The Complete Server & Network Monitoring System Monitor, Detect, Alert, Diagnose, Measure, Collect & Report on Windows Servers/Workstations, SNMP & SYSLOG Servers & Devices User s Guide Sentry II version 8.0
Table of Contents Introduction...7 Overview...8 Sentry II's Internet Explorer Based Console...13 Accessing Sentry II with a Remote Console...14 Sentry II Licensing...14 Installation Instructions...15 Upgrade Your Current Sentry II to the Latest...15 Installing the Sentry II Server...15 Sentry II Server as a Windows Service...16 Optional Microsoft SQL Server Installation Steps...17 Sentry II Agent Installation Steps...18 Uninstalling the Sentry II Agent...20 Feature Overview...22 Sentry II Menus...22 Introduction Options...28 Online Help...29 What Next After Installation...30 Performance Tips...33 Internet Explorer Console...33 Default Access Database...33 SQL Server Database...33 Hardware Platform...34 Frequently Asked Questions...35 Configure Servers/Agents & Devices...42 Licensing Note...43 Current Selected Server/Device Buttons...47 Eligible Watches...48 Assign Watches...49 Track Hardware Asset/Configuration Details...50 Properties...50 Sentry II 8.0 User s Guide p. 2
IP Services Tab...50 Windows Tab...54 SNMP Tab...55 Global Configuration Buttons...56 Manage Agents...57 Discovery Processing...59 Manage SNMP...62 Import...64 Configure Groups...66 Configure Security...69 Active Directory View for Selecting User or Group...72 Global Security Settings...73 Session Logon Report...74 User Security Report...74 Configure SNMP Trap Definitions...75 Configure Domain Information...78 Configure Watches/Alerts...80 Watch/Alert Type Views...83 IP Service Tab...83 PROCESS Tab...86 SERVICE Tab...89 EVENTLog Tab...90 FILE Tab...93 COUNTER Tab...96 CUSTOM Tab...98 SNMPTrap Tab...100 SYSLOG Tab...101 USER Tab...104 Schedule View...104 Actions View...107 User Alerts...121 Cycle Multiple Displays...122 Network Status Display...123 Groups View...124 Devices View...124 Sentry II 8.0 User s Guide p. 3
Device Alert Details Dialogue Box...126 ServerWatch Display...128 Server Status Log View...128 Specify Status Log Display Filter Dialogue Box...130 AlertWatch Display...132 Alert Log View...132 Alert Log Filter View...134 Configure Alert Log Filter Dialogue Box...135 EventLogWatch Display...137 EventLogWatch Display View...137 EventLogWatch Display Filter View...139 Configure EventLogWatch Display Filter Dialogue Box...139 SYSLOGWatch Display...141 SYSLOGWatch Display View...141 SYSLOGWatch Display Filter View...143 Configure SYSLOGWatch Display Filter Dialogue Box...143 SNMPTrapWatch Display...145 SNMPTrapWatch Display View...145 Configure SNMPTrapWatch Display Filter View...146 Configure SNMPTrapWatch Display Filter Dialogue...147 System Monitor...149 Memory Monitor...151 HDD Monitor...153 Registry Monitor...155 Manage Registry Monitoring Specifications Dialogue Box...156 CounterWatch Graphs...159 Monitored Objects Tree View...159 Creating and Configuring Charts...159 Chart Configure Wizard...162 Dynamic Chart Play...163 Fine Tune Chart Play...165 Schedule CounterWatch Monitoring...167 Sentry II 8.0 User s Guide p. 4
Schedule View...167 Status View...168 Manage CounterWatch Monitoring...171 Current Counters Monitored View...171 Monitor Objects Tree View...173 Server/Device Monitor Schedule Property Sheet...174 Counter Value Summary Report...175 Create CounterWatch Reports...177 Review Mode...177 Edit and Update Mode...178 Customizing Collection Sets...180 Schedule Periodic Reports...184 Schedule View...184 Queued View...188 Brand View...189 Run/Analyze & View Reports...190 Report Types...190 Status View...191 Service Report Analysis...193 Results View...195 Event Log View/Archive & Report...198 View Archived Event Logs...198 View Monitored Events...200 View Current Event Logs...200 Event View...200 Manage Archive Schedules...203 Set Maximum File Size...204 Syslog View/Archive & Report...205 View Archived Syslogs...205 Content Search Substring(s) Filter...206 View Monitored Syslogs...206 Messages View...207 Sentry II 8.0 User s Guide p. 5
Server/Device Maintenance...209 Current Maintenance Schedules...209 Specify Maintenance Schedule for Servers/Devices...210 Net Toolbox...212 Trace Route Parameters...212 SNMP Parameters...213 Database Maintenance...215 AutoPurge Tab...215 Objects Tab...216 Purge Tab...217 Sentry II Server Log...219 Sentry II Server Control Center...221 Appendix A Local SQL Server Database...227 Installing the Sentry II MDF File on a Local SQL Server...227 Sentry II Security Issues for Accessing SQL Database...230 Appendix B Remote SQL Server Database...231 Sentry II Security Issues for Accessing SQL Database...234 Appendix C SQL/ORACLE Requirements...235 Microsoft SQL Server Checking...235 Oracle Database Checking...235 Appendix D Moving from Access to SQL Server...236 Revision Version 8.0.12-7/ 10 /2006 Sentry II 8.0 User s Guide p. 6
Introduction Sentry II is the complete and affordable Server and Network Monitoring System for any business. It is designed as an intranet / internet based, comprehensive Windows, SNMP and SYSLOG monitoring, alerting, diagnosing, collecting and reporting tool for managing availability and performance of servers, workstations, and network devices in IP based networks. Sentry II itself requires Microsoft Windows NT / 2000 / XP / 2003, and for its centralized database operations, it supports Microsoft Access, which by default is installed with the included Access database engine, or optionally Microsoft SQL Server. Sentry II uses Microsoft Internet Explorer to provide easy, remote, secure console access to the Sentry II Server s built in HTTP server (you do not need IIS or any other web server software), and is best viewed with at least a screen resolution of 1024 x 768 and 16-bit color. Sentry II provides nine monitoring components to accomplish the monitoring, and ties all the monitoring together with its alerting, graphing and reporting components. All monitoring, alerting, diagnosing, graphing, collecting and reporting is centrally available at the Sentry II Server, which in turn can be accessed from anywhere with Sentry II s remote IE based console. Sentry II 8.0 User s Guide p. 7
