the event(s)
At the Responses page choose Add -Update
State Variable

25
MOM ResponsesUpdating a State Variable

Choose whether the state variable should be
updated on the monitored machine or the central
management station
Choose Add to add a new state variable update
operation

26
MOM ResponsesUpdating a State Variable

Choose the operation you wish to perform on the
variable
Increment/decrement
Set to the value of an event property
Set to a numerical or text value
Store the values of the last N occurrences
Choose a variable name from the event properties
or create your own state variable

27
MOM ResponsesExecuting a command or batch file

Create a processing rule for the event(s)
At the Responses page choose Add -Execute
a command or batch file

28
MOM ResponsesExecuting a command or batch file

Choose whether the command/batch file should be
run on the monitored machine or the central
management station
Specify the command to be run and the initial
directory, if needed.
Event properties can be used to specify the path,
executable name or parameters

29
MOM ResponsesLaunch a script

Create a processing rule for the event(s)
At the Responses page choose Add -Launch a
script

30
MOM ResponsesLaunch a script

Create a new script or choose an existing one
Choose whether the script should be run on the
monitored machine or the central management
station

31
MOM ResponsesLaunch a script

If creating a new script, give it a name,
description and choose the scripting language
(VBScript, etc.)

32
MOM ResponsesLaunch a script

Provide the desired script text

33
MOM ResponsesLaunch a script

Supply any parameters to be sent to the script
Choose Add and then supply a name, description
and default value

To retrieve the parameter(s) in the script Dim
oParams Set oParams ScriptContext.Parameters str
ParamValue oParams.Get("ParameterName")
34
MOM ResponsesSend an e-mail

Ensure Global Settings for email are set at
Configuration -Global
Settings-E-mail Server
Set the transport (Exchange or SMTP)
Set the server address
Set the mailbox (Exch) or Return Address (SMTP)
Set the port (SMTP only)

35
MOM ResponsesSend an e-mail

Create a processing rule for the alert
At the Responses page choose Add -Send a
notification to a notification group

36
MOM ResponsesSend an e-mail

Choose a notification group or create a new one
Use the default e-mail format or define your own
custom subject and message contents
Default format is fixed at this time
Event and alert property values can be inserted
into the subject/message

37
MOM ResponsesSend a page

Choose a notification group or create a new one
Use the default pager format or define your own
custom subject and message contents
Default format is fixed at this time
Event and alert property values can be inserted
into the subject/message

38
MOM ResponsesFire an SNMP trap

Create a processing rule for the alert
At the Responses page choose Add -Send an
SNMP trap
Decide if the trap should be sent from the
monitored system or the central management system
NOTE SNMP has to be installed where the trap is
fired from
Trap is defined in MOM MIB
Trap destination(s) defined in NT SNMP GUI

39
Custom Tasks