Oracle Enterprise Manager 10g R2

I found a very good presentation by Oracle DBA explaining OEM 10g Architecture, Features and monitoring.

http://www.nyoug.org/Presentations/2005/oem10gr2.pdf

Some good articles on Asset Management

The Evolution of IT Asset Management (part 1 of 4)
http://www.swspartners.com/newsletters/tlg-jun06.pdf

The Business Requirements and Design (part 2 of 4)
http://www.swspartners.com/newsletters/tlg-aug06.pdf

ITAM Data Capture and Data Store (part 3 of 4)
http://www.swspartners.com/newsletters/tlg-feb07.pdf

subscribe to the SWS newsletter - http://www.swspartners.com/newsletters/archives.html

Open Source Monitoring Solution

Nagios -Nagios is an Open Source host, service and network monitoring program. http://www.nagios.org/

Groundwork - GroundWork Open Source solution delivers the right solution to ensure unprecedented network, system and application availability. http://www.groundworkopensource.com/

Orca - Orca is a tool useful for plotting arbitrary data from text files onto a directory on a Web server.
http://www.orcaware.com/

Splunk - Splunk is software that securely manages logs and IT data. It is search engine for IT data.
http://www.splunk.org/

Zabbix - ZABBIX offers advanced monitoring, alerting and visualisation. http://www.zabbix.com/

SNMP Informant - SNMP Informant is an innovative and enabling technology that extends and adds value to the SNMP Management of Windows operating systems. It collects low-level, mission critical performance and operational data.
http://www.snmp-informant.com/

Pandora FMS -Pandora watches systems, applications and allows you to know the status of any element of those systems.
http://pandora.sourceforge.net/en/index.php?sec=main

Zenoss- Zenoss CoreTM is an open source, enterprise-grade IT management product that delivers the functionality the IT operations teams need to effectively manage the configuration, health and performance of their networks, servers and applications through a single, integrated software package.Zenoss has First commercial open source CMDB in the market.
http://www.zenoss.com/

Snare - Snare Open Source agents provides a log collection, analysis, reporting and archival resource that is both easy to use and inexpensive.
http://www.intersectalliance.com/

Netdisco - Netdisco is an Open Source web-based network management tool. http://netdisco.org/

OpenSMART - Open (SourceSystem) Monitoring and Reporting Tool. http://opensmart.sourceforge.net/

Pentaho - The Pentaho BI Project provides enterprise-class reporting, analysis, dashboard, data mining and workflow capabilities that help organizations operate more efficiently and effectively.
http://www.pentaho.com/

For more Open Source monitoring tools goto sourceforge.net
http://sourceforge.net/search/?type_of_search=soft&words=monitoring

Forrester’s Definition Of A CMDB

Forrester defines a CMDB as a fundamental component of the information technology infrastructurelibrary (ITIL) framework that provides a unified repository of data about configuration items (CI) — any system component with configurable attributes — and describes the relationships between those CIs. From this, we can derive the main characteristics of a CMDB:

A CMDB is a repository of information about all configurable IT components. This repository should include all the physical, logical, and human elements used in the production of IT services.

A CMDB component has configuration attributes. Configuration attributes are all the parameters that determine the behavior of a component during production. They could be characterized as physical, logical, organizational, or financial.

A CMDB contains component relationships. The components are linked together to provide a service, and it is the service that links these components to the business process.The service may be as simple as an application, but it may also include several applicationsthat are logically grouped to provide a complete service to support the business process.

A CMDB is a fundamental component of the ITIL framework. All information recorded inthe CMDB exists solely to support the information technology service management (ITSM) processes described by ITIL. Therefore, a complete CMDB contains information dictated byITIL. Because its content is guided by ITIL, building a CMDB must start with the management process to the CI, the CI attributes, and its relationships to other CIs.

For more information on Forrester’s Definition Of A CMDB please refer to the following document -
http://www.bmc.com/USA/Corporate/attachments/TEI_CMDB_FINAL_Case_Study_to_BMC-USA_Version_12-27-06.pdf

Event IDs to be monitored on DC

Event ID: 513
Source Security
Type Success Audit
Description Windows NT is shutting down. All logon sessions will be terminated by this shutdown.
Comments Event generated when Windows NT is shutting down.

Event ID: 517
Source Security
Type Success Audit
Description The audit log was cleared
Primary User Name:
Primary Domain:
Primary Logon ID:
Client User Name:
Client Domain:
Client Logon ID:
Comments This event is generated when an administrator clears the event log.