Overview ServerWatch Sentry II s ServerWatch component ensures the smooth operation of all network infrastructure devices, and IP services on any server/device, regardless of the operating system. ServerWatch monitors your WEB, Email and Database services for proper operation --- it lets you monitor and check server IP services such as SNMP, HTTP, FTP, SMTP, POP3, DNS, TELNET, Lotus NOTES servers, and SQL & ORACLE database servers. PING is also available for testing general machine & device availability, and you can create a custom TCP check called USER to connect to any specified port with the option to send a request string and check for a specific response string. With Sentry II s flexible and powerful alert notification component, you define how, when, and if you are alerted when ServerWatch detects failures of any of your IP services being monitored. When defining ServerWatch watches, you can optionally specify time periods throughout the week when monitoring is automatically suppressed, to accommodate maintenance down-time periods, for example, and/or you can define watches that are dependent on other watches (primary) so that if the primary watched device is down, alert notifications and actions are suppressed on the dependent watched device; for example, suppress alert notifications from servers/devices from half your network if they become unreachable when a particular router or switch is down. ServerWatch provides a dynamic display for at-a-glance view of availability and performance of all servers & devices being monitored. Optionally, always display down or failed services at the top of the display to insure visibility. ServerWatch also provides a Discovery feature that automatically locates servers & devices and associated IP services based on servers/workstations in your Windows Domains/Workgroups, and/or based on an IP address range scan. Servers/devices found in the IP address range scan can optionally determine the domain name for identification purposes. ServerWatch Discovery makes Sentry II extremely easy to configure. All ServerWatch monitoring results are logged to Sentry II s Access or SQL Server database and there is an IP Service Availability & Performance report available for either a summary or detailed report on up-time and performance of all or selected servers/devices and IP Services, for any timeframe you specify. You can also use the Alert Notifications report to see the details of all failures, whether they resulted in an alert notification or not according to your specifications, and view these details on a selected server/device & IP service basis for any selected time frame. For all of ServerWatch s features and benefits, it is just the tip of the capability of Sentry II for monitoring your Windows servers, and network infrastructure devices. Read on and see the other capabilities that Sentry II provides, and the benefits of implementing this powerful, yet affordable, Server and Network Monitoring System. CounterWatch for Windows & SNMP. Sentry II s CounterWatch proactively monitors both Windows and SNMP Counters. CounterWatch for Windows monitors the performance of your Windows servers and workstations via the available performance counters installed with Windows, all Microsoft applications, and from various 3 rd party applications that take advantage of the performance counter option in Windows. You selectively monitor and gather detailed data about virtually every aspect of server/workstation operation via these available performance Counters. Performance Counters are available for all aspects of the hardware, including CPU, Disk, Memory, and Network, and software including applications such as IIS, SQL Server and Exchange Server. CounterWatch for SNMP, proactively monitors via a poll any SNMP Counter. SNMP Counters are derived via server/device MIBs that you provide to Sentry II for parsing. By default, the Sentry II Server component provides the SNMP CounterWatch polling. However, you can now optionally Sentry II 8.0 User s Guide p. 8
designate one or more deployed Sentry II Agents to act as remote, distributed SNMP CounterWatch polling monitors that forward the SNMP CounterWatch data to the Sentry II Server via the Agent connection. For both Windows and SNMP CounterWatch monitoring, you can optionally have Sentry II use this comprehensive performance data to trigger alerts if specified thresholds are exceeded, and you can generate consolidated performance reports, or dynamic graphs. There is an option to export the raw graph data to a CSV file, which can be viewed and processed by Microsoft Excel. Create your own custom CounterWatch report collection set/templates to monitor, analyze, troubleshoot/diagnose, and report, and make recommendations for improving performance and for solving operational problems. All CounterWatch data is logged to Sentry II s Access or SQL Server database, giving you centralized control of all the monitoring results, and providing baseline and trending data. EventLogWatch Sentry II s EventLogWatch monitors your Windows servers and workstations in real-time for entries into the various available Event Logs. This provides you with the ability to monitor virtually any and every event of significance that occurs. You can choose to be alerted for those selected, critical events that you want to know about and act on immediately. When you enable Windows auditing, you can monitor for a variety of auditing events to the Security Event log to significantly increase your server security monitoring. These types of security events include a variety of events for Logon actions, Account Login actions, Account Management actions, Privilege Use actions, and Policy Change actions. EventLog monitoring now takes advantage of Sentry II s Active Directory integration so that now you can use an Active Directory Groups as a parameter so that any event whose User parameter is a member of the selected Active Directory Group(s) is considered a match. You can centralize your Event Log management by capturing all events or just selected events to Sentry II s Access or SQL Server database, and run the Alert Notifications report to see the captured events for all servers, or selected servers, for a selected time frame. Use the EventLogWatch Display feature to view received, monitored Events dynamically as they occur, and to display up to the previous 24 hours of previously received, monitored Events. For Sarbanes-Oxley and HIPAA compliance assistance with respect to the Event Logs, Sentry II provides a very flexible and powerful Event Log file archiving feature. You define one or more schedules or conditions when the Events Logs on your selected servers and workstations are automatically backed-up and optionally archived to a central storage that you specify. Archived Event Log files are automatically saved in a GZIP compressed format that is very economical on storage requirements. A powerful Event Log Viewer is provided where you can view selected events based on filters that you easily define for: 1) events in the Archived Event Log files, or 2) events in Monitor s database that were captured with your real-time EventLog Watches, or even 3) events in the actual current Event Log files. You can filter the monitoring and viewing of Event Log data by Log type (Application, System, Security, DNS Server, File Replication Service & Directory Service) and specific Event types (Error, Warning, Information or Audit Success or Failure events), as well as filter based on Event Source, Event IDs, Event Category, User Name or substring in the Event Descriptions; and you can Save your filters and easily Load them again to use them next time you are back in the Viewer. For any events that match your view filter, you have the options to Print, Email, or Export to a CSV file. Sentry II 8.0 User s Guide p. 9
ProcessWatch Sentry II s ProcessWatch monitors your selected Windows processes to make sure they continue running; and also monitor for rogue processes that should not be running. Define alert notifications so you know when critical Windows processes are not running, or rogue processes are running. You can optionally have Sentry II attempt to restart the processes not running, or terminate the rogue processes that are running. For running processes, you can optionally specify CPU & Memory utilization thresholds, and be alerted if these thresholds are exceeded. Or have ProcessWatch monitor all running processes, and be alerted if any CPU & Memory utilization thresholds you specify are exceeded by any running process, and optionally have ProcessWatch terminate processes that exceed your thresholds. All ProcessWatch alerts are logged to Sentry II s database, and you can view the history of ProcessWatch alerts in Sentry II s Alert Notifications report. WinServicesWatch Sentry II s WinServicesWatch monitors your selected Windows services to make sure they are running. Define alert notifications so you know when critical Windows services are not running, including services that are hung during startup. You can optionally have Sentry II attempt to restart these services that are not running or hung. All service failures are logged to Sentry II s database, and you can view the history of service failures in Sentry II s Alert Notifications report. FileWatch Sentry II s FileWatch monitors your select Windows server & workstation files. You choose the files you want Sentry II to watch. You can specify wild-cards to monitor groups of files, or even specify a folder name and monitor the whole folder for any changes including file additions and deletions. You can optionally choose to be alerted, using Sentry II's standard alert notification options, when watched files or folders have met one of the optional conditions you specify. These options are: the file is created and exists, the file has exceeded a specified maximum size, the file size changes from its current size, the file last modified date/time changes, or the file contains a specified substring. There is a powerful NOT option to check for the inverse of all of the above conditions, including watching for files to be deleted. The substring search is optimized to only check when new data is added to the file. Use FileWatch to monitor 3 rd party application log text files, watch for hacked files that should not have changed, or monitor key files that you expect to change and be updated on a regular basis. And when you have appropriate Windows auditing enabled, you can know not only what, when, and where but also WHO caused the FileWatch alert. CustomWatch Sentry II s CustomWatch monitors your Windows servers/workstations by executing any Windows program, command, script, or batch file executable that you provide. It runs the executable periodically on the monitored server/workstation according to a schedule that you specify. You can optionally specify a comparison of the executable s Exit Code to an exit code you specify, and generate an alert notification if the comparison fails. You can optionally specify an Executable Time-Out value and Sentry II will terminate the executable if it does not complete on its own before the time-out expires; you can optionally specify Logon credentials and Sentry II will start the executable under the user context of these credentials; and the specification for the executable, and for the optional command-line options, support Environment Variable substitution when bracketed with the percent character; for example, %SystemRoot%. Use the powerful CustomWatch to create your own custom monitors but also use CustomWatch as a central Windows Job Scheduler, and easily manage the scheduled execution of all your jobs across all your servers and workstations from the central Sentry II Server. Logical Drive, Page File, Registry & HW Configuration, and Server Reboot Check In addition to the various Windows Watch monitoring features described above, Sentry II also provides the ability to easily monitor and dynamically display select Registry values, and Logical Drive & Page File information including available Free Space. Sentry II 8.0 User s Guide p. 10