Event ID: 610
Source Security
Type Success Audit
Description New Trusted Domain:
Domain Name: %1 Domain ID: %2
Established By:
User Name: %3 Domain: %4
Logon ID: %5
Comments New Trusted Domain

Event ID: 611
Source Security
Type Success Audit
Description Removing Trusted Domain:
Domain Name: %1 Domain ID: %2
Removed By:
User Name: %3 Domain: %4
Logon ID: %5
Comments Audit message for the removal of a trusted domain.

Event ID: 612
Source Security
Type Success Audit
Description Audit Policy Change:
New Policy:
Success Failure
+ + Logon/Logoff
- - Object Access
- - Privilege Use
+ + Account Management
+ + Policy Change
- -System
- -Detailed Tracking
- - Directory Service Access
++ Account Logon
Changed By:
User Name:
Domain Name:
Logon ID:
Comments Indicates that a change was made to the audit policy. The description shows the current policy. A "+" sign indicates that the policy is enable, a "-" that is disabled. For example, the following:
- + Directory Service Access
Indicates that the the successful attempts to use the directory services will not be audited (the "-") but the failures will be (the "+").
See the link to the "Auditing policies - their meaning and recommended settings" article for a description of the auditing policies.

Event ID: 643
Source Security
Type Success Audit
Description Domain Policy Changed:
Password Policy modified
Domain: CORPDOM Domain ID: %{S-1-5-21-1390850448-2335789268-393128203}
Caller User Name: APPSERVER$
Caller Domain: ALTDOMAIN
Caller Logon ID: (0x0,0x3E7)
Privileges:
Comments This event normally indicates a successful change to the Windows AD security policies. However, this also is recorded when the Group Policies are applied (event id 1704 would indicate a successful application of Group Policies). As per a newsgroup posting of a Microsoft intrusion detection engineer, this is "normal behavior" for Windows .
From a newsgroup post: "Group policy is applied every 16 hours by default. If you have set any of the "security options" in a policy from the domain, then expect to see this event when those options are set".

For more information on windows event ID's please refer to http://eventid.net/

Sybase MDA Tables

Monitoring tables (also known as MDA tables) are available in Adaptive Server version 12.5.x and later. So what does the MDA stand for "Monitoring Data Access” / “Monitoring and Diagnostics for ASE” / “Monitoring and Diagnostic Access" / “Monitoring and Diagnostic API. MDA tables are nothing but proxy tables in master database. There are approximately 35 mda tables. All starting with mon prefix. These tables can be accessed with regular SQL select statements. MDA tables provides low-level monitoring information which were not previously available like #logical I/Os for each process,SQL 'stacktrace' (stored proc/trigger call stack), cache usage details per table etc.

for more information on mda tables goto http://www.sybase.com or refer to Rob Verschoor web page - http://www.sypron.nl/main.html

Netcool Probes

Netcool object server collects the data from different probes and displays to console.

Probes connect to an event source, detect and acquire event data, and forward the data to the ObjectServer as alerts. Probes use the logic specified in a rules file to manipulate the event elements before converting them into alerts in the ObjectServer .


There are different netcool probes. Netcool creates specific vendor probes.
e.g., Patrol, Sitescope, NNM, CICSO CTM etc.
Common Netcool probes are Syslog, TrapD probes.

How does the Syslog Probe works ?
Syslog is a logging mechanism implemented on UNIX platforms and does not require any special hardware. The probe logs messages in an appropriate system log and writes it to the system console, forwards it to a list of users, or forwards it to another UNIX host over the network.
The Syslog Probe acquires event data from syslogd, the UNIX system message logger, by reading from a log file or a named pipe (FIFO) into which syslogd has been configured to write its messages.

How does the TrapD Probe Work ?
The Multi-Thread Trapd Probe has the following features:
· Handles a high volume and high rate of traps
· Receives traps independently of trap processing using an internal queue mechanism
· Probe handles high trap rates and high burst rates using two buffers: one buffer for all of the sockets that the probe monitors, and an internal queue between the reader and writer sides of the probe
· Supports SNMP V1 traps, V2c traps, and V3 traps
· Supports SNMP V2 traps and V3 informs
· Uses a USM-based V3 security model
The Multi-Thread Trapd Probe is a direct SNMP monitoring probe. The probe acquires event data by acting as a trap daemon and monitoring SNMP traps and events on both UDP and TCP sockets.



For more information on probes please login to http://www.ibm.com

Windows Powershell

Windows PowerShell is a new command line shell and task-based scripting technology that provides information technology (IT) administrators comprehensive control and automation of system administration tasks, increasing administrator productivity. Windows PowerShell includes numerous system administration utilities, consistent syntax and naming conventions, and improved navigation of common management data such as the registry, certificate store, or Windows Management Instrumentation (WMI). Windows PowerShell also includes an intuitive scripting language specifically designed for IT administration.