For the Logical Drive & Page File monitoring, you can easily enable an alert notification and be notified when available Free Space drops below a threshold you define. For the Registry & Hardware Configuration monitoring, you optionally choose to be alerted when Hardware Configuration changes are detected, or select Registry Key/Value additions, changes, or deletions are detected. For the Server Reboot Check, you optionally choose to be alerted when a monitored server reboot/restart check is detected. SNMPWatch Sentry II s SNMPWatch monitors your SNMP enabled servers and network devices for SNMP Traps. You specify the SNMP Traps that are monitored and the acceptable servers and network devices where they can originate. Optionally define alert notifications that are executed upon receipt of specific SNMP Traps. Review the history of all or selected SNMP Traps received in the Sentry II Alert Notifications report. There is a MIB parsing feature to extract and make available the SNMP Trap OIDs from your server and device MIBs, to make it simple to define the watches for SNMP Traps. Use the SNMPTrapWatch Display feature to view received, monitored Traps dynamically as they occur, and to display up to the previous 24 hours of previously received, monitored Traps. Similar to the SNMP CounterWatch monitoring, there is now an option to designate one or more Agents to act as remote distributed SNMP Trap monitors. Traps that match your defined watches are forwarded on to the Sentry II Server over the existing Agent connection for logging to the database and any alert notification processing. SYSLOGWatch Sentry II s SYSLOGWatch monitors SYSLOG messages transmitted from your selected servers and network/infrastructure devices such as firewalls and routers. The Sentry II Server listens on the standard SYSLOG UDP port for these messages and processes them according to your specified SYSLOG Watch/Alerts. You can be alerted when selected SYSLOG messages are received, and you can use SYSLOGWatch to centralize your SYSLOG collection, management and reporting. Review the history of all or selected SYSLOG messages received in the Sentry II Alert Notifications report. Use the SYSLOGWatch Display feature to view received, monitored SYSLOG messages dynamically as they occur, and to display up to the previous 24 hours of previously received, monitored SYSLOG messages. For Sarbanes-Oxley and HIPAA compliance assistance with respect to the SYSLOG messages, Sentry II provides a very flexible and powerful SYSLOG message archiving feature. You optionally define in a SYSLOG Watch/Alert whether you want the SYSLOG messages archived for long term storage and saving. Archived SYSLOG messages are automatically saved in a GZIP compressed files that are very economical on storage requirements. A powerful SYSLOG Archive Viewer is provided where you can view selected Archived SYSLOG messages based on filters that you easily define for: 1) SYSLOG messages in the Archived SYSLOG files, or 2) events in Monitor s database that were captured with your real-time SYSLOG Watches. You can filter the monitoring and viewing of SYSLOG messages based on content with the ability to specify compound/complex search string criteria. For any SYSLOG messages that match your view filter, you have the options to Print, Email, or Export to a CSV file. Now there is an option to designate one or more Sentry II Agents as remote, distributed Syslog collectors/servers. Agents so designated will optionally forward received Syslog messages to the Sentry II Server over the encrypted Agent connection for logging and alert notification processing, depending on your SyslogWatch rules. Archiving to flat text GZipped compressed files can also be optionally enabled to storage available from the Agent machine. Sentry II 8.0 User s Guide p. 11
Alert Options Sentry II s Alert options provide for Email, Pager, Beeper, SYSLOG, and/or SNMPTrap alert notifications. And you can optionally execute any program, command, or batch file, with macro substituted input arguments at run time, when an alert condition occurs. The execution can be local on the Sentry II Server, or remote on the Windows server/workstation that caused one of an EventLogWatch, ProcessWatch, WinServicesWatch, FileWatch, CustomWatch or CounterWatch alert. There is an Email Group feature so that it is very easy to manage sending Email alerts to multiple Email recipients. When defining the Alert notification action, you simply reference the Email Group name. There is a custom Email text option so you can compose the text for an Email alert the way you want it. Both the custom Email text and the Email subject parameter support the same macros as the program arguments, so that the specific information such as server/device name, IP address, date/time, status, and Watch/Alert name are substituted. Report Options Sentry II s Report options include an Alert Notifications report where you can report on all logged occurrences of your active Watch/Alerts, including IP Service checks, EventLog events, ProcessWatch alerts, WinServicesWatch alerts, FileWatch alerts, CustomWatch alerts, SNMP Trap alerts, SYSLOG messages, and report on all or selected servers/devices, for any selected time-frame. There is an IP Services Availability & Performance report where you can report on the up-time percentage and the response performance of all your active IP Services ServerWatch checks such as PING, HTTP, SMTP/POP3, and others. There is a summary option, and an option to report on all or selected servers/devices, for any selected time frame You can create any number of custom CounterWatch reports, for Windows or SNMP, and analyze monitored counter values from any one or more selected servers/devices, for minimum, maximum, and average values over any selected monitored time-frame, and including a Graph so you can pinpoint spikes and other periods of abnormal behavior. There is an Exclude Time-Period feature so that you can specify time-of-day and day-of-week time-periods that you want to exclude from the report analysis so that you can easily create reports consistent with your Service Level Agreements. All Sentry II reports can be optionally scheduled to run periodically, and automatically, with complete flexibility in selecting the servers/devices reported on, and for what time frame; and you can easily manage your queue of currently scheduled reports. Report output can be optionally emailed, or a link to the HTML report output can be emailed, to one or more recipients. The Email Group feature is supported for specifying recipients of the report Email. Graph Options With Sentry II s Graph options you can create and save any number of Graph templates to view any selected set of Windows and SNMP Counters, from one or more servers/devices, for any time-frame, historic or current. Graphs can be customized and saved in terms of look, density, type and a number of other properties. Graph playback of historic or current data is dynamic, and can be stopped, played in fast speed, or reverse, to easily analyze any monitored period. The Graphs are a powerful tool for viewing and analyzing all your Windows and SNMP CounterWatch monitored data. Graphs, as previously mentioned, are included with all your CounterWatch Reports so that you can easily pinpoint unusual behavior of each monitored Counter for the time-frame being analyzed and reported Hardware Asset/Configuration Information With Sentry II s WMI (Windows Management Instrumentation) support, you can now easily and automatically track the hardware asset/configuration details of all your Windows servers/workstations. View and optionally print the Sentry II 8.0 User s Guide p. 12
hardware details report per server/workstation, and optionally choose to be alerted automatically when Sentry II detects changes to the Hardware Configuration. Security Options Sentry II provides very flexible Security options. You can define authorized Users, with different security and rights to access and use the various Sentry II features. You can restrict select Users to have access to only a subset of the various Groups of servers/devices you define. This way you limit different Users to different subsets of your monitored network. You can also assign Ownership rights to Sentry II Reports and Graphs so that Users only can access and view Reports and Graphs that they own or are owned by All. Now with Sentry II s Active Directory integration, you can specify an Active Directory Group so that any User who is a member of the Group is considered an authorized User. And if you choose, Sentry II will authenticate your LoginName/Password with Active Directory so you can use your standard Windows login for Sentry II s console. Sentry II's Internet Explorer Based Console You access the Sentry II Server and its associated Access or SQL Server database to observe the monitoring, track alerts, watch server status, and run performance reports and dynamic graphs from anywhere you have Internet Explorer and IP access to the Sentry II Server. (Sentry II is best viewed with a screen resolution of 1024x768 and 16-bit color or better. See Performance Tips below for more information about optimizing Sentry II use and access.) The Sentry II Server component manages the Sentry II Access or SQL Server database and functions as an HTTP web server. This capability is built in to Sentry II and you do NOT need any other web software such as IIS. The Sentry II user interface is designed and implemented around this web server feature. For this reason, you use Microsoft Internet Explorer installed on any computer, acting as the Sentry II console, for access to the Sentry II Server. (Note: The first time you connect from any particular machine acting as the Sentry II you must allow the secure and signed ActiveX console components to be downloaded and installed.) The Sentry II Console uses HTTP to request and download the various user interface pages, and once the page is loaded, a secure encrypted and compressed TCP connection, using technology in the downloaded ActiveX Control, is created back to the Sentry II Server and all subsequent transmissions between the Consol and the Sentry II Server are done over this ecure TCP connection. The Sentry II Server component also contains an "embedded" Internet Explorer browser that communicates with the built-in web server. When you run the Sentry II Server the first time as a foreground/desktop application the default view is with the embedded browser. (See the next section on Installation to setup running the Sentry II Server as a Windows service; and see Sentry II Server Help for more information about the other Server Views when running as a foreground/desktop application.). This intranet, web-based technology provides you with the ultimate flexibility, security, and control when using Sentry II. Your access to the Console is also secure; you define authorized users with appropriate rights, and with Sentry II s Active Directory integration, you can specify an Active Directory Group so that any User who is a member of the Group is considered an authorized User. If you choose, Sentry II will authenticate your LoginName/Password with Active Directory so you can use your standard Windows login for Sentry II s console. Sentry II 8.0 User s Guide p. 13
Accessing Sentry II with a Remote Console You can access the Sentry II Server remotely from any computer that has Microsoft's Internet Explorer and TCP/IP connectivity. This remote access provides full access to Sentry II's features, such as graphs, monitoring, alerts, reports and administration. Connect to the Sentry II Server's built in web server just like you would connect to any web site. In IE s URL address line, put the IP address of the Sentry II Server machine or its Domain name, and use port 81. For example, http://n.n.n.n:81 or, http://sentry IIMachineName:81 The first time you do this from another computer, Sentry II will download and register the appropriate secure and signed ActiveX components from the Sentry II Server installation directory (see...\sentry II\Controls folder). For subsequent access to the Sentry II Server from this computer, all components are stored locally, eliminating the need to download them again. Sentry II uses ports 81 and 82 by default but these can be reconfigured to avoid port conflicts with other applications. See the Properties description in the Sentry II Server Control Center section later in this document on how to change the port assignments; or run the Sentry II Server Config File utility Problems in successfully connecting to the Sentry II Server from another machine using Internet Explorer are usually related to 1) Proxy Server settings in IE; or 2) Firewall restrictions. It is also possible there is a port conflict with Sentry II s default ports 81 & 82, and some other application using the same ports. Sentry II Licensing Sentry II is licensed based on the number of servers, workstations, and devices you are monitoring at unique IP addresses. All of Sentry II s available monitoring features can be configured for a single server or device at a unique IP address, and this only counts as one license. It is also permitted to add multiple server, workstation, and device entries, such that the total number of uniquely named entries exceeds your license