For more information click on to the link below
http://www.microsoft.com/windowsserver2003/technologies/management/powershell/default.mspx

Common 5 questions asked about CMDB

What is CMDB?
It provides visibility. Tells us what is in the IT infrastructure and How is it related with each other/ with critical business services?
In simpler terms it is database of CI’s and their relationship.

What is a CI?
CI is any device or application that we manage.

What is goal of CMDB in any organization?
The main goal of CMDB is to bring process together. – The ITIL Processes.

How is CMDB populated?
It depends on where is the information is stored. CMDB can have multiple resources. But the best way is to get a discovery tool populating the CMDB.

What should I store in CMDB, what attributes?
Interesting question – Answer it depends.
Try to start the CMDB with limited numbers of CI’s.
For attributes - you can refer to common information model on DMTF site. (http://www.dmtf.org/standards/cim/)

Generic Remedy Reporter Module.

One of the common questions we get from the application development team was
How many tickets were created last night for my application team?
Or
The manager of Infrastructure team wants a report of all tickets assigned to his team for last 7 days?

The solution is to run macros and give them the txt output OR teach them how to run macros or use remedy user client. The task is always time consuming or needs a dedicated resource.

Then the concept of Generic Remedy Reporter Module was born……………………….
Note – This Module is not supported by Remedy.

What is Remedy Reporter Module? And how do we develop it?

Take one spoon of ASP script with some Crystal knowledge & mix it with a store procedure and you have it.

In technical terms -
You need the Remedy Developer – who can give you details on the fields and the tables for different remedy forms.
Create store procedures to get information from the database.
Create a website in ASP connected to crystal reports accepting pre-defined queries.

The concept is pretty simple. Database -> ASP -> Crystal -> PDF output.

Some of the major concerns of this Generic application were –
Remedy Server Performance., Complex Stored procedures, where will the application reside?

The concerns were valid; moreover you didn’t want to touch the remedy core database infrastructure. The way to approach to this was keep the website separate from the Mid-tier client. All the stored procedures created were kept in a separate database/schema on the same instance. So the basic concerns are addressed – now for server performance – run the application on the DR database which is read-only in most organization and gets synced periodically. Create predefined query forms with pre-defined time interval – this will give you optimized stored procedure. Lastly create simple stored procedures. Let Crystal report handle mathematical and display functions. Stored procedures should on display data.

If you need any more information on how to work on this model feel free to drops a note.

Patrol Help Files

Navigate to the correct help file, then click on "Index" in the left pane to look for your particular alarm parameter.
Windows OS
Unix and Linux
Compaq Insight Manager
Microsoft Exchange Servers
Active Directory Services
Domain Services
Oracle
Sybase
All Patrol Help Files

The Four “E’s” of ITIL

Run IT Economically and Equitably as an Efficient, Effective business.

ITIL Service Management (ITSM) in a Nutshell

Service Delivery has five (5) Service Management processes associated with it:

-> Service Level Agreement Management (SLA, OLA)

-> Financial Management

-> Continuity Management

-> Availability Management

-> Capacity Management

Service Support has five (5) Service Management processes associated with it:

-> Incident Management

-> Problem Management

-> Change Management

-> Release Management

-> Configuration Management

PatrolCli - a powerful tool for Patrol Admins

PatrolCli is a command line program based on the PATROL application program interface that executes on all PATROL Agent platforms toprovide access to the features and functions of a PATROL Agent. PatrolCli is designed to connect to a PATROL Agent in instances when aGUI interface is unavailable, the user is logged into a host via a terminal emulator (without a TCP/IP stack), or using a developer console couldaffect production agents.

You can use PatrolCli to do the following:
• Access PATROL Agents on all platforms.
• Read PATROL objects from the PATROL Agent (the PATROLobjects are also available in the PATROL SNMP MIB).
• Read and send, acknowledge, or close PATROL events.
• Execute PSL scripts that have been pre-defined in the PATROL Agent or are sent directly from PatrolCli.

I have been using patrolcli to gather information from different agents.
Infact we created a site to give more information on the agent.

Here few trips and tricks using patrolcli interface.