count. This is permitted so long as the total number of unique IP addresses for these entries, plus Sentry II Agents where there is more than one Agent registered per unique IP address, does not exceed your maximum license count. You can, for example, have more than one Agent entered and registered at the same IP address, but each additional Agent beyond the first at an IP address counts toward the license. (More than one Agent at the same IP address occurs when the monitored servers and workstations are behind a NAT device, a shared Cable Modem or DSL WAN router that presents a single IP address to the world). This feature of the licensing is actually quite useful. For example, if you want to perform several different HTTP checks to your web server at a particular IP address, you can add multiple server entries, each with a different name but with the same IP address. Configure the IP Service HTTP parameters for each entry according to the type of check you want to perform; then go to Configure Watches/Alerts to configure a watch on each, with their own special schedule & action parameters. There is no cost for the Sentry II Server component itself, only for the number of servers/devices, at unique IP addresses as described above, that it is monitoring. There is also no cost for the number of IE based local and remote Sentry II consoles you have running at any one time. Sentry II 8.0 User s Guide p. 14
Installation Instructions This section includes the steps for upgrading your current Sentry II version to the newest version, as well as the steps for installing the: Sentry II Server Using Microsoft SQL Server (Optional) Sentry II Agent (Optional) Uninstalling Sentry II Agent Upgrade Your Current Sentry II to the Latest There is a single, simple Upgrade if your current Sentry II version is 6.0.00 or greater. Contact Support if you are using an earlier Sentry II version. Only if your current Sentry II version is 6.0.00 or greater, then: Run Sentry II_FullSetup.exe, from the folder where you downloaded and saved, to start the installation program for the new version, and follow the on-screen install directions. Choose the same directory to install the new version over the current version; your current configuration and database information are preserved. Your upgrade is now complete! At the prompt at the end of Setup about restarting the Sentry II Server service (if you were previously running the Sentry II Server as a service), choose OK, and your Sentry II Server service is restarted and back up and running with the new version. Installing the Sentry II Server The Setup program will install the Sentry II Server and Agent applications on the computer you want to be designated as the Server computer. Exit all programs. To install Sentry II, simply run the Setup_Sentry II.exe program from the CD, or Sentry II_FullSetup.exe from your download folder where saved. Note: If your system does not meet Sentry II requirements, it will notify you of each aspect throughout installation. You will see the Sentry II Welcome Screen. Click Next. Now you are brought to the License Agreement. Click Yes if you agree to the terms of the agreement. Click No to exit Sentry II setup. The Read Me file will be displayed (it is also accessible prior to installation). Read through the notes and click Next to continue. Sentry II 8.0 User s Guide p. 15
Sentry II will provide a default directory for installation, which is C:\Program Files\Sentry II. If you wish to change this directory, click Browse to choose a different folder. Choose Next to continue. Sentry II will determine whether you have enough free disk space to install the program. If you do not, then you must choose another drive or create enough space for the program. Sentry II will ask to create the Program folder for you. Click Yes. The next screen provides you with some various configuration and startup options. The options are as follows: -Add Server shortcut to the desktop -Add Sentry II Console shortcut to the desktop By default, both options are checked. Select the options you wish to have, and choose Next. Sentry II will display a summary page so that you can review your installation options and settings. Take a moment to read through them. You can change any of the settings by clicking on the Back button and returning to the appropriate dialog to make changes. Click Next to return to the summary page. Once you have determined your settings, click Next. Sentry II will copy the necessary program files to your system. If a Media Error is reported at this point, the most likely reason is that the Sentry II Server or Agent is still running, or an IE instance with a Sentry II access is active. Insure the Server, Agent, and any local IE Sentry II displays are stopped. When Sentry II has finished installing all the necessary files, you will be brought to a screen to perform Electronic Registration. Click Finish when done. After Sentry II has finished, it may ask you if you wish to restart your computer. Restart the computer, and you can now begin to use the product. Start the Sentry II Server by double-clicking the spider-web icon called Sentry II Server on the desktop, and run the Sentry II Server as a foreground/desktop application. (See the next section for details on how to configure the Sentry II Server to run as a Windows service). When the Sentry II Server completes loading and starting up, select the Quick Start option from the Introduction screen by clicking on the check-list icon shown above. Sentry II Server as a Windows Service After you run the Sentry II Server the first time as a foreground/desktop application, you can select the Sentry II Server menu item Service, and then Settings to enable the Sentry II Server service. Sentry II 8.0 User s Guide p. 16
If the Sentry II Server Service is created successfully, you exit the Sentry II Server component, running as a foreground/desktop application, and the Server Service will automatically restart the Server component under its control and without the 'console' interface. Thereafter, when you log-out, or reboot the machine and on restart, the Sentry II Server Service runs, and in turn, it runs the Server component. Control the Server Service You stop and start the Sentry II Server component via the 'Sentry II Server Service using the Windows Services applet. You access the Sentry II Server component by double-click on the 'Sentry II Console' icon to start the 'console' interface. Service Logon Property By default, the Sentry II Server Service runs under the Local System Account. Hence, there may be scenarios when you may need to set the Sentry II Server Service 'Logon' Property to 'Administrator'. For example, if you are using a remote SQL Server for Sentry II s database, you will need to set the Logon Property to an Administrator or equivalent. You will also likely need to set the Logon property if you want to use Sentry II s Active Directory integration. Sentry II Server Self-Monitoring When the Sentry II Server component is running under the auspices of the Sentry II Server Service, the Service monitors the Server component process called RPMCCS.EXE to make sure it is running. The Service also expects to receive timely keep-alive / heart-beat signals from the Server component process. If the Service does not receive the timely keep-alive / heart-beat signals indicating the Server component process is not functioning correctly, or if the Server component process RPMCCS.EXE is not running at all, the Service terminates the Server component process and then restarts it. Optional Microsoft SQL Server Installation Steps The first time the Sentry II Server is run it will attempt to open its database. If the database names have not yet been defined through the ODBC Data Sources (located on the Control Panel or in Administrative Tools), a dialog will appear. If SQL Server is installed on the same computer as the Sentry II Server, you will be presented with 3 options. Otherwise you are presented with two. If you are going to use the default Access or SQL database locally, reply to the prompts accordingly and Sentry II will configure itself to use Access or SQL automatically. If you choose to use Microsoft SQL Server as the remote Sentry II database several additional steps are required. Sentry II 8.0 User s Guide p. 17
For detailed installation steps of configuring Sentry II for use of a remote SQL database, see Appendix B. Sentry II Agent Installation Steps Install the Sentry II Agent on those Microsoft Windows NT / 2000 / XP / 2003 based server and workstation computers in your network when you want CustomWatch, ProcessWatch, WinServicesWatch, EventLogWatch, FileWatch and/or Windows CounterWatch monitoring. The Sentry II Agent installs and runs as a service. The Sentry II Agent is not required for using the ServerWatch, SYSLOGWatch, SNMP CounterWatch, or SNMP Trap Watch features (see Configure Servers/Agents & Devices and Configure Watches/Alerts). You can optionally designate and use one or more deployed Sentry II Agents as Syslog and SNMP Trap & Query collector/monitoring servers for monitoring your remote infrastructure devices. This is transparently integrated into all the standard Sentry II Watches, Displays, and Reports after you make the appropriate Agent designations and Device assignments in Configure Servers/Agents & Devices. The Agent requires port 82 by default and uses port 82 outbound to initial a secure TCP connection to the Sentry II Server. All transmissions between the Agent and Sentry II Server are sent encrypted, and if necessary compressed over this TCP connection. Global Agent Management for Automatic Push Agent Installation The recommended method for installing, or updating, the Sentry II Agent service on your Windows NT / 2000 / XP / 2003 servers and workstations is to use the 'One-Button' Push feature for installation. This feature is available in Configure Servers/Agents & Devices from a single screen, called Manage Agents, where you mange all your Agents centrally. You can view installed Agent versions, view servers and/or workstations in all your Windows Domains and Workgroups that are not currently configured in Sentry II, and you can select one or more NT / 2000 / XP / 2003 servers/workstations for a batch install/update with a single click. (See the Configure Servers/Agents & Devices for managing the servers, workstation, and network devices that you want to monitor). This 'One-Button' click to push the Sentry II Agent files down to selected NT / 2000 / XP / 2003 servers/workstations, installs or updates the Sentry II Agent service and starts the service, all without requiring a server reboot. This feature does require that you have Administrative Share rights to the server where you want to install the Sentry II Agent. Use the Logon feature available on Manage Agents to specify your Administrator logon credentials, or configure and save them in the Configure Domain Information function. On subsequent updates of connected Agents, no share rights or Logon credentials are required since the Sentry II Server signals the selected connected Agents to download the updated files and update them selves. See Configure Servers/Agents & Devices -> Manage Agents for more information on using this preferred approach for installing and managing your Sentry II Agents. Alternative Automatic Pull Agent Installation If due to geographic limitations or other security restrictions, you cannot use the Push method to install the Agent the first time; an alternative for the Agent installation is to pull the Agent down Sentry II 8.0 User s Guide p. 18
from the Sentry II Server. Follow these two steps, if you have Internet Explorer on your server or workstation, which automate most of the steps for "pulling" the required Agent files to the server: At your server or workstation, run Internet Explorer version 5 or higher and connect to the Sentry II Server computer using the following URL: http://nn.nn.nn.nn:81/installagent.asp where nn.nn.nn.nn is the IP address of the Sentry II Server computer. If you currently use a remote control program such as CoSession, pcanywhere, or Terminal Server, you can use it to connect to the target server to run IE and connect back to the Sentry II Server. When you connect to the above URL on the Sentry II Server, it checks to make sure the machine name and IP Address is unique in Sentry II, and if a duplicate named entry already exists at a different IP Address, you are prompted to enter a unique name to be used for this server/workstation. Once the unique name is verified, you will be prompted to confirm the download of the Sentry II Agent software. Press