A) In Patrol 7 architecture execute the following PSL to get the following information -

1) PSL to get the RT SERVER INSTANCES
print(get("/PHM_RTSERVER/instances"));

2) PSL to print total number of agents connected to a particular RT SERVER
print(get("/PHM_RTSERVER//numConnectedAgents/value"));

3) PSL to print the agents connected to all the clouds
print(get("/PHM_AGENT/instances"));

B) Patrolcli command to send message -

$PATROL_HOME/bin/PatrolCLI "${Patrol_User}" "${Patrol_Connect}" "${Patrol_Event}
"Message text"

Where:Patrol_User="user patrolaccount patrolpassword"

Patrol_Connect="connect servername port#"
(servername=short hostname of a server Patrol Agent is running on. Port # of that Patrol agent)

Patrol_Event="event send STANDARD 41 WARNING 3"

C) Command to view a file on a remote agent.
Create a psl file - a.psl with the following psl commands
lst=system("type\\ c:\\a.txt"); <--- windows filesystem
lst=system("cat /apps/a.tx"); <--- *NIX filesystem
print(lst);
and execute the Patrolcli with the following command.
execpsl -f a.psl

If you need any more information please refer to the BMC document - PATROL®Command LineInterfaces Reference Manual -http://documents.bmc.com/supportu/documents/02/68/10268/10268.pdf

What should standard monitoring agent monitor on windows platform ?

Windows Event Log Monitoring – Allowing to easily create filters based on event type, source, ID, user, or category, alerted only on events of interest.

Windows Service Monitoring – To Monitor services associated with the services. Able to run scripts on certain service failure conditions.

OS Monitoring – Monitoring performance, resource consumption, and capacity of critical server components such as CPU, memory, cache, disks, and file systems.

Server Monitoring – To Monitor performance, resource consumption, and capacity of critical server components such as CPU, memory, cache, and physical and logical disks.

Hardware Monitoring – Monitoring health of the Hardware using the hardware agent interface.

Log File Monitoring – To monitor any log file for size or content, and set up specific recovery actions.

Process Monitoring – To monitor process availability and resource consumption. Provides the ability to restart failed processes and terminate processes that consume a specified percentage of CPU.

Active Directory Operations Monitoring – Assuring Active Directory health by monitoring critical Active Directory components such as Domain Controller, replication, LDAP, FSMO roles, DNS, and trusts.

Microsoft Cluster Monitoring – To Monitor health and operations of Microsoft Cluster environment.

Performance Monitor – To quickly set up monitoring for any available Windows Performance Counter.

WMI Wizard – To enter WMI queries to monitor various Windows components.
Printer Monitoring – To monitor the operations and availability of the printers in the domain.

Printer Monitoring – To monitor the operations and availability of the printers in the domain.

Connecting to SQL Server from NIX using Perl DBI

http://www.idevelopment.info/data/MSSQL/DBA_tips/Programming/PROG_2.shtml

The document also shows how to install free TDS.

What is NMS ?

Network Management System

NMS is responsible for the monitoring,alerting and reporting for the global network infrastructure.To understand network management system, we need to understand wgar exactly is network management ?In simpler terms network management means monitoring network activity using protocol analyzer.To eleborate the defination - network management is a service that employs a variety of tools, applications, and devices to assist human network managers in monitoring and maintaining nodes.

Network Management Architecture

Most network management architectures use the same basic structure and set of relationships. End stations (managed devices), such as computer systems and other network devices, run software that enables them to send alerts when they recognize problems (for example, when one or more user-determined thresholds are exceeded). Upon receiving these alerts, management entities are programmed to react by executing one, several, or a group of actions, including operator notification, event logging, system shutdown, and automatic attempts at system repair. Management entities also can poll end stations to check the values of certain variables. Polling can be automatic or user-initiated, but agents in the managed devices respond to all polls. Agents are software modules that first compile information about the managed devices in which they reside, then store this information in a management database, and finally provide it (proactively or reactively) to management entities within network management systems (NMSs) via a network management protocol. Well-known network management protocols include the Simple Network Management Protocol (SNMP) and Common Management Information Protocol (CMIP). Management proxies are entities that provide management information on behalf of other entities.

Network Management Model
Network management model is the primary means for understanding the major functions of network management systems.The standard network management model consists of five conecptual areas. They are
1) Performance Management
2) Configuration Management
3) Accounting Management
4) Fault Management
5) Security Management

Courtsey - cisco.com - http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/

What is Enterprise Systems Management ?

Enterprise Systems Management (ESM) means different things to different people. It totally depends on the tools deployed in an organization. In yearly years ESM was strongly influenced by the network management initiatives, but today it is integrated into IT Service Management Methodology. There is variety of frameworks contributing to ITSM discipline. Most common ones are - The Information Technology Infrastructure Library (ITIL), Control Objectives for Information Technology (COBIT), Application Services Library (ASL) and Microsoft Operations Framework (MOF). ITSM is often equated with ITIL. Now the question arises – what is ITIL? ITIL is a code of best practice for IT Service provision developed, documented and published by UK Office of Government Commerce (OGC) in early 90’s and managed by UK Central Computer and Technology Agency (CCTA).