the OK button, and the Sentry II Agent software will be downloaded and installed. The Agent is installed and runs as a service. After the installation, it will load the Sentry II Agent and automatically register your server to the Sentry II Server database. Sentry II can now do CustomWatch, ProcessWatch, WinServicesWatch, FileWatch, CounterWatch and EventLogWatch monitoring of your NT / 2000 / XP / 2003 servers and workstations. Alternative Manual Agent Installation If you cannot use the Push or Pull Agent installation options, you can manually install the Sentry II Agent. Follow these steps: Copy the Sentry II Agent, RpmAgent.exe, the Sentry II AgentService.exe and AgentEvents.dll, and Sentry II User Alert support, Sentry IIAlert.exe, from the Bin folder of the Sentry II Server install directory to "\WINNT\SYSTEM32" (or \PROGRAM FILES\Sentry II) folder on the server or workstation you want to monitor. If you currently use a remote control program such as CoSession, pcanywhere, or Terminal Server, you can use it to connect to your server and remotely perform these steps. Next run: AgentService.exe i arg1 82 arg2 arg3 to install the Agent as a service. Arg1 is the Sentry II Server IP address (e.g. 192.168.1.100) so the Agent knows where to connect; 82 is the default port that the Sentry II Server listens for Agents; arg2 is the fully qualified path name for the RpmAgent.exe (e.g. C:\WINNT\SYSTEM32\RpmAgent.exe); and arg3, which is optional, and if specified, is the name that the Agent uses for this server/workstation when it connects and registers with the Sentry II Server. For example, AgentService.exe i 192.168.1.100 82 c:\winnt\system32\rpmagent.exe When this completes then run "AgentService.exe -s" to start the Sentry II Agent Service. There is no need to reboot the server. Sentry II 8.0 User s Guide p. 19
The Sentry II Agent will automatically attempt connection to the Sentry II Server after about a 30 second delay. Once the Sentry II Agent connects, it will automatically register. Automatic Agent Registration Once the Sentry II Agent connects to the Sentry II Server the first time, it will automatically register itself in the Sentry II database, using its predefined computer name. Its available counters and services for monitoring are also uploaded and revealed to the Sentry II Server If you have previously used the Configure Servers/Agents & Devices to add this server or workstation to the Sentry II Server database, under a different name, you will have duplicate entries, and will have to use Configure Servers/Agents & Devices to manually resolve this. You can inhibit Automatic Agent Registration with a setting in Configure Security. Uninstalling the Sentry II Agent The Sentry II Agent is uninstalled when you Delete the corresponding server/workstation entry in Configure Servers/Agents & Devices at the Sentry II Server. As part of the delete processing, the Sentry II Server sends a message to the Agent to uninstall itself. Alternatively, for example if the Agent was not connected when deleting the server entry, there are two options for manually uninstalling the Agent: Manual Uninstall Option 1 At your server or workstation, run the RpmAgent.exe with the following command-line argument: /UnregServer For example: RpmAgent.exe /UnregServer Then, run the AgentService.exe, normally it is stored in the \WINNT\SYSTEM32 (or \PROGRAM FILES\Sentry II) folder, with the following command-line argument: -u For example: AgentService.exe u Next, delete the RpmAgent.exe, AgentService.exe, AgentEvents.dll.and Sentry IIAlert.exe from the folder where you copied them originally. Manual Uninstall Option 2 At your server or workstation, run Internet Explorer and connect to the Sentry II Server computer using the following URL: http://nn.nn.nn.nn:81/uninstallagent.asp where nn.nn.nn.nn is the IP address of the Sentry II Server computer. If you currently use a remote control program such as CoSession2000, pcanywhere, or Terminal Server, you can use it to connect to your server to run IE and connect to the Sentry II Server. When you connect to the above URL on the Sentry II Server, you may be prompted to confirm the download of required Sentry II software. Press the OK button and the Sentry II Agent software will be uninstalled. Sentry II 8.0 User s Guide p. 20
It may be necessary to restart in order to complete the deletion of all Agent files. Sentry II 8.0 User s Guide p. 21
Feature Overview Access all functions of Sentry II in one of two ways, (1) by clicking on the down-arrow button in the upper-right-hand corner to display a drop-down menu of functions, or (2) from the "Microsoft Outlook" style menu on the left. Sentry II Menus Drop-down Menu The first item in the drop down, "Open in New Window", defines whether the selected function is opened in a separate window. Click it to toggle the state. (You may need to change your IE setting Reuse Windows for launching shortcuts under the Tools-> Internet Options->Advanced and uncheck this setting). Using the mouse, highlight the desired function, and click to choose it. It will open in the same window or a new window based on the state of "Open in New Window". Sentry II 8.0 User s Guide p. 22
"Outlook" Style Menu Click the "Configure", "Monitor", Display, "Report", Archive or "Utilities" tab to scroll the associated functions into view. The Sentry II Outlook menu is always available, so you can select another function or tab at any time. Configure From the "Configure" tab menu, you can select functions to: Discover and Define the Servers, Workstations, & Devices in your network that you will be monitoring, and manage the install/update of the Sentry II Agent on your NT/2000/XP/2003 servers & workstations. Create and Edit the Watches & Alerts that you use to monitor and action select Windows Services, Processes, Event Log events, watched Files, SNMP & Windows Performance Counters, Custom Watches, SNMP Traps, SYSLOG messages, and IP Services that you decide are critical. Define Groups to organize these Servers/Devices into meaningful groupings. Define your Domains and Workgroups, and optionally User logon credentials Define SNMP Trap definitions for SNMPWatch and/or parse MIBs for SNMP Trap information. Enable Security by defining your authorized Administrators and Analysts. Sentry II 8.0 User s Guide p